diff options
author | Ermal <eri@pfsense.org> | 2012-11-14 10:27:23 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-11-14 10:27:23 +0000 |
commit | 522f1cc75cc5436acf4405d4f3d8999000db61db (patch) | |
tree | b14212742d76ede2376990d1c54795111c152370 /etc | |
parent | 7b2290139d7a52e2a77b76dcae6a524c1d959ecd (diff) | |
download | pfsense-522f1cc75cc5436acf4405d4f3d8999000db61db.zip pfsense-522f1cc75cc5436acf4405d4f3d8999000db61db.tar.gz |
Implement a pruning for auto added mac passthrough and vouchers. This allows to prune the added entries logged-in through vouchers
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/captiveportal.inc | 54 |
1 files changed, 53 insertions, 1 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 83c7efc..e5d2cca 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -820,6 +820,8 @@ function captiveportal_prune_old() { } } + captiveportal_prune_old_automac(); + if ($voucher_needs_sync == true) /* Triger a sync of the vouchers on config */ send_event("service sync vouchers"); @@ -829,6 +831,52 @@ function captiveportal_prune_old() { captiveportal_write_db($cpdb, false, $unsetindexes); } +function captiveportal_prune_old_automac() { + global $g, $config, $cpzone; + + if (is_array($config['captiveportal'][$cpzone]['passthrumac']) && isset($config['captiveportal'][$cpzone]['passthrumacaddusername'])) { + $tmpvoucherdb = array(); + $macrules = ""; + $writecfg = false; + foreach ($config['captiveportal'][$cpzone]['passthrumac'] as $eid => $emac) { + if ($emac['logintype'] == "voucher") { + if (isset($tmpvoucherdb[$emac['username']])) { + $temac = $config['captiveportal'][$cpzone]['passthrumac'][$tmpvoucherdb[$emac['username']]]; + $ruleno = captiveportal_get_ipfw_passthru_ruleno($temac['mac']); + if ($ruleno) { + captiveportal_free_ipfw_ruleno($ruleno, true); + $macrules .= "delete {$ruleno}"; + ++$ruleno; + $macrules .= "delete {$ruleno}"; + } + $writecfg = true; + captiveportal_logportalauth($temac['username'], $temac['mac'], $temac['ip'], "DUPLICATE {$temac['username']} LOGIN - TERMINATING OLD SESSION"); + unset($config['captiveportal'][$cpzone]['passthrumac'][$tmpvoucherdb[$emac['username']]]); + } + $tmpvoucherdb[$emac['username']] = $eid; + if (voucher_auth($emac['username']) <= 0) { + $ruleno = captiveportal_get_ipfw_passthru_ruleno($emac['mac']); + if ($ruleno) { + captiveportal_free_ipfw_ruleno($ruleno, true); + $macrules .= "delete {$ruleno}"; + ++$ruleno; + $macrules .= "delete {$ruleno}"; + } + $writecfg = true; + captiveportal_logportalauth($emac['username'], $emac['mac'], $emac['ip'], "EXPIRED {$emac['username']} LOGIN - TERMINATING SESSION"); + unset($config['captiveportal'][$cpzone]['passthrumac'][$eid]); + } + } + } + if (!empty($macrules)) { + @file_put_contents("{$g['tmp_path']}/macentry.prunerules.tmp", $macrules); + mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.prunerules.tmp"); + } + if ($writecfg === true) + write_config("Prune session for auto-added macs"); + } +} + /* remove a single client according to the DB entry */ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_time = null) { global $g, $config, $cpzone; @@ -1806,8 +1854,12 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut if ($passthrumac) { $mac = array(); $mac['mac'] = $clientmac; - if (isset($config['captiveportal'][$cpzone]['passthrumacaddusername'])) + $mac['ip'] = $clientip; /* Used only for logging */ + if (isset($config['captiveportal'][$cpzone]['passthrumacaddusername'])) { $mac['username'] = $username; + if ($attributes['voucher']) + $mac['logintype'] = "voucher"; + } $mac['descr'] = "Auto added pass-through MAC for user {$username}"; if (!empty($bw_up)) $mac['bw_up'] = $bw_up; |