Skip to content

O
OpnSense
Commit f4f6b83b authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

captive portal fixes

parent 5cfb7ab3
Hide whitespace changes
Inline Side-by-side
Showing with 83 additions and 59 deletions
src/etc/inc/captiveportal.inc
View file @ f4f6b83b
...@@ -35,10 +35,10 @@ ...@@ -35,10 +35,10 @@
via returned RADIUS attributes. This page has been modified to delete any via returned RADIUS attributes. This page has been modified to delete any
added rules which may have been created by other per-user code (index.php, etc). added rules which may have been created by other per-user code (index.php, etc).
These changes are (c) 2004 Keycom PLC. These changes are (c) 2004 Keycom PLC.
pfSense_BUILDER_BINARIES: /sbin/ipfw /sbin/route pfSense_BUILDER_BINARIES: /sbin/ipfw /sbin/route
pfSense_BUILDER_BINARIES: /usr/local/sbin/lighttpd /usr/local/bin/minicron /sbin/pfctl pfSense_BUILDER_BINARIES: /usr/local/sbin/lighttpd /usr/local/bin/minicron /sbin/pfctl
pfSense_BUILDER_BINARIES: /bin/hostname /bin/cp pfSense_BUILDER_BINARIES: /bin/hostname /bin/cp
pfSense_MODULE: captiveportal pfSense_MODULE: captiveportal
*/ */
...@@ -104,8 +104,9 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut ...@@ -104,8 +104,9 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut
global $cpzone ,$type,$g; global $cpzone ,$type,$g;
// Ensure we create an array if we are missing attributes // Ensure we create an array if we are missing attributes
if (!is_array($attributes)) if (!is_array($attributes)) {
$attributes = array(); $attributes = array();
}
// handle // handle
$dwfaultbw_up = isset($config['captiveportal'][$cpzone]['bwdefaultup']) ? $config['captiveportal'][$cpzone]['bwdefaultup'] : 0; $dwfaultbw_up = isset($config['captiveportal'][$cpzone]['bwdefaultup']) ? $config['captiveportal'][$cpzone]['bwdefaultup'] : 0;
...@@ -244,9 +245,9 @@ function get_default_captive_portal_html() { ...@@ -244,9 +245,9 @@ function get_default_captive_portal_html() {
global $config, $g, $cpzone; global $config, $g, $cpzone;
$htmltext = <<<EOD $htmltext = <<<EOD
<html> <html>
<body> <body>
<form method="post" action="\$PORTAL_ACTION\$"> <form method="post" action="\$PORTAL_ACTION\$">
<input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$"> <input name="redirurl" type="hidden" value="\$PORTAL_REDIRURL\$">
<input name="zone" type="hidden" value="\$PORTAL_ZONE\$"> <input name="zone" type="hidden" value="\$PORTAL_ZONE\$">
<center> <center>
...@@ -327,7 +328,7 @@ EOD; ...@@ -327,7 +328,7 @@ EOD;
</table> </table>
</center> </center>
</form> </form>
</body> </body>
</html> </html>
EOD; EOD;
...@@ -377,7 +378,7 @@ function captiveportal_configure_zone($cpcfg) { ...@@ -377,7 +378,7 @@ function captiveportal_configure_zone($cpcfg) {
global $config, $g, $cpzone, $cpzoneid; global $config, $g, $cpzone, $cpzoneid;
$captiveportallck = lock("captiveportal{$cpzone}", LOCK_EX); $captiveportallck = lock("captiveportal{$cpzone}", LOCK_EX);
if (isset($cpcfg['enable'])) { if (isset($cpcfg['enable'])) {
if ($g['booting']) { if ($g['booting']) {
...@@ -571,7 +572,7 @@ EOD; ...@@ -571,7 +572,7 @@ EOD;
} }
unlock($captiveportallck); unlock($captiveportallck);
return 0; return 0;
} }
...@@ -588,7 +589,7 @@ function captiveportal_init_webgui() { ...@@ -588,7 +589,7 @@ function captiveportal_init_webgui() {
function captiveportal_init_webgui_zonename($zone) { function captiveportal_init_webgui_zonename($zone) {
global $config, $cpzone; global $config, $cpzone;
if (isset($config['captiveportal'][$zone])) { if (isset($config['captiveportal'][$zone])) {
$cpzone = $zone; $cpzone = $zone;
captiveportal_init_webgui_zone($config['captiveportal'][$zone]); captiveportal_init_webgui_zone($config['captiveportal'][$zone]);
...@@ -638,7 +639,7 @@ function captiveportal_init_webgui_zone($cpcfg) { ...@@ -638,7 +639,7 @@ function captiveportal_init_webgui_zone($cpcfg) {
} }
/* /*
* Remove clients that have been around for longer than the specified amount of time * Remove clients that have been around for longer than the specified amount of time
* db file structure: * db file structure:
* timestamp,ipfw_rule_no,clientip,clientmac,username,sessionid,password,session_timeout,idle_timeout,session_terminate_time,interim_interval * timestamp,ipfw_rule_no,clientip,clientmac,username,sessionid,password,session_timeout,idle_timeout,session_terminate_time,interim_interval
...@@ -660,7 +661,7 @@ function captiveportal_prune_old() { ...@@ -660,7 +661,7 @@ function captiveportal_prune_old() {
}else{ }else{
// cleanup sessions if radius accounting is enable // cleanup sessions if radius accounting is enable
// TODO: this code needs a rewrite, probably the easiest thing todo is update the zone administration and run // TODO: this code needs a rewrite, probably the easiest thing todo is update the zone administration and run
// the normal cleanup (portal_cleanup_sessions) to detach both processes // the normal cleanup (portal_cleanup_sessions) to detach both processes
// //
$vcpcfg = $config['voucher'][$cpzone]; $vcpcfg = $config['voucher'][$cpzone];
...@@ -931,7 +932,7 @@ function captiveportal_init_radius_servers() { ...@@ -931,7 +932,7 @@ function captiveportal_init_radius_servers() {
fwrite($fd,"\n" . $radiusip3 . "," . $radiusport3 . "," . $radiusacctport . "," . $radiuskey3 . ",second"); fwrite($fd,"\n" . $radiusip3 . "," . $radiusport3 . "," . $radiusacctport . "," . $radiuskey3 . ",second");
if (isset($radiusip4)) if (isset($radiusip4))
fwrite($fd,"\n" . $radiusip4 . "," . $radiusport4 . "," . $radiusacctport . "," . $radiuskey4 . ",second"); fwrite($fd,"\n" . $radiusip4 . "," . $radiusport4 . "," . $radiusacctport . "," . $radiuskey4 . ",second");
fclose($fd); fclose($fd);
unlock($cprdsrvlck); unlock($cprdsrvlck);
...@@ -945,7 +946,7 @@ function captiveportal_get_radius_servers() { ...@@ -945,7 +946,7 @@ function captiveportal_get_radius_servers() {
$cprdsrvlck = lock("captiveportalradius{$cpzone}"); $cprdsrvlck = lock("captiveportalradius{$cpzone}");
if (file_exists("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db")) { if (file_exists("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db")) {
$radiusservers = array(); $radiusservers = array();
$cpradiusdb = file("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db", $cpradiusdb = file("{$g['vardb_path']}/captiveportal_radius_{$cpzone}.db",
FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
if ($cpradiusdb) { if ($cpradiusdb) {
foreach($cpradiusdb as $cpradiusentry) { foreach($cpradiusdb as $cpradiusentry) {
...@@ -1042,7 +1043,7 @@ function radius($username,$password,$clientip,$clientmac,$type, $radiusctx = nul ...@@ -1042,7 +1043,7 @@ function radius($username,$password,$clientip,$clientmac,$type, $radiusctx = nul
function captiveportal_write_elements() { function captiveportal_write_elements() {
global $g, $config, $cpzone; global $g, $config, $cpzone;
$cpcfg = $config['captiveportal'][$cpzone]; $cpcfg = $config['captiveportal'][$cpzone];
if (!is_dir($g['captiveportal_element_path'])) if (!is_dir($g['captiveportal_element_path']))
...@@ -1060,7 +1061,7 @@ function captiveportal_write_elements() { ...@@ -1060,7 +1061,7 @@ function captiveportal_write_elements() {
} }
conf_mount_ro(); conf_mount_ro();
} }
return 0; return 0;
} }
...@@ -1182,8 +1183,8 @@ function captiveportal_get_next_ipfw_ruleno($rulenos_start = 2, $rulenos_range_m ...@@ -1182,8 +1183,8 @@ function captiveportal_get_next_ipfw_ruleno($rulenos_start = 2, $rulenos_range_m
$rules[$ridx] = $cpzone; $rules[$ridx] = $cpzone;
break; break;
} else { } else {
/* /*
* This allows our traffic shaping pipes to be the in pipe the same as ruleno * This allows our traffic shaping pipes to be the in pipe the same as ruleno
* and the out pipe ruleno + 1. * and the out pipe ruleno + 1.
*/ */
$ridx += 2; $ridx += 2;
...@@ -1310,7 +1311,7 @@ function getNasIP() ...@@ -1310,7 +1311,7 @@ function getNasIP()
else else
$nasIp = get_interface_ip($config['captiveportal'][$cpzone]['radiussrcip_attribute']); $nasIp = get_interface_ip($config['captiveportal'][$cpzone]['radiussrcip_attribute']);
} }
if(!is_ipaddr($nasIp)) if(!is_ipaddr($nasIp))
$nasIp = "0.0.0.0"; $nasIp = "0.0.0.0";
...@@ -1344,9 +1345,9 @@ function portal_ip_from_client_ip($cliip) { ...@@ -1344,9 +1345,9 @@ function portal_ip_from_client_ip($cliip) {
} }
// doesn't match up to any particular interface // doesn't match up to any particular interface
// so let's set the portal IP to what PHP says // so let's set the portal IP to what PHP says
// the server IP issuing the request is. // the server IP issuing the request is.
// allows same behavior as 1.2.x where IP isn't // allows same behavior as 1.2.x where IP isn't
// in the subnet of any CP interface (static routes, etc.) // in the subnet of any CP interface (static routes, etc.)
// rather than forcing to DNS hostname resolution // rather than forcing to DNS hostname resolution
$ip = $_SERVER['SERVER_ADDR']; $ip = $_SERVER['SERVER_ADDR'];
...@@ -1364,7 +1365,7 @@ function portal_hostname_from_client_ip($cliip) { ...@@ -1364,7 +1365,7 @@ function portal_hostname_from_client_ip($cliip) {
if (isset($cpcfg['httpslogin'])) { if (isset($cpcfg['httpslogin'])) {
$listenporthttps = $cpcfg['listenporthttps'] ? $cpcfg['listenporthttps'] : ($cpcfg['zoneid'] + 8001); $listenporthttps = $cpcfg['listenporthttps'] ? $cpcfg['listenporthttps'] : ($cpcfg['zoneid'] + 8001);
$ourhostname = $cpcfg['httpsname']; $ourhostname = $cpcfg['httpsname'];
if ($listenporthttps != 443) if ($listenporthttps != 443)
$ourhostname .= ":" . $listenporthttps; $ourhostname .= ":" . $listenporthttps;
} else { } else {
...@@ -1374,11 +1375,11 @@ function portal_hostname_from_client_ip($cliip) { ...@@ -1374,11 +1375,11 @@ function portal_hostname_from_client_ip($cliip) {
$ourhostname = "{$config['system']['hostname']}.{$config['system']['domain']}"; $ourhostname = "{$config['system']['hostname']}.{$config['system']['domain']}";
else else
$ourhostname = (is_ipaddrv6($ifip)) ? "[{$ifip}]" : "{$ifip}"; $ourhostname = (is_ipaddrv6($ifip)) ? "[{$ifip}]" : "{$ifip}";
if ($listenporthttp != 80) if ($listenporthttp != 80)
$ourhostname .= ":" . $listenporthttp; $ourhostname .= ":" . $listenporthttp;
} }
return $ourhostname; return $ourhostname;
} }
...@@ -1416,7 +1417,7 @@ function portal_reply_page($redirurl, $type = null, $message = null, $clientmac ...@@ -1416,7 +1417,7 @@ function portal_reply_page($redirurl, $type = null, $message = null, $clientmac
$htmltext = str_replace("\$CLIENT_MAC\$", htmlspecialchars($clientmac), $htmltext); $htmltext = str_replace("\$CLIENT_MAC\$", htmlspecialchars($clientmac), $htmltext);
$htmltext = str_replace("\$CLIENT_IP\$", htmlspecialchars($clientip), $htmltext); $htmltext = str_replace("\$CLIENT_IP\$", htmlspecialchars($clientip), $htmltext);
// Special handling case for captive portal master page so that it can be ran // Special handling case for captive portal master page so that it can be ran
// through the PHP interpreter using the include method above. We convert the // through the PHP interpreter using the include method above. We convert the
// $VARIABLE$ case to #VARIABLE# in /usr/local/etc/inc/captiveportal.inc before writing out. // $VARIABLE$ case to #VARIABLE# in /usr/local/etc/inc/captiveportal.inc before writing out.
$htmltext = str_replace("#PORTAL_ZONE#", htmlspecialchars($cpzone), $htmltext); $htmltext = str_replace("#PORTAL_ZONE#", htmlspecialchars($cpzone), $htmltext);
......
src/etc/inc/voucher.inc
View file @ f4f6b83b
...@@ -4,17 +4,17 @@ ...@@ -4,17 +4,17 @@
Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
Copyright (C) 2007 Marcel Wiget <mwiget@mac.com> Copyright (C) 2007 Marcel Wiget <mwiget@mac.com>
All rights reserved. All rights reserved.
Redistribution and use in source and binary forms, with or without Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met: modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, 1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer. this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright 2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution. documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
...@@ -243,7 +243,7 @@ function voucher_expire($voucher_received) { ...@@ -243,7 +243,7 @@ function voucher_expire($voucher_received) {
} }
// split into an array. Useful for multiple vouchers given // split into an array. Useful for multiple vouchers given
$a_vouchers_received = preg_split("/[\t\n\r ]+/s", $voucher_received); $a_vouchers_received = preg_split("/[\t\n\r ]+/s", $voucher_received);
$active_dirty = false; $active_dirty = false;
// go through all received vouchers, check their valid and extract // go through all received vouchers, check their valid and extract
...@@ -257,9 +257,9 @@ function voucher_expire($voucher_received) { ...@@ -257,9 +257,9 @@ function voucher_expire($voucher_received) {
$_gb = exec("/usr/local/bin/voucher -c {$g['varetc_path']}/voucher_{$cpzone}.cfg -k {$g['varetc_path']}/voucher_{$cpzone}.public -- $v", $output); $_gb = exec("/usr/local/bin/voucher -c {$g['varetc_path']}/voucher_{$cpzone}.cfg -k {$g['varetc_path']}/voucher_{$cpzone}.public -- $v", $output);
list($status, $roll, $nr) = explode(" ", $output[0]); list($status, $roll, $nr) = explode(" ", $output[0]);
if ($status == "OK") { if ($status == "OK") {
// check if we have this ticket on a registered roll for this ticket // check if we have this ticket on a registered roll for this ticket
if ($tickets_per_roll[$roll] && ($nr <= $tickets_per_roll[$roll])) { if ($tickets_per_roll[$roll] && ($nr <= $tickets_per_roll[$roll])) {
// voucher is from a registered roll. // voucher is from a registered roll.
if (!isset($active_vouchers[$roll])) if (!isset($active_vouchers[$roll]))
$active_vouchers[$roll] = voucher_read_active_db($roll); $active_vouchers[$roll] = voucher_read_active_db($roll);
// valid voucher. Store roll# and ticket# // valid voucher. Store roll# and ticket#
...@@ -321,7 +321,7 @@ function voucher_expire($voucher_received) { ...@@ -321,7 +321,7 @@ function voucher_expire($voucher_received) {
return true; return true;
} }
/* /*
* Authenticate a voucher and return the remaining time credit in minutes * Authenticate a voucher and return the remaining time credit in minutes
* if $test is set, don't mark the voucher as used nor add it to the list * if $test is set, don't mark the voucher as used nor add it to the list
* of active vouchers * of active vouchers
...@@ -356,7 +356,7 @@ function voucher_auth($voucher_received, $test = 0) { ...@@ -356,7 +356,7 @@ function voucher_auth($voucher_received, $test = 0) {
} }
// split into an array. Useful for multiple vouchers given // split into an array. Useful for multiple vouchers given
$a_vouchers_received = preg_split("/[\t\n\r ]+/s", $voucher_received); $a_vouchers_received = preg_split("/[\t\n\r ]+/s", $voucher_received);
$error = 0; $error = 0;
$test_result = array(); // used to display for voucher test option in GUI $test_result = array(); // used to display for voucher test option in GUI
$total_minutes = 0; $total_minutes = 0;
...@@ -378,9 +378,9 @@ function voucher_auth($voucher_received, $test = 0) { ...@@ -378,9 +378,9 @@ function voucher_auth($voucher_received, $test = 0) {
$first_voucher = $voucher; $first_voucher = $voucher;
$first_voucher_roll = $roll; $first_voucher_roll = $roll;
} }
// check if we have this ticket on a registered roll for this ticket // check if we have this ticket on a registered roll for this ticket
if ($tickets_per_roll[$roll] && ($nr <= $tickets_per_roll[$roll])) { if ($tickets_per_roll[$roll] && ($nr <= $tickets_per_roll[$roll])) {
// voucher is from a registered roll. // voucher is from a registered roll.
if (!isset($active_vouchers[$roll])) if (!isset($active_vouchers[$roll]))
$active_vouchers[$roll] = voucher_read_active_db($roll); $active_vouchers[$roll] = voucher_read_active_db($roll);
// valid voucher. Store roll# and ticket# // valid voucher. Store roll# and ticket#
...@@ -448,7 +448,7 @@ function voucher_auth($voucher_received, $test = 0) { ...@@ -448,7 +448,7 @@ function voucher_auth($voucher_received, $test = 0) {
if (!empty($config['voucher'][$cpzone]['vouchersyncdbip'])) { if (!empty($config['voucher'][$cpzone]['vouchersyncdbip'])) {
if (!is_null($remote_time_used)) if (!is_null($remote_time_used))
$total_minutes = $remote_time_used; $total_minutes = $remote_time_used;
else if ($remote_time_used < $total_minutes) else if ($remote_time_used < $total_minutes)
$total_minutes -= $remote_time_used; $total_minutes -= $remote_time_used;
} }
...@@ -572,7 +572,7 @@ function voucher_configure_zone($sync = false) { ...@@ -572,7 +572,7 @@ function voucher_configure_zone($sync = false) {
return 0; return 0;
} }
/* write bitstring of used vouchers to ramdisk. /* write bitstring of used vouchers to ramdisk.
* Bitstring must already be base64_encoded! * Bitstring must already be base64_encoded!
*/ */
function voucher_write_used_db($roll, $vdb) { function voucher_write_used_db($roll, $vdb) {
...@@ -587,7 +587,7 @@ function voucher_write_used_db($roll, $vdb) { ...@@ -587,7 +587,7 @@ function voucher_write_used_db($roll, $vdb) {
} }
/* return assoc array of active vouchers with activation timestamp /* return assoc array of active vouchers with activation timestamp
* voucher is index. * voucher is index.
*/ */
function voucher_read_active_db($roll) { function voucher_read_active_db($roll) {
global $g, $cpzone; global $g, $cpzone;
...@@ -642,7 +642,7 @@ function voucher_used_count($roll) { ...@@ -642,7 +642,7 @@ function voucher_used_count($roll) {
$max = strlen($bitstring) * 8; $max = strlen($bitstring) * 8;
$used = 0; $used = 0;
for ($i = 1; $i <= $max; $i++) { for ($i = 1; $i <= $max; $i++) {
// check if ticket already used or not. // check if ticket already used or not.
$pos = $i >> 3; // divide by 8 -> octet $pos = $i >> 3; // divide by 8 -> octet
$mask = 1 << ($i % 8); // mask to test bit in octet $mask = 1 << ($i % 8); // mask to test bit in octet
if (ord($bitstring[$pos]) & $mask) if (ord($bitstring[$pos]) & $mask)
...@@ -701,7 +701,7 @@ function voucher_save_db_to_config() { ...@@ -701,7 +701,7 @@ function voucher_save_db_to_config() {
function voucher_save_db_to_config_zone() { function voucher_save_db_to_config_zone() {
global $config, $g, $cpzone; global $config, $g, $cpzone;
if (!isset($config['voucher'][$cpzone]['enable'])) if (!isset($config['voucher'][$cpzone]['enable']))
return; // no vouchers or don't want to save DB's return; // no vouchers or don't want to save DB's
......
src/opnsense/mvc/app/models/OPNsense/CaptivePortal/ARP.php
View file @ f4f6b83b
...@@ -109,4 +109,4 @@ class ARP ...@@ -109,4 +109,4 @@ class ARP
} }
} }
\ No newline at end of file
src/opnsense/mvc/app/models/OPNsense/CaptivePortal/CPClient.php
View file @ f4f6b83b
...@@ -58,7 +58,7 @@ class CPClient { ...@@ -58,7 +58,7 @@ class CPClient {
/** /**
* link to shell object * link to shell object
* @var \Core\Shell * @var Core\Shell
*/ */
private $shell = null; private $shell = null;
...@@ -71,10 +71,10 @@ class CPClient { ...@@ -71,10 +71,10 @@ class CPClient {
* @param $ip * @param $ip
* @param string $message * @param string $message
*/ */
private function logportalauth($user,$mac,$ip,$status,$message=""){ private function logportalauth($cpzonename, $user, $mac, $ip, $status, $message=""){
$message = trim($message); $message = trim($message);
$message = "{$status}: {$user}, {$mac}, {$ip}, {$message}"; $message = "Zone : {$cpzonename} {$status}: {$user}, {$mac}, {$ip}, {$message}";
$logger = new \Phalcon\Logger\Adapter\Syslog("logportalauth", array( $logger = new \Phalcon\Logger\Adapter\Syslog("logportalauth", array(
'option' => LOG_PID, 'option' => LOG_PID,
...@@ -83,6 +83,7 @@ class CPClient { ...@@ -83,6 +83,7 @@ class CPClient {
$logger->info($message); $logger->info($message);
} }
/** /**
* Request new pipeno * Request new pipeno
* @return int * @return int
...@@ -134,13 +135,30 @@ class CPClient { ...@@ -134,13 +135,30 @@ class CPClient {
} }
} }
/**
* load accounting rules into ruleset, used for reinitialisation of the ruleset.
* triggers add_accounting() for all active clients in all zones
*/
private function loadAccounting()
{
foreach ($this->config->object()->captiveportal->children() as $cpzonename => $zone)
{
$db = new DB($cpzonename);
foreach ($db->listClients(array()) as $client)
{
$this->add_accounting($zone->zoneid, $client->ip) ;
}
unset($db);
}
}
/** /**
* *
* @param $zoneid * @param $zoneid
* @param $ip * @param $ip
*/ */
public function add_accounting($zoneid,$ip){ public function add_accounting($zoneid,$ip){
// TODO: check speed, this might need some improvement // TODO: check processing speed, this might need some improvement
// check if our ip is already in the list and collect first free rule number to place it there if necessary // check if our ip is already in the list and collect first free rule number to place it there if necessary
$shell_output=array(); $shell_output=array();
$this->shell->exec("/sbin/ipfw show",false,false,$shell_output); $this->shell->exec("/sbin/ipfw show",false,false,$shell_output);
...@@ -227,7 +245,7 @@ class CPClient { ...@@ -227,7 +245,7 @@ class CPClient {
*/ */
function __construct() { function __construct() {
// Request handle to configuration // Request handle to configuration
$this->config = \Core\Config::getInstance(); $this->config = Core\Config::getInstance();
// generate new ruleset // generate new ruleset
$this->rules = new Rules(); $this->rules = new Rules();
// keep a link to the shell object // keep a link to the shell object
...@@ -246,6 +264,9 @@ class CPClient { ...@@ -246,6 +264,9 @@ class CPClient {
// update tables // update tables
$this->update(); $this->update();
// after reinit all accounting rules are vanished, reapply them for active sessions
$this->loadAccounting();
} }
/** /**
...@@ -552,7 +573,7 @@ class CPClient { ...@@ -552,7 +573,7 @@ class CPClient {
$this->reset_bandwidth($pipeno_in,$bw_down); $this->reset_bandwidth($pipeno_in,$bw_down);
// log // log
$this->logportalauth($username,$clientmac,$clientip,$status="LOGIN"); $this->logportalauth($cpzonename, $username, $clientmac, $clientip, $status="LOGIN");
// cleanup // cleanup
unset($db); unset($db);
...@@ -576,7 +597,6 @@ class CPClient { ...@@ -576,7 +597,6 @@ class CPClient {
} }
} }
/** /**
* flush zone (null flushes all zones) * flush zone (null flushes all zones)
* @param null $zone * @param null $zone
...@@ -633,7 +653,7 @@ class CPClient { ...@@ -633,7 +653,7 @@ class CPClient {
if (is_numeric($client->session_timeout) && $client->session_timeout > 0 ) { if (is_numeric($client->session_timeout) && $client->session_timeout > 0 ) {
if (((time() - $client->allow_time) / 60) > $client->session_timeout) { if (((time() - $client->allow_time) / 60) > $client->session_timeout) {
$this->disconnect($cpzonename, $client->sessionid); $this->disconnect($cpzonename, $client->sessionid);
$this->logportalauth($client->username,$client->mac,$client->ip,$status="SESSION TIMEOUT"); $this->logportalauth($cpzonename, $client->username, $client->mac, $client->ip, $status="SESSION TIMEOUT");
continue; continue;
} }
} }
...@@ -642,7 +662,7 @@ class CPClient { ...@@ -642,7 +662,7 @@ class CPClient {
if (is_numeric($client->idle_timeout) && $client->idle_timeout > 0 && $idle_time > 0) { if (is_numeric($client->idle_timeout) && $client->idle_timeout > 0 && $idle_time > 0) {
if ($idle_time > $client->idle_timeout) { if ($idle_time > $client->idle_timeout) {
$this->disconnect($cpzonename, $client->sessionid); $this->disconnect($cpzonename, $client->sessionid);
$this->logportalauth($client->username,$client->mac,$client->ip,$status="IDLE TIMEOUT"); $this->logportalauth($cpzonename, $client->username, $client->mac, $client->ip, $status="IDLE TIMEOUT");
continue; continue;
} }
} }
...@@ -650,7 +670,7 @@ class CPClient { ...@@ -650,7 +670,7 @@ class CPClient {
// disconnect on session terminate time // disconnect on session terminate time
if ( is_numeric($client->session_terminate_time) && $client->session_terminate_time > 0 && $client->session_terminate_time < time()) { if ( is_numeric($client->session_terminate_time) && $client->session_terminate_time > 0 && $client->session_terminate_time < time()) {
$this->disconnect($cpzonename, $client->sessionid); $this->disconnect($cpzonename, $client->sessionid);
$this->logportalauth($client->username,$client->mac,$client->ip,$status="TERMINATE TIME REACHED"); $this->logportalauth($cpzonename, $client->username, $client->mac, $client->ip, $status="TERMINATE TIME REACHED");
continue; continue;
} }
} }
......
src/opnsense/mvc/app/models/OPNsense/CaptivePortal/DB.php
View file @ f4f6b83b
...@@ -384,4 +384,4 @@ class DB { ...@@ -384,4 +384,4 @@ class DB {
} }
\ No newline at end of file
src/opnsense/mvc/app/models/OPNsense/CaptivePortal/Rules.php
View file @ f4f6b83b
...@@ -33,6 +33,7 @@ ...@@ -33,6 +33,7 @@
namespace OPNsense\CaptivePortal; namespace OPNsense\CaptivePortal;
use OPNsense\Core;
/** /**
* Class Rules * Class Rules
...@@ -59,7 +60,7 @@ class Rules { ...@@ -59,7 +60,7 @@ class Rules {
function __construct() function __construct()
{ {
// Request handle to configuration // Request handle to configuration
$this->config = \Core\Config::getInstance(); $this->config = Core\Config::getInstance();
} }
...@@ -130,6 +131,8 @@ class Rules { ...@@ -130,6 +131,8 @@ class Rules {
$this->rules[] = "#========================================================================================================="; $this->rules[] = "#=========================================================================================================";
foreach( $this->config->object()->interfaces->children() as $interface => $content ){ foreach( $this->config->object()->interfaces->children() as $interface => $content ){
if ( $interface != "wan" && $content->ipaddr != "dhcp" ){ if ( $interface != "wan" && $content->ipaddr != "dhcp" ){
// only keep state of dns traffic to prevent dns resolver failures
$this->rules[] = "add ".$rulenum++." allow udp from any to ".$content->ipaddr." dst-port 53 keep-state in";
$this->rules[] = "add ".$rulenum++." allow ip from any to { 255.255.255.255 or ".$content->ipaddr." } in"; $this->rules[] = "add ".$rulenum++." allow ip from any to { 255.255.255.255 or ".$content->ipaddr." } in";
$this->rules[] = "add ".$rulenum++." allow ip from { 255.255.255.255 or ".$content->ipaddr." } to any out"; $this->rules[] = "add ".$rulenum++." allow ip from { 255.255.255.255 or ".$content->ipaddr." } to any out";
$this->rules[] = "add ".$rulenum++." allow icmp from { 255.255.255.255 or ".$content->ipaddr." } to any out icmptypes 0"; $this->rules[] = "add ".$rulenum++." allow icmp from { 255.255.255.255 or ".$content->ipaddr." } to any out icmptypes 0";
...@@ -318,4 +321,4 @@ class Rules { ...@@ -318,4 +321,4 @@ class Rules {
file_put_contents($filename,$ruleset_txt); file_put_contents($filename,$ruleset_txt);
} }
} }
\ No newline at end of file
src/opnsense/mvc/app/models/OPNsense/Core/Shell.php
View file @ f4f6b83b
...@@ -123,4 +123,4 @@ class Shell ...@@ -123,4 +123,4 @@ class Shell
} }
} }
\ No newline at end of file
src/www/status_captiveportal.php
View file @ f4f6b83b
...@@ -200,7 +200,7 @@ $mac_man = load_mac_manufacturer_table(); ...@@ -200,7 +200,7 @@ $mac_man = load_mac_manufacturer_table();
<td class="listr" colspan="2"></td> <td class="listr" colspan="2"></td>
<?php endif; ?> <?php endif; ?>
<td valign="middle" class="list nowrap"> <td valign="middle" class="list nowrap">
<a href="?zone=<?=$cpzone;?>&amp;order=<?=$_GET['order'];?>&amp;showact=<?=htmlspecialchars($_GET['showact']);?>&amp;act=del&amp;id=<?=$cpent->username;?>" onclick="return confirm('<?=gettext("Do you really want to disconnect this client?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("Disconnect");?>"></a> <a href="?zone=<?=$cpzone;?>&amp;order=<?=$_GET['order'];?>&amp;showact=<?=htmlspecialchars($_GET['showact']);?>&amp;act=del&amp;id=<?=$cpent->sessionid;?>" onclick="return confirm('<?=gettext("Do you really want to disconnect this client?");?>')"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" title="<?=gettext("Disconnect");?>"></a>
</td> </td>
</tr> </tr>
<?php endforeach; endif; ?> <?php endforeach; endif; ?>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023