/ - Diff - pfSense - pfSense bugtracker

« Previous | Next »

Revision d31bc32a

Added by Ermal LUÇI over 14 years ago

ID d31bc32ad6e46712d6347a7ae7e7a9bedce01a3f
Parent 3da60e0d
Child f7bd0032

Make the CP locking more granular and make use correctly of exclusive/shared locks where appripriate. This speeds up CP login process.

     function captiveportal_configure() {
     	global $config, $g;
     	$captiveportallck = lock('captiveportal');
     	$captiveportallck = lock('captiveportal', LOCK_EX);
     	if (isset($config['captiveportal']['enable'])) {
-...
     		captiveportal_init_rules(true);
     		/* stop accounting on all clients */
     		captiveportal_radius_stop_all(true);
     		captiveportal_radius_stop_all();
     		/* initialize minicron interval value */
     		$croninterval = $config['captiveportal']['croninterval'] ? $config['captiveportal']['croninterval'] : 60;
-...
     			"/etc/rc.prunecaptiveportal");
     		/* generate radius server database */
     		if ($config['captiveportal']['radiusip'] && (!isset($config['captiveportal']['auth_method']) ||
     				($config['captiveportal']['auth_method'] == "radius"))) {
     			$radiusip = $config['captiveportal']['radiusip'];
     			$radiusip2 = ($config['captiveportal']['radiusip2']) ? $config['captiveportal']['radiusip2'] : null;
     			if ($config['captiveportal']['radiusport'])
     				$radiusport = $config['captiveportal']['radiusport'];
     			else
     				$radiusport = 1812;
     			if ($config['captiveportal']['radiusacctport'])
     				$radiusacctport = $config['captiveportal']['radiusacctport'];
     			else
     				$radiusacctport = 1813;
     			if ($config['captiveportal']['radiusport2'])
     				$radiusport2 = $config['captiveportal']['radiusport2'];
     			else
     				$radiusport2 = 1812;
     			$radiuskey = $config['captiveportal']['radiuskey'];
     			$radiuskey2 = ($config['captiveportal']['radiuskey2']) ? $config['captiveportal']['radiuskey2'] : null;
     			$fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db", "w");
     			if (!$fd) {
     				printf("Error: cannot open radius DB file in captiveportal_configure().\n");
     				return 1;
     			} else if (isset($radiusip2, $radiuskey2)) {
     				fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey . "\n"
     					 . $radiusip2 . "," . $radiusport2 . "," . $radiusacctport . "," . $radiuskey2);
     			} else {
     				fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey);
+    			}
     			fclose($fd);
+    		}
     		captiveportal_init_radius_servers();
     		if ($g['booting'])
     			echo "done\n";
-...
     		killbypid("{$g['varrun_path']}/lighty-CaptivePortal.pid");
     		killbypid("{$g['varrun_path']}/minicron.pid");
     		captiveportal_radius_stop_all(true);
     		captiveportal_radius_stop_all();
     		mwexec("/sbin/sysctl net.link.ether.ipfw=0");
-...
     	!isset($config['captiveportal']['radiussession_timeout']) && !isset($config['voucher']['enable']))
             return;
         $captiveportallck = lock('captiveportal', LOCK_EX);
         /* read database */
         $cpdb = captiveportal_read_db();
-...
         /* write database */
         captiveportal_write_db($cpdb);
         unlock($captiveportallck);
+    }
     /* remove a single client according to the DB entry */
     function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_time = null) {
     	global $g, $config;
     	$stop_time = (empty($stop_time)) ? time() : $stop_time;
-...
     	/* this client needs to be deleted - remove ipfw rules */
     	if (isset($config['captiveportal']['radacct_enable']) && !empty($radiusservers)) {
     		RADIUS_ACCOUNTING_STOP($dbent[1], // ruleno
     							   $dbent[4], // username
     							   $dbent[5], // sessionid
     							   $dbent[0], // start time
     							   $radiusservers,
     							   $dbent[2], // clientip
     							   $dbent[3], // clientmac
     							   $term_cause, // Acct-Terminate-Cause
     							   false,
     							   $stop_time);
     				   $dbent[4], // username
     				   $dbent[5], // sessionid
     				   $dbent[0], // start time
     				   $radiusservers,
     				   $dbent[2], // clientip
     				   $dbent[3], // clientmac
     				   $term_cause, // Acct-Terminate-Cause
     				   false,
     				   $stop_time);
+    	}
     	/* Delete client's ip entry from tables 3 and 4. */
     	mwexec("/sbin/ipfw table 1 delete {$dbent[2]}");
-...
     /* remove a single client by ipfw rule number */
     function captiveportal_disconnect_client($id,$term_cause = 1) {
     	global $g, $config;
     	$captiveportallck = lock('captiveportal', LOCK_EX);
     	/* read database */
     	$cpdb = captiveportal_read_db();
     	$radiusservers = captiveportal_get_radius_servers();
     	/* find entry */
     	$tmpindex = 0;
     	$cpdbcount = count($cpdb);
     	for ($i = 0; $i < $cpdbcount; $i++) {
     		if ($cpdb[$i][1] == $id) {
     			captiveportal_disconnect($cpdb[$i], $radiusservers, $term_cause);
     			captiveportal_logportalauth($cpdb[$i][4], $cpdb[$i][3], $cpdb[$i][2], "DISCONNECT");
     	foreach ($cpdb as $i => $cpentry) {
     		if ($cpentry[1] == $id) {
     			captiveportal_disconnect($cpentry, $radiusservers, $term_cause);
     			captiveportal_logportalauth($cpentry[4], $cpentry[3], $cpentry[2], "DISCONNECT");
     			unset($cpdb[$i]);
     			break;
+    		}
-...
     	/* write database */
     	captiveportal_write_db($cpdb);
     	unlock($captiveportallck);
+    }
     /* send RADIUS acct stop for all current clients */
     function captiveportal_radius_stop_all($lock = false) {
     	global $g, $config;
     function captiveportal_radius_stop_all() {
     	global $config;
     	if (!isset($config['captiveportal']['radacct_enable']))
     		return;
     	if (!$lock)
     		$captiveportallck = lock('captiveportal');
     	$cpdb = captiveportal_read_db();
     	$radiusservers = captiveportal_get_radius_servers();
     	if (!empty($radiusservers)) {
     		for ($i = 0; $i < count($cpdb); $i++) {
     			RADIUS_ACCOUNTING_STOP($cpdb[$i][1], // ruleno
     								   $cpdb[$i][4], // username
     								   $cpdb[$i][5], // sessionid
     								   $cpdb[$i][0], // start time
     								   $radiusservers,
     								   $cpdb[$i][2], // clientip
     								   $cpdb[$i][3], // clientmac
 ); // Admin Reboot
     		$cpdb = captiveportal_read_db();
     		foreach ($cpdb as $cpentry) {
     			RADIUS_ACCOUNTING_STOP($cpentry[1], // ruleno
     					   $cpentry[4], // username
     					   $cpentry[5], // sessionid
     					   $cpentry[0], // start time
     					   $radiusservers,
     					   $cpentry[2], // clientip
     					   $cpentry[3], // clientmac
 ); // Admin Reboot
+    		}
+    	}
     	if (!$lock)
     		unlock($captiveportallck);
+    }
     function captiveportal_passthrumac_configure_entry($macent) {
-...
     	return 0;
+    }
     function captiveportal_init_radius_servers() {
     	global $config, $g;
     	/* generate radius server database */
     	if ($config['captiveportal']['radiusip'] && (!isset($config['captiveportal']['auth_method']) ||
     	    ($config['captiveportal']['auth_method'] == "radius"))) {
     		$radiusip = $config['captiveportal']['radiusip'];
     		$radiusip2 = ($config['captiveportal']['radiusip2']) ? $config['captiveportal']['radiusip2'] : null;
     		if ($config['captiveportal']['radiusport'])
     			$radiusport = $config['captiveportal']['radiusport'];
     		else
     			$radiusport = 1812;
     		if ($config['captiveportal']['radiusacctport'])
     			$radiusacctport = $config['captiveportal']['radiusacctport'];
     		else
     			$radiusacctport = 1813;
     		if ($config['captiveportal']['radiusport2'])
     			$radiusport2 = $config['captiveportal']['radiusport2'];
     		else
     			$radiusport2 = 1812;
     		$radiuskey = $config['captiveportal']['radiuskey'];
     		$radiuskey2 = ($config['captiveportal']['radiuskey2']) ? $config['captiveportal']['radiuskey2'] : null;
     		$cprdsrvlck = lock('captiveportalradius', LOCK_EX);
     		$fd = @fopen("{$g['vardb_path']}/captiveportal_radius.db", "w");
     		if (!$fd) {
     			captiveportal_syslog("Error: cannot open radius DB file in captiveportal_configure().\n");
     			unlock($cprdsrvlck);
     			return 1;
     		} else if (isset($radiusip2, $radiuskey2))
     			fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey . "\n"
     			. $radiusip2 . "," . $radiusport2 . "," . $radiusacctport . "," . $radiuskey2);
     		else
     			fwrite($fd,$radiusip . "," . $radiusport . "," . $radiusacctport . "," . $radiuskey);
     		fclose($fd);
     		unlock($cprdsrvlck);
+    	}
+    }
     /* read RADIUS servers into array */
     function captiveportal_get_radius_servers() {
             global $g;
     	$cprdsrvlck = lock('captiveportalradius');
             if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
                     $radiusservers = array();
     		$cpradiusdb = file("{$g['vardb_path']}/captiveportal_radius.db",
-...
+                            }
+    		}
     		unlock('captiveportalradius');
     		return $radiusservers;
+            }
     	unlock('captiveportalradius');
             return false;
+    }
     /* log successful captive portal authentication to syslog */
     /* part of this code from php.net */
     function captiveportal_logportalauth($user,$mac,$ip,$status, $message = null) {
     	$message = trim($message);
     	// Log it
     	if (!$message)
     		$message = "$status: $user, $mac, $ip";
     	else
     	else {
     		$message = trim($message);
     		$message = "$status: $user, $mac, $ip, $message";
+    	}
     	captiveportal_syslog($message);
     	closelog();
+    }
     /* log simple messages to syslog */
-...
     function radius($username,$password,$clientip,$clientmac,$type) {
         global $g, $config;
         /* Start locking from the beginning of an authentication session */
         $captiveportallck = lock('captiveportal');
         $ruleno = captiveportal_get_next_ipfw_ruleno();
         /* If the pool is empty, return appropriate message and fail authentication */
-...
             $auth_list = array();
             $auth_list['auth_val'] = 1;
             $auth_list['error'] = "System reached maximum login capacity";
             unlock($captiveportallck);
             return $auth_list;
+        }
         /*
          * Drop the lock since radius takes some time to finish.
          * The implementation is reentrant so we gain speed with this.
          */
         unlock($captiveportallck);
         $radiusservers = captiveportal_get_radius_servers();
         $auth_list = RADIUS_AUTHENTICATION($username,
-...
                         $clientmac,
                         $ruleno);
         $captiveportallck = lock('captiveportal');
         if ($auth_list['auth_val'] == 2) {
             captiveportal_logportalauth($username,$clientmac,$clientip,$type);
             $sessionid = portal_allow($clientip,
-...
                         $ruleno);
+        }
         unlock($captiveportallck);
         return $auth_list;
+    }
     /* read captive portal DB into array */
     function captiveportal_read_db() {
             global $g;
             $cpdb = array();
     	$cpdblck = lock('captiveportaldb');
             $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "r");
             if ($fd) {
                     while (!feof($fd)) {
-...
+                    }
                     fclose($fd);
+            }
     	unlock($cpdblck);
             return $cpdb;
+    }
     /* write captive portal DB */
     function captiveportal_write_db($cpdb) {
             global $g;
     	$cpdblck = lock('captiveportaldb', LOCK_EX);
             $fd = @fopen("{$g['vardb_path']}/captiveportal.db", "w");
             if ($fd) {
             if ($fd) {
                     foreach ($cpdb as $cpent) {
                             fwrite($fd, join(",", $cpent) . "\n");
+                    }
+                    }
                     fclose($fd);
+            }
+            }
     	unlock($cpdblck);
+    }
     function captiveportal_write_elements() {
-...
     	if(!isset($config['captiveportal']['enable']))
     		return NULL;
     	$cpruleslck = lock('captiveportalrules', LOCK_EX);
     	$ruleno = 0;
     	if (file_exists("{$g['vardb_path']}/captiveportal.rules")) {
     		$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal.rules"));
-...
     		$ruleno = 2;
+    	}
     	file_put_contents("{$g['vardb_path']}/captiveportal.rules", serialize($rules));
     	unlock($cpruleslck);
     	return $ruleno;
+    }
-...
     	if(!isset($config['captiveportal']['enable']))
     		return NULL;
     	$cpruleslck = lock('captiveportalrules', LOCK_EX);
     	if (file_exists("{$g['vardb_path']}/captiveportal.rules")) {
     		$rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal.rules"));
     		$rules[$ruleno] = false;
-...
     			$rules[++$ruleno] = false;
     		file_put_contents("{$g['vardb_path']}/captiveportal.rules", serialize($rules));
+    	}
     	unlock($cpruleslck);
+    }
     function captiveportal_get_ipfw_passthru_ruleno($value) {
-...
     	if(!isset($config['captiveportal']['enable']))
                     return NULL;
     	$cpruleslck = lock('captiveportalrules', LOCK_EX);
             if (file_exists("{$g['vardb_path']}/captiveportal.rules")) {
                     $rules = unserialize(file_get_contents("{$g['vardb_path']}/captiveportal.rules"));
     		$ruleno = intval(`/sbin/ipfw show | /usr/bin/grep {$value} |  /usr/bin/grep -v grep | /usr/bin/cut -d " " -f 1 | /usr/bin/head -n 1`);
     		if ($rules[$ruleno])
     		if ($rules[$ruleno]) {
     			unlock($cpruleslck);
     			return $ruleno;
+    		}
+            }
     	unlock($cpruleslck);
     	return NULL;
+    }

etc/inc/system.inc
1477	1477	return file_get_contents("{$g['varlog_path']}/dmesg.boot");
1478	1478	}
1479	1479
1480		?>
	1480	?>

     	global $redirurl, $g, $config, $type, $passthrumac, $_POST;
     	/* See if a ruleno is passed, if not start locking the sessions because this means there isn't one atm */
     	$captiveshouldunlock = false;
     	if ($ruleno == null) {
     		$cplock = lock('captiveportal');
     		$captiveshouldunlock = true;
     	/* See if a ruleno is passed, if not start sessions because this means there isn't one atm */
     	if ($ruleno == null)
     		$ruleno = captiveportal_get_next_ipfw_ruleno();
+    	}
     	/* if the pool is empty, return appropriate message and exit */
     	if (is_null($ruleno)) {
     		portal_reply_page($redirurl, "error", "System reached maximum login capacity");
     		log_error("WARNING!  Captive portal has reached maximum login capacity");
     		if ($captiveshouldunlock == true)
     		unlock($cplock);
     		exit;
+    	}
-...
+    		}
+    	}
     	if ($attributes['voucher'] && $remaining_time <= 0) {
     		unlock($cplock);
     	if ($attributes['voucher'] && $remaining_time <= 0)
     		return 0;       // voucher already used and no time left
+    	}
     	if (!isset($sessionid)) {
     		/* generate unique session ID */
     		$tod = gettimeofday();
     		$sessionid = substr(md5(mt_rand() . $tod['sec'] . $tod['usec'] . $clientip . $clientmac), 0, 16);
-...
     			mwexec("/sbin/ipfw -q {$g['tmp_path']}/macentry.rules.tmp");
     			$writecfg = true;
     		} else {
     			if ($peruserbw && !empty($bw_up) && is_numeric($bw_up)) {
     				$bw_up_pipeno = $ruleno + 20000;
     				//$bw_up /= 1000; // Scale to Kbit/s
-...
     			if (isset($config['captiveportal']['radacct_enable']) && !empty($radiusservers)) {
     				$acct_val = RADIUS_ACCOUNTING_START($ruleno,
                                     		$username, $sessionid, $radiusservers, $clientip, $clientmac);
     				if ($acct_val == 1)
     					captiveportal_logportalauth($username,$clientmac,$clientip,$type,"RADIUS ACCOUNTING FAILED");
+    			}
-...
+    		}
+    	}
     	if ($captiveshouldunlock == true)
     		unlock($cplock);
     	if ($writecfg == true)
     		write_config();
-...
     /* remove a single client by session ID
        by Dinesh Nair
      *  by Dinesh Nair
      */
     function disconnect_client($sessionid, $logoutReason = "LOGOUT", $term_cause = 1) {
         global $g, $config;
         $cplock = lock('captiveportal');
         /* read database */
         $cpdb = captiveportal_read_db();
-...
         /* write database */
         captiveportal_write_db($cpdb);
         unlock($cplock);
+    }
     /*
-...
     	$updatetimeouts = isset($config['captiveportal']['freelogins_updatetimeouts']);
     	$cplock = lock('captiveportal');
     	/*
     	 * Read database of used MACs.  Lines are a comma-separated list
     	 * of the time, MAC, then the count of pass-through credits remaining.
-...
     						captiveportal_write_usedmacs_db($usedmacs);
+    					}
     					unlock($cplock);
     					return false;
     				} else {
     					$usedmac[2] -= 1;
-...
+    	}
     	captiveportal_write_usedmacs_db($usedmacs);
     	unlock($cplock);
     	return true;
+    }
     function captiveportal_read_usedmacs_db() {
     	global $g;
     	$cpumaclck = lock('captiveusedmacs');
     	if (file_exists("{$g['vardb_path']}/captiveportal_usedmacs.db")) {
     		$usedmacs = file("{$g['vardb_path']}/captiveportal_usedmacs.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
     		if (!usedmacs)
-...
     	} else
     		$usedmacs = array();
     	unlock($cpumaclck);
     	return $usedmacs;
+    }
     function captiveportal_write_usedmacs_db($usedmacs) {
     	global $g;
     	file_put_contents("{$g['vardb_path']}/captiveportal_usedmacs.db", implode("\n", $usedmacs));
     	$cpumaclck = lock('captiveusedmacs', LOCK_EX);
     	@file_put_contents("{$g['vardb_path']}/captiveportal_usedmacs.db", implode("\n", $usedmacs));
     	unlock($cpumaclck);
+    }
     ?>

Also available in: Unified diff

Project

General

Profile

pfSense

Revision d31bc32a

Added by Ermal LUÇI over 14 years ago