10,7 → 10,130 |
current_name=$(echo $chilli_current_mac | cut -d' ' -f6) |
current_ip=$(echo $chilli_current_mac | cut -d' ' -f2) |
|
|
|
if [ $is_connected == "1" ] && [ $current_mac == $current_name ]; then |
ipset add not_filtered $current_ip |
#Lecture du filter-id dans la DB radius afin de placer l'équipement réseau dans le bon ipset |
#Un équipement autorisé "à chaud" sera placé dans l'ipset 'not_filtered' + pas de filtrage de protocole (proto_0) |
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
QUERY="SELECT value from radreply where username='$current_mac'" |
FILTER_ID=$(mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' ' -f1 | rev)<<<"$QUERY" | tail -1) |
|
#Suppression de l'utilisateur de l'ipset not_auth_yet (au cas où) |
ipset del not_auth_yet $current_ip |
|
#Valeur de FILTER-ID : 12345678 |
#1-> profile1 |
#2-> profile2 |
#3-> profile3 |
#4-> warn_user (if imputability report has been generated) |
#6-> WL + HAVP |
#7-> BL + HAVP |
#8-> HAVP |
|
|
if [ ${FILTER_ID:7:1} -eq '1' ] #HAVP |
then |
set="havp" |
if [ ${FILTER_ID:0:1} -eq '1' ] |
then |
set_proto="proto_1"; |
fi |
|
if [ ${FILTER_ID:1:1} -eq '1' ] |
then |
set_proto="proto_2"; |
fi |
|
if [ ${FILTER_ID:2:1} -eq '1' ] |
then |
set_proto="proto_3"; |
fi |
|
if [ -z "$set_proto" ] |
then |
set_proto="proto_0"; |
fi |
fi |
|
|
if [ ${FILTER_ID:6:1} -eq '1' ] #HAVP_BL |
then |
set="havp_bl" |
if [ ${FILTER_ID:0:1} -eq '1' ] |
then |
set_proto="proto_1"; |
fi |
|
if [ ${FILTER_ID:1:1} -eq '1' ] |
then |
set_proto="proto_2"; |
fi |
|
if [ ${FILTER_ID:2:1} -eq '1' ] |
then |
set_proto="proto_3"; |
fi |
|
if [ -z "$set_proto" ] |
then |
set_proto="proto_0"; |
fi |
fi |
|
if [ ${FILTER_ID:5:1} -eq '1' ] #HAVP_WL |
then |
set="havp_wl" |
if [ ${FILTER_ID:0:1} -eq '1' ] |
then |
set_proto="proto_1"; |
fi |
|
if [ ${FILTER_ID:1:1} -eq '1' ] |
then |
set_proto="proto_2"; |
fi |
|
if [ ${FILTER_ID:2:1} -eq '1' ] |
then |
set_proto="proto_3"; |
fi |
|
if [ -z "$set_proto" ] |
then |
set_proto="proto_0"; |
fi |
fi |
|
|
|
if [ -z "$set" ] #NOT_FILTERED |
then |
set="not_filtered" |
if [ ${FILTER_ID:0:1} -eq '1' ] |
then |
set_proto="proto_1"; |
fi |
|
if [ ${FILTER_ID:1:1} -eq '1' ] |
then |
set_proto="proto_2"; |
fi |
|
if [ ${FILTER_ID:2:1} -eq '1' ] |
then |
set_proto="proto_3"; |
fi |
|
if [ -z "$set_proto" ] |
then |
set_proto="proto_0"; |
fi |
fi |
|
|
ipset add $set $current_ip |
ipset add $set_proto $current_ip |
|
fi |
|