#!/bin/sh
# Dirk van Deun, dirk at dinf.vub.ac.be

# get a list of ip addresses in $1 $2 $3...  (this doesn't scale to very
# large amounts of clients, but neither do wireless base stations)
ips=`pfctl -T show -t loggedin`
if [ -z "$ips" ]; then
  return
fi
set $ips

# get the date in the format that the leases file uses
LOCALDATE=`date  +%Y/%m/%d\ %H:%M:%S`
UCTDATE=`date -u +%Y/%m/%d\ %H:%M:%S`

# check each logged-in ip address against the dhcpd leases to time-out
# logins after the time-out of the corresponding leases
for ip {
  # get the lease end time from the dhcpd leases file, first searching
  # for the *last* lease with the correct IP address, then searching for the
  # lease end time that goes with it; the grep is only a sanity check
  END_OF_LEASE=`echo "?lease $ip \n/ends" \
                | ed /var/db/dhcpd.leases 2>/dev/null | tail -1 \
                | grep "ends" | cut -d " " -f 3,4`
  END_OF_LEASE=${END_OF_LEASE%;}

  # simple sorting is okay to compare dates in the lease file format
  if `echo "$END_OF_LEASE\n$UCTDATE" | sort -c 2>/dev/null`; then
    pfctl -T delete -t loggedin $ip 2>/dev/null
    echo $LOCALDATE ! $ip >>/var/log/natlogins
  fi
}