Автоматическая смена пароля Wi-Fi (Cisco WLC Controller)

Пример организации автоматической смены пароля сети Wi-Fi на Cisco

WLC Controller с помощью SSH, BASH, PHP и немного хитрости 😉

Предназначена для организации гостевой сети на предприятии, гостинице или ресторане.
Выделен сервер, на котором установлен Apache2+MySQL+LDAP (для получения пароля по URL)

В данной статье, описывается пример конфигурации сервера и скриптов (bash, php, expect) для организации автоматического создания пользователей и паролей для гостевого доступа к интернету посредством Cisco WLC Controller.

Модель системы

Два Cisco WLC контроллера
Сервер на базе Ubuntu Linux 12.04.5 x86 TLS
Один управляющий скрипт

#!/bin/bash
 
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 
# Provides:          create wifi users & pass
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start daemon at boot time
# Description:       Enable service provided by daemon.
# Configureation file insert
 
. /etc/cwifi/cwifi.conf
 
datelog=$(date +"%Y.%m.%d-%H:%M:%S")
 
key_pass()
{
# this function create user & pass and insert into database
mysql -u "$DB_USER" --password="$DB_PASS" --database="$DB_NAME" -h"$DB_HOST" --execute="TRUNCATE TABLE $DB_NAME.$DB_PREFIX";
for u in `seq 1 $NUM_USERS`
do
KEY=`cat /dev/urandom | tr -dc 'a-hA-H1-9' | fold -w 8 | head -n 1`
mysql -u "$DB_USER" --password="$DB_PASS" --database="$DB_NAME" -h"$DB_HOST" --execute="INSERT INTO $DB_NAME.$DB_PREFIX (id,name,login,pass,datetime) VALUES( NULL,'$SERVER_WLAN','$USER_GUEST$u','$KEY','$datetime')";
done
}
 
configure_wifi()
{
# this function check rows in database
# if rows available run delete users
# else run create users in database and delete users
 
    configure_del_user()
    {
    # delete users over ssh
    #COM_CONFIG="config netuser delete $USER_GUEST$NUM_USERS"
    COM_SAVE="save config"
    COM_SAVE_APPROVE="y"
    COM_EXIT="logout"
    for DWLC in $SERVER_1 $SERVER_2
    do
        for DUSER in `seq 1 $NUM_USERS`
            do
            COM_CONFIG="config netuser delete $USER_GUEST$DUSER"
            DVAR=$(expect -c "
            spawn ssh $SERVER_ADMIN@$DWLC
            expect \"User:\"
            send \"$SERVER_ADMIN\r\"
            expect \"Password:\"
            send \"$SERVER_PASS\r\"
            send \"$COM_CONFIG\r\"
            send \"$COM_SAVE\r\"
            send \"$COM_SAVE_APPROVE\r\"
            send \"$COM_EXIT\r\"
            expect eof
            ")
        echo "$DVAR" > /var/log/cwifi/delete_$USER_GUEST$DUSER"_"$DWLC.log
        done
    done
    }
 
    configure_add_user()
    {
    # create users over ssh
    COM_SAVE="save config"
    COM_SAVE_APPROVE="y"
    COM_EXIT="logout"
 
    for AWLC in $SERVER_1 $SERVER_2
    do
        for AUSER in `seq 1 $NUM_USERS`
            do
            KEY=`mysql -u "$DB_USER" --password="$DB_PASS" --database="$DB_NAME" -h"$DB_HOST" -s -N --execute="SELECT pass FROM  $DB_NAME.$DB_PREFIX WHERE login='$USER_GUEST$AUSER'";`
            COM_CONFIG="config netuser add $USER_GUEST$AUSER $KEY wlan $SERVER_WLANID userType permanent description $USER_GUEST$AUSER"
            AVAR=$(expect -c "
            spawn ssh $SERVER_ADMIN@$AWLC
            expect \"User:\"
            send \"$SERVER_ADMIN\r\"
            expect \"Password:\"
            send \"$SERVER_PASS\r\"
            send \"$COM_CONFIG\r\"
            send \"$COM_SAVE\r\"
            send \"$COM_SAVE_APPROVE\r\"
            send \"$COM_EXIT\r\"
            expect eof
            ")
        echo "$AVAR" > /var/log/cwifi/create_$USER_GUEST$AUSER"_"$AWLC.log
        done
    done
 
    }
 
    configure_rows_user()
    {
    ROWS=`mysql -u "$DB_USER" --password="$DB_PASS" --database="$DB_NAME" -h"$DB_HOST" -s -N --execute="SELECT id FROM $DB_NAME.$DB_PREFIX WHERE id = $NUM_USERS";`
    if [ "$ROWS" = "$NUM_USERS" ]; then
    COM_CONFIG="show Netuser detail $USER_GUEST$NUM_USERS"
    COM_SAVE="save config"
    COM_SAVE_APPROVE="y"
    COM_EXIT="logout"
 
        for WLC in $SERVER_1 $SERVER_2
        do
        #show user over ssh
                VAR=$(expect -c "
                spawn ssh $SERVER_ADMIN@$WLC
                expect \"User:\"
                send \"$SERVER_ADMIN\r\"
                expect \"Password:\"
                send \"$SERVER_PASS\r\"
                send \"$COM_CONFIG\r\"
                send \"$COM_SAVE\r\"
                send \"$COM_SAVE_APPROVE\r\"
                send \"$COM_EXIT\r\"
                expect eof
                ")
echo "$VAR" > /var/log/cwifi/$WLC.log
        IPEX=$(grep "User Name" /var/log/cwifi/$WLC.log | rev | cut -c1-12 | rev)
        IPEX=${IPEX//$'\r'/}
                # if user exist delete in WLC
                if [ "$IPEX" = "$USER_GUEST$NUM_USERS" ]; then
                        #echo "users available, need delete"
                        configure_del_user
                else
                        #echo "no user in WLC"
                        key_pass
                        configure_add_user
                fi
        done
 
    else
    key_pass
    configure_add_user
    #echo "no users in database, please create users in database"
    fi
    }
 
configure_rows_user
}
 
start_wifi()
{
if [ -f /etc/cron.d/checkwifi ]; then
echo "Guest Wi-Fi: Already started [ok]"
else
echo "Guest Wi-Fi: Starting [ok]"
echo -e "SHELL=/bin/sh\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\nMAILTO=root\n$CMINUTE $CHOUR $CDAY $CMONTH $CDAYOFWEEK \troot\t/etc/init.d/cwifi check" > /etc/cron.d/checkwifi
fi
}
 
stop_wifi()
{
if [ -f /etc/cron.d/checkwifi ]; then
echo "Guest Wi-Fi: Stoping [ok]"
rm -f /etc/cron.d/checkwifi
else
echo "Guest Wi-Fi: Not started [ok]"
fi
}
 
send_wifi()
{
# send PDF file to email
echo "Guest Wi-Fi: Sending [ok]"
# Create XML file over database
/usr/bin/php5 /usr/share/wifi/htdocs/xml.php > /dev/null 2>&1
# Create PDF File over XML
/usr/bin/fop /usr/share/wifi/htdocs/tmp/pass.xml /usr/share/wifi/htdocs/pass.pdf
# Send mail
/usr/bin/php5 /usr/share/wifi/htdocs/mail.php
}
 
 
check_wifi()
{
# datetime=$(date -d "+1 day" +"%Y.%m.%d-%H:%M")
datekey=$(date -d "+1 day" +"%Y.%m.%d-%H:%M")
datetime=$(date +"%H:%M")
# if time is 8/00 then check availiable WCL 1 & WLC 2
# run expend script to create users & pass on WLC[1..2]
# run script for create XML file
# run script for create PDF file
# send PDF file to email
#echo "Guest Wi-Fi: Checking [ok]"
 
if [ "$datetime" = "$STARTUP" ]; then
# Create KEY & USER IN DATABASE
echo "Guest Wi-Fi: Checking [ok]"
key_pass
# Delete old & create user in WLC
configure_wifi
# Send mail
send_wifi
else
    echo "Guest Wi-Fi: Checking [ok] Now $datetime create user & pass planned in $STARTUP"
fi
}
 
case "$1" in
start)
    start_wifi 2>&1 | tee -a $LOGFILE
    ;;
stop)
    stop_wifi 2>&1 | tee -a $LOGFILE
    ;;
check)
    check_wifi 2>&1 | tee -a $LOGFILE
    ;;
send)
    send_wifi 2>&1 | tee -a $LOGFILE
    ;;
restart)
    stop_wifi 2>&1 | tee -a $LOGFILE
    sleep 1s
    start_wifi 2>&1 | tee -a $LOGFILE
    ;;
*)      echo "Usage: /etc/init.d/cwifi start|stop|check|send|restart"
    exit 1
    ;;
esac
exit 0

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

#!/bin/bash

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# Provides: create wifi users & pass

# Required-Start: $remote_fs $syslog

# Required-Stop: $remote_fs $syslog

# Default-Start: 2 3 4 5

# Default-Stop: 0 1 6

# Short-Description: Start daemon at boot time

# Description: Enable service provided by daemon.

# Configureation file insert

. /etc/cwifi/cwifi.conf

datelog=$(date +"%Y.%m.%d-%H:%M:%S")

key_pass()

{

# this function create user & pass and insert into database

mysql -u "$DB_USER" --password="$DB_PASS" --database="$DB_NAME" -h"$DB_HOST" --execute="TRUNCATE TABLE $DB_NAME.$DB_PREFIX";

for u in `seq 1 $NUM_USERS`

KEY=`cat /dev/urandom | tr -dc 'a-hA-H1-9' | fold -w 8 | head -n 1`

mysql -u "$DB_USER" --password="$DB_PASS" --database="$DB_NAME" -h"$DB_HOST" --execute="INSERT INTO $DB_NAME.$DB_PREFIX (id,name,login,pass,datetime) VALUES( NULL,'$SERVER_WLAN','$USER_GUEST$u','$KEY','$datetime')";

done

}

configure_wifi()

{

# this function check rows in database

# if rows available run delete users

# else run create users in database and delete users

configure_del_user()

{

# delete users over ssh

#COM_CONFIG="config netuser delete $USER_GUEST$NUM_USERS"

COM_SAVE="save config"

COM_SAVE_APPROVE="y"

COM_EXIT="logout"

for DWLC in $SERVER_1 $SERVER_2

for DUSER in `seq 1 $NUM_USERS`

COM_CONFIG="config netuser delete $USER_GUEST$DUSER"

DVAR=$(expect -c "

spawn ssh $SERVER_ADMIN@$DWLC

expect \"User:\"

send \"$SERVER_ADMIN\r\"

expect \"Password:\"

send \"$SERVER_PASS\r\"

send \"$COM_CONFIG\r\"

send \"$COM_SAVE\r\"

send \"$COM_SAVE_APPROVE\r\"

send \"$COM_EXIT\r\"

expect eof

echo "$DVAR" > /var/log/cwifi/delete_$USER_GUEST$DUSER"_"$DWLC.log

done

}

configure_add_user()

{

# create users over ssh

COM_SAVE="save config"

COM_SAVE_APPROVE="y"

COM_EXIT="logout"

for AWLC in $SERVER_1 $SERVER_2

for AUSER in `seq 1 $NUM_USERS`

KEY=`mysql -u "$DB_USER" --password="$DB_PASS" --database="$DB_NAME" -h"$DB_HOST" -s -N --execute="SELECT pass FROM $DB_NAME.$DB_PREFIX WHERE login='$USER_GUEST$AUSER'";`

COM_CONFIG="config netuser add $USER_GUEST$AUSER $KEY wlan $SERVER_WLANID userType permanent description $USER_GUEST$AUSER"

AVAR=$(expect -c "

spawn ssh $SERVER_ADMIN@$AWLC

expect \"User:\"

send \"$SERVER_ADMIN\r\"

expect \"Password:\"

send \"$SERVER_PASS\r\"

send \"$COM_CONFIG\r\"

send \"$COM_SAVE\r\"

send \"$COM_SAVE_APPROVE\r\"

send \"$COM_EXIT\r\"

expect eof

echo "$AVAR" > /var/log/cwifi/create_$USER_GUEST$AUSER"_"$AWLC.log

done

}

configure_rows_user()

{

ROWS=`mysql -u "$DB_USER" --password="$DB_PASS" --database="$DB_NAME" -h"$DB_HOST" -s -N --execute="SELECT id FROM $DB_NAME.$DB_PREFIX WHERE id = $NUM_USERS";`

if [ "$ROWS" = "$NUM_USERS" ]; then

COM_CONFIG="show Netuser detail $USER_GUEST$NUM_USERS"

COM_SAVE="save config"

COM_SAVE_APPROVE="y"

COM_EXIT="logout"

for WLC in $SERVER_1 $SERVER_2

#show user over ssh

VAR=$(expect -c "

spawn ssh $SERVER_ADMIN@$WLC

expect \"User:\"

send \"$SERVER_ADMIN\r\"

expect \"Password:\"

send \"$SERVER_PASS\r\"

send \"$COM_CONFIG\r\"

send \"$COM_SAVE\r\"

send \"$COM_SAVE_APPROVE\r\"

send \"$COM_EXIT\r\"

expect eof

echo "$VAR" > /var/log/cwifi/$WLC.log

IPEX=$(grep "User Name" /var/log/cwifi/$WLC.log | rev | cut -c1-12 | rev)

IPEX=${IPEX//$'\r'/}

# if user exist delete in WLC

if [ "$IPEX" = "$USER_GUEST$NUM_USERS" ]; then

#echo "users available, need delete"

configure_del_user

else

#echo "no user in WLC"

key_pass

configure_add_user

done

else

key_pass

configure_add_user

#echo "no users in database, please create users in database"

}

configure_rows_user

}

start_wifi()

{

if [ -f /etc/cron.d/checkwifi ]; then

echo "Guest Wi-Fi: Already started [ok]"

else

echo "Guest Wi-Fi: Starting [ok]"

echo -e "SHELL=/bin/sh\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\nMAILTO=root\n$CMINUTE $CHOUR $CDAY $CMONTH $CDAYOFWEEK \troot\t/etc/init.d/cwifi check" > /etc/cron.d/checkwifi

}

stop_wifi()

{

if [ -f /etc/cron.d/checkwifi ]; then

echo "Guest Wi-Fi: Stoping [ok]"

rm -f /etc/cron.d/checkwifi

else

echo "Guest Wi-Fi: Not started [ok]"

}

send_wifi()

{

# send PDF file to email

echo "Guest Wi-Fi: Sending [ok]"

# Create XML file over database

/usr/bin/php5 /usr/share/wifi/htdocs/xml.php > /dev/null 2>&1

# Create PDF File over XML

/usr/bin/fop /usr/share/wifi/htdocs/tmp/pass.xml /usr/share/wifi/htdocs/pass.pdf

# Send mail

/usr/bin/php5 /usr/share/wifi/htdocs/mail.php

}

check_wifi()

{

# datetime=$(date -d "+1 day" +"%Y.%m.%d-%H:%M")

datekey=$(date -d "+1 day" +"%Y.%m.%d-%H:%M")

datetime=$(date +"%H:%M")

# if time is 8/00 then check availiable WCL 1 & WLC 2

# run expend script to create users & pass on WLC[1..2]

# run script for create XML file

# run script for create PDF file

# send PDF file to email

#echo "Guest Wi-Fi: Checking [ok]"

if [ "$datetime" = "$STARTUP" ]; then

# Create KEY & USER IN DATABASE

echo "Guest Wi-Fi: Checking [ok]"

key_pass

# Delete old & create user in WLC

configure_wifi

# Send mail

send_wifi

else

echo "Guest Wi-Fi: Checking [ok] Now $datetime create user & pass planned in $STARTUP"

}

case "$1" in

start)

start_wifi 2>&1 | tee -a $LOGFILE

;;

stop)

stop_wifi 2>&1 | tee -a $LOGFILE

;;

check)

check_wifi 2>&1 | tee -a $LOGFILE

;;

send)

send_wifi 2>&1 | tee -a $LOGFILE

;;

restart)

stop_wifi 2>&1 | tee -a $LOGFILE

sleep 1s

start_wifi 2>&1 | tee -a $LOGFILE

;;

*) echo "Usage: /etc/init.d/cwifi start|stop|check|send|restart"

exit 1

;;

esac

exit 0

Конфигурационный файл

# This configuretion file Guest Wi-Fi
# Autor: Sobol Denis 2015
# Log settings
 
LOGFILE="/var/log/cwifi/cwifi.log"
 
# SERVER'S
# this stored IP's servers WLC, user
# account, passwords, wlanid, wlan name
 
SERVER_1="192.168.1.1"
SERVER_2="192.168.1.2"
SERVER_ADMIN="admin"
SERVER_PASS="password"
SERVER_WLANID="1"
SERVER_WLAN="FreeWifi"
USER_GUEST="user_"
NUM_USERS="50"
 
# DATABASE CONFIGURATION
DB_HOST="localhost"
DB_NAME="database_name"
DB_PREFIX="table_name"
DB_USER="admin_db"
DB_PASS="password_db"
# datetime=$(date -d "+1 day" +"%Y.%m.%d-%H:%M")
## EMAIL NOTIFICATION
NOTIFYEMAIL=root@localhost
 
# start check time
STARTUP="7:37"
 
# cron sheduler
CMINUTE="37"
CHOUR="7"
CDAY="*"
CMONTH="*"
CDAYOFWEEK="*"

# This configuretion file Guest Wi-Fi

# Autor: Sobol Denis 2015

# Log settings

LOGFILE="/var/log/cwifi/cwifi.log"

# SERVER'S

# this stored IP's servers WLC, user

# account, passwords, wlanid, wlan name

SERVER_1="192.168.1.1"

SERVER_2="192.168.1.2"

SERVER_ADMIN="admin"

SERVER_PASS="password"

SERVER_WLANID="1"

SERVER_WLAN="FreeWifi"

USER_GUEST="user_"

NUM_USERS="50"

# DATABASE CONFIGURATION

DB_HOST="localhost"

DB_NAME="database_name"

DB_PREFIX="table_name"

DB_USER="admin_db"

DB_PASS="password_db"

# datetime=$(date -d "+1 day" +"%Y.%m.%d-%H:%M")

## EMAIL NOTIFICATION

NOTIFYEMAIL=root@localhost

# start check time

STARTUP="7:37"

# cron sheduler

CMINUTE="37"

CHOUR="7"

CDAY="*"

CMONTH="*"

CDAYOFWEEK="*"

Модель системы

Добавить комментарий Отменить ответ