#!/usr/bin/perl
# 
# accesses-from-ldap-close.pl
# Written by Erik Inge Bolsø (knan@redpill-linpro.com), 2009.
#
# COPYRIGHT
# This script is free software, you can redistribute it and/or modify
# it under the same terms as Perl itself.
#
use strict;

# overview:
#  grab ip from environment
#  run ipset commands to list and remove accesses

# shouldn't need to customize below here
my $openvpn_remoteip  = $ENV{'ifconfig_pool_remote_ip'}   or die "a-f-l-o: script environment out of order, \$ifconfig_pool_remote_ip missing.\n";

# find current accesses with ipset -L and ipset -T
my @accesses = ( ) ;
my @ipsets = `/usr/bin/sudo /usr/sbin/ipset -L | grep ^Name: | cut -f 2 -d ' '`;

foreach my $set ( @ipsets ) {
  chomp $set ;
  system("/usr/bin/sudo /usr/sbin/ipset -T $set $openvpn_remoteip >/dev/null 2>/dev/null") == 0 and push(@accesses, $set) ;
}

# remove ip from the named ipset sets.
# nothing much we can do about failures at this point.
foreach my $access ( @accesses ) {
  system("/usr/bin/sudo /usr/sbin/ipset -D $access $openvpn_remoteip");
}

# success!
exit 0;