Revision 5060dea7
Added by Scott Ullrich over 14 years ago
| etc/inc/captiveportal.inc | ||
|---|---|---|
| 2 | 2 |
/* |
| 3 | 3 |
captiveportal.inc |
| 4 | 4 |
part of pfSense (http://www.pfSense.org) |
| 5 |
|
|
| 6 |
originally part of m0n0wall (http://m0n0.ch/wall) |
|
| 7 |
|
|
| 8 |
Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com> |
|
| 5 |
Copyright (C) 2004-2011 Scott Ullrich <sullrich@gmail.com> |
|
| 9 | 6 |
Copyright (C) 2009 Ermal Lu?i <ermal.luci@gmail.com> |
| 10 | 7 |
Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. |
| 8 |
|
|
| 9 |
originally part of m0n0wall (http://m0n0.ch/wall) |
|
| 11 | 10 |
All rights reserved. |
| 12 | 11 |
|
| 13 | 12 |
Redistribution and use in source and binary forms, with or without |
| ... | ... | |
| 38 | 37 |
These changes are (c) 2004 Keycom PLC. |
| 39 | 38 |
|
| 40 | 39 |
pfSense_BUILDER_BINARIES: /sbin/ipfw /sbin/sysctl /sbin/kldunload |
| 41 |
pfSense_BUILDER_BINARIES: /usr/local/sbin/lighttpd /usr/local/bin/minicron /sbin/pfctl
|
|
| 42 |
pfSense_BUILDER_BINARIES: /bin/hostname /bin/cp
|
|
| 43 |
pfSense_MODULE: captiveportal
|
|
| 40 |
pfSense_BUILDER_BINARIES: /usr/local/sbin/lighttpd /usr/local/bin/minicron /sbin/pfctl
|
|
| 41 |
pfSense_BUILDER_BINARIES: /bin/hostname /bin/cp
|
|
| 42 |
pfSense_MODULE: captiveportal
|
|
| 44 | 43 |
*/ |
| 45 | 44 |
|
| 46 | 45 |
/* include all configuration functions */ |
| ... | ... | |
| 74 | 73 |
<div id="mainlevel"> |
| 75 | 74 |
<center> |
| 76 | 75 |
<table width="100%" border="0" cellpadding="5" cellspacing="0"> |
| 77 |
<tr>
|
|
| 78 |
<td>
|
|
| 76 |
<tr> |
|
| 77 |
<td>
|
|
| 79 | 78 |
<center> |
| 80 | 79 |
<div id="mainarea"> |
| 81 | 80 |
<center> |
| ... | ... | |
| 100 | 99 |
</div> |
| 101 | 100 |
</center> |
| 102 | 101 |
</div> |
| 103 |
</td>
|
|
| 102 |
</td>
|
|
| 104 | 103 |
</tr> |
| 105 | 104 |
</table> |
| 106 | 105 |
</center> |
| ... | ... | |
| 145 | 144 |
<div id="mainlevel"> |
| 146 | 145 |
<center> |
| 147 | 146 |
<table width="100%" border="0" cellpadding="5" cellspacing="0"> |
| 148 |
<tr>
|
|
| 149 |
<td>
|
|
| 147 |
<tr> |
|
| 148 |
<td>
|
|
| 150 | 149 |
<center> |
| 151 | 150 |
<div id="mainarea"> |
| 152 | 151 |
<center> |
| 153 | 152 |
<table width="100%" border="0" cellpadding="5" cellspacing="5"> |
| 154 | 153 |
<tr> |
| 155 |
<td>
|
|
| 154 |
<td>
|
|
| 156 | 155 |
<div id="maindivarea"> |
| 157 | 156 |
<center> |
| 158 | 157 |
<div id='statusbox'> |
| ... | ... | |
| 171 | 170 |
<tr><td align="right">Password:</td><td><input name="auth_pass" type="password" style="border: 1px dashed;"></td></tr> |
| 172 | 171 |
<tr><td> </td></tr> |
| 173 | 172 |
<tr> |
| 174 |
<td colspan="2">
|
|
| 173 |
<td colspan="2">
|
|
| 175 | 174 |
<center><input name="accept" type="submit" value="Continue"></center> |
| 176 |
</td>
|
|
| 175 |
</td>
|
|
| 177 | 176 |
</tr> |
| 178 | 177 |
</table> |
| 179 | 178 |
</div> |
| 180 | 179 |
</center> |
| 181 | 180 |
</div> |
| 182 |
</td>
|
|
| 181 |
</td>
|
|
| 183 | 182 |
</tr> |
| 184 | 183 |
</table> |
| 185 | 184 |
</center> |
| ... | ... | |
| 290 | 289 |
<div id="mainlevel"> |
| 291 | 290 |
<center> |
| 292 | 291 |
<table width="100%" border="0" cellpadding="5" cellspacing="0"> |
| 293 |
<tr>
|
|
| 294 |
<td>
|
|
| 292 |
<tr> |
|
| 293 |
<td>
|
|
| 295 | 294 |
<center> |
| 296 | 295 |
<div id="mainarea"> |
| 297 | 296 |
<center> |
| 298 | 297 |
<table width="100%" border="0" cellpadding="5" cellspacing="5"> |
| 299 | 298 |
<tr> |
| 300 |
<td>
|
|
| 299 |
<td>
|
|
| 301 | 300 |
<div id="maindivarea"> |
| 302 | 301 |
<center> |
| 303 | 302 |
<div id='statusbox'> |
| ... | ... | |
| 316 | 315 |
<tr><td align="right">Password:</td><td><input name="auth_pass" type="password" style="border: 1px dashed;"></td></tr> |
| 317 | 316 |
<tr><td> </td></tr> |
| 318 | 317 |
<tr> |
| 319 |
<td colspan="2">
|
|
| 318 |
<td colspan="2">
|
|
| 320 | 319 |
<center><input name="accept" type="submit" value="Continue"></center> |
| 321 |
</td>
|
|
| 320 |
</td>
|
|
| 322 | 321 |
</tr> |
| 323 | 322 |
</table> |
| 324 | 323 |
</div> |
| 325 | 324 |
</center> |
| 326 | 325 |
</div> |
| 327 |
</td>
|
|
| 326 |
</td>
|
|
| 328 | 327 |
</tr> |
| 329 | 328 |
</table> |
| 330 | 329 |
</center> |
| ... | ... | |
| 376 | 375 |
<!-- |
| 377 | 376 |
LogoutWin = window.open('', 'Logout', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=256,height=64');
|
| 378 | 377 |
if (LogoutWin) {
|
| 379 |
LogoutWin.document.write('<HTML>');
|
|
| 380 |
LogoutWin.document.write('<HEAD><TITLE>Logout</TITLE></HEAD>') ;
|
|
| 381 |
LogoutWin.document.write('<BODY BGCOLOR="#435370">');
|
|
| 382 |
LogoutWin.document.write('<DIV ALIGN="center" STYLE="color: #ffffff; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">') ;
|
|
| 383 |
LogoutWin.document.write('<B>Click the button below to disconnect</B><P>');
|
|
| 384 |
LogoutWin.document.write('<FORM METHOD="POST" ACTION="<?=\$logouturl;?>">');
|
|
| 385 |
LogoutWin.document.write('<INPUT NAME="logout_id" TYPE="hidden" VALUE="<?=\$sessionid;?>">');
|
|
| 386 |
LogoutWin.document.write('<INPUT NAME="logout" TYPE="submit" VALUE="Logout">');
|
|
| 387 |
LogoutWin.document.write('</FORM>');
|
|
| 388 |
LogoutWin.document.write('</DIV></BODY>');
|
|
| 389 |
LogoutWin.document.write('</HTML>');
|
|
| 390 |
LogoutWin.document.close();
|
|
| 378 |
LogoutWin.document.write('<HTML>');
|
|
| 379 |
LogoutWin.document.write('<HEAD><TITLE>Logout</TITLE></HEAD>') ;
|
|
| 380 |
LogoutWin.document.write('<BODY BGCOLOR="#435370">');
|
|
| 381 |
LogoutWin.document.write('<DIV ALIGN="center" STYLE="color: #ffffff; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; font-size: 11px;">') ;
|
|
| 382 |
LogoutWin.document.write('<B>Click the button below to disconnect</B><P>');
|
|
| 383 |
LogoutWin.document.write('<FORM METHOD="POST" ACTION="<?=\$logouturl;?>">');
|
|
| 384 |
LogoutWin.document.write('<INPUT NAME="logout_id" TYPE="hidden" VALUE="<?=\$sessionid;?>">');
|
|
| 385 |
LogoutWin.document.write('<INPUT NAME="logout" TYPE="submit" VALUE="Logout">');
|
|
| 386 |
LogoutWin.document.write('</FORM>');
|
|
| 387 |
LogoutWin.document.write('</DIV></BODY>');
|
|
| 388 |
LogoutWin.document.write('</HTML>');
|
|
| 389 |
LogoutWin.document.close();
|
|
| 391 | 390 |
} |
| 392 | 391 |
|
| 393 | 392 |
document.location.href="<?=\$my_redirurl;?>"; |
| ... | ... | |
| 437 | 436 |
if (does_interface_exist($listrealif)) {
|
| 438 | 437 |
pfSense_interface_flags($listrealif, -IFF_IPFW_FILTER); |
| 439 | 438 |
$carpif = link_ip_to_carp_interface(find_interface_ip($listrealif)); |
| 440 |
if (!empty($carpif)) {
|
|
| 439 |
if (!empty($carpif)) {
|
|
| 441 | 440 |
$carpsif = explode(" ", $carpif);
|
| 442 | 441 |
foreach ($carpsif as $cpcarp) |
| 443 | 442 |
pfSense_interface_flags($cpcarp, -IFF_IPFW_FILTER); |
| ... | ... | |
| 456 | 455 |
global $g, $config; |
| 457 | 456 |
|
| 458 | 457 |
if (!isset($config['captiveportal']['enable'])) |
| 459 |
return;
|
|
| 458 |
return;
|
|
| 460 | 459 |
|
| 461 | 460 |
if ($config['captiveportal']['maxproc']) |
| 462 | 461 |
$maxproc = $config['captiveportal']['maxproc']; |
| ... | ... | |
| 534 | 533 |
if (count($cpips) > 0) {
|
| 535 | 534 |
$cpactive = true; |
| 536 | 535 |
$cpinterface = "{ {$cpinterface} } ";
|
| 537 |
} else
|
|
| 536 |
} else
|
|
| 538 | 537 |
return false; |
| 539 | 538 |
|
| 540 | 539 |
if ($reinit == false) |
| ... | ... | |
| 550 | 549 |
if (!is_module_loaded("dummynet.ko"))
|
| 551 | 550 |
mwexec("/sbin/kldload dummynet");
|
| 552 | 551 |
|
| 553 |
$cprules = "add 65291 set 1 allow pfsync from any to any\n";
|
|
| 552 |
$cprules = "add 65291 set 1 allow pfsync from any to any\n";
|
|
| 554 | 553 |
$cprules .= "add 65292 set 1 allow carp from any to any\n"; |
| 555 | 554 |
|
| 556 | 555 |
$cprules .= <<<EOD |
| ... | ... | |
| 619 | 618 |
$rulenum++; |
| 620 | 619 |
} else {
|
| 621 | 620 |
$cprules .= "add {$rulenum} set 1 allow ip from table(1) to any in\n";
|
| 622 |
$rulenum++;
|
|
| 623 |
$cprules .= "add {$rulenum} set 1 allow ip from any to table(2) out\n";
|
|
| 624 |
$rulenum++;
|
|
| 621 |
$rulenum++;
|
|
| 622 |
$cprules .= "add {$rulenum} set 1 allow ip from any to table(2) out\n";
|
|
| 623 |
$rulenum++;
|
|
| 625 | 624 |
} |
| 626 | 625 |
|
| 627 |
$cprules .= <<<EOD
|
|
| 626 |
$cprules .= <<<EOD
|
|
| 628 | 627 |
|
| 629 | 628 |
# redirect non-authenticated clients to captive portal |
| 630 | 629 |
add 65531 set 1 fwd 127.0.0.1,8000 tcp from any to any in |
| ... | ... | |
| 666 | 665 |
if ($reinit == false) |
| 667 | 666 |
unlock($captiveportallck); |
| 668 | 667 |
|
| 669 |
|
|
| 670 | 668 |
/* filter on layer2 as well so we can check MAC addresses */ |
| 671 | 669 |
mwexec("/sbin/sysctl net.link.ether.ipfw=1");
|
| 672 | 670 |
|
| ... | ... | |
| 679 | 677 |
* (password is in Base64 and only saved when reauthentication is enabled) |
| 680 | 678 |
*/ |
| 681 | 679 |
function captiveportal_prune_old() {
|
| 682 |
global $g, $config;
|
|
| 680 |
global $g, $config;
|
|
| 683 | 681 |
|
| 684 |
/* check for expired entries */
|
|
| 685 |
if (empty($config['captiveportal']['timeout']) ||
|
|
| 682 |
/* check for expired entries */
|
|
| 683 |
if (empty($config['captiveportal']['timeout']) ||
|
|
| 686 | 684 |
!is_numeric($config['captiveportal']['timeout'])) |
| 687 |
$timeout = 0;
|
|
| 688 |
else
|
|
| 689 |
$timeout = $config['captiveportal']['timeout'] * 60;
|
|
| 685 |
$timeout = 0;
|
|
| 686 |
else
|
|
| 687 |
$timeout = $config['captiveportal']['timeout'] * 60;
|
|
| 690 | 688 |
|
| 691 |
if (empty($config['captiveportal']['idletimeout']) ||
|
|
| 689 |
if (empty($config['captiveportal']['idletimeout']) ||
|
|
| 692 | 690 |
!is_numeric($config['captiveportal']['idletimeout'])) |
| 693 |
$idletimeout = 0;
|
|
| 694 |
else
|
|
| 695 |
$idletimeout = $config['captiveportal']['idletimeout'] * 60;
|
|
| 691 |
$idletimeout = 0;
|
|
| 692 |
else
|
|
| 693 |
$idletimeout = $config['captiveportal']['idletimeout'] * 60;
|
|
| 696 | 694 |
|
| 697 |
if (!$timeout && !$idletimeout && !isset($config['captiveportal']['reauthenticate']) &&
|
|
| 695 |
if (!$timeout && !$idletimeout && !isset($config['captiveportal']['reauthenticate']) &&
|
|
| 698 | 696 |
!isset($config['captiveportal']['radiussession_timeout']) && !isset($config['voucher']['enable'])) |
| 699 |
return; |
|
| 700 |
|
|
| 701 |
/* read database */ |
|
| 702 |
$cpdb = captiveportal_read_db(); |
|
| 703 |
|
|
| 704 |
$radiusservers = captiveportal_get_radius_servers(); |
|
| 705 |
|
|
| 706 |
/* To make sure we iterate over ALL accounts on every run the count($cpdb) is moved |
|
| 707 |
* outside of the loop. Otherwise the loop would evaluate count() on every iteration |
|
| 708 |
* and since $i would increase and count() would decrement they would meet before we |
|
| 709 |
* had a chance to iterate over all accounts. |
|
| 710 |
*/ |
|
| 711 |
$unsetindexes = array(); |
|
| 712 |
$no_users = count($cpdb); |
|
| 713 |
for ($i = 0; $i < $no_users; $i++) {
|
|
| 714 |
|
|
| 715 |
$timedout = false; |
|
| 716 |
$term_cause = 1; |
|
| 717 |
|
|
| 718 |
/* hard timeout? */ |
|
| 719 |
if ($timeout) {
|
|
| 720 |
if ((time() - $cpdb[$i][0]) >= $timeout) {
|
|
| 721 |
$timedout = true; |
|
| 722 |
$term_cause = 5; // Session-Timeout |
|
| 723 |
} |
|
| 724 |
} |
|
| 725 |
|
|
| 726 |
/* Session-Terminate-Time */ |
|
| 727 |
if (!$timedout && !empty($cpdb[$i][9])) {
|
|
| 728 |
if (time() >= $cpdb[$i][9]) {
|
|
| 729 |
$timedout = true; |
|
| 730 |
$term_cause = 5; // Session-Timeout |
|
| 731 |
} |
|
| 732 |
} |
|
| 733 |
|
|
| 734 |
/* check if the radius idle_timeout attribute has been set and if its set change the idletimeout to this value */ |
|
| 735 |
$uidletimeout = (is_numeric($cpdb[$i][8])) ? $cpdb[$i][8] : $idletimeout; |
|
| 736 |
/* if an idle timeout is specified, get last activity timestamp from ipfw */ |
|
| 737 |
if (!$timedout && $uidletimeout) {
|
|
| 738 |
$lastact = captiveportal_get_last_activity($cpdb[$i][2]); |
|
| 739 |
/* If the user has logged on but not sent any traffic they will never be logged out. |
|
| 740 |
* We "fix" this by setting lastact to the login timestamp. |
|
| 741 |
*/ |
|
| 742 |
$lastact = $lastact ? $lastact : $cpdb[$i][0]; |
|
| 743 |
if ($lastact && ((time() - $lastact) >= $uidletimeout)) {
|
|
| 744 |
$timedout = true; |
|
| 745 |
$term_cause = 4; // Idle-Timeout |
|
| 746 |
$stop_time = $lastact; // Entry added to comply with WISPr |
|
| 697 |
return; |
|
| 698 |
|
|
| 699 |
/* read database */ |
|
| 700 |
$cpdb = captiveportal_read_db(); |
|
| 701 |
|
|
| 702 |
$radiusservers = captiveportal_get_radius_servers(); |
|
| 703 |
|
|
| 704 |
/* To make sure we iterate over ALL accounts on every run the count($cpdb) is moved |
|
| 705 |
* outside of the loop. Otherwise the loop would evaluate count() on every iteration |
|
| 706 |
* and since $i would increase and count() would decrement they would meet before we |
|
| 707 |
* had a chance to iterate over all accounts. |
|
| 708 |
*/ |
|
| 709 |
$unsetindexes = array(); |
|
| 710 |
$no_users = count($cpdb); |
|
| 711 |
for ($i = 0; $i < $no_users; $i++) {
|
|
| 712 |
|
|
| 713 |
$timedout = false; |
|
| 714 |
$term_cause = 1; |
|
| 715 |
|
|
| 716 |
/* hard timeout? */ |
|
| 717 |
if ($timeout) {
|
|
| 718 |
if ((time() - $cpdb[$i][0]) >= $timeout) {
|
|
| 719 |
$timedout = true; |
|
| 720 |
$term_cause = 5; // Session-Timeout |
|
| 721 |
} |
|
| 747 | 722 |
} |
| 748 |
} |
|
| 749 | 723 |
|
| 750 |
/* if vouchers are configured, activate session timeouts */ |
|
| 751 |
if (!$timedout && isset($config['voucher']['enable']) && !empty($cpdb[$i][7])) {
|
|
| 752 |
if (time() >= ($cpdb[$i][0] + $cpdb[$i][7])) {
|
|
| 753 |
$timedout = true; |
|
| 754 |
$term_cause = 5; // Session-Timeout |
|
| 724 |
/* Session-Terminate-Time */ |
|
| 725 |
if (!$timedout && !empty($cpdb[$i][9])) {
|
|
| 726 |
if (time() >= $cpdb[$i][9]) {
|
|
| 727 |
$timedout = true; |
|
| 728 |
$term_cause = 5; // Session-Timeout |
|
| 729 |
} |
|
| 730 |
} |
|
| 731 |
|
|
| 732 |
/* check if the radius idle_timeout attribute has been set and if its set change the idletimeout to this value */ |
|
| 733 |
$uidletimeout = (is_numeric($cpdb[$i][8])) ? $cpdb[$i][8] : $idletimeout; |
|
| 734 |
/* if an idle timeout is specified, get last activity timestamp from ipfw */ |
|
| 735 |
if (!$timedout && $uidletimeout) {
|
|
| 736 |
$lastact = captiveportal_get_last_activity($cpdb[$i][2]); |
|
| 737 |
/* If the user has logged on but not sent any traffic they will never be logged out. |
|
| 738 |
* We "fix" this by setting lastact to the login timestamp. |
|
| 739 |
*/ |
|
| 740 |
$lastact = $lastact ? $lastact : $cpdb[$i][0]; |
|
| 741 |
if ($lastact && ((time() - $lastact) >= $uidletimeout)) {
|
|
| 742 |
$timedout = true; |
|
| 743 |
$term_cause = 4; // Idle-Timeout |
|
| 744 |
$stop_time = $lastact; // Entry added to comply with WISPr |
|
| 745 |
} |
|
| 755 | 746 |
} |
| 756 |
} |
|
| 757 | 747 |
|
| 758 |
/* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */ |
|
| 759 |
if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpdb[$i][7])) {
|
|
| 760 |
if (time() >= ($cpdb[$i][0] + $cpdb[$i][7])) {
|
|
| 761 |
$timedout = true; |
|
| 762 |
$term_cause = 5; // Session-Timeout |
|
| 763 |
} |
|
| 764 |
} |
|
| 765 |
|
|
| 766 |
if ($timedout) {
|
|
| 767 |
captiveportal_disconnect($cpdb[$i], $radiusservers,$term_cause,$stop_time); |
|
| 768 |
captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "TIMEOUT"); |
|
| 769 |
$unsetindexes[$i] = $i; |
|
| 770 |
} |
|
| 771 |
|
|
| 772 |
/* do periodic RADIUS reauthentication? */ |
|
| 773 |
if (!$timedout && !empty($radiusservers)) {
|
|
| 774 |
if (isset($config['captiveportal']['radacct_enable'])) {
|
|
| 775 |
if ($config['captiveportal']['reauthenticateacct'] == "stopstart") {
|
|
| 776 |
/* stop and restart accounting */ |
|
| 777 |
RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno |
|
| 778 |
$cpdb[$i][4], // username |
|
| 779 |
$cpdb[$i][5], // sessionid |
|
| 780 |
$cpdb[$i][0], // start time |
|
| 781 |
$radiusservers, |
|
| 782 |
$cpdb[$i][2], // clientip |
|
| 783 |
$cpdb[$i][3], // clientmac |
|
| 784 |
10); // NAS Request |
|
| 785 |
exec("/sbin/ipfw table 1 entryzerostats {$cpdb[$i][2]}");
|
|
| 786 |
exec("/sbin/ipfw table 2 entryzerostats {$cpdb[$i][2]}");
|
|
| 787 |
RADIUS_ACCOUNTING_START($cpdb[$i][1], // ruleno |
|
| 788 |
$cpdb[$i][4], // username |
|
| 789 |
$cpdb[$i][5], // sessionid |
|
| 790 |
$radiusservers, |
|
| 791 |
$cpdb[$i][2], // clientip |
|
| 792 |
$cpdb[$i][3]); // clientmac |
|
| 793 |
} else if ($config['captiveportal']['reauthenticateacct'] == "interimupdate") {
|
|
| 794 |
RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno |
|
| 795 |
$cpdb[$i][4], // username |
|
| 796 |
$cpdb[$i][5], // sessionid |
|
| 797 |
$cpdb[$i][0], // start time |
|
| 798 |
$radiusservers, |
|
| 799 |
$cpdb[$i][2], // clientip |
|
| 800 |
$cpdb[$i][3], // clientmac |
|
| 801 |
10, // NAS Request |
|
| 802 |
true); // Interim Updates |
|
| 803 |
} |
|
| 804 |
} |
|
| 805 |
|
|
| 806 |
/* check this user against RADIUS again */ |
|
| 807 |
if (isset($config['captiveportal']['reauthenticate'])) {
|
|
| 808 |
$auth_list = RADIUS_AUTHENTICATION($cpdb[$i][4], // username |
|
| 809 |
base64_decode($cpdb[$i][6]), // password |
|
| 810 |
$radiusservers, |
|
| 811 |
$cpdb[$i][2], // clientip |
|
| 812 |
$cpdb[$i][3], // clientmac |
|
| 813 |
$cpdb[$i][1]); // ruleno |
|
| 814 |
|
|
| 815 |
if ($auth_list['auth_val'] == 3) {
|
|
| 816 |
captiveportal_disconnect($cpdb[$i], $radiusservers, 17); |
|
| 817 |
captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']); |
|
| 748 |
/* if vouchers are configured, activate session timeouts */ |
|
| 749 |
if (!$timedout && isset($config['voucher']['enable']) && !empty($cpdb[$i][7])) {
|
|
| 750 |
if (time() >= ($cpdb[$i][0] + $cpdb[$i][7])) {
|
|
| 751 |
$timedout = true; |
|
| 752 |
$term_cause = 5; // Session-Timeout |
|
| 753 |
} |
|
| 754 |
} |
|
| 755 |
|
|
| 756 |
/* if radius session_timeout is enabled and the session_timeout is not null, then check if the user should be logged out */ |
|
| 757 |
if (!$timedout && isset($config['captiveportal']['radiussession_timeout']) && !empty($cpdb[$i][7])) {
|
|
| 758 |
if (time() >= ($cpdb[$i][0] + $cpdb[$i][7])) {
|
|
| 759 |
$timedout = true; |
|
| 760 |
$term_cause = 5; // Session-Timeout |
|
| 761 |
} |
|
| 762 |
} |
|
| 763 |
|
|
| 764 |
if ($timedout) {
|
|
| 765 |
captiveportal_disconnect($cpdb[$i], $radiusservers,$term_cause,$stop_time); |
|
| 766 |
captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "TIMEOUT"); |
|
| 818 | 767 |
$unsetindexes[$i] = $i; |
| 819 |
} |
|
| 820 |
} |
|
| 821 |
} |
|
| 822 |
} |
|
| 823 |
/* This is a kludge to overcome some php weirdness */ |
|
| 824 |
foreach($unsetindexes as $unsetindex) |
|
| 768 |
} |
|
| 769 |
|
|
| 770 |
/* do periodic RADIUS reauthentication? */ |
|
| 771 |
if (!$timedout && !empty($radiusservers)) {
|
|
| 772 |
if (isset($config['captiveportal']['radacct_enable'])) {
|
|
| 773 |
if ($config['captiveportal']['reauthenticateacct'] == "stopstart") {
|
|
| 774 |
/* stop and restart accounting */ |
|
| 775 |
RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno |
|
| 776 |
$cpdb[$i][4], // username |
|
| 777 |
$cpdb[$i][5], // sessionid |
|
| 778 |
$cpdb[$i][0], // start time |
|
| 779 |
$radiusservers, |
|
| 780 |
$cpdb[$i][2], // clientip |
|
| 781 |
$cpdb[$i][3], // clientmac |
|
| 782 |
10); // NAS Request |
|
| 783 |
exec("/sbin/ipfw table 1 entryzerostats {$cpdb[$i][2]}");
|
|
| 784 |
exec("/sbin/ipfw table 2 entryzerostats {$cpdb[$i][2]}");
|
|
| 785 |
RADIUS_ACCOUNTING_START($cpdb[$i][1], // ruleno |
|
| 786 |
$cpdb[$i][4], // username |
|
| 787 |
$cpdb[$i][5], // sessionid |
|
| 788 |
$radiusservers, |
|
| 789 |
$cpdb[$i][2], // clientip |
|
| 790 |
$cpdb[$i][3]); // clientmac |
|
| 791 |
} else if ($config['captiveportal']['reauthenticateacct'] == "interimupdate") {
|
|
| 792 |
RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno |
|
| 793 |
$cpdb[$i][4], // username |
|
| 794 |
$cpdb[$i][5], // sessionid |
|
| 795 |
$cpdb[$i][0], // start time |
|
| 796 |
$radiusservers, |
|
| 797 |
$cpdb[$i][2], // clientip |
|
| 798 |
$cpdb[$i][3], // clientmac |
|
| 799 |
10, // NAS Request |
|
| 800 |
true); // Interim Updates |
|
| 801 |
} |
|
| 802 |
} |
|
| 803 |
|
|
| 804 |
/* check this user against RADIUS again */ |
|
| 805 |
if (isset($config['captiveportal']['reauthenticate'])) {
|
|
| 806 |
$auth_list = RADIUS_AUTHENTICATION($cpdb[$i][4], // username |
|
| 807 |
base64_decode($cpdb[$i][6]), // password |
|
| 808 |
$radiusservers, |
|
| 809 |
$cpdb[$i][2], // clientip |
|
| 810 |
$cpdb[$i][3], // clientmac |
|
| 811 |
$cpdb[$i][1]); // ruleno |
|
| 812 |
if ($auth_list['auth_val'] == 3) {
|
|
| 813 |
captiveportal_disconnect($cpdb[$i], $radiusservers, 17); |
|
| 814 |
captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "RADIUS_DISCONNECT", $auth_list['reply_message']); |
|
| 815 |
$unsetindexes[$i] = $i; |
|
| 816 |
} |
|
| 817 |
} |
|
| 818 |
} |
|
| 819 |
} |
|
| 820 |
/* This is a kludge to overcome some php weirdness */ |
|
| 821 |
foreach($unsetindexes as $unsetindex) |
|
| 825 | 822 |
unset($cpdb[$unsetindex]); |
| 826 | 823 |
|
| 827 |
/* write database */
|
|
| 828 |
captiveportal_write_db($cpdb);
|
|
| 824 |
/* write database */
|
|
| 825 |
captiveportal_write_db($cpdb);
|
|
| 829 | 826 |
} |
| 830 | 827 |
|
| 831 | 828 |
/* remove a single client according to the DB entry */ |
| ... | ... | |
| 837 | 834 |
/* this client needs to be deleted - remove ipfw rules */ |
| 838 | 835 |
if (isset($config['captiveportal']['radacct_enable']) && !empty($radiusservers)) {
|
| 839 | 836 |
RADIUS_ACCOUNTING_STOP($dbent[1], // ruleno |
| 840 |
$dbent[4], // username
|
|
| 841 |
$dbent[5], // sessionid
|
|
| 842 |
$dbent[0], // start time
|
|
| 843 |
$radiusservers,
|
|
| 844 |
$dbent[2], // clientip
|
|
| 845 |
$dbent[3], // clientmac
|
|
| 846 |
$term_cause, // Acct-Terminate-Cause
|
|
| 847 |
false,
|
|
| 848 |
$stop_time);
|
|
| 837 |
$dbent[4], // username |
|
| 838 |
$dbent[5], // sessionid |
|
| 839 |
$dbent[0], // start time |
|
| 840 |
$radiusservers, |
|
| 841 |
$dbent[2], // clientip |
|
| 842 |
$dbent[3], // clientmac |
|
| 843 |
$term_cause, // Acct-Terminate-Cause |
|
| 844 |
false, |
|
| 845 |
$stop_time); |
|
| 849 | 846 |
} |
| 850 | 847 |
/* Delete client's ip entry from tables 3 and 4. */ |
| 851 | 848 |
mwexec("/sbin/ipfw table 1 delete {$dbent[2]}");
|
| ... | ... | |
| 903 | 900 |
$cpdb = captiveportal_read_db(); |
| 904 | 901 |
foreach ($cpdb as $cpentry) {
|
| 905 | 902 |
RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno |
| 906 |
$cpentry[4], // username
|
|
| 907 |
$cpentry[5], // sessionid
|
|
| 908 |
$cpentry[0], // start time
|
|
| 909 |
$radiusservers,
|
|
| 910 |
$cpentry[2], // clientip
|
|
| 911 |
$cpentry[3], // clientmac
|
|
| 912 |
7); // Admin Reboot
|
|
| 903 |
$cpentry[4], // username |
|
| 904 |
$cpentry[5], // sessionid |
|
| 905 |
$cpentry[0], // start time |
|
| 906 |
$radiusservers, |
|
| 907 |
$cpentry[2], // clientip |
|
| 908 |
$cpentry[3], // clientmac |
|
| 909 |
7); // Admin Reboot |
|
| 913 | 910 |
} |
| 914 | 911 |
} |
| 915 | 912 |
} |
| 916 | 913 |
|
| 917 | 914 |
function captiveportal_passthrumac_configure_entry($macent) {
|
| 918 | 915 |
$rules = ""; |
| 919 |
$enBwup = isset($macent['bw_up']);
|
|
| 920 |
$enBwdown = isset($macent['bw_down']);
|
|
| 916 |
$enBwup = isset($macent['bw_up']);
|
|
| 917 |
$enBwdown = isset($macent['bw_down']);
|
|
| 921 | 918 |
$actionup = "allow"; |
| 922 | 919 |
$actiondown = "allow"; |
| 923 | 920 |
|
| 924 |
if ($enBwup && $enBwdown)
|
|
| 925 |
$ruleno = captiveportal_get_next_ipfw_ruleno(2000, 49899, true);
|
|
| 926 |
else
|
|
| 927 |
$ruleno = captiveportal_get_next_ipfw_ruleno(2000, 49899, false);
|
|
| 921 |
if ($enBwup && $enBwdown)
|
|
| 922 |
$ruleno = captiveportal_get_next_ipfw_ruleno(2000, 49899, true);
|
|
| 923 |
else
|
|
| 924 |
$ruleno = captiveportal_get_next_ipfw_ruleno(2000, 49899, false);
|
|
| 928 | 925 |
|
| 929 | 926 |
if ($enBwup) {
|
| 930 |
$bw_up = $ruleno + 20000;
|
|
| 931 |
$rules .= "pipe {$bw_up} config bw {$macent['bw_up']}Kbit/s queue 100\n";
|
|
| 927 |
$bw_up = $ruleno + 20000;
|
|
| 928 |
$rules .= "pipe {$bw_up} config bw {$macent['bw_up']}Kbit/s queue 100\n";
|
|
| 932 | 929 |
$actionup = "pipe {$bw_up}";
|
| 933 |
}
|
|
| 934 |
if ($enBwdown) {
|
|
| 930 |
}
|
|
| 931 |
if ($enBwdown) {
|
|
| 935 | 932 |
$bw_down = $ruleno + 20001; |
| 936 | 933 |
$rules .= "pipe {$bw_down} config bw {$macent['bw_down']}Kbit/s queue 100\n";
|
| 937 | 934 |
$actiondown = "pipe {$bw_down}";
|
| 938 |
}
|
|
| 935 |
}
|
|
| 939 | 936 |
$rules .= "add {$ruleno} {$actiondown} ip from any to any MAC {$macent['mac']} any\n";
|
| 940 | 937 |
$ruleno++; |
| 941 | 938 |
$rules .= "add {$ruleno} {$actionup} ip from any to any MAC any {$macent['mac']}\n";
|
| ... | ... | |
| 982 | 979 |
$enBwup = isset($ipent['bw_up']); |
| 983 | 980 |
$enBwdown = isset($ipent['bw_down']); |
| 984 | 981 |
$bw_up = ""; |
| 985 |
$bw_down = "";
|
|
| 986 |
$tablein = array();
|
|
| 987 |
$tableout = array();
|
|
| 982 |
$bw_down = "";
|
|
| 983 |
$tablein = array();
|
|
| 984 |
$tableout = array();
|
|
| 988 | 985 |
|
| 989 | 986 |
if ($enBwup && $enBwdown) |
| 990 | 987 |
$ruleno = captiveportal_get_next_ipfw_ruleno(2000, 49899, true); |
| 991 | 988 |
else |
| 992 | 989 |
$ruleno = captiveportal_get_next_ipfw_ruleno(2000, 49899, false); |
| 993 | 990 |
|
| 994 |
if ($ipent['dir'] == "from") {
|
|
| 995 |
if ($enBwup)
|
|
| 996 |
$tablein[] = 5;
|
|
| 997 |
else
|
|
| 998 |
$tablein[] = 3;
|
|
| 999 |
if ($enBwdown)
|
|
| 1000 |
$tableout[] = 6;
|
|
| 1001 |
else
|
|
| 1002 |
$tableout[] = 4;
|
|
| 1003 |
} else if ($ipent['dir'] == "to") {
|
|
| 1004 |
if ($enBwup)
|
|
| 1005 |
$tablein[] = 9;
|
|
| 1006 |
else
|
|
| 1007 |
$tablein[] = 7;
|
|
| 1008 |
if ($enBwdown)
|
|
| 1009 |
$tableout[] = 10;
|
|
| 1010 |
else
|
|
| 1011 |
$tableout[] = 8;
|
|
| 1012 |
} else if ($ipent['dir'] == "both") {
|
|
| 1013 |
if ($enBwup) {
|
|
| 1014 |
$tablein[] = 5;
|
|
| 1015 |
$tablein[] = 9;
|
|
| 1016 |
} else {
|
|
| 1017 |
$tablein[] = 3;
|
|
| 1018 |
$tablein[] = 7;
|
|
| 1019 |
}
|
|
| 1020 |
if ($enBwdown) {
|
|
| 1021 |
$tableout[] = 6;
|
|
| 1022 |
$tableout[] = 10;
|
|
| 1023 |
} else {
|
|
| 1024 |
$tableout[] = 4;
|
|
| 1025 |
$tableout[] = 8;
|
|
| 1026 |
}
|
|
| 1027 |
}
|
|
| 1028 |
if ($enBwup) {
|
|
| 1029 |
$bw_up = $ruleno + 20000;
|
|
| 1030 |
$rules .= "pipe {$bw_up} config bw {$ipent['bw_up']}Kbit/s queue 100\n";
|
|
| 1031 |
}
|
|
| 991 |
if ($ipent['dir'] == "from") {
|
|
| 992 |
if ($enBwup)
|
|
| 993 |
$tablein[] = 5;
|
|
| 994 |
else
|
|
| 995 |
$tablein[] = 3;
|
|
| 996 |
if ($enBwdown)
|
|
| 997 |
$tableout[] = 6;
|
|
| 998 |
else
|
|
| 999 |
$tableout[] = 4;
|
|
| 1000 |
} else if ($ipent['dir'] == "to") {
|
|
| 1001 |
if ($enBwup)
|
|
| 1002 |
$tablein[] = 9;
|
|
| 1003 |
else
|
|
| 1004 |
$tablein[] = 7;
|
|
| 1005 |
if ($enBwdown)
|
|
| 1006 |
$tableout[] = 10;
|
|
| 1007 |
else
|
|
| 1008 |
$tableout[] = 8;
|
|
| 1009 |
} else if ($ipent['dir'] == "both") {
|
|
| 1010 |
if ($enBwup) {
|
|
| 1011 |
$tablein[] = 5;
|
|
| 1012 |
$tablein[] = 9;
|
|
| 1013 |
} else {
|
|
| 1014 |
$tablein[] = 3;
|
|
| 1015 |
$tablein[] = 7;
|
|
| 1016 |
}
|
|
| 1017 |
if ($enBwdown) {
|
|
| 1018 |
$tableout[] = 6;
|
|
| 1019 |
$tableout[] = 10;
|
|
| 1020 |
} else {
|
|
| 1021 |
$tableout[] = 4;
|
|
| 1022 |
$tableout[] = 8;
|
|
| 1023 |
}
|
|
| 1024 |
}
|
|
| 1025 |
if ($enBwup) {
|
|
| 1026 |
$bw_up = $ruleno + 20000;
|
|
| 1027 |
$rules .= "pipe {$bw_up} config bw {$ipent['bw_up']}Kbit/s queue 100\n";
|
|
| 1028 |
}
|
|
| 1032 | 1029 |
$subnet = ""; |
| 1033 | 1030 |
if (!empty($ipent['sn'])) |
| 1034 | 1031 |
$subnet = "/{$ipent['sn']}";
|
| 1035 | 1032 |
foreach ($tablein as $table) |
| 1036 |
$rules .= "table {$table} add {$ipent['ip']}{$subnet} {$bw_up}\n";
|
|
| 1037 |
if ($enBwdown) {
|
|
| 1038 |
$bw_down = $ruleno + 20001;
|
|
| 1039 |
$rules .= "pipe {$bw_down} config bw {$ipent['bw_down']}Kbit/s queue 100\n";
|
|
| 1040 |
}
|
|
| 1041 |
foreach ($tableout as $table)
|
|
| 1042 |
$rules .= "table {$table} add {$ipent['ip']}{$subnet} {$bw_down}\n";
|
|
| 1033 |
$rules .= "table {$table} add {$ipent['ip']}{$subnet} {$bw_up}\n";
|
|
| 1034 |
if ($enBwdown) {
|
|
| 1035 |
$bw_down = $ruleno + 20001;
|
|
| 1036 |
$rules .= "pipe {$bw_down} config bw {$ipent['bw_down']}Kbit/s queue 100\n";
|
|
| 1037 |
}
|
|
| 1038 |
foreach ($tableout as $table)
|
|
| 1039 |
$rules .= "table {$table} add {$ipent['ip']}{$subnet} {$bw_down}\n";
|
|
| 1043 | 1040 |
|
| 1044 | 1041 |
return $rules; |
| 1045 | 1042 |
} |
| ... | ... | |
| 1078 | 1075 |
|
| 1079 | 1076 |
/* generate radius server database */ |
| 1080 | 1077 |
if ($config['captiveportal']['radiusip'] && (!isset($config['captiveportal']['auth_method']) || |
| 1081 |
($config['captiveportal']['auth_method'] == "radius"))) {
|
|
| 1078 |
($config['captiveportal']['auth_method'] == "radius"))) {
|
|
| 1082 | 1079 |
$radiusip = $config['captiveportal']['radiusip']; |
| 1083 | 1080 |
$radiusip2 = ($config['captiveportal']['radiusip2']) ? $config['captiveportal']['radiusip2'] : null; |
| 1084 | 1081 |
|
| ... | ... | |
| 1115 | 1112 |
|
| 1116 | 1113 |
/* read RADIUS servers into array */ |
| 1117 | 1114 |
function captiveportal_get_radius_servers() {
|
| 1118 |
global $g;
|
|
| 1115 |
global $g;
|
|
| 1119 | 1116 |
|
| 1120 |
$cprdsrvlck = lock('captiveportalradius');
|
|
| 1121 |
if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
|
|
| 1122 |
$radiusservers = array();
|
|
| 1123 |
$cpradiusdb = file("{$g['vardb_path']}/captiveportal_radius.db",
|
|
| 1117 |
$cprdsrvlck = lock('captiveportalradius');
|
|
| 1118 |
if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
|
|
| 1119 |
$radiusservers = array();
|
|
| 1120 |
$cpradiusdb = file("{$g['vardb_path']}/captiveportal_radius.db",
|
|
| 1124 | 1121 |
FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); |
| 1125 |
if ($cpradiusdb) |
|
| 1126 |
foreach($cpradiusdb as $cpradiusentry) {
|
|
| 1127 |
$line = trim($cpradiusentry); |
|
| 1128 |
if ($line) {
|
|
| 1129 |
$radsrv = array(); |
|
| 1130 |
list($radsrv['ipaddr'],$radsrv['port'],$radsrv['acctport'],$radsrv['key']) = explode(",",$line);
|
|
| 1131 |
$radiusservers[] = $radsrv; |
|
| 1132 |
} |
|
| 1122 |
if ($cpradiusdb) {
|
|
| 1123 |
foreach($cpradiusdb as $cpradiusentry) {
|
|
| 1124 |
$line = trim($cpradiusentry); |
|
| 1125 |
if ($line) {
|
|
| 1126 |
$radsrv = array(); |
|
| 1127 |
list($radsrv['ipaddr'],$radsrv['port'],$radsrv['acctport'],$radsrv['key']) = explode(",",$line);
|
|
| 1128 |
$radiusservers[] = $radsrv; |
|
| 1129 |
} |
|
| 1130 |
} |
|
| 1131 |
} |
|
| 1132 |
unlock($cprdsrvlck); |
|
| 1133 |
return $radiusservers; |
|
| 1133 | 1134 |
} |
| 1134 | 1135 |
|
| 1135 | 1136 |
unlock($cprdsrvlck); |
| 1136 |
return $radiusservers; |
|
| 1137 |
} |
|
| 1138 |
|
|
| 1139 |
unlock($cprdsrvlck); |
|
| 1140 |
return false; |
|
| 1137 |
return false; |
|
| 1141 | 1138 |
} |
| 1142 | 1139 |
|
| 1143 | 1140 |
/* log successful captive portal authentication to syslog */ |
| ... | ... | |
| 1164 | 1161 |
} |
| 1165 | 1162 |
|
| 1166 | 1163 |
function radius($username,$password,$clientip,$clientmac,$type) {
|
| 1167 |
global $g, $config;
|
|
| 1168 |
|
|
| 1169 |
$ruleno = captiveportal_get_next_ipfw_ruleno();
|
|
| 1170 |
|
|
| 1171 |
/* If the pool is empty, return appropriate message and fail authentication */
|
|
| 1172 |
if (is_null($ruleno)) {
|
|
| 1173 |
$auth_list = array();
|
|
| 1174 |
$auth_list['auth_val'] = 1;
|
|
| 1175 |
$auth_list['error'] = "System reached maximum login capacity";
|
|
| 1176 |
return $auth_list;
|
|
| 1177 |
}
|
|
| 1178 |
|
|
| 1179 |
$radiusservers = captiveportal_get_radius_servers();
|
|
| 1180 |
|
|
| 1181 |
$auth_list = RADIUS_AUTHENTICATION($username,
|
|
| 1182 |
$password,
|
|
| 1183 |
$radiusservers,
|
|
| 1184 |
$clientip,
|
|
| 1185 |
$clientmac,
|
|
| 1186 |
$ruleno);
|
|
| 1187 |
|
|
| 1188 |
if ($auth_list['auth_val'] == 2) {
|
|
| 1189 |
captiveportal_logportalauth($username,$clientmac,$clientip,$type);
|
|
| 1190 |
$sessionid = portal_allow($clientip,
|
|
| 1191 |
$clientmac,
|
|
| 1192 |
$username,
|
|
| 1193 |
$password,
|
|
| 1194 |
$auth_list,
|
|
| 1195 |
$ruleno);
|
|
| 1196 |
}
|
|
| 1197 |
|
|
| 1198 |
return $auth_list;
|
|
| 1164 |
global $g, $config;
|
|
| 1165 |
|
|
| 1166 |
$ruleno = captiveportal_get_next_ipfw_ruleno();
|
|
| 1167 |
|
|
| 1168 |
/* If the pool is empty, return appropriate message and fail authentication */
|
|
| 1169 |
if (is_null($ruleno)) {
|
|
| 1170 |
$auth_list = array();
|
|
| 1171 |
$auth_list['auth_val'] = 1;
|
|
| 1172 |
$auth_list['error'] = "System reached maximum login capacity";
|
|
| 1173 |
return $auth_list;
|
|
| 1174 |
}
|
|
| 1175 |
|
|
| 1176 |
$radiusservers = captiveportal_get_radius_servers();
|
|
| 1177 |
|
|
| 1178 |
$auth_list = RADIUS_AUTHENTICATION($username,
|
|
| 1179 |
$password,
|
|
| 1180 |
$radiusservers,
|
|
| 1181 |
$clientip,
|
|
| 1182 |
$clientmac,
|
|
| 1183 |
$ruleno);
|
|
| 1184 |
|
|
| 1185 |
if ($auth_list['auth_val'] == 2) {
|
|
| 1186 |
captiveportal_logportalauth($username,$clientmac,$clientip,$type);
|
|
| 1187 |
$sessionid = portal_allow($clientip,
|
|
| 1188 |
$clientmac,
|
|
| 1189 |
$username,
|
|
| 1190 |
$password,
|
|
| 1191 |
$auth_list,
|
|
| 1192 |
$ruleno);
|
|
| 1193 |
}
|
|
| 1194 |
|
|
| 1195 |
return $auth_list;
|
|
| 1199 | 1196 |
} |
| 1200 | 1197 |
|
| 1201 | 1198 |
/* read captive portal DB into array */ |
| 1202 | 1199 |
function captiveportal_read_db() {
|
| 1203 |
global $g; |
|
| 1204 |
|
|
| 1205 |
$cpdb = array(); |
|
| 1206 |
|
|
| 1207 |
$cpdblck = lock('captiveportaldb');
|
|
| 1208 |
$fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r");
|
|
| 1209 |
if ($fd) {
|
|
| 1210 |
while (!feof($fd)) {
|
|
| 1211 |
$line = trim(fgets($fd)); |
|
| 1212 |
if ($line) {
|
|
| 1213 |
$cpdb[] = explode(",", $line);
|
|
| 1214 |
} |
|
| 1215 |
} |
|
| 1216 |
fclose($fd); |
|
| 1217 |
} |
|
| 1218 |
unlock($cpdblck); |
|
| 1219 |
return $cpdb; |
|
| 1200 |
global $g; |
|
| 1201 |
|
|
| 1202 |
$cpdb = array(); |
|
| 1203 |
|
|
| 1204 |
$cpdblck = lock('captiveportaldb');
|
|
| 1205 |
$fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r");
|
|
| 1206 |
if ($fd) {
|
|
| 1207 |
while (!feof($fd)) {
|
|
| 1208 |
$line = trim(fgets($fd)); |
|
| 1209 |
if ($line) |
|
| 1210 |
$cpdb[] = explode(",", $line);
|
|
| 1211 |
} |
|
| 1212 |
fclose($fd); |
|
| 1213 |
} |
|
| 1214 |
unlock($cpdblck); |
|
| 1215 |
return $cpdb; |
|
| 1220 | 1216 |
} |
| 1221 | 1217 |
|
| 1222 | 1218 |
/* write captive portal DB */ |
| 1223 | 1219 |
function captiveportal_write_db($cpdb) {
|
| 1224 |
global $g;
|
|
| 1225 |
|
|
| 1226 |
$cpdblck = lock('captiveportaldb', LOCK_EX);
|
|
| 1227 |
$fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w");
|
|
| 1228 |
if ($fd) {
|
|
| 1229 |
foreach ($cpdb as $cpent) {
|
|
| 1230 |
fwrite($fd, join(",", $cpent) . "\n");
|
|
| 1231 |
}
|
|
| 1232 |
fclose($fd);
|
|
| 1233 |
}
|
|
| 1220 |
global $g;
|
|
| 1221 |
|
|
| 1222 |
$cpdblck = lock('captiveportaldb', LOCK_EX);
|
|
| 1223 |
$fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w");
|
|
| 1224 |
if ($fd) {
|
|
| 1225 |
foreach ($cpdb as $cpent) {
|
|
| 1226 |
fwrite($fd, join(",", $cpent) . "\n");
|
|
| 1227 |
}
|
|
| 1228 |
fclose($fd);
|
|
| 1229 |
}
|
|
| 1234 | 1230 |
unlock($cpdblck); |
| 1235 | 1231 |
} |
| 1236 | 1232 |
|
| 1237 | 1233 |
function captiveportal_write_elements() {
|
| 1238 | 1234 |
global $g, $config; |
| 1239 |
|
|
| 1235 |
|
|
| 1240 | 1236 |
/* delete any existing elements */ |
| 1241 | 1237 |
if (is_dir($g['captiveportal_element_path'])) {
|
| 1242 | 1238 |
$dh = opendir($g['captiveportal_element_path']); |
| ... | ... | |
| 1245 | 1241 |
unlink($g['captiveportal_element_path'] . "/" . $file); |
| 1246 | 1242 |
} |
| 1247 | 1243 |
closedir($dh); |
| 1248 |
} else |
|
| 1244 |
} else {
|
|
| 1249 | 1245 |
@mkdir($g['captiveportal_element_path']); |
| 1246 |
} |
|
| 1250 | 1247 |
|
| 1251 | 1248 |
if (is_array($config['captiveportal']['element'])) {
|
| 1252 | 1249 |
conf_mount_rw(); |
| ... | ... | |
| 1265 | 1262 |
} |
| 1266 | 1263 |
conf_mount_ro(); |
| 1267 | 1264 |
} |
| 1268 |
|
|
| 1265 |
|
|
| 1269 | 1266 |
return 0; |
| 1270 | 1267 |
} |
| 1271 | 1268 |
|
| ... | ... | |
| 1295 | 1292 |
for ($ridx = 2; $ridx < ($rulenos_range_max - $rulenos_start); $ridx++) {
|
| 1296 | 1293 |
if ($rules[$ridx]) {
|
| 1297 | 1294 |
/* |
| 1298 |
* This allows our traffic shaping pipes to be the in pipe the same as ruleno
|
|
| 1299 |
* and the out pipe ruleno + 1. This removes limitation that where present in
|
|
| 1300 |
* previous version of the peruserbw.
|
|
| 1301 |
*/
|
|
| 1295 |
* This allows our traffic shaping pipes to be the in pipe the same as ruleno |
|
| 1296 |
* and the out pipe ruleno + 1. This removes limitation that where present in |
|
| 1297 |
* previous version of the peruserbw. |
|
| 1298 |
*/ |
|
| 1302 | 1299 |
if (isset($config['captiveportal']['peruserbw'])) |
| 1303 | 1300 |
$ridx++; |
| 1304 | 1301 |
continue; |
| ... | ... | |
| 1340 | 1337 |
global $config, $g; |
| 1341 | 1338 |
|
| 1342 | 1339 |
if(!isset($config['captiveportal']['enable'])) |
| 1343 |
return NULL;
|
|
| 1340 |
return NULL;
|
|
| 1344 | 1341 |
|
| 1345 | 1342 |
$cpruleslck = lock('captiveportalrules', LOCK_EX);
|
| 1346 |
if (file_exists("{$g['vardb_path']}/captiveportal.rules")) {
|
|
| 1347 |
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal.rules"));
|
|
| 1343 |
if (file_exists("{$g['vardb_path']}/captiveportal.rules")) {
|
|
| 1344 |
$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal.rules"));
|
|
| 1348 | 1345 |
$ruleno = intval(`/sbin/ipfw show | /usr/bin/grep {$value} | /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 1 | /usr/bin/head -n 1`);
|
| 1349 | 1346 |
if ($rules[$ruleno]) {
|
| 1350 | 1347 |
unlock($cpruleslck); |
| 1351 | 1348 |
return $ruleno; |
| 1352 | 1349 |
} |
| 1353 |
}
|
|
| 1350 |
}
|
|
| 1354 | 1351 |
|
| 1355 | 1352 |
unlock($cpruleslck); |
| 1356 | 1353 |
return NULL; |
| ... | ... | |
| 1369 | 1366 |
|
| 1370 | 1367 |
function getVolume($ip) {
|
| 1371 | 1368 |
|
| 1372 |
$volume = array();
|
|
| 1369 |
$volume = array();
|
|
| 1373 | 1370 |
|
| 1374 |
// Initialize vars properly, since we don't want NULL vars
|
|
| 1375 |
$volume['input_pkts'] = $volume['input_bytes'] = $volume['output_pkts'] = $volume['output_bytes'] = 0 ;
|
|
| 1371 |
// Initialize vars properly, since we don't want NULL vars
|
|
| 1372 |
$volume['input_pkts'] = $volume['input_bytes'] = $volume['output_pkts'] = $volume['output_bytes'] = 0 ;
|
|
| 1376 | 1373 |
|
| 1377 |
// Ingress
|
|
| 1378 |
$ipfwin = "";
|
|
| 1379 |
$ipfwout = "";
|
|
| 1380 |
$matchesin = "";
|
|
| 1381 |
$matchesout = "";
|
|
| 1382 |
exec("/sbin/ipfw table 1 entrystats {$ip}", $ipfwin);
|
|
| 1383 |
if ($ipfwin[0]) {
|
|
| 1374 |
// Ingress
|
|
| 1375 |
$ipfwin = "";
|
|
| 1376 |
$ipfwout = "";
|
|
| 1377 |
$matchesin = "";
|
|
| 1378 |
$matchesout = "";
|
|
| 1379 |
exec("/sbin/ipfw table 1 entrystats {$ip}", $ipfwin);
|
|
| 1380 |
if ($ipfwin[0]) {
|
|
| 1384 | 1381 |
$ipfwin = split(" ", $ipfwin[0]);
|
| 1385 | 1382 |
$volume['input_pkts'] = $ipfwin[2]; |
| 1386 | 1383 |
$volume['input_bytes'] = $ipfwin[3]; |
| 1387 |
}
|
|
| 1384 |
}
|
|
| 1388 | 1385 |
|
| 1389 |
exec("/sbin/ipfw table 2 entrystats {$ip}", $ipfwout);
|
|
| 1390 |
if ($ipfwout[0]) {
|
|
| 1391 |
$ipfwout = split(" ", $ipfwout[0]);
|
|
| 1392 |
$volume['output_pkts'] = $ipfwout[2];
|
|
| 1393 |
$volume['output_bytes'] = $ipfwout[3];
|
|
| 1394 |
}
|
|
| 1386 |
exec("/sbin/ipfw table 2 entrystats {$ip}", $ipfwout);
|
|
| 1387 |
if ($ipfwout[0]) {
|
|
| 1388 |
$ipfwout = split(" ", $ipfwout[0]);
|
|
| 1389 |
$volume['output_pkts'] = $ipfwout[2];
|
|
| 1390 |
$volume['output_bytes'] = $ipfwout[3];
|
|
| 1391 |
}
|
|
| 1395 | 1392 |
|
| 1396 |
return $volume;
|
|
| 1393 |
return $volume;
|
|
| 1397 | 1394 |
} |
| 1398 | 1395 |
|
| 1399 | 1396 |
/** |
| ... | ... | |
| 1403 | 1400 |
*/ |
| 1404 | 1401 |
function getNasID() |
| 1405 | 1402 |
{
|
| 1406 |
$nasId = "";
|
|
| 1407 |
exec("/bin/hostname", $nasId);
|
|
| 1408 |
if(!$nasId[0])
|
|
| 1409 |
$nasId[0] = "{$g['product_name']}";
|
|
| 1410 |
return $nasId[0];
|
|
| 1403 |
$nasId = "";
|
|
| 1404 |
exec("/bin/hostname", $nasId);
|
|
| 1405 |
if(!$nasId[0])
|
|
| 1406 |
$nasId[0] = "{$g['product_name']}";
|
|
| 1407 |
return $nasId[0];
|
|
| 1411 | 1408 |
} |
| 1412 | 1409 |
|
| 1413 | 1410 |
/** |
| ... | ... | |
| 1421 | 1418 |
{
|
| 1422 | 1419 |
global $config; |
| 1423 | 1420 |
|
| 1424 |
if (empty($config['captiveportal']['radiussrcip_attribute'])) |
|
| 1425 |
$nasIp = get_interface_ip();
|
|
| 1426 |
else {
|
|
| 1421 |
if (empty($config['captiveportal']['radiussrcip_attribute'])) {
|
|
| 1422 |
$nasIp = get_interface_ip();
|
|
| 1423 |
} else {
|
|
| 1427 | 1424 |
if (is_ipaddr($config['captiveportal']['radiussrcip_attribute'])) |
| 1428 |
$nasIp = $config['captiveportal']['radiussrcip_attribute'];
|
|
| 1429 |
else
|
|
| 1430 |
$nasIp = get_interface_ip($config['captiveportal']['radiussrcip_attribute']);
|
|
| 1425 |
$nasIp = $config['captiveportal']['radiussrcip_attribute'];
|
|
| 1426 |
else
|
|
| 1427 |
$nasIp = get_interface_ip($config['captiveportal']['radiussrcip_attribute']);
|
|
| 1431 | 1428 |
} |
| 1432 | 1429 |
|
| 1433 |
if(!is_ipaddr($nasIp))
|
|
| 1434 |
$nasIp = "0.0.0.0";
|
|
| 1430 |
if(!is_ipaddr($nasIp)) |
|
| 1431 |
$nasIp = "0.0.0.0";
|
|
| 1435 | 1432 |
|
| 1436 | 1433 |
return $nasIp; |
| 1437 | 1434 |
} |
| ... | ... | |
| 1460 | 1457 |
return false; |
| 1461 | 1458 |
} |
| 1462 | 1459 |
|
| 1463 |
?> |
|
| 1460 |
?> |
|
Also available in: Unified diff
Reformat file. VIM needs to die a flaming death.