Captive portal: rework logging and RADIUS accounting when disabling a zone or rebooting

Make captiveportal_radius_stop_all() log the disconnections in the system log and fix it so that it works with the zone id parameter and sends complete RADIUS accounting packets.

Since several zones can share the same RADIUS server, send an Accounting-Off packet only when rebooting, not when disabling a zone.

(cherry picked from commit 3ece6d5404e0d4a53243d12e6b58793fad66dd5a)

2 files changed, 31 insertions, 28 deletions

diff --git a/src/etc/inc/captiveportal.inc b/src/etc/inc/captiveportal.inc
index 02ec3d8..bda2535 100644
--- a/src/etc/inc/captiveportal.inc
+++ b/src/etc/inc/captiveportal.inc
@@ -370,12 +370,7 @@ EOD;
 		@unlink("{$g['varetc_path']}/captiveportal-{$cpzone}-error.html");
 		@unlink("{$g['varetc_path']}/captiveportal-{$cpzone}-logout.html");
 
-		captiveportal_radius_stop_all();
-
-		/* send Accounting-Off to server */
-		if (!platform_booting()) {
-			captiveportal_send_server_accounting(true);
-		}
+		captiveportal_radius_stop_all(10); // NAS-Request
 
 		/* remove old information */
 		unlink_if_exists("{$g['vardb_path']}/captiveportal{$cpzone}.db");
@@ -1033,32 +1028,37 @@ function captiveportal_disconnect_all($term_cause = 6, $logoutReason = "DISCONNE
 }
 
 /* send RADIUS acct stop for all current clients */
-function captiveportal_radius_stop_all() {
-	global $config, $cpzone;
+function captiveportal_radius_stop_all($term_cause = 6, $logoutReason = "DISCONNECT") {
+	global $g, $config, $cpzone, $cpzoneid;
 
-	if (!isset($config['captiveportal'][$cpzone]['radacct_enable'])) {
-		return;
+	$cpdb = captiveportal_read_db();
+
+	$radacct = isset($config['captiveportal'][$cpzone]['radacct_enable']) ? true : false;
+	if ($radacct) {
+		$radiusservers = captiveportal_get_radius_servers();
 	}
 
-	$radiusservers = captiveportal_get_radius_servers();
-	if (!empty($radiusservers)) {
-		$cpdb = captiveportal_read_db();
-		foreach ($cpdb as $cpentry) {
-			if (empty($cpentry[11])) {
-				$cpentry[11] = 'first';
-			}
-			if (!empty($radiusservers[$cpentry[11]])) {
-				RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno
-					$cpentry[4], // username
-					$cpentry[5], // sessionid
-					$cpentry[0], // start time
-					$radiusservers[$cpentry[11]],
-					$cpentry[2], // clientip
-					$cpentry[3], // clientmac
-					7); // Admin Reboot
+	foreach ($cpdb as $cpentry) {
+		if ($radacct) {
+			if (!empty($radiusservers)) {
+				if (empty($cpentry[11])) {
+					$cpentry[11] = 'first';
+				}
+				if (!empty($radiusservers[$cpentry[11]])) {
+					RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno
+						$cpentry[4], // username
+						$cpentry[5], // sessionid
+						$cpentry[0], // start time
+						$radiusservers[$cpentry[11]],
+						$cpentry[2], // clientip
+						$cpentry[3], // clientmac
+						$term_cause);
+				}
 			}
 		}
+		captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], $logoutReason);
 	}
+	unset($cpdb);
 }
 
 function captiveportal_passthrumac_configure_entry($macent, $pipeinrule = false) {
diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index f905a72..93480e5 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -1954,13 +1954,16 @@ function system_reboot_sync() {
 }
 
 function system_reboot_cleanup() {
-	global $config, $cpzone;
+	global $config, $cpzone, $cpzoneid;
 
 	mwexec("/usr/local/bin/beep.sh stop");
 	require_once("captiveportal.inc");
 	if (is_array($config['captiveportal'])) {
 		foreach ($config['captiveportal'] as $cpzone=>$cp) {
-			captiveportal_radius_stop_all();
+			/* send Accounting-Stop packet for all clients, termination cause 'Admin-Reboot' */
+			$cpzoneid = $cp[zoneid];
+			captiveportal_radius_stop_all(7); // Admin-Reboot
+			/* Send Accounting-Off packet to the RADIUS server */
 			captiveportal_send_server_accounting(true);
 		}
 	}