(captiveportal, new) work in progress scriptbase, idletimeout, hardtimeout, etc

1fd5d463 · Ad Schellevis · 3677ab28 · 1fd5d463 · 1fd5d463 · 1fd5d463
Commit 1fd5d463 authored Oct 03, 2015 by Ad Schellevis
3 changed files
--- a/src/opnsense/scripts/OPNsense/CaptivePortal/cp-background-process.py
+++ b/src/opnsense/scripts/OPNsense/CaptivePortal/cp-background-process.py
@@ -62,11 +62,8 @@ def main():
                expected_clients = db.list_clients(zoneid)
                # handle connected clients, timeouts, address changes, etc.
                for db_client in expected_clients:
-                    # convert ip address to net, tables are registered as  nets
+                    # fetch ip address (or network) from database
-                    if db_client['ipAddress'].strip().find('/') == -1:
+                    cpnet = db_client['ipAddress'].strip()
-                        cpnet = '%s/32' % db_client['ipAddress'].strip()
-                    else:
-                        cpnet = db_client['ipAddress'].strip()
                    # there are different reasons why a session should be removed, check for all reasons and
                    # use the same method for the actual removal
@@ -75,10 +72,17 @@ def main():
                    # todo, static ip and addresses shouldn't be affected by the timeout rules below.
                    # check if hardtimeout is set and overrun for this session
                    if 'hardtimeout' in cpzones[zoneid] and str(cpzones[zoneid]['hardtimeout']).isdigit():
-                        if int(cpzones[zoneid]['hardtimeout']) > 0:
+                        # hardtimeout should be set and we should have collected some session data from the client
-                            if time.time() - float(db_client['startTime']) / 60 > int(cpzones[zoneid]['hardtimeout']):
+                        if int(cpzones[zoneid]['hardtimeout']) > 0  and float(db_client['startTime']) > 0:
+                            if (time.time() - float(db_client['startTime'])) / 60 > int(cpzones[zoneid]['hardtimeout']):
+                                drop_session = True
+                    # check if idletimeout is set and overrun for this session
+                    if 'idletimeout' in cpzones[zoneid] and str(cpzones[zoneid]['idletimeout']).isdigit():
+                        # idletimeout should be set and we should have collected some session data from the client
+                        if int(cpzones[zoneid]['idletimeout']) > 0 and float(db_client['last_accessed']) > 0:
+                            if (time.time() - float(db_client['last_accessed'])) / 60 > int(cpzones[zoneid]['idletimeout']):
                                drop_session = True
-                                drop_session = False
                    # check session, if it should be active, validate its properties
                    if not drop_session:

--- a/src/opnsense/scripts/OPNsense/CaptivePortal/lib/db.py
+++ b/src/opnsense/scripts/OPNsense/CaptivePortal/lib/db.py
@@ -78,6 +78,7 @@ class DB(object):
        response['ipAddress'] = ip_address
        response['macAddress'] = mac_address
        response['startTime'] = time.time()  # record creation = sign-in time
+        response['last_accessed'] = time.time() # last accessed_time = sign-in time
        response['sessionId'] = base64.b64encode(os.urandom(16))  # generate a new random session id
        cur = self._connection.cursor()
@@ -89,8 +90,8 @@ class DB(object):
                    """, response)
        # add new session
-        cur.execute("""INSERT INTO cp_clients(zoneid, authenticated_via, sessionid, username,  ip_address, mac_address, created)
+        cur.execute("""INSERT INTO cp_clients(zoneid, authenticated_via, sessionid, username,  ip_address, mac_address, created, last_accessed)
-                       VALUES (:zoneid, :authenticated_via, :sessionId, :userName, :ipAddress, :macAddress, :startTime)
+                       VALUES (:zoneid, :authenticated_via, :sessionId, :userName, :ipAddress, :macAddress, :startTime, :last_accessed)
                    """, response)
        self._connection.commit()

--- a/src/opnsense/scripts/OPNsense/CaptivePortal/lib/ipfw.py
+++ b/src/opnsense/scripts/OPNsense/CaptivePortal/lib/ipfw.py
@@ -48,7 +48,14 @@ class IPFW(object):
            output_stream.seek(0)
            for line in output_stream.read().split('\n'):
                if line.split(' ')[0].strip() != "":
-                    result.append(line.split(' ')[0])
+                    # process / 32 nets as single addresses to align better with the rule syntax
+                    # and local administration.
+                    if line.split(' ')[0].split('/')[-1] == '32':
+                        # single IPv4 address
+                        result.append(line.split(' ')[0].split('/')[0])
+                    else:
+                        # network
+                        result.append(line.split(' ')[0])
            return result
    def ip_or_net_in_table(self, table_number, address):
@@ -58,11 +65,7 @@ class IPFW(object):
        :return: boolean
        """
        ipfw_tbl = self.list_table(table_number)
-        if address.find('.') > -1 and address.find('/') == -1:
+        if address.strip() in ipfw_tbl:
-            # address given, search for /32 net in ipfw rules
-            if '%s/32' % address.strip() in ipfw_tbl:
-                return True
-        elif address.strip() in ipfw_tbl:
            return True
        return False