WebSVN – ALCASAR – Diff – /scripts/alcasar-macup.sh

 is_connected=$(echo $chilli_current_mac | cut -d' ' -f5)
 current_mac=$(echo $chilli_current_mac | cut -d' ' -f1)
 current_name=$(echo $chilli_current_mac | cut -d' ' -f6)
 current_ip=$(echo $chilli_current_mac | cut -d' ' -f2)
 if [ $is_connected == "1" ] && [ $current_mac == $current_name ]; then
+	#Lecture du filter-id dans la DB radius afin de placer l'équipement réseau dans le bon ipset
+	#Un équipement autorisé "à chaud" sera placé dans l'ipset 'not_filtered' + pas de filtrage de protocole (proto_0)
+	PASSWD_FILE="/root/ALCASAR-passwords.txt"
+	QUERY="SELECT value from radreply where username='$current_mac'"
+	FILTER_ID=$(mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' '  -f1 | rev)<<<"$QUERY" | tail -1)
+	#Suppression de l'utilisateur de l'ipset not_auth_yet (au cas où)
-        ipset add not_filtered $current_ip
+	ipset del not_auth_yet $current_ip
+	#Valeur de FILTER-ID : 12345678
+	#1-> profile1
+	#2-> profile2
+	#3-> profile3
+	#4-> warn_user (if imputability report has been generated)
+	#6-> WL + HAVP
+	#7-> BL + HAVP
+	#8-> HAVP
+	if [ ${FILTER_ID:7:1} -eq '1' ] #HAVP
+	then
+		set="havp"
+		if [ ${FILTER_ID:0:1} -eq '1' ]
+		then
+			set_proto="proto_1";
+		fi
+		if [ ${FILTER_ID:1:1} -eq '1' ]
+		then
+			set_proto="proto_2";
+		fi
+		if [ ${FILTER_ID:2:1} -eq '1' ]
+		then
+			set_proto="proto_3";
+		fi
+		if [ -z "$set_proto"  ]
+		then
+			set_proto="proto_0";
+		fi
+	fi
+	if [ ${FILTER_ID:6:1} -eq '1' ] #HAVP_BL
+	then
+		set="havp_bl"
+		if [ ${FILTER_ID:0:1} -eq '1' ]
+		then
+			set_proto="proto_1";
+		fi
+		if [ ${FILTER_ID:1:1} -eq '1' ]
+		then
+			set_proto="proto_2";
+		fi
+		if [ ${FILTER_ID:2:1} -eq '1' ]
+		then
+			set_proto="proto_3";
+		fi
+		if [ -z "$set_proto"  ]
+		then
+			set_proto="proto_0";
+		fi
+	fi
+	if [ ${FILTER_ID:5:1} -eq '1' ] #HAVP_WL
+	then
+		set="havp_wl"
+		if [ ${FILTER_ID:0:1} -eq '1' ]
+		then
+			set_proto="proto_1";
+		fi
+		if [ ${FILTER_ID:1:1} -eq '1' ]
+		then
+			set_proto="proto_2";
+		fi
+		if [ ${FILTER_ID:2:1} -eq '1' ]
+		then
+			set_proto="proto_3";
+		fi
+		if [ -z "$set_proto"  ]
+		then
+			set_proto="proto_0";
+		fi
+	fi
+	if [ -z "$set"  ] #NOT_FILTERED
+	then
+		set="not_filtered"
+		if [ ${FILTER_ID:0:1} -eq '1' ]
+		then
+			set_proto="proto_1";
+		fi
+		if [ ${FILTER_ID:1:1} -eq '1' ]
+		then
+			set_proto="proto_2";
+		fi
+		if [ ${FILTER_ID:2:1} -eq '1' ]
+		then
+			set_proto="proto_3";
+		fi
+		if [ -z "$set_proto"  ]
+		then
+			set_proto="proto_0";
+		fi
+	fi
+	ipset add $set $current_ip
+	ipset add $set_proto $current_ip
 fi

Subversion Repositories ALCASAR

(root)/scripts/alcasar-macup.sh @ 2223 – Rev 2088 → 2094