Ticket #285 (new Feature Request)

Opened 2 years ago

Last modified 1 year ago

MAC Address Blacklist

Reported by: anonymous Assigned to:
Priority: normal Milestone: WifiDog Auth Server 1.1
Component: Auth server, Authentication, permissions and access control Keywords: MAC Blacklist
Cc:

Description

I would like a feature to allow blacklisting of specific MAC addresses, thereby disallowing their auth, and ideally presenting an error in the portal, and not allowing login or registration. Possibly with customisable error messages (eg. 'Your connection has been blocked for network abuse. Please contact us').

Attachments

Change History

01/09/07 18:54:46 changed by benoitg

  • type changed from Bug report to Feature Request.

04/20/07 23:48:52 changed by wifidog-at-moose.to

I have this working without the custom error messages, it just drops packets from the blocked MAC list altogether.

How would you like to get a copy of it?

12/04/07 14:34:57 changed by benoitg

  • owner changed.
  • component changed from Auth server, Other to Auth server, Authentication, permissions and access control.
  • milestone changed from WifiDog Auth Server 2.0 to WifiDog Auth Server 1.1.

Everything needed on the gateway side is already there.

The changes needed for basic functionality in the auth server are:

  • Add a network_had_blacklist and blacklist table in the db. The latter would (for now) only have a guuid and a MAC adress field.
  • Add a UI for it. This implied writing a very simple "Blacklist" object that inherits from generic object, and hooking it in from Network::getAdminUI() and Network::processAdminUI()
  • Actually use the blacklist during login attempt (at the token creation stage. This should be authenticator independent.
  • Optionally, also prevent creating an account from that computer. This MUST somehow be done within the AuthenticatorLocalUser? code even if additional hooks have to be written), not in the general auth or signup code.

The above should be fairly simple, and fairly future proof (in the future there will be much more complicated use case than static, persistent MAC based blacklists).

Add/Change #285 (MAC Address Blacklist)