diff options
author | jim-p <jimp@pfsense.org> | 2012-05-25 16:33:29 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-05-25 16:42:07 -0400 |
commit | 6e0b68bfdea29b2943b6f104373f43cc56537bd8 (patch) | |
tree | 5e77d90dfae59d83ad19c582bb11ef4e0dd9269e /etc | |
parent | 88810240a035b973a818453181addcc307f7794b (diff) | |
download | pfsense-6e0b68bfdea29b2943b6f104373f43cc56537bd8.zip pfsense-6e0b68bfdea29b2943b6f104373f43cc56537bd8.tar.gz |
List logged-in IPsec xauth users and provide a mechanism to disconnect them. Implements #1986
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/ipsec.inc | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/etc/inc/ipsec.inc b/etc/inc/ipsec.inc index 867081f..08d66e4 100644 --- a/etc/inc/ipsec.inc +++ b/etc/inc/ipsec.inc @@ -497,6 +497,37 @@ function ipsec_dump_sad() return $sad; } +/* + * Return dump of mobile user list + */ +function ipsec_dump_mobile() { + $command = "/usr/local/sbin/racoonctl show-users"; + $fd = @popen($command, "r"); + $mobile = array(); + if ($fd) { + while (!feof($fd)) { + $user = array(); + $line = chop(fgets($fd)); + if (!$line) + continue; + if ($line == "User|Source|Destination|CreatedOn|SPI") + continue; + + // jim|192.168.20.243:4500|192.168.20.5:24146|2012-05-25 09:54:39|989d10e1e2d4eca4:7243830d5fd2afe7 + $linea = explode("|", trim($line)); + $user['username'] = $linea[0]; + $user['local'] = $linea[1]; + $user['remote'] = $linea[2]; + $user['logintime'] = $linea[3]; + $user['spi'] = $linea[4]; + $mobile[] = $user; + } + pclose($fd); + } + + return $mobile; +} + function ipsec_mobilekey_sort() { global $config; @@ -524,4 +555,10 @@ function ipsec_get_number_of_phase2($ikeid) { return $nbph2; } +function ipsec_disconnect_mobile($username) { + if (empty($username)) + return false; + exec("/usr/local/sbin/racoonctl logout-user " . escapeshellarg($username)); +} + ?> |