From 23c4f9785ccd2821781d98b0c00a29812f201a0a Mon Sep 17 00:00:00 2001 From: Scott Ullrich Date: Tue, 27 Feb 2007 15:31:43 +0000 Subject: Sync w/ m0n0wall --- etc/inc/captiveportal.inc | 230 +++++++++++++++++++++++----------------------- 1 file changed, 115 insertions(+), 115 deletions(-) (limited to 'etc/inc/captiveportal.inc') diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc index 9aaa2b1..572a9c3 100644 --- a/etc/inc/captiveportal.inc +++ b/etc/inc/captiveportal.inc @@ -403,137 +403,137 @@ timestamp,ipfw_rule_no,clientip,clientmac,username,sessionid,password,session_ti /* (password is in Base64 and only saved when reauthentication is enabled) */ function captiveportal_prune_old() { - global $g, $config; + global $g, $config; - /* check for expired entries */ - if ($config['captiveportal']['timeout']) - $timeout = $config['captiveportal']['timeout'] * 60; - else - $timeout = 0; + /* check for expired entries */ + if ($config['captiveportal']['timeout']) + $timeout = $config['captiveportal']['timeout'] * 60; + else + $timeout = 0; - if ($config['captiveportal']['idletimeout']) - $idletimeout = $config['captiveportal']['idletimeout'] * 60; - else - $idletimeout = 0; + if ($config['captiveportal']['idletimeout']) + $idletimeout = $config['captiveportal']['idletimeout'] * 60; + else + $idletimeout = 0; - if (!$timeout && !$idletimeout && !isset($config['captiveportal']['reauthenticate'])) - return; + if (!$timeout && !$idletimeout && !isset($config['captiveportal']['reauthenticate']) && !isset($config['captiveportal']['radiussession_timeout'])) + return; - captiveportal_lock(); + captiveportal_lock(); - /* read database */ - $cpdb = captiveportal_read_db(); - - $radiusservers = captiveportal_get_radius_servers(); + /* read database */ + $cpdb = captiveportal_read_db(); - for ($i = 0; $i < count($cpdb); $i++) { + $radiusservers = captiveportal_get_radius_servers(); - $timedout = false; - $term_cause = 1; + for ($i = 0; $i < count($cpdb); $i++) { - /* hard timeout? */ - if ($timeout) { - if ((time() - $cpdb[$i][0]) >= $timeout) { - $timedout = true; - $term_cause = 5; // Session-Timeout - } - } + $timedout = false; + $term_cause = 1; - /* Session-Terminate-Time */ - if (!$timedout && !empty($cpdb[$i][9])) { - if (time() >= $cpdb[$i][9]) { - $timedout = true; - $term_cause = 5; // Session-Timeout - } - } + /* hard timeout? */ + if ($timeout) { + if ((time() - $cpdb[$i][0]) >= $timeout) { + $timedout = true; + $term_cause = 5; // Session-Timeout + } + } - /* check if the radius idle_timeout attribute has been set and if its set change the idletimeout to this value */ - $idletimeout = (is_numeric($cpdb[$i][8])) ? $cpdb[$i][8] : $idletimeout; - /* if an idle timeout is specified, get last activity timestamp from ipfw */ - if (!$timedout && $idletimeout) { - $lastact = captiveportal_get_last_activity($cpdb[$i][1]); - if ($lastact && ((time() - $lastact) >= $idletimeout)) { - $timedout = true; - $term_cause = 4; // Idle-Timeout - $stop_time = $lastact; // Entry added to comply with WISPr - } - } + /* Session-Terminate-Time */ + if (!$timedout && !empty($cpdb[$i][9])) { + if (time() >= $cpdb[$i][9]) { + $timedout = true; + $term_cause = 5; // Session-Timeout + } + } - /* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */ - if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpdb[$i][7])) { - if (time() >= ($cpdb[$i][0] + $cpdb[$i][7])) { - $timedout = true; - $term_cause = 5; // Session-Timeout - } - } + /* check if the radius idle_timeout attribute has been set and if its set change the idletimeout to this value */ + $idletimeout = (is_numeric($cpdb[$i][8])) ? $cpdb[$i][8] : $idletimeout; + /* if an idle timeout is specified, get last activity timestamp from ipfw */ + if (!$timedout && $idletimeout) { + $lastact = captiveportal_get_last_activity($cpdb[$i][1]); + if ($lastact && ((time() - $lastact) >= $idletimeout)) { + $timedout = true; + $term_cause = 4; // Idle-Timeout + $stop_time = $lastact; // Entry added to comply with WISPr + } + } - if ($timedout) { - captiveportal_disconnect($cpdb[$i], $radiusservers,$term_cause,$stop_time); - captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "TIMEOUT"); - unset($cpdb[$i]); - } + /* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */ + if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpdb[$i][7])) { + if (time() >= ($cpdb[$i][0] + $cpdb[$i][7])) { + $timedout = true; + $term_cause = 5; // Session-Timeout + } + } - /* do periodic RADIUS reauthentication? */ - if (!$timedout && isset($config['captiveportal']['reauthenticate']) && - ($radiusservers !== false)) { - - if (isset($config['captiveportal']['radacct_enable'])) { - if ($config['captiveportal']['reauthenticateacct'] == "stopstart") { - /* stop and restart accounting */ - RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno - $cpdb[$i][4], // username - $cpdb[$i][5], // sessionid - $cpdb[$i][0], // start time - $radiusservers[0]['ipaddr'], - $radiusservers[0]['acctport'], - $radiusservers[0]['key'], - $cpdb[$i][2], // clientip - $cpdb[$i][3], // clientmac - 10); // NAS Request - exec("/sbin/ipfw zero {$cpdb[$i][1]}"); - RADIUS_ACCOUNTING_START($cpdb[$i][1], // ruleno - $cpdb[$i][4], // username - $cpdb[$i][5], // sessionid - $radiusservers[0]['ipaddr'], - $radiusservers[0]['acctport'], - $radiusservers[0]['key'], - $cpdb[$i][2], // clientip - $cpdb[$i][3]); // clientmac - } else if ($config['captiveportal']['reauthenticateacct'] == "interimupdate") { - RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno - $cpdb[$i][4], // username - $cpdb[$i][5], // sessionid - $cpdb[$i][0], // start time - $radiusservers[0]['ipaddr'], - $radiusservers[0]['acctport'], - $radiusservers[0]['key'], - $cpdb[$i][2], // clientip - $cpdb[$i][3], // clientmac - 10, // NAS Request - true); // Interim Updates - } - } + if ($timedout) { + captiveportal_disconnect($cpdb[$i], $radiusservers,$term_cause,$stop_time); + captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "TIMEOUT"); + unset($cpdb[$i]); + } - /* check this user against RADIUS again */ - $auth_list = RADIUS_AUTHENTICATION($cpdb[$i][4], // username - base64_decode($cpdb[$i][6]), // password - $radiusservers, - $cpdb[$i][2], // clientip - $cpdb[$i][3], // clientmac - $cpdb[$i][1]); // ruleno - - if ($auth_list['auth_val'] == 3) { - captiveportal_disconnect($cpdb[$i], $radiusservers, 17); - captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']); - unset($cpdb[$i]); - } - } - } + /* do periodic RADIUS reauthentication? */ + if (!$timedout && isset($config['captiveportal']['reauthenticate']) && + ($radiusservers !== false)) { + + if (isset($config['captiveportal']['radacct_enable'])) { + if ($config['captiveportal']['reauthenticateacct'] == "stopstart") { + /* stop and restart accounting */ + RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno + $cpdb[$i][4], // username + $cpdb[$i][5], // sessionid + $cpdb[$i][0], // start time + $radiusservers[0]['ipaddr'], + $radiusservers[0]['acctport'], + $radiusservers[0]['key'], + $cpdb[$i][2], // clientip + $cpdb[$i][3], // clientmac + 10); // NAS Request + exec("/sbin/ipfw zero {$cpdb[$i][1]}"); + RADIUS_ACCOUNTING_START($cpdb[$i][1], // ruleno + $cpdb[$i][4], // username + $cpdb[$i][5], // sessionid + $radiusservers[0]['ipaddr'], + $radiusservers[0]['acctport'], + $radiusservers[0]['key'], + $cpdb[$i][2], // clientip + $cpdb[$i][3]); // clientmac + } else if ($config['captiveportal']['reauthenticateacct'] == "interimupdate") { + RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno + $cpdb[$i][4], // username + $cpdb[$i][5], // sessionid + $cpdb[$i][0], // start time + $radiusservers[0]['ipaddr'], + $radiusservers[0]['acctport'], + $radiusservers[0]['key'], + $cpdb[$i][2], // clientip + $cpdb[$i][3], // clientmac + 10, // NAS Request + true); // Interim Updates + } + } + + /* check this user against RADIUS again */ + $auth_list = RADIUS_AUTHENTICATION($cpdb[$i][4], // username + base64_decode($cpdb[$i][6]), // password + $radiusservers, + $cpdb[$i][2], // clientip + $cpdb[$i][3], // clientmac + $cpdb[$i][1]); // ruleno + + if ($auth_list['auth_val'] == 3) { + captiveportal_disconnect($cpdb[$i], $radiusservers, 17); + captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']); + unset($cpdb[$i]); + } + } + } - /* write database */ - captiveportal_write_db($cpdb); + /* write database */ + captiveportal_write_db($cpdb); - captiveportal_unlock(); + captiveportal_unlock(); } /* remove a single client according to the DB entry */ -- cgit v1.1