diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/captiveportal.inc | 38 | ||||
-rw-r--r-- | etc/inc/voucher.inc | 6 | ||||
-rwxr-xr-x | etc/rc.update_bogons.sh | 6 |
3 files changed, 31 insertions, 19 deletions
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 1593261..69b2b9b 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -873,17 +873,19 @@ function captiveportal_disconnect_client($sessionid, $term_cause = 1, $logoutRea $radiusservers = captiveportal_get_radius_servers(); /* read database */ - $cpentry = captiveportal_read_db("WHERE sessionid = '{$sessionid}'"); + $result = captiveportal_read_db("WHERE sessionid = '{$sessionid}'"); /* find entry */ - if (!empty($cpentry)) { + if (!empty($result)) { captiveportal_write_db("DELETE FROM captiveportal WHERE sessionid = '{$sessionid}'"); - if (empty($cpentry[10])) - $cpentry[10] = 'first'; - captiveportal_disconnect($cpentry, $radiusservers[$cpentry[10]], $term_cause); - captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "DISCONNECT"); - unset($cpentry); + foreach ($result as $cpentry) { + if (empty($cpentry[10])) + $cpentry[10] = 'first'; + captiveportal_disconnect($cpentry, $radiusservers[$cpentry[10]], $term_cause); + captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "DISCONNECT"); + } + unset($result); } } @@ -1217,7 +1219,7 @@ function captiveportal_opendb() { else { $errormsg = ""; $DB = @sqlite_open("{$g['vardb_path']}/captiveportal{$cpzone}.db"); - if (@sqlite_exec($DB, "CREATE TABLE captiveportal (allow_time INTEGER, ruleno INTEGER, ip TEXT, mac TEXT, username TEXT, sessionid TEXT, bpassword TEXT, session_timeout INTEGER, idle_timeout INTEGER, session_terminate_time INTEGER) ", $errormsg)) { + if (@sqlite_exec($DB, "CREATE TABLE captiveportal (allow_time INTEGER, pipeno INTEGER, ip TEXT, mac TEXT, username TEXT, sessionid TEXT, bpassword TEXT, session_timeout INTEGER, idle_timeout INTEGER, session_terminate_time INTEGER) ", $errormsg)) { @sqlite_exec($DB, "CREATE UNIQUE INDEX idx_active ON captiveportal (sessionid, username)"); @sqlite_exec($DB, "CREATE INDEX user ON captiveportal (username)"); @sqlite_exec($DB, "CREATE INDEX ip ON captiveportal (ip)"); @@ -1256,8 +1258,8 @@ function captiveportal_remove_entries($remove) { if (!is_array($remove) || empty($remove)) return; - $query = "DELETE FROM captiveportal WHERE sessiondid in ("; - foreach($remove as $idx => $rid) { + $query = "DELETE FROM captiveportal WHERE sessionid in ("; + foreach($remove as $idx => $unindex) { $query .= "'{$unindex}'"; if ($idx < (count($remove) - 1)) $query .= ","; @@ -1361,7 +1363,7 @@ function captiveportal_free_dn_ruleno($ruleno) { global $config, $g; $cpruleslck = lock("captiveportalrulesdn", LOCK_EX); - if (file_exists("{$g['vardb_path']}/captiveportal_{$cpzone}.rules")) { + if (file_exists("{$g['vardb_path']}/captiveportaldn.rules")) { $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportaldn.rules")); $rules[$ruleno] = false; $rules[++$ruleno] = false; @@ -1856,14 +1858,22 @@ function portal_allow($clientip,$clientmac,$username,$password = null, $attribut if ($attributes['voucher']) $attributes['session_timeout'] = $remaining_time; + + /* handle empty attributes */ + $session_timeout = (!empty($attributes['session_timeout'])) ? $attributes['session_timeout'] : 'NULL'; + $idle_timeout = (!empty($attributes['idle_timeout'])) ? $attributes['idle_timeout'] : 'NULL'; + $session_terminate_time = (!empty($attributes['session_terminate_time'])) ? $attributes['session_terminate_time'] : 'NULL'; + + /* escape username */ + $safe_username = sqlite_escape_string($username); /* encode password in Base64 just in case it contains commas */ $bpassword = base64_encode($password); $cpdb[] = array($allow_time, $pipeno, $clientip, $clientmac, $username, $sessionid, $bpassword, $attributes['session_timeout'], $attributes['idle_timeout'], $attributes['session_terminate_time'], $radiusctx); - $insertquery = "INSERT INTO captiveportal (allow_time, ruleno, ip, mac, username, sessionid, bpassword, session_timeout, idle_timeout, session_terminate_time) "; - $insertquery .= " VALUES ({$allow_time}, {$ruleno}, '{$clientip}', '{$clientmac}', '{$username}', '{$sessionid}', '{$bpassword}',"; - $insertquery .= "{$attributes['session_timeout']}, {$attributes['idle_timeout']}, {$attributes['session_terminate_time']})"; + $insertquery = "INSERT INTO captiveportal (allow_time, pipeno, ip, mac, username, sessionid, bpassword, session_timeout, idle_timeout, session_terminate_time) "; + $insertquery .= "VALUES ({$allow_time}, {$pipeno}, '{$clientip}', '{$clientmac}', '{$safe_username}', '{$sessionid}', '{$bpassword}', "; + $insertquery .= "{$session_timeout}, {$idle_timeout}, {$session_terminate_time})"; /* store information to database */ captiveportal_write_db($insertquery); diff --git a/etc/inc/voucher.inc b/etc/inc/voucher.inc index 3356a1a..ea723ca 100644 --- a/etc/inc/voucher.inc +++ b/etc/inc/voucher.inc @@ -51,7 +51,7 @@ function xmlrpc_sync_voucher_expire($vouchers, $syncip, $port, $password, $usern require_once('/etc/inc/captiveportal.inc'); require_once('/etc/inc/voucher.inc'); \$cpzone = $cpzone; - voucher_expire(\$vouchers); + voucher_expire($vouchers); EOF; @@ -94,13 +94,15 @@ function xmlrpc_sync_voucher_disconnect($dbent, $syncip, $port, $password, $user $url = "http://{$syncip}"; /* Construct code that is run on remote machine */ + $dbent_str = serialize($dbent); $method = 'pfsense.exec_php'; $execcmd = <<<EOF require_once('/etc/inc/captiveportal.inc'); require_once('/etc/inc/voucher.inc'); \$cpzone = $cpzone; \$radiusservers = captiveportal_get_radius_servers(); - captiveportal_disconnect(\$dbent, \$radiusservers, \$term_cause, \$stop_time); + \$dbent = unserialize($dbent_str); + captiveportal_disconnect(\$dbent, \$radiusservers, $term_cause, $stop_time); EOF; diff --git a/etc/rc.update_bogons.sh b/etc/rc.update_bogons.sh index f34964b..69870eb 100755 --- a/etc/rc.update_bogons.sh +++ b/etc/rc.update_bogons.sh @@ -48,17 +48,17 @@ if [ "$BOGON_V4_MD5" = "$ON_DISK_V4_MD5" ]; then egrep -v "^192.168.0.0/16|^172.16.0.0/12|^10.0.0.0/8" /tmp/bogons > /etc/bogons RESULT=`/sbin/pfctl -t bogons -T replace -f /etc/bogons 2>&1` rm /tmp/bogons - echo "Bogons V4 file downloaded: $RESULT" | logger + echo "$RESULT" |awk '{ print "Bogons V4 file downloaded: " $0 }' | logger else echo "Could not download http://files.pfsense.org/lists/fullbogons-ipv4.txt.md5 (md5 mismatch)" | logger md5_error="true" fi if [ "$BOGON_V6_MD5" = "$ON_DISK_V6_MD5" ]; then - egrep -v "^#" /tmp/bogonsv6 > /etc/bogonsv6 + egrep -v "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6 RESULT=`/sbin/pfctl -t bogonsv6 -T replace -f /etc/bogonsv6 2>&1` rm /tmp/bogonsv6 - echo "Bogons V6 file downloaded: $RESULT" | logger + echo "$RESULT" |awk '{ print "Bogons V6 file downloaded: " $0 }' | logger else echo "Could not download http://files.pfsense.org/lists/fullbogons-ipv6.txt.md5 (md5 mismatch)" | logger md5_error="true" |