[isf-wifidog] Implementing MAC address based blacklist.

Benoit Grégoire bock at step.polymtl.ca
Mar 4 Déc 14:14:51 EST 2007

On 3 December 2007, Chris Rowson wrote:
> There isn't a function built in that allows this. I believe it's on
> the roadmap though?

It is, but as usual, it requires developers willing to code it.  This one is 
very simple however, ass everything needed in the gateway is already there.

The changes needed for basic functionnality in  the auth server are:

-Add a network_had_blacklist and blacklist table in the db.  The latter would 
(for now) only have a guuid and a MAC adress field.
-Add a UI for it.  This implied writing a very simple "Blacklist" object that 
inherits from generic object, and hooking it in from Network::getAdminUI() 
and Network::processAdminUI()
-Actually use the blacklist during login attempt (at the token creation stage.  
This should be authenticator independent.
-Optionally, also prevent creating an account from that computer.  This MUST 
somehow be done within the AuthenticatorLocalUser code even if additional 
hooks have to be written), not in the general auth or signup code.

The above should be fairly simple, and fairly future proof (in the future 
there will be much more complicated use case than static, persistent MAC 
based blacklists).

Plus d'informations sur la liste de diffusion WiFiDog