Captive-Portal: add crontab and cleanup scripts

The cleanup script is called every hour and deletes expired clients from
the clients file.
every night the captivectrl warpper runs once to flush the chains and
reload rules for active clients

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>

diff --git a/config/cron/crontab b/config/cron/crontab
index c6d8a725c73ec49c76a3cb807f31aed121654029..4561f4a243239b8b5bd3525c067dc6a70395489c 100644 (file)
--- a/config/cron/crontab
+++ b/config/cron/crontab
@@ -65,6 +65,12 @@ HOME=/
 # Retry sending spooled mails regularly
 %hourly * /usr/sbin/dma -q
 
+# Cleanup captive clients
+%hourly * /usr/bin/captive-cleanup
+
+# Reload captive firewall rules
+%nightly * 23-1   /usr/local/bin/captivectrl >/dev/null
+
 # Cleanup the mail spool directory
 %weekly * * /usr/sbin/dma-cleanup-spool
 

diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2
index ec36774b315d2644e3f7e13c548bcd995a6b7ff5..a76d46e2be217cee0919758c8045a2cc31d2f143 100644 (file)
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -72,6 +72,7 @@ run
 #usr/bin/perl
 #usr/include
 #usr/lib
+usr/bin/captive-cleanup
 usr/lib/firewall
 usr/lib/firewall/firewall-lib.pl
 usr/lib/firewall/ipsec-block

diff --git a/lfs/stage2 b/lfs/stage2
index 2d2a6459de9424e683b7d643f7af5c9710aa6db5..01c1b9e4565bb1c79c4c58c23537c461b2bdd0e2 100644 (file)
--- a/lfs/stage2
+++ b/lfs/stage2
@@ -107,6 +107,7 @@ endif
        # Move script to correct place.
        mv -vf /usr/local/bin/ovpn-ccd-convert /usr/sbin/
        mv -vf /usr/local/bin/ovpn-collectd-convert /usr/sbin/
+       mv -vf /usr/local/bin/captive-cleanup /usr/bin/
        
        # Install firewall scripts.
        mkdir -pv /usr/lib/firewall

diff --git a/src/scripts/captive-cleanup b/src/scripts/captive-cleanup
new file mode 100755 (executable)
index 0000000..4bcdab5
--- /dev/null
+++ b/src/scripts/captive-cleanup
@@ -0,0 +1,43 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2016  IPFire Team  <alexander.marx@ipfire.org>                #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+
+require '/var/ipfire/general-functions.pl';
+
+my %settings=();
+my %clientshash=();
+my $settingsfile="${General::swroot}/captive/settings";
+my $clients="${General::swroot}/captive/clients";
+my $time;
+my $expiretime;
+
+if (-f $settingsfile && -f $clients && ! -z $clients){
+       &General::readhash("$settingsfile", \%settings) if(-f $settingsfile);
+       &General::readhasharray("$clients", \%clientshash);
+       $time = time();
+       foreach my $key (keys %clientshash) {
+               $expiretime=($clientshash{$key}[5]*3600)+$clientshash{$key}[6];
+               if ($expiretime < $time){
+                       delete $clientshash{key};
+               }
+       }
+}