methods of removing a user from an access server. Add corresponding configuration directives
general_sessionclear_method and nasXX_sessionclear_method
+Ver 1.80:
+* Remove snmp_clearsession. It is replaced by clearsession which supports both snmp and telnet
+ methods of removing a user from an access server. Add corresponding configuration directives
+ general_sessionclear_method and nasXX_sessionclear_method
Ver 1.78:
* Add a snmp_clearsession which can disconnect a user by using the Cisco AAA Session MIB
* Add a configuration directive general_sessionclear_bin
--- /dev/null
+#!/usr/bin/perl
+
+$login = 'nas-login';
+$passwd = 'nas-password';
+
+$host=shift || '';
+$type = shift || 'snmp';
+$nastype = shift || 'cisco';
+$username=shift || '';
+$sessionid = shift || '';
+
+$port = 0;
+$comm = '';
+
+if ($type eq 'snmp'){
+$comm = shift || 'public';
+}
+if ($type eq 'telnet'){
+$port = shift || 0;
+}
+
+
+die "No \$host argument given\n" if ($host eq '');
+die "No \$username argument given\n" if ($username eq '');
+
+if ($nastype eq 'cisco' && $type eq 'telnet'){
+ die "Usage: clearsession \$host telnet cisco \$username \$sessionid \$port\n" if ($port == 0);
+
+ if (eval require Net::Telnet::Cisco){
+ Net::Telnet::Cisco->import();
+
+ my $session = Net::Telnet::Cisco->new(Host => $host);
+ $session->login($login, $passwd);
+
+ if ($port >= 20000){
+ my @output = $session->cmd("sh caller user $username");
+ foreach $line (@output){
+ if ($line =~ /User: $username, line (Vi\d+),/){
+ $session->cmd("clear interface $1");
+ }
+ }
+ }
+ else{
+ $session->cmd("clear line $port\n");
+ }
+
+ $session->close;
+ }
+}
+if ($nastype eq 'cisco' && $type eq 'snmp'){
+
+ $SNMPGET="/usr/local/bin/snmpget";
+ $SNMPSET="/usr/local/bin/snmpset";
+
+ die "Could not find snmpwalk binary. Please make sure that the \$SNMPGET variable points to the right location\n" if (! -x $SNMPGET);
+ die "Could not find snmpset binary. Please make sure that the \$SNMPSET variable points to the right location\n" if (! -x $SNMPSET);
+ die "Usage: clearsession \$host snmp \$username cisco \$sessionid \$community\n" if ($sessionid eq '' || $comm eq '');
+
+ if ($sessionid ne '' && $username ne ''){
+ print "$SNMPGET -v2c -c $comm $host .iso.org.dod.internet.private.enterprises.9.9.150.1.1.3.1.2.$sessionid\n";
+ $walk =`$SNMPGET -v2c -c $comm $host .iso.org.dod.internet.private.enterprises.9.9.150.1.1.3.1.2.$sessionid`;
+ unless ($walk =~ /^$/){
+ if ($walk =~ /$username/){
+ print "FOUND: $username\n";
+ `$SNMPSET -v2c -c $comm $host .iso.org.dod.internet.private.enterprises.9.9.150.1.1.3.1.5.$sessionid i 1`;
+ }
+ }
+ }
+}
+++ /dev/null
-#!/usr/bin/perl
-
-$SNMPGET="/usr/local/bin/snmpget";
-$SNMPSET="/usr/local/bin/snmpset";
-$host=shift;
-$comm=shift || 'public';
-$sessionid=shift;
-$username=shift;
-
-die "Could not find snmpwalk binary. Please make sure that the \$SNMPGET variable points to the right location\n" if (! -x $SNMPGET);
-die "Could not find snmpset binary. Please make sure that the \$SNMPSET variable points to the right location\n" if (! -x $SNMPSET);
-die "Usage: snmp_clearsession \$host \$community \$sessionid \$username\n" if ($username eq '');
-
-if ($sessionid ne '' && $username ne ''){
- $walk =`$SNMPGET -v2c -c $comm $host .iso.org.dod.internet.private.enterprises.9.9.150.1.1.3.1.2.$sessionid`;
- unless ($walk =~ /^$/){
- if ($walk =~ /$username/){
- print "FOUND: $username\n";
- `$SNMPSET -v2c -c $comm $host .iso.org.dod.internet.private.enterprises.9.9.150.1.1.3.1.5.$sessionid i 1`;
- }
- }
-}
general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger
#
# Used by the 'Disconnect User' button in the Clear Open Sessions page
-# Uses the Cisco AAA Session MIB
+# Uses the Cisco AAA Session MIB or a telnet session
#
-general_sessionclear_bin: %{general_base_dir}/bin/snmp_clearsession
+general_sessionclear_bin: %{general_base_dir}/bin/clearsession
+#
+# Can be one of telnet or snmp
+#
+general_sessionclear_method: snmp
general_radclient_bin: %{general_radiusd_base_dir}/bin/radclient
#
# this information is used from the server check page
nas3_ip: 147.122.122.124
nas3_port_num: 210
nas3_community: public
+#
+# sessionclear method can also be set per NAS
+#
+nas3_sessionclear_method: telnet
EOM;
if ($drop_conns == 1){
+ $method = 'snmp';
+ $nastype = 'cisco';
+ if ($config[general_sessionclear_method] != '')
+ $method = $config[general_sessionclear_method];
+ if ($config[general_nas_type] != '')
+ $nastype = $config[general_nas_type];
if ($config[general_ld_library_path] != '')
putenv("LD_LIBRARY_PATH=$config[general_ld_library_path]");
+ $nas_by_ip = array();
+ $meth_by_ip = array();
+ $nastype_by_ip = array();
foreach ($nas_list as $nas){
if ($nas[ip] != ''){
$ip = $nas[ip];
$nas_by_ip[$ip] = $nas[community];
+ $meth_by_ip[$ip] = $nas[sessionclear_method];
+ $nastype_by_ip[$ip] = $nas[nas_type];
}
}
$sessionid = $row[acctsessionid];
$sessionid = hexdec($sessionid);
$nas = $row[nasipaddress];
+ $port = $row[nasportid];
+ $meth = $meth_by_ip[$nas];
+ $nastype = ($nastype_by_ip[$nas] != '') ? $nastype_by_ip[$nas] : $nastype;
$comm = $nas_by_ip[$nas];
- if ($comm != '')
- exec("$config[general_sessionclear_bin] $nas $comm $sessionid $login");
+ if ($meth == '')
+ $meth = $method;
+ if ($meth == 'snmp' && $comm != '')
+ exec("$config[general_sessionclear_bin] $nas snmp $nastype $login $sessionid $comm");
+ if ($meth == 'telnet')
+ exec("$config[general_sessionclear_bin] $nas telnet $nastype $login $sessionid $port");
}
}
else
projects / freeradius.git / commitdiff