pffedportal: use sessions.backends.file

copy_overlay/usr/src/univnautes-patches/captiveportal.inc.diff

@@ -1,5 +1,5 @@
 --- orig/captiveportal.inc	2013-02-22 15:38:14.000000000 +0100
-+++ new/captiveportal.inc	2013-02-22 15:44:22.000000000 +0100
++++ new/captiveportal.inc	2013-10-31 17:05:35.016918036 +0100
 @@ -406,19 +406,21 @@
  			$cacert = "";
  		$key = base64_decode($config['captiveportal']['private-key']);
@@ -51,17 +51,7 @@
  	return $cprules;
  }
  
-@@ -805,6 +818,9 @@
- 		mwexec("pfctl -K {$dbent[2]}");
- 	}
- 
-+	/* UNIVNAUTES : delete django session */
-+	mwexec("/usr/local/bin/cp_del_sessions.sh {$dbent[5]}");
-+
- 	/* 
- 	* These are the pipe numbers we use to control traffic shaping for each logged in user via captive portal
- 	* We could get an error if the pipe doesn't exist but everything should still be fine
-@@ -1645,6 +1661,7 @@
+@@ -1645,6 +1658,7 @@
  		$remaining_time = $attributes['session_timeout'];
  
  	$writecfg = false;
@@ -69,7 +59,7 @@
  	/* Find an existing session */
  	if ((isset($config['captiveportal']['noconcurrentlogins'])) && $passthrumac) {
  		if (isset($config['captiveportal']['passthrumacadd'])) {
-@@ -1707,7 +1724,8 @@
+@@ -1707,7 +1721,8 @@
  			unset($cpdb[$sid]);
  			break;
  		}

patches/new/captiveportal.inc

@@ -818,9 +818,6 @@ function captiveportal_disconnect($dbent, $radiusservers,$term_cause = 1,$stop_t
 		mwexec("pfctl -K {$dbent[2]}");
 	}
 
-	/* UNIVNAUTES : delete django session */
-	mwexec("/usr/local/bin/cp_del_sessions.sh {$dbent[5]}");
-
 	/* 
 	* These are the pipe numbers we use to control traffic shaping for each logged in user via captive portal
 	* We could get an error if the pipe doesn't exist but everything should still be fine

virtualenv/bin/cp_del_sessions.sh

@@ -1,14 +0,0 @@
-#!/usr/local/bin/bash
-
-# cp_del_sessions.sh delete all pffedportal (django) sessions relative
-# to a (list of) sessionid from the pfsense captive portal.
-
-# syntax: cp_del_sessions.sh [sessionid_from_pfsense] [...]
-
-# activate virtualenv
-cd /usr/local/univnautes
-. bin/activate
-cd pffedportal
-# engiiiine starrrrt
-python del_sessions_by_pfsenseid.py $*
-

virtualenv/bin/univnautes-cleanup.sh

@@ -1,13 +1,14 @@
 #!/bin/sh
 
 # clean out old data from the database (sessions)
-# Cf https://docs.djangoproject.com/en/dev/ref/django-admin/#cleanup
 
 cd /usr/local/univnautes
 . bin/activate
 
 cd pffedportal
-python ./manage.py cleanup
+python ./cleanup_sessions.py
+
+# Cf https://docs.djangoproject.com/en/dev/ref/django-admin/#cleanup
 cd ..
 cd pfidp
 python ./manage.py cleanup

virtualenv/pffedportal/cleanup_sessions.py

@@ -0,0 +1,48 @@
+#!/usr/bin/env python
+
+'''
+delete all django sessions:
+* if pfsenseid exists in session but is not in captiveportal.db
+* if session is expired
+'''
+
+# initialise django environnement for pffedportal
+# note : the script must be launch into the pffedportal direcory
+import os
+os.environ['DJANGO_SETTINGS_MODULE'] = "settings"
+
+import csv
+import datetime
+from django.conf import settings
+from django.contrib.sessions.backends.file import SessionStore
+
+# load pfsenseid list from captiveportal.db
+pfsenseids = [l[5] for l in csv.reader(open('/var/db/captiveportal.db'))]
+
+storage_path = settings.SESSION_FILE_PATH
+file_prefix = settings.SESSION_COOKIE_NAME
+
+for session_file in os.listdir(storage_path):
+    if not session_file.startswith(file_prefix):
+        continue
+    session_key = session_file[len(file_prefix):]
+    session = SessionStore(session_key)
+    # When an expired session is loaded, its file is removed, and a
+    # new file is immediately created. Prevent this by disabling
+    # the create() method.
+    session.create = lambda: None
+
+    session_data = session.load()
+
+    # pfsenseid doesn't exist in captiveportal.db
+    if session_data.get('pfsenseid') and session_data['pfsenseid'] not in pfsenseids:
+        session.delete()
+        continue
+
+    # expired
+    modification = os.stat(session._key_to_file()).st_ctime
+    age = datetime.datetime.now() - datetime.datetime.fromtimestamp(modification)
+    if age.seconds > session.get_expiry_age():
+        session.delete()
+        continue
+

virtualenv/pffedportal/del_sessions_by_pfsenseid.py

@@ -1,26 +0,0 @@
-#!/usr/bin/env python
-
-'''
-delete all pffedportal (django) sessions relative to a (list of) sessionid from
-the pfsense captive portal.
-syntax : del_sessions_by_pfsenseid.py [sessionid_from_pfsense] [...]
-'''
-
-# initialise django environnement for pffedportal
-# note : the script must be launch into the pffedportal direcory
-import os
-os.environ['DJANGO_SETTINGS_MODULE'] = "settings"
-
-import sys
-from django.contrib.sessions.models import Session
-
-pfsenseids = sys.argv[1::]
-
-# delete each session containing a sessionid in argv
-for s in Session.objects.all():
-    d = s.get_decoded()
-    if 'pfsenseid' in d:
-        if d['pfsenseid'] in pfsenseids:
-            print "delete session %s (pfsenseid=%s)" % (s.pk, d['pfsenseid'])
-            s.delete()
-

virtualenv/pffedportal/settings.py

@@ -105,7 +105,14 @@ INSTALLED_APPS = (
     'base',
 )
 
-SESSION_COOKIE_NAME = "pffedportalsessionid"
+SESSION_COOKIE_NAME = 'pffedportalsessionid'
+
+SESSION_ENGINE = 'django.contrib.sessions.backends.file'
+SESSION_FILE_PATH = '/var/tmp/pffedportalsessions'
+try:
+    os.mkdir(SESSION_FILE_PATH)
+except:
+    pass
 
 
 AUTH_FRONTENDS = ('authentic2.authsaml2.frontend.AuthSAML2Frontend',)

virtualenv/rc.d/univnautes.sh

@@ -113,8 +113,8 @@ _cronstart() {
 	log "update-metadata cron started (every $REFRESH seconds)"
 	/usr/local/bin/minicron $REFRESH /var/run/update-map-cron.pid $MAPUPDATER
 	log "update-map cron started (every $REFRESH seconds)"
-	/usr/local/bin/minicron $REFRESH /var/run/cleanup-cron.pid $CLEANUP
-	log "cleanup cron started (every $REFRESH seconds)"
+	/usr/local/bin/minicron 300 /var/run/cleanup-cron.pid $CLEANUP
+	log "cleanup cron started (every 300 seconds)"
 	/usr/local/bin/minicron 86400 /var/run/tcpdump-restart-cron.pid $TCPDUMPRESTART
 	log "tcpdump-restart cron started (every 86400 seconds)"
 }