fix captive portal prune sessions, radius still needs work, old code copied...

fix captive portal prune sessions, radius still needs work, old code copied back but not sure if this works

src/etc/inc/voucher.inc

@@ -218,6 +218,9 @@ EOF;
 function voucher_expire($voucher_received) {
 	global $g, $config, $cpzone;
 
+	$cpdb = new Captiveportal\DB($cpzone);
+	$cpc = new Captiveportal\CPClient();
+
 	// XMLRPC Call over to the master Voucher node
 	if(!empty($config['voucher'][$cpzone]['vouchersyncdbip'])) {
 		$syncip   = $config['voucher'][$cpzone]['vouchersyncdbip'];
@@ -275,13 +278,11 @@ function voucher_expire($voucher_received) {
 				captiveportal_syslog("{$voucher} ({$roll}/{$nr}) forced to expire");
 
 				/* Check if this voucher has any active sessions */
-				$cpdb = new Captiveportal\DB($cpzone);
-				if ($db->countClients(array("username"=>$voucher)) > 0 ) {
-					captiveportal_disconnect(array("username"=>$voucher),null,13);
-					//TODO: fix logging (in disconnect?) captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"FORCLY TERMINATING VOUCHER {$voucher} SESSION");
+				$clients  = $cpdb->listClients(array("username"=>$voucher),null, null);
+				foreach($clients as $client ){
+					$cpc->disconnect($cpzone,$client->sessionid);
 				}
 
-				unset($cpdb);
 			} else
 				captiveportal_syslog("$voucher ($roll/$nr): not found on any registererd Roll");
 		} else
@@ -312,6 +313,9 @@ function voucher_expire($voucher_received) {
 		unset($bitstring);
 	}
 
+	unset($cpdb);
+	unset($cpc);
+
 	unlock($voucherlck);
 
 	return true;

src/etc/rc.prunecaptiveportal

@@ -47,19 +47,16 @@ if (!is_array($config['captiveportal'][$cpzone])) {
 	return;
 }
 $cpzoneid = $config['captiveportal'][$cpzone]['zoneid'];
-
-if (file_exists("{$g['tmp_path']}/.rc.prunecaptiveportal.{$cpzone}.running")) {
-	$stat = stat("{$g['tmp_path']}/.rc.prunecaptiveportal.{$cpzone}.running");
+if (file_exists("{$g['tmp_path']}/.rc.prunecaptiveportal.running")) {
+	$stat = stat("{$g['tmp_path']}/.rc.prunecaptiveportal.running");
 	if (time() - $stat['mtime'] >= 120)
-		@unlink("{$g['tmp_path']}/.rc.prunecaptiveportal.{$cpzone}.running");
+		@unlink("{$g['tmp_path']}/.rc.prunecaptiveportal.running");
 	else {
 		log_error("Skipping CP prunning process because previous/another instance is already running");
 		return;
 	}
 }
-
-@file_put_contents("{$g['tmp_path']}/.rc.prunecaptiveportal.{$cpzone}.running", "");
+@file_put_contents("{$g['tmp_path']}/.rc.prunecaptiveportal.running", "");
 captiveportal_prune_old();
-@unlink("{$g['tmp_path']}/.rc.prunecaptiveportal.{$cpzone}.running");
-
+@unlink("{$g['tmp_path']}/.rc.prunecaptiveportal.running");
 ?>

src/opnsense/mvc/app/models/Captiveportal/CPClient.php

@@ -60,6 +60,27 @@ class CPClient {
      */
     private $shell = null;
 
+    /**
+     * send message to syslog
+     *
+     * @param $status
+     * @param $user
+     * @param $mac
+     * @param $ip
+     * @param string $message
+     */
+    private function logportalauth($user,$mac,$ip,$status,$message=""){
+
+        $message = trim($message);
+        $message = "{$status}: {$user}, {$mac}, {$ip}, {$message}";
+
+        $logger = new \Phalcon\Logger\Adapter\Syslog("logportalauth", array(
+            'option' => LOG_PID,
+            'facility' => LOG_LOCAL4
+        ));
+        $logger->info($message);
+
+    }
     /**
      * Request new pipeno
      * @return int
@@ -169,6 +190,7 @@ class CPClient {
                     $parts = preg_split('/\s+/', $line);
                     if (count($parts) > 8 && $parts[7] != 'any' and strlen($parts[7]) > 5) {
                         $result[$parts[7]] = array(
+                            "rulenum" => $parts[0],
                             "last_accessed" => (int)$parts[3],
                             "idle_time" => time() - (int)$parts[3],
                             "out_packets" => (int)$parts[1],
@@ -183,6 +205,21 @@ class CPClient {
 
     }
 
+    /**
+     * reset traffic counters
+     *
+     * @param null $rulenum
+     */
+    public function zero_counters($rulenum=null){
+        if ( $rulenum != null and is_numeric($rulenum) ){
+            $this->shell->exec("/sbin/ipfw zero " . $rulenum );
+        }
+        elseif ( $rulenum == null ){
+            $this->shell->exec("/sbin/ipfw zero " );
+        }
+
+    }
+
     /**
      * Constructor
      */
@@ -512,8 +549,8 @@ class CPClient {
         $this->reset_bandwidth($pipeno_in,$bw_up);
         $this->reset_bandwidth($pipeno_in,$bw_down);
 
-
-        // TODO : Add logging, ( captiveportal_logportalauth($cpentry[4],$cpentry[3],$cpentry[2],"CONCURRENT LOGIN - TERMINATING OLD SESSION"); )
+        // log
+        $this->logportalauth($username,$clientmac,$clientip,$status="LOGIN");
 
         // cleanup
         unset($db);
@@ -521,7 +558,6 @@ class CPClient {
         return $sessionid;
     }
 
-
     /**
      * disconnect a session or a list of sessions depending on the parameter
      * @param string $cpzonename zone name or id
@@ -538,6 +574,7 @@ class CPClient {
         }
     }
 
+
     /**
      * flush zone (null flushes all zones)
      * @param null $zone
@@ -576,38 +613,48 @@ class CPClient {
     /**
      * cleanup portal sessions
      */
-    function portal_cleanup_sessions(){
+    function portal_cleanup_sessions($cpzone=null){
         $acc_list = $this->list_accounting();
         foreach($this->config->object()->captiveportal->children() as $cpzonename => $zoneobj){
-            $db = new DB($cpzonename);
+            if ( $cpzone == null || $cpzone == $cpzonename ) {
+                $db = new DB($cpzonename);
 
-            $clients  = $db->listClients(array(),null, null);
+                $clients = $db->listClients(array(), null, null);
 
-            foreach($clients as $client ){
-                $idle_time = 0;
-                if ( array_key_exists (  $client->ip ,$acc_list ) ){
-                    $idle_time = $acc_list[$client->ip];
-                }
+                foreach ($clients as $client) {
+                    $idle_time = 0;
+                    if (array_key_exists($client->ip, $acc_list)) {
+                        $idle_time = $acc_list[$client->ip];
+                    }
 
-                // if session timeout is reached, disconnect
-                if ( $client->session_timeout  != ""  ){
-                    if ( ((time() - $client->allow_time)/60) > $client->session_timeout  ){
-                        $this->disconnect($cpzonename,$client->sessionid);
-                        continue;
+                    // if session timeout is reached, disconnect
+                    if (is_numeric($client->session_timeout) && $client->session_timeout > 0 ) {
+                        if (((time() - $client->allow_time) / 60) > $client->session_timeout) {
+                            $this->disconnect($cpzonename, $client->sessionid);
+                            $this->logportalauth($client->username,$client->mac,$client->ip,$status="SESSION TIMEOUT");
+                            continue;
+                        }
+                    }
+
+                    // disconnect session if idle timeout is reached
+                    if (is_numeric($client->idle_timeout) && $client->idle_timeout > 0  && $idle_time > 0) {
+                        if ($idle_time > $client->idle_timeout) {
+                            $this->disconnect($cpzonename, $client->sessionid);
+                            $this->logportalauth($client->username,$client->mac,$client->ip,$status="IDLE TIMEOUT");
+                            continue;
+                        }
                     }
-                }
 
-                // disconnect session if idle timeout is reached
-                if ( $client->idle_timeout  != "" && $idle_time > 0 ){
-                    if ( $idle_time > $client->idle_timeout   ){
-                        $this->disconnect($cpzonename,$client->sessionid);
+                    // disconnect on session terminate time
+                    if ($client->session_terminate_time != "" && $client->session_terminate_time < time()) {
+                        $this->disconnect($cpzonename, $client->sessionid);
+                        $this->logportalauth($client->username,$client->mac,$client->ip,$status="TERMINATE TIME REACHED");
                         continue;
                     }
                 }
-            }
-
-            unset($db);
 
+                unset($db);
+            }
         }
 
         unset ($acc_list);