I am including this patch here as it might be interesting for others and
because I would like some comments on it: It's against RELENG_1 but can
easily be adapted to HEAD.
The patch enables an inetd process which will show the currently logged
pppoe users. This can be easily hacked into freeradius so that double
logins can be checked for.
Modifications are for filter.inc (running the secondary inetd server,
separated from the one for FTP running on localhost). I'm not sure if
this is the best place, but since the other inetd server in started
here... I placed in the same file.
3 scripts are included. One generic for login and logout users + 2
adaptation for the mpd daemon. they should be set executable before they
will be used by mpd.
Everything runs nicely on my production/test system.
If anybody is interested in the freeradius checkrad modification that is
compatible with the following patch, please ask and I'll post it.
The next step is to redirect each ng interface to a specific queue and
set the speed on this queue according to the user (via radius issued
filter-id). This requires a modified mpd (this is easy) but I would like
some hints on how to modify the current queue discipline. It seems that
any modification can easily break the magic shaper wizard stuff. Any
help in this area will be greatly appreciated.
Paul.
Patch follows:
---- cut here ----
diff -NrU 3 /usr/jails/pfsense/home/pfsense/pfSense/etc/inc/filter.inc
pfSense/etc/inc/filter.inc
--- /usr/jails/pfsense/home/pfsense/pfSense/etc/inc/filter.inc Fri
Feb 23 21:38:59 2007
+++ pfSense/etc/inc/filter.inc Sun Feb 25 20:24:45 2007
@@ -799,6 +799,15 @@
$natrules .= "rdr on \$wan proto ipv6 from any to any ->
{$config['diag']['ipv6nat']['ipaddr']}\n";
}
+ $inetd_fd = fopen("/var/etc/inetd-static.conf", "w" );
+ fwrite( $inetd_fd,
"pppoedusers\tstream\ttcp\tnowait\tnobody\t/usr/local/bin/loguser.sh\tloguser.sh
who\n" ) ;
+ fclose($inetd_fd);
+ $helpers = trim(exec("/bin/ps ax | /usr/bin/grep inetd |
/usr/bin/grep -v grep | /usr/bin/grep inetd-static"));
+ if(!$helpers)
+ mwexec("/usr/sbin/inetd -wW -R 0 /var/etc/inetd-static.conf");
+ else
+ mwexec("/usr/bin/killall -HUP inetd");
+
if(file_exists("/var/etc/inetd.conf"))
mwexec("rm /var/etc/inetd.conf");
touch("/var/etc/inetd.conf");
@@ -1100,7 +1109,6 @@
mwexec("/usr/sbin/inetd -wW -R 0 -a 127.0.0.1
/var/etc/inetd.conf");
else
mwexec("/usr/bin/killall -HUP inetd");
-
}
}
diff -NrU 3 /usr/jails/pfsense/home/pfsense/pfSense/etc/inc/vpn.inc
pfSense/etc/inc/vpn.inc
--- /usr/jails/pfsense/home/pfsense/pfSense/etc/inc/vpn.inc Thu Feb
8 23:03:23 2007
+++ pfSense/etc/inc/vpn.inc Sun Feb 25 19:09:13 2007
@@ -895,6 +895,8 @@
new -i {$ngif} pppoe{$i} pppoe{$i}
{$isssue_ip_type}
load pppoe_standart
+ set iface up-script /usr/local/bin/loginuser.sh
+ set iface down-script /usr/local/bin/logoutuser.sh
EOD;
}
@@ -1019,4 +1021,4 @@
return 0;
}
-?>
\ No newline at end of file
+?>
diff -NrU 3 /usr/jails/pfsense/home/pfsense/pfSense/etc/services
pfSense/etc/services
--- /usr/jails/pfsense/home/pfsense/pfSense/etc/services Sat Jan 28
01:20:26 2006
+++ pfSense/etc/services Sun Feb 25 19:12:06 2007
@@ -4107,3 +4107,4 @@
wnn6_Tw 22321/tcp #Wnn6 (Taiwanse input)
wnn6_Kr 22305/tcp #Wnn6 (Korean input)
wnn6_DS 26208/tcp #Wnn6 (Dserver)
+pppoedusers 9200/tcp # custom PG for logged in users
diff -NrU 3
/usr/jails/pfsense/home/pfsense/pfSense/usr/local/bin/loginuser.sh
pfSense/usr/local/bin/loginuser.sh
---
/usr/jails/pfsense/home/pfsense/pfSense/usr/local/bin/loginuser.sh
Thu Jan 1 01:00:00 1970
+++ pfSense/usr/local/bin/loginuser.sh Sun Feb 25 18:36:29 2007
@@ -0,0 +1,17 @@
+#!/bin/sh
+# MPD adaptation script for loguser.sh
+# will call loguser.sh with the proper parameters
+
+loguser="/usr/local/bin/loguser.sh"
+
+# grab parametres from commandline
+user=$5
+iface=$1
+clientip=$4
+
+if [ -z "$user" ] ; then
+ echo "Usage: loginuser.sh <iface> <proto> <local-ip>
<remote-ip> <auth-name>"
+ exit ;
+fi
+
+$loguser login $user $iface $clientip
diff -NrU 3
/usr/jails/pfsense/home/pfsense/pfSense/usr/local/bin/logoutuser.sh
pfSense/usr/local/bin/logoutuser.sh
---
/usr/jails/pfsense/home/pfsense/pfSense/usr/local/bin/logoutuser.sh
Thu Jan 1 01:00:00 1970
+++ pfSense/usr/local/bin/logoutuser.sh Sun Feb 25 18:36:57 2007
@@ -0,0 +1,17 @@
+#!/bin/sh
+# MPD adaptation script for loguser.sh
+# will call loguser.sh with the proper parameters
+
+loguser="/usr/local/bin/loguser.sh"
+
+# grab parametres from commandline
+user=$3
+iface=$1
+clientip=""
+
+if [ -z "$user" ] ; then
+ echo "Usage: logoutuser.sh <iface> <proto> <auth-name>"
+ exit ;
+fi
+
+$loguser logout $user $iface $clientip
diff -NrU 3
/usr/jails/pfsense/home/pfsense/pfSense/usr/local/bin/loguser.sh
pfSense/usr/local/bin/loguser.sh
--- /usr/jails/pfsense/home/pfsense/pfSense/usr/local/bin/loguser.sh
Thu Jan 1 01:00:00 1970
+++ pfSense/usr/local/bin/loguser.sh Sun Feb 25 19:42:49 2007
@@ -0,0 +1,57 @@
+#!/bin/sh
+# Log ppp user in $ptmp file (/var/run/ptmp)
+#
+# Constructs a "Who" like file
+# root ttyp0 Oct 25 08:39 (81.174.61.46)
+
+
+ptmp="/tmp/ptmp"
+ptmp_lck="/tmp/ptmp.lock"
+tmpfile="/tmp/loguser.$$"
+
+# grab parametres from commandline
+action=$1 # login / logout
+user=$2
+iface=$3
+clientip=$4
+
+case ${action} in
+ cleanall)
+ rm -f $ptmp
+ rm -f $ptmp_lck
+ exit
+ ;;
+ who)
+ echo "Wangate pppoe server. Currently logged users. ver
1.0"
+ if [ -e $ptmp ] ; then
+ cat $ptmp
+ fi
+ exit
+ ;;
+esac
+
+# Make sure no other logins are occuring
+while [ -e $ptmp_lck ] ; do
+ sleep 1 ;
+done
+
+case ${action} in
+ login)
+ echo $$ > $ptmp_lck
+ echo "${user} ${iface} ${clientip}" >> $ptmp
+ ;;
+ logout)
+ grep -v "^${user} ${iface}" $ptmp > $tmpfile
+ mv -f $tmpfile $ptmp
+ rm -f $tmpfile
+ ;;
+ *)
+ echo "Usage: loguser.sh <login|logout|cleanall>
<username> <interface> <ipaddress>"
+ echo " login: log the user"
+ echo " logout: remove the user"
+ echo " who: dump logged users"
+ echo " cleanall: remove all lock files and
logged users"
+ ;;
+esac
+
+rm -f $ptmp_lck
