Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

Untitled

By: a guest on Jan 3rd, 2012  |  syntax: Perl  |  size: 6.23 KB  |  hits: 64  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. FILE:  /usr/local/pf/lib/pf/vlan/custom.pm
  2.  
  3. ==========================================
  4.  
  5. package pf::vlan::custom;
  6.  
  7. =head1 NAME
  8.  
  9. pf::vlan::custom - Object oriented module for VLAN isolation oriented functions
  10.  
  11. =head1 SYNOPSIS
  12.  
  13. The pf::vlan::custom module implements VLAN isolation oriented functions that are custom
  14. to a particular setup.
  15.  
  16. This module extends pf::vlan
  17.  
  18. =cut
  19.  
  20. use strict;
  21. use warnings;
  22. use diagnostics;
  23. use Log::Log4perl;
  24.  
  25. use base ('pf::vlan');
  26. use pf::config;
  27. use pf::node qw(node_view node_add_simple node_exist);
  28. use pf::util;
  29. use pf::violation qw(violation_count_trap violation_exist_open violation_view_top);
  30.  
  31. our $VERSION = 1.00;
  32.  
  33. =head1 SUBROUTINES
  34.  
  35. =over
  36.  
  37. =cut
  38.  
  39. =item getNormalVlan
  40.  
  41. Sample getNormalVlan, see pf::vlan for getNormalVlan interface description
  42.  
  43. =cut
  44. sub getNormalVlan {
  45. #    #$switch is the switch object (pf::SNMP)
  46. #    #$ifIndex is the ifIndex of the computer connected to
  47. #    #$mac is the mac connected
  48. #    #$node_info is the node info hashref (result of pf::node's node_view on $mac)
  49. #    #$conn_type is set to the connnection type expressed as the constant in pf::config
  50. #    #$user_name is set to the RADIUS User-Name attribute (802.1X Username or MAC address under MAC Authentication)
  51. #    #$ssid is the name of the SSID (Be careful: will be empty string if radius non-wireless and undef if not radius)
  52.  
  53. ### BEGIN CUSTOM EDIT ###
  54.  
  55.     my ($this, $switch, $ifIndex, $mac, $node_info, $connection_type, $user_name, $ssid) = @_;
  56.     my $logger = Log::Log4perl->get_logger();
  57.  
  58.     if (defined($node_info->{'category'})) {
  59.          if (($node_info->{'category'}) eq 'Staff') {
  60.              return $switch->getVlanByName('customVlan1');
  61.          } elsif (($node_info->{'category'}) eq 'Students') {
  62.              return $switch->getVlanByName('customVlan2');
  63.          } elsif (($node_info->{'category'}) eq 'Guest') {
  64.              return $switch->getVlanByName('customVlan3');
  65.          }
  66.      }
  67.     $logger->warn("Something is misconfigured. You should not see this message. Return null VLAN.");
  68.     return -1;
  69. }
  70.  
  71. ### END CUSTOM EDIT ###
  72.  
  73. #    =======edit by Jake======
  74. #
  75. #    # custom example: admin category
  76. #    # return customVlan5 to nodes in the admin category
  77. #    if (defined($node_info->{'category'}) && lc($node_info->{'category'}) eq "admin") {
  78. #        return $switch->getVlanByName('customVlan5');
  79. #    }
  80. #
  81. #    # custom example: simple guest user
  82. #    # return guestVlan for pid=guest
  83. #    if (defined($node_info->{pid}) && $node_info->{pid} =~ /^guest$/i) {
  84. #        return $switch->getVlanByName('guestVlan');
  85. #    }
  86. #
  87. #    # custom example: enforce a node's bypass VLAN
  88. #    # If node record has a bypass_vlan prefer it over normalVlan
  89. #    # Note: It might be made the default behavior one day
  90. #    if (defined($node_info->{'bypass_vlan'}) && $node_info->{'bypass_vlan'} ne '') {
  91. #        return $node_info->{'bypass_vlan'};
  92. #    }
  93. #    
  94. #    # custom example: VLAN by SSID
  95. #    # return customVlan1 if SSID is 'PacketFenceRocks'
  96. #    if (defined($ssid) && $ssid eq 'PacketFenceRocks') {
  97. #        return $switch->getVlanByName('customVlan1');
  98. #    }  
  99. #        
  100. #    return $switch->getVlanByName('normalVlan');
  101. #}
  102.  
  103. =item shouldAutoRegister
  104.  
  105. Sample shouldAutoRegister, see pf::vlan for shouldAutoRegister interface description
  106.  
  107. =cut
  108. # Note: if you add more examples here, remember to sync them in pf::vlan::custom
  109. #sub shouldAutoRegister {
  110. #    #$mac is MAC address
  111. #    #$switch_in_autoreg_mode is set to 1 if switch is in registration mode
  112. #    #$violation_autoreg is set to 1 if called from a violation with autoreg action
  113. #    #$isPhone is set to 1 if device is considered an IP Phone.
  114. #    #$conn_type is set to the connnection type expressed as the constant in pf::config
  115. #    #$user_name is set to the RADIUS User-Name attribute (802.1X Username or MAC address under MAC Authentication)
  116. #    #$ssid is set to the wireless ssid (will be empty if radius and not wireless, undef if not radius)
  117. #    my ($this, $mac, $switch_in_autoreg_mode, $violation_autoreg, $isPhone, $conn_type, $user_name, $ssid) = @_;
  118. #    my $logger = Log::Log4perl->get_logger();
  119. #
  120. #    $logger->trace("asked if should auto-register device");
  121. #    # handling switch-config first because I think it's the most important to honor
  122. #    if (defined($switch_in_autoreg_mode) && $switch_in_autoreg_mode) {
  123. #        $logger->trace("returned yes because it's from the switch's config");
  124. #        return 1;
  125. #
  126. #    # if we have a violation action set to autoreg
  127. #    } elsif (defined($violation_autoreg) && $violation_autoreg) {
  128. #        $logger->trace("returned yes because it's from a violation with action autoreg");
  129. #        return 1;
  130. #    }
  131. #
  132. #    if ($isPhone) {
  133. #        $logger->trace("returned yes because it's an ip phone");
  134. #        return $isPhone;
  135. #    }
  136. #
  137. #    # custom example: auto-register 802.1x users
  138. #    # Since they already have validated credentials through EAP to do 802.1X
  139. #    if (defined($conn_type) && (($conn_type & EAP) == EAP)) {
  140. #        $logger->trace("returned yes because it's a 802.1X client that successfully authenticated already");
  141. #        return 1;
  142. #    }
  143. #    
  144. #    # otherwise don't autoreg
  145. #    return 0;
  146. #}
  147.  
  148. =back
  149.  
  150. =head1 AUTHOR
  151.  
  152. Dominik Gehl <dgehl@inverse.ca>
  153.  
  154. Olivier Bilodeau <obilodeau@inverse.ca>
  155.  
  156. =head1 COPYRIGHT
  157.  
  158. Copyright (C) 2006-2010 Inverse inc.
  159.  
  160. =head1 LICENSE
  161.  
  162. This program is free software; you can redistribute it and/or
  163. modify it under the terms of the GNU General Public License
  164. as published by the Free Software Foundation; either version 2
  165. of the License, or (at your option) any later version.
  166.  
  167. This program is distributed in the hope that it will be useful,
  168. but WITHOUT ANY WARRANTY; without even the implied warranty of
  169. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  170. GNU General Public License for more details.
  171.  
  172. You should have received a copy of the GNU General Public License
  173. along with this program; if not, write to the Free Software
  174. Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
  175. USA.
  176.  
  177. =cut
  178.  
  179. 1;
  180.  
  181. # vim: set shiftwidth=4:
  182. # vim: set expandtab:
  183. # vim: set backspace=indent,eol,start:
  184. [root@NAC01 ~]#
  185.  
  186.  
  187. ==========================================
create a new version of this paste RAW Paste Data