| 10,7 → 10,130 |
|---|
| current_name=$(echo $chilli_current_mac | cut -d' ' -f6) |
| current_ip=$(echo $chilli_current_mac | cut -d' ' -f2) |
| |
| |
| |
| if [ $is_connected == "1" ] && [ $current_mac == $current_name ]; then |
| ipset add not_filtered $current_ip |
| #Lecture du filter-id dans la DB radius afin de placer l'équipement réseau dans le bon ipset |
| #Un équipement autorisé "à chaud" sera placé dans l'ipset 'not_filtered' + pas de filtrage de protocole (proto_0) |
| PASSWD_FILE="/root/ALCASAR-passwords.txt" |
| QUERY="SELECT value from radreply where username='$current_mac'" |
| FILTER_ID=$(mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' ' -f1 | rev)<<<"$QUERY" | tail -1) |
| |
| #Suppression de l'utilisateur de l'ipset not_auth_yet (au cas où) |
| ipset del not_auth_yet $current_ip |
| |
| #Valeur de FILTER-ID : 12345678 |
| #1-> profile1 |
| #2-> profile2 |
| #3-> profile3 |
| #4-> warn_user (if imputability report has been generated) |
| #6-> WL + HAVP |
| #7-> BL + HAVP |
| #8-> HAVP |
| |
| |
| if [ ${FILTER_ID:7:1} -eq '1' ] #HAVP |
| then |
| set="havp" |
| if [ ${FILTER_ID:0:1} -eq '1' ] |
| then |
| set_proto="proto_1"; |
| fi |
| |
| if [ ${FILTER_ID:1:1} -eq '1' ] |
| then |
| set_proto="proto_2"; |
| fi |
| |
| if [ ${FILTER_ID:2:1} -eq '1' ] |
| then |
| set_proto="proto_3"; |
| fi |
| |
| if [ -z "$set_proto" ] |
| then |
| set_proto="proto_0"; |
| fi |
| fi |
| |
| |
| if [ ${FILTER_ID:6:1} -eq '1' ] #HAVP_BL |
| then |
| set="havp_bl" |
| if [ ${FILTER_ID:0:1} -eq '1' ] |
| then |
| set_proto="proto_1"; |
| fi |
| |
| if [ ${FILTER_ID:1:1} -eq '1' ] |
| then |
| set_proto="proto_2"; |
| fi |
| |
| if [ ${FILTER_ID:2:1} -eq '1' ] |
| then |
| set_proto="proto_3"; |
| fi |
| |
| if [ -z "$set_proto" ] |
| then |
| set_proto="proto_0"; |
| fi |
| fi |
| |
| if [ ${FILTER_ID:5:1} -eq '1' ] #HAVP_WL |
| then |
| set="havp_wl" |
| if [ ${FILTER_ID:0:1} -eq '1' ] |
| then |
| set_proto="proto_1"; |
| fi |
| |
| if [ ${FILTER_ID:1:1} -eq '1' ] |
| then |
| set_proto="proto_2"; |
| fi |
| |
| if [ ${FILTER_ID:2:1} -eq '1' ] |
| then |
| set_proto="proto_3"; |
| fi |
| |
| if [ -z "$set_proto" ] |
| then |
| set_proto="proto_0"; |
| fi |
| fi |
| |
| |
| |
| if [ -z "$set" ] #NOT_FILTERED |
| then |
| set="not_filtered" |
| if [ ${FILTER_ID:0:1} -eq '1' ] |
| then |
| set_proto="proto_1"; |
| fi |
| |
| if [ ${FILTER_ID:1:1} -eq '1' ] |
| then |
| set_proto="proto_2"; |
| fi |
| |
| if [ ${FILTER_ID:2:1} -eq '1' ] |
| then |
| set_proto="proto_3"; |
| fi |
| |
| if [ -z "$set_proto" ] |
| then |
| set_proto="proto_0"; |
| fi |
| fi |
| |
| |
| ipset add $set $current_ip |
| ipset add $set_proto $current_ip |
| |
| fi |
| |