2016-02-21 - Re: [GRASE-Hotspot] Re: Limit voucher login to single device

Header Data

From: Reflex INKY <re***y@gmail.com>
Message Hash: 4f860bd368af92ae461c97e64d9fb8b2e63284bd22ea82e2fedbd53825ae379b
Message ID: <CAASt=XS4es_K1wP93L6pmsZD2LZz-OqprFfzr3vrJ1Od96=T3A@mail.gmail.com>
Reply To: <CAESLx0Kygo0NktdXnbjm+Q0EKYWO=n0yQhU7yu0c+CaT1yKpBA@mail.gmail.com>
UTC Datetime: 2016-02-21 04:50:30 UTC
Raw Date: Sun, 21 Feb 2016 07:50:30 -0400

Raw message 

I submitted a ticket but could you help me understand the flow of the login
process. When I looked at the hotspot.php file i see that the mac address
is being captured. I wanted to know if that could then be used to search
against the radius database and if it exists for another username then do
not allow the login. If you could point me to the files and or variables
that would be helpful.

Thanks

On Mon, Feb 15, 2016 at 7:10 AM, Timothy White <ti***8@gmail.com> wrote:

> Hi Reflex
>
> In theory, this could be done with Calling-Station-Id as suggested
> by Mohammed Farouk. Basically, it would need to be coded that on first
> login, we'd insert a new radcheck item for the Calling-Station-Id for that
> user, restricting future logins to that MAC address.
>
> Feel free to open a ticket (
> https://github.com/GraseHotspot/grase-www-portal/issues) for this so it
> can be worked on in the future. It's not Coova-Chilli that needs to be
> modified, rather the FreeRadius modules that need to be modified.
> Currently, the custom module is written in Perl, however I'm hoping to
> write future modules in Python as I like it more.
>
> Regards
>
> Tim
>
> On Mon, Feb 15, 2016 at 8:41 PM, Reflex INKY <re***y@gmail.com>
> wrote:
>
>> Thank you Tasyo. I figured that this is what I would have to do except I
>> do not know how. I wanted to do this at the point of login as any other way
>> would mean a cron job( I think). I am seeing the info in the radius
>> database but don't know where in the code to modify. For example, I am
>> seeing a dologin() function in config.local.sh that I want to change to
>> check for the username-mac address combination. I would then do the steps
>> in 2 outlined in your response but against the radius database. Now trying
>> to go through the code to understand how chilli works.
>>
>> On Mon, Feb 15, 2016 at 4:45 AM, Pilosopong Tasyo <
>> pi***7@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> You can use *chilli_query* to extract the username-MAC address pair of
>>> all logged-in users and make a comparison if each pair matches the one on
>>> file.  A shell script should foot the bill nicely.  Basically, the script
>>> does the following:
>>>
>>>
>>>    1. Use *chilli_query list* to extract the username and MAC address
>>>    of all logged-in users.  You'll need to filter the list using *grep*
>>>     and *cut* (you only need *USERNAME* and *MAC_ADDRESS*) and save it
>>>    *"ACTIVE_USERS_FILE"* for processing.
>>>    2. For every USERNAME and MAC_ADDRESS in the *ACTIVE_USERS_FILE*,
>>>    make a comparison:
>>>       - *USERNAME* doesn't exist on file yet -> first time log-in,
>>>       create *USERNAME* with *MAC_ADDRESS* as it's content
>>>       - *USERNAME* already exist and *MAC_ADDRESS* matches the one on
>>>       file -> no action, the credentials matches the one on file
>>>       - *USERNAME* already exist but *MAC_ADDRESS* doesn't match the
>>>       one on file -> unauthorized device (i.e., *USERNAME* is being
>>>       used with another device that has a different *MAC_ADDRESS*), use *chilli_query
>>>       logout* to kick out the *USER_NAME*
>>>    3. Repeat the entire procedure.
>>>
>>> So even if the there's a successful login, it won't take long for the
>>> user to get logged out.  Very effective in deterring users from sharing
>>> their credentials with someone else (or preventing users from using their
>>> credentials on another device even if they own it).
>>>
>>> Hope this helps.  Cheers.
>>>
>>> --
>>> This mailing list is for the Grase Hotspot Project
>>> http://grasehotspot.org
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "Grase Hotspot" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to gr***e@grasehotspot.org.
>>> To post to this group, send email to gr***t@grasehotspot.org.
>>> Visit this group at
>>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/5dc932ed-0b56-43a5-82dc-ec8616c3cf50%40grasehotspot.org
>>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/5dc932ed-0b56-43a5-82dc-ec8616c3cf50%40grasehotspot.org?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
>> --
>> This mailing list is for the Grase Hotspot Project
>> http://grasehotspot.org
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Grase Hotspot" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to gr***e@grasehotspot.org.
>> To post to this group, send email to gr***t@grasehotspot.org.
>> Visit this group at
>> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
>> To view this discussion on the web visit
>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAASt%3DXQAFw%3DtFGv65RkH_2n6%2B%2BpkkASrT98NGHnFVVHrJ9T9nQ%40mail.gmail.com
>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAASt%3DXQAFw%3DtFGv65RkH_2n6%2B%2BpkkASrT98NGHnFVVHrJ9T9nQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>
> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To post to this group, send email to gr***t@grasehotspot.org.
> Visit this group at
> https://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0Kygo0NktdXnbjm%2BQ0EKYWO%3Dn0yQhU7yu0c%2BCaT1yKpBA%40mail.gmail.com
> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0Kygo0NktdXnbjm%2BQ0EKYWO%3Dn0yQhU7yu0c%2BCaT1yKpBA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

Thread