1,8 → 1,14 |
#!/bin/sh |
# |
# $Id$ |
# |
# Le script 'macdown' est appelé par coovachilli pendant le DHCP down (release) |
# Depuis la version 3.1 de ALCASAR, le système d'interception a changé. |
# Pour une adresse mac authorisée pour laquelle coovachilli effectue un DHCP release, l'@IP sera retiré de l'ipset 'not_filtered' |
|
#Le script 'macdown' est appelé par coovachilli pendant le DHCP down (release) |
#Depuis la version 3.1 de ALCASAR, le système d'interception a changé. |
#Pour une adresse mac authorisée pour laquelle coovachilli effectue un DHCP release, l'@IP sera retiré de l'ipset 'not_filtered' |
if [ -z $CALLING_STATION_ID ]; then |
exit 1 |
fi |
|
chilli_current_mac=$(chilli_query list | grep $CALLING_STATION_ID) |
is_connected=$(echo $chilli_current_mac | cut -d' ' -f5) |
10,123 → 16,42 |
current_name=$(echo $chilli_current_mac | cut -d' ' -f6) |
current_ip=$(echo $chilli_current_mac | cut -d' ' -f2) |
|
|
if [ $is_connected == "1" ] && [ $current_mac == $current_name ]; then |
#Lecture du Filter-Id de l'équipement authentifié afin de le retirer de son ipset |
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
QUERY="SELECT value from radreply where username='$current_mac'" |
FILTER_ID=$(mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' ' -f1 | rev)<<<"$QUERY" | tail -1) |
QUERY="SELECT value FROM radreply WHERE attribute='Filter-Id' AND username='$current_mac';" |
FILTER_ID=$(mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' ' -f1 | rev) -e "$QUERY" -Ns) |
|
#Valeur de FILTER-ID : 12345678 |
#1-> profile1 |
#2-> profile2 |
#3-> profile3 |
#4-> warn_user (if imputability report has been generated) |
#6-> WL + HAVP |
#7-> BL + HAVP |
#8-> HAVP |
# FilterID Byte N°0 to 7 |
# 0: profile_1 (WEB) |
# 1: profile_2 (WEB + Mail + Remote access) |
# 2: profile_3 (Custom) |
# 3: warn_user (if imputability report has been generated) |
# 5: WL |
# 6: BL |
# 7: HAVP |
|
if [ ${FILTER_ID:7:1} -eq '1' ] #HAVP |
then |
set="havp" |
if [ ${FILTER_ID:0:1} -eq '1' ] |
then |
set_proto="proto_1"; |
fi |
|
if [ ${FILTER_ID:1:1} -eq '1' ] |
then |
set_proto="proto_2"; |
fi |
|
if [ ${FILTER_ID:2:1} -eq '1' ] |
then |
set_proto="proto_3"; |
fi |
|
if [ -z "$set_proto" ] |
then |
set_proto="proto_0"; |
fi |
if [ ${FILTER_ID:7:1} == '1' ]; then # HAVP |
set_filter="havp" |
elif [ ${FILTER_ID:6:1} == '1' ]; then # HAVP_BL |
set_filter="havp_bl" |
elif [ ${FILTER_ID:5:1} == '1' ]; then # HAVP_WL |
set_filter="havp_wl" |
else # NOT_FILTERED |
set_filter="not_filtered" |
fi |
|
|
if [ ${FILTER_ID:6:1} -eq '1' ] #HAVP_BL |
then |
set="havp_bl" |
if [ ${FILTER_ID:0:1} -eq '1' ] |
then |
set_proto="proto_1"; |
fi |
|
if [ ${FILTER_ID:1:1} -eq '1' ] |
then |
set_proto="proto_2"; |
fi |
|
if [ ${FILTER_ID:2:1} -eq '1' ] |
then |
set_proto="proto_3"; |
fi |
|
if [ -z "$set_proto" ] |
then |
set_proto="proto_0"; |
fi |
if [ ${FILTER_ID:0:1} == '1' ]; then # PROFILE 1 (WEB) |
set_proto="proto_1"; |
elif [ ${FILTER_ID:1:1} == '1' ]; then # PROFILE 2 (WEB + Mail + Remote access) |
set_proto="proto_2"; |
elif [ ${FILTER_ID:2:1} == '1' ]; then # PROFILE 3 (Custom) |
set_proto="proto_3"; |
else # PROFILE 0 (Not filtered) |
set_proto="proto_0"; |
fi |
|
if [ ${FILTER_ID:5:1} -eq '1' ] #HAVP_WL |
then |
set="havp_wl" |
if [ ${FILTER_ID:0:1} -eq '1' ] |
then |
set_proto="proto_1"; |
fi |
|
if [ ${FILTER_ID:1:1} -eq '1' ] |
then |
set_proto="proto_2"; |
fi |
|
if [ ${FILTER_ID:2:1} -eq '1' ] |
then |
set_proto="proto_3"; |
fi |
|
if [ -z "$set_proto" ] |
then |
set_proto="proto_0"; |
fi |
fi |
|
|
|
if [ -z "$set" ] #NOT_FILTERED |
then |
set="not_filtered" |
if [ ${FILTER_ID:0:1} -eq '1' ] |
then |
set_proto="proto_1"; |
fi |
|
if [ ${FILTER_ID:1:1} -eq '1' ] |
then |
set_proto="proto_2"; |
fi |
|
if [ ${FILTER_ID:2:1} -eq '1' ] |
then |
set_proto="proto_3"; |
fi |
|
if [ -z "$set_proto" ] |
then |
set_proto="proto_0"; |
fi |
fi |
|
|
ipset del $set $current_ip |
ipset del $set_filter $current_ip |
ipset del $set_proto $current_ip |
|
fi |
|