#!/usr/bin/perl
###########################################################################
##  Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3      ##
##  Please see: http://www.gnu.org/licenses/gpl.html for legal details,  ##
##  rights of fair usage, the disclaimer and warranty conditions.        ##
###########################################################################
# iptables
my $IPTABLES = '/usr/bin/sudo /sbin/iptables';

# FreeRADIUS log constants
use constant	INFO=>	3;
# FreeRADIUS return constants
use constant    RLM_MODULE_OK=>        2;#  /* the module is OK, continue */ 

sub post_auth {
        # if we are here, then authentication succeeded
        $mac = $RAD_REQUEST{'Calling-Station-Id'};
        $mac =~ s/\-/\:/g;
        $usr = $RAD_REQUEST{'User-Name'};
        if(index(`$IPTABLES -L -n`, "radius access for $usr") != -1) {
                return RLM_MODULE_OK;
        }
        system("$IPTABLES -I INPUT 1 -i eth0 -m mac --mac-source $mac -j ACCEPT -m comment --comment \"radius access for $usr\"");
        &radiusd::radlog(INFO, "Granted access for usr: ".$usr." with MAC address: ".$mac);
        return RLM_MODULE_OK;
}