Skip to content

O
OpnSense
Commit f3d9e10b authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

fixes for captive portal voucher, locking issues etc.

parent 3ee4024a
Show whitespace changes
Inline Side-by-side
Showing with 15 additions and 41 deletions
src/etc/inc/captiveportal.inc
View file @ f3d9e10b
...@@ -119,7 +119,6 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut ...@@ -119,7 +119,6 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
$dwfaultbw_down = isset($config['captiveportal'][$cpzone]['bwdefaultdn']) ? $config['captiveportal'][$cpzone]['bwdefaultdn'] : 0; $dwfaultbw_down = isset($config['captiveportal'][$cpzone]['bwdefaultdn']) ? $config['captiveportal'][$cpzone]['bwdefaultdn'] : 0;
$bw_up = isset($attributes['bw_up']) ? round(intval($attributes['bw_up'])/1000, 2) : $dwfaultbw_up; $bw_up = isset($attributes['bw_up']) ? round(intval($attributes['bw_up'])/1000, 2) : $dwfaultbw_up;
$bw_down = isset($attributes['bw_down']) ? round(intval($attributes['bw_down'])/1000, 2) : $dwfaultbw_down; $bw_down = isset($attributes['bw_down']) ? round(intval($attributes['bw_down'])/1000, 2) : $dwfaultbw_down;
$session_terminate_time = (!empty($attributes['session_terminate_time'])) ? $attributes['session_terminate_time'] : 'NULL';
$interim_interval = (!empty($attributes['interim_interval'])) ? $attributes['interim_interval'] : 'NULL'; $interim_interval = (!empty($attributes['interim_interval'])) ? $attributes['interim_interval'] : 'NULL';
$session_timeout = 0 ; $session_timeout = 0 ;
...@@ -127,7 +126,8 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut ...@@ -127,7 +126,8 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
$session_timeout = $attributes['session_timeout'] ; $session_timeout = $attributes['session_timeout'] ;
} }
elseif ( is_numeric($config['captiveportal'][$cpzone]["timeout"]) ){ elseif ( is_numeric($config['captiveportal'][$cpzone]["timeout"]) ){
$session_timeout = $config['captiveportal'][$cpzone]["timeout"]; // calculate to seconds for timeout parameters ( config in minutes )
$session_timeout = $config['captiveportal'][$cpzone]["timeout"] * 60 ;
} }
$idle_timeout = 0 ; $idle_timeout = 0 ;
...@@ -135,10 +135,18 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut ...@@ -135,10 +135,18 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
$idle_timeout = $attributes['idle_timeout'] ; $idle_timeout = $attributes['idle_timeout'] ;
} }
elseif ( is_numeric($config['captiveportal'][$cpzone]["idletimeout"]) ){ elseif ( is_numeric($config['captiveportal'][$cpzone]["idletimeout"]) ){
$idle_timeout = $config['captiveportal'][$cpzone]["idletimeout"]; // calculate to seconds for timeout parameters ( config in minutes )
$idle_timeout = $config['captiveportal'][$cpzone]["idletimeout"] * 60 ;
} }
$session_terminate_time = 0;
if ( array_key_exists("session_timeout",$attributes ) ) {
$session_terminate_time = $attributes['session_terminate_time'] ;
}
if ($attributes['voucher']) { if ($attributes['voucher']) {
$db = new OPNsense\CaptivePortal\DB($cpzone); $db = new OPNsense\CaptivePortal\DB($cpzone);
$clients = $db->listClients(array("username"=>$username), null, null); $clients = $db->listClients(array("username"=>$username), null, null);
...@@ -146,11 +154,11 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut ...@@ -146,11 +154,11 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
// user is already connected, disconnect old session // user is already connected, disconnect old session
$cpc->disconnect($cpzone, $client->sessionid); $cpc->disconnect($cpzone, $client->sessionid);
// calculate new session end time for this voucher // calculate new session end time for this voucher ( session connection time + timeout - now, correct with 1 second to trap exact cleanup hit)
$session_terminate_time = $client->allow_time + $client->session_timeout - time() ; $session_terminate_time = $client->allow_time + $client->session_timeout - time() - 1;
} }
if ($session_terminate_time <= 0) { if ($session_terminate_time < 0) {
// no time left for voucher // no time left for voucher
return 0; return 0;
} }
......
src/etc/inc/voucher.inc
View file @ f3d9e10b
...@@ -221,17 +221,6 @@ function voucher_expire($voucher_received) { ...@@ -221,17 +221,6 @@ function voucher_expire($voucher_received) {
$cpdb = new OPNsense\CaptivePortal\DB($cpzone); $cpdb = new OPNsense\CaptivePortal\DB($cpzone);
$cpc = new OPNsense\CaptivePortal\CPClient(); $cpc = new OPNsense\CaptivePortal\CPClient();
// XMLRPC Call over to the master Voucher node
if(!empty($config['voucher'][$cpzone]['vouchersyncdbip'])) {
$syncip = $config['voucher'][$cpzone]['vouchersyncdbip'];
$syncport = $config['voucher'][$cpzone]['vouchersyncport'];
$syncpass = $config['voucher'][$cpzone]['vouchersyncpass'];
$vouchersyncusername = $config['voucher'][$cpzone]['vouchersyncusername'];
xmlrpc_sync_voucher_expire($voucher_received, $syncip, $syncport, $syncpass, $vouchersyncusername);
}
$voucherlck = lock("voucher{$cpzone}", LOCK_EX);
// read rolls into assoc array with rollid as key and minutes as value // read rolls into assoc array with rollid as key and minutes as value
$tickets_per_roll = array(); $tickets_per_roll = array();
$minutes_per_roll = array(); $minutes_per_roll = array();
...@@ -316,7 +305,6 @@ function voucher_expire($voucher_received) { ...@@ -316,7 +305,6 @@ function voucher_expire($voucher_received) {
unset($cpdb); unset($cpdb);
unset($cpc); unset($cpc);
unlock($voucherlck);
return true; return true;
} }
...@@ -334,17 +322,6 @@ function voucher_auth($voucher_received, $test = 0) { ...@@ -334,17 +322,6 @@ function voucher_auth($voucher_received, $test = 0) {
if (!isset($config['voucher'][$cpzone]['enable'])) if (!isset($config['voucher'][$cpzone]['enable']))
return 0; return 0;
// XMLRPC Call over to the master Voucher node
if(!empty($config['voucher'][$cpzone]['vouchersyncdbip'])) {
$syncip = $config['voucher'][$cpzone]['vouchersyncdbip'];
$syncport = $config['voucher'][$cpzone]['vouchersyncport'];
$syncpass = $config['voucher'][$cpzone]['vouchersyncpass'];
$vouchersyncusername = $config['voucher'][$cpzone]['vouchersyncusername'];
$remote_time_used = xmlrpc_sync_used_voucher($voucher_received, $syncip, $syncport, $syncpass, $vouchersyncusername);
}
$voucherlck = lock("voucher{$cpzone}", LOCK_EX);
// read rolls into assoc array with rollid as key and minutes as value // read rolls into assoc array with rollid as key and minutes as value
$tickets_per_roll = array(); $tickets_per_roll = array();
$minutes_per_roll = array(); $minutes_per_roll = array();
...@@ -429,7 +406,6 @@ function voucher_auth($voucher_received, $test = 0) { ...@@ -429,7 +406,6 @@ function voucher_auth($voucher_received, $test = 0) {
} else { } else {
$test_result[] = sprintf(gettext("Access granted for %d Minutes in total."),$total_minutes); $test_result[] = sprintf(gettext("Access granted for %d Minutes in total."),$total_minutes);
} }
unlock($voucherlck);
return $test_result; return $test_result;
} }
...@@ -438,20 +414,11 @@ function voucher_auth($voucher_received, $test = 0) { ...@@ -438,20 +414,11 @@ function voucher_auth($voucher_received, $test = 0) {
// Discussion: we could return the time remaining for good vouchers, but then // Discussion: we could return the time remaining for good vouchers, but then
// the user wouldn't know that he used at least one invalid voucher. // the user wouldn't know that he used at least one invalid voucher.
if ($error) { if ($error) {
unlock($voucherlck);
if ($total_minutes > 0) // probably not needed, but want to make sure if ($total_minutes > 0) // probably not needed, but want to make sure
$total_minutes = 0; // we only report -1 (expired) or 0 (no access) $total_minutes = 0; // we only report -1 (expired) or 0 (no access)
return $total_minutes; // well, at least one voucher had errors. Say NO ACCESS return $total_minutes; // well, at least one voucher had errors. Say NO ACCESS
} }
// If we did a XMLRPC sync earlier check the timeleft
if (!empty($config['voucher'][$cpzone]['vouchersyncdbip'])) {
if (!is_null($remote_time_used))
$total_minutes = $remote_time_used;
else if ($remote_time_used < $total_minutes)
$total_minutes -= $remote_time_used;
}
// All given vouchers were valid and this isn't simply a test. // All given vouchers were valid and this isn't simply a test.
// Write back the used DB's // Write back the used DB's
if (is_array($bitstring)) { if (is_array($bitstring)) {
...@@ -482,7 +449,6 @@ function voucher_auth($voucher_received, $test = 0) { ...@@ -482,7 +449,6 @@ function voucher_auth($voucher_received, $test = 0) {
/* Triger a sync of the vouchers on config */ /* Triger a sync of the vouchers on config */
send_event("service sync vouchers"); send_event("service sync vouchers");
unlock($voucherlck);
return $total_minutes; return $total_minutes;
} }
......
src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php
View file @ f3d9e10b
...@@ -651,7 +651,7 @@ class CPClient { ...@@ -651,7 +651,7 @@ class CPClient {
// if session timeout is reached, disconnect // if session timeout is reached, disconnect
if (is_numeric($client->session_timeout) && $client->session_timeout > 0 ) { if (is_numeric($client->session_timeout) && $client->session_timeout > 0 ) {
if (((time() - $client->allow_time) / 60) > $client->session_timeout) { if (((time() - $client->allow_time) ) > $client->session_timeout) {
$this->disconnect($cpzonename, $client->sessionid); $this->disconnect($cpzonename, $client->sessionid);
$this->logportalauth($cpzonename, $client->username, $client->mac, $client->ip, $status="SESSION TIMEOUT"); $this->logportalauth($cpzonename, $client->username, $client->mac, $client->ip, $status="SESSION TIMEOUT");
continue; continue;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023