Re: [PacketFence-users] Unregistering user's devices via API call?

Fri, 23 Dec 2022 11:07:42 -0800 

Hi Darren,

I appear to have a working solution but would love some comments on any 
dangerous assumptions I’m making. Namely, that searching by IP will show the 
most recent entry in the ip4log for a given IP’s node MAC address.

The following attempts to:

  *   Sanitize the input from CheckPoint SmartEvents
  *   Extract the source IP
  *   Obtains an authentication token
  *   Searches the ip4logs for the relevant IP to learn the node’s MAC
  *   Looks up the category (role) ID for ‘REJECT’
  *   Updates the node

PS: Do I need to somehow signal to PacketFence that it should re-evaluate the 
node and kick it off or is that automatically handled when the role changes?

#!/bin/bash
# CheckPoint SmartEvent custom correlation rule calls script - 
$RTDIR/bin/ext_commands/block_on_packetfence
INPUT=$(cat);
STRIPPED="${INPUT//[^a-zA-Z0-9 ().,:;+_-]}";
API='https://packetfence.redacted.com:1443/api/v1'
APIUSER='****************';
APIPSWD='****************';
NEWROLE='REJECT';
MAC='';
NEWROLEID='';
CURL_OUTPUT='';
CURL_HEADER='-H "accept: application/json"';
USERIP=`echo "$STRIPPED" | sed -r '/; IP: / s/.*; IP: ([0-9.]+).*/\1/'`;
#USERID=`echo "$STRIPPED" | sed -r '/user_name: / s/.*user_name: 
([[:alnum:]_-]+).*/\1/'`;


if [ ${#USERIP} -ge 7 ] && [ ${#USERIP} -le 15 ]; then
  TOKEN=`curl_cli -fsX POST "$API/login" "$CURL_HEADER" -d 
'{"username":"'$APIUSER'","password":"'$APIPSWD'"}' 2> /dev/null | jq -r 
.token` || exit 1;
  
DATA='{"fields":["mac"],"query":{"op":"and","values":[{"op":"or","values":[{"field":"ip","op":"equals","value":"'$USERIP'"}]}]},"limit":1}';
  MAC=`curl_cli -fsX POST "$API/ip4logs/search" "$CURL_HEADER" -H 
"Authorization: $TOKEN" -d "$DATA" 2> /dev/null | jq -r '.items[].mac'` || exit 
1;
  NEWROLEID=`curl_cli -fsX GET "$API/node_categories" "$CURL_HEADER" -H 
"Authorization: $TOKEN" 2> /dev/null | jq -r '.items[] | 
select(.name|test("'$NEWROLE'")) | .category_id'`;
  CURL_OUTPUT=`curl_cli -fsSX PATCH "$API/node/$MAC" "$CURL_HEADER" -H 
"Authorization: $TOKEN" -d '{"category_id":"'$NEWROLEID'"}' 2>&1`;
fi


if [ ${#CURL_OUTPUT} -gt 0 ]; then
  echo -e "Source: $USERIP - MAC: $MAC - Role ID: $NEWROLEID - Curl debug 
data:\n$CURL_OUTPUT";
else
  echo -e "Source: $USERIP - Curl return code: $? - Sanitised event 
data:\n$STRIPPED";
fi

Herewith an image, in case the text block above is garbled:
[cid:image001.png@01D916F7.0D184D90]


PS: Hope the above helps someone else…


Regards
David Herselman

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to