From bb55bc379a53f51b32a1bdc2bc9b7d2e8f3048cd Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Fri, 26 Dec 2014 11:48:50 +0000
Subject: [PATCH] tracker + captive portal fixes

---
 .../mvc/app/models/Captiveportal/CPClient.php | 74 ++++++++++++++++++-
 src/www/diag_logs_filter.php                  |  1 +
 src/www/firewall_rules_edit.php               |  3 -
 src/www/widgets/widgets/log.widget.php        |  2 +-
 4 files changed, 75 insertions(+), 5 deletions(-)

diff --git a/src/opnsense/mvc/app/models/Captiveportal/CPClient.php b/src/opnsense/mvc/app/models/Captiveportal/CPClient.php
index d3a93d29f..82fd818d3 100644
--- a/src/opnsense/mvc/app/models/Captiveportal/CPClient.php
+++ b/src/opnsense/mvc/app/models/Captiveportal/CPClient.php
@@ -99,7 +99,7 @@ class CPClient {
 
         $ipfw_tables = $this->rules->getAuthUsersTables($zoneid);
         if ( sizeof($db_clients) > 0 ){
-            if ($db_clients->ip != null ) {
+            if ($db_clients[0]->ip != null ) {
                 // only handle disconnect if we can find a client in our database
                 $exec_commands[] = "/sbin/ipfw table " . $ipfw_tables["in"] . " delete " . $db_clients[0]->ip;
                 $exec_commands[] = "/sbin/ipfw table " . $ipfw_tables["out"] . " delete " . $db_clients[0]->ip;
@@ -153,6 +153,36 @@ class CPClient {
         }
     }
 
+    /**
+     * list (ipfw) accounting information
+     * @return array (key = hosts ip)
+     */
+    public function list_accounting($ipaddr=null){
+        $filter_cmd = "";
+        $result = array();
+        $shell_output = array();
+        if ( $ipaddr != null ) $filter_cmd =" | /usr/bin/grep ' " . $ipaddr ." '" ;
+
+        if ( $this->shell->exec("/sbin/ipfw -aT list ".$filter_cmd,false,false,$shell_output) == 0 ){
+            foreach( $shell_output as $line) {
+                if (strpos($line, ' count ip from') !== false) {
+                    $parts = preg_split('/\s+/', $line);
+                    if (count($parts) > 8 && $parts[7] != 'any' and strlen($parts[7]) > 5) {
+                        $result[$parts[7]] = array(
+                            "last_accessed" => (int)$parts[3],
+                            "idle_time" => time() - (int)$parts[3],
+                            "out_packets" => (int)$parts[1],
+                            "in_packets" => (int)$parts[2]
+                        );
+                    }
+                }
+            }
+        }
+
+        return $result;
+
+    }
+
     /**
      * Constructor
      */
@@ -383,6 +413,8 @@ class CPClient {
     }
 
     /**
+     * unlock host for captiveportal use
+     *
      * @param string $cpzonename
      * @param string $clientip
      * @param string $clientmac
@@ -541,6 +573,46 @@ class CPClient {
         }
     }
 
+    /**
+     * cleanup portal sessions
+     */
+    function portal_cleanup_sessions(){
+        $acc_list = $this->list_accounting();
+        foreach($this->config->object()->captiveportal->children() as $cpzonename => $zoneobj){
+            $db = new DB($cpzonename);
+
+            $clients  = $db->listClients(array(),null, null);
+
+            foreach($clients as $client ){
+                $idle_time = 0;
+                if ( array_key_exists (  $client->ip ,$acc_list ) ){
+                    $idle_time = $acc_list[$client->ip];
+                }
+
+                // if session timeout is reached, disconnect
+                if ( $client->session_timeout  != ""  ){
+                    if ( ((time() - $client->allow_time)/60) > $client->session_timeout  ){
+                        $this->disconnect($cpzonename,$client->sessionid);
+                        continue;
+                    }
+                }
+
+                // disconnect session if idle timeout is reached
+                if ( $client->idle_timeout  != "" && $idle_time > 0 ){
+                    if ( $idle_time > $client->idle_timeout   ){
+                        $this->disconnect($cpzonename,$client->sessionid);
+                        continue;
+                    }
+                }
+            }
+
+            unset($db);
+
+        }
+
+        unset ($acc_list);
+
+    }
 
 
 }
diff --git a/src/www/diag_logs_filter.php b/src/www/diag_logs_filter.php
index c0f196da6..398a96c30 100644
--- a/src/www/diag_logs_filter.php
+++ b/src/www/diag_logs_filter.php
@@ -296,6 +296,7 @@ include("head.inc");
 								$filterlog = conv_log_filter($filter_logfile, $nentries, $nentries + 100, $filterfieldsarray);
 							else
 								$filterlog = conv_log_filter($filter_logfile, $nentries, $nentries + 100, $filtertext, $interfacefilter);
+								
 						?>
 									<tr>
 									  <td colspan="<?=$config['syslog']['filterdescriptions']==="1"?7:6?>" class="listtopic">
diff --git a/src/www/firewall_rules_edit.php b/src/www/firewall_rules_edit.php
index 886247673..f184d298d 100644
--- a/src/www/firewall_rules_edit.php
+++ b/src/www/firewall_rules_edit.php
@@ -232,7 +232,6 @@ if (isset($id) && $a_filter[$id]) {
 	if (!isset($_GET['dup']) || !is_numericint($_GET['dup']))
 		$pconfig['associated-rule-id'] = $a_filter[$id]['associated-rule-id'];
 
-	$pconfig['tracker'] = $a_filter[$id]['tracker'];
 
 } else {
 	/* defaults */
@@ -608,7 +607,6 @@ if ($_POST) {
 		$filterent = array();
 		$filterent['id'] = $_POST['ruleid']>0?$_POST['ruleid']:'';
 
-		$filterent['tracker'] = empty($_POST['tracker']) ? (int)microtime(true) : $_POST['tracker'];
 
 		$filterent['type'] = $_POST['type'];
 		if (isset($_POST['interface'] ))
@@ -1747,7 +1745,6 @@ include("head.inc");
 											<input type="button" class="btn btn-default" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" />
 							<?php			if (isset($id) && $a_filter[$id]): ?>
 												<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
-												<input name="tracker" type="hidden" value="<?=htmlspecialchars($pconfig['tracker']);?>">
 							<?php 			endif; ?>
 											<input name="after" type="hidden" value="<?=htmlspecialchars($after);?>" />
 										</td>
diff --git a/src/www/widgets/widgets/log.widget.php b/src/www/widgets/widgets/log.widget.php
index f3065a34f..018603f3e 100644
--- a/src/www/widgets/widgets/log.widget.php
+++ b/src/www/widgets/widgets/log.widget.php
@@ -189,7 +189,7 @@ function format_log_line(row) {
 	?>
 		<tr class="<?=$evenRowClass?>">
 			<td class="listMRlr nowrap" align="center">
-			<a href="#" onclick="javascript:getURL('diag_logs_filter.php?getrulenum=<?php echo "{$filterent['rulenum']},{$filterent['tracker']},{$filterent['act']}"; ?>', outputrule);">
+			<a href="#" onclick="javascript:getURL('diag_logs_filter.php?getrulenum=<?php echo "{$filterent['rulenum']},{$filterent['act']}"; ?>', outputrule);">
 			<img border="0" src="<?php echo find_action_image($filterent['act']);?>" width="11" height="11" alt="<?php echo $filterent['act'];?>" title="<?php echo $filterent['act'];?>" />
 			</a>
 			</td>