#wall 'event_inc.sh'
#selfkiller
#selfkiller -30:TERM -50:KILL & disown -a
#разблокируем
gcount=$RANDOM
do_session=0
# pasted by Dmitry from ZCN
read octet1 octet2 octet3 octet4<<< "$(echo $ip |tr '.' ' ')"
function unlock_telnet(){
flock -u -w 30 11 && LOG INFO "UnLock $lock Success"
}
function lock_telnet(){
#открываем файл блокировки
lock="$gcount id=$id ip=$ip $RANDOM"
exec 11>&-
exec 11>/tmp/telnet.lock
# попытка блокировать ждем 30 секунд пока другие все закончат
LOG INFO "Try Lock $lock 30sec... "
if flock -w 120 11 ; then
LOG INFO "Lock $lock Success"
else
LOG INFO "Lock $lock failed. Create New Lock;"
rm -f /tmp/telnet.lock; #rm -f защита от повисших скриптов
exec 11>&-
exec 11>/tmp/telnet.lock
fi
}
SECONDS=""
#LOG_LEVEL=ALL
#LOGFILE="/var/log/event_sh.log"
LOG_LEVEL=ALL
nas_pass=Redback
coa_port=3799
#if ! selflock 10; then
# LOG WARN "reached time limit $$"
# exit
#fi
SENDER=$1; shift
EVENT=$1; shift
DATA=$@
for VAR in $DATA; do
[[ "$VAR" = *"="* ]] && eval ${VAR%%=*}=\'${VAR#*=}\'
done
LOG INFO ""
LOG INFO " $gcount ***$EVENT*** $DATA"
if [ "$EVENT" = "user_data_changed_before" ]; then
echo "${DATA >/var/lib/event/before/$id.before
fi
if [ "$EVENT" = "user_data_changed" -a -f /var/lib/event/before/$id.before ]; then
for VAR in $(</var/lib/event/before/$id.before); do
[[ "$VAR" = *"="* ]] && eval ${VAR%%=*}=\'${VAR#*=}\'
done
fi
function do_snmp(){
LOG INFO "$gcount do_snmp reconnect user ip=$ip id=$id"
lock_telnet
/bin/bash /var/lib/event/reconnect_snmp.sh 10.22.0.200 $ip $id statclips \
|| { LOG INFO "$gcount do_snmp reconnect FAILED user ip=$ip id=$id do_reconnect expect" ; do_reconnect; }
unlock_telnet
#sleep 10
}
function do_reconnect(){
LOG INFO "$gcount do_reconnect expect user ip=$ip id=$id"
lock_telnet
# /usr/local/bin/expect /var/lib/event/reconnect_user.tcl 10.22.0.200 $ip $id | grep -i 'Connection refused'
# pasted by Dmitry from ZCN
/usr/local/bin/expect /var/lib/event/reconnect_user.tcl 10.22.0.200 $ip $id $octet1 $octet2 $octet3 $octet4 | grep -i 'Connection refused'
sleep 4
#3] /usr/local/bin/expect /var/lib/event/reconnect_user_mini.tcl 10.22.0.200 $ip $id | grep -i 'Connection refused'
[ "$?" = 0 ] && { echo "Connection refused sleep 20" ; sleep 20; }
# \
# && LOG INFO " reconect user "$ip $id \
# || LOG INFO " NOT changed user "$ip $id
unlock_telnet
}
function do_policy(){
do_inet=1
# выключаем инет кому запрещен
[ "$auth_type" = "6" -a "$tray_logged" = "0" ] && do_inet=0
[ "$logged" = -1 ] && do_inet=0
[ "$enabled" = "0" -o \
"$over_limit" = "1" -o "$deleted" = "1" ] && do_inet=0
if [ $do_inet = "1" ]; then
LOG INFO "$gcount Enable Internet for id=$id ip=$ip"
echo "Acct-Session-Id=\"$acct_session_id\",Forward-Policy=\"in:\""\
| radclient -x $nas_ip:$coa_port coa $nas_pass 2>&1 \
| grep -i "Session-Context-Not-Found"
[ $? -eq 0 ] && do_session=1
else
:
LOG INFO "$gcount Disable Internet for id=$id ip=$ip enabled=$enabled over_limit=$over_limit deleted=$deleted tray_logged=$tray_logged"
echo "Acct-Session-Id=\"$acct_session_id\",Forward-Policy=\"in:\", /
Forward-Policy=\"in:HTTP-REDIRECT\",HTTP-Redirect-URL=\"http:"| radclient -x $nas_ip:$coa_port coa $nas_pass \
| grep -i "Session-Context-Not-Found"
[ $? -eq 0 ] && do_session=1
if [ $over_limit = 1 ]; then
LOG INFO "$gcount Overlimit Disable Internet for id=$id ip=$ip enabled=$enabled over_limit=$over_limit deleted=$deleted tray_logged=$tray_logged"
echo "Acct-Session-Id=\"$acct_session_id\",Forward-Policy=\"in:HTTP-REDIRECT\",HTTP-Redirect-URL=\"http: | radclient -x $nas_ip:$coa_port coa $nas_pass \
| grep -i "Session-Context-Not-Found"
[ $? -eq 0 ] && do_session=1
fi
fi
}
case "$EVENT" in
login | tray_view_login | balance_negative | balance_positive)
if [ "$nas_ip" = '192.168.1.11' ]; then
if [ "$acct_session_id" != "" ]; then
do_policy ## and set var do_session
fi
if [ "$acct_session_id" = "" -o "$do_session" = "1" ]; then
#do_reconnect # не гарантированно будет новый логин поэтому политику вешаем
do_snmp
# do_police ideco бесполезно, здесь делать тк acct_session_id будет другой do_policy
fi
fi
;;
rad_acc_start)
[ "$auth_type" = "1" ] && do_policy
;;
# TODO radius_update_err)
# возможно надо убрать user_data_changed
try_double_login|try_double_acc)
if [ "$nas_ip" = '192.168.1.11' ]; then
# sqlexec "update users_radiusauth set logged=0, radius_logged=0, RADIUS_CHECKED=0,
# RADIUS_BREAK=0 where user_id=$id;"
sleep 5
# sqlexec "update users_radiusauth set logged=0, radius_logged=0, RADIUS_CHECKED=0,
# RADIUS_BREAK=0 where user_id=$id;"
#do_reconnect
do_snmp
# do_policy
fi
;;
tray_view_mustlogon)
[ "$radius_logged" = "1" ] && exit
if [ -f /tmp/tray_view_mustlogon.$id ] && \
[ $(( `date +%s` - `stat -c "%Y" /tmp/tray_view_mustlogon.$id` )) -lt 30 ]; then
LOG INFO "$gcount SKIP tray_view_mustlogon for id=$id ip=$ip. last<30sec from `cat /tmp/tray_view_mustlogon.$id`"
exit 0
fi
if [ "$nas_ip" = '192.168.1.11' ]; then
echo "gcount=$gcount" > /tmp/tray_view_mustlogon.$id
setsid bash -c "sleep 100; rm -f /tmp/tray_view_mustlogon.$id " &
sleep 10
#do_reconnect
do_snmp
#do_policy
fi
;;
user_data_changed)
if [ "$nas_ip" = '192.168.1.11' ]; then
sleep 10
do_reconnect
#do_snmp
#do_policy
fi
;;
user_disconnect)
if [ "$nas_ip" = '192.168.1.11' ]; then
sleep 10
#do_reconnect
do_snmp
#do_policy
fi
;;
logout)
rm -f /tmp/tray_view_mustlogon.$id
;;
logout_TMP|tray_view_logout | tray_timeout)
#todo logged=-1
do_policy
;;
user_del|user_data_changed_before)
# pasted by Dmitry from ZCN
[ "$deleted" = "1" ] && sleep 15
lock_telnet
LOG INFO "$gcount expect user_del user ip=$ip id=$id do_reconnect expect"
# /usr/local/bin/expect /var/lib/event/del_user_ip.tcl 10.22.0.200 $ip $id \
# pasted by Dmitry from ZCN
read octet1 octet2 octet3 octet4<<< "$(echo $ip |tr '.' ' ')"
/usr/local/bin/expect /var/lib/event/del_user_ip.tcl 10.22.0.200 $ip $id $octet1 $octet2 $octet3 $octet4 \
&& LOG INFO "$gcount deleted user "$ip $id \
|| LOG INFO "$gcount NOT deleted user "$ip $id
unlock_telnet
[ "$EVENT" = "user_del" ] && sqlexec "update users set nas_ip=null where id=$id and deleted=1"
;;
"rate_set")
[ "$nas_ip" = '192.168.1.11' ] && \
if [ $ceil_in -ne -1 ]
then
let "burst_in = ceil_in * 1000 / 8"
let "excess_burst_in = ceil_in * 1500 / 8"
let "burst_out = ceil_out * 1000 / 8"
let "excess_burst_out = ceil_out * 1500 / 8"
echo "Acct-Session-Id=\"$acct_session_id\",Dynamic-QoS-Param += \"police-class-rate cls-all rate-absolute $ceil_in\", /
Dynamic-QoS-Param += \"police-class-burst cls-all $burst_in\", /
Dynamic-QoS-Param += \"police-class-excess-burst cls-all $excess_burst_in\",Dynamic-QoS-Param += \"meter-class-rate cls-all rate-absolute $ceil_out\", /
Dynamic-QoS-Param += \"meter-class-burst cls-all $burst_out\", /
Dynamic-QoS-Param += \"meter-class-excess-burst cls-all $excess_burst_out\""| radclient -x $nas_ip:$coa_port coa $nas_pass && LOG INFO " /
the user set ceil_in=$ceil_in and ceil_out=$ceil_out " $ip id=$id
else
LOG INFO " NOT changed ceil_in=$ceil_in and ceil_out=$ceil_out " $ip $id
fi
;;
*)
:
;;
esac