#!/bin/bash
ceil_out=${ceil_out:-$ceil_in}
user_event_before() {
if [[ "$ip" = "0.0.0.0" ]]; then
log WARNING: abonent_id:$abonent_id user_id:$user_id has $ip ip
return 1
fi
}
user_add(){
if [ "$auth_type" == "1" ]; then
while send_mikrotik_cmd -s "$nas_ip" "$telnet_login" "$telnet_password" /ip firewall address-list remove numbers=${ip}_crb_auth; do :; done
send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ip firewall address-list add list=crb_auth_list address=$ip comment=${ip}_crb_auth
fi
}
user_accept(){
while send_mikrotik_cmd -s "$nas_ip" "$telnet_login" "$telnet_password" /ip firewall address-list remove numbers=${ip}_crb_blocked; do :; done
send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ipv6 firewall address-list remove numbers=${ipv6}_crb_blocked
}
user_drop(){
send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ip firewall address-list add list=crb_blocked_list address=$ip comment=${ip}_crb_blocked
send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ipv6 firewall address-list add list=crb_blocked_list address=$ipv6 comment=${ipv6}_crb_blocked
}
user_redirect(){
send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ip firewall address-list add list=crb_negbal_list address=$ip comment=${ip}_crb_negbal
send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ipv6 firewall address-list add list=crb_blocked_list address=$ipv6 comment=${ipv6}_crb_negbal
}
user_redirect_cancel(){
while send_mikrotik_cmd -s "$nas_ip" "$telnet_login" "$telnet_password" /ip firewall address-list remove numbers=${ip}_crb_negbal; do :; done
send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ipv6 firewall address-list remove numbers=${ipv6}_crb_negbal
}
rad_acc_start(){
send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ipv6 firewall address-list add address=$ipv6 comment=${ipv6}_crb_auth list=crb_auth_list
}
rad_acc_stop(){
send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ipv6 firewall address-list remove numbers=${ipv6}_crb_auth
}
user_rate_set(){
# Сначала удалим из старого сервиса, потом добавим в новый
while send_mikrotik_cmd -s "$nas_ip" "${telnet_login}" "${telnet_password}" /queue simple remove numbers=crb_${ip}; do :; done
if [ "${burst_in}${burst_out}${burst_threshold}${burst_time}" == "" ]; then
# send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /queue simple add name=crb_${ip} target=${ip}/32 parent=none priority=8/8 queue=default-small/default-small limit-at=0/0 max-limit=${ceil_out}K/${ceil_in}K burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
if [[ "${ipv6}" != "" ]]; then
send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /queue simple add name=crb_${ip} target=${ip}/32,${ipv6} parent=none priority=8/8 queue=default-small/default-small limit-at=0/0 max-limit=${ceil_out}K/${ceil_in}K burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
else
send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /queue simple add name=crb_${ip} target=${ip}/32 parent=none priority=8/8 queue=default-small/default-small limit-at=0/0 max-limit=${ceil_out}K/${ceil_in}K burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s
fi
else
# send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /queue simple add name=crb_${ip} target=${ip}/32 parent=none priority=8/8 queue=default-small/default-small limit-at=0/0 max-limit=${ceil_out}K/${ceil_in}K burst-limit=${burst_in}K/${burst_out}K burst-threshold=${burst_threshold}/${burst_threshold} burst-time=${burst_time}s/${burst_time}s
if [[ "${ipv6}" != "" ]]; then
send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /queue simple add name=crb_${ip} target=${ip}/32,${ipv6} parent=none priority=8/8 queue=default-small/default-small limit-at=0/0 max-limit=${ceil_out}K/${ceil_in}K burst-limit=${burst_in}K/${burst_out}K burst-threshold=${burst_threshold}/${burst_threshold} burst-time=${burst_time}s/${burst_time}s
else
send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /queue simple add name=crb_${ip} target=${ip}/32 parent=none priority=8/8 queue=default-small/default-small limit-at=0/0 max-limit=${ceil_out}K/${ceil_in}K burst-limit=${burst_in}K/${burstout}K burst-threshold=${burst_threshold}/${burst_threshold} burst-time=${burst_time}s/${burst_time}s
fi
fi
}
user_disconnect(){
if [ "$auth_type" == "0" -o "$auth_type" == "6" ]; then
if [ "${acct_session_id}" != "" ]; then
sshpass -p "${telnet_password}" ssh "${telnet_login}"@"$nas_ip" /ppp active remove [find session-id=0x${acct_session_id}]
else
echo "User-Name=\"${login}\"" | radclient -x ${nas_ip}:${coa_port} disconnect "${radius_secret}"
fi
fi
}
user_del(){
if [ "$auth_type" == "0" -o "$auth_type" == "6" ]; then
sshpass -p "${telnet_password}" ssh "${telnet_login}"@"$nas_ip" /ip firewall address-list remove numbers=[find address =${ip}]
sshpass -p "${telnet_password}" ssh "${telnet_login}"@"$nas_ip" /ipv6 firewall address-list remove numbers=[find address =${ipv6}]
echo "User-Name=\"${login}\"" | radclient -x ${nas_ip}:${coa_port} disconnect "${coa_psw}"
else
while send_mikrotik_cmd -s "$nas_ip" "$telnet_login" "$telnet_password" /ip firewall address-list remove numbers=${ip}_crb_auth; do :; done
while send_mikrotik_cmd -s "$nas_ip" "$telnet_login" "$telnet_password" /ip firewall address-list remove numbers=${ip}_crb_negbal; do :; done
while send_mikrotik_cmd -s "$nas_ip" "$telnet_login" "$telnet_password" /ip firewall address-list remove numbers=${ip}_crb_blocked; do :; done
fi
while send_mikrotik_cmd -s "$nas_ip" "$telnet_login" "$telnet_password" /queue simple remove numbers=crb_${ip}; do :; done
send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /queue simple remove numbers=crb_${ipv6}
}
users_from_nas(){
set +x
send_mikrotik_cmd -s "$nas_ip" "${telnet_login}" "${telnet_password}" /ip firewall address-list print .proplist=address ?list=crb_blocked_list > $SYNCDIR/blocked_list.nas || rm -rf $SYNCDIR/blocked_list.nas
send_mikrotik_cmd -s "$nas_ip" "${telnet_login}" "${telnet_password}" /ip firewall address-list print .proplist=address ?list=crb_negbal_list > $SYNCDIR/negbal_list.nas || rm -rf $SYNCDIR/negbal_list.nas
send_mikrotik_cmd -s "$nas_ip" "${telnet_login}" "${telnet_password}" /ip firewall address-list print .proplist=address ?list=crb_auth_list > $SYNCDIR/auth_list.nas || rm -rf $SYNCDIR/auth_list.nas
set -x
}
user_get_mac() {
local TMPDIR=/tmp/nas_event_daemon/$nas_ip/user_get_mac/
mkdir -p $TMPDIR/
read ip int mac t <<< "$(send_mikrotik_cmd "$nas_ip" "${telnet_login}" "${telnet_password}" /ip arp print .proplist=address,mac-address,interface ?address=${ip})"
echo $mac > ${TMPDIR}/${user_id}
chmod 777 -R /tmp/nas_event_daemon/
}
user_info(){
echo '<pre>' > /tmp/${user_id}_user_info.new
$EVENT_HANDLERS_DIR/${NAS_SCRIPT_NAME%.sh}.d/user_info "$nas_ip" "$telnet_login" "$telnet_password" "$ip" >> /tmp/${user_id}_user_info.new || true
echo '</pre>' >> /tmp/${user_id}_user_info.new
mv -f /tmp/${user_id}_user_info.new /tmp/${user_id}_user_info
chown apache:apache /tmp/${user_id}_user_info
[ "${is_daemon:--}" != 1 ] && cat /tmp/${user_id}_user_info
}
user_event_after() {
:;
}
send_cmd() {
ip=$1
cmd=user_${2}
EVENT_HANDLERS_DIR=./bin/
NAS_SCRIPT_NAME=session
set -x
echo "env $env_str"
$cmd
set +x
}
main() {
. /usr/local/bin/user_env $ip
. ./main.ini
abonent_log_dir="/var/log/abonents/${abonent_id}/"
mkdir -p "$abonent_log_dir"
PS4=" \D{%Y-%m-%d %T} ssh ${SSH_CLIENT%% *} $HOSTNAME rtsh session "$@"[$$]: "
echo '' >> "${abonent_log_dir}/rtsh_${user_id}.log"
send_cmd "$@" 2>&1 | tee -a "${abonent_log_dir}/rtsh_${user_id}.log"
}
### Все функции должны быть определены до подключения ubin_session
bin_session=$BASH_SOURCE
ubin_session="${bin_session//bin/ubin}.hook"
[ -f "$ubin_session" ] && source "${ubin_session}"
# пока временно
if [ "${is_daemon:--}" != 1 ]; then
main "$@"
fi
Скрипт управления session mikrotik_ipv6_dual_stack
Skip to end of metadata
Go to start of metadata