diff options
| author | Chris Buechler <cmb@pfsense.org> | 2009-05-19 20:24:24 -0400 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2009-05-19 20:24:24 -0400 |
| commit | 8751763c6443c1ea453ecc4e7760bb2bcc9a048d (patch) | |
| tree | 90849990fea54126c1981195bbedfb05013b9d63 /etc/inc/captiveportal.inc | |
| parent | 03ef91efda425c0dff9fcca123f64e9c068724c7 (diff) | |
| download | pfsense-8751763c6443c1ea453ecc4e7760bb2bcc9a048d.zip pfsense-8751763c6443c1ea453ecc4e7760bb2bcc9a048d.tar.gz | |
merge Ermal's CP locking changes
Diffstat (limited to 'etc/inc/captiveportal.inc')
| -rw-r--r-- | etc/inc/captiveportal.inc | 114 |
1 files changed, 42 insertions, 72 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 462cbb55..b49db26 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -46,6 +46,8 @@ $lockfile = "{$g['varrun_path']}/captiveportal.lock"; function captiveportal_configure() { global $config, $g; + $captiveportallck = lock('captiveportal'); + if (isset($config['captiveportal']['enable']) && (($config['captiveportal']['interface'] == "lan") || isset($config['interfaces'][$config['captiveportal']['interface']]['enable']))) { @@ -81,7 +83,7 @@ function captiveportal_configure() { mwexec("kldload dummynet"); /* stop accounting on all clients */ - captiveportal_radius_stop_all(); + captiveportal_radius_stop_all(true); /* initialize minicron interval value */ $croninterval = $config['captiveportal']['croninterval'] ? $config['captiveportal']['croninterval'] : 60; @@ -229,9 +231,9 @@ EOD; "/etc/rc.prunecaptiveportal"); /* generate passthru mac database */ - captiveportal_passthrumac_configure(); + captiveportal_passthrumac_configure(true); /* create allowed ip database and insert ipfw rules to make it so */ - captiveportal_allowedip_configure(); + captiveportal_allowedip_configure(true); /* generate radius server database */ if ($config['captiveportal']['radiusip'] && (!isset($config['captiveportal']['auth_method']) || @@ -277,7 +279,7 @@ EOD; killbypid("{$g['varrun_path']}/lighty-CaptivePortal.pid"); killbypid("{$g['varrun_path']}/minicron.pid"); - captiveportal_radius_stop_all(); + captiveportal_radius_stop_all(true); mwexec("/sbin/sysctl net.link.ether.ipfw=0"); @@ -298,8 +300,7 @@ EOD; mwexec("/sbin/ipfw -f delete set 3"); } } - - captiveportal_unlock(); + unlock($captiveportallck); return 0; } @@ -458,7 +459,7 @@ function captiveportal_prune_old() { if (!$timeout && !$idletimeout && !isset($config['captiveportal']['reauthenticate']) && !isset($config['captiveportal']['radiussession_timeout'])) return; - captiveportal_lock(); + $captiveportallck = lock('captiveportal'); /* read database */ $cpdb = captiveportal_read_db(); @@ -585,7 +586,7 @@ function captiveportal_prune_old() { /* write database */ captiveportal_write_db($cpdb); - captiveportal_unlock(); + unlock($captiveportallck); } /* remove a single client according to the DB entry */ @@ -632,7 +633,7 @@ function captiveportal_disconnect_client($id,$term_cause = 1) { global $g, $config; - captiveportal_lock(); + $captiveportallck = lock('captiveportal'); /* read database */ $cpdb = captiveportal_read_db(); @@ -651,17 +652,19 @@ function captiveportal_disconnect_client($id,$term_cause = 1) { /* write database */ captiveportal_write_db($cpdb); - captiveportal_unlock(); + unlock($captiveportallck); } /* send RADIUS acct stop for all current clients */ -function captiveportal_radius_stop_all() { +function captiveportal_radius_stop_all($lock = false) { global $g, $config; if (!isset($config['captiveportal']['radacct_enable'])) return; - captiveportal_lock(); + if (!$lock) + $captiveportallck = lock('captiveportal'); + $cpdb = captiveportal_read_db(); $radiusservers = captiveportal_get_radius_servers(); @@ -680,13 +683,15 @@ function captiveportal_radius_stop_all() { 7); // Admin Reboot } } - captiveportal_unlock(); + if (!$lock) + unlock($captiveportallck); } -function captiveportal_passthrumac_configure() { +function captiveportal_passthrumac_configure($lock = false) { global $config, $g; - captiveportal_lock(); + if (!$lock) + $captiveportallck = lock('captiveportal'); /* clear out passthru macs, if necessary */ unlink_if_exists("{$g['vardb_path']}/captiveportal_mac.db"); @@ -696,7 +701,8 @@ function captiveportal_passthrumac_configure() { $fd = @fopen("{$g['vardb_path']}/captiveportal_mac.db", "w"); if (!$fd) { printf("Error: cannot open passthru mac DB file in captiveportal_passthrumac_configure().\n"); - captiveportal_unlock(); + if (!$lock) + unlock($captiveportallck); return 1; } @@ -725,16 +731,17 @@ function captiveportal_passthrumac_configure() { mwexec("/sbin/ipfw add 50 skipto 29900 ip from any to any MAC any {$ptm['mac']} keep-state"); } } - - captiveportal_unlock(); + if (!$lock) + unlock($captiveportallck); return 0; } -function captiveportal_allowedip_configure() { +function captiveportal_allowedip_configure($lock = false) { global $config, $g; - captiveportal_lock(); + if (!$lock) + $captiveportallck = lock('captiveportal'); /* clear out existing allowed ips, if necessary */ if (file_exists("{$g['vardb_path']}/captiveportal_ip.db")) { @@ -763,7 +770,8 @@ function captiveportal_allowedip_configure() { $fd = @fopen("{$g['vardb_path']}/captiveportal_ip.db", "w"); if (!$fd) { printf("Error: cannot open allowed ip DB file in captiveportal_allowedip_configure().\n"); - captiveportal_unlock(); + if (!$lock) + unlock($captiveportallck); return 1; } @@ -775,7 +783,8 @@ function captiveportal_allowedip_configure() { if (is_null($ruleno)) { printf("Error: system reached maximum login capacity, no free FW rulenos in captiveportal_allowedip_configure().\n"); fclose($fd); - captiveportal_unlock(); + if (!$lock) + unlock($captiveportallck); return 1; } @@ -796,7 +805,8 @@ function captiveportal_allowedip_configure() { fclose($fd); } - captiveportal_unlock(); + if (!$lock) + unlock($captiveportallck); return 0; } @@ -843,48 +853,6 @@ function captiveportal_get_radius_servers() { return false; } -/* lock captive portal information, decide that the lock file is stale after - 10 minutes and EXIT the process to not risk dataloss, issue warning in syslog every 1 minutes */ -function captiveportal_lock() { - - global $lockfile; - - $n = 1; - while ($n) { - /* open the lock file in append mode to avoid race condition */ - if ($fd = @fopen($lockfile, "x")) { - /* succeeded */ - fclose($fd); - if($n > 10) { - captiveportal_syslog("LOCKINFO: Waiting for lock for $n seconds/s!"); - } - return; - } else { - /* file locked, wait and try again */ - sleep(1); - - if(($n % 60) == 0) { - captiveportal_syslog("LOCKWARNING: waiting for lock for " . $n/60 . " minute/s!"); - if(($n % 600) == 0) { - captiveportal_syslog("LOCKERROR: waiting for lock for 10 minute/s - EXITING PROCESS!"); - die("Can't get a lock"); - } - } - } - $n++; - } - /* we never get here */ -} - -/* unlock captive portal information file */ -function captiveportal_unlock() { - - global $lockfile; - - if (file_exists($lockfile)) - unlink($lockfile); -} - /* log successful captive portal authentication to syslog */ /* part of this code from php.net */ function captiveportal_logportalauth($user,$mac,$ip,$status, $message = null) { @@ -912,16 +880,17 @@ function radius($username,$password,$clientip,$clientmac,$type) { global $g, $config; /* Start locking from the beginning of an authentication session */ - captiveportal_lock(); + $captiveportallck = lock('captiveportal'); $ruleno = captiveportal_get_next_ipfw_ruleno(); + unlock($captiveportallck); + /* if the pool is empty, return apprioriate message and fail authentication */ if (is_null($ruleno)) { $auth_list = array(); $auth_list['auth_val'] = 1; $auth_list['error'] = "System reached maximum login capacity"; - captiveportal_unlock(); return $auth_list; } @@ -934,6 +903,8 @@ function radius($username,$password,$clientip,$clientmac,$type) { $clientmac, $ruleno); + + $captiveportallck = lock('captiveportal'); if ($auth_list['auth_val'] == 2) { captiveportal_logportalauth($username,$clientmac,$clientip,$type); $sessionid = portal_allow($clientip, @@ -943,9 +914,8 @@ function radius($username,$password,$clientip,$clientmac,$type) { $auth_list, $ruleno); } - else { - captiveportal_unlock(); - } + + unlock($captiveportallck); return $auth_list; @@ -956,7 +926,7 @@ function captiveportal_read_db() { global $g; - $cpdb = array(); + $cpdb = array(); $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r"); if ($fd) { while (!feof($fd)) { @@ -1134,4 +1104,4 @@ function portal_mac_fixed($clientmac) { return FALSE ; } -?>
\ No newline at end of file +?> |
