pffedportal: use sessions.backends.file
This commit is contained in:
parent
f6dbea879f
commit
b43a78203c
|
@ -1,5 +1,5 @@
|
|||
--- orig/captiveportal.inc 2013-02-22 15:38:14.000000000 +0100
|
||||
+++ new/captiveportal.inc 2013-02-22 15:44:22.000000000 +0100
|
||||
+++ new/captiveportal.inc 2013-10-31 17:05:35.016918036 +0100
|
||||
@@ -406,19 +406,21 @@
|
||||
$cacert = "";
|
||||
$key = base64_decode($config['captiveportal']['private-key']);
|
||||
|
@ -51,17 +51,7 @@
|
|||
return $cprules;
|
||||
}
|
||||
|
||||
@@ -805,6 +818,9 @@
|
||||
mwexec("pfctl -K {$dbent[2]}");
|
||||
}
|
||||
|
||||
+ /* UNIVNAUTES : delete django session */
|
||||
+ mwexec("/usr/local/bin/cp_del_sessions.sh {$dbent[5]}");
|
||||
+
|
||||
/*
|
||||
* These are the pipe numbers we use to control traffic shaping for each logged in user via captive portal
|
||||
* We could get an error if the pipe doesn't exist but everything should still be fine
|
||||
@@ -1645,6 +1661,7 @@
|
||||
@@ -1645,6 +1658,7 @@
|
||||
$remaining_time = $attributes['session_timeout'];
|
||||
|
||||
$writecfg = false;
|
||||
|
@ -69,7 +59,7 @@
|
|||
/* Find an existing session */
|
||||
if ((isset($config['captiveportal']['noconcurrentlogins'])) && $passthrumac) {
|
||||
if (isset($config['captiveportal']['passthrumacadd'])) {
|
||||
@@ -1707,7 +1724,8 @@
|
||||
@@ -1707,7 +1721,8 @@
|
||||
unset($cpdb[$sid]);
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -818,9 +818,6 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t
|
|||
mwexec("pfctl -K {$dbent[2]}");
|
||||
}
|
||||
|
||||
/* UNIVNAUTES : delete django session */
|
||||
mwexec("/usr/local/bin/cp_del_sessions.sh {$dbent[5]}");
|
||||
|
||||
/*
|
||||
* These are the pipe numbers we use to control traffic shaping for each logged in user via captive portal
|
||||
* We could get an error if the pipe doesn't exist but everything should still be fine
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
#!/usr/local/bin/bash
|
||||
|
||||
# cp_del_sessions.sh delete all pffedportal (django) sessions relative
|
||||
# to a (list of) sessionid from the pfsense captive portal.
|
||||
|
||||
# syntax: cp_del_sessions.sh [sessionid_from_pfsense] [...]
|
||||
|
||||
# activate virtualenv
|
||||
cd /usr/local/univnautes
|
||||
. bin/activate
|
||||
cd pffedportal
|
||||
# engiiiine starrrrt
|
||||
python del_sessions_by_pfsenseid.py $*
|
||||
|
|
@ -1,13 +1,14 @@
|
|||
#!/bin/sh
|
||||
|
||||
# clean out old data from the database (sessions)
|
||||
# Cf https://docs.djangoproject.com/en/dev/ref/django-admin/#cleanup
|
||||
|
||||
cd /usr/local/univnautes
|
||||
. bin/activate
|
||||
|
||||
cd pffedportal
|
||||
python ./manage.py cleanup
|
||||
python ./cleanup_sessions.py
|
||||
|
||||
# Cf https://docs.djangoproject.com/en/dev/ref/django-admin/#cleanup
|
||||
cd ..
|
||||
cd pfidp
|
||||
python ./manage.py cleanup
|
||||
|
|
|
@ -0,0 +1,48 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
'''
|
||||
delete all django sessions:
|
||||
* if pfsenseid exists in session but is not in captiveportal.db
|
||||
* if session is expired
|
||||
'''
|
||||
|
||||
# initialise django environnement for pffedportal
|
||||
# note : the script must be launch into the pffedportal direcory
|
||||
import os
|
||||
os.environ['DJANGO_SETTINGS_MODULE'] = "settings"
|
||||
|
||||
import csv
|
||||
import datetime
|
||||
from django.conf import settings
|
||||
from django.contrib.sessions.backends.file import SessionStore
|
||||
|
||||
# load pfsenseid list from captiveportal.db
|
||||
pfsenseids = [l[5] for l in csv.reader(open('/var/db/captiveportal.db'))]
|
||||
|
||||
storage_path = settings.SESSION_FILE_PATH
|
||||
file_prefix = settings.SESSION_COOKIE_NAME
|
||||
|
||||
for session_file in os.listdir(storage_path):
|
||||
if not session_file.startswith(file_prefix):
|
||||
continue
|
||||
session_key = session_file[len(file_prefix):]
|
||||
session = SessionStore(session_key)
|
||||
# When an expired session is loaded, its file is removed, and a
|
||||
# new file is immediately created. Prevent this by disabling
|
||||
# the create() method.
|
||||
session.create = lambda: None
|
||||
|
||||
session_data = session.load()
|
||||
|
||||
# pfsenseid doesn't exist in captiveportal.db
|
||||
if session_data.get('pfsenseid') and session_data['pfsenseid'] not in pfsenseids:
|
||||
session.delete()
|
||||
continue
|
||||
|
||||
# expired
|
||||
modification = os.stat(session._key_to_file()).st_ctime
|
||||
age = datetime.datetime.now() - datetime.datetime.fromtimestamp(modification)
|
||||
if age.seconds > session.get_expiry_age():
|
||||
session.delete()
|
||||
continue
|
||||
|
|
@ -1,26 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
'''
|
||||
delete all pffedportal (django) sessions relative to a (list of) sessionid from
|
||||
the pfsense captive portal.
|
||||
syntax : del_sessions_by_pfsenseid.py [sessionid_from_pfsense] [...]
|
||||
'''
|
||||
|
||||
# initialise django environnement for pffedportal
|
||||
# note : the script must be launch into the pffedportal direcory
|
||||
import os
|
||||
os.environ['DJANGO_SETTINGS_MODULE'] = "settings"
|
||||
|
||||
import sys
|
||||
from django.contrib.sessions.models import Session
|
||||
|
||||
pfsenseids = sys.argv[1::]
|
||||
|
||||
# delete each session containing a sessionid in argv
|
||||
for s in Session.objects.all():
|
||||
d = s.get_decoded()
|
||||
if 'pfsenseid' in d:
|
||||
if d['pfsenseid'] in pfsenseids:
|
||||
print "delete session %s (pfsenseid=%s)" % (s.pk, d['pfsenseid'])
|
||||
s.delete()
|
||||
|
|
@ -105,7 +105,14 @@ INSTALLED_APPS = (
|
|||
'base',
|
||||
)
|
||||
|
||||
SESSION_COOKIE_NAME = "pffedportalsessionid"
|
||||
SESSION_COOKIE_NAME = 'pffedportalsessionid'
|
||||
|
||||
SESSION_ENGINE = 'django.contrib.sessions.backends.file'
|
||||
SESSION_FILE_PATH = '/var/tmp/pffedportalsessions'
|
||||
try:
|
||||
os.mkdir(SESSION_FILE_PATH)
|
||||
except:
|
||||
pass
|
||||
|
||||
|
||||
AUTH_FRONTENDS = ('authentic2.authsaml2.frontend.AuthSAML2Frontend',)
|
||||
|
|
|
@ -113,8 +113,8 @@ _cronstart() {
|
|||
log "update-metadata cron started (every $REFRESH seconds)"
|
||||
/usr/local/bin/minicron $REFRESH /var/run/update-map-cron.pid $MAPUPDATER
|
||||
log "update-map cron started (every $REFRESH seconds)"
|
||||
/usr/local/bin/minicron $REFRESH /var/run/cleanup-cron.pid $CLEANUP
|
||||
log "cleanup cron started (every $REFRESH seconds)"
|
||||
/usr/local/bin/minicron 300 /var/run/cleanup-cron.pid $CLEANUP
|
||||
log "cleanup cron started (every 300 seconds)"
|
||||
/usr/local/bin/minicron 86400 /var/run/tcpdump-restart-cron.pid $TCPDUMPRESTART
|
||||
log "tcpdump-restart cron started (every 86400 seconds)"
|
||||
}
|
||||
|
|
Reference in New Issue