Captive-Portal: add crontab and cleanup scripts

The cleanup script is called every hour and deletes expired clients from
the clients file.
every night the captivectrl warpper runs once to flush the chains and
reload rules for active clients

Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>

diff --git a/config/cron/crontab b/config/cron/crontab
index c42c65080899216bc4c90f86bbd10200879faf4f..a67338f6a43a6c714d987a029d7ff3c66b4226e9 100644 (file)
--- a/config/cron/crontab
+++ b/config/cron/crontab
@@ -65,5 +65,11 @@ HOME=/
 # Retry sending spooled mails regularly
 %hourly * /usr/sbin/dma -q
 
+# Cleanup captive clients
+%hourly * /usr/bin/captive-cleanup
+
+# Reload captive firewall rules
+%nightly * 23-1   /usr/local/bin/captivectrl >/dev/null
+
 # Cleanup the mail spool directory
 %weekly * * /usr/sbin/dma-cleanup-spool

diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2
index 07446b73b175ef5d7222af27b5cc2db556f3c4ac..3e5212e04a0374224266ff0d683961f9d0fd9a41 100644 (file)
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -73,6 +73,7 @@ run
 #usr/bin/perl
 #usr/include
 #usr/lib
+usr/bin/captive-cleanup
 usr/lib/firewall
 usr/lib/firewall/firewall-lib.pl
 usr/lib/firewall/ipsec-block

diff --git a/lfs/stage2 b/lfs/stage2
index ec5d1170d972eb587045e954ae27bcaff3d1fbe9..bfff95a81420c4ecebef7357f77f40fd3ddcc803 100644 (file)
--- a/lfs/stage2
+++ b/lfs/stage2
@@ -107,6 +107,7 @@ endif
        # Move script to correct place.
        mv -vf /usr/local/bin/ovpn-ccd-convert /usr/sbin/
        mv -vf /usr/local/bin/ovpn-collectd-convert /usr/sbin/
+       mv -vf /usr/local/bin/captive-cleanup /usr/bin/
        
        # Install firewall scripts.
        mkdir -pv /usr/lib/firewall

diff --git a/src/scripts/captive-cleanup b/src/scripts/captive-cleanup
new file mode 100755 (executable)
index 0000000..4bcdab5
--- /dev/null
+++ b/src/scripts/captive-cleanup
@@ -0,0 +1,43 @@
+#!/usr/bin/perl
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2016  IPFire Team  <alexander.marx@ipfire.org>                #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+use strict;
+
+require '/var/ipfire/general-functions.pl';
+
+my %settings=();
+my %clientshash=();
+my $settingsfile="${General::swroot}/captive/settings";
+my $clients="${General::swroot}/captive/clients";
+my $time;
+my $expiretime;
+
+if (-f $settingsfile && -f $clients && ! -z $clients){
+       &General::readhash("$settingsfile", \%settings) if(-f $settingsfile);
+       &General::readhasharray("$clients", \%clientshash);
+       $time = time();
+       foreach my $key (keys %clientshash) {
+               $expiretime=($clientshash{$key}[5]*3600)+$clientshash{$key}[6];
+               if ($expiretime < $time){
+                       delete $clientshash{key};
+               }
+       }
+}