The approach I mentioned does require that the DHCP lease database be
monitored. Most typically, you would use a long-running process
(e.g., daemon) for this purpose, but you could also use a recurring
job (a la cron) to scan the database every once in a while
for changes. The daemon-based approach is probably simpler and will
provide more immediate triggering of responses to newly plugged-in
network devices, so that's the approach I will talk about below.
What I really want to do is trigger something and grab
the user's MAC and see if the laptop is authorized. I know grab MAC
address using ipconfig, but I want to automate this
part.
The "trigger" is the appearance of a new entry in the DHCP leases database.
The entry will contain the MAC address already, so there is no need to look
it up using ipconfig.
For example, here is some (untested) code that monitors the
lease database and triggers a call to check_authorization
when a new lease record appears:
#!/usr/bin/perl
use warnings;
use strict;
use File::Tail;
# monitor the leases database, waiting for new entries
my $leases_db = File::Tail->new("/var/lib/dhcp/dhcpd.leases");
# wait for entries of the following form:
#
# lease 192.168.0.1 {
# starts 1 2004/09/27 14:16:02;
# ends 1 2004/09/27 15:16:02;
# hardware ethernet 00:0b:db:13:e7:49;
# }
while (defined( $_ = $leases_db->read )) {
my $ip_addr = $1 if /^lease ([.0-9]+)/i;
if (/hardware ethernet ([:0-9a-f]+)/i) {
my $mac_addr = $1;
check_authorization($ip_addr, $mac_addr);
}
}
# the following subroutine will be called when a new
# lease record appears in the DHCP server's database
sub check_authorization {
my ($ip_addr, $mac_addr) = @_;
# look up $mac_addr in authorization database
# and take action if necessary
}
Hope this helps.
Cheers!
Tom
| [reply]
[d/l]
[select] |