pffedportal: use sessions.backends.file
This commit is contained in:
parent
f6dbea879f
commit
b43a78203c
|
@ -1,5 +1,5 @@
|
||||||
--- orig/captiveportal.inc 2013-02-22 15:38:14.000000000 +0100
|
--- orig/captiveportal.inc 2013-02-22 15:38:14.000000000 +0100
|
||||||
+++ new/captiveportal.inc 2013-02-22 15:44:22.000000000 +0100
|
+++ new/captiveportal.inc 2013-10-31 17:05:35.016918036 +0100
|
||||||
@@ -406,19 +406,21 @@
|
@@ -406,19 +406,21 @@
|
||||||
$cacert = "";
|
$cacert = "";
|
||||||
$key = base64_decode($config['captiveportal']['private-key']);
|
$key = base64_decode($config['captiveportal']['private-key']);
|
||||||
|
@ -51,17 +51,7 @@
|
||||||
return $cprules;
|
return $cprules;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -805,6 +818,9 @@
|
@@ -1645,6 +1658,7 @@
|
||||||
mwexec("pfctl -K {$dbent[2]}");
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /* UNIVNAUTES : delete django session */
|
|
||||||
+ mwexec("/usr/local/bin/cp_del_sessions.sh {$dbent[5]}");
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* These are the pipe numbers we use to control traffic shaping for each logged in user via captive portal
|
|
||||||
* We could get an error if the pipe doesn't exist but everything should still be fine
|
|
||||||
@@ -1645,6 +1661,7 @@
|
|
||||||
$remaining_time = $attributes['session_timeout'];
|
$remaining_time = $attributes['session_timeout'];
|
||||||
|
|
||||||
$writecfg = false;
|
$writecfg = false;
|
||||||
|
@ -69,7 +59,7 @@
|
||||||
/* Find an existing session */
|
/* Find an existing session */
|
||||||
if ((isset($config['captiveportal']['noconcurrentlogins'])) && $passthrumac) {
|
if ((isset($config['captiveportal']['noconcurrentlogins'])) && $passthrumac) {
|
||||||
if (isset($config['captiveportal']['passthrumacadd'])) {
|
if (isset($config['captiveportal']['passthrumacadd'])) {
|
||||||
@@ -1707,7 +1724,8 @@
|
@@ -1707,7 +1721,8 @@
|
||||||
unset($cpdb[$sid]);
|
unset($cpdb[$sid]);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
|
@ -818,9 +818,6 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t
|
||||||
mwexec("pfctl -K {$dbent[2]}");
|
mwexec("pfctl -K {$dbent[2]}");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* UNIVNAUTES : delete django session */
|
|
||||||
mwexec("/usr/local/bin/cp_del_sessions.sh {$dbent[5]}");
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* These are the pipe numbers we use to control traffic shaping for each logged in user via captive portal
|
* These are the pipe numbers we use to control traffic shaping for each logged in user via captive portal
|
||||||
* We could get an error if the pipe doesn't exist but everything should still be fine
|
* We could get an error if the pipe doesn't exist but everything should still be fine
|
||||||
|
|
|
@ -1,14 +0,0 @@
|
||||||
#!/usr/local/bin/bash
|
|
||||||
|
|
||||||
# cp_del_sessions.sh delete all pffedportal (django) sessions relative
|
|
||||||
# to a (list of) sessionid from the pfsense captive portal.
|
|
||||||
|
|
||||||
# syntax: cp_del_sessions.sh [sessionid_from_pfsense] [...]
|
|
||||||
|
|
||||||
# activate virtualenv
|
|
||||||
cd /usr/local/univnautes
|
|
||||||
. bin/activate
|
|
||||||
cd pffedportal
|
|
||||||
# engiiiine starrrrt
|
|
||||||
python del_sessions_by_pfsenseid.py $*
|
|
||||||
|
|
|
@ -1,13 +1,14 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# clean out old data from the database (sessions)
|
# clean out old data from the database (sessions)
|
||||||
# Cf https://docs.djangoproject.com/en/dev/ref/django-admin/#cleanup
|
|
||||||
|
|
||||||
cd /usr/local/univnautes
|
cd /usr/local/univnautes
|
||||||
. bin/activate
|
. bin/activate
|
||||||
|
|
||||||
cd pffedportal
|
cd pffedportal
|
||||||
python ./manage.py cleanup
|
python ./cleanup_sessions.py
|
||||||
|
|
||||||
|
# Cf https://docs.djangoproject.com/en/dev/ref/django-admin/#cleanup
|
||||||
cd ..
|
cd ..
|
||||||
cd pfidp
|
cd pfidp
|
||||||
python ./manage.py cleanup
|
python ./manage.py cleanup
|
||||||
|
|
|
@ -0,0 +1,48 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
'''
|
||||||
|
delete all django sessions:
|
||||||
|
* if pfsenseid exists in session but is not in captiveportal.db
|
||||||
|
* if session is expired
|
||||||
|
'''
|
||||||
|
|
||||||
|
# initialise django environnement for pffedportal
|
||||||
|
# note : the script must be launch into the pffedportal direcory
|
||||||
|
import os
|
||||||
|
os.environ['DJANGO_SETTINGS_MODULE'] = "settings"
|
||||||
|
|
||||||
|
import csv
|
||||||
|
import datetime
|
||||||
|
from django.conf import settings
|
||||||
|
from django.contrib.sessions.backends.file import SessionStore
|
||||||
|
|
||||||
|
# load pfsenseid list from captiveportal.db
|
||||||
|
pfsenseids = [l[5] for l in csv.reader(open('/var/db/captiveportal.db'))]
|
||||||
|
|
||||||
|
storage_path = settings.SESSION_FILE_PATH
|
||||||
|
file_prefix = settings.SESSION_COOKIE_NAME
|
||||||
|
|
||||||
|
for session_file in os.listdir(storage_path):
|
||||||
|
if not session_file.startswith(file_prefix):
|
||||||
|
continue
|
||||||
|
session_key = session_file[len(file_prefix):]
|
||||||
|
session = SessionStore(session_key)
|
||||||
|
# When an expired session is loaded, its file is removed, and a
|
||||||
|
# new file is immediately created. Prevent this by disabling
|
||||||
|
# the create() method.
|
||||||
|
session.create = lambda: None
|
||||||
|
|
||||||
|
session_data = session.load()
|
||||||
|
|
||||||
|
# pfsenseid doesn't exist in captiveportal.db
|
||||||
|
if session_data.get('pfsenseid') and session_data['pfsenseid'] not in pfsenseids:
|
||||||
|
session.delete()
|
||||||
|
continue
|
||||||
|
|
||||||
|
# expired
|
||||||
|
modification = os.stat(session._key_to_file()).st_ctime
|
||||||
|
age = datetime.datetime.now() - datetime.datetime.fromtimestamp(modification)
|
||||||
|
if age.seconds > session.get_expiry_age():
|
||||||
|
session.delete()
|
||||||
|
continue
|
||||||
|
|
|
@ -1,26 +0,0 @@
|
||||||
#!/usr/bin/env python
|
|
||||||
|
|
||||||
'''
|
|
||||||
delete all pffedportal (django) sessions relative to a (list of) sessionid from
|
|
||||||
the pfsense captive portal.
|
|
||||||
syntax : del_sessions_by_pfsenseid.py [sessionid_from_pfsense] [...]
|
|
||||||
'''
|
|
||||||
|
|
||||||
# initialise django environnement for pffedportal
|
|
||||||
# note : the script must be launch into the pffedportal direcory
|
|
||||||
import os
|
|
||||||
os.environ['DJANGO_SETTINGS_MODULE'] = "settings"
|
|
||||||
|
|
||||||
import sys
|
|
||||||
from django.contrib.sessions.models import Session
|
|
||||||
|
|
||||||
pfsenseids = sys.argv[1::]
|
|
||||||
|
|
||||||
# delete each session containing a sessionid in argv
|
|
||||||
for s in Session.objects.all():
|
|
||||||
d = s.get_decoded()
|
|
||||||
if 'pfsenseid' in d:
|
|
||||||
if d['pfsenseid'] in pfsenseids:
|
|
||||||
print "delete session %s (pfsenseid=%s)" % (s.pk, d['pfsenseid'])
|
|
||||||
s.delete()
|
|
||||||
|
|
|
@ -105,7 +105,14 @@ INSTALLED_APPS = (
|
||||||
'base',
|
'base',
|
||||||
)
|
)
|
||||||
|
|
||||||
SESSION_COOKIE_NAME = "pffedportalsessionid"
|
SESSION_COOKIE_NAME = 'pffedportalsessionid'
|
||||||
|
|
||||||
|
SESSION_ENGINE = 'django.contrib.sessions.backends.file'
|
||||||
|
SESSION_FILE_PATH = '/var/tmp/pffedportalsessions'
|
||||||
|
try:
|
||||||
|
os.mkdir(SESSION_FILE_PATH)
|
||||||
|
except:
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
AUTH_FRONTENDS = ('authentic2.authsaml2.frontend.AuthSAML2Frontend',)
|
AUTH_FRONTENDS = ('authentic2.authsaml2.frontend.AuthSAML2Frontend',)
|
||||||
|
|
|
@ -113,8 +113,8 @@ _cronstart() {
|
||||||
log "update-metadata cron started (every $REFRESH seconds)"
|
log "update-metadata cron started (every $REFRESH seconds)"
|
||||||
/usr/local/bin/minicron $REFRESH /var/run/update-map-cron.pid $MAPUPDATER
|
/usr/local/bin/minicron $REFRESH /var/run/update-map-cron.pid $MAPUPDATER
|
||||||
log "update-map cron started (every $REFRESH seconds)"
|
log "update-map cron started (every $REFRESH seconds)"
|
||||||
/usr/local/bin/minicron $REFRESH /var/run/cleanup-cron.pid $CLEANUP
|
/usr/local/bin/minicron 300 /var/run/cleanup-cron.pid $CLEANUP
|
||||||
log "cleanup cron started (every $REFRESH seconds)"
|
log "cleanup cron started (every 300 seconds)"
|
||||||
/usr/local/bin/minicron 86400 /var/run/tcpdump-restart-cron.pid $TCPDUMPRESTART
|
/usr/local/bin/minicron 86400 /var/run/tcpdump-restart-cron.pid $TCPDUMPRESTART
|
||||||
log "tcpdump-restart cron started (every 86400 seconds)"
|
log "tcpdump-restart cron started (every 86400 seconds)"
|
||||||
}
|
}
|
||||||
|
|
Reference in New Issue