Rev 2262 | Blame | Last modification | View Log
#!/bin/sh
#
# $Id: alcasar-macdown.sh 2274 2017-06-06 06:12:50Z richard $
#
# Le script 'macdown' est appelé par coovachilli pendant le DHCP down (release)
# Pour une adresse mac authorisée pour laquelle coovachilli effectue un DHCP release, l'@IP sera retiré de l'ipset 'not_filtered'
if [ -z $CALLING_STATION_ID ]; then
exit 1
fi
chilli_current_mac=$(chilli_query list | grep $CALLING_STATION_ID)
is_connected=$(echo $chilli_current_mac | cut -d' ' -f5)
current_mac=$(echo $chilli_current_mac | cut -d' ' -f1)
current_name=$(echo $chilli_current_mac | cut -d' ' -f6)
current_ip=$(echo $chilli_current_mac | cut -d' ' -f2)
if [ $is_connected == "1" ] && [ $current_mac == $current_name ]; then # only for authenticated MAC
#Lecture du Filter-Id de l'équipement authentifié afin de le retirer de son ipset
PASSWD_FILE="/root/ALCASAR-passwords.txt"
QUERY="SELECT value FROM radreply WHERE attribute='Filter-Id' AND username='$current_mac';"
FILTER_ID=$(mysql -D radius -u root -p$(cat $PASSWD_FILE | grep "root /" | rev | cut -d' ' -f1 | rev) -e "$QUERY" -Ns)
# FilterID Byte N°0 to 7
# 0: profile_1 (WEB)
# 1: profile_2 (WEB + Mail + Remote access)
# 2: profile_3 (Custom)
# 3: warn_user (if imputability report has been generated)
# 5: WL
# 6: BL
# 7: HAVP
if [ ${FILTER_ID:5:1} == '1' ]; then # HAVP_WL
set_filter="havp_wl"
elif [ ${FILTER_ID:6:1} == '1' ]; then # HAVP_BL
set_filter="havp_bl"
elif [ ${FILTER_ID:7:1} == '1' ]; then # HAVP
set_filter="havp"
else # NOT_FILTERED
set_filter="not_filtered"
fi
if [ ${FILTER_ID:2:1} == '1' ]; then # PROFILE 3 (Custom)
set_proto="proto_3";
elif [ ${FILTER_ID:1:1} == '1' ]; then # PROFILE 2 (WEB + Mail + Remote access)
set_proto="proto_2";
elif [ ${FILTER_ID:0:1} == '1' ]; then # PROFILE 1 (WEB)
set_proto="proto_1";
else # PROFILE 0 (Not filtered)
set_proto="proto_0";
fi
ipset del $set_filter $current_ip
ipset del $set_proto $current_ip
fi