726 |
726 |
* had a chance to iterate over all accounts.
|
727 |
727 |
*/
|
728 |
728 |
$unsetindexes = array();
|
729 |
|
$no_users = count($cpdb);
|
730 |
|
for ($i = 0; $i < $no_users; $i++) {
|
|
729 |
for ($cpdb as $cpentry) {
|
731 |
730 |
|
732 |
731 |
$timedout = false;
|
733 |
732 |
$term_cause = 1;
|
734 |
733 |
|
735 |
734 |
/* hard timeout? */
|
736 |
735 |
if ($timeout) {
|
737 |
|
if ((time() - $cpdb[$i][0]) >= $timeout) {
|
|
736 |
if ((time() - $cpentry[0]) >= $timeout) {
|
738 |
737 |
$timedout = true;
|
739 |
738 |
$term_cause = 5; // Session-Timeout
|
740 |
739 |
}
|
741 |
740 |
}
|
742 |
741 |
|
743 |
742 |
/* Session-Terminate-Time */
|
744 |
|
if (!$timedout && !empty($cpdb[$i][9])) {
|
745 |
|
if (time() >= $cpdb[$i][9]) {
|
|
743 |
if (!$timedout && !empty($cpentry[9])) {
|
|
744 |
if (time() >= $cpentry[9]) {
|
746 |
745 |
$timedout = true;
|
747 |
746 |
$term_cause = 5; // Session-Timeout
|
748 |
747 |
}
|
749 |
748 |
}
|
750 |
749 |
|
751 |
750 |
/* check if the radius idle_timeout attribute has been set and if its set change the idletimeout to this value */
|
752 |
|
$uidletimeout = (is_numeric($cpdb[$i][8])) ? $cpdb[$i][8] : $idletimeout;
|
|
751 |
$uidletimeout = (is_numeric($cpentry[8])) ? $cpentry[8] : $idletimeout;
|
753 |
752 |
/* if an idle timeout is specified, get last activity timestamp from ipfw */
|
754 |
753 |
if (!$timedout && $uidletimeout) {
|
755 |
|
$lastact = captiveportal_get_last_activity($cpdb[$i][2]);
|
|
754 |
$lastact = captiveportal_get_last_activity($cpentry[2]);
|
756 |
755 |
/* If the user has logged on but not sent any traffic they will never be logged out.
|
757 |
756 |
* We "fix" this by setting lastact to the login timestamp.
|
758 |
757 |
*/
|
759 |
|
$lastact = $lastact ? $lastact : $cpdb[$i][0];
|
|
758 |
$lastact = $lastact ? $lastact : $cpentry[0];
|
760 |
759 |
if ($lastact && ((time() - $lastact) >= $uidletimeout)) {
|
761 |
760 |
$timedout = true;
|
762 |
761 |
$term_cause = 4; // Idle-Timeout
|
... | ... | |
765 |
764 |
}
|
766 |
765 |
|
767 |
766 |
/* if vouchers are configured, activate session timeouts */
|
768 |
|
if (!$timedout && isset($config['voucher']['enable']) && !empty($cpdb[$i][7])) {
|
769 |
|
if (time() >= ($cpdb[$i][0] + $cpdb[$i][7])) {
|
|
767 |
if (!$timedout && isset($config['voucher']['enable']) && !empty($cpentry[7])) {
|
|
768 |
if (time() >= ($cpentry[0] + $cpentry[7])) {
|
770 |
769 |
$timedout = true;
|
771 |
770 |
$term_cause = 5; // Session-Timeout
|
772 |
771 |
}
|
773 |
772 |
}
|
774 |
773 |
|
775 |
774 |
/* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */
|
776 |
|
if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpdb[$i][7])) {
|
777 |
|
if (time() >= ($cpdb[$i][0] + $cpdb[$i][7])) {
|
|
775 |
if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpentry[7])) {
|
|
776 |
if (time() >= ($cpentry[0] + $cpentry[7])) {
|
778 |
777 |
$timedout = true;
|
779 |
778 |
$term_cause = 5; // Session-Timeout
|
780 |
779 |
}
|
781 |
780 |
}
|
782 |
781 |
|
783 |
782 |
if ($timedout) {
|
784 |
|
captiveportal_disconnect($cpdb[$i], $radiusservers,$term_cause,$stop_time);
|
785 |
|
captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "TIMEOUT");
|
786 |
|
$unsetindexes[] = $cpdb[$i][5];
|
|
783 |
captiveportal_disconnect($cpentry, $radiusservers,$term_cause,$stop_time);
|
|
784 |
captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "TIMEOUT");
|
|
785 |
$unsetindexes[] = $cpentry[5];
|
787 |
786 |
}
|
788 |
787 |
|
789 |
788 |
/* do periodic RADIUS reauthentication? */
|
... | ... | |
791 |
790 |
if (isset($config['captiveportal']['radacct_enable'])) {
|
792 |
791 |
if ($config['captiveportal']['reauthenticateacct'] == "stopstart") {
|
793 |
792 |
/* stop and restart accounting */
|
794 |
|
RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
|
795 |
|
$cpdb[$i][4], // username
|
796 |
|
$cpdb[$i][5], // sessionid
|
797 |
|
$cpdb[$i][0], // start time
|
|
793 |
RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno
|
|
794 |
$cpentry[4], // username
|
|
795 |
$cpentry[5], // sessionid
|
|
796 |
$cpentry[0], // start time
|
798 |
797 |
$radiusservers,
|
799 |
|
$cpdb[$i][2], // clientip
|
800 |
|
$cpdb[$i][3], // clientmac
|
|
798 |
$cpentry[2], // clientip
|
|
799 |
$cpentry[3], // clientmac
|
801 |
800 |
10); // NAS Request
|
802 |
|
exec("/sbin/ipfw table 1 entryzerostats {$cpdb[$i][2]}");
|
803 |
|
exec("/sbin/ipfw table 2 entryzerostats {$cpdb[$i][2]}");
|
804 |
|
RADIUS_ACCOUNTING_START($cpdb[$i][1], // ruleno
|
805 |
|
$cpdb[$i][4], // username
|
806 |
|
$cpdb[$i][5], // sessionid
|
|
801 |
exec("/sbin/ipfw table 1 entryzerostats {$cpentry[2]}");
|
|
802 |
exec("/sbin/ipfw table 2 entryzerostats {$cpentry[2]}");
|
|
803 |
RADIUS_ACCOUNTING_START($cpentry[1], // ruleno
|
|
804 |
$cpentry[4], // username
|
|
805 |
$cpentry[5], // sessionid
|
807 |
806 |
$radiusservers,
|
808 |
|
$cpdb[$i][2], // clientip
|
809 |
|
$cpdb[$i][3]); // clientmac
|
|
807 |
$cpentry[2], // clientip
|
|
808 |
$cpentry[3]); // clientmac
|
810 |
809 |
} else if ($config['captiveportal']['reauthenticateacct'] == "interimupdate") {
|
811 |
|
RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
|
812 |
|
$cpdb[$i][4], // username
|
813 |
|
$cpdb[$i][5], // sessionid
|
814 |
|
$cpdb[$i][0], // start time
|
|
810 |
RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno
|
|
811 |
$cpentry[4], // username
|
|
812 |
$cpentry[5], // sessionid
|
|
813 |
$cpentry[0], // start time
|
815 |
814 |
$radiusservers,
|
816 |
|
$cpdb[$i][2], // clientip
|
817 |
|
$cpdb[$i][3], // clientmac
|
|
815 |
$cpentry[2], // clientip
|
|
816 |
$cpentry[3], // clientmac
|
818 |
817 |
10, // NAS Request
|
819 |
818 |
true); // Interim Updates
|
820 |
819 |
}
|
... | ... | |
822 |
821 |
|
823 |
822 |
/* check this user against RADIUS again */
|
824 |
823 |
if (isset($config['captiveportal']['reauthenticate'])) {
|
825 |
|
$auth_list = RADIUS_AUTHENTICATION($cpdb[$i][4], // username
|
826 |
|
base64_decode($cpdb[$i][6]), // password
|
|
824 |
$auth_list = RADIUS_AUTHENTICATION($cpentry[4], // username
|
|
825 |
base64_decode($cpentry[6]), // password
|
827 |
826 |
$radiusservers,
|
828 |
|
$cpdb[$i][2], // clientip
|
829 |
|
$cpdb[$i][3], // clientmac
|
830 |
|
$cpdb[$i][1]); // ruleno
|
|
827 |
$cpentry[2], // clientip
|
|
828 |
$cpentry[3], // clientmac
|
|
829 |
$cpentry[1]); // ruleno
|
831 |
830 |
if ($auth_list['auth_val'] == 3) {
|
832 |
|
captiveportal_disconnect($cpdb[$i], $radiusservers, 17);
|
833 |
|
captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']);
|
834 |
|
$unsetindexes[] = $cpdb[$i][5];
|
|
831 |
captiveportal_disconnect($cpentry, $radiusservers, 17);
|
|
832 |
captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "RADIUS_DISCONNECT", $auth_list['reply_message']);
|
|
833 |
$unsetindexes[] = $cpentry[5];
|
835 |
834 |
}
|
836 |
835 |
}
|
837 |
836 |
}
|