diff --git a/.gitignore b/.gitignore index 6ace4eb6058f..8c70f6bc2573 100644 --- a/.gitignore +++ b/.gitignore @@ -25,6 +25,8 @@ db/pf-schema.sql raddb/eap.conf raddb/radiusd.conf raddb/sql.conf +raddb/proxy.conf.inc +raddb/clients.conf.inc conf/adminroles.conf conf/authentication.conf conf/floating_network_device.conf @@ -37,6 +39,8 @@ conf/radiusd/eap.conf conf/radiusd/radiusd.conf conf/radiusd/sql.conf conf/radiusd/proxy.conf.inc +conf/radiusd/clients.conf.inc +conf/radiusd/packetfence-cluster conf/realm.conf conf/snort/classification.config conf/snort/local.rules @@ -61,7 +65,12 @@ conf/vlan_filters.conf html/captive-portal/captive_portal.conf conf/pfdetect_remote.conf conf/pfarp_remote.conf +conf/pfconfig.conf conf/allowed-gaming-oui.txt +conf/cluster.conf +conf/domain.conf +conf/haproxy.conf +conf/keepalived.conf conf/templates/emails-billing_confirmation.txt.tt conf/templates/emails-guest_admin_pregistration.txt.tt conf/templates/emails-guest_email_activation.txt.tt @@ -93,6 +102,7 @@ html/admin/traplog/ # built by package or installer lib/pf/pfcmd/pfcmd_pregrammar.pm +lib/fingerbank # directories that can be ignored logs/ diff --git a/ChangeLog b/ChangeLog index 5e35983b3bdf..c01db192eeb0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,1787 +1,12049 @@ -commit 3fe8e590b41add82012d0bcac60a17f56599f944 -Author: James Rouzier -Date: Fri Mar 6 15:05:45 2015 -0500 - - Make the id field readonly when viewing a profile - -M html/pfappserver/root/config/profile/tab-content.tt - -commit 5cdd5558235fa64cdc93a5ed5728b10896489ede +commit de58b23809dca943666748c4224318a30a4d91d9 Author: Louis Munro -Date: Fri Mar 6 14:40:19 2015 -0500 +Date: Wed Apr 15 14:20:34 2015 -0400 - Fixed typos and updated UPGRADE.asciidoc to reflect schema change. + Preparing to merge to stable and release v5.0.0. -M NEWS.asciidoc -M UPGRADE.asciidoc +M addons/packages/packetfence.spec +M debian/changelog +M docs/docinfo.xml +M docs/includes/global-attributes.asciidoc -commit 096117218874209f61c82ca01f6d725b408c84af +commit 1bc32faf0c22a888fd0c56b376f0d1a8ff7f16ed Author: Derek Wuelfrath -Date: Fri Mar 6 14:35:38 2015 -0500 +Date: Wed Apr 15 14:47:14 2015 -0400 - Missing entry + Added back MAC Vendor Fingerbank menu item -M UPGRADE.asciidoc +M html/pfappserver/root/admin/configuration.tt -commit cef6e30597cf5083864b61756e89ead72ba198e8 -Author: Louis Munro -Date: Fri Mar 6 14:13:25 2015 -0500 +commit d561b6ea732008c1f0a02f896d268fa416469390 +Author: Derek Wuelfrath +Date: Wed Apr 15 14:46:50 2015 -0400 - Reverted last update on this library. - It breaks the build. - This should not be the last step before a release but the first one - after... + Added the MAC OUI column -M lib/HTTP/BrowserDetect.pm +M html/pfappserver/root/config/fingerbank/mac_vendor/list.tt -commit 6b5c4fea2935956dad9b571f66dc0ba33a7acba9 +commit a277835aae653f328686e231988343ddb26b3a28 Author: Louis Munro -Date: Fri Mar 6 13:40:43 2015 -0500 +Date: Wed Apr 15 13:57:03 2015 -0400 - Last commit before release. - Updated versions numbers and HTTP::BrowserDetect. + Preparing to release. + Updated release numbers in documents and sql scripts. M NEWS.asciidoc -M addons/packages/packetfence.spec +M UPGRADE.asciidoc M conf/pf-release -A db/pf-schema-4.7.0.sql -D db/pf-schema-X-Y-Z.sql -A db/upgrade-4.6.0-4.7.0.sql +A db/pf-schema-5.0.0.sql +D db/pf-schema-X.Y.Z.sql +A db/upgrade-4.7.0-5.0.0.sql D db/upgrade-X.X.X-X.Y.Z.sql -M debian/changelog -M docs/docinfo.xml -M docs/includes/global-attributes.asciidoc -M lib/HTTP/BrowserDetect.pm - -commit f94f9e0bf983d30ed4745d70a3f76ed2971002c2 -Author: Durand Fabrice -Date: Fri Mar 6 13:36:39 2015 -0500 - - Updated translation - -M conf/locale/de/LC_MESSAGES/packetfence.po -M conf/locale/es/LC_MESSAGES/packetfence.po -M conf/locale/fr/LC_MESSAGES/packetfence.po -M conf/locale/he_IL/LC_MESSAGES/packetfence.po -M conf/locale/it/LC_MESSAGES/packetfence.po -M conf/locale/nl/LC_MESSAGES/packetfence.po -M conf/locale/pl_PL/LC_MESSAGES/packetfence.po -M conf/locale/pt_BR/LC_MESSAGES/packetfence.po -M html/pfappserver/lib/pfappserver/I18N/fr.po -commit 768ee5abf70c040761dbc087aeda93e52bed9395 +commit cfe2e3f977d3b0f5d1005471228692dd97394c6c Author: Francis Lachapelle -Date: Fri Mar 6 13:23:33 2015 -0500 +Date: Wed Apr 15 13:37:44 2015 -0400 Localization -M html/pfappserver/lib/pfappserver/I18N/i_default.po - -commit 43dcf90147342b187b96b8edec0033718fa4d790 -Author: Durand Fabrice -Date: Fri Mar 6 13:18:50 2015 -0500 - - Updated extract_i18n_strings.pl - M addons/extract_i18n_strings.pl +M html/pfappserver/lib/pfappserver/I18N/i_default.po -commit 348a913d112715140955e0a321cfdc6a6ac224ff -Author: Louis Munro -Date: Fri Mar 6 12:26:58 2015 -0500 +commit a9080a9f01bcf1327660a1f769766ceeeeb07e41 +Author: Julien Semaan +Date: Wed Apr 15 13:35:33 2015 -0400 - Updated NEWS file to reflect SSL changes for FREAK attack. + Readd --opt in mysqldump -M NEWS.asciidoc +M UPGRADE.asciidoc -commit 91d78631dfdcf0a238b9f9701ac8974040b8ebf6 -Author: Louis Munro -Date: Fri Mar 6 12:22:30 2015 -0500 +commit 06515e0651afd940d811c7a4088761997fe9e2ea +Author: James Rouzier +Date: Wed Apr 15 13:18:34 2015 -0400 - Fixed missing comma in admin, aaa and webservices configuration. + Do not allow searching for combination -M conf/httpd.conf.d/httpd.aaa -M conf/httpd.conf.d/httpd.admin -M conf/httpd.conf.d/httpd.webservices +M html/pfappserver/root/config/fingerbank/combination/list.tt -commit db4e08b76ae05520556337c2a2ac242c62acaaf7 +commit d3ad25ac49d51ec3cf059ffcc262ba893e46dd19 Author: Louis Munro -Date: Thu Mar 5 10:35:20 2015 -0500 +Date: Wed Apr 15 13:21:48 2015 -0400 - Restricts the allowed ciphers to prevent FREAK SSL attack. - Turns on HSTS. + Modified to indicate that we drop the iplog table. -M conf/httpd.conf.d/httpd.aaa -M conf/httpd.conf.d/httpd.admin -M conf/httpd.conf.d/httpd.portal -M conf/httpd.conf.d/httpd.proxy -M conf/httpd.conf.d/httpd.webservices +M UPGRADE.asciidoc -commit 5efcbfb0f6c7a8f395398016530f456a7b621fc7 +commit e0392b6b7cf70fce4833707b096a9f7b7feb347e Author: Durand Fabrice -Date: Fri Mar 6 12:01:40 2015 -0500 +Date: Wed Apr 15 13:16:33 2015 -0400 - Missing a string to localize "Detected Between" + Added dependencies version -M html/pfappserver/root/admin/nodes.tt +M debian/control -commit 7c5e61aaffd69e3354d05eabf5c03f0c40c9f134 -Author: Louis Munro -Date: Fri Mar 6 11:56:57 2015 -0500 +commit 3c89bba013e17727b52730edc58b82ba0dbf0786 +Author: James Rouzier +Date: Wed Apr 15 13:07:35 2015 -0400 - Added Aerohive roaming and PacketFence-config items to NEWS. - Reworded a few items for legibility. + Hide mac vendor until display is fixed and only display Fingerbank functionality if FINGERBANK_READ user as admin role FINGERBANK_READ -M NEWS.asciidoc +M html/pfappserver/root/admin/configuration.tt -commit ba80cbd7aab5083c13783648a4c522f41ea1362d -Author: Durand Fabrice -Date: Fri Mar 6 11:40:54 2015 -0500 +commit 8c096d2cc13a784c9b2af7775f3ddbc0ac3f7030 +Author: James Rouzier +Date: Wed Apr 15 12:59:23 2015 -0400 - Standardize log + Allow the mac vendor to be searched by name and mac -M lib/pf/activation.pm +M html/pfappserver/lib/pfappserver/Base/Controller/Crud/Fingerbank.pm +M html/pfappserver/lib/pfappserver/Base/Model/Fingerbank.pm +M html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/MAC_Vendor.pm -commit 8bc77286e443dfdf6191083e624e99afbb223ceb +commit d9c9df5dab9c3c47c3c42e76574161a99ccd912c Author: Durand Fabrice -Date: Fri Mar 6 11:18:04 2015 -0500 +Date: Wed Apr 15 12:49:15 2015 -0400 - Standardize log + revert trying to start packetfence-config on install -M lib/pf/Switch.pm +M addons/packages/packetfence.spec -commit b84c7ffd51c446faeec550e3b729a0c01fa39efa -Author: Durand Fabrice -Date: Fri Mar 6 09:08:36 2015 -0500 +commit 70f73f0f942d7ff7a963afaf4a2e56d313aed255 +Author: James Rouzier +Date: Wed Apr 15 11:38:22 2015 -0400 - Re-order trapping options + Drop the iplog table -M conf/pf.conf.defaults +M db/pf-schema-X.Y.Z.sql +M db/upgrade-X.X.X-X.Y.Z.sql -commit 5c6e10aebccae161cb8af3ad053a62674ba0a562 -Author: Durand Fabrice -Date: Thu Mar 5 16:09:55 2015 -0500 +commit 5e8a7c27f3af5a58cda2e445b5b6b192adb47178 +Author: James Rouzier +Date: Wed Apr 15 12:01:58 2015 -0400 - remove var/cache/pfconfig on upgrade + Updated pfcmd documentation -M debian/packetfence-config.preinst -M debian/packetfence.init +M lib/pf/cmd/pf.pm -commit 1371a9ee91ddd52f89b15e5d835db9a56ed13da9 -Author: Durand Fabrice -Date: Thu Mar 5 15:54:17 2015 -0500 +commit 274b23ca4317761efa7d43c965e3e6389f8bda48 +Author: Francis Lachapelle +Date: Wed Apr 15 11:50:19 2015 -0400 - Fixed syntax in po file + Minor improvement to the nodes page -M conf/locale/en/LC_MESSAGES/packetfence.po +M html/pfappserver/root/admin/nodes.tt -commit 9dd691caca467d393d02a3cb4c99c158c2f738e4 -Author: Durand Fabrice -Date: Thu Mar 5 15:37:04 2015 -0500 +commit 863d85404021b208a4895190c5c759fdcded9ac1 +Author: Ludovic Marcotte +Date: Wed Apr 15 11:36:44 2015 -0400 - Updated portal string + Fixed many typos and markup errors -M conf/locale/en/LC_MESSAGES/packetfence.po +M docs/PacketFence_Inline_Deployment_Quick_Guide_ZEN.asciidoc +M docs/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN.asciidoc -commit cf3e993bf514bbef56a08f58951a51d2d1bf69b5 -Author: Durand Fabrice -Date: Thu Mar 5 14:56:08 2015 -0500 +commit 3d7cd1255f0275b7eaa7712dc6b7feaa2e6c7f7f +Author: Antoine Amacher +Date: Wed Apr 15 11:23:13 2015 -0400 - Added extract_i18n for the captive portal + , instead of .wq -A addons/extract_i18n_strings_portal.pl +M docs/PacketFence_Inline_Deployment_Quick_Guide_ZEN.asciidoc -commit 8f113f49aaae75affc82f7d2072a5e12357083a5 +commit e7cf2d95a2246123586cef8311ddbd1dc1529cde Author: Durand Fabrice -Date: Thu Mar 5 14:50:00 2015 -0500 +Date: Wed Apr 15 11:20:46 2015 -0400 - Revert "Added html parser in extract_i18n_strings.pl script" - - This reverts commit 67c2bc73ec5b5626e2b02a81c82b2912250fb898. + Changed VLAN to network -M addons/extract_i18n_strings.pl +M docs/PacketFence_Inline_Deployment_Quick_Guide_ZEN.asciidoc -commit 67c2bc73ec5b5626e2b02a81c82b2912250fb898 -Author: Durand Fabrice -Date: Thu Mar 5 14:39:36 2015 -0500 +commit d8e1df284d8b53a6ffd1a0a5a2116cc85d47de1f +Author: Ludovic Marcotte +Date: Wed Apr 15 11:13:11 2015 -0400 - Added html parser in extract_i18n_strings.pl script + Fixed typos -M addons/extract_i18n_strings.pl +M docs/PacketFence_Inline_Deployment_Quick_Guide_ZEN.asciidoc +M docs/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN.asciidoc -commit 6faf213890ad4e53c1abec556a2c588408358c0f -Author: James Rouzier -Date: Thu Mar 5 14:01:59 2015 -0500 +commit 9d037e9acaa7070a97ef684d6ec0ae409ce49101 +Author: Antoine Amacher +Date: Wed Apr 15 11:06:41 2015 -0400 - Fixed the number of parameters return + include/link, fixs -M lib/pf/ConfigStore/Switch.pm +M docs/PacketFence_Inline_Deployment_Quick_Guide_ZEN.asciidoc -commit 719a5e7f7a0196e1f5c993773f898fcaa16f87a4 -Author: Durand Fabrice -Date: Thu Mar 5 11:27:22 2015 -0500 +commit 25476c24a62a3f488d4f91bd09a4bd22edec5799 +Author: Zammit Ludovic +Date: Wed Apr 15 10:59:41 2015 -0400 - Change path for debian packaging + fix documentation link -M debian/rules +M docs/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN.asciidoc +D docs/PacketFence_Out-of-Band_Deployment_Quick_Install_Guide_ZEN.asciidoc -commit 334c24c50a8649fb3257dabe9e73b50140e54733 -Author: Julien Semaan -Date: Thu Mar 5 11:07:16 2015 -0500 +commit 3ee818990a39d545938727efa8b9cefd547231f7 +Author: Zammit Ludovic +Date: Wed Apr 15 10:52:04 2015 -0400 - Add pfconfig cache dir to fixpermissions + link documentation fixed -M bin/pfcmd.pl -M lib/pf/file_paths.pm -M lib/pfconfig/backend/bdb.pm +A docs/PacketFence_Out-of-Band_Deployment_Quick_Install_Guide_ZEN.asciidoc -commit 6b26bbc23cc2416c5cc2e6007668e8502cd75b87 +commit 8b041c8e97477ca0c17ee2d64d6d4f7f73d83de1 Author: Durand Fabrice -Date: Thu Mar 5 11:01:06 2015 -0500 +Date: Wed Apr 15 10:32:53 2015 -0400 - Added new directory in var/ with the correct permissions in debian/ubuntu packaging + Improuve Inline documentation -M debian/rules +M docs/PacketFence_Inline_Deployment_Quick_Guide_ZEN.asciidoc +M docs/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN.asciidoc -commit 3043322cde93b58480464a056f5dcc2e321f7e2b -Author: Durand Fabrice -Date: Thu Mar 5 10:36:46 2015 -0500 +commit 2bd2def3445da64fd3ae384a5ffe05732514c064 +Author: Ludovic Marcotte +Date: Wed Apr 15 09:59:56 2015 -0400 - Removed useless log + Moved Fingerbank + fixed markup -M lib/pf/person.pm +M docs/PacketFence_Administration_Guide.asciidoc -commit 71a218300a9c20ec544566197c821c2b80ce2512 -Author: Julien Semaan -Date: Thu Mar 5 10:11:10 2015 -0500 +commit cf6dcbee00718aabf72cf30a86d46bcbd81877fa +Author: Derek Wuelfrath +Date: Wed Apr 15 09:48:42 2015 -0400 - Rework dynamic_unreg_date to handle undef dates - - - Will actually return the undef value when being given one - - Will now return undef if the date generation fails (like giving it the month 13) + Fingerbank documentation -M lib/pf/config.pm +M docs/PacketFence_Administration_Guide.asciidoc -commit 85e0614476d29fd36a3af2df33151cc0f60f36c9 -Author: Derek Wuelfrath -Date: Thu Mar 5 09:49:08 2015 -0500 +commit d2065055ce3ba23c901bdaf488037a573b241e3c +Author: Ludovic Marcotte +Date: Wed Apr 15 09:30:55 2015 -0400 - Fixing wrong comment + More adjustments -M db/upgrade-X.X.X-X.Y.Z.sql +M Makefile +M docs/PacketFence_Inline_Deployment_Quick_Guide_ZEN.asciidoc +M docs/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN.asciidoc -commit 711f5e06bc18e5b82eefa84a4d16e3a984453896 -Author: James Rouzier -Date: Thu Mar 5 09:43:13 2015 -0500 +commit 2b5978492c443a961ca879c761e036b112466fff +Author: Ludovic Marcotte +Date: Wed Apr 15 09:30:21 2015 -0400 - There is no showError + Doc rename + makefile adjustments -M html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Pf.pm +A docs/PacketFence_Inline_Deployment_Quick_Guide_ZEN-docinfo.xml +A docs/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN-docinfo.xml +A docs/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN.asciidoc +D docs/PacketFence_Out-of-Band_Deployment_Quick_Install_Guide_ZEN-docinfo.xml +D docs/PacketFence_Out-of-Band_Deployment_Quick_Install_Guide_ZEN.asciidoc -commit db9433829b1134d67bd06efabdc083c8398a1a6e -Author: Durand Fabrice -Date: Thu Mar 5 08:48:19 2015 -0500 +commit 3ecdcf4080e78c01c41f0c6c139f8ce952d4aedb +Author: Ludovic Marcotte +Date: Wed Apr 15 09:19:13 2015 -0400 - Changed $c->error to $self->showError + Fixed typo -M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm -M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm -M html/captive-portal/lib/captiveportal/PacketFence/Controller/DeviceRegistration.pm -M html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Pf.pm +M docs/PacketFence_Out-of-Band_Deployment_Quick_Install_Guide_ZEN.asciidoc -commit 876d24666c7c8c00d9a84ae8f34d6af382bb6164 -Author: Julien Semaan -Date: Thu Mar 5 08:43:38 2015 -0500 +commit db199c31549ccc77a2d30a759c2133ab5ea116f9 +Author: Ludovic Marcotte +Date: Wed Apr 15 09:17:52 2015 -0400 - add pfconfig startup in debian pf init script + Fixed typo -M debian/packetfence.init +M docs/PacketFence_Inline_Deployment_Quick_Guide_ZEN.asciidoc -commit 987c289d8c6957e0eb5521b2d13ff8875e517fa4 -Author: Durand Fabrice -Date: Wed Mar 4 18:28:05 2015 -0500 +commit b2b8118658278e98faccf20cd22c5a87eed4ad94 +Author: Ludovic Marcotte +Date: Wed Apr 15 09:17:29 2015 -0400 - Removed var/control from debian packaging + Renamed doc, fixed typo -M debian/rules +A docs/PacketFence_Inline_Deployment_Quick_Guide_ZEN.asciidoc +D docs/PacketFence_Inline_Deployment_Quick_Guide_using_ZEN.asciidoc +M docs/PacketFence_Out-of-Band_Deployment_Quick_Install_Guide_ZEN.asciidoc -commit 22a69155278f49691bdb989aeb7f4a2b1010aae5 -Author: Durand Fabrice -Date: Wed Mar 4 18:26:11 2015 -0500 +commit 27117c15c2a9e1c3c6dc4e87791193c0b00fc47c +Author: Durand Fabrice +Date: Tue Apr 14 16:09:18 2015 -0400 - Removed DEBHELPER in packetfence.prerm + Added snmp configuration for cisco example -M debian/packetfence.prerm +M docs/PacketFence_Out-of-Band_Deployment_Quick_Install_Guide_ZEN.asciidoc -commit 3d51c7876618dfd90d54b94c281519cbcd22887a -Author: Durand Fabrice -Date: Wed Mar 4 18:18:41 2015 -0500 +commit ec1fd7940aca2581eddbc48d3b12d5a9a054436c +Author: Durand Fabrice +Date: Tue Apr 14 15:59:38 2015 -0400 - Removed DEBHELPER section + Fix syntax -M debian/packetfence-config.postinst -M debian/packetfence-config.prerm +M docs/PacketFence_Out-of-Band_Deployment_Quick_Install_Guide_ZEN.asciidoc -commit ce0070c90185fb544c68948a7ad63d95e50c400d -Author: Durand Fabrice -Date: Wed Mar 4 17:57:05 2015 -0500 +commit 83cad5aeb463b05d902f0c95331671322fb53afa +Author: Zammit Ludovic +Date: Tue Apr 14 15:55:22 2015 -0400 - Stop packetfence-config on remove + OVF to OVA -M debian/packetfence-config.postrm +M docs/PacketFence_Out-of-Band_Deployment_Quick_Install_Guide_ZEN.asciidoc -commit 1b676918913c94a03f0c5d78a8c093c901223632 -Author: James Rouzier -Date: Wed Mar 4 17:13:54 2015 -0500 +commit 09c0263948fbffd20cb23913c7f86b9c7994b980 +Author: Francis Lachapelle +Date: Tue Apr 14 15:31:45 2015 -0400 - Update error message when saving a file + (doc) Improve Administration guide -M lib/pf/ConfigStore.pm -M lib/pf/config/cached.pm +M docs/PacketFence_Administration_Guide.asciidoc +D docs/images/add-mobileconfig-provisioners.png +M docs/includes/commercial-support.asciidoc -commit 2beb83a656b1834325ec07940dc1dc498775def3 -Author: James Rouzier -Date: Tue Dec 2 11:05:21 2014 -0500 +commit c57879a78b4b71e8fed925f80bc4db7de7a1e13e +Author: Antoine Amacher +Date: Tue Apr 14 14:37:00 2015 -0400 - Will display error message from ConfigStore::commit on error + Titel fix -M html/pfappserver/lib/pfappserver/Base/Model/Config.pm +M docs/PacketFence_Inline_Deployment_Quick_Guide_using_ZEN.asciidoc -commit 75172efc2fb38c4e7325221556195367a9a33eec -Author: James Rouzier -Date: Tue Dec 2 11:01:15 2014 -0500 +commit f35ed36bef5dc48efb3777c1a2449b83d43e747a +Author: Antoine Amacher +Date: Tue Apr 14 14:31:21 2015 -0400 - commit Will result an error message on failure + added Inline l3 -M lib/pf/ConfigStore.pm +M docs/PacketFence_Inline_Deployment_Quick_Guide_using_ZEN.asciidoc -commit 79d935d1b0be867ee67f49cade8c6e8676d6655d -Author: Durand Fabrice -Date: Wed Mar 4 16:30:07 2015 -0500 +commit a9ebe38104f510ba511e9144daf0ba7db94b8fe6 +Author: Zammit Ludovic +Date: Tue Apr 14 13:47:49 2015 -0400 - fix syntax from last commit + typos -M debian/packetfence.postrm +M docs/PacketFence_Out-of-Band_Deployment_Quick_Install_Guide_ZEN.asciidoc -commit e9d94a637f08824e6ca4dd8a26bcfcb3f8d88632 -Author: Durand Fabrice -Date: Wed Mar 4 16:27:45 2015 -0500 +commit ffaf5caf96a9522949c618bd67114df945ed11ad +Author: Antoine Amacher +Date: Tue Apr 14 13:52:38 2015 -0400 - Updated packetfence.postrm script to test if the user pf can be removed + typosss -M debian/packetfence.postrm +M docs/PacketFence_Inline_Deployment_Quick_Guide_using_ZEN.asciidoc -commit 1e86a57b1d0359e5b789e3bf3f804a74478f37d8 -Author: Durand Fabrice -Date: Wed Mar 4 16:04:58 2015 -0500 +commit b77046e1fdedeb063de196122e6b87e01752cab0 +Author: Antoine Amacher +Date: Tue Apr 14 13:40:51 2015 -0400 - Updated packetfence-config init script + title -M debian/packetfence-config.init +M docs/PacketFence_Inline_Deployment_Quick_Guide_using_ZEN.asciidoc -commit bd4e6359b44571fe88808ebad4887baf8f4c9a58 -Author: Durand Fabrice -Date: Wed Mar 4 15:40:26 2015 -0500 +commit 73fcee2c6ffc78f20348dde61dff07eb62632647 +Author: Antoine Amacher +Date: Tue Apr 14 13:38:22 2015 -0400 - Updated Provides name in packetfence-config init script + typos -M debian/packetfence-config.init +M docs/PacketFence_Inline_Deployment_Quick_Guide_using_ZEN.asciidoc -commit 75b337b60a0e07454cff9dce100598bab3fa844c -Author: Durand Fabrice -Date: Wed Mar 4 15:27:43 2015 -0500 +commit 0b77551cbe0b3009d508438e2f102705457b2dff +Author: Antoine Amacher +Date: Tue Apr 14 13:29:06 2015 -0400 - Updated debian packaging + typos, + fixs -M debian/packetfence-config.postrm -M debian/packetfence.postinst -M debian/packetfence.postrm +M Makefile +M docs/PacketFence_Inline_Deployment_Quick_Guide_using_ZEN.asciidoc -commit ebc152f20e2605e54d7506d344d3a529029f86ea -Author: Francis Lachapelle -Date: Wed Mar 4 13:31:20 2015 -0500 +commit b23a0e3ddd9896a93131044a958f2265e369f333 +Author: Zammit Ludovic +Date: Tue Apr 14 13:12:08 2015 -0400 - Fix typo in administration guide + doc fix syntax -M docs/PacketFence_Administration_Guide.asciidoc +M docs/PacketFence_Out-of-Band_Deployment_Quick_Install_Guide_ZEN.asciidoc -commit b41bcf4a5e203d8d48d12b6ae7b485a3a4d95fbe -Author: Durand Fabrice -Date: Wed Mar 4 12:58:34 2015 -0500 +commit 12f13091bbe399303458519e502123cc62e0eb40 +Author: Antoine Amacher +Date: Tue Apr 14 12:16:39 2015 -0400 - Fix error in log if undef value + fix infos sources -M lib/pf/Switch.pm +M docs/PacketFence_Inline_Deployment_Quick_Guide_using_ZEN.asciidoc -commit a54f8ffd6ccf201a615a3c57f4a4b97d1f917fa8 -Author: Durand Fabrice -Date: Wed Mar 4 11:48:40 2015 -0500 +commit b580dd4e7ab8ede0d8c92ea331ef6ba78128af2f +Author: Antoine Amacher +Date: Tue Apr 14 12:14:03 2015 -0400 - Changed log message when a device hit the portal + inline documentation -M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm +A docs/PacketFence_Inline_Deployment_Quick_Guide_using_ZEN.asciidoc -commit cf24a245f43fae332457f79c1ead99aedf0dff43 -Author: Durand Fabrice -Date: Wed Mar 4 11:44:42 2015 -0500 +commit 07dad9654f07ca444112ad184f23de3754f76b62 +Author: Zammit Ludovic +Date: Tue Apr 14 11:43:06 2015 -0400 - Fixed pfarp_remote for the new api function + documentation title updated -M addons/pfarp_remote/sbin/pfarp_remote -M lib/pf/api.pm +M docs/PacketFence_Out-of-Band_Deployment_Quick_Install_Guide_ZEN.asciidoc -commit d3d4585643998920a9b19a2c3f2b73d6948267ab -Author: James Rouzier -Date: Wed Mar 4 11:42:13 2015 -0500 +commit 2fb2c9acc174a7cbbd0c470b5ee1a8b2819bde1d +Author: Ludovic Marcotte +Date: Tue Apr 14 10:59:05 2015 -0400 - Used the renamed path pfappserver::PacketFence::Controller instead of pfappserver::Controller + Fixed layout -M addons/extract_i18n_strings.pl -M html/pfappserver/lib/pfappserver/I18N/i_default.po +M docs/PacketFence_Administration_Guide.asciidoc -commit 9f40cf66963991d7bc4c0bda85afebc15cd4f238 -Author: Julien Semaan -Date: Wed Mar 4 11:18:25 2015 -0500 +commit 41a5817625a1737b2878b9ebd04242d17c484f66 +Author: Ludovic Marcotte +Date: Tue Apr 14 10:53:12 2015 -0400 - update news for #373 + More fixes -M NEWS.asciidoc +M docs/PacketFence_Administration_Guide.asciidoc -commit 2426f7125cf77974e6ee200a19a26e1ce322890b -Author: Zammit Ludovic -Date: Wed Mar 4 11:13:42 2015 -0500 +commit c57ab97fd957bd53390a22cde3bc951b32256997 +Author: Ludovic Marcotte +Date: Tue Apr 14 10:36:40 2015 -0400 - remove lib/pf/profile/filter/category.pm + More major rework -D lib/pf/profile/filter/category.pm +M docs/PacketFence_Administration_Guide.asciidoc -commit 784860d36de374d1fcbce38b6caa9ef4f7cdef9c +commit cc8656f0bf3e377802757269cd4da52b67786d2c Author: Zammit Ludovic -Date: Wed Mar 4 11:05:24 2015 -0500 +Date: Tue Apr 14 08:53:43 2015 -0400 - fix category key + doc fix -M lib/pf/profile/filter/node_role.pm +M docs/PacketFence_Out-of-Band_Deployment_Quick_Install_Guide_ZEN.asciidoc -commit ca30c03014144adae147adc86030f7a58a0373ba -Author: James Rouzier -Date: Wed Mar 4 10:51:43 2015 -0500 +commit 1f4b6bb60722cf394f5ee5c2425940d7e31495a5 +Author: Ludovic Marcotte +Date: Tue Apr 14 08:19:14 2015 -0400 - Add empty directory var/control + More doc reorg -A var/control/.gitignore +M docs/PacketFence_Administration_Guide.asciidoc +A docs/images/radius_workflow.png -commit 0c38243590383ba34462b685b71c4ddfcb3a3dce -Author: Julien Semaan -Date: Wed Mar 4 10:50:31 2015 -0500 +commit 8b4b1ffd464afc4e4d114b70f8bdb3e574237644 +Author: Zammit Ludovic +Date: Mon Apr 13 16:07:03 2015 -0400 - rework the touch of a pfconfig control file + add doc in the makefile -M lib/pfconfig/manager.pm +M Makefile -commit f912d2cbf79598a3fe9cbcf80202e04b65553b94 -Author: Julien Semaan -Date: Wed Mar 4 10:05:30 2015 -0500 +commit 87d54ac47a38015388cde8337e20bdb080c2c292 +Author: Zammit Ludovic +Date: Mon Apr 13 15:44:18 2015 -0400 - rework pfconfig handling in packetfence init + doc fix -M packetfence.init +M docs/PacketFence_Out-of-Band_Deployment_Quick_Install_Guide_ZEN.asciidoc -commit 318b1cccfd660bb3d0ab5924c7f432e72cf3a48b -Author: Durand Fabrice -Date: Wed Mar 4 09:19:43 2015 -0500 +commit 85d00f29c65f7f0d44c87cc9f715c047baad730d +Author: Zammit Ludovic +Date: Mon Apr 13 14:44:27 2015 -0400 - Added new search attributes for LDAP auth source: description and groupMembership + PacketFence Out-of-Band documentation -M lib/pf/Authentication/Source/LDAPSource.pm +A docs/PacketFence_Out-of-Band_Deployment_Quick_Install_Guide_ZEN-docinfo.xml +A docs/PacketFence_Out-of-Band_Deployment_Quick_Install_Guide_ZEN.asciidoc +A docs/images/omapi-config.png -commit d187d5eec1a683c2900fa1efaf7df377ca460d46 -Author: James Rouzier -Date: Tue Mar 3 16:15:12 2015 -0500 +commit 64d7ef60c929e3b41532d25b1df2ce7aaa96652b +Author: Ludovic Marcotte +Date: Mon Apr 13 11:58:16 2015 -0400 - Fixed license + More doc shoveling -M html/captive-portal/lib/captiveportal/Role/Request.pm -M lib/pf/constants/Portal/Profile.pm +M docs/PacketFence_Administration_Guide.asciidoc -commit 6c42ea14a98ef8be17bd850ce1b9eb28f4fd7889 -Author: Durand Fabrice -Date: Tue Mar 3 15:43:33 2015 -0500 +commit a72fba4a8c0fdfa3ac665acd9020252976947515 +Author: Ludovic Marcotte +Date: Mon Apr 13 11:12:36 2015 -0400 - Changed error to showError in sponsor portal to be able to have the message translated + More doc cleanups -M conf/locale/en/LC_MESSAGES/packetfence.po -M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm +M docs/PacketFence_Administration_Guide.asciidoc -commit 2d69bd05e768be1bb0faa2e4cf5edf924dbc0f5c -Author: Durand Fabrice -Date: Tue Mar 3 14:07:51 2015 -0500 +commit 070a71c33192781f4bab39dd6acf71f0b271f088 +Author: Ludovic Marcotte +Date: Mon Apr 13 11:07:35 2015 -0400 - Modify postrm script + Fixed markup -M debian/packetfence.postrm +M docs/PacketFence_Administration_Guide.asciidoc -commit aa118b6eff5abb3e1951cf00dbb64519c21f89ee -Author: Durand Fabrice -Date: Tue Mar 3 13:47:57 2015 -0500 +commit 543fc8f6480ad8d12a57c41edfbb36be775e7cbe +Author: Ludovic Marcotte +Date: Mon Apr 13 10:26:32 2015 -0400 - Removed purge instruction in packetfence-config.postrm + fixed formatting -M debian/packetfence-config.postrm +M docs/PacketFence_Administration_Guide.asciidoc -commit 8a313f7f8c5eebc84c86ecb737c83d50e07345ec -Author: Durand Fabrice -Date: Tue Mar 3 13:38:17 2015 -0500 +commit 66ff8dcf45ae4c5ca889aa022f9c722e6e703e2c +Author: Ludovic Marcotte +Date: Mon Apr 13 10:12:26 2015 -0400 - Exception in packetfence.postrm for bin/pfcmd + Fixed layout typo -M debian/packetfence.postrm +M docs/PacketFence_Administration_Guide.asciidoc -commit 34c9e326e911593d846f3d2c024d5f83ad75fd43 -Author: Durand Fabrice -Date: Tue Mar 3 13:29:09 2015 -0500 +commit c97fc9d8e22c47ee8f2fde8de815339fce2a885f +Author: Ludovic Marcotte +Date: Mon Apr 13 10:10:42 2015 -0400 - Be sure that packetfence-config canĀ“t start without packetfence installed + Big reorg of the documentation, wiped inline specifics -M addons/packages/packetfence.spec -M debian/control -M debian/packetfence-config.init -M packetfence.init +M docs/PacketFence_Administration_Guide.asciidoc -commit 35b7e4d8f65626600b18fe0d41a293811a89d744 -Author: Durand Fabrice -Date: Tue Mar 3 12:43:49 2015 -0500 +commit 7fdc1c7d2ddc27a9ac7fd9e3baf6911618031868 +Author: Ludovic Marcotte +Date: Mon Apr 13 09:46:47 2015 -0400 - Fixed syntax in debian/control + Removed example + inline specifics (both moved to ZEN/quick guides) -M debian/control +M docs/PacketFence_Administration_Guide.asciidoc -commit a7713d4f044bcbb68871cd4bba22cd6b2276b6b6 +commit e02057ea6de3332c4d7824e53e26b011da6b29f4 Author: Durand Fabrice -Date: Tue Mar 3 12:40:43 2015 -0500 +Date: Mon Apr 13 09:24:48 2015 -0400 - Change in debian control (for packetfence-pfcmd-suid) + Fix after rebase on devel -M debian/control +M addons/packages/packetfence.spec +M conf/documentation.conf +M conf/iptables.conf.example +M conf/pf.conf.defaults +M html/pfappserver/lib/pfappserver/Form/Interface.pm +M html/pfappserver/lib/pfappserver/I18N/i_default.po +M html/pfappserver/lib/pfappserver/Model/Interface.pm +M html/pfappserver/root/interface/create.tt +M html/pfappserver/root/interface/view.tt +M html/pfappserver/root/static/js/interface.js +M lib/pf/services/manager/dhcpd.pm -commit eb0e2cc639a8a6b9e07d1af58f273dd5e54e9c53 -Author: Durand Fabrice -Date: Tue Mar 3 12:33:34 2015 -0500 +commit c442ab2a7e083a8168dc24058918447033d69a8b +Author: Ludovic Marcotte +Date: Sat Apr 11 17:35:12 2015 -0400 - Change control file for debian/ubuntu + Removed unuseful documentation -M debian/control +M docs/PacketFence_Administration_Guide.asciidoc -commit ea664eca6752b0aa36c23a718c2127261cfc25d5 -Author: Durand Fabrice -Date: Tue Mar 3 11:56:54 2015 -0500 +commit 1d46b419040ed4899d1c995b1e611ef58a2cc834 +Author: Ludovic Marcotte +Date: Sat Apr 11 15:41:48 2015 -0400 - Predepend change for packetfence-pfcmd + Removed dead doc -M debian/control -M debian/packetfence.postrm +M docs/PacketFence_Administration_Guide.asciidoc -commit 2d3bbf76461726938da0a1afb5ef200831a5fa44 -Author: James Rouzier -Date: Tue Mar 3 11:42:07 2015 -0500 +commit 6452985a09e6c2af32082dcf144d9bbf4edcaf04 +Author: Ludovic Marcotte +Date: Sat Apr 11 15:33:01 2015 -0400 - Fix issue where if there are no conditions the saved search is not being restored properly - - Fixes #399 + Removed silly section -M html/pfappserver/root/static/admin/searches.js +M docs/PacketFence_Administration_Guide.asciidoc -commit f2e1502462949f609e59b7f226cc2cf4a984ecda -Author: Durand Fabrice -Date: Tue Mar 3 11:39:44 2015 -0500 +commit 0596099830468abe9b1893aa19fe5d677f3c7288 +Author: Ludovic Marcotte +Date: Sat Apr 11 15:29:28 2015 -0400 - Modifed debian packaging (dependencie) + Removed the firewall SSO section as all the doc are in their own guides -M debian/control +M docs/PacketFence_Administration_Guide.asciidoc -commit c2fd1adcf934914f296ef37fb0f0c7129688acad -Author: Durand Fabrice -Date: Tue Mar 3 11:30:06 2015 -0500 +commit 53bc7c0a6ee27018b3717aa8f72b4460c332ddd4 +Author: Ludovic Marcotte +Date: Sat Apr 11 15:23:59 2015 -0400 - Change in debian packaging + Removed HA section, as it now in it own guide -M debian/packetfence-config.postrm -M debian/packetfence.postrm +M docs/PacketFence_Administration_Guide.asciidoc -commit 9a5e9fdb34894482138289541c562ff9769515ad -Author: Durand Fabrice -Date: Tue Mar 3 11:05:55 2015 -0500 +commit dfc2281402ad312881c2f551c5facf7bb7977853 +Author: Ludovic Marcotte +Date: Sat Apr 11 15:18:54 2015 -0400 - Added Predepends in packetfence-config packaging + removed manual freeradius 2 configuration appendix -M debian/control +M docs/PacketFence_Administration_Guide.asciidoc -commit 8bbf4ef871d1e2bcd15043b2d61d30b7f5fb9db9 -Author: Durand Fabrice -Date: Tue Mar 3 10:16:59 2015 -0500 +commit 53f436971829afb4701db311031f867a3e7142dc +Author: Ludovic Marcotte +Date: Sat Apr 11 15:17:14 2015 -0400 - removed set_unreg_date function in api.pm and copy the code in modify_node function + Moved around apparmor/selinux section -M lib/pf/api.pm +M docs/PacketFence_Administration_Guide.asciidoc -commit 281bd3e0ed5a4cc05e801b2fffb3a98a8553db58 -Author: Durand Fabrice -Date: Tue Mar 3 10:12:22 2015 -0500 +commit 77228dc7f8e00298761076e21020ec0aaa378197 +Author: Ludovic Marcotte +Date: Sat Apr 11 15:13:19 2015 -0400 - Updated postrm for packetfence and packetfence-config + Fixed layout -M debian/packetfence-config.postrm -M debian/packetfence.postrm +M docs/PacketFence_Administration_Guide.asciidoc -commit 1928cdd9b698b9bbf508cb4c9d85f61c33faba27 -Author: Durand Fabrice -Date: Tue Mar 3 09:29:58 2015 -0500 +commit 979db6bc85ea543cb14f664fdbe54f8c06f07161 +Author: Ludovic Marcotte +Date: Mon Apr 6 15:26:58 2015 -0400 - Removed snort and suricata as depencencies + More small improvements to the documentation -M debian/control +M docs/PacketFence_Administration_Guide.asciidoc -commit 32fa101fc41289697b288223cc00ae0ad909ee6a -Author: Julien Semaan -Date: Tue Mar 3 09:22:36 2015 -0500 +commit 9ab95f9cd81456756aa155d2ca1cc3048a961027 +Author: Durand Fabrice +Date: Wed Feb 18 21:25:30 2015 -0500 - Make MSM controller inherit from Switch instead of HP + Modification on PacketFence_Administration_Guide.asciidoc -M lib/pf/Switch/HP/Controller_MSM710.pm +M docs/PacketFence_Administration_Guide.asciidoc -commit 78c708930177f5f7afac8cafd40310fe32c50a0c +commit 7972b6ca1df914bec5bd4d8f79a8e92e89afd230 Author: Durand Fabrice -Date: Tue Mar 3 09:03:16 2015 -0500 +Date: Fri Dec 12 10:30:49 2014 -0500 - Fix for debian packaging + Fixed dhcpd configuration file syntax -M debian/packetfence-config.postrm -M debian/packetfence.postrm -M debian/rules +M lib/pf/services/manager/dhcpd.pm -commit e9180e8613e552b9853a26e2f38ebab5d98fe793 -Author: Julien Semaan -Date: Tue Mar 3 08:22:39 2015 -0500 +commit 03fadb8af4e19fd8ba29f8303f1287bbe6027a50 +Author: Durand Fabrice +Date: Wed Dec 3 16:28:58 2014 -0500 - Add excluded files to addons/pfconfig + Fixed haproxy and dhcpd configuration -M addons/packages/packetfence.spec +M lib/pf/services/manager/dhcpd.pm -commit 3d75821597aed09ec5c96d60b1c510c9aa81434f -Author: Julien Semaan -Date: Tue Mar 3 07:51:08 2015 -0500 +commit 34a501d4cc25fb77335299a588e6991df5b9aec5 +Author: Durand Fabrice +Date: Tue Dec 2 12:50:04 2014 -0500 - Added addons/pfconfig/ to install section + Added missing dependencies M addons/packages/packetfence.spec -commit 8f597b271652dd29d80a3c89115abe2df77f04c9 -Author: Durand Fabrice -Date: Mon Mar 2 18:26:38 2015 -0500 +commit fe588ccec376ffdda8ced51ec8ab87842c1fa90b +Author: Durand Fabrice +Date: Tue Dec 2 11:33:07 2014 -0500 - Added new function in api.pm (set_unreg_date) + Added global configuration parameter for the active active members list -M lib/pf/api.pm -M lib/pf/util.pm +M conf/documentation.conf +M conf/pf.conf.defaults +M html/pfappserver/lib/pfappserver/I18N/i_default.po -commit 49df77148dcb11a848b886080403d4378335b2c7 -Author: Durand Fabrice -Date: Mon Mar 2 17:55:42 2015 -0500 +commit 75efe3c6f7120754455e61fa6edb0e08b5c85f69 +Author: Durand Fabrice +Date: Tue Nov 25 10:30:18 2014 -0500 - Evaluate role in vlan filter + Introduce dhcp active active configuration -M lib/pf/vlan/filter.pm +M html/pfappserver/lib/pfappserver/Form/Interface.pm +M html/pfappserver/lib/pfappserver/Model/Interface.pm +M html/pfappserver/root/interface/create.tt +M html/pfappserver/root/interface/view.tt +M html/pfappserver/root/static/js/interface.js +M lib/pf/services/manager/dhcpd.pm -commit 98af62d1f658eb99521cc5af9301904ce6a728fe -Author: Julien Semaan -Date: Mon Mar 2 16:51:56 2015 -0500 +commit 19eedeff93f7768dd52b998b7e4853af1d4e97c0 +Author: Durand Fabrice +Date: Fri Nov 21 16:37:08 2014 -0500 - Added /usr/local/pf/addons/pfconfig/cmd.pl to packaging + Added admin gui active/active configuration -M addons/packages/packetfence.spec +M html/pfappserver/lib/pfappserver/Model/Interface.pm +M html/pfappserver/root/interface/create.tt +M html/pfappserver/root/interface/view.tt +M html/pfappserver/root/static/js/interface.js -commit 0c00928e9b0ec2600fe138892c30e3ea249436e3 +commit a7aeebc021380d1fab858e446e81fb2a70427388 Author: Durand Fabrice -Date: Mon Mar 2 16:23:59 2015 -0500 +Date: Fri Nov 21 15:13:29 2014 -0500 - Added libphp-serialization-perl as a dependencie in debian/ubuntu + Changed for actif/actif setup -M debian/control +M conf/iptables.conf.example +M html/pfappserver/lib/pfappserver/Form/Interface.pm -commit ac78cc926c3e634ff3a8fe507f78cbc666712317 +commit 9a25569b2833175ca72f55bee2a74f7b5cbaa643 Author: Durand Fabrice -Date: Mon Mar 2 16:20:29 2015 -0500 +Date: Thu Oct 16 20:45:49 2014 -0400 - Revert "Added libphp-session-perl as a dependencie" - - This reverts commit 374f19b3aaa9231e6ee05a33041ffdc0c3c1fcdc. + Iptables and vip change for actif/actif -M debian/control +M conf/iptables.conf.example -commit f502df671004cb0c848298cc0c7047e13fc83d3c -Author: Durand Fabrice -Date: Mon Mar 2 16:18:03 2015 -0500 +commit db254b60d06699c8a4e45fc45f9889e0330fa7dc +Author: Julien Semaan +Date: Wed Apr 15 10:46:29 2015 -0400 - Added libphp-session-perl as a dependencie + Fix backup commands in upgrade guide -M debian/control +M UPGRADE.asciidoc -commit 0b47512c0dadaf20c5c748cc25005f49d4fe934a -Author: Durand Fabrice -Date: Mon Mar 2 16:15:31 2015 -0500 +commit d4f867abc72e8cf721e7894dd7d2b6c386d7ac0e +Author: James Rouzier +Date: Wed Apr 15 10:44:20 2015 -0400 - Fix debian rules file + Return proper exit code -M debian/rules +M lib/pf/cmd/pf/service.pm -commit 5689360b4fef1b261be9369d028fc8c7fd9cbe57 +commit 8e0bdfaafb6a719c35759e50a86b2cf3b57b8149 Author: James Rouzier -Date: Mon Mar 2 16:14:56 2015 -0500 +Date: Wed Apr 15 10:44:07 2015 -0400 - Added pfconfig.t to the compile tests + Return proper exit code -M t/TestUtils.pm +M lib/pf/cmd/pf/reload/violations.pm -commit 90e2a6189855502baa3303b4a43fbcdce1a90bc9 +commit a937fbbb4fe744c1045d4e8af66986169bb22418 Author: James Rouzier -Date: Mon Mar 2 16:09:22 2015 -0500 +Date: Wed Apr 15 10:43:57 2015 -0400 - Add test script to test pfconfig libs + Return proper exit code -A t/pfconfig.t +M lib/pf/cmd/pf/import/nodes.pm -commit 2e0bcf756f97143ae66755865ff6a6b1e6ec4eee +commit 1fa202b7e0177cf9da26bbcefeab29b687b4100d Author: James Rouzier -Date: Mon Mar 2 16:08:49 2015 -0500 +Date: Wed Apr 15 10:43:48 2015 -0400 - Do not test pfconfig libs + Return proper exit code -M t/pf.t +M lib/pf/cmd/pf/configreload.pm -commit eacab5fd7c6dd7ccb124d85a6747e8a6ee34a54e -Author: Durand Fabrice -Date: Mon Mar 2 15:48:00 2015 -0500 +commit d6241ee335052d602e25cc7322b4b86587c2c0f7 +Author: James Rouzier +Date: Wed Apr 15 10:43:36 2015 -0400 - Removed useless dependencie in debian packaging + Return proper exit code -M debian/control +M lib/pf/cmd/pf/configfiles/push.pm -commit 2163ad9676bb12fcdbecc6b3ced53f29c17f1ead -Author: Durand Fabrice -Date: Mon Mar 2 15:14:10 2015 -0500 +commit a06c84961b18e55cdd854bf013f084837e36c617 +Author: James Rouzier +Date: Wed Apr 15 10:42:25 2015 -0400 - Fixed debian rules file + Return proper exit code -M debian/rules +M lib/pf/cmd/pf/configfiles/pull.pm -commit 17682e6e073cdfef7eab3b850baf34eed9a9dca8 -Author: Durand Fabrice -Date: Mon Mar 2 15:02:00 2015 -0500 +commit 7b7f076d0731a722e151152d2eb3571783e4347d +Author: James Rouzier +Date: Wed Apr 15 10:42:10 2015 -0400 - Removed dependencie + Return proper exit code -M addons/packages/packetfence.spec +M lib/pf/cmd/pf/checkup.pm -commit a1f0d6fc16275f87267bba330c3923ba19520b15 -Author: Durand Fabrice -Date: Mon Mar 2 15:00:54 2015 -0500 +commit b419a317eaf01f01f146ff4f32d101c0c04ffc4f +Author: James Rouzier +Date: Wed Apr 15 10:41:56 2015 -0400 - Set noarch for packetfence-config + Return proper exit code -M addons/packages/packetfence.spec +M lib/pf/cmd/pf/cache.pm -commit 130f2ce88ceb82a63329c1de94a4e92c6893e5ef -Author: Durand Fabrice -Date: Mon Mar 2 14:23:54 2015 -0500 +commit 2eb1204dec33164181aa35f0acd959f7f1875577 +Author: James Rouzier +Date: Wed Apr 15 10:41:45 2015 -0400 - Test if pf user exist before trying to remove it + Return proper exit code -M addons/packages/packetfence.spec +M lib/pf/base/cmd/config_store.pm -commit 37d4cf1008ff53f7dd781ad65e47d293beb40adc -Author: Durand Fabrice -Date: Mon Mar 2 14:01:02 2015 -0500 +commit 256513d7802ad5e7c11013d4dfcc058eb317ceca +Author: James Rouzier +Date: Wed Apr 15 10:38:16 2015 -0400 - replace space by tab in debian/rules + Return proper exit code + + Fixes #474 -M debian/rules +M lib/pf/cmd/pf/version.pm -commit 030d304597cf3bff3e71470bd786751d70ea979b -Author: Julien Semaan -Date: Mon Mar 2 13:45:42 2015 -0500 +commit 42e3ca523775483bba8a96444f5476b62b957f7b +Author: James Rouzier +Date: Wed Apr 15 10:31:00 2015 -0400 - fix chkconfig on pfconfig init script + New constant for pf::constants::exit_code -M addons/pfconfig/pfconfig.init +M lib/pf/constants/exit_code.pm -commit d6befe9abd3dea68e5622302018793fa45306b4c -Author: Julien Semaan -Date: Mon Mar 2 13:03:59 2015 -0500 +commit cce50f8050d1596daf784664673a1fe9c4222ac7 +Author: James Rouzier +Date: Wed Apr 15 09:56:51 2015 -0400 - missing supportsRoamingAccounting in MockedSwitch + Remove the verboseness of pfcmd fixpermissions + + Fixes #473 -M lib/pf/Switch/MockedSwitch.pm +M lib/pf/cmd/pf/fixpermissions.pm -commit a85bc0d8920d2720956a88ba661dbff9d99ed4bb -Author: Durand Fabrice -Date: Mon Mar 2 11:49:06 2015 -0500 +commit 603959afc5135085017c166e4ad093715f9792dc +Author: James Rouzier +Date: Wed Apr 15 09:41:47 2015 -0400 - Fix missing attribute in locationlog + Remove display of readonly text + + Fixes #475 -M lib/pf/locationlog.pm +M html/pfappserver/root/config/profile/tab-content.tt -commit 11282c5198561b06795277745b9db70708201389 -Author: Zammit Ludovic -Date: Mon Mar 2 11:36:58 2015 -0500 +commit 5c84ca12abe530d747774e1803e3982c519d1797 +Author: Julien Semaan +Date: Wed Apr 15 09:25:05 2015 -0400 - Fix label module name + Add node for eap local accounts + encryption in upgrade -M html/pfappserver/lib/pfappserver/I18N/i_default.po -A lib/pf/profile/filter/node_role.pm +M UPGRADE.asciidoc -commit 988c76555b000c7b95a54e2162c0163ee59699bf -Author: Durand Fabrice -Date: Mon Mar 2 11:04:25 2015 -0500 +commit 3ab3264a23c55b3272d227f8f561535d373be31f +Author: Julien Semaan +Date: Wed Apr 15 09:22:52 2015 -0400 - Added old roaming snmp trap code as comment for AeroHIVE AP + Add note for encryption + eap local accounts in admin guide -M lib/pf/Switch/AeroHIVE.pm +M docs/PacketFence_Administration_Guide.asciidoc -commit ec9a054965603cf34dba00e58c65b30f903844dd +commit 08063c8b0a72fc19d8461263e867d3dfefc03602 Author: Durand Fabrice -Date: Mon Mar 2 11:01:11 2015 -0500 +Date: Wed Apr 15 08:45:24 2015 -0400 - Fix wrong portal instantiate on 802.1x autoreg + Restart packetfence-config on upgrade -M lib/pf/Portal/ProfileFactory.pm -M lib/pf/vlan.pm +M addons/packages/packetfence.spec +M debian/packetfence-config.preinst +M debian/packetfence.preinst -commit 9efaf07d02543d4700e44e8371c5ecec17eba302 -Author: Derek Wuelfrath -Date: Mon Mar 2 10:54:46 2015 -0500 +commit a9f2ca835e28b4a1342ea63785d2d5c9815e9980 +Author: Julien Semaan +Date: Wed Apr 15 08:42:52 2015 -0400 - Fixing previous commit (wrong version) + More notes on iptables upgrade to 5.0 M UPGRADE.asciidoc -commit 1a6e7ef78981844a7ec4fea41e91deacd74f8623 -Author: Derek Wuelfrath -Date: Mon Mar 2 10:53:31 2015 -0500 +commit ff6380ca791ca83c3d0f3e979356272b11b4f1a4 +Author: Julien Semaan +Date: Wed Apr 15 08:38:05 2015 -0400 - Missing upgrade procedure + Add upgrade note for %%input_mgmt_guest_rules%% removed M UPGRADE.asciidoc -commit 2da8e815d678e18db117b1642d7642fe9ba039ce -Author: James Rouzier -Date: Mon Mar 2 10:18:57 2015 -0500 +commit 0c77b7c97bda8d7a2f3d9d0df50b3a110d1ab58c +Author: James Rouzier +Date: Tue Apr 14 23:49:14 2015 -0400 + + Search for fingerbank items + +M html/pfappserver/lib/pfappserver/Base/Controller/Crud/Fingerbank.pm +M html/pfappserver/lib/pfappserver/Base/Model/Fingerbank.pm +M html/pfappserver/root/config/fingerbank/combination/list.tt +A html/pfappserver/root/config/fingerbank/combination/search.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/list.tt +A html/pfappserver/root/config/fingerbank/dhcp_fingerprint/search.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/list.tt +A html/pfappserver/root/config/fingerbank/dhcp_vendor/search.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/list.tt +A html/pfappserver/root/config/fingerbank/mac_vendor/search.tt +A html/pfappserver/root/config/fingerbank/pagination.tt +A html/pfappserver/root/config/fingerbank/search.tt +M html/pfappserver/root/config/fingerbank/user_agent/list.tt +A html/pfappserver/root/config/fingerbank/user_agent/search.tt +M html/pfappserver/root/static/admin/config/items.js + +commit e7505e9b3a67a996c556838a2ade48c53c1e7fbd +Author: Derek Wuelfrath +Date: Tue Apr 14 23:19:25 2015 -0400 - Update .gitignore file + Revert "Add the ability to add a violation right from the fingerbank listing" + + This reverts commit bcceb30ec6624d79813f531392604ebc7ec96ca0. -M .gitignore +M html/pfappserver/root/config/fingerbank/device/children.tt +M html/pfappserver/root/config/fingerbank/device/list.tt +M html/pfappserver/root/config/fingerbank/device/upstream/children.tt +M html/pfappserver/root/config/fingerbank/device/upstream/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/list.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/list.tt +M html/pfappserver/root/config/fingerbank/user_agent/list.tt -commit 7be803c19d98cda7f6f87eab2fae8ea9e3337e86 +commit a18e5d1a7b9ab161ffe9f2424136036d30ba9585 Author: Julien Semaan -Date: Mon Mar 2 09:05:11 2015 -0500 +Date: Tue Apr 14 18:44:36 2015 -0400 - various fixes to setRole flow + Add note for registration range being removed -M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm -M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm -M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm +M UPGRADE.asciidoc -commit 5904de1d92774e71e69b0f64c795e7037c299eed +commit ac4b44d81441c0548e362d1dcda3020140921137 Author: Julien Semaan -Date: Fri Feb 27 16:05:17 2015 -0500 +Date: Tue Apr 14 17:14:41 2015 -0400 - pass source id in guest + Remove debug logging -M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm +M lib/pf/web/externalportal.pm -commit 10538002500633c0af21c098ef7625e00e757509 -Author: Antoine Amacher -Date: Fri Feb 27 15:50:48 2015 -0500 +commit e9c2656146aa8e00eaaf70a52ce795244dfd88c5 +Author: Julien Semaan +Date: Tue Apr 14 17:05:18 2015 -0400 - fix refs + added haproxy dashboard + doc + reorganized cluster config -M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm +M conf/haproxy.conf.example +M conf/iptables.conf.example +M docs/PacketFence_Clustering_Guide.asciidoc -commit ada718d90f9d03f7ab4d2ffa449310f2f3b81e87 -Author: Julien Semaan -Date: Fri Feb 27 15:41:48 2015 -0500 +commit 3e25734de4c63f99bd0b6022efabb920adbddd37 +Author: Louis Munro +Date: Tue Apr 14 16:55:08 2015 -0400 - gix syntax + Fixed incorrect sql comments syntax. -M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm +M db/upgrade-X.X.X-X.Y.Z.sql -commit a698597a3595febda1984217a02a2f552f66e577 -Author: Julien Semaan -Date: Fri Feb 27 15:29:37 2015 -0500 +commit 54fa3743e7ae8d642304111be08b933c8dd5336e +Author: Louis Munro +Date: Tue Apr 14 16:54:38 2015 -0400 - use setrole in guest registration + Initial versison of the upgrade guide. -M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm +M UPGRADE.asciidoc -commit 28ce0990d4900795b8776daf8dc88eafdc2f2694 -Author: Julien Semaan -Date: Fri Feb 27 15:22:05 2015 -0500 +commit ca7056ec9aece20204c3b0f64150488ccd2895d7 +Author: James Rouzier +Date: Tue Apr 14 16:39:51 2015 -0400 - made error message better + Remove the timestamp validation when rewriting config + + Fixes #463 -M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm +M lib/pf/config/cached.pm -commit 142200a25753aaf8eeb56e2e8002cf7aa53b072c -Author: Julien Semaan -Date: Thu Feb 26 14:36:56 2015 -0500 +commit a4fbc12b328783854e34ef6f8c2efb54e09daced +Author: Durand Fabrice +Date: Tue Apr 14 16:15:20 2015 -0400 - Show better error messages when auth doesn't give proper role or unregdate + Added realm as an option -M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm +M lib/pf/vlan.pm -commit 5475c1b63f3486658c17a29ecb7a7cd5057d5a9c -Author: Durand Fabrice -Date: Sat Feb 28 17:30:20 2015 -0500 +commit 9688993668df9c345292c50103ad0429e30df6e4 +Author: Julien Semaan +Date: Tue Apr 14 15:47:31 2015 -0400 - Normalize log + call reevaluate access when autoregging with violation -M lib/pf/node.pm +M lib/pf/action.pm -commit 253288b497fae729f2f50c4b0d85e8298ac04aa0 -Author: Durand Fabrice -Date: Sat Feb 28 17:09:50 2015 -0500 +commit d96780c3ac63b7f151e511f71d9dacf4c8da3fe0 +Author: James Rouzier +Date: Tue Apr 14 15:39:15 2015 -0400 - Standardize log + update pod doc -M lib/pf/vlan.pm -M lib/pf/vlan/filter.pm +M lib/pf/cmd/pf/node.pm -commit ab87c5582e0dacd6127597745ebdaf1fef73a8e0 -Author: Durand Fabrice -Date: Sat Feb 28 17:05:58 2015 -0500 +commit b6e55e63717c33b18b1944bd8c0fe85f6fd12045 +Author: extrafu +Date: Tue Apr 14 15:21:47 2015 -0400 - Removed : Use of uninitialized value $switch_mac in httpd.aaa.error log file + Fixed typo -M lib/pf/radius.pm +M NEWS.asciidoc -commit 48ccebe8cc82e1877455c66a89326f6a2371a642 +commit 549ec0bdda62b9d79f59d947bc5dae3d715f741a Author: Julien Semaan -Date: Fri Feb 27 13:55:39 2015 -0500 +Date: Tue Apr 14 15:16:56 2015 -0400 - add limit to connect to pfconfig + use X-Forwarded-For when necessary if detecting IP in external portal -M lib/pfconfig/cached.pm +M lib/pf/Switch/Xirrus/AP_http.pm +M lib/pf/web/externalportal.pm -commit 6e3725f76f42c8a8c261bc99825cad9c1ec9075b +commit a02783f27a6debeb1387604aa15c8387d552308f Author: Julien Semaan -Date: Fri Feb 27 11:59:50 2015 -0500 +Date: Tue Apr 14 15:15:01 2015 -0400 - missing file in spec + make haproxy balance http on source ip -M addons/packages/packetfence.spec +M lib/pf/services/manager/haproxy.pm -commit 062c4b16d4b877262367ed9c9de6ce001bfe63fb -Author: Durand Fabrice -Date: Fri Feb 27 11:56:09 2015 -0500 +commit 9246c8195bc951179990d0da82156b60d396a9ca +Author: Louis Munro +Date: Tue Apr 14 15:11:41 2015 -0400 - Fixed perl library name + Added ref to new documentation. -M debian/control +M NEWS.asciidoc -commit 3ae8fb57321e199ec56a071d9bcf5050037a45f9 -Author: Julien Semaan -Date: Fri Feb 27 11:38:21 2015 -0500 +commit e294920f945d8bbc027af8e3171f7feaa6e29ca6 +Author: Louis Munro +Date: Tue Apr 14 15:03:15 2015 -0400 - Revert "comment out doc generation temporarly" - - This reverts commit 8ad7ead0067656b93cc4c1aea386fb5bf2934d50. + Detailed FingerBank integration. -M addons/packages/packetfence.spec +M NEWS.asciidoc -commit 84e1fd7099cc726ec701c5949f31277d1dfe76ed -Author: Julien Semaan -Date: Fri Feb 27 11:35:03 2015 -0500 +commit b2858263aac95720593470fe2ef9607ac211e7d4 +Author: Louis Munro +Date: Tue Apr 14 14:53:26 2015 -0400 - comment out doc generation temporarly + Added major new features for v5 release. -M addons/packages/packetfence.spec +M NEWS.asciidoc -commit c63fd0a17722119131802cdf126b8822abed5454 -Author: Durand Fabrice -Date: Fri Feb 27 11:32:46 2015 -0500 +commit 99d1146eda8f4dadac9920a6c61c73aa4670e293 +Author: James Rouzier +Date: Tue Apr 14 14:41:27 2015 -0400 - Fixed path for pfconfig + Handle case where there is no action -M addons/packages/packetfence.spec +M lib/pf/base/cmd/action_cmd.pm -commit 4298a17e5c1a9f654931b544a8a869be08dfa1af -Author: Julien Semaan -Date: Fri Feb 27 11:05:23 2015 -0500 +commit f765a62f95b669fe2983bee574553c59acb821b1 +Author: James Rouzier +Date: Tue Apr 14 12:22:38 2015 -0400 - fix builds + Fixed pfcmd node edit -M addons/packages/packetfence.spec +M lib/pf/cmd/pf/node.pm -commit 01ef7e242863b5d3a9c51478b0e2b10d724333af -Author: Julien Semaan -Date: Fri Feb 27 10:52:10 2015 -0500 +commit f120b789cc72dd1b029c00b8ad1c5bc6cbc7c3fa +Author: James Rouzier +Date: Mon Apr 13 13:40:48 2015 -0400 - fix forgotten renaming + Added 'pfcmd node view|count' commands -M addons/packages/packetfence.spec +M lib/pf/cmd/pf/node.pm -commit dac5be4cbd91b338f2a28ff9f865f0c236c76790 -Author: Julien Semaan -Date: Fri Feb 27 10:50:12 2015 -0500 +commit 87c57420c78b7a9e84cd002b7d2ae593e76b76c5 +Author: James Rouzier +Date: Mon Apr 13 12:23:49 2015 -0400 - rename packetfence-pfconfig packetfence-config + Updated pod doc -M addons/packages/packetfence.spec -M debian/control -A debian/packetfence-config.init -A debian/packetfence-config.postinst -A debian/packetfence-config.postrm -A debian/packetfence-config.preinst -A debian/packetfence-config.prerm -D debian/packetfence-pfconfig.init -D debian/packetfence-pfconfig.postinst -D debian/packetfence-pfconfig.postrm -D debian/packetfence-pfconfig.preinst -D debian/packetfence-pfconfig.prerm -M debian/packetfence.init -M debian/rules +M lib/pf/cmd/pf/node.pm -commit 9c6db9f7bd59c5dcac42647a0d361416747c8aab -Author: Julien Semaan -Date: Fri Feb 27 10:39:37 2015 -0500 +commit d032c3551fc09c1746d17de12d8664d817c29f24 +Author: James Rouzier +Date: Mon Apr 13 11:20:57 2015 -0400 - fix init script start order + Updated pod doc -M addons/pfconfig/pfconfig.init -M debian/packetfence-pfconfig.init -M debian/packetfence.init +M lib/pf/cmd/pf/node.pm -commit 22ee9aca97fe512a4830974d113f035a15a3f65a -Author: Julien Semaan -Date: Fri Feb 27 10:18:03 2015 -0500 +commit 1f345a7c7d5867e29ac51f316630a28238a741c5 +Author: James Rouzier +Date: Mon Apr 13 11:15:06 2015 -0400 - ameliorations to pfconfig cmd + use the pf::constants::exit_code -M addons/pfconfig/cmd.pl +M lib/pf/cmd/pf/node.pm -commit 38c5b1b50f7f6508bae03981506276d8b0eafcdb -Author: Durand Fabrice -Date: Fri Feb 27 10:32:33 2015 -0500 +commit 959619626d3abc8f0426761c7bafed12eb6af1c4 +Author: James Rouzier +Date: Mon Apr 13 11:11:54 2015 -0400 - PacketFence depend of packetfence-pfconfig + constants for exit statuses -M addons/packages/packetfence.spec -M debian/control +A lib/pf/constants/exit_code.pm -commit 1966429269cf45b67251938784555104dfe49b4e -Author: Durand Fabrice -Date: Fri Feb 27 10:23:36 2015 -0500 +commit 6b99ae3e98876750611f0f8c03214bdf031fe1b9 +Author: James Rouzier +Date: Mon Apr 13 10:59:10 2015 -0400 - Renamed packetfence-config to packetfence-pfconfig + Fix return results of 'pfcmd node add' -M addons/packages/packetfence.spec +M lib/pf/cmd/pf/node.pm -commit c2dbeb0d38cb267f87774423efa7fc96facbd4ab -Author: Durand Fabrice -Date: Fri Feb 27 10:18:43 2015 -0500 +commit acbabf2bbc19e3e5c9ee1447e152d9516c6f3fc3 +Author: James Rouzier +Date: Mon Apr 13 10:48:14 2015 -0400 - Moved dependencies in packetfence-pfconfig + Add the 'pfcmd node edit' command -M addons/packages/packetfence.spec +M lib/pf/cmd/pf/node.pm -commit 042f8dbbf4e8bc850ee9522139afc7089740aaf1 -Author: Durand Fabrice -Date: Fri Feb 27 10:13:04 2015 -0500 +commit d2dfc53ea61004a392e2abcbfab08e7bbee1b331 +Author: James Rouzier +Date: Mon Apr 13 10:40:00 2015 -0400 - Added packetfence-pfconfig package for debian + Add user validation to the 'pfcmd node add' command -M debian/control -A debian/packetfence-pfconfig.postinst -A debian/packetfence-pfconfig.postrm -A debian/packetfence-pfconfig.preinst -A debian/packetfence-pfconfig.prerm -M debian/rules +M lib/pf/cmd/pf/node.pm -commit c9c49190989c4baad27660945d9f1e57351b2cae -Author: Durand Fabrice -Date: Fri Feb 27 09:39:43 2015 -0500 +commit 1e166fd9446be13401900b56366f4d1e912f8b4f +Author: James Rouzier +Date: Fri Apr 10 16:51:07 2015 -0400 - Added packetfence-config package in spec file + Initial start pfcmd node command -M addons/packages/packetfence.spec +A lib/pf/cmd/pf/node.pm -commit 506218ab74840c66a5c5cb3eddc7d811235a69b0 +commit 8b4711123657e9df3280119281cf15c2c2e450ae Author: Julien Semaan -Date: Fri Feb 27 10:11:31 2015 -0500 +Date: Tue Apr 14 14:32:03 2015 -0400 - move the pfconfig socket (again) + populate radius_nas table on configreload -M lib/pfconfig/util.pm +M lib/pf/config.pm -commit c838dd2e20f80eefab17fb8147a69629216aec7e -Author: Louis Munro -Date: Fri Feb 27 15:40:40 2015 -0500 +commit e76594626354ed3297c05b83396d5648041f2943 +Author: Derek Wuelfrath +Date: Tue Apr 14 13:45:25 2015 -0400 - Updated NEWS file for PR 394. + TRACE should not log in DEBUG -M NEWS.asciidoc +M lib/pfconfig/log.pm -commit f8fd304e754a9870765383bfaae3fee31c53236d -Author: James Rouzier -Date: Fri Feb 27 15:30:09 2015 -0500 +commit 3a0daa9cb78cfe8e186c8ff8168482193cd2bdd7 +Author: Julien Semaan +Date: Tue Apr 14 13:40:53 2015 -0400 - Added label for date range + add empty users deletion to clustering doc -M html/pfappserver/root/admin/nodes.tt +M docs/PacketFence_Clustering_Guide.asciidoc -commit 2eaa51ecd86677b21479ade31f159d89ad6869ef +commit 8b07193d8b54c57297d0e65e9963706cb404002e Author: Julien Semaan -Date: Fri Feb 27 14:38:19 2015 -0500 +Date: Tue Apr 14 13:23:08 2015 -0400 - news entry for #356 + added additionnal files config to cluster sync -M NEWS.asciidoc +M bin/cluster/sync +M docs/PacketFence_Clustering_Guide.asciidoc +M lib/pf/api.pm +M lib/pf/cluster.pm -commit 4c2e114a96dd4607d1fd87496af5087b9a2b6839 +commit d4469721b0fea75a69b696a2485291bc43313a2e Author: James Rouzier -Date: Fri Feb 27 13:58:20 2015 -0500 +Date: Tue Apr 14 12:11:25 2015 -0400 - Update copyright + Fix sub command not showing help -M conf/locale/de/LC_MESSAGES/packetfence.po -M conf/locale/es/LC_MESSAGES/packetfence.po -M conf/locale/fr/LC_MESSAGES/packetfence.po -M conf/locale/he_IL/LC_MESSAGES/packetfence.po -M conf/locale/it/LC_MESSAGES/packetfence.po -M conf/locale/nl/LC_MESSAGES/packetfence.po -M conf/locale/pl_PL/LC_MESSAGES/packetfence.po -M conf/locale/pt_BR/LC_MESSAGES/packetfence.po -M html/pfappserver/lib/pfappserver/I18N/fr.po +M lib/pf/cmd/subcmd.pm -commit de1449177c7c5bac934e06007ed783c5ff876f35 -Author: Louis Munro -Date: Fri Feb 27 11:43:14 2015 -0500 +commit d5c89426ea94720a2fd48913ec7aa9837c77d07b +Author: Durand Fabrice +Date: Tue Apr 14 12:10:50 2015 -0400 - Updated NEWS file for PR 318 (made admin GUI customizable). + Manage portal on mgmt interface with haproxy -M NEWS.asciidoc +M lib/pf/services/manager/haproxy.pm -commit 47f7779afa0380ff915200bc7ae62324e6f54d28 -Author: Durand Fabrice -Date: Fri Feb 27 11:37:23 2015 -0500 +commit d02ba79f128817f8310ee41cec588cd78db9f97e +Author: Julien Semaan +Date: Tue Apr 14 11:48:14 2015 -0400 - Updated NEWS.asciidoc file + bad sql in locationlog sessions -M NEWS.asciidoc +M lib/pf/locationlog.pm -commit a59c63af588695cd310ef8cf04894a2e63630641 -Author: Louis Munro -Date: Fri Feb 27 11:27:54 2015 -0500 +commit 9ef90d1bbfa67b3b9af9cc55cc857149834ec8ae +Author: James Rouzier +Date: Tue Apr 14 11:07:57 2015 -0400 - Added NEWS entry for PR 343. + Fix double node display in the admin + + Fixes #442 -M NEWS.asciidoc +M html/pfappserver/lib/pfappserver/Model/Search/Node.pm -commit 0650c9905617afc8b06756e16ee1eaf8e4ba81c0 -Author: Louis Munro -Date: Fri Feb 27 11:22:43 2015 -0500 +commit fccfb8c0808bee29775d527f62345190be62b907 +Author: James Rouzier +Date: Tue Apr 14 10:20:41 2015 -0400 - Reworded previous NEWS entry. - Now contains more better message. + Display load error -M NEWS.asciidoc +M lib/pf/cmd/subcmd.pm -commit 80afea6e368495061d4ceee6ccaeef14bad7e03b -Author: Louis Munro -Date: Fri Feb 27 11:20:55 2015 -0500 +commit 7c1b8b9948b5ca82a2c321a216f28d5585a175d9 +Author: James Rouzier +Date: Tue Apr 14 10:14:42 2015 -0400 - Updated NEWS file to include PR 360. + Moved configreload functionality to pf::config -M NEWS.asciidoc +M lib/pf/cmd/pf/configreload.pm +M lib/pf/cmd/pf/service.pm +M lib/pf/config.pm -commit a4912af3d6fcf547a21f90b0ef14c427e1fd5cf1 -Author: Louis Munro -Date: Fri Feb 27 11:18:38 2015 -0500 +commit bcceb30ec6624d79813f531392604ebc7ec96ca0 +Author: Derek Wuelfrath +Date: Mon Apr 13 17:23:23 2015 -0400 - Updated NEWS file for PR 361. + Add the ability to add a violation right from the fingerbank listing -M NEWS.asciidoc +M html/pfappserver/root/config/fingerbank/device/children.tt +M html/pfappserver/root/config/fingerbank/device/list.tt +M html/pfappserver/root/config/fingerbank/device/upstream/children.tt +M html/pfappserver/root/config/fingerbank/device/upstream/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/list.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/list.tt +M html/pfappserver/root/config/fingerbank/user_agent/list.tt -commit 3e74a66b1ce3beb98adea3b2bcc05f0122c8bba8 -Author: Louis Munro -Date: Fri Feb 27 11:15:09 2015 -0500 +commit e70e7c5768aabd98752dc70f37301782480ec9ea +Author: Julien Semaan +Date: Mon Apr 13 16:58:19 2015 -0400 - Updated NEWS file for PR 341. + added IsPhone scope for vlan filters to radius switches -M NEWS.asciidoc +M conf/vlan_filters.conf.example +M lib/pf/radius.pm -commit d4f221a96d78f6e5ee1a392a467bfc0cc20112aa -Author: Louis Munro -Date: Fri Feb 27 11:11:55 2015 -0500 +commit 335f6a2f83c37b96c9db1d5a4aaa56a4afdb4771 +Author: Derek Wuelfrath +Date: Mon Apr 13 16:18:28 2015 -0400 - Added NEWS entry for PR 362. + NEXT if is_error -M NEWS.asciidoc +M lib/pf/fingerbank.pm -commit d03f7c3a36f5293f89c5438ee0949efb1b43e4ea -Author: Julien Semaan -Date: Thu Feb 26 14:15:36 2015 -0500 +commit 506b57b447c5c9213a882ee15c558ee490ca72d5 +Author: James Rouzier +Date: Mon Apr 13 15:48:13 2015 -0400 - add control file dir creation + Do not allow a role to be renamed + + Fixes #441 -M addons/packages/packetfence.spec +M html/pfappserver/lib/pfappserver/Form/Role.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Roles.pm -commit 4e3b9447cb7dfa08de11fb4d3884ccae38aabc95 -Author: Julien Semaan -Date: Thu Feb 26 14:03:57 2015 -0500 +commit 5fabf3e38fc75b95fa398d7cfcff5feb17b23230 +Author: James Rouzier +Date: Mon Apr 13 15:05:44 2015 -0400 - create control files dir in builds + Merge alter table for node -M addons/packages/packetfence.spec +M db/upgrade-X.X.X-X.Y.Z.sql -commit a9109788d6d1610fd18e2472e3dcfd7079554f81 +commit eb5128a0aefb6c1c3bcfe51835f798812f22eacc Author: Julien Semaan -Date: Thu Feb 26 13:30:16 2015 -0500 +Date: Mon Apr 13 14:28:58 2015 -0400 - change socket path + remove services dependencies from keepalived -M lib/pfconfig/util.pm +M lib/pf/services/manager/keepalived.pm -commit 53fddb3f8c4bbaeb03e175925c8669ca2d7622db +commit aa5368ae053a47dbde94a9c0b8b27038d750379d Author: Julien Semaan -Date: Thu Feb 26 12:40:11 2015 -0500 +Date: Mon Apr 13 14:25:19 2015 -0400 - move pfconfig socket + added omapi config section in admin interface -M lib/pfconfig/util.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Configuration.pm +M html/pfappserver/root/admin/configuration.tt -commit 81863559900a6e520026e416d2b6b4cd71fc8d75 -Author: Julien Semaan -Date: Thu Feb 26 10:28:11 2015 -0500 +commit 1cbc6b3c248e325d6c0dc9ef522436c06e630943 +Author: James Rouzier +Date: Mon Apr 13 14:16:26 2015 -0400 - Add sbin/pfconfig to spec file + Config reload on service start + + fixes #462 -M addons/packages/packetfence.spec +M lib/pf/cmd/pf/service.pm -commit 4be6ef753f5dd28c6d9342132e64df08e24d7db5 +commit a2db146f33a1d2f82ad5bac8d301be66977c4f80 Author: Julien Semaan -Date: Thu Feb 26 10:08:27 2015 -0500 +Date: Mon Apr 13 08:08:31 2015 -0400 - missing program in prepare config + new locationlog columns were in the wrong schema -M t/prepare-pfconfig.t +M db/pf-schema-4.7.0.sql +M db/pf-schema-X.Y.Z.sql -commit a2db525237b30362a547c8875dc68ff93755ce8a +commit 85d9d1f413622bab2be98ee91a95b3f100d54e3b Author: Julien Semaan -Date: Thu Feb 26 10:05:22 2015 -0500 +Date: Fri Apr 10 15:47:16 2015 -0400 - make prepare pfconfig executable + put web auth session id in locationlog so it's distributed -M t/prepare-pfconfig.t +M db/pf-schema-4.7.0.sql +M db/upgrade-X.X.X-X.Y.Z.sql +M lib/pf/Switch/Cisco/Catalyst_2960_http.pm +M lib/pf/Switch/Cisco/WLC_http.pm +M lib/pf/locationlog.pm +M lib/pf/web/externalportal.pm -commit 08737515b7a6e0def37473467092797bd432b8b2 +commit 3258dca2414691502af442ecdd877dd8c79b3a53 Author: Julien Semaan -Date: Thu Feb 26 09:58:43 2015 -0500 +Date: Fri Apr 10 15:43:21 2015 -0400 - add test preparation for pfconfig + add fqdn to expirable resources -A t/prepare-pfconfig.t +M lib/pfconfig/namespaces/config/Pf.pm -commit 40fb992cc7d3f3e3afa7658642115e4a085e8c0b -Author: Zammit Ludovic -Date: Fri Feb 20 13:12:32 2015 -0500 +commit 9e0b3812d8c2c3b5bbc3cf5893ffd200870ecee9 +Author: Derek Wuelfrath +Date: Fri Apr 10 15:15:40 2015 -0400 - fix label Node role + $ip <-> $lease_length on iplog_update with lease time -M html/pfappserver/lib/pfappserver/I18N/i_default.po +M lib/pf/iplog.pm -commit e2f9984f1e95e2902da3ea9fdc22ebe33095f63e -Author: Zammit Ludovic -Date: Fri Feb 20 12:57:47 2015 -0500 +commit bdf4770de5557b2745759586a291be7827256590 +Author: Derek Wuelfrath +Date: Fri Apr 10 10:53:52 2015 -0400 - Add filter category on portal profile + Do not process Fingerbank if no result -M html/pfappserver/lib/pfappserver/I18N/i_default.po -A lib/pf/profile/filter/category.pm +M lib/pf/fingerbank.pm -commit 0fe712ed7cdbd8d549b33ee9e9e7043749b5feb0 -Author: Durand Fabrice -Date: Thu Feb 19 09:45:05 2015 -0500 +commit 0982d54a6e9f66a60e3a402e9a0c7d888984ca3b +Author: Derek Wuelfrath +Date: Fri Apr 10 10:35:16 2015 -0400 - Fixed syntax + Trigger violations based on parents -M html/pfappserver/lib/pfappserver/Form/Config/ProfileCommon.pm -M lib/pf/vlan.pm +M lib/pf/fingerbank.pm -commit 6e65596a327204046a372923ad9cea6eb1c06b04 -Author: Durand Fabrice -Date: Tue Feb 17 09:45:50 2015 -0500 +commit 11faabc97d7d9cbb6be4d70197ba0d6223fd1ca8 +Author: Derek Wuelfrath +Date: Fri Apr 10 10:33:43 2015 -0400 - Dynamic_unregdate is only after we call SET_UNREG_DATE + Reworked the flow of violation trigger inside Fingerbank to avoid null values -M lib/pf/vlan.pm +M lib/pf/fingerbank.pm -commit fbbb885e970d1f8c7201ba4faa6d05fedd526c94 -Author: Durand Fabrice -Date: Mon Feb 16 16:11:29 2015 -0500 +commit 40fd6393c330b4d95b6b786ef968cedd3b65781a +Author: Julien Semaan +Date: Fri Apr 10 09:38:33 2015 -0400 - Added field dot1x_recompute_role_from_portal + added note to change secret in clustering -M html/pfappserver/lib/pfappserver/Form/Config/ProfileCommon.pm +M docs/PacketFence_Clustering_Guide.asciidoc -commit 1d11ed600032fde1d6c1911365ce0edba9133ca1 -Author: Durand Fabrice -Date: Tue Feb 10 10:12:32 2015 -0500 +commit b1cd7caa7cff55e9ff8169cfdaec4e8ba56d7246 +Author: Julien Semaan +Date: Fri Apr 10 09:27:41 2015 -0400 - Added $autoreg variable to be sure of the current status of the node + isManaged for keepalived was not set properly -M lib/pf/radius.pm -M lib/pf/vlan.pm +M lib/pf/services/manager/keepalived.pm -commit bcb9891c7e8f12a982030d946df819778419543a -Author: Durand Fabrice -Date: Tue Feb 10 08:47:46 2015 -0500 +commit 225a0eeb07a7d1a3fdf0faf645dbd5927d67d021 +Author: Julien Semaan +Date: Fri Apr 10 09:12:19 2015 -0400 - Fixed syntax and add configuration parameter in checkup.pm + touchups to clustering doc -M lib/pf/pfcmd/checkup.pm -M lib/pf/vlan.pm +M docs/PacketFence_Clustering_Guide.asciidoc -commit ffbee43001b0ae75c134620c26720ef82065b9b5 -Author: Durand Fabrice -Date: Mon Feb 9 16:29:38 2015 -0500 +commit c13213d14fa128714bf92d65221a88c6d46ad395 +Author: Julien Semaan +Date: Fri Apr 10 08:38:50 2015 -0400 - return 1 as vlan id if autoregister vlan filter rule match + add active/active section to config template -M lib/pf/vlan.pm -M lib/pf/vlan/filter.pm +M html/pfappserver/root/admin/configuration.tt -commit 2c40828e634bb2cf2360b1549766a45f2469338d -Author: Durand Fabrice -Date: Mon Feb 9 15:42:58 2015 -0500 +commit 2b39bacdd5f862e769cf5097ea9acaa8a2735ca8 +Author: Julien Semaan +Date: Fri Apr 10 08:38:37 2015 -0400 - Added dot1x_recompute_role_from_portal on the portal profile to recompute or not the role when we do a dot1x connection + add virtual_router_id to keepalive for multiple clusters in same L2 -M html/pfappserver/lib/pfappserver/Form/Config/ProfileCommon.pm -M lib/pf/Portal/Profile.pm -M lib/pf/vlan.pm +M conf/documentation.conf +M conf/pf.conf.defaults +M lib/pf/services/manager/keepalived.pm -commit b455db4eeec9aed48d2ef32257a26e494ad51639 -Author: Durand Fabrice -Date: Mon Feb 9 15:30:50 2015 -0500 +commit 2a30b8b20062448a95348279977e3902c5e599e9 +Author: Julien Semaan +Date: Fri Apr 10 08:37:53 2015 -0400 - Moved the call to vlan filter in getRegistrationVlan to be sure that the status of the node is unreg or in pending mode + add option to pfconfig cmd to clear overlay -M lib/pf/vlan.pm +M addons/pfconfig/cmd.pl +M lib/pfconfig/manager.pm -commit a2da2e34496e479b132e20b7f79910938ad68d7e -Author: Durand Fabrice -Date: Wed Feb 4 15:31:36 2015 -0500 +commit 43267db260e646a90aa93006f8ac75fd7f259662 +Author: Julien Semaan +Date: Thu Apr 9 18:17:40 2015 -0400 - If 802.1x without autoreg then we compute the role + Update NEWS.asciidoc -M lib/pf/vlan.pm +M NEWS.asciidoc -commit ee822af24c911b8d1b97097288470b93381120a5 -Author: Durand Fabrice -Date: Wed Feb 4 13:49:48 2015 -0500 +commit d4f22434ab57068f3ecf9fc9347b4a6f84930649 +Author: Julien Semaan +Date: Thu Apr 9 17:55:38 2015 -0400 - Remove call to person and lookup_person in vlan.pm (done in node_register) + make admin listen on cluster interface when enabled -M lib/pf/node.pm -M lib/pf/vlan.pm +M conf/httpd.conf.d/httpd.admin -commit 1216e4a2f8a37ca17644a3eee45300f7dc1f035a -Author: Durand Fabrice -Date: Wed Feb 4 10:41:06 2015 -0500 +commit 97cdf7a1231302bf73f328b32e00cc2e0e96fb8d +Author: Julien Semaan +Date: Thu Apr 9 17:48:16 2015 -0400 - Moved code from getNormalVlan to getNodeInfoForAutoReg + For some reason keepalived was managed by inline... -M lib/pf/vlan.pm +M lib/pf/services/manager/keepalived.pm -commit b99fd0f17c5732cc21c103ddbb69cc2888269ea8 -Author: James Rouzier -Date: Thu Feb 26 18:00:11 2015 -0500 +commit a40d7220c67dada796f1bc53cc459ecfad521be3 +Author: Julien Semaan +Date: Thu Apr 9 17:40:10 2015 -0400 - Make Start date begin at 00:00 and end date end at 23:59 + don't force mysql to be started with PacketFence -M html/pfappserver/lib/pfappserver/Model/Search/Node.pm +M NEWS.asciidoc +M packetfence.init -commit a70917d42b9e01d7e3ca76b54a789f4d90c39ce9 -Author: James Rouzier -Date: Thu Feb 26 12:57:12 2015 -0500 +commit cff983a3e4c32f013c63c563496463cf387c9539 +Author: jrouzierinverse +Date: Thu Apr 9 17:39:37 2015 -0400 - Allow advanced search conditions to be optional + Update regex for matching password hash type -M html/pfappserver/root/admin/nodes.tt -M html/pfappserver/root/static/js/node.js +M lib/pf/password.pm -commit d63e83f749e7ebdf86fe73add422183109535031 -Author: James Rouzier -Date: Thu Feb 26 12:53:58 2015 -0500 +commit cbdb0823e52c0018fa84c09fc6129c679f16fbf5 +Author: Julien Semaan +Date: Thu Apr 9 13:26:17 2015 -0400 - Date range now searches detect_date + adapt pf to opswat api changes -M html/pfappserver/lib/pfappserver/Model/Search/Node.pm +M docs/PacketFence_OPSWAT_Quick_Install_Guide.asciidoc +M lib/pf/provisioner/opswat.pm -commit c9ea799184bb10ad8453b2982cdb7f1afc8b4bea -Author: Durand Fabrice -Date: Thu Feb 26 15:25:26 2015 -0500 +commit 0fcbcd7ad2a4133bea08cced8a1b94fe1e52f8dd +Author: Derek Wuelfrath +Date: Thu Apr 9 17:11:16 2015 -0400 - Removed snmp roaming support for AeroHIVE + Wrong reference for class -M lib/pf/Switch/AeroHIVE.pm +M lib/pf/Portal/Profile.pm -commit cdb0fd4cdf8f9a7bbb5fc3e91a5af9a9d5384cd3 -Author: Durand Fabrice -Date: Thu Feb 26 15:18:19 2015 -0500 +commit 097a624d7e3a7f1abd7d06f0097091d3d96ec11c +Author: Julien Semaan +Date: Thu Apr 9 17:09:45 2015 -0400 - Fixed charset in portal pages + Checkup should only warn that there are no internal networks -M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm -M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Sms.pm -M lib/pf/web/guest.pm +M lib/pf/pfcmd/checkup.pm -commit 74e71241af6f6a8461d936eb7adaa4d73dc5124b -Author: Durand Fabrice -Date: Thu Feb 26 14:45:57 2015 -0500 +commit 11661a59c5bdc5aca30dfb3e365958eaa3a573e7 +Author: Derek Wuelfrath +Date: Thu Apr 9 16:58:47 2015 -0400 - Fix charset in signup + Refactor the class fetching + - A device doesn't always have parent.. A bit like Remy who doesn't have a family -M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm +M lib/pf/fingerbank.pm -commit 19d8d94653b178848dc675312a0da97b6f9288b2 -Author: Durand Fabrice -Date: Thu Feb 26 14:22:53 2015 -0500 +commit b6bc07880e66577a457f4f4a883a94ea9b30a2c9 +Author: James Rouzier +Date: Thu Apr 9 16:39:35 2015 -0400 - Only provides the real locales of the portal + Will show print/email password buttons after reseting password -M html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm +M html/pfappserver/root/static/js/user.js -commit 877a930651ce21583bd51c84fcfdf2329c22bc23 -Author: Durand Fabrice -Date: Thu Feb 26 14:12:50 2015 -0500 +commit 04b19f416069869e1fa29ccadf7f0f56f65aa213 +Author: James Rouzier +Date: Thu Apr 9 16:33:08 2015 -0400 - Fixed charset on error messages on the portal + Only show reset passwords if the password is plaintext -M html/captive-portal/lib/captiveportal/Base/Controller.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/User.pm +M html/pfappserver/root/user/view.tt -commit 0a2c1608efb191265555d6591a46f8c33956c9e2 +commit eee0ef75c26739496706f383d928c087d9c9bfbc Author: James Rouzier -Date: Tue Feb 24 15:34:34 2015 -0500 +Date: Thu Apr 9 16:23:35 2015 -0400 - Consider customizable files as configurations + Added new test for password_get_hash_type -M addons/packages/packetfence.spec -M debian/packetfence.conffiles +M t/password.t -commit 77bac7a675416e6204670b707564904b7b9d6982 +commit b6768034c2bc78b7f938fdf9104007241cc7c29b Author: James Rouzier -Date: Tue Feb 24 14:48:19 2015 -0500 +Date: Thu Apr 9 16:22:19 2015 -0400 - Made Controller::User customizable - -M html/pfappserver/lib/pfappserver/Controller/User.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/User.pm + Added new function password_get_hash_type -commit f9e72fdfcffe31d0b3bfe0354cf11e7d727becc3 -Author: James Rouzier -Date: Tue Feb 24 14:48:14 2015 -0500 +M lib/pf/password.pm - Made Controller::Interface customizable +commit 9967197a2a67c8492afaf1667488fd5ff26a458b +Author: jrouzierinverse +Date: Thu Apr 9 15:57:25 2015 -0400 -M html/pfappserver/lib/pfappserver/Controller/Interface.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Interface.pm + Missed refactoring of pf::SwitchFactory->getInstance -commit 57a970f79cf126dcc88edce3e5c912b288670bec -Author: James Rouzier -Date: Tue Feb 24 14:48:10 2015 -0500 +M addons/pfconfig/comparator/dumper.pl - Made Controller::Graph customizable +commit c3f8bb26da26abd5b52f6ee73fa9151e934e877f +Author: Derek Wuelfrath +Date: Thu Apr 9 15:14:56 2015 -0400 -M html/pfappserver/lib/pfappserver/Controller/Graph.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Graph.pm + DIsplaying the device class in admin GUI for specific node -commit edb554097c491d86a6ccaebfd4c7f7e92795e740 -Author: James Rouzier -Date: Tue Feb 24 14:48:07 2015 -0500 +M html/pfappserver/lib/pfappserver/Form/Node.pm +M html/pfappserver/root/node/view.tt - Made Controller::DB customizable +commit 95f4a619e8f8082d132808c31db252f8276a0fea +Author: Derek Wuelfrath +Date: Thu Apr 9 15:02:14 2015 -0400 -M html/pfappserver/lib/pfappserver/Controller/DB.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/DB.pm + Reworked violations.conf.example -commit c492e0f084e5cc636eaca74370c7229a5de08059 -Author: James Rouzier -Date: Tue Feb 24 14:48:01 2015 -0500 +M conf/violations.conf.example - Made Controller::Configuration customizable +commit 43091352f8688f77d203b165140fc8177f6b4c4a +Author: Francis Lachapelle +Date: Thu Apr 9 14:08:28 2015 -0400 -M html/pfappserver/lib/pfappserver/Controller/Configuration.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Configuration.pm + Configurator: Fix form post of configuration + + We now properly retrieve the value of the radio buttons. -commit 13658aa458b1b2424ef324902108d28251f707ff -Author: James Rouzier -Date: Tue Feb 24 14:46:53 2015 -0500 +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Configurator.pm +M html/pfappserver/root/static/configurator/configuration.js - Made Controller::Roles customizable +commit f124f50edc83ad6fea427e3eaf813ee6b6db28cf +Author: Derek Wuelfrath +Date: Thu Apr 9 13:41:43 2015 -0400 -M html/pfappserver/lib/pfappserver/Controller/Roles.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Roles.pm + Skipping violation triggering if no value -commit 6adc9b69cf35911a127f144032a1db958729036b -Author: James Rouzier -Date: Tue Feb 24 14:46:49 2015 -0500 +M lib/pf/fingerbank.pm - Made Controller::Admin customizable +commit 8ce2ebc3a2ea0fa2d09a17732a204b8a7debba19 +Author: Louis Munro +Date: Thu Apr 9 13:20:09 2015 -0400 -M html/pfappserver/lib/pfappserver/Controller/Admin.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Admin.pm + Hides the password reminder options by default. + + They are to be shown only when passwords are plaintext or when the + password has just been reset. -commit 3702a88bde366c2838f2d84d6db2a28239b9e453 -Author: James Rouzier -Date: Tue Feb 24 14:46:45 2015 -0500 +M html/pfappserver/root/user/view.tt - Made Controller::Configurator customizable +commit 37e2bb00bdadf018fec3095fcb6bfe4ecdc07049 +Author: Derek Wuelfrath +Date: Thu Apr 9 13:17:20 2015 -0400 -M html/pfappserver/lib/pfappserver/Controller/Configurator.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Configurator.pm + 'nodes' now use Fingerbank data -commit ba9957089affa314a6bc78e0bf7fc84096cec55f +M html/pfappserver/lib/pfappserver/Model/Search/Node.pm +M lib/pf/node.pm + +commit c498c526ef94ea71b67a2b1df1a8b97f7c90726f +Author: Derek Wuelfrath +Date: Thu Apr 9 12:54:54 2015 -0400 + + 'person' class now use Fingerbank data + +M lib/pf/person.pm + +commit ad474f066a3e1e8e7f26f9d3dba55ed2049b4656 +Author: Derek Wuelfrath +Date: Thu Apr 9 12:46:28 2015 -0400 + + One query + +M db/upgrade-X.X.X-X.Y.Z.sql + +commit e9ebbd87da484177e293beaf69e631981b82624e +Author: Derek Wuelfrath +Date: Thu Apr 9 12:44:59 2015 -0400 + + Storing device class in node table + +M db/pf-schema-X.Y.Z.sql +M db/upgrade-X.X.X-X.Y.Z.sql +M lib/pf/fingerbank.pm +M lib/pf/node.pm + +commit 594c16672b34a7cbce05710c574aa5fa72b776dd +Author: Julien Semaan +Date: Thu Apr 9 12:11:07 2015 -0400 + + recreate fingerbank symlink in make deve + +M Makefile + +commit f1fa61187c662a8cbc4ee46bbe18df070c8b6f4d +Author: Derek Wuelfrath +Date: Thu Apr 9 11:59:29 2015 -0400 + + This one was lost in translation + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm +M lib/pf/fingerbank.pm +M sbin/pfdhcplistener + +commit 91a8fc863fb333e290a184449132012f59d9ea4d Author: James Rouzier -Date: Tue Feb 24 14:46:38 2015 -0500 +Date: Thu Apr 9 11:52:22 2015 -0400 - Made Controller::Violation customizable + Fixed invalid triggers id -M html/pfappserver/lib/pfappserver/Controller/Violation.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Violation.pm +M conf/violations.conf.example -commit 2235bceacaa8cd19941bf21cffdf62f5c37a9c69 +commit 66a1d6f667ca426d92daeefebef86c8e15b30f94 Author: James Rouzier -Date: Tue Feb 24 14:46:34 2015 -0500 +Date: Thu Apr 9 11:43:37 2015 -0400 - Made Controller::Root customizable + Start in noncluster mode -M html/pfappserver/lib/pfappserver/Controller/Root.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Root.pm +M lib/pf/services/manager/pfdhcplistener.pm +M lib/pf/services/manager/pfmon.pm -commit b54928e878603c525601b0671e5bbe519b197792 +commit 6cf7d01b9b8d766eb47d58922a02539d2b3be837 Author: James Rouzier -Date: Tue Feb 24 14:46:28 2015 -0500 +Date: Thu Apr 9 11:43:01 2015 -0400 - Made Controller::Service customizable + Support submanagers -M html/pfappserver/lib/pfappserver/Controller/Service.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Service.pm +M lib/pf/cmd/pf/service.pm -commit 8a82bcd824735c2dc739fa6a8f78dbfdd48f63a2 +commit 53e09023213b2abd70c8fc3d63db76f956af7a54 +Author: Durand Fabrice +Date: Thu Apr 9 10:19:20 2015 -0400 + + Updated documentation for Debian/Ubuntu installation + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 0e13d77ad683a5a65f3ffc97e2c99bbb2d545122 +Author: Durand Fabrice +Date: Thu Apr 9 09:24:24 2015 -0400 + + Change the owner of pfconfig.conf + +M addons/packages/packetfence.spec +M debian/packetfence-config.postinst + +commit 0fcf7aa93a89c7d42acbae5b5f2ae5da9eaca3e3 +Author: Julien Semaan +Date: Thu Apr 9 09:00:59 2015 -0400 + + remove dynamic opening of 80 and 443 on mgmt + +M conf/iptables.conf.example +M lib/pf/iptables.pm + +commit 61d71bf524dcb564af6a2a47f112a7e97db768b7 +Author: Julien Semaan +Date: Thu Apr 9 08:54:27 2015 -0400 + + Removing noise from pfconfig installation + +M addons/packages/packetfence.spec + +commit 3d21666242f7e46f54a1099d7462b0138887dae7 +Author: Julien Semaan +Date: Tue Dec 16 20:24:26 2014 -0500 + + Add checkup to the admin interface + +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Admin.pm +M html/pfappserver/root/admin/wrapper.tt +M html/pfappserver/root/static/admin/common.js + +commit e5e0b68b2c0c7a934d72b51d80d99060ad32c9fc +Author: Julien Semaan +Date: Thu Apr 9 08:28:02 2015 -0400 + + added fingerbank symlink to make devel + +M Makefile + +commit 8fd4fd7afd3a693c2f815085e46a2d39b02d7c21 +Author: Julien Semaan +Date: Thu Apr 9 08:25:06 2015 -0400 + + added fingerbank symlink to gitignore + +M .gitignore + +commit 4b824436b6cffa0a0d3caa144e66058c98185be1 +Author: Durand Fabrice +Date: Thu Apr 9 08:27:42 2015 -0400 + + Replace Data::Entropy::Algorithms to Bytes::Random::Secure + +M addons/packages/packetfence.spec +M debian/control + +commit 4dd5a87458a5291c1ed7069e103b413e340e8ffb +Author: Julien Semaan +Date: Thu Apr 9 08:11:47 2015 -0400 + + missing import in pfappserver + +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/DB.pm + +commit 59833828e4989494fac4ae8370a90fca3935a179 Author: James Rouzier -Date: Tue Feb 24 14:46:23 2015 -0500 +Date: Wed Apr 8 15:31:28 2015 -0400 - Made Controller::Node customizable + Updated translation -M html/pfappserver/lib/pfappserver/Controller/Node.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Node.pm +M html/pfappserver/lib/pfappserver/I18N/en.po -commit 2feb7d84df279f3b2ed39b57a17fb09106783514 +commit 97e9943819601bf6d182543a95f7ce144a13c913 Author: James Rouzier -Date: Tue Feb 24 14:46:18 2015 -0500 +Date: Thu Feb 12 11:52:40 2015 -0500 - Made Controller::SoH customizable + Create a cleanup script -M html/pfappserver/lib/pfappserver/Controller/SoH.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/SoH.pm +A addons/dev-helpers/centos-chroot/cleanup-chroot.sh -commit e8155cfd9d0bb0a0cafa2ee056f6f0dcb2e2569c +commit ee3e4a4856f4c9b7eaa49bb0d138548e5cd3e7a0 Author: James Rouzier -Date: Tue Feb 24 14:46:13 2015 -0500 +Date: Wed Feb 4 17:52:22 2015 -0500 - Made Controller::Config::Firewall_SSO customizable + Use a variable for the perl version -M html/pfappserver/lib/pfappserver/Controller/Config/Firewall_SSO.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Firewall_SSO.pm +M addons/packages/packetfence.spec -commit 9fb5add4ab44fb33566cce96d577171437158124 +commit 5a361b5f893af1fbd04deb3d88f70ffc71f91b78 Author: James Rouzier -Date: Tue Feb 24 14:46:09 2015 -0500 +Date: Wed Feb 4 17:50:29 2015 -0500 - Made Controller::Config::System customizable + Remove the installation of the packetfence rpm packages -M html/pfappserver/lib/pfappserver/Controller/Config/System.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/System.pm +M addons/dev-helpers/centos-chroot/make_chroot.sh -commit f6c4f58ab31a8b04e072c9ba5f7e3e5f1c19f082 +commit 552bbef5d8129f037d043acf4fa22c926eeadf09 Author: James Rouzier -Date: Tue Feb 24 14:46:05 2015 -0500 +Date: Wed Feb 4 17:44:46 2015 -0500 - Made Controller::Config::Wrix customizable + Do not create the database if it already exists -M html/pfappserver/lib/pfappserver/Controller/Config/Wrix.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Wrix.pm +M addons/dev-helpers/centos-chroot/init-pf-db.sql -commit 9061268ee140e4e4e8ef074bc42ba4ee89c60e8f +commit d926c7997f7b7d3a4d21dc959bd44085d6034d5e Author: James Rouzier -Date: Tue Feb 24 14:44:59 2015 -0500 +Date: Wed Feb 4 17:42:36 2015 -0500 - Made Controller::Config::Authentication::Source customizable + Install the packages from the chroot -M html/pfappserver/lib/pfappserver/Controller/Config/Authentication/Source.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Authentication/Source.pm +M addons/dev-helpers/centos-chroot/init-chroot.sh -commit 0c35c544c94658b7c487c8cbc58c140514ba9cfe +commit 561b436420c84436ac6b3bb0d4813d7700be483e Author: James Rouzier -Date: Tue Feb 24 14:44:53 2015 -0500 +Date: Mon Oct 27 09:27:59 2014 -0400 - Made Controller::Config::FloatingDevice customizable + Initial scripts for creating a chroot for testing -M html/pfappserver/lib/pfappserver/Controller/Config/FloatingDevice.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/FloatingDevice.pm +A addons/dev-helpers/centos-chroot/init-chroot.sh +A addons/dev-helpers/centos-chroot/init-pf-db.sql +A addons/dev-helpers/centos-chroot/make_chroot.sh +A addons/dev-helpers/centos-chroot/my.cnf +A addons/dev-helpers/centos-chroot/test-chroot.sh -commit 0d5828abb11e772e35d6a1b213be898a0ab0bbce +commit b2779a742f7adf7366c15a123c149a11c9dd37be +Author: Durand Fabrice +Date: Wed Apr 8 15:31:51 2015 -0400 + + Added pf user to fingerbank group + +M debian/packetfence.preinst + +commit 38c73f1d4efadf1d64107051e048b33e35c4ee1e +Author: Durand Fabrice +Date: Wed Apr 8 14:42:33 2015 -0400 + + pfconfig must run before trying to do a pfcmd configreload (debian packaging) + +M debian/packetfence.postinst + +commit db54ca0e7bfd41087cf4017d6f7745c90e1afd89 Author: James Rouzier -Date: Tue Feb 24 14:44:47 2015 -0500 +Date: Wed Apr 8 14:25:28 2015 -0400 - Made Controller::Config::Authentication customizable + Updated test for triggers -M html/pfappserver/lib/pfappserver/Controller/Config/Authentication.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Authentication.pm +M t/trigger.t -commit e74c2927955dffcd5d051784e789e843bbbbab85 +commit 9fa8650215c694e89d5f21d724c5481ce4e8613d +Author: Durand Fabrice +Date: Wed Apr 8 14:24:33 2015 -0400 + + Missing symbolic link for fingerprint + +M debian/control +M debian/rules + +commit 60de65b7ad0d0e99a1484acd6facedb08964c019 +Author: Julien Semaan +Date: Wed Apr 8 13:53:21 2015 -0400 + + fix management detection in keepalived + +M lib/pf/services/manager/keepalived.pm + +commit d6a808a8c6c0b9d50b2d120deb43830b82876a5d +Author: Durand Fabrice +Date: Wed Apr 8 13:37:37 2015 -0400 + + Removed pfconfig.conf from packetfence package (only on packetfence-config) + +M debian/rules + +commit e11d710d5396cb64abb4931bae2cca5f89bd57cd +Author: Durand Fabrice +Date: Wed Apr 8 12:44:51 2015 -0400 + + Added fingerbank as a dependencie for debian packaging + +M debian/control + +commit 9179a6759eff4c275d41e15f7a5e5cbee20d6260 Author: James Rouzier -Date: Tue Feb 24 14:44:40 2015 -0500 +Date: Wed Apr 8 11:02:34 2015 -0400 - Made Controller::Config::Provisioning customizable + Update translations -M html/pfappserver/lib/pfappserver/Controller/Config/Provisioning.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Provisioning.pm +M html/pfappserver/lib/pfappserver/I18N/i_default.po -commit 71b4db05439a0ccb1e178f859fb26c65681b35d0 +commit 5307d90bf25b1aeb081c04ecc36e487b070b5acc Author: James Rouzier -Date: Tue Feb 24 14:44:35 2015 -0500 +Date: Wed Apr 8 10:49:12 2015 -0400 - Made Controller::Config::MacAddress customizable + Updated translation to use refactored TRIGGER_TYPES -M html/pfappserver/lib/pfappserver/Controller/Config/MacAddress.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/MacAddress.pm +M addons/extract_i18n_strings.pl -commit 5f9fb26191f3dede987740a0c4095d6b9b40a74a +commit 20bea9cd85f2aa73f85e00d5c2334c741c56024e Author: James Rouzier -Date: Tue Feb 24 14:44:28 2015 -0500 +Date: Wed Apr 8 10:41:54 2015 -0400 + + Remove unused triggers + +D lib/pf/triggerParser/os.pm +D lib/pf/triggerParser/useragent.pm +D lib/pf/triggerParser/vendormac.pm + +commit 378767ea18600851a83ef916b2879e153c250919 +Author: James Rouzier +Date: Wed Apr 8 10:08:22 2015 -0400 + + Added new triggers mac_vendor and user_agent + +A lib/pf/triggerParser/mac_vendor.pm +A lib/pf/triggerParser/user_agent.pm + +commit 484b8e3b1c488a456ecb41a53411798459e843e1 +Author: James Rouzier +Date: Wed Apr 8 09:45:04 2015 -0400 + + Do not update yourself + +M addons/dev-helpers/update-copyright.sh + +commit 0b698f6b21faf445cd390dddf4c064918e9626fb +Author: Julien Semaan +Date: Wed Apr 8 09:54:20 2015 -0400 + + Allow HTTP and HTTPS in iptables on management interface + +M conf/iptables.conf.example + +commit e9cfd5d9334733b694dbf2de901aa8a21e20452b +Author: Julien Semaan +Date: Wed Apr 8 09:50:12 2015 -0400 + + Fix old way of calling the switch factory + +M lib/pf/radius.pm + +commit a8c988e693c77e370dfd305cc4ac2149c7de1f0b +Author: Durand Fabrice +Date: Wed Apr 8 08:32:43 2015 -0400 + + Removing non-existant files after Fingerbank merge (debian commit version) + +M debian/packetfence.conffiles + +commit 996ee1bd24e80430e5cef2912969873c3e301deb +Author: James Rouzier +Date: Tue Apr 7 17:04:03 2015 -0400 + + Update copyright + +M lib/pf/triggerParser/device.pm +M lib/pf/triggerParser/dhcp_fingerprint.pm +M lib/pf/triggerParser/dhcp_vendor.pm + +commit c87ade0b26a1bb62d32e499a7e10b82e72af0442 +Author: Julien Semaan +Date: Tue Apr 7 17:00:42 2015 -0400 + + Fix fingerbank settings form + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm + +commit 615faf9b1c3ba548d84950b942f72fa41ba2f0f0 +Author: James Rouzier +Date: Tue Apr 7 16:02:41 2015 -0400 + + force UID/EUID to root to allow socket binds, etc required for non-root (and GUI) service restarts to work + +M bin/pfcmd.pl + +commit 6572a146b6810a7e71edc0683aba2ac89ad06177 +Author: James Rouzier +Date: Tue Apr 7 15:28:31 2015 -0400 + + Do not use tainted file path + +M sbin/pfbandwidthd +M sbin/pfconfig +M sbin/pfdetect +M sbin/pfdhcplistener +M sbin/pfdns +M sbin/pfmon +M sbin/pfsetvlan + +commit 00d1ba6001a8ac7e5ee4eebf1b04179f8f73e667 +Author: Louis Munro +Date: Tue Apr 7 15:10:40 2015 -0400 + + Now includes more Klaritee. + + Purely cosmetic changes. + +M lib/pf/node.pm + +commit 735340e7d7c443e31c6d6f0f0512f0c707513f74 +Author: Louis Munro +Date: Tue Apr 7 14:59:44 2015 -0400 + + Changed random source to Bytes::Random::Secure. + +M lib/pf/password.pm + +commit 367c658c33e59fc035c52a5a61bed21e0faaf05c +Author: Derek Wuelfrath +Date: Tue Apr 7 14:52:46 2015 -0400 + + Removing non-existant files after Fingerbank merge + +M addons/packages/packetfence.spec + +commit 58790d0176d91cc02bbb0f7e5422644aa9cc8c99 +Author: James Rouzier +Date: Tue Apr 7 13:27:58 2015 -0400 + + Rename FingerBank to Fingerbank + +M html/pfappserver/root/config/fingerbank/device/index.tt +M html/pfappserver/root/config/fingerbank/device/upstream/index.tt +M html/pfappserver/root/config/fingerbank/device/upstream/view.tt +M html/pfappserver/root/config/fingerbank/device/view.tt + +commit 0797c27d3a2c4fb7b5d30b2f403dcb4d40ce38d4 +Author: Derek Wuelfrath +Date: Tue Apr 7 13:20:44 2015 -0400 + + Pinpoint Fingerbank version + +M addons/packages/packetfence.spec + +commit 110cbf4705fe229d3817a368e3804e090ded37df +Author: Derek Wuelfrath +Date: Tue Apr 7 13:09:25 2015 -0400 + + Validate if Fingerbank symlink exists + +M lib/pf/pfcmd/checkup.pm + +commit 7e8c3bcfd7d6203737bef5a6c491ce1d5d29f3e5 +Author: Julien Semaan +Date: Tue Apr 7 12:07:01 2015 -0400 + + fixed management node handling in non-cluster + +M lib/pf/services/manager/pfdhcplistener.pm +M lib/pf/services/manager/pfmon.pm + +commit 454b85fb1c94bd221df12ab27ca96db06db9494e +Author: James Rouzier +Date: Tue Apr 7 10:46:55 2015 -0400 + + Move trigger constants to pf::constants::trigger + +M lib/pf/accounting.pm +M lib/pf/config.pm +A lib/pf/constants/trigger.pm +M lib/pf/inline/accounting.pm +M lib/pf/radius.pm +M lib/pf/triggerParser/provisioner.pm +M lib/pf/vlan.pm + +commit 30b3b025dfa83fea1677ca6b53141ca5d0139b16 +Author: James Rouzier +Date: Fri Apr 3 13:47:08 2015 -0400 + + Dynamically load the trigger types + +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Violation.pm +M lib/pf/factory/triggerParser.pm + +commit 922d40806c39272d3799290ad1b0f08cbe11f564 +Author: Julien Semaan +Date: Tue Apr 7 10:18:59 2015 -0400 + + Should usermod pf to fingerbank group not useradd + +M addons/packages/packetfence.spec + +commit 2c307c935d47120583481a8d3c3a88b0f94efede +Author: Julien Semaan +Date: Thu Apr 2 17:11:32 2015 -0400 + + update number of tests in pfcmd.t + +M t/pfcmd.t + +commit 639bcd0534573441efa5c564c41130468a6779a7 +Author: Julien Semaan +Date: Tue Apr 7 11:37:34 2015 -0400 + + missing inheritance in fingerbank form + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm + +commit 72bf9b3df833c5287fda42327c7eab5a3157a321 +Author: Derek Wuelfrath +Date: Tue Apr 7 10:37:30 2015 -0400 + + Fixing argument assignation + +M lib/pf/radius.pm + +commit 4d32c5045f29f2aab268b66aa1c90bdf032b165d +Author: Louis Munro +Date: Tue Apr 7 10:02:33 2015 -0400 + + Now handles case where a device stays in "pending" longer than its + maximum allowed time. + +M lib/pf/node.pm + +commit 452ed889a853dc388e92cceff6c05d241a118bc2 +Author: James Rouzier +Date: Tue Apr 7 10:00:44 2015 -0400 + + Only use termcap if it is an interactive terminal + +M lib/pf/cmd/roles/show_help.pm + +commit bdf30888147a9697533364d8c01a61d9a079f892 +Author: Julien Semaan +Date: Thu Apr 2 15:40:11 2015 -0400 + + removed dead code (pf::os) and fingerprint in admin interface + +M addons/pfconfig/comparator/dumper.pl +M db/pf-schema-X.Y.Z.sql +M html/captive-portal/lib/captiveportal/Base/Controller.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm +M html/pfappserver/lib/pfappserver/Base/Controller.pm +D html/pfappserver/lib/pfappserver/Controller/Config/Fingerprints.pm +M html/pfappserver/lib/pfappserver/Model/Node.pm +D html/pfappserver/lib/pfappserver/Model/OS.pm +D html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerprints.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Configuration.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Configurator.pm +M html/pfappserver/root/node/view.tt +M lib/pf/Portal/Profile.pm +D lib/pf/cmd/pf/fingerprint/view.pm +D lib/pf/cmd/pf/reload/fingerprints.pm +M lib/pf/lookup/node.pm +D lib/pf/os.pm +M lib/pf/provisioner.pm +M lib/pf/scan/nessus.pm +M lib/pf/web.pm +M sbin/pfdetect +M sbin/pfdhcplistener +M t/dao/data.t +D t/dao/os.t +M t/pfcmd.t + +commit 367cfcbe86085cc77a69bf8620490d46bcf8174b +Author: James Rouzier +Date: Thu Apr 2 14:36:32 2015 -0400 + + Revert "Removed dead code" + + This reverts commit 96b1e91a0dd11bfde3b3b0d89a8bf0fdb7e8d63c. + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm + +commit d5afbbfe1d987d73a5b453d8ca305d3954c70f9f +Author: James Rouzier +Date: Thu Apr 2 14:24:09 2015 -0400 + + Updated pod doc + +M lib/pf/triggerParser.pm + +commit 0631bdbf3add61edd21ad4cba5cf23c31b52a6a3 +Author: James Rouzier +Date: Thu Apr 2 14:23:04 2015 -0400 + + Removed dead code + +M html/pfappserver/root/static/admin/config/violations.js + +commit d712d6891fc2ed927d6b41e6ca88f76c3c3008bd +Author: James Rouzier +Date: Thu Apr 2 14:22:40 2015 -0400 + + Removed dead code + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm + +commit 79ebf407a3466639213cc6f483f4f4630c5f2f47 +Author: James Rouzier +Date: Thu Apr 2 14:18:16 2015 -0400 + + Rename FingerBank to Fingerbank + +M html/pfappserver/root/static/admin/config/fingerbank-devices.js + +commit 893a2d3035076ffe480a5326373d666cff6975ab +Author: James Rouzier +Date: Thu Apr 2 14:15:03 2015 -0400 + + Fix syntax warning of deprecated feature and include missing module + +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Settings.pm + +commit 9f89cba517aa615bad6eddcae683df57a1af3d6d +Author: James Rouzier +Date: Thu Apr 2 14:12:39 2015 -0400 + + Remove unused code + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Combination.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Fingerprint.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Vendor.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Device.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/MAC_Vendor.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Onboard.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/User_Agent.pm + +commit 23904dea0586d94e6d856caf725e0caca941362b +Author: Julien Semaan +Date: Tue Apr 7 09:38:06 2015 -0400 + + Reintegrate the fingerbank code as it has been fixed in feature/fingerbank-integration + + This reverts commit cc80b00a85780800883f22e33d2e3908cfcad604, reversing + changes made to 3183114893c035c0d9d72cce5ebeda652c36bb57. + +M addons/packages/packetfence.spec +M conf/log.conf.d/httpd.admin.conf.example +M conf/log.conf.d/httpd.portal.conf.example +M conf/log.conf.d/pfdhcplistener.conf.example +M conf/violations.conf.example +M db/pf-schema-X.Y.Z.sql +M db/upgrade-X.X.X-X.Y.Z.sql +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm +M html/pfappserver/lib/pfappserver.pm +M html/pfappserver/lib/pfappserver/Base/Controller/Crud.pm +A html/pfappserver/lib/pfappserver/Base/Controller/Crud/Fingerbank.pm +A html/pfappserver/lib/pfappserver/Base/Model/Fingerbank.pm +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Combination.pm +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/DB.pm +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/DHCP_Fingerprint.pm +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/DHCP_Vendor.pm +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Device.pm +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Device/Upstream.pm +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/MAC_Vendor.pm +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Settings.pm +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/User_Agent.pm +A html/pfappserver/lib/pfappserver/Controller/Trigger.pm +A html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Combination.pm +A html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Fingerprint.pm +A html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Vendor.pm +A html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Device.pm +A html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/MAC_Vendor.pm +A html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Onboard.pm +A html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm +A html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/User_Agent.pm +M html/pfappserver/lib/pfappserver/Form/Node.pm +A html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/Combination.pm +A html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/DHCP_Fingerprint.pm +A html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/DHCP_Vendor.pm +A html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/Device.pm +A html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/MAC_Vendor.pm +A html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/User_Agent.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Combination.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/DB.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/DHCP_Fingerprint.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/DHCP_Vendor.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Device.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Device/Upstream.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/MAC_Vendor.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Settings.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/User_Agent.pm +M html/pfappserver/root/admin/configuration.tt +A html/pfappserver/root/config/fingerbank/combination/clone.tt +A html/pfappserver/root/config/fingerbank/combination/create.tt +A html/pfappserver/root/config/fingerbank/combination/index.tt +A html/pfappserver/root/config/fingerbank/combination/list.tt +A html/pfappserver/root/config/fingerbank/combination/view.tt +A html/pfappserver/root/config/fingerbank/device/add_child.tt +A html/pfappserver/root/config/fingerbank/device/children.tt +A html/pfappserver/root/config/fingerbank/device/clone.tt +A html/pfappserver/root/config/fingerbank/device/create.tt +A html/pfappserver/root/config/fingerbank/device/index.tt +A html/pfappserver/root/config/fingerbank/device/list.tt +A html/pfappserver/root/config/fingerbank/device/upstream/add_child.tt +A html/pfappserver/root/config/fingerbank/device/upstream/children.tt +A html/pfappserver/root/config/fingerbank/device/upstream/clone.tt +A html/pfappserver/root/config/fingerbank/device/upstream/create.tt +A html/pfappserver/root/config/fingerbank/device/upstream/index.tt +A html/pfappserver/root/config/fingerbank/device/upstream/list.tt +A html/pfappserver/root/config/fingerbank/device/upstream/view.tt +A html/pfappserver/root/config/fingerbank/device/view.tt +A html/pfappserver/root/config/fingerbank/dhcp_fingerprint/clone.tt +A html/pfappserver/root/config/fingerbank/dhcp_fingerprint/create.tt +A html/pfappserver/root/config/fingerbank/dhcp_fingerprint/index.tt +A html/pfappserver/root/config/fingerbank/dhcp_fingerprint/list.tt +A html/pfappserver/root/config/fingerbank/dhcp_fingerprint/view.tt +A html/pfappserver/root/config/fingerbank/dhcp_vendor/clone.tt +A html/pfappserver/root/config/fingerbank/dhcp_vendor/create.tt +A html/pfappserver/root/config/fingerbank/dhcp_vendor/index.tt +A html/pfappserver/root/config/fingerbank/dhcp_vendor/list.tt +A html/pfappserver/root/config/fingerbank/dhcp_vendor/view.tt +A html/pfappserver/root/config/fingerbank/mac_vendor/clone.tt +A html/pfappserver/root/config/fingerbank/mac_vendor/create.tt +A html/pfappserver/root/config/fingerbank/mac_vendor/index.tt +A html/pfappserver/root/config/fingerbank/mac_vendor/list.tt +A html/pfappserver/root/config/fingerbank/mac_vendor/view.tt +A html/pfappserver/root/config/fingerbank/settings/index.tt +A html/pfappserver/root/config/fingerbank/settings/onboard.tt +A html/pfappserver/root/config/fingerbank/user_agent/clone.tt +A html/pfappserver/root/config/fingerbank/user_agent/create.tt +A html/pfappserver/root/config/fingerbank/user_agent/index.tt +A html/pfappserver/root/config/fingerbank/user_agent/list.tt +A html/pfappserver/root/config/fingerbank/user_agent/view.tt +M html/pfappserver/root/node/view.tt +A html/pfappserver/root/static/admin/config/fingerbank-devices.js +A html/pfappserver/root/static/admin/config/fingerbank-settings.js +M html/pfappserver/root/static/admin/config/items.js +M html/pfappserver/root/static/admin/config/violations.js +M html/pfappserver/root/violation/view.tt +M lib/pf/CHI.pm +M lib/pf/ConfigStore/Violations.pm +M lib/pf/constants/admin_roles.pm +A lib/pf/factory/triggerParser.pm +A lib/pf/fingerbank.pm +M lib/pf/node.pm +M lib/pf/trigger.pm +A lib/pf/triggerParser.pm +A lib/pf/triggerParser/accounting.pm +A lib/pf/triggerParser/detect.pm +A lib/pf/triggerParser/device.pm +A lib/pf/triggerParser/dhcp_fingerprint.pm +A lib/pf/triggerParser/dhcp_vendor.pm +A lib/pf/triggerParser/internal.pm +A lib/pf/triggerParser/mac.pm +A lib/pf/triggerParser/nessus.pm +A lib/pf/triggerParser/openvas.pm +A lib/pf/triggerParser/os.pm +A lib/pf/triggerParser/provisioner.pm +A lib/pf/triggerParser/roles/fingerbank.pm +A lib/pf/triggerParser/soh.pm +A lib/pf/triggerParser/useragent.pm +A lib/pf/triggerParser/vendormac.pm +M sbin/pfdhcplistener + +commit 96f07856e9c6f8535f6b3bb3bc2bf9a73bf68b00 +Author: Julien Semaan +Date: Tue Apr 7 09:23:52 2015 -0400 + + handle undefined cluster configuration + +M lib/pf/cluster.pm + +commit 5df9b86c6072b5c57cc2b2a5e8bda464311a0d5f +Author: Julien Semaan +Date: Fri Apr 3 13:54:03 2015 -0400 + + fixes to make configurator work properly + +M html/pfappserver/lib/pfappserver/Model/Services.pm +M lib/pf/ConfigStore.pm + +commit a2d2a2e5cdcf029edd89339fcf0758dbf7c13baf +Author: James Rouzier +Date: Mon Apr 6 21:15:30 2015 -0400 + + Fix incomplete porting of command + +M lib/pf/cmd/pf/fixpermissions.pm + +commit 5503c8027b7be965fd94e878e0f099ea641a26a1 +Author: James Rouzier +Date: Fri Apr 3 18:42:15 2015 -0400 + + Add default action + +M lib/pf/cmd/pf/configreload.pm + +commit 237574f8d25411f9d75d71230f0c41c30d2a80b8 +Author: Durand Fabrice +Date: Mon Apr 6 13:41:13 2015 -0400 + + Set autoreg = 'no' in case of violation autoreg + +M lib/pf/vlan.pm + +commit 680abde83e4f25b693af5d51311cfb23ec0edad8 +Author: Durand Fabrice +Date: Mon Apr 6 10:22:56 2015 -0400 + + Added conf directory for packetfence-config + +M debian/rules + +commit 09f5b1effc774d699d2a4e129dd02c69aec0eff5 +Author: Durand Fabrice +Date: Mon Apr 6 09:18:31 2015 -0400 + + Added pfconfig.conf in packetfence-pfconfig package + +M debian/rules + +commit 650645175b61deaf90065836b54e99bff2dcc594 +Author: Durand Fabrice +Date: Mon Apr 6 08:58:00 2015 -0400 + + libdigest-hmac_md5 to libdigest-hmac-perl in debian/control file + +M debian/control + +commit 248c0b2b73e797f34546b8dda1c36ef4460d35ac +Author: Durand Fabrice +Date: Mon Apr 6 08:30:32 2015 -0400 + + Convert connection_type to str to be able to match in a portal profile + +M lib/pf/vlan.pm + +commit 59f43677d3182d22f3a746f9545dddf39d8fa3a6 +Author: Durand Fabrice +Date: Mon Apr 6 08:25:00 2015 -0400 + + Missing comma for debian package + +M debian/control + +commit eb0b3c404f2c699661ba6f3dedd5f07b3c544b8a +Author: James Rouzier +Date: Fri Apr 3 17:23:55 2015 -0400 + + Ported pfcmd fixpermissions + +M lib/pf/cmd/pf/fixpermissions.pm + +commit 97dd32a245b47313e43d67ff7d588b74bb75c50e +Author: Julien Semaan +Date: Fri Apr 3 11:51:53 2015 -0400 + + undo test count modification (wrong branch) zammit style + +M t/pfcmd.t + +commit 0b3d15d104ac698b0dd60c8c9eeabcf590ab703d +Author: Julien Semaan +Date: Fri Apr 3 09:48:19 2015 -0400 + + remove cluster_enabled resource + +M lib/pfconfig/namespaces/config/Cluster.pm +M lib/pfconfig/namespaces/interfaces.pm +D lib/pfconfig/namespaces/resource/cluster_enabled.pm + +commit 9e77eadaa359cfcd4d95b4b95d523eece4c0be71 +Author: Julien Semaan +Date: Fri Apr 3 09:41:47 2015 -0400 + + make cluster_enabled not dependant of pfconfig anymore + +M lib/pf/cluster.pm + +commit 55910c9ee6516ca4204bdb9e7f9d111493e485d6 +Author: Julien Semaan +Date: Thu Apr 2 17:09:29 2015 -0400 + + fix number of tests in pfcmd.t + +M t/pfcmd.t + +commit 3dc6435bb143e86e736cf2956cd2446e112733d6 +Author: Julien Semaan +Date: Thu Apr 2 16:35:20 2015 -0400 + + Revert "Remove pfconfig::namespaces::resource::Database" + + This reverts commit 1c1a6e3532f7ae7d04c535c80cc5838c2ab172a3. + +M lib/pf/db.pm +M lib/pfconfig/namespaces/config/Pf.pm +A lib/pfconfig/namespaces/resource/Database.pm + +commit 1f3a1488a32bfa353f4eac2b2dd42e1ec138af12 +Author: Julien Semaan +Date: Thu Apr 2 16:17:41 2015 -0400 + + don't use config overlaying if we're not in a cluster + +M lib/pf/config.pm + +commit 26c9a1a203e5eba17073b1a7da3fb2e29e7f32d4 +Author: James Rouzier +Date: Thu Apr 2 16:22:54 2015 -0400 + + Only allow managed service to start + +M lib/pf/cmd/pf/service.pm + +commit 1c1a6e3532f7ae7d04c535c80cc5838c2ab172a3 +Author: James Rouzier +Date: Thu Apr 2 15:53:37 2015 -0400 + + Remove pfconfig::namespaces::resource::Database + +M lib/pf/db.pm +M lib/pfconfig/namespaces/config/Pf.pm +D lib/pfconfig/namespaces/resource/Database.pm + +commit cd2a293dd11fea1fb949da5fdda5e4c2bcf4393d +Author: Julien Semaan +Date: Thu Apr 2 15:40:11 2015 -0400 + + removed dead code (pf::os) and fingerprint in admin interface + +M addons/pfconfig/comparator/dumper.pl +M db/pf-schema-X.Y.Z.sql +M html/captive-portal/lib/captiveportal/Base/Controller.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm +M html/pfappserver/lib/pfappserver/Base/Controller.pm +D html/pfappserver/lib/pfappserver/Controller/Config/Fingerprints.pm +M html/pfappserver/lib/pfappserver/Model/Node.pm +D html/pfappserver/lib/pfappserver/Model/OS.pm +D html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerprints.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Configuration.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Configurator.pm +M html/pfappserver/root/node/view.tt +M lib/pf/Portal/Profile.pm +D lib/pf/cmd/pf/fingerprint/view.pm +D lib/pf/cmd/pf/reload/fingerprints.pm +M lib/pf/lookup/node.pm +D lib/pf/os.pm +M lib/pf/provisioner.pm +M lib/pf/scan/nessus.pm +M lib/pf/web.pm +M sbin/pfdetect +M sbin/pfdhcplistener +M t/dao/data.t +D t/dao/os.t +M t/pfcmd.t + +commit ba0149829c2b388c767efc6d25e2227c92d16e43 +Author: James Rouzier +Date: Thu Apr 2 14:36:32 2015 -0400 + + Revert "Removed dead code" + + This reverts commit 96b1e91a0dd11bfde3b3b0d89a8bf0fdb7e8d63c. + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm + +commit e7bd906d0671c3118e854308b542c3f102f37ba4 +Author: James Rouzier +Date: Thu Apr 2 14:24:09 2015 -0400 + + Updated pod doc + +M lib/pf/triggerParser.pm + +commit 4c9f2c11ac642d43514ebc143036dd910e8a7d8b +Author: James Rouzier +Date: Thu Apr 2 14:23:04 2015 -0400 + + Removed dead code + +M html/pfappserver/root/static/admin/config/violations.js + +commit 96b1e91a0dd11bfde3b3b0d89a8bf0fdb7e8d63c +Author: James Rouzier +Date: Thu Apr 2 14:22:40 2015 -0400 + + Removed dead code + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm + +commit 9a38da44c0f97ddb5fb2aeea27c358b65b4c9e2f +Author: James Rouzier +Date: Thu Apr 2 14:18:16 2015 -0400 + + Rename FingerBank to Fingerbank + +M html/pfappserver/root/static/admin/config/fingerbank-devices.js + +commit 6e1fa5a04464c545709db141517997acf63e8536 +Author: James Rouzier +Date: Thu Apr 2 14:15:03 2015 -0400 + + Fix syntax warning of deprecated feature and include missing module + +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Settings.pm + +commit 3f25b82512abafd3adce63ceb2d0a5328ddecb4e +Author: James Rouzier +Date: Thu Apr 2 14:12:39 2015 -0400 + + Remove unused code + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Combination.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Fingerprint.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Vendor.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Device.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/MAC_Vendor.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Onboard.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/User_Agent.pm + +commit b7cb5d0d19d3141754a2a081afecd6ec2d3c6f67 +Author: Julien Semaan +Date: Thu Apr 2 13:13:55 2015 -0400 + + Revert "Feature/fingerbank integration" + +M addons/packages/packetfence.spec +M conf/log.conf.d/httpd.admin.conf.example +M conf/log.conf.d/httpd.portal.conf.example +M conf/log.conf.d/pfdhcplistener.conf.example +M conf/violations.conf.example +M db/pf-schema-X.Y.Z.sql +M db/upgrade-X.X.X-X.Y.Z.sql +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm +M html/pfappserver/lib/pfappserver.pm +M html/pfappserver/lib/pfappserver/Base/Controller/Crud.pm +D html/pfappserver/lib/pfappserver/Base/Controller/Crud/Fingerbank.pm +D html/pfappserver/lib/pfappserver/Base/Model/Fingerbank.pm +D html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Combination.pm +D html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/DB.pm +D html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/DHCP_Fingerprint.pm +D html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/DHCP_Vendor.pm +D html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Device.pm +D html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Device/Upstream.pm +D html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/MAC_Vendor.pm +D html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Settings.pm +D html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/User_Agent.pm +D html/pfappserver/lib/pfappserver/Controller/Trigger.pm +D html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Combination.pm +D html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Fingerprint.pm +D html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Vendor.pm +D html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Device.pm +D html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/MAC_Vendor.pm +D html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Onboard.pm +D html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm +D html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/User_Agent.pm +M html/pfappserver/lib/pfappserver/Form/Node.pm +D html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/Combination.pm +D html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/DHCP_Fingerprint.pm +D html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/DHCP_Vendor.pm +D html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/Device.pm +D html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/MAC_Vendor.pm +D html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/User_Agent.pm +D html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Combination.pm +D html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/DB.pm +D html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/DHCP_Fingerprint.pm +D html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/DHCP_Vendor.pm +D html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Device.pm +D html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Device/Upstream.pm +D html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/MAC_Vendor.pm +D html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Settings.pm +D html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/User_Agent.pm +M html/pfappserver/root/admin/configuration.tt +D html/pfappserver/root/config/fingerbank/combination/clone.tt +D html/pfappserver/root/config/fingerbank/combination/create.tt +D html/pfappserver/root/config/fingerbank/combination/index.tt +D html/pfappserver/root/config/fingerbank/combination/list.tt +D html/pfappserver/root/config/fingerbank/combination/view.tt +D html/pfappserver/root/config/fingerbank/device/add_child.tt +D html/pfappserver/root/config/fingerbank/device/children.tt +D html/pfappserver/root/config/fingerbank/device/clone.tt +D html/pfappserver/root/config/fingerbank/device/create.tt +D html/pfappserver/root/config/fingerbank/device/index.tt +D html/pfappserver/root/config/fingerbank/device/list.tt +D html/pfappserver/root/config/fingerbank/device/upstream/add_child.tt +D html/pfappserver/root/config/fingerbank/device/upstream/children.tt +D html/pfappserver/root/config/fingerbank/device/upstream/clone.tt +D html/pfappserver/root/config/fingerbank/device/upstream/create.tt +D html/pfappserver/root/config/fingerbank/device/upstream/index.tt +D html/pfappserver/root/config/fingerbank/device/upstream/list.tt +D html/pfappserver/root/config/fingerbank/device/upstream/view.tt +D html/pfappserver/root/config/fingerbank/device/view.tt +D html/pfappserver/root/config/fingerbank/dhcp_fingerprint/clone.tt +D html/pfappserver/root/config/fingerbank/dhcp_fingerprint/create.tt +D html/pfappserver/root/config/fingerbank/dhcp_fingerprint/index.tt +D html/pfappserver/root/config/fingerbank/dhcp_fingerprint/list.tt +D html/pfappserver/root/config/fingerbank/dhcp_fingerprint/view.tt +D html/pfappserver/root/config/fingerbank/dhcp_vendor/clone.tt +D html/pfappserver/root/config/fingerbank/dhcp_vendor/create.tt +D html/pfappserver/root/config/fingerbank/dhcp_vendor/index.tt +D html/pfappserver/root/config/fingerbank/dhcp_vendor/list.tt +D html/pfappserver/root/config/fingerbank/dhcp_vendor/view.tt +D html/pfappserver/root/config/fingerbank/mac_vendor/clone.tt +D html/pfappserver/root/config/fingerbank/mac_vendor/create.tt +D html/pfappserver/root/config/fingerbank/mac_vendor/index.tt +D html/pfappserver/root/config/fingerbank/mac_vendor/list.tt +D html/pfappserver/root/config/fingerbank/mac_vendor/view.tt +D html/pfappserver/root/config/fingerbank/settings/index.tt +D html/pfappserver/root/config/fingerbank/settings/onboard.tt +D html/pfappserver/root/config/fingerbank/user_agent/clone.tt +D html/pfappserver/root/config/fingerbank/user_agent/create.tt +D html/pfappserver/root/config/fingerbank/user_agent/index.tt +D html/pfappserver/root/config/fingerbank/user_agent/list.tt +D html/pfappserver/root/config/fingerbank/user_agent/view.tt +M html/pfappserver/root/node/view.tt +D html/pfappserver/root/static/admin/config/fingerbank-devices.js +D html/pfappserver/root/static/admin/config/fingerbank-settings.js +M html/pfappserver/root/static/admin/config/items.js +M html/pfappserver/root/static/admin/config/violations.js +M html/pfappserver/root/violation/view.tt +M lib/pf/CHI.pm +M lib/pf/ConfigStore/Violations.pm +M lib/pf/constants/admin_roles.pm +D lib/pf/factory/triggerParser.pm +D lib/pf/fingerbank.pm +M lib/pf/node.pm +M lib/pf/trigger.pm +D lib/pf/triggerParser.pm +D lib/pf/triggerParser/accounting.pm +D lib/pf/triggerParser/detect.pm +D lib/pf/triggerParser/device.pm +D lib/pf/triggerParser/dhcp_fingerprint.pm +D lib/pf/triggerParser/dhcp_vendor.pm +D lib/pf/triggerParser/internal.pm +D lib/pf/triggerParser/mac.pm +D lib/pf/triggerParser/nessus.pm +D lib/pf/triggerParser/openvas.pm +D lib/pf/triggerParser/os.pm +D lib/pf/triggerParser/provisioner.pm +D lib/pf/triggerParser/roles/fingerbank.pm +D lib/pf/triggerParser/soh.pm +D lib/pf/triggerParser/useragent.pm +D lib/pf/triggerParser/vendormac.pm +M sbin/pfdhcplistener + +commit f61eba9b746c85773a9daa89716e98f6c430dc03 +Author: Derek Wuelfrath +Date: Thu Apr 2 13:05:06 2015 -0400 + + Add pf user to fingerbank group + +M addons/packages/packetfence.spec + +commit 20a370c627c9abff0f80b392956d96e466cf176b +Author: James Rouzier +Date: Tue Mar 31 19:59:21 2015 -0400 + + Do not show the tree view for the local fingerbank device + +M html/pfappserver/lib/pfappserver/Base/Controller/Crud/Fingerbank.pm +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Device/Upstream.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Device.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Device/Upstream.pm +M html/pfappserver/root/config/fingerbank/device/children.tt +A html/pfappserver/root/config/fingerbank/device/upstream/add_child.tt +A html/pfappserver/root/config/fingerbank/device/upstream/children.tt +A html/pfappserver/root/config/fingerbank/device/upstream/clone.tt +A html/pfappserver/root/config/fingerbank/device/upstream/create.tt +A html/pfappserver/root/config/fingerbank/device/upstream/index.tt +A html/pfappserver/root/config/fingerbank/device/upstream/list.tt +A html/pfappserver/root/config/fingerbank/device/upstream/view.tt + +commit 53c2bcc5ed309ea84f6d1ecb739d0db715a0eb0b +Author: James Rouzier +Date: Tue Mar 31 18:49:21 2015 -0400 + + Fix issue with saving violations + +M lib/pf/ConfigStore/Violations.pm + +commit b38ad816b418ff7bc667364285f8ead80776333e +Author: Derek Wuelfrath +Date: Tue Mar 31 15:33:58 2015 -0400 + + packetfence.spec + +M addons/packages/packetfence.spec + +commit 069dc57ce97d84f3a52aa7ac7ff9528530798046 +Author: Derek Wuelfrath +Date: Tue Mar 31 15:13:51 2015 -0400 + + Referring to wrong id + +M lib/pf/fingerbank.pm + +commit 24e081c73212bde38870990dfc90a470667fa7f4 +Author: Derek Wuelfrath +Date: Tue Mar 31 14:51:14 2015 -0400 + + Debbugging leftovers + +M lib/pf/fingerbank.pm + +commit f0f70f6a3925d73cf0d5da94b202932c9d9bad1b +Author: Derek Wuelfrath +Date: Tue Mar 31 14:49:35 2015 -0400 + + httpd.portal integration + +M conf/log.conf.d/httpd.portal.conf.example +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm + +commit d160439fad1341f03cdbb0ba5f5211c0588b6d91 +Author: Derek Wuelfrath +Date: Tue Mar 31 14:15:00 2015 -0400 + + pfdhcplistener now use the fingerbank class + +M sbin/pfdhcplistener + +commit 43930f387cfaef719bcf519f5f5b418a50f2b414 +Author: Derek Wuelfrath +Date: Tue Mar 31 14:14:28 2015 -0400 + + Introduced new Fingerbank class for PacketFence <-> Fingerbank interaction + +A lib/pf/fingerbank.pm + +commit 74775a587b442e9224a46966ae1f8746c83b936e +Author: Derek Wuelfrath +Date: Tue Mar 31 10:35:12 2015 -0400 + + pfdhcplistener integration + +M sbin/pfdhcplistener + +commit 2411ec9a2cc4699eb32ee132ccfd3e5f922bfaf1 +Author: Derek Wuelfrath +Date: Mon Mar 30 22:51:09 2015 -0400 + + Fingerbank combination + +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Combination.pm +A html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Combination.pm +A html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/Combination.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Combination.pm +M html/pfappserver/root/admin/configuration.tt +A html/pfappserver/root/config/fingerbank/combination/clone.tt +A html/pfappserver/root/config/fingerbank/combination/create.tt +A html/pfappserver/root/config/fingerbank/combination/index.tt +A html/pfappserver/root/config/fingerbank/combination/list.tt +A html/pfappserver/root/config/fingerbank/combination/view.tt + +commit 62a4f7fbb3395a02b8fe3d13feb18ae1b5c336dd +Author: Derek Wuelfrath +Date: Mon Mar 30 21:27:25 2015 -0400 + + Modify node display in admin gui + +M html/pfappserver/lib/pfappserver/Form/Node.pm +M html/pfappserver/root/node/view.tt + +commit a8febc6b5098c5c40553dbe3a01a83fb9d784939 +Author: Derek Wuelfrath +Date: Mon Mar 30 21:26:32 2015 -0400 + + Schema change for nodes + +M db/pf-schema-X.Y.Z.sql +M db/upgrade-X.X.X-X.Y.Z.sql +M lib/pf/node.pm + +commit 63692196d845ee6a3d4642868eb025a7a3cc8f89 +Author: Derek Wuelfrath +Date: Mon Mar 30 21:20:24 2015 -0400 + + We accept L as a valid character in trigger for Fingerbank local override + +M lib/pf/triggerParser.pm + +commit 6be4df2fb52043c05f17a243bfe1ca76345c8cfa +Author: Derek Wuelfrath +Date: Sun Mar 29 13:22:55 2015 -0400 + + Fix processing of the onboarding form + +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Settings.pm +M html/pfappserver/root/static/admin/config/fingerbank-settings.js + +commit 1909f63459dd2fa2d0ef4bda9fd1170de4842bd1 +Author: Derek Wuelfrath +Date: Fri Mar 27 16:33:52 2015 -0400 + + pfdhcplistener integration + +M sbin/pfdhcplistener + +commit b26dc42e2c951e1bfd580394dab52bb8eeea8fe2 +Author: Derek Wuelfrath +Date: Fri Mar 27 16:27:03 2015 -0400 + + Adjusted settings and onboarding + - Missing redirect at the end of onboarding + - Need adjustment of the James's javascript + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Settings.pm + +commit 1ad67cdb449ba168318d8fde287fad8d8e7b85eb +Author: James Rouzier +Date: Fri Mar 27 14:33:16 2015 -0400 + + Update the onboarding page from the form + +M html/pfappserver/root/admin/configuration.tt +M html/pfappserver/root/config/fingerbank/settings/onboard.tt +A html/pfappserver/root/static/admin/config/fingerbank-settings.js + +commit 35d9d264af9ba0b110ac0f97aff3651255195aae +Author: Derek Wuelfrath +Date: Fri Mar 27 14:12:43 2015 -0400 + + API part + +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Settings.pm + +commit 8874568841463576adc648a861926d2c626b3003 +Author: Derek Wuelfrath +Date: Thu Mar 26 18:43:17 2015 -0400 + + Setting page now working. + - Need to finish onboarding page... + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Onboard.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Settings.pm +M html/pfappserver/root/config/fingerbank/settings/index.tt +M html/pfappserver/root/config/fingerbank/settings/onboard.tt + +commit 5b149e1b7218d3b5e13380178a9afed59aee06cc +Author: James Rouzier +Date: Thu Mar 26 16:31:39 2015 -0400 + + Removed header + +M html/pfappserver/root/config/fingerbank/settings/index.tt + +commit 3a268f5384dabfc3b055e419fb5165e5a3bb7982 +Author: James Rouzier +Date: Thu Mar 26 16:31:07 2015 -0400 + + Fix name of fields + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm + +commit 676ac7447d89362319511df9ec786a5e58855ba3 +Author: Derek Wuelfrath +Date: Thu Mar 26 15:37:58 2015 -0400 + + Onboarding + +M html/pfappserver/lib/pfappserver/Base/Controller/Crud/Fingerbank.pm +A html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Onboard.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Settings.pm +M html/pfappserver/root/config/fingerbank/device/index.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/index.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/index.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/index.tt +M html/pfappserver/root/config/fingerbank/settings/onboard.tt +M html/pfappserver/root/config/fingerbank/user_agent/index.tt + +commit 6a3278d4f9f7a406eaadaf72e029769680a4de27 +Author: Derek Wuelfrath +Date: Thu Mar 26 09:57:26 2015 -0400 + + Fingerbank Settings page + +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Settings.pm +A html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Settings.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Settings.pm +M html/pfappserver/root/admin/configuration.tt +A html/pfappserver/root/config/fingerbank/settings/index.tt +A html/pfappserver/root/config/fingerbank/settings/onboard.tt + +commit 560b85ea6d72ec7f4d5b575829b737c95591d45f +Author: Derek Wuelfrath +Date: Wed Mar 25 18:28:26 2015 -0400 + + Moved where they belong + +M html/pfappserver/lib/pfappserver/Base/Controller/Crud/Fingerbank.pm +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/DHCP_Fingerprint.pm +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/DHCP_Vendor.pm +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Device.pm +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/MAC_Vendor.pm +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/User_Agent.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/DHCP_Fingerprint.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/DHCP_Vendor.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/Device.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/MAC_Vendor.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/User_Agent.pm + +commit c7cad2d23e66a1de74f33b4d764d2e697128b2e2 +Author: Derek Wuelfrath +Date: Wed Mar 25 18:01:34 2015 -0400 + + Basic interaction with Fingerbank database + +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/DB.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerbank/DB.pm +M html/pfappserver/root/config/fingerbank/device/index.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/index.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/index.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/index.tt +M html/pfappserver/root/config/fingerbank/user_agent/index.tt + +commit 3ffc8e4715fa12a860ca3649136746f05913ced4 +Author: Derek Wuelfrath +Date: Mon Mar 23 18:19:37 2015 -0400 + + Redirect pfdhcplistener Fingerbank log to the Fingerbank log file + +M conf/log.conf.d/pfdhcplistener.conf.example + +commit a506c7204465d6935023994ea3f7fed0193edd7c +Author: Derek Wuelfrath +Date: Mon Mar 23 15:56:43 2015 -0400 + + Define cache for fingerbank interaction + +M lib/pf/CHI.pm +M sbin/pfdhcplistener + +commit 822958161933eea2d1b8dc1d782d3a288cc917a1 +Author: Derek Wuelfrath +Date: Mon Mar 23 07:29:21 2015 -0400 + + Missing from previous rebase + +M lib/pf/constants/admin_roles.pm + +commit 9f4691d8a4e337d80a1454f2e141e67790285829 +Author: James Rouzier +Date: Thu Feb 26 17:21:50 2015 -0500 + + Do not send the id twice in the same form + +M html/pfappserver/root/config/fingerbank/device/view.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/view.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/view.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/view.tt +M html/pfappserver/root/config/fingerbank/user_agent/view.tt + +commit 0d0b22fd3bcf7797086c8c0b40165b7e7b6c7e66 +Author: James Rouzier +Date: Thu Feb 26 15:45:17 2015 -0500 + + Only show the id when viewing an item + +M html/pfappserver/root/config/fingerbank/device/view.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/view.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/view.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/view.tt +M html/pfappserver/root/config/fingerbank/user_agent/view.tt + +commit 1813282621f93b3fd2551de5f99e89aa67e9c48d +Author: James Rouzier +Date: Thu Feb 26 15:37:30 2015 -0500 + + Made the id readonly + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Fingerprint.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Vendor.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/MAC_Vendor.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/User_Agent.pm + +commit 7df5a1ac3f119baa932d7afe00d08e9420041ec2 +Author: James Rouzier +Date: Wed Feb 25 15:27:42 2015 -0500 + + Fix the displaying of children for local devices + +M html/pfappserver/root/config/fingerbank/device/children.tt + +commit 52627ead33de86d582c5145fc8ffc4bc18f6d0a7 +Author: Derek Wuelfrath +Date: Thu Feb 26 15:29:40 2015 -0500 + + Minor displays adjustments + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Fingerprint.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Vendor.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Device.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/MAC_Vendor.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/User_Agent.pm +M html/pfappserver/root/config/fingerbank/device/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/list.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/list.tt +M html/pfappserver/root/config/fingerbank/user_agent/list.tt + +commit e834c553248736f8306fe322c22ac672a3e8631d +Author: Derek Wuelfrath +Date: Thu Feb 26 14:52:05 2015 -0500 + + We want to log in Fingerbank log file + +M conf/log.conf.d/httpd.admin.conf.example + +commit b1960a5b712be8f57591122f22a86975bd851318 +Author: James Rouzier +Date: Wed Feb 25 14:51:32 2015 -0500 + + Display add child form + +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Device.pm +A html/pfappserver/root/config/fingerbank/device/add_child.tt +M html/pfappserver/root/static/admin/config/fingerbank-devices.js + +commit fbb44a9270dbfe7612d07fd39611119789233325 +Author: James Rouzier +Date: Wed Feb 25 14:32:07 2015 -0500 + + Display parent_id + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Device.pm + +commit c3603efc3db9adad8c12f5b5ad77facc7992ecd8 +Author: James Rouzier +Date: Wed Feb 25 14:31:18 2015 -0500 + + Add parent_id + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Device.pm + +commit afabe9559149521f116c2c350149c679e50499d0 +Author: James Rouzier +Date: Wed Feb 25 14:14:30 2015 -0500 + + Fix the display of an empty resultset + +M html/pfappserver/root/config/fingerbank/device/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/list.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/list.tt +M html/pfappserver/root/config/fingerbank/user_agent/list.tt + +commit e75248f506053f8f64aec39e46c4832665c1ca06 +Author: James Rouzier +Date: Wed Feb 25 14:04:22 2015 -0500 + + Add new triggers device dhcp_fingerprint, dhcp_vendor + +A lib/pf/triggerParser/device.pm +A lib/pf/triggerParser/dhcp_fingerprint.pm +A lib/pf/triggerParser/dhcp_vendor.pm + +commit 3438d53f50086601544f3503f5524f9e1e8fcdfd +Author: James Rouzier +Date: Wed Feb 25 14:03:16 2015 -0500 + + Work around an empty set returning an error + +M html/pfappserver/lib/pfappserver/Base/Model/Fingerbank.pm + +commit 5268c94cde037efa4a18397a61a5afa7bc9aa6ae +Author: James Rouzier +Date: Wed Feb 25 14:01:27 2015 -0500 + + Change nav-tab to nav-pills fix row count + +M html/pfappserver/root/config/fingerbank/device/children.tt +M html/pfappserver/root/config/fingerbank/device/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/list.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/list.tt +M html/pfappserver/root/config/fingerbank/user_agent/list.tt + +commit fc57614fdf58c8aa5f7386bcbe147766b6a6eb8d +Author: James Rouzier +Date: Wed Feb 25 12:27:22 2015 -0500 + + Remove unused table row that caused extra lines to be displayed + +M html/pfappserver/root/config/fingerbank/device/list.tt + +commit dbd16f8a6fba58d0573c7e5883ab48f925558458 +Author: James Rouzier +Date: Wed Feb 25 11:45:10 2015 -0500 + + Fix the double declaration of a variable + +M html/pfappserver/lib/pfappserver/Base/Model/Fingerbank.pm + +commit b088e40773811edde0f1072283e2187b645bd4af +Author: James Rouzier +Date: Wed Feb 25 11:44:32 2015 -0500 + + Fix the excluding of the list action + +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Device.pm + +commit 8a2834b369c5ca0fbfd7fb837d41de0bbbba7358 +Author: James Rouzier +Date: Wed Feb 25 11:28:06 2015 -0500 + + Make created_at and updated_at Uneditable fields + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Fingerprint.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Vendor.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Device.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/MAC_Vendor.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/User_Agent.pm + +commit 81d99c2b632a32176a5fc89fe3e380c8e17e345c +Author: James Rouzier +Date: Wed Feb 25 11:26:35 2015 -0500 + + use the current scope to display listing + +M html/pfappserver/root/config/fingerbank/device/children.tt + +commit bdb36ba152b80ed20e073d598cef1dfd8b08c216 +Author: James Rouzier +Date: Wed Feb 25 11:15:22 2015 -0500 + + Fixed the list scope for all action + +M html/pfappserver/root/config/fingerbank/device/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/list.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/list.tt +M html/pfappserver/root/config/fingerbank/user_agent/list.tt + +commit d1a59e91415074ff39b4a7f6c6e5099e6957522f +Author: James Rouzier +Date: Wed Feb 25 11:02:43 2015 -0500 + + Do not list local and upstream devices together + +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Device.pm +M html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/Device.pm + +commit 236887215780d0796e77ab0136ddfadc4a08e16c +Author: James Rouzier +Date: Wed Feb 25 11:00:56 2015 -0500 + + Removed console.log + +M html/pfappserver/root/static/admin/config/fingerbank-devices.js + +commit 87e81d9aa7bd1fbd5dd52eafde345626a8a0c4b4 +Author: James Rouzier +Date: Wed Feb 25 11:00:16 2015 -0500 + + Fix listing of items when the table id has changed + +M html/pfappserver/root/static/admin/config/items.js + +commit d59041da64beb1ccb6acb90b2bd2c1ab275ffcd6 +Author: James Rouzier +Date: Wed Feb 25 10:19:58 2015 -0500 + + Removed old identification section + +M html/pfappserver/root/admin/configuration.tt + +commit 9d2d0fe001111316ed03f9dbc68f9d5e9a993a22 +Author: James Rouzier +Date: Wed Feb 18 17:06:09 2015 -0500 + + Cleanup template names + +M html/pfappserver/root/config/fingerbank/user_agent/index.tt +M html/pfappserver/root/config/fingerbank/user_agent/list.tt + +commit 125de2674252fe46feeea4d7f63df5dfb2fe93c3 +Author: James Rouzier +Date: Wed Feb 18 17:01:55 2015 -0500 + + Fixed the display of the save button and form uri + +M html/pfappserver/root/config/fingerbank/device/view.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/view.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/view.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/view.tt +M html/pfappserver/root/config/fingerbank/user_agent/view.tt + +commit 2e790688c3e76ed30392ee7fd101fb55c87fb1eb +Author: James Rouzier +Date: Wed Feb 18 13:15:55 2015 -0500 + + Update Copyright + +M html/pfappserver/lib/pfappserver/Base/Controller/Crud/Fingerbank.pm +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/DHCP_Fingerprint.pm +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/DHCP_Vendor.pm +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/MAC_Vendor.pm +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/User_Agent.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Fingerprint.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Vendor.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Device.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/MAC_Vendor.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/User_Agent.pm +M html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/DHCP_Fingerprint.pm +M html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/DHCP_Vendor.pm +M html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/MAC_Vendor.pm +M html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/User_Agent.pm +M lib/pf/factory/triggerParser.pm +M lib/pf/triggerParser.pm +M lib/pf/triggerParser/soh.pm +M lib/pf/triggerParser/vendormac.pm + +commit fcdaf7af59c3c1412e0012150540b55b22818956 +Author: James Rouzier +Date: Tue Feb 17 20:01:54 2015 -0500 + + Rename OS::XX to DEVICE::YY + +M conf/violations.conf.example + +commit 58f02db2ec68418fb14d14792cf7e509aa8f5f43 +Author: James Rouzier +Date: Tue Feb 17 19:45:31 2015 -0500 + + Fix displaying the children + +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Device.pm + +commit 3e61e0494095058511b983bd634da1419039cfae +Author: James Rouzier +Date: Tue Feb 17 19:42:09 2015 -0500 + + Added additional field for devices + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Device.pm + +commit 2e9af61d5d5415f2fbea37007cf6015f1169d3ac +Author: James Rouzier +Date: Tue Feb 17 19:40:33 2015 -0500 + + Added extra error check + +M html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/Device.pm + +commit db7eb5aad39e9712b7fe4aa0756051d29831c5e9 +Author: James Rouzier +Date: Tue Feb 17 19:39:08 2015 -0500 + + Cleanup templates + +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/index.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/view.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/index.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/view.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/index.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/list.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/view.tt +M html/pfappserver/root/config/fingerbank/user_agent/view.tt + +commit 2f79031f3a0c4fe6cea32d8f5e85d7391cdedc7e +Author: James Rouzier +Date: Tue Feb 17 19:36:52 2015 -0500 + + Refactor the children to just rows + +M html/pfappserver/root/config/fingerbank/device/children.tt +M html/pfappserver/root/config/fingerbank/device/list.tt + +commit cdd343a42554dd4cb483a85b9f9a7efff7456692 +Author: James Rouzier +Date: Tue Feb 17 12:35:21 2015 -0500 + + Added the display of children + +M html/pfappserver/root/static/admin/config/fingerbank-devices.js + +commit 71b18d3c51f714e3b9b101e8a21cdd63b0fd25c3 +Author: James Rouzier +Date: Thu Feb 12 11:47:13 2015 -0500 + + Move the listing template to children.tt + +A html/pfappserver/root/config/fingerbank/device/children.tt +M html/pfappserver/root/config/fingerbank/device/list.tt + +commit 4b1123bc813f97270b8406b165cc1a003ed5b3c5 +Author: James Rouzier +Date: Thu Feb 12 11:45:06 2015 -0500 + + Change the id of the modal to modalFingerBankDevice so the fingerbank-devices.js can find it + +M html/pfappserver/root/config/fingerbank/device/index.tt +M html/pfappserver/root/config/fingerbank/device/view.tt + +commit ab98401e70ec8b0ca5802b2e3818e353ccb41e53 +Author: James Rouzier +Date: Thu Feb 12 11:43:20 2015 -0500 + + Include the fingerbank-devices js + +M html/pfappserver/root/admin/configuration.tt + +commit 8ff6a8fc880b26c2cb7ba29db014ea2a53bb5075 +Author: James Rouzier +Date: Thu Feb 12 11:41:09 2015 -0500 + + Do not include index action from pfappserver::Base::Controller::Crud::Fingerbank + +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Device.pm + +commit 9398e70cb3fb99ecc602eb5b5f512b111d19e859 +Author: James Rouzier +Date: Thu Feb 12 11:38:31 2015 -0500 + + Add javascript for fingerbank-devices + +A html/pfappserver/root/static/admin/config/fingerbank-devices.js + +commit 102a6f0d61548c8a56b6426cb3b1313c0b25b6c3 +Author: James Rouzier +Date: Mon Feb 9 16:51:20 2015 -0500 + + New method getSubDevices + +M html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/Device.pm + +commit eda6a21659b23d3bf7b2c823a0464132ba6b1379 +Author: James Rouzier +Date: Mon Feb 9 16:49:52 2015 -0500 + + Added actions for top level devices and child devices + +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Device.pm + +commit 6aa4d63c42f430d74677e67d9012decef294e960 +Author: James Rouzier +Date: Mon Feb 9 16:42:30 2015 -0500 + + Updated pod doc + +M html/pfappserver/lib/pfappserver/Base/Model/Fingerbank.pm + +commit de0562d3aa67c3c62eca0c1d176d2be0c47314b6 +Author: Derek Wuelfrath +Date: Thu Feb 5 10:27:51 2015 -0500 + + Changes on the fingerbank CRUD API + +M html/pfappserver/lib/pfappserver/Base/Model/Fingerbank.pm +M lib/pf/triggerParser/roles/fingerbank.pm + +commit e2a2595cd18fe13a5851794e77012af20b008303 +Author: Derek Wuelfrath +Date: Wed Jan 28 23:51:40 2015 -0500 + + Typo: + +M html/pfappserver/root/config/fingerbank/device/index.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/index.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/index.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/index.tt +M html/pfappserver/root/config/fingerbank/user_agent/index.tt + +commit 31902fd532ddb9534a6a302999f6e3bdcca67bae +Author: James Rouzier +Date: Tue Jan 20 10:24:21 2015 -0500 + + Add lookup against the fingerbank database + +M lib/pf/triggerParser/useragent.pm +M lib/pf/triggerParser/vendormac.pm + +commit d242590c8f0a07bec5d296d860497f63942c8ced +Author: James Rouzier +Date: Tue Jan 20 10:23:23 2015 -0500 + + Updated copyright + +M lib/pf/triggerParser/accounting.pm +M lib/pf/triggerParser/detect.pm +M lib/pf/triggerParser/internal.pm +M lib/pf/triggerParser/mac.pm +M lib/pf/triggerParser/nessus.pm +M lib/pf/triggerParser/openvas.pm +M lib/pf/triggerParser/os.pm +M lib/pf/triggerParser/provisioner.pm +M lib/pf/triggerParser/useragent.pm + +commit c9267a80ea14a53857545330ad60f0649e6d24ea +Author: James Rouzier +Date: Tue Jan 20 10:22:05 2015 -0500 + + Added role for fingerbank based violations + +A lib/pf/triggerParser/roles/fingerbank.pm + +commit 507af2c24c5dd1f71e535f090045eb2ff7987eae +Author: James Rouzier +Date: Fri Jan 16 12:23:53 2015 -0500 + + Exclude pf::triggerParser::roles + +M lib/pf/factory/triggerParser.pm + +commit ce15319a1fbb68c7cfec5b83db0436355cf644b0 +Author: James Rouzier +Date: Thu Jan 15 12:03:40 2015 -0500 + + Updated copy right + +M html/pfappserver/lib/pfappserver/Controller/Trigger.pm + +commit 429b02067d24241d5847e41a351053a598cef1f3 +Author: James Rouzier +Date: Fri Dec 19 13:31:38 2014 -0500 + + Added search for provisioner triggers ids + +M lib/pf/triggerParser/provisioner.pm + +commit 01c031561b5b572d41d2ad5a62858bbb8708ade2 +Author: James Rouzier +Date: Fri Dec 19 13:30:55 2014 -0500 + + Added search for accounting triggers ids + +M lib/pf/triggerParser/accounting.pm + +commit 17366fb92f9ec58c43253f6f4c0c16c7b647e67f +Author: James Rouzier +Date: Thu Dec 18 15:08:15 2014 -0500 + + Added support for looking up trigger id + +M html/pfappserver/root/static/admin/config/violations.js + +commit 8be64db13bbad371b3486048177ba8dfbe4e1fe7 +Author: James Rouzier +Date: Thu Dec 18 14:57:12 2014 -0500 + + Added ids to input field to make it easier to find + +M html/pfappserver/root/violation/view.tt + +commit f24bd303b4094bfdce0d2f66c64407cd3fac7d1f +Author: James Rouzier +Date: Thu Dec 18 14:53:32 2014 -0500 + + New controller Trigger for searching triggers + +A html/pfappserver/lib/pfappserver/Controller/Trigger.pm + +commit 319730320dc8b4ba3c641b4367e230d87233ca33 +Author: James Rouzier +Date: Thu Dec 18 14:53:04 2014 -0500 + + Added new method search + +M lib/pf/triggerParser.pm + +commit ce115c98fd6b47624eb2816c60769d6b1e0853fa +Author: James Rouzier +Date: Thu Dec 18 10:23:33 2014 -0500 + + Added initial support for querying for trigger types + +M html/pfappserver/root/static/admin/config/violations.js + +commit f69552998353be3bc369aaf9e97ec873c2e0597e +Author: James Rouzier +Date: Wed Dec 17 17:18:14 2014 -0500 + + Use appropriate triggerParser + +M lib/pf/trigger.pm + +commit f17578eb23ff4f59abbe2b515e4e2f2c6ed98909 +Author: James Rouzier +Date: Wed Dec 17 16:07:37 2014 -0500 + + Added pf::triggerParser classes + +M lib/pf/triggerParser.pm +A lib/pf/triggerParser/accounting.pm +A lib/pf/triggerParser/detect.pm +A lib/pf/triggerParser/internal.pm +A lib/pf/triggerParser/mac.pm +A lib/pf/triggerParser/nessus.pm +A lib/pf/triggerParser/openvas.pm +A lib/pf/triggerParser/os.pm +A lib/pf/triggerParser/provisioner.pm +A lib/pf/triggerParser/soh.pm +A lib/pf/triggerParser/useragent.pm +A lib/pf/triggerParser/vendormac.pm + +commit 6c7600b17f207581fb441e89088b8c90f8c59372 +Author: James Rouzier +Date: Wed Dec 17 16:07:06 2014 -0500 + + Changed wording of die statement + +M lib/pf/factory/triggerParser.pm + +commit 0ecd223aea6ad958a63609445505adf9125a930a +Author: James Rouzier +Date: Wed Dec 17 15:06:56 2014 -0500 + + Renamed pf::factory::trigger to pf::factory::triggerParser + +D lib/pf/factory/trigger.pm +A lib/pf/factory/triggerParser.pm +A lib/pf/triggerParser.pm + +commit 0204e24d2c12ca7824c0bf78c6ef628be0a89da9 +Author: James Rouzier +Date: Wed Dec 17 14:24:26 2014 -0500 + + Add suuport for typeahead for trigger id + +M html/pfappserver/root/violation/view.tt + +commit c997afd4d6f66a499308515e29d397ddb10cffbe +Author: James Rouzier +Date: Wed Dec 17 12:41:20 2014 -0500 + + New factory for pf::trigger::* + +A lib/pf/factory/trigger.pm + +commit 07b463a6aac2d740f54d15898b5c5d7305f7cf27 +Author: James Rouzier +Date: Tue Dec 16 15:38:26 2014 -0500 + + Update fields of forms to match db records + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Fingerprint.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Vendor.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/MAC_Vendor.pm +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/User_Agent.pm + +commit 4e5269e3fee86554d28c013f285fc039783cbc95 +Author: James Rouzier +Date: Tue Dec 16 15:15:27 2014 -0500 + + Remove readonly attributes + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Device.pm + +commit afaf933c347f990d585a2420212cd5b34e0fb9db +Author: James Rouzier +Date: Tue Dec 16 14:50:23 2014 -0500 + + Remove unused module + +D html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Combination.pm + +commit 557b0e13614c3a15f65c7bd9e7e8de3af38b04c1 +Author: James Rouzier +Date: Tue Dec 16 14:48:26 2014 -0500 + + Added create button for only the local source + +M html/pfappserver/root/config/fingerbank/device/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/list.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/list.tt +M html/pfappserver/root/config/fingerbank/user_agent/list.tt + +commit 5a30142e807fc87f59291f8b14e79a63df1c6eb9 +Author: James Rouzier +Date: Tue Dec 16 14:39:20 2014 -0500 + + Fixed copy and paste bug + +M html/pfappserver/lib/pfappserver/Base/Model/Fingerbank.pm + +commit e6000421505303c7684eeaf7ddf02c271643bc38 +Author: James Rouzier +Date: Tue Dec 16 14:16:52 2014 -0500 + + Include the scope in the count + +M html/pfappserver/lib/pfappserver/Base/Model/Fingerbank.pm + +commit 6f6b3bc5c3c609220e8cef9c729c1710465d2b20 +Author: James Rouzier +Date: Tue Dec 16 14:06:41 2014 -0500 + + Update templates to use Local/Upstream + +M html/pfappserver/root/config/fingerbank/device/index.tt +M html/pfappserver/root/config/fingerbank/device/list.tt +M html/pfappserver/root/config/fingerbank/device/view.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/index.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_fingerprint/view.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/index.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/list.tt +M html/pfappserver/root/config/fingerbank/dhcp_vendor/view.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/index.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/list.tt +M html/pfappserver/root/config/fingerbank/mac_vendor/view.tt +M html/pfappserver/root/config/fingerbank/user_agent/index.tt +M html/pfappserver/root/config/fingerbank/user_agent/list.tt +M html/pfappserver/root/config/fingerbank/user_agent/view.tt + +commit 4844adf4891910e86931ae06fd68dafacf7ee2ec +Author: James Rouzier +Date: Tue Dec 16 14:05:25 2014 -0500 + + Removed unused templates + +D html/pfappserver/root/config/fingerbank/useragents/clone.tt +D html/pfappserver/root/config/fingerbank/useragents/create.tt +D html/pfappserver/root/config/fingerbank/useragents/index.tt +D html/pfappserver/root/config/fingerbank/useragents/list.tt +D html/pfappserver/root/config/fingerbank/useragents/view.tt + +commit 85fa24bf3771e2d891c9043813422cb184dae0e7 +Author: James Rouzier +Date: Tue Dec 16 14:01:48 2014 -0500 + + Return module name + +M html/pfappserver/lib/pfappserver/Base/Controller/Crud/Fingerbank.pm + +commit 1a1ac8895080e9af62add08a9c303fa6ae2e7c80 +Author: James Rouzier +Date: Tue Dec 16 14:00:47 2014 -0500 + + Updated selector for list + +M html/pfappserver/root/static/admin/config/items.js + +commit 9f90aa34777a2f207ffb86f1ad1568e0ebdd3d33 +Author: James Rouzier +Date: Tue Dec 16 13:27:24 2014 -0500 + + Use the base fingerbank controller + +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/DHCP_Fingerprint.pm +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/DHCP_Vendor.pm +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Device.pm +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/MAC_Vendor.pm +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/User_Agent.pm + +commit 8e76b99ea0f8d457be3f8be8781034b40d301ac6 +Author: James Rouzier +Date: Tue Dec 16 13:21:51 2014 -0500 + + Update Copyright date + +M html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/DHCP_Fingerprint.pm +M html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/DHCP_Vendor.pm +M html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/Device.pm +M html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/MAC_Vendor.pm +M html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/User_Agent.pm + +commit 3692d1a934e0dde116fc177a1bb525ca132b14c2 +Author: James Rouzier +Date: Tue Dec 16 13:13:13 2014 -0500 + + Added scope attribute + +M html/pfappserver/lib/pfappserver/Base/Model/Fingerbank.pm + +commit f2d13558a3322125e28671dff24ca57ba3cb5f6d +Author: James Rouzier +Date: Tue Dec 16 13:11:54 2014 -0500 + + Pass all the arguements to _setup_object + +M html/pfappserver/lib/pfappserver/Base/Controller/Crud.pm + +commit 204d58c70bae14f11bbdc7e6e17330effd5ed209 +Author: James Rouzier +Date: Tue Dec 16 13:10:26 2014 -0500 + + Added a base fingerbank controller + +A html/pfappserver/lib/pfappserver/Base/Controller/Crud/Fingerbank.pm + +commit 6170737b8abaafac68b55a6e7048f84eda1882f9 +Author: James Rouzier +Date: Mon Dec 15 10:57:07 2014 -0500 + + Added new attributes + +M html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Device.pm + +commit 063bb37001e9de1b84ea51956907d91bf8506386 +Author: James Rouzier +Date: Fri Dec 12 15:49:30 2014 -0500 + + Remove Combination + +M html/pfappserver/root/admin/configuration.tt + +commit 84ca04f674aa842aa7950f7845f442e23f0f028a +Author: James Rouzier +Date: Fri Dec 12 13:39:11 2014 -0500 + + Remove Fingerbank Combination + +D html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Combination.pm +D html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/Combination.pm +D html/pfappserver/root/config/fingerbank/combination/clone.tt +D html/pfappserver/root/config/fingerbank/combination/create.tt +D html/pfappserver/root/config/fingerbank/combination/index.tt +D html/pfappserver/root/config/fingerbank/combination/list.tt +D html/pfappserver/root/config/fingerbank/combination/view.tt + +commit 1928c51b2dcc6f2df4a2e5159a180bd24d4dda8e +Author: James Rouzier +Date: Fri Dec 12 11:23:32 2014 -0500 + + Initial fingerbank integration + +A html/pfappserver/lib/pfappserver/Base/Model/Fingerbank.pm +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Combination.pm +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/DHCP_Fingerprint.pm +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/DHCP_Vendor.pm +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/Device.pm +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/MAC_Vendor.pm +A html/pfappserver/lib/pfappserver/Controller/Config/Fingerbank/User_Agent.pm +A html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Combination.pm +A html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Fingerprint.pm +A html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/DHCP_Vendor.pm +A html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/Device.pm +A html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/MAC_Vendor.pm +A html/pfappserver/lib/pfappserver/Form/Config/Fingerbank/User_Agent.pm +A html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/Combination.pm +A html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/DHCP_Fingerprint.pm +A html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/DHCP_Vendor.pm +A html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/Device.pm +A html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/MAC_Vendor.pm +A html/pfappserver/lib/pfappserver/Model/Config/Fingerbank/User_Agent.pm +M html/pfappserver/root/admin/configuration.tt +A html/pfappserver/root/config/fingerbank/combination/clone.tt +A html/pfappserver/root/config/fingerbank/combination/create.tt +A html/pfappserver/root/config/fingerbank/combination/index.tt +A html/pfappserver/root/config/fingerbank/combination/list.tt +A html/pfappserver/root/config/fingerbank/combination/view.tt +A html/pfappserver/root/config/fingerbank/device/clone.tt +A html/pfappserver/root/config/fingerbank/device/create.tt +A html/pfappserver/root/config/fingerbank/device/index.tt +A html/pfappserver/root/config/fingerbank/device/list.tt +A html/pfappserver/root/config/fingerbank/device/view.tt +A html/pfappserver/root/config/fingerbank/dhcp_fingerprint/clone.tt +A html/pfappserver/root/config/fingerbank/dhcp_fingerprint/create.tt +A html/pfappserver/root/config/fingerbank/dhcp_fingerprint/index.tt +A html/pfappserver/root/config/fingerbank/dhcp_fingerprint/list.tt +A html/pfappserver/root/config/fingerbank/dhcp_fingerprint/view.tt +A html/pfappserver/root/config/fingerbank/dhcp_vendor/clone.tt +A html/pfappserver/root/config/fingerbank/dhcp_vendor/create.tt +A html/pfappserver/root/config/fingerbank/dhcp_vendor/index.tt +A html/pfappserver/root/config/fingerbank/dhcp_vendor/list.tt +A html/pfappserver/root/config/fingerbank/dhcp_vendor/view.tt +A html/pfappserver/root/config/fingerbank/mac_vendor/clone.tt +A html/pfappserver/root/config/fingerbank/mac_vendor/create.tt +A html/pfappserver/root/config/fingerbank/mac_vendor/index.tt +A html/pfappserver/root/config/fingerbank/mac_vendor/list.tt +A html/pfappserver/root/config/fingerbank/mac_vendor/view.tt +A html/pfappserver/root/config/fingerbank/user_agent/clone.tt +A html/pfappserver/root/config/fingerbank/user_agent/create.tt +A html/pfappserver/root/config/fingerbank/user_agent/index.tt +A html/pfappserver/root/config/fingerbank/user_agent/list.tt +A html/pfappserver/root/config/fingerbank/user_agent/view.tt +A html/pfappserver/root/config/fingerbank/useragents/clone.tt +A html/pfappserver/root/config/fingerbank/useragents/create.tt +A html/pfappserver/root/config/fingerbank/useragents/index.tt +A html/pfappserver/root/config/fingerbank/useragents/list.tt +A html/pfappserver/root/config/fingerbank/useragents/view.tt + +commit ea7bfe161f5c52ac006563d13d547aaa02559c95 +Author: James Rouzier +Date: Thu Dec 11 15:17:14 2014 -0500 + + Added the fingerbank library path + +M html/pfappserver/lib/pfappserver.pm + +commit 844cefb9da46ff24f7dbd69f9058515c51f34f28 +Author: Julien Semaan +Date: Thu Apr 2 12:39:06 2015 -0400 + + Add missing cluster files to packaging + +M addons/packages/packetfence.spec + +commit 0bdbcfedc22d2ae3c4e9970690ddfa42ee594089 +Author: Derek Wuelfrath +Date: Thu Apr 2 12:25:22 2015 -0400 + + Missing PID condition + +M db/upgrade-X.X.X-X.Y.Z.sql + +commit 8eb13edb98856fd132060a04f94a2ca9aadd328f +Author: James Rouzier +Date: Thu Apr 2 11:32:50 2015 -0400 + + Cleanup the getting the last switch + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm + +commit 433944fbd2e9d99b9e6c6f30f110e0801cce0a62 +Author: James Rouzier +Date: Thu Apr 2 11:20:15 2015 -0400 + + Group alter table on iplog_archive and iplog + +M db/upgrade-X.X.X-X.Y.Z.sql + +commit 56c236a91daef16f453d452cf00e4933865c58ea +Author: James Rouzier +Date: Thu Apr 2 10:39:39 2015 -0400 + + Remove 'Use of uninitialized value' when Null auth is used + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm +M lib/pf/authentication.pm + +commit 7cfef818cabe588441dcbf03c920a074f4e38ff7 +Author: James Rouzier +Date: Wed Apr 1 16:44:19 2015 -0400 + + Add bypass_role_id + +M db/pf-schema-X.Y.Z.sql + +commit 7c256d1175eb714923ba5b4e816bf8314781db8c +Author: James Rouzier +Date: Wed Apr 1 16:28:28 2015 -0400 + + Updated help + +M lib/pf/cmd/pf.pm +M lib/pf/cmd/pf/help.pm + +commit c2e6f81e8e2a1c6c2f04a863b2446cf97bc21a7b +Author: James Rouzier +Date: Wed Apr 1 16:28:08 2015 -0400 + + Add taint option + +M bin/pfcmd.pl + +commit 4c363e63e94ae9add88f98ffc22112712dbb1349 +Author: James Rouzier +Date: Wed Apr 1 16:22:38 2015 -0400 + + Help returns 0 and print to STDOUT + +M lib/pf/cmd/roles/show_help.pm + +commit 04419af7afec1a1a1ef5f70ddc5eaa125fdbdc65 +Author: James Rouzier +Date: Wed Apr 1 16:21:58 2015 -0400 + + Add -T for bin/pfcmd-old.pl + +M t/binaries.t + +commit d696558dac3071f8d26b9f97c935c0d527e80680 +Author: James Rouzier +Date: Wed Apr 1 16:19:58 2015 -0400 + + Do not use undefined role in log message + +M lib/pf/vlan.pm + +commit 314fc77a4bd59dbc8013ada2c033f9ce2b73542b +Author: James Rouzier +Date: Wed Apr 1 14:24:44 2015 -0400 + + Untaint module name before loading + +M lib/pf/cmd/subcmd.pm + +commit b2b89be07e084c3c92b4fffe63d55329fd7b46fa +Author: Derek Wuelfrath +Date: Wed Apr 1 16:25:16 2015 -0400 + + Update existing unregistered nodes + +M db/upgrade-X.X.X-X.Y.Z.sql + +commit f8fed79bb2e96f1d6ea49a8044b564fc1dcc8452 +Author: Derek Wuelfrath +Date: Mon Mar 16 10:59:30 2015 -0400 + + Leftovers from rebase + +M lib/pf/config.pm + +commit 947ce2bb9a7b8f6232e46e968209add3d00f742c +Author: Derek Wuelfrath +Date: Mon Mar 16 10:56:43 2015 -0400 + + Add admin pid + +M lib/pf/constants.pm + +commit 5843a512e17057479ae8f9ed52121d3b8e548594 +Author: Derek Wuelfrath +Date: Mon Mar 9 15:48:36 2015 -0400 + + And of course by OR I was meaning AND + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Node/Manager.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Status.pm + +commit 656057acea67d16367158eb2cd267c1edaf42838 +Author: Derek Wuelfrath +Date: Thu Feb 12 17:50:48 2015 -0500 + + Backward compatibility + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Node/Manager.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Status.pm +M lib/pf/config.pm +M lib/pf/node.pm + +commit 31504573c2e1efec07b5fbcb00e6461c5a28307d +Author: Derek Wuelfrath +Date: Thu Feb 12 17:32:58 2015 -0500 + + Few more instances + +M conf/pf.conf.defaults +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm +M lib/pf/person.pm +M lib/pf/pfcmd/checkup.pm +M lib/pf/web/wispr.pm + +commit 9e1531ec9eb08b25106d451fa8fd577116ed202d +Author: Derek Wuelfrath +Date: Thu Feb 12 17:12:17 2015 -0500 + + Not needed + +M db/pf-schema-X.Y.Z.sql +M db/upgrade-X.X.X-X.Y.Z.sql + +commit 8cf2e17a10d53b3b99c0d928646b47fce17581eb +Author: Derek Wuelfrath +Date: Wed Feb 11 23:29:38 2015 -0500 + + UPGRADE document + +M UPGRADE.asciidoc + +commit b91d4adc6b536604e07b548cd6338026aacf002b +Author: Derek Wuelfrath +Date: Wed Feb 11 23:25:03 2015 -0500 + + Post rebase + +M db/pf-schema-4.6.0.sql +M db/pf-schema-X.Y.Z.sql +M db/upgrade-X.X.X-X.Y.Z.sql + +commit 1e9731082939dbdf0a92c6eef847c5ff84a9e5eb +Author: Derek Wuelfrath +Date: Fri Dec 5 15:28:09 2014 -0500 + + New 'default' default user + +M db/pf-schema-4.6.0.sql +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Sms.pm +M lib/pf/node.pm + +commit 72e3cfa0c0a680de5bc648c1116142e96ef17689 +Author: Julien Semaan +Date: Wed Apr 1 13:59:17 2015 -0400 + + remove galera iptables config + +M conf/iptables.conf.example + +commit fa6759ee3e24200c99b73a831dab5b72e5aa41a9 +Author: Julien Semaan +Date: Wed Apr 1 13:59:05 2015 -0400 + + fix copyright + +M html/pfappserver/lib/pfappserver/Form/Field/IPAddresses.pm + +commit 16230818a73f98fbf3804ec83b525e2baf3c832b +Author: Julien Semaan +Date: Wed Apr 1 13:54:18 2015 -0400 + + changes to clustering packaging + +M addons/packages/packetfence.spec + +commit 5bf1ba2b69e06397f59e473b9e90b8479b066927 +Author: Julien Semaan +Date: Wed Apr 1 13:42:51 2015 -0400 + + make dns multiple ip addresses again + +M html/pfappserver/lib/pfappserver/Form/Config/Network.pm + +commit 8bd0110d7dca37758ea4dcd8b19643f0e7292787 +Author: Julien Semaan +Date: Tue Mar 31 08:31:41 2015 -0400 + + adjustement to haproxy script + +M lib/pf/services/manager/haproxy.pm + +commit dd1848e28aecd2624ae6d32598d347d90aeb7b18 +Author: Louis Munro +Date: Wed Apr 1 12:32:00 2015 -0400 + + Added pfcmd-old.pl tomake the buikd pass. + It will be removed before 5 release. + +M addons/packages/packetfence.spec + +commit 12b9ab9173a204d3d19a600cba35894a7a463dd3 +Author: Julien Semaan +Date: Wed Apr 1 12:04:03 2015 -0400 + + added news entry 6ebf404 + +M NEWS.asciidoc + +commit 6ebf40497df2bbea05f521c04ff627a1e8b0fff4 +Author: Julien Semaan +Date: Wed Apr 1 12:00:58 2015 -0400 + + added violations for WLC http + +M lib/pf/Switch/Cisco/WLC_http.pm + +commit 4bf616dbbceae93c0f983b550bd7e79a653e8e15 +Author: lzammit +Date: Wed Apr 1 11:31:59 2015 -0400 + + Update PacketFence_Administration_Guide.asciidoc + + f to F. + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 435ac1bbdb9fe082c17c2367d955f6953cfddf08 +Author: Julien Semaan +Date: Wed Apr 1 11:25:33 2015 -0400 + + Update NEWS.asciidoc + +M NEWS.asciidoc + +commit 741997fb5a91eb173a2cc5b5f6ec6ec2ba259030 +Author: Louis Munro +Date: Wed Apr 1 11:18:21 2015 -0400 + + Rebased with devel. + +M lib/pf/vlan.pm + +commit c513eda4caf043d68cf9895ada10fd8f86bbb7d7 +Author: Louis Munro +Date: Wed Mar 4 10:50:44 2015 -0500 + + Made string comparison more explicit. + +M lib/pf/vlan.pm + +commit 730d98ed49221d3e4dc4c23478f5aaf87cdd09a3 +Author: Louis Munro +Date: Wed Mar 4 10:33:18 2015 -0500 + + Fixes a case where unregistered nodes are sent to getNormalVlan when the + registration VLAN is not an integer. + +M lib/pf/vlan.pm + +commit 1a5a2de54708522328dc9034b60dbc330216d88f +Author: James Rouzier +Date: Wed Apr 1 10:30:25 2015 -0400 + + Added USERS_CREATE_MULTIPLE to the 'User Manager' role + +M conf/adminroles.conf.example + +commit b3285e376bdcca83ee044ae5097bdc2f03e5ce58 +Author: Julien Semaan +Date: Wed Apr 1 09:38:41 2015 -0400 + + minor adjustements to doc + +M docs/PacketFence_Clustering_Guide.asciidoc + +commit 9853fb5dcce0065fec011ecb937531c0ea793665 +Author: Julien Semaan +Date: Wed Apr 1 09:38:29 2015 -0400 + + moved docinfo for clustering + +A docs/PacketFence_Clustering_Guide-docinfo.xml +D docs/PacketFence_Clustering_Quick_Install_Guide-docinfo.xml + +commit e725600a194868e06af9646e6198d2d84967702c +Author: James Rouzier +Date: Tue Mar 31 18:39:53 2015 -0400 + + Corrected pod doc + +M lib/pf/base/cmd/config_store.pm +M lib/pf/cmd/display.pm +M lib/pf/cmd/pf/checkup.pm + +commit ab750b40c7ae622bc0c98dbff81f7c4eb1e3e2ee +Author: James Rouzier +Date: Tue Mar 31 18:38:46 2015 -0400 + + Remove Strict-Transport-Security + +M conf/httpd.conf.d/httpd.aaa +M conf/httpd.conf.d/httpd.admin +M conf/httpd.conf.d/httpd.portal +M conf/httpd.conf.d/httpd.webservices + +commit 83029373902798ab8592e8a696c4be6d67ac5810 +Author: James Rouzier +Date: Tue Mar 31 15:39:54 2015 -0400 + + Remove contraint for bypass_role_id + +M db/upgrade-X.X.X-X.Y.Z.sql + +commit 067b4d878c78376f75250d228964c98dcca1c3fa +Author: James Rouzier +Date: Tue Mar 31 15:31:41 2015 -0400 + + Add new workflow for start services + +M lib/pf/cmd/pf/service.pm + +commit 5b5ed017cf8f7ad4c6c409ba52d8908dacc1f627 +Author: Julien Semaan +Date: Tue Mar 31 08:50:37 2015 -0400 + + rename clustering guide + +M Makefile +A docs/PacketFence_Clustering_Guide.asciidoc +D docs/PacketFence_Clustering_Quick_Install_Guide.asciidoc + +commit 74040625026f2bc0b0697e6fe79cc58be345fca3 +Author: Julien Semaan +Date: Tue Mar 31 08:37:46 2015 -0400 + + Adapted cluster documentation + added heartbeat + +M docs/PacketFence_Clustering_Quick_Install_Guide.asciidoc + +commit 47664f3879c84bfb2a014cac7d1ec16a0f302717 +Author: Julien Semaan +Date: Tue Mar 31 08:07:38 2015 -0400 + + add missing import + +M lib/pfconfig/namespaces/resource/cluster_hosts.pm + +commit b42391803cd535195c969268f8d3e0cc02e5799f +Author: James Rouzier +Date: Mon Mar 30 16:11:19 2015 -0400 + + Fixed issue of use of an uninitialized value on debian based install + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm + +commit 79d93b58dd5e81976c2eced513588814b00cb80e +Author: root +Date: Mon Mar 30 10:32:15 2015 -0400 + + add iptables.conf to replication + +M bin/cluster/sync + +commit 37cb76bab0179903101ea41d89792068f670fbd7 +Author: Julien Semaan +Date: Mon Mar 30 10:28:10 2015 -0400 + + change mysql haproxy config + +M lib/pf/services/manager/haproxy.pm + +commit 86d0b90ad3627ef1ae6c1d7f18ad43c12d337417 +Author: Julien Semaan +Date: Mon Mar 30 10:27:21 2015 -0400 + + make mysql be a tcp resource + +M conf/haproxy.conf.example + +commit defed2b818c898855626ac807b230e59aecf7584 +Author: root +Date: Mon Mar 30 09:41:58 2015 -0400 + + add error to log + +M bin/cluster/sync + +commit 7baa1fddb54e379b1f33356c2ff4905536c540e4 +Author: Julien Semaan +Date: Mon Mar 30 09:39:57 2015 -0400 + + add heartbeat to iptables + +M conf/iptables.conf.example + +commit 406054c6a979ca4d2ca964712c99131d7181c51d +Author: Julien Semaan +Date: Mon Mar 30 09:38:49 2015 -0400 + + make haproxy use localhost to bind mysql + +M conf/haproxy.conf.example +M lib/pf/services/manager/haproxy.pm + +commit bb52d74654f24ad030f8563264dbf5dd19cb89fa +Author: James Rouzier +Date: Wed Mar 18 17:04:56 2015 -0400 + + Added constraint to nodes table + +M db/upgrade-X.X.X-X.Y.Z.sql + +commit 30e4e4c7018876df8b4f14a54923affb369228dd +Author: James Rouzier +Date: Wed Mar 18 17:04:04 2015 -0400 + + Fixed ambiguous sql statements + +M lib/pf/node.pm + +commit 41d3b1d5c5ed11ab27117a6282739d71d935dc4b +Author: James Rouzier +Date: Wed Mar 18 15:09:52 2015 -0400 + + Fix searching for bypass_role + +M html/pfappserver/lib/pfappserver/Model/Search/Node.pm + +commit e8956b1951ffa51b9497016f91a40fad81157910 +Author: James Rouzier +Date: Wed Mar 18 15:04:56 2015 -0400 + + Fixed issue where bypass_role_id not being set + +M lib/pf/node.pm + +commit aed0b8567c844156cdb260172ca1b121b368475e +Author: James Rouzier +Date: Tue Mar 17 14:09:39 2015 -0400 + + Rename the bypass_role to bypass_role_id and display the bypass_role_id name as bypass_role + +M html/pfappserver/lib/pfappserver/Form/Node.pm +M html/pfappserver/root/node/view.tt +M lib/pf/node.pm + +commit c73197e5acf66ceebd19735989e5dd4a978cea27 +Author: James Rouzier +Date: Tue Mar 17 14:07:53 2015 -0400 + + Display the bypass_role + +M html/pfappserver/lib/pfappserver/Model/Search/Node.pm + +commit 2805f09608614058b53e90228aab94e892b9348d +Author: James Rouzier +Date: Tue Mar 17 13:07:01 2015 -0400 + + Conditionally add bypass_role to node + +M db/upgrade-X.X.X-X.Y.Z.sql + +commit 6946f24a3641d4189fc9a08e86d3e72fdc74cde3 +Author: James Rouzier +Date: Tue Mar 17 13:06:05 2015 -0400 + + Fix syntax error + +M html/pfappserver/root/node/search.tt + +commit d77a0fa9aa77aad5ba63c762176bcebc80a875af +Author: James Rouzier +Date: Tue Mar 17 13:05:20 2015 -0400 + + Remove extra bypass_role form field + +M html/pfappserver/lib/pfappserver/Form/Node.pm + +commit 240536849f60262766e6df190654da081dddc14f +Author: James Rouzier +Date: Tue Mar 17 12:21:58 2015 -0400 + + Remove custom code from pfappserver::Controller::Node and move it to pfappserver::PacketFence::Controller::Node + +M html/pfappserver/lib/pfappserver/Controller/Node.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Node.pm + +commit 7525b92162239005b7490b99ccade5c828c652aa +Author: Louis Munro +Date: Wed Feb 25 15:42:22 2015 -0500 + + Trying to dig myself out of a hole. + This will need much testing and review. + +M lib/pf/node.pm + +commit e9ff3b38e0b20ed67710d8c87fb905fb2a0cf7e0 +Author: Louis Munro +Date: Tue Feb 24 13:31:16 2015 -0500 + + On the suggestion of fdurand we now return the vlan id if either the + bypass vlan or bypass role is defined with precedence going to + bypass_vlan. + +M lib/pf/vlan.pm + +commit 90c3291c149bf5420ff523b3ca976b082b9d763d +Author: Louis Munro +Date: Mon Feb 23 14:27:16 2015 -0500 + + Fixed the search so it displays by_pass role as a pull down menu. + +M html/pfappserver/lib/pfappserver/Controller/Node.pm +M html/pfappserver/lib/pfappserver/Model/Node.pm +M html/pfappserver/root/admin/bulk_actions.inc +M html/pfappserver/root/node/advanced_search.tt +M html/pfappserver/root/node/search.tt +M html/pfappserver/root/node/simple_search.tt + +commit 893016697a08401c01b7139c2852d4acde3e895a +Author: Louis Munro +Date: Mon Feb 23 13:35:33 2015 -0500 + + Added some more gui love. + Roles are now constrained to theexisting category_ids. + +M html/pfappserver/lib/pfappserver/Form/Node.pm + +commit a2b94d6ddea8d54c8e9514f1024e82727ff1d857 +Author: Louis Munro +Date: Mon Feb 23 12:05:10 2015 -0500 + + Added changes to admin GUI so that bypass_role is displayed. + +M html/pfappserver/lib/pfappserver/Form/Node.pm +M html/pfappserver/root/admin/nodes.tt +M html/pfappserver/root/node/advanced_search.tt +M html/pfappserver/root/node/search.tt +M html/pfappserver/root/node/simple_search.tt +M html/pfappserver/root/node/view.tt + +commit cc6e04c93df1601ae7d510059e7d428d7aa80783 +Author: Louis Munro +Date: Mon Feb 23 11:25:49 2015 -0500 + + Changed _check_bypass to now require two params: + mac and noder_ info. + + Added tests accordingly. + +M lib/pf/vlan.pm +M t/vlan_utils.t + +commit 7c01b6caad0affdf4d0ac15c3d90631a27c3ba53 +Author: Louis Munro +Date: Fri Feb 20 17:15:35 2015 -0500 + + More saving. + Still WIP. + +A t/vlan_utils.t + +commit 8e888beb91e426a0903abc54fa7f18f21d4679eb +Author: Louis Munro +Date: Fri Feb 20 17:11:39 2015 -0500 + + WIP. Just saving before the weekend. + +M db/upgrade-X.X.X-X.Y.Z.sql +M lib/pf/node.pm +M lib/pf/vlan.pm + +commit 6a8bbf79090628051cc792e5b0feb7fa94fb0ef5 +Author: James Rouzier +Date: Fri Mar 27 15:10:10 2015 -0400 + + Fix issue where Static::Simple is sending 'Can't call method "class" on an undefined value' to the log file + +M html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm + +commit 87fbe814ea3e652b117e9a36f2ab1f8ae9f326a9 +Author: Julien Semaan +Date: Fri Mar 27 13:33:30 2015 -0400 + + remove pfupdate script for cluster + +M addons/packages/packetfence.spec +D bin/pfupdate +M lib/pf/services/manager/keepalived.pm + +commit d3c95c2af313b1a60a29f0c4f58289f81222c061 +Author: Julien Semaan +Date: Fri Mar 27 13:24:03 2015 -0400 + + removed interfaces active/active config from administration interface + +M html/pfappserver/lib/pfappserver/Form/Config/Network.pm +M html/pfappserver/lib/pfappserver/Form/Interface.pm +M html/pfappserver/lib/pfappserver/I18N/i_default.po +M html/pfappserver/lib/pfappserver/Model/Interface.pm +M html/pfappserver/root/admin/configuration.tt +M html/pfappserver/root/interface/create.tt +M html/pfappserver/root/interface/view.tt +M html/pfappserver/root/static/js/interface.js + +commit 1c9e7d0f3f221ce95665d7aa6079cc97afa375ac +Author: Julien Semaan +Date: Fri Mar 27 13:17:00 2015 -0400 + + added poddoc to cluster.pm + +M lib/pf/cluster.pm + +commit 241eb8e59df63f3cde61211b50f1b446289abeac +Author: James Rouzier +Date: Fri Mar 27 13:32:27 2015 -0400 + + Helper script to update copyright + +A addons/dev-helpers/update-copyright.sh + +commit 769ed8e2f131f14872ce254a76adbf9767d1d6e5 +Author: Julien Semaan +Date: Fri Mar 27 09:56:43 2015 -0400 + + added doc for active/active + +M docs/PacketFence_Clustering_Quick_Install_Guide.asciidoc + +commit 0229b14cae3e71fd425ea437e34bed53169669be +Author: Julien Semaan +Date: Fri Mar 27 09:02:38 2015 -0400 + + fix doc + +M bin/cluster/management_update + +commit 21e124146d48691a0efabab0db94346921c9bd62 +Author: Julien Semaan +Date: Fri Mar 27 09:02:07 2015 -0400 + + Improve error handling in expiration + +M lib/pf/api.pm + +commit 6832209dbb327da05dcd587b1db672e439a2c1f9 +Author: Julien Semaan +Date: Fri Mar 27 08:55:51 2015 -0400 + + remove perl warnings for standalone servers + +M lib/pf/cluster.pm + +commit acda211c3c10e2f9c79bda74ed9ebd67c27dc682 +Author: Julien Semaan +Date: Fri Mar 27 08:47:07 2015 -0400 + + remove now useless parameters + +M conf/documentation.conf +M conf/pf.conf.defaults + +commit bf0c960f3ca5b41343a6d6a272cf5592642e6256 +Author: Julien Semaan +Date: Fri Mar 27 08:10:24 2015 -0400 + + fix copyrights + +M lib/pf/clustermgmt.pm +M lib/pf/services/manager/haproxy.pm +M lib/pf/services/manager/keepalived.pm + +commit e5e654cbb3b2304cdcb23632ed5520e6ac29c895 +Author: James Rouzier +Date: Fri Mar 27 00:42:22 2015 -0400 + + Add missing module pf::constants + +M lib/pf/Switch/HP/Procurve_2920.pm + +commit eb949783825803ebc187d196b6f74cc32c6ca91b +Author: James Rouzier +Date: Thu Mar 26 21:53:04 2015 -0400 + + Add missing modules + +M lib/pf/cmd/pf/service.pm + +commit 2606ebcf91322d55f994507898d95040698bcc19 +Author: James Rouzier +Date: Fri Mar 20 11:44:53 2015 -0400 + + Update copyright + +M bin/pfcmd.pl +M lib/pf/base/cmd/action_cmd.pm +M lib/pf/base/cmd/config_store.pm +M lib/pf/cmd/display.pm +M lib/pf/cmd/pf.pm +M lib/pf/cmd/pf/cache.pm +M lib/pf/cmd/pf/checkup.pm +M lib/pf/cmd/pf/class.pm +M lib/pf/cmd/pf/class/view.pm +M lib/pf/cmd/pf/configfiles.pm +M lib/pf/cmd/pf/configfiles/pull.pm +M lib/pf/cmd/pf/configfiles/push.pm +M lib/pf/cmd/pf/fingerprint.pm +M lib/pf/cmd/pf/fingerprint/view.pm +M lib/pf/cmd/pf/fixpermissions.pm +M lib/pf/cmd/pf/floatingnetworkdeviceconfig.pm +M lib/pf/cmd/pf/help.pm +M lib/pf/cmd/pf/ifoctetshistorymac.pm +M lib/pf/cmd/pf/ifoctetshistoryswitch.pm +M lib/pf/cmd/pf/ifoctetshistoryuser.pm +M lib/pf/cmd/pf/import.pm +M lib/pf/cmd/pf/import/nodes.pm +M lib/pf/cmd/pf/ipmachistory.pm +M lib/pf/cmd/pf/locationhistorymac.pm +M lib/pf/cmd/pf/locationhistoryswitch.pm +M lib/pf/cmd/pf/networkconfig.pm +M lib/pf/cmd/pf/portalprofileconfig.pm +M lib/pf/cmd/pf/reload.pm +M lib/pf/cmd/pf/reload/fingerprints.pm +M lib/pf/cmd/pf/reload/violations.pm +M lib/pf/cmd/pf/switchconfig.pm +M lib/pf/cmd/pf/version.pm +M lib/pf/cmd/pf/violationconfig.pm +M lib/pf/cmd/roles/need_x_args.pm + +commit c216eaa1607a2df0de01f185f8937149e2b73a7b +Author: James Rouzier +Date: Fri Mar 20 11:35:49 2015 -0400 + + Added command service + +A lib/pf/cmd/pf/service.pm + +commit e80b677ff8ae4e9b8094f2830489d41b489294d4 +Author: James Rouzier +Date: Fri Mar 20 11:22:45 2015 -0400 + + Added command configreload + +A lib/pf/cmd/pf/configreload.pm + +commit fb51a66578dd302d9f2c08f84dd8df14bba0d722 +Author: James Rouzier +Date: Fri Mar 20 11:08:16 2015 -0400 + + Fix return value + +M lib/pf/cmd/pf/fixpermissions.pm + +commit 9e47f47af624e6e6c3d483a9b6790c73982a7d17 +Author: James Rouzier +Date: Thu Mar 12 20:31:36 2015 -0400 + + Remove command pfcmd config + +D lib/pf/cmd/pf/config.pm +D lib/pf/cmd/pf/config/get.pm +D lib/pf/cmd/pf/config/help.pm +D lib/pf/cmd/pf/config/set.pm + +commit d709820d44d8d560b0f215da3d9762395fe08d08 +Author: James Rouzier +Date: Thu Mar 12 20:28:51 2015 -0400 + + Remove unused command + +D lib/pf/cmd/pf/switchlocation.pm +D lib/pf/cmd/pf/switchlocation/view.pm + +commit 27ca001f28c0d7321dad7e0b679ed0bbfec3e345 +Author: James Rouzier +Date: Thu Mar 12 20:19:12 2015 -0400 + + Renamed bin/pfcmd2.pl to bin/pfcmd.pl + +A bin/pfcmd.pl +D bin/pfcmd2.pl + +commit 11fe669035d5723f395c68fd83e5aea0b24063fe +Author: James Rouzier +Date: Thu Mar 12 20:17:33 2015 -0400 + + Renamed pfcmd.pl + +A bin/pfcmd-old.pl +D bin/pfcmd.pl + +commit efc96bb361c2859b69a38c743309f5de241146ae +Author: James Rouzier +Date: Fri Jun 13 11:18:55 2014 -0400 + + Added refactored pfcmd cache + +A lib/pf/cmd/pf/cache.pm + +commit f6bf913047269db73ecb124fcba20e307fbdfc9c +Author: James Rouzier +Date: Thu Feb 6 09:05:45 2014 -0500 + + Ported networkconfig command + +A lib/pf/cmd/pf/networkconfig.pm + +commit 0d0f6fc1f2dd9139e5b4e8f2072e4fb5ba702fdb +Author: James Rouzier +Date: Thu Feb 6 09:00:31 2014 -0500 + + Ported violationconfig command + +A lib/pf/cmd/pf/violationconfig.pm + +commit a5d42991e79600e359b91d222e72b4ae3410cb16 +Author: James Rouzier +Date: Tue Feb 4 13:44:06 2014 -0500 + + New command floatingnetworkdeviceconfig + +A lib/pf/cmd/pf/floatingnetworkdeviceconfig.pm + +commit 1164f7a174a8bb992d402bac0a2183a25db40220 +Author: James Rouzier +Date: Tue Feb 4 13:43:21 2014 -0500 + + portalprofileconfig update to support additional features of pf::base::cmd::action_cmd + +M lib/pf/cmd/pf/portalprofileconfig.pm + +commit 55f87040d644d1c81b1ca854bce5ece31d76f693 +Author: James Rouzier +Date: Tue Feb 4 13:42:04 2014 -0500 + + Move to base class pf::base::cmd::action_cmd + +M lib/pf/cmd/pf/switchconfig.pm + +commit 1b84aa4f121a7b1b626fbb680150b29e36554d20 +Author: James Rouzier +Date: Tue Feb 4 13:39:42 2014 -0500 + + Have actions add, edit & clone parse parameters from the command line properly + +M lib/pf/base/cmd/config_store.pm + +commit 9498365a853e4b12fcc03807b1cf809e3e884ec7 +Author: James Rouzier +Date: Tue Feb 4 10:57:21 2014 -0500 + + Allow custom parse_$action to file in action_args + +M lib/pf/base/cmd/action_cmd.pm + +commit 6215aa82dd8372f1971350c3d70fc4117af73557 +Author: James Rouzier +Date: Mon Feb 3 17:55:22 2014 -0500 + + Fixed parse args not setting action_args + Added helper function action_args + +M lib/pf/base/cmd/action_cmd.pm + +commit 7db149ca0895d63da2b5b08e63aceb573fa58748 +Author: James Rouzier +Date: Mon Feb 3 16:55:21 2014 -0500 + + Added new role + +A lib/pf/cmd/roles/need_x_args.pm + +commit 80cb39e88f6359d83ddad7afd003b049d73a7ae1 +Author: James Rouzier +Date: Mon Feb 3 16:48:05 2014 -0500 + + Added the config command + +A lib/pf/cmd/pf/config.pm +A lib/pf/cmd/pf/config/get.pm +A lib/pf/cmd/pf/config/help.pm +A lib/pf/cmd/pf/config/set.pm + +commit 366fff004cdf4f753886d8cb0347fc43b4cad78b +Author: James Rouzier +Date: Mon Dec 16 10:54:45 2013 -0500 + + Revert to the devel version + +M lib/pf/cmd/roles/show_help.pm + +commit a73afb5a4d0a932b8ec60c6c614c1f410746c581 +Author: James Rouzier +Date: Tue Dec 3 13:48:43 2013 -0500 + + Renamed pf::cmd::action_cmd to pf::base::cmd::action_cmd and pf::cmd::config_store to pf::base::cmd::config_store + +A lib/pf/base/cmd/action_cmd.pm +A lib/pf/base/cmd/config_store.pm +D lib/pf/cmd/action_cmd.pm +D lib/pf/cmd/config_store.pm +M lib/pf/cmd/pf/portalprofileconfig.pm +M lib/pf/cmd/pf/switchconfig.pm + +commit 94d75b7eb71b43ee364ce22414204f7f74a6da2a +Author: James Rouzier +Date: Tue Dec 3 13:23:28 2013 -0500 + + Added command fixpermissions + +A lib/pf/cmd/pf/fixpermissions.pm + +commit 758625cdc29bf721a4fb5c96e35b38dc4fc4b1bc +Author: James Rouzier +Date: Tue Dec 3 13:07:54 2013 -0500 + + Updated help added new command fixpermissions + +M lib/pf/cmd/pf.pm + +commit 0b3a9e1f85a93790335b08964736d27e74acc0d6 +Author: James Rouzier +Date: Mon Aug 19 15:59:15 2013 -0400 + + Parse args for command get + +M lib/pf/cmd/pf/switchconfig.pm + +commit 9d81750621822dc5a268ea02cb11d6c1e746e061 +Author: James Rouzier +Date: Mon Aug 19 10:30:49 2013 -0400 + + Added initial switchconfig command + +A lib/pf/cmd/pf/switchconfig.pm + +commit 67cae0c7adc5ad59a7e9fe451513fc59f270ffba +Author: James Rouzier +Date: Fri Jul 19 12:10:14 2013 -0400 + + If file is empty do nothing + +M lib/pf/import.pm + +commit 2cecdd5e66ddd564d9291f18af55a49baee27575 +Author: James Rouzier +Date: Fri Jul 19 12:04:58 2013 -0400 + + Added new command import + +A lib/pf/cmd/pf/import.pm +A lib/pf/cmd/pf/import/nodes.pm + +commit aadd460699bbf3de5e2cfafa41ac6f276d086e35 +Author: James Rouzier +Date: Fri Jul 19 12:04:22 2013 -0400 + + Removed unused modules and delay loading of modules + +M lib/pf/cmd/pf.pm +M lib/pf/cmd/pf/ifoctetshistorymac.pm +M lib/pf/cmd/pf/ifoctetshistoryswitch.pm +M lib/pf/cmd/pf/locationhistorymac.pm +M lib/pf/cmd/pf/locationhistoryswitch.pm + +commit 8b3a1c6a6eeb1ecc01b75b946cc6a89fb735febd +Author: James Rouzier +Date: Fri Jul 19 12:02:01 2013 -0400 + + Moved to use Role::Tiny + +M lib/pf/cmd.pm +M lib/pf/cmd/roles/show_help.pm +M lib/pf/cmd/roles/show_parent_help.pm + +commit edf20c3ad971af0b2c7d13781c9a9f4677a76777 +Author: James Rouzier +Date: Thu Jul 18 23:16:46 2013 -0400 + + Added new command ipmachistory + +A lib/pf/cmd/pf/ipmachistory.pm + +commit f09463cd58b7c677c61435a405d870306398f13f +Author: James Rouzier +Date: Mon Jul 15 18:52:14 2013 -0400 + + Force Pod::Usage to use Pod::Text::Termcap as it's parent class + +M lib/pf/cmd/roles/show_help.pm + +commit ae65897471566f878efe275afeea5776c08a55da +Author: James Rouzier +Date: Mon Jul 15 17:22:39 2013 -0400 + + Updated pod + +M bin/pfcmd2.pl +M lib/pf/cmd/pf.pm +M lib/pf/cmd/pf/checkup.pm + +commit ca5d3dac182ffaab7fa77a26f2c4a9dc5bd8494c +Author: James Rouzier +Date: Mon Jul 15 14:06:28 2013 -0400 + + Added new command ifoctetshistoryuser + +A lib/pf/cmd/pf/ifoctetshistoryuser.pm + +commit 19c7de61ca35a017d091e93de23bcd5d416b70ab +Author: James Rouzier +Date: Mon Jul 15 10:53:16 2013 -0400 + + delay the import of pf::config::ui until needed + +M lib/pf/cmd/display.pm + +commit 3ad43b6042c9f6fee82a40f955c70dccd63e093d +Author: James Rouzier +Date: Fri Jul 12 12:09:36 2013 -0400 + + Added new command ifoctetshistorymac + +A lib/pf/cmd/pf/ifoctetshistorymac.pm + +commit 5ac0aa589e1db5baed0308330e6a922399a9e00a +Author: James Rouzier +Date: Fri Jul 12 12:08:01 2013 -0400 + + Refactor to use helpActionCmd + +M lib/pf/cmd/pf.pm + +commit bb387e2e110a65d8f04d77033fe93d51b681a85a +Author: James Rouzier +Date: Thu Jul 11 10:49:05 2013 -0400 + + renamed method checkArgs to parseArgs + +M lib/pf/cmd/action_cmd.pm +M lib/pf/cmd/pf/fingerprint/view.pm +M lib/pf/cmd/pf/ifoctetshistoryswitch.pm +M lib/pf/cmd/pf/locationhistorymac.pm +M lib/pf/cmd/pf/locationhistoryswitch.pm +M lib/pf/cmd/pf/switchlocation/view.pm + +commit c81db1c28185d73034557f4addf81254b1c4582f +Author: James Rouzier +Date: Thu Jul 11 10:48:26 2013 -0400 + + renamed method checkArgs to parseArgs + +M lib/pf/cmd.pm + +commit 962d062ff71ea07ea2b7c48bced1f9f8b35caa75 +Author: James Rouzier +Date: Wed Jul 10 10:30:43 2013 -0400 + + Add new cmd ifoctetshistorymac + +A lib/pf/cmd/pf/locationhistorymac.pm + +commit 4c57fad2dbb1e72efdd83c3b3d673f56d1070737 +Author: James Rouzier +Date: Wed Jul 10 10:29:51 2013 -0400 + + Add new command ifoctetshistoryswitch + +A lib/pf/cmd/pf/ifoctetshistoryswitch.pm + +commit 0c71336deca5349ce6c2320575114c1d3ed84388 +Author: James Rouzier +Date: Wed Jul 10 10:26:39 2013 -0400 + + pfcmd help will now load the help from sub commands + +M lib/pf/cmd/pf.pm +M lib/pf/cmd/pf/help.pm + +commit 49d08fd702b33eed2a4f53907c2cc49eb5e6be48 +Author: James Rouzier +Date: Wed Jul 10 10:14:54 2013 -0400 + + refactor to use pf::cmd->args + +M lib/pf/cmd/action_cmd.pm +M lib/pf/cmd/pf/class/view.pm +M lib/pf/cmd/pf/fingerprint/view.pm +M lib/pf/cmd/pf/help.pm +M lib/pf/cmd/pf/locationhistoryswitch.pm +M lib/pf/cmd/pf/switchlocation/view.pm + +commit 0e5821757d1b81a64f7728d9787fc8b7dfaea221 +Author: James Rouzier +Date: Wed Jul 10 10:14:01 2013 -0400 + + Added new function args + +M lib/pf/cmd.pm + +commit 6ae1a625569f9c06747c6831cd5f3c8a5aac47c4 +Author: James Rouzier +Date: Tue Jul 9 20:00:30 2013 -0400 + + Made the Pod::Text::Termcap the default Pod::Usage Formatter + +M lib/pf/cmd/roles/show_help.pm + +commit 8906401634d18b63172c02c4cd3076e24bb03fc1 +Author: James Rouzier +Date: Tue Jul 9 19:59:57 2013 -0400 + + removed unused modules + +M lib/pf/cmd/roles/show_parent_help.pm + +commit 9701ccd6189d02d2ee2ba61accdb4faadad439f4 +Author: James Rouzier +Date: Tue Jul 9 19:57:13 2013 -0400 + + refactored to use the pf::cmd::roles::show_help + +M lib/pf/cmd.pm + +commit 0131fc99738ff453df0380cb193f0f2bea81e155 +Author: James Rouzier +Date: Tue Jul 9 19:11:42 2013 -0400 + + Added new command locationhistoryswitch + +A lib/pf/cmd/pf/locationhistoryswitch.pm + +commit 0b9fe59797c82a1ff12aca1b754dd1bab92d6bf1 +Author: James Rouzier +Date: Tue Jul 9 19:11:13 2013 -0400 + + added cmd roles + +M lib/pf/cmd/roles/show_help.pm + +commit 770b65cb3ae316b8122ac2ad3c27689ad53fcc4d +Author: James Rouzier +Date: Tue Jul 9 19:10:11 2013 -0400 + + Added support for ifIndex parameter + +M lib/pf/cmd/pf/switchlocation/view.pm + +commit cf81f52fba0557ce43e2b5246f1ae0b4932ac323 +Author: James Rouzier +Date: Tue Jul 9 19:09:04 2013 -0400 + + Fixed pod doc + +M lib/pf/cmd/pf/switchlocation.pm + +commit 5b1614487dd6ef14e1605f5e7e2af1a0b3cbb81d +Author: James Rouzier +Date: Tue Jul 9 13:40:58 2013 -0400 + + Added new command switchlocation + +A lib/pf/cmd/pf/switchlocation.pm +A lib/pf/cmd/pf/switchlocation/view.pm + +commit b149e7df0b635d00595bd97724a527d22fed66df +Author: James Rouzier +Date: Tue Jul 9 13:40:30 2013 -0400 + + Refactored using new pf::cmd::display interface + +M lib/pf/cmd/pf/fingerprint/view.pm + +commit 4416c912833a517619e78d745441f4d99e2aa544 +Author: James Rouzier +Date: Tue Jul 9 13:39:53 2013 -0400 + + Refactor pf::cmd::display + +M lib/pf/cmd/display.pm + +commit 30c8c1212644479125b349aaf4f279f671467362 +Author: James Rouzier +Date: Tue Jul 9 13:17:16 2013 -0400 + + Added fingerprint command + +A lib/pf/cmd/display.pm +A lib/pf/cmd/pf/fingerprint.pm +A lib/pf/cmd/pf/fingerprint/view.pm + +commit c648232217f8b7aef33de99bc3eeee8cc37ca57a +Author: James Rouzier +Date: Fri Jul 5 17:57:43 2013 -0400 + + renamed lib/pf/cmd/cmd_action.pm to lib/pf/cmd/action_cmd.pm + +A lib/pf/cmd/action_cmd.pm +D lib/pf/cmd/cmd_action.pm +M lib/pf/cmd/config_store.pm + +commit 5ee6d69cd10004f9b18a3acbba24ea75901d0da8 +Author: James Rouzier +Date: Wed Jul 3 14:45:37 2013 -0400 + + New class pf::cmd::pf::portalprofileconfig + +A lib/pf/cmd/pf/portalprofileconfig.pm + +commit 4e51592c440ac72b788b19cc7bd6825e40340dba +Author: James Rouzier +Date: Wed Jul 3 14:45:00 2013 -0400 + + New class pf::cmd::config_store + +A lib/pf/cmd/config_store.pm + +commit f15b949d1ff99172b036f278ecab8029df9dbf87 +Author: James Rouzier +Date: Wed Jul 3 14:42:41 2013 -0400 + + New base class pf::cmd::cmd_action + +A lib/pf/cmd/cmd_action.pm + +commit ae5a201812e42e8a6bd12683220371cdb91219d7 +Author: James Rouzier +Date: Wed Jul 3 14:42:01 2013 -0400 + + Refactored + +M lib/pf/cmd.pm + +commit 30b6534e5203cb3723b953963854180c1476d2ff +Author: James Rouzier +Date: Wed Jul 3 13:48:03 2013 -0400 + + Added documentation and rename run to _run + +M lib/pf/cmd/pf/version.pm + +commit d069da613509fdf7f50e326acb93ac95ff405c68 +Author: James Rouzier +Date: Wed Jul 3 13:41:34 2013 -0400 + + Added help info + renamed run to _run + +M lib/pf/cmd/pf/checkup.pm + +commit 7da8a0ab40ad4d3422de656526305ad4edb131db +Author: James Rouzier +Date: Wed Jul 3 13:37:55 2013 -0400 + + Removed function print_results from pf::cmd added new function showHelp + +M lib/pf/cmd.pm + +commit d10cf9863581ee7c0e5e599ff8e3bfa2e70fe195 +Author: James Rouzier +Date: Wed Jul 3 12:48:26 2013 -0400 + + Refactor help for subcmd to use pod of the parent cmd + +M bin/pfcmd2.pl +M lib/pf/cmd.pm +M lib/pf/cmd/pf.pm +M lib/pf/cmd/pf/class.pm +D lib/pf/cmd/pf/class/help.pm +M lib/pf/cmd/pf/configfiles.pm +D lib/pf/cmd/pf/configfiles/help.pm +M lib/pf/cmd/pf/reload.pm +D lib/pf/cmd/pf/reload/help.pm + +commit 658b9add79589699e976fc73b144809b1c2a2d0c +Author: James Rouzier +Date: Mon Jul 1 03:20:39 2013 -0400 + + Added new method reload + +A lib/pf/cmd/pf/reload.pm +A lib/pf/cmd/pf/reload/fingerprints.pm +A lib/pf/cmd/pf/reload/help.pm +A lib/pf/cmd/pf/reload/violations.pm + +commit cfa97420714cd938875d9e56e80f2b96a526264d +Author: James Rouzier +Date: Fri Jun 28 20:39:36 2013 -0400 + + Added command configfiles + +A lib/pf/cmd/pf/configfiles.pm +A lib/pf/cmd/pf/configfiles/help.pm +A lib/pf/cmd/pf/configfiles/pull.pm +A lib/pf/cmd/pf/configfiles/push.pm + +commit bd8519ae24f94101dc0c09606dea44e0fdf9c6b6 +Author: James Rouzier +Date: Tue Jun 25 16:24:05 2013 -0400 + + Added version command + +A lib/pf/cmd/pf/version.pm + +commit 74a353c7a88936f8f7f020eadc863c773f8e377e +Author: James Rouzier +Date: Tue Jun 25 13:38:35 2013 -0400 + + Added the class view command + +M bin/pfcmd2.pl +M lib/pf/cmd.pm +A lib/pf/cmd/pf/class/view.pm + +commit df68f997b467a3275374c905ce5d298da59d9028 +Author: James Rouzier +Date: Sun Jun 23 10:21:35 2013 -0400 + + Refactor to namespace pf::cmd and added checkup and class + +M bin/pfcmd2.pl +M lib/pf/cmd.pm +A lib/pf/cmd/pf.pm +A lib/pf/cmd/pf/checkup.pm +A lib/pf/cmd/pf/class.pm +A lib/pf/cmd/pf/class/help.pm +A lib/pf/cmd/pf/help.pm +D lib/pf/pfcmd/cmd.pm +D lib/pf/pfcmd/cmd/help.pm +D lib/pf/pfcmd/cmd/pf.pm +D lib/pf/pfcmd/cmd/pf/help.pm +D lib/pf/pfcmd/cmd/subcmd.pm + +commit a67ea2c2c3e584dccf0b424831ce66aeba3785fd +Author: James Rouzier +Date: Sun Jun 23 10:02:57 2013 -0400 + + refactored to make it more reusable + +M lib/pf/pfcmd/cmd/help.pm + +commit 03f9b82a02e1eab00d65d7f78b4674486db91191 +Author: James Rouzier +Date: Sun Jun 23 10:02:09 2013 -0400 + + reformated the help sections + +M lib/pf/pfcmd/cmd/pf/help.pm + +commit 8fecde0b2b1a76fbe929eb822fb84180e66f975e +Author: James Rouzier +Date: Sun Jun 23 00:11:41 2013 -0400 + + removed preloaded help cmd + +M lib/pf/pfcmd/cmd/pf.pm + +commit 45570e9a790571b8c0d50be7632742de60823408 +Author: James Rouzier +Date: Sun Jun 23 00:11:09 2013 -0400 + + Added the ability dynamically load commands + +M lib/pf/pfcmd/cmd/subcmd.pm + +commit 88aac0a49cbb2baaf63a9b88a0e60cd23901d8d4 +Author: James Rouzier +Date: Sat Jun 22 23:45:04 2013 -0400 + + Initial files for new pfcmd structure + +A bin/pfcmd2.pl +A lib/pf/pfcmd/cmd.pm +A lib/pf/pfcmd/cmd/help.pm +A lib/pf/pfcmd/cmd/pf.pm +A lib/pf/pfcmd/cmd/pf/help.pm +A lib/pf/pfcmd/cmd/subcmd.pm + +commit 2a0ac8398a6f0f24182321de83ae0d593d9bbf36 +Author: James Rouzier +Date: Sun Mar 22 21:43:54 2015 -0400 + + Fixed typo + +M lib/pf/config.pm + +commit 2688f22b28fad6a80c98961280e1241a63144d60 +Author: Louis Munro +Date: Wed Mar 25 10:16:35 2015 -0400 + + Added back the missing ChildInitHandlers. + +M conf/httpd.conf.d/httpd.aaa +M conf/httpd.conf.d/httpd.admin +M conf/httpd.conf.d/httpd.portal +M conf/httpd.conf.d/httpd.webservices + +commit 8d44087dce67288c5f0260dbc56c0f39a1a41d08 +Author: Julien Semaan +Date: Wed Mar 25 09:53:29 2015 -0400 + + Fixed case where realm options would be decoded as an array + +M lib/pf/ConfigStore/Realm.pm + +commit d6a9190d0ba63f7d0afb8e5b746a748e5fa1dee4 +Author: Louis Munro +Date: Wed Mar 25 09:22:34 2015 -0400 + + Removed unused child init handler from httpd.admin. + +M conf/httpd.conf.d/httpd.admin + +commit ab4d9dfcb4b10555f2b50bbfff43dbcfd0b06a76 +Author: Louis Munro +Date: Tue Mar 24 17:31:54 2015 -0400 + + fixed tabs to spaces. + +M lib/pf/StatsD.pm + +commit d0b05d2c428ab9ea110ba4161c4e24ec66b7ad62 +Author: Louis Munro +Date: Tue Mar 24 11:58:55 2015 -0400 + + Improved with jrouzier's comments. + Moved ChildInitHandler to InitHandler, renamed pf::StatsD::util to + pf::util::statsd. + +M conf/httpd.conf.d/httpd.aaa +M conf/httpd.conf.d/httpd.admin +M conf/httpd.conf.d/httpd.portal +M conf/httpd.conf.d/httpd.webservices +D lib/pf/StatsD/util.pm +D lib/pf/WebAPI/ChildInitHandler.pm +M lib/pf/WebAPI/InitHandler.pm +M lib/pf/node.pm +M lib/pf/radius.pm +A lib/pf/util/statsd.pm +M lib/pf/vlan.pm +M raddb/packetfence.pm +D t/StatsD-util.t +A t/util-statsd.t + +commit 26b096e17a08cb36a1cf476829b212af219a9bc6 +Author: Julien Semaan +Date: Tue Mar 24 11:47:39 2015 -0400 + + make api use the firewallsso factory + +M lib/pf/api.pm + +commit e68349384f8ee292bac91498aa8950c8e3c38c9a +Author: Julien Semaan +Date: Tue Mar 24 11:15:09 2015 -0400 + + fix bad cluster detection in dhcpd + +M lib/pf/services/manager/dhcpd.pm + +commit fa97a3273e4e12010cb15cdedfde199c1b889e62 +Author: James Rouzier +Date: Tue Mar 24 11:02:40 2015 -0400 + + Allow portal to work in non apache setup + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm +M html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm + +commit f63a3e42331b8f8e4ef92ad4d42b769246371423 +Author: Julien Semaan +Date: Tue Mar 24 10:55:20 2015 -0400 + + fix undefined namespaces array + +M lib/pfconfig/manager.pm + +commit eb1f00f1d223ff56bb35577a1d86f6165d228eab +Author: Julien Semaan +Date: Tue Mar 24 09:24:20 2015 -0400 + + Added 1st version of quick guide for clustering + +M Makefile +A docs/PacketFence_Clustering_Quick_Install_Guide-docinfo.xml +M docs/PacketFence_Clustering_Quick_Install_Guide.asciidoc + +commit 97ae9b5a307574dd7b9ce6f333cbacaf093eefd1 +Author: Julien Semaan +Date: Mon Mar 23 15:23:07 2015 -0400 + + Added first version of cluster doc + +A docs/PacketFence_Clustering_Quick_Install_Guide.asciidoc + +commit dfb92fea11bf72e22cfd296d1ef6314cbea92e13 +Author: Julien Semaan +Date: Mon Mar 23 13:55:30 2015 -0400 + + fix undefined cluster ip in cluster_enabled + +M lib/pfconfig/namespaces/resource/cluster_enabled.pm + +commit 7427acceebc2c2a94c0192003014e8ca75c64404 +Author: Julien Semaan +Date: Mon Mar 23 13:36:18 2015 -0400 + + Don't generate dhcpd cluster config if no peer + +M lib/pf/cluster.pm +M lib/pf/services/manager/dhcpd.pm + +commit db8cae8b048b2b577ebc547e915fd3349df6862c +Author: Derek Wuelfrath +Date: Mon Mar 23 10:55:52 2015 -0400 + + $mac <-> $ip + +M html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm +M lib/pf/api.pm +M lib/pf/iplog.pm +M lib/pf/web/externalportal.pm + +commit bbc0b61654d6d6fe3cc2c556947ed42d97a29995 +Author: Julien Semaan +Date: Mon Mar 23 10:36:17 2015 -0400 + + fix syntax error + +M lib/pf/password.pm + +commit 9687cbc1f85e99d88e8d4a8c1300f6e09b8d0c5c +Author: Julien Semaan +Date: Mon Mar 23 10:36:11 2015 -0400 + + made pfconfig db configured through configurator + +M html/pfappserver/lib/pfappserver/Model/Config/Pfconfig.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/DB.pm + +commit c1d99edafacc01ded8fc81000aa0f39b35ab885a +Author: Derek Wuelfrath +Date: Mon Mar 23 10:36:03 2015 -0400 + + untainting command + +M lib/pf/util.pm + +commit 2beb375922e424e5ec63194e099bfa9dfd7d3265 +Author: Julien Semaan +Date: Mon Mar 23 09:58:59 2015 -0400 + + remove general section from pfconfig config + +M conf/pfconfig.conf.example +M lib/pfconfig/config.pm + +commit 60cea5dc496dde01619c572a97b0830a510c0865 +Author: Julien Semaan +Date: Mon Mar 23 09:58:27 2015 -0400 + + sync pfconfig config file when joining cluster + +M bin/cluster/sync + +commit 1fd1208c4aaad21df1fd7b694205004ad321c003 +Author: Julien Semaan +Date: Mon Mar 23 07:39:47 2015 -0400 + + adjustements to services split in ha + +M lib/pf/api.pm +M lib/pf/cluster.pm +M lib/pf/pfcmd/checkup.pm +M lib/pf/services/manager/haproxy.pm + +commit 765904f9bbd48ea4d4aa6fcfe980b55ce75da577 +Author: Julien Semaan +Date: Fri Mar 20 18:32:34 2015 -0400 + + fix typo in variable + +M bin/cluster/sync + +commit 10534e245976168d3b998519a17ca7d8777a8fe0 +Author: Julien Semaan +Date: Fri Mar 20 18:23:01 2015 -0400 + + add cert sync for cluster + +M bin/cluster/sync +M lib/pf/file_paths.pm + +commit cefd9bbc37f9dbe91bc36e79a3326dabc29ecfe4 +Author: Julien Semaan +Date: Fri Mar 20 11:51:13 2015 -0400 + + light expire cluster config when updating config + +M lib/pf/api.pm + +commit 78dd228672a2a99500fb6886c639abc00c0b0339 +Author: Julien Semaan +Date: Fri Mar 20 10:57:03 2015 -0400 + + expire the complete resource in expire_all (respect child resources) + +M lib/pfconfig/manager.pm + +commit 5f7469ab759a2a469ef9307bde1ac6435c5b2191 +Author: Julien Semaan +Date: Fri Mar 20 10:38:19 2015 -0400 + + missing semicolumn + +M lib/pfconfig/manager.pm + +commit 47106064bd5dd0844d4e56d6751bffad660fe252 +Author: Julien Semaan +Date: Fri Mar 20 10:35:35 2015 -0400 + + ameliorate logging + +M lib/pf/api.pm + +commit c52b3b0a585c2ea15621cd8b2f09cdfc4b893876 +Author: Julien Semaan +Date: Fri Mar 20 10:33:23 2015 -0400 + + fixes to pfconfig related to cluster onboarding + +M lib/pf/api.pm +M lib/pfconfig/manager.pm + +commit 2480a563e36f740aedde787cb936d599b97ae176 +Author: Julien Semaan +Date: Fri Mar 20 08:30:58 2015 -0400 + + added cluster.conf.example + +A conf/cluster.conf.example + +commit aa7665a23fa03f00ece7500f7cf3e8926f81367c +Author: Julien Semaan +Date: Fri Mar 20 08:28:19 2015 -0400 + + with pfconfig log4perl config file + +A conf/log.conf.d/pfconfig.conf.example + +commit 6d466c5731cecc960d8fde3fa1aa1ab57fee6a77 +Author: Julien Semaan +Date: Fri Mar 20 08:18:27 2015 -0400 + + move module uses to top of file + +M bin/cluster/sync + +commit 492bcdc01c41407084e3309222c774cfcef9228d +Author: Julien Semaan +Date: Fri Mar 20 08:17:53 2015 -0400 + + added doc to cluster sync script + +M bin/cluster/sync + +commit 3fd1151032f442549e58f304d48ef2c069ce67a1 +Author: Julien Semaan +Date: Fri Mar 20 08:14:50 2015 -0400 + + Added option to sync server from another one + +M bin/cluster/sync + +commit 889195995a8694742d446580645a704f77d6e851 +Author: Julien Semaan +Date: Fri Mar 20 07:55:13 2015 -0400 + + added cluster files to gitignore + +M .gitignore + +commit 58cd4d6967b7398fb4e7ea24fe5a1fe66186d0eb +Author: Julien Semaan +Date: Fri Mar 20 07:51:15 2015 -0400 + + removed french code + +D conf/radiusd/packetfence-actif.example +A conf/radiusd/packetfence-cluster.example +M lib/pf/services/manager/radiusd.pm + +commit 7e15f69514f8fc1847a5586a44290a285df3cc46 +Author: Julien Semaan +Date: Fri Mar 20 07:45:39 2015 -0400 + + Cleanup in management update script + +M bin/cluster/management_update + +commit b201ba3fe96c84cededcbca156e9e313db5d972f +Author: Julien Semaan +Date: Thu Mar 19 17:51:05 2015 -0400 + + adding synching command line script for cluster + +A bin/cluster/sync + +commit 1a96ef3988ded475ab3fd66fe1fb4abb59e4d0b8 +Author: Julien Semaan +Date: Thu Mar 19 17:50:44 2015 -0400 + + added missing configstores + +A lib/pf/ConfigStore/ApacheFilters.pm +A lib/pf/ConfigStore/Cluster.pm + +commit 48e2177ea9333ecf0f551fdbb25b5ad919b7726c +Author: Julien Semaan +Date: Thu Mar 19 17:50:23 2015 -0400 + + add constant for cluster config file + +M lib/pf/file_paths.pm + +commit 8b9d8a64504150d96594401a8a971f7cd51bfeef +Author: Julien Semaan +Date: Thu Mar 19 17:32:45 2015 -0400 + + remove unused variable + +M bin/cluster/management_update + +commit 615a8c0ce0572cbd519b267131cf46eb594a488d +Author: Julien Semaan +Date: Thu Mar 19 17:32:32 2015 -0400 + + added missing info in configstores + +M lib/pf/ConfigStore/Pf.pm +M lib/pf/ConfigStore/Switch.pm + +commit cbe4966d7861307cdd39f60bbf6afc9b168aea58 +Author: Julien Semaan +Date: Thu Mar 19 17:11:50 2015 -0400 + + remove the pfmon cluster synchronization + +M lib/pf/api.pm +M lib/pf/clustermgmt.pm + +commit 3200ce83f8eb046653a1e8f63dd7f72787eadded +Author: Julien Semaan +Date: Thu Mar 19 16:59:01 2015 -0400 + + expire overlaying after base namespace + +M lib/pfconfig/manager.pm + +commit da7153559276aaa9cf6d131995b30644d18a820d +Author: Julien Semaan +Date: Thu Mar 19 16:37:12 2015 -0400 + + reload configs when fetching new config file + +M lib/pf/api.pm + +commit 205177a4451ee420beca76ee6a231e61d9acc5e8 +Author: Julien Semaan +Date: Thu Mar 19 16:19:04 2015 -0400 + + Added config replication + services management + refactored logging + +A bin/cluster/management_update +M bin/pfupdate +M lib/pf/cluster.pm +M lib/pf/services/manager/keepalived.pm +M lib/pf/services/manager/pfdhcplistener.pm +M lib/pf/services/manager/pfmon.pm +M lib/pfconfig/backend/mysql.pm +M lib/pfconfig/cached.pm +M lib/pfconfig/cached_array.pm +M lib/pfconfig/cached_hash.pm +M lib/pfconfig/cached_scalar.pm +M lib/pfconfig/log.pm +M lib/pfconfig/manager.pm +M lib/pfconfig/namespaces/config.pm +M lib/pfconfig/namespaces/config/AdminRoles.pm +M lib/pfconfig/namespaces/config/ApacheFilters.pm +M lib/pfconfig/namespaces/config/Authentication.pm +M lib/pfconfig/namespaces/config/Cluster.pm +M lib/pfconfig/namespaces/config/Documentation.pm +M lib/pfconfig/namespaces/config/Firewall_SSO.pm +M lib/pfconfig/namespaces/config/FloatingDevices.pm +M lib/pfconfig/namespaces/config/Network.pm +M lib/pfconfig/namespaces/config/Pf.pm +M lib/pfconfig/namespaces/config/PfDefault.pm +M lib/pfconfig/namespaces/config/Profiles.pm +M lib/pfconfig/namespaces/config/Provisioning.pm +M lib/pfconfig/namespaces/config/Realm.pm +M lib/pfconfig/namespaces/config/Switch.pm +M lib/pfconfig/namespaces/config/Violations.pm +M lib/pfconfig/namespaces/config/VlanFilters.pm +M lib/pfconfig/namespaces/config/template.pm +M lib/pfconfig/namespaces/interfaces.pm +M lib/pfconfig/timeme.pm +M lib/pfconfig/util.pm +M sbin/pfconfig +M sbin/pfdhcplistener +M sbin/pfmon +M t/prepare-pfconfig.t + +commit f5b1884cc80b43b2256b2f896fa0472ca6ccd9f8 +Author: Julien Semaan +Date: Thu Mar 19 10:13:54 2015 -0400 + + Create configuration triggers for replication in cs + +M lib/pf/ConfigStore.pm +M lib/pf/api.pm + +commit ba94f9aa45ae57f21fe910756c1fdb4d5e05bbb5 +Author: Julien Semaan +Date: Wed Mar 18 15:48:45 2015 -0400 + + make keepalived start at the end + +M lib/pf/services.pm + +commit 4e0e9eaf4b9f3603f63081773314a63935b49137 +Author: Julien Semaan +Date: Wed Mar 18 15:48:22 2015 -0400 + + expire cluster in configstore commit + +M lib/pf/ConfigStore.pm + +commit 55a25035768b1a34c757b3cb13b1acfe15e90958 +Author: Julien Semaan +Date: Wed Mar 18 15:47:59 2015 -0400 + + add method to expire cluster + +M lib/pf/api.pm + +commit 053d537c3615db63964f8237df304076bee468b4 +Author: Julien Semaan +Date: Wed Mar 18 15:46:40 2015 -0400 + + make interfaces namespace use host_id + +M lib/pfconfig/namespaces/interfaces/dhcplistener_ints.pm +M lib/pfconfig/namespaces/interfaces/ha_ints.pm +M lib/pfconfig/namespaces/interfaces/inline_enforcement_nets.pm +M lib/pfconfig/namespaces/interfaces/internal_nets.pm +M lib/pfconfig/namespaces/interfaces/listen_ints.pm +M lib/pfconfig/namespaces/interfaces/management_network.pm +M lib/pfconfig/namespaces/interfaces/monitor_int.pm +M lib/pfconfig/namespaces/interfaces/vlan_enforcement_nets.pm + +commit b3c8da37eacb90bf7d7123d9f428a96ae237c4be +Author: Julien Semaan +Date: Wed Mar 18 14:41:58 2015 -0400 + + add cluster expiration methods in webs + +M lib/pf/api.pm + +commit 0ae3bf55e5ea6076bb6be9c67c2b5eddd4f697df +Author: Julien Semaan +Date: Wed Mar 18 14:41:48 2015 -0400 + + moved code from cached.pm to util.pm + +M lib/pfconfig/cached.pm +M lib/pfconfig/util.pm + +commit 75eac9126ea50831a2c43627bb90a232ef92e271 +Author: Julien Semaan +Date: Wed Mar 18 14:41:26 2015 -0400 + + added expire method in pfconfig process + +M sbin/pfconfig + +commit 2b523d0ca7e72604d93d38bed0513a0979ac0883 +Author: Julien Semaan +Date: Wed Mar 18 14:40:58 2015 -0400 + + moved from Log::Fast to Log4perl in pfconfig + +M lib/pfconfig/log.pm + +commit d7153b42a6ad36a477274d968a5ea01838bcabb9 +Author: Julien Semaan +Date: Wed Mar 18 12:39:46 2015 -0400 + + add light/hard expiring + +M lib/pfconfig/manager.pm + +commit de519973b33a75ec090328bd5332f9ade1d0c55e +Author: Julien Semaan +Date: Wed Mar 18 11:59:39 2015 -0400 + + added overlayed namespaces to pfconfig + applied them to interfaces + +M addons/pfconfig/cmd.pl +M lib/pf/cluster.pm +M lib/pf/config.pm +M lib/pfconfig/manager.pm +M lib/pfconfig/namespaces/config/Cluster.pm +M lib/pfconfig/namespaces/config/Pf.pm +M lib/pfconfig/namespaces/interfaces.pm +M lib/pfconfig/namespaces/resource.pm +M lib/pfconfig/namespaces/resource/cluster_servers.pm +M lib/pfconfig/util.pm + +commit 1dbb583686ff9f0adc3897e859102d832c8de7fc +Author: Julien Semaan +Date: Wed Mar 18 08:07:57 2015 -0400 + + Add proper service startup order so vip is not on when services are off + +M lib/pf/services/manager/keepalived.pm + +commit 93b38a7f6a6b89fcf741601ae1d10b3789d49347 +Author: Julien Semaan +Date: Tue Mar 17 15:51:06 2015 -0400 + + Move active/active conf to cluster.conf + +A lib/pf/cluster.pm +M lib/pf/clustermgmt.pm +M lib/pf/config.pm +M lib/pf/iptables.pm +M lib/pf/services/manager/dhcpd.pm +M lib/pf/services/manager/haproxy.pm +M lib/pf/services/manager/keepalived.pm +M lib/pf/services/manager/radiusd.pm +A lib/pfconfig/namespaces/config/Cluster.pm +A lib/pfconfig/namespaces/resource/cluster_enabled.pm +A lib/pfconfig/namespaces/resource/cluster_hosts.pm +A lib/pfconfig/namespaces/resource/cluster_servers.pm +M sbin/pfmon + +commit 333624e44ac4937e4b51637d78e5299c259575f9 +Author: Julien Semaan +Date: Tue Mar 17 07:47:39 2015 -0400 + + deactive pfmon's pid locking temporarly + +M sbin/pfmon + +commit 05f7e7439fc07ba9ab202d7bb64b302fd1f7918c +Author: Julien Semaan +Date: Tue Mar 17 07:44:24 2015 -0400 + + port code to pfconfig + +M lib/pfconfig/namespaces/interfaces.pm + +commit 2ee47b89f95c7b5fea7bccf9a3762fd1e1f05d8b +Author: Durand Fabrice +Date: Mon Mar 16 12:52:17 2015 -0400 + + Fixed Controller + +M html/pfappserver/lib/pfappserver/Controller/Configuration.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Configuration.pm + +commit ff64032f88af1bce5f3ac9958ffdc1f6bea28a39 +Author: Durand Fabrice +Date: Mon Mar 16 10:55:09 2015 -0400 + + Remove duplicate function + +M lib/pf/util.pm + +commit b381b90d67106aa9221b059a42465eb402f8dac3 +Author: Durand Fabrice +Date: Mon Dec 15 11:25:43 2014 -0500 + + Added list of dns + +M lib/pf/services/manager/dhcpd.pm + +commit 4083b60db13e6dfd58dd6e2836f96cc1365c1782 +Author: Durand Fabrice +Date: Fri Dec 12 14:33:36 2014 -0500 + + Added a new port for galera cluster + +M conf/iptables.conf.example +M lib/pf/clustermgmt.pm + +commit fa7949fefa8a43b62963be10fa4450fe2eb80514 +Author: Durand Fabrice +Date: Fri Dec 12 14:04:35 2014 -0500 + + Added port 4444 on management interface (Galera cluster rsync) + +M conf/iptables.conf.example + +commit ef3958f36ab71c0625d701089c93778cf0090b1f +Author: Durand Fabrice +Date: Fri Dec 12 13:55:38 2014 -0500 + + Use a local dbi connection to test the local access to the database (USeless to test through haproxy) + +M lib/pf/clustermgmt.pm + +commit e0ca9074a2c98eaff57d3f309eb04f403badd1fc +Author: Durand Fabrice +Date: Fri Dec 12 11:08:37 2014 -0500 + + Fixed keepalived configuration + +M lib/pf/services/manager/keepalived.pm + +commit 5ea62b66617de7d9eb157c05a94ef5b63ebd8f64 +Author: Durand Fabrice +Date: Fri Dec 12 10:53:24 2014 -0500 + + Use pf_run to send signal HUP to pfdhcplistener + +M bin/pfupdate + +commit 88a08b4dfe6e72e5668fb5dea8b333522ebfb017 +Author: Durand Fabrice +Date: Fri Dec 12 10:30:49 2014 -0500 + + Fixed dhcpd configuration file syntax + +M lib/pf/services/manager/dhcpd.pm + +commit d153761c24e7640166624ffec0482f551fb8177a +Author: Durand Fabrice +Date: Fri Dec 12 10:29:47 2014 -0500 + + Fixed iptables rules for dhcpd sync + +M conf/iptables.conf.example + +commit 91fc169714f4dc6be59fb10e55235de6a25b1e25 +Author: Durand Fabrice +Date: Fri Dec 12 08:37:34 2014 -0500 + + Fixed vip detect and radius config syntax + +M html/pfappserver/lib/pfappserver/Model/Interface.pm +M lib/pf/services/manager/radiusd.pm + +commit aa6169d5421f9769694a364dce5d559fc44c8df8 +Author: Durand Fabrice +Date: Thu Dec 11 16:39:30 2014 -0500 + + Fix radius configuration syntax + +M conf/radiusd/packetfence-actif.example + +commit 98b618342cf772a7aeb6e08c3d9e6611d3721f58 +Author: Durand Fabrice +Date: Thu Dec 11 16:30:30 2014 -0500 + + DonĀ“t change actif_actif_ip if i am the master + +M lib/pf/api.pm + +commit bcd8c60e54e06b8988422aa63921a4b4705ebf6f +Author: Durand Fabrice +Date: Thu Dec 11 15:55:20 2014 -0500 + + Better mysql master detection + +M lib/pf/api.pm +M lib/pf/clustermgmt.pm + +commit bc17e4e5542745fef8c8b5bb58af1ec8a94bafe2 +Author: Durand Fabrice +Date: Thu Dec 11 14:07:22 2014 -0500 + + Reworked interface.js for other and none interface + +M html/pfappserver/root/static/js/interface.js + +commit 21fb3f9d19799ceff52a169cbb46f29b8da12cd8 +Author: Durand Fabrice +Date: Thu Dec 11 13:58:01 2014 -0500 + + Reworked interface.js + +M html/pfappserver/root/static/js/interface.js + +commit 7a170e8c3fe0563d77ffcd7795e85322d957a73a +Author: Durand Fabrice +Date: Thu Dec 11 12:48:47 2014 -0500 + + Test if the management interface exist + +M lib/pf/services/manager/snmptrapd.pm + +commit fb83a2503ebd5cd4efd861068bb5bf86bdc4dc50 +Author: Durand Fabrice +Date: Thu Dec 11 11:50:19 2014 -0500 + + Test if management interface exist in snmptrapd module + +M lib/pf/services/manager/snmptrapd.pm + +commit 182fc87f39208e159f1db4e741872f25628b7e88 +Author: Durand Fabrice +Date: Thu Dec 11 09:48:57 2014 -0500 + + Enable or disable pfdhcplistener depending if the server is the master or slave + +M bin/pfupdate +M lib/pf/clustermgmt.pm +M lib/pf/pfcmd/checkup.pm +M sbin/pfdhcplistener + +commit 54fe1fef8da45fbccc277450faae8df6709fcd30 +Author: Durand Fabrice +Date: Wed Dec 10 16:47:20 2014 -0500 + + Manage if the vip is running or not + +M bin/pfupdate +M lib/pf/clustermgmt.pm +M sbin/pfdhcplistener +M sbin/pfmon + +commit b239ab997f058b174862a2a761c214cfa67cb9bf +Author: Durand Fabrice +Date: Wed Dec 10 15:20:57 2014 -0500 + + Ignore configuration parameter starting with temporary_ + +M lib/pf/pfcmd/checkup.pm + +commit 8d76613de1a8507b7d55e68fe06de266df6e719d +Author: Durand Fabrice +Date: Wed Dec 10 15:05:35 2014 -0500 + + Added pfupdate in packaging + +M addons/packages/packetfence.spec + +commit 28879d1797bb2b72d07cdb31a5e58932968a2362 +Author: Durand Fabrice +Date: Wed Dec 10 15:03:36 2014 -0500 + + Let keepalived manage task + +A bin/pfupdate +M lib/pf/services/manager/keepalived.pm + +commit 4e113a1b725b6965c67e20c8f6f895e7802b42f0 +Author: Durand Fabrice +Date: Wed Dec 10 12:19:32 2014 -0500 + + Use a hash of hash to match the function for the api + +M lib/pf/clustermgmt.pm + +commit 30b5913e3a8c0c0a71bd3c6790038892595d59bf +Author: Durand Fabrice +Date: Wed Dec 10 11:02:41 2014 -0500 + + Changed syntax to pass the test + +M lib/pf/clustermgmt.pm + +commit 3b97d299e612fff761183b627db2d846d49baaae +Author: Durand Fabrice +Date: Wed Dec 10 08:26:18 2014 -0500 + + Local api for checking packetfence service (use from haproxy to check services) + +M conf/haproxy.conf.example +M conf/httpd.conf.d/httpd.admin +M lib/pf/clustermgmt.pm +M lib/pf/services/manager/haproxy.pm + +commit 7b1fbca57fa00573dd2c1d389445644749e92b3b +Author: Durand Fabrice +Date: Tue Dec 9 10:05:58 2014 -0500 + + Added a rest like api to check packetfence services status + +M lib/pf/clustermgmt.pm + +commit aa8bd165acf3071e45508e0f981d06366cfbc323 +Author: Durand Fabrice +Date: Mon Dec 8 16:07:15 2014 -0500 + + Code error + +M conf/httpd.conf.d/httpd.admin +M lib/pf/clustermgmt.pm + +commit 58fb31edec8f28e2a7849b270ca4738c016673f4 +Author: Durand Fabrice +Date: Mon Dec 8 11:16:59 2014 -0500 + + Added virtualhost for packetfence status and fixed packaging (missing conf files) + +M addons/packages/packetfence.spec +M conf/documentation.conf +M conf/httpd.conf.d/httpd.admin +M conf/iptables.conf.example +M conf/pf.conf.defaults +M lib/pf/iptables.pm +M lib/pf/web/constants.pm +M lib/pf/web/dispatcher.pm + +commit 504322f3aa982d9683f981c5026f387a1533ab73 +Author: Durand Fabrice +Date: Fri Dec 5 11:49:19 2014 -0500 + + Added an apache handler on /packetfence_status/... to be able to check the servicesĀ“s status of packetfence (usefull for haproxy) + +M lib/pf/clustermgmt.pm +M lib/pf/web/constants.pm +M lib/pf/web/dispatcher.pm + +commit 662f4cff7d82374608257d9d33f0e7da542090f6 +Author: Durand Fabrice +Date: Fri Dec 5 09:32:43 2014 -0500 + + Fix wrong path + +M lib/pf/services/manager/radiusd.pm + +commit 44f3ed0740a7ed527caac7b1918ab531aa0e4b2e +Author: Durand Fabrice +Date: Thu Dec 4 21:05:03 2014 -0500 + + Push correct freeradius load balancer config template + +M conf/radiusd/packetfence-actif.example + +commit eb6c4dd3f479fcf62abb3da1411fd3a2bd6eace1 +Author: Durand Fabrice +Date: Thu Dec 4 21:03:01 2014 -0500 + + Added freeradius load balancer config generation + +A conf/radiusd/clients.conf.inc.example +A conf/radiusd/packetfence-actif.example +M lib/pf/services/manager/radiusd.pm +M raddb/clients.conf + +commit 4eb85e118c74510a406cfa7e9c7b22856623f072 +Author: Durand Fabrice +Date: Thu Dec 4 14:59:43 2014 -0500 + + Removed pfclustermgmt service (replaced by httpd.webservices) + +M addons/packages/packetfence.spec +M conf/documentation.conf +D conf/log.conf.d/pfclustermgmt.conf.example +M conf/pf.conf.defaults +M lib/pf/pfcmd.pm +M lib/pf/pfcmd/help.pm +D lib/pf/services/manager/pfclustermgmt.pm +D sbin/pfclustermgmt + +commit bc164b05a3fd135be6d913444721a05afedb9ae0 +Author: Durand Fabrice +Date: Thu Dec 4 14:49:43 2014 -0500 + + Moved cluster sync to the webapi + +M lib/pf/api.pm +M lib/pf/clustermgmt.pm + +commit 1e530c63cc1896ffffcb0730541bef73c7e1a482 +Author: Durand Fabrice +Date: Thu Dec 4 11:48:11 2014 -0500 + + Move clusterrpc to httpd.webservices + +M conf/iptables.conf.example +M lib/pf/api.pm +M lib/pf/clustermgmt.pm +M lib/pf/iptables.pm + +commit d80bc1f6e4d8ca4a3b1ac895f2752a07322000b2 +Author: Durand Fabrice +Date: Thu Dec 4 10:44:04 2014 -0500 + + remove useless syncport + +M conf/documentation.conf +M conf/pf.conf.defaults + +commit e2179b96496ab9be1ea0021ca25c3e662dcecd37 +Author: Durand Fabrice +Date: Wed Dec 3 16:28:58 2014 -0500 + + Fixed haproxy and dhcpd configuration + +M conf/dhcpd.conf +M conf/haproxy.conf.example +M lib/pf/services/manager/dhcpd.pm +M lib/pf/services/manager/haproxy.pm + +commit a30c10885dd476f660d889f16dc2044dcfa53967 +Author: Durand Fabrice +Date: Wed Dec 3 11:39:24 2014 -0500 + + Fix undefined values when we start the configuration + +M lib/pf/services/manager/dhcpd.pm +M lib/pf/services/manager/haproxy.pm + +commit b06bed82b4a42ec41e9e847923a379d7e968e1e0 +Author: Durand Fabrice +Date: Wed Dec 3 10:12:45 2014 -0500 + + Prevent updating himself and make active_active_members readonly from admin gui + +M html/pfappserver/lib/pfappserver/Form/Interface.pm +M lib/pf/clustermgmt.pm + +commit e5157c7317683fa39efa540d4a1beba7004d5b9c +Author: Durand Fabrice +Date: Tue Dec 2 15:57:29 2014 -0500 + + Fix generating configuration if active active hasnt been enabled + +M addons/packages/packetfence.spec +M conf/keepalived.conf.example +M conf/pf.conf.defaults +M debian/packetfence.postinst +M html/pfappserver/root/static/js/interface.js +M lib/pf/services/manager/dhcpd.pm +M lib/pf/services/manager/keepalived.pm + +commit 2f69c6a2bfe56848415b7e1cbb10479b3c1e7896 +Author: Durand Fabrice +Date: Tue Dec 2 13:52:49 2014 -0500 + + Manage cluster sync port + +M conf/documentation.conf +M conf/iptables.conf.example +M conf/pf.conf.defaults +M lib/pf/clustermgmt.pm +M lib/pf/iptables.pm + +commit 2ef6d33a4ff78ffabe75ec4d6470da647760c580 +Author: Durand Fabrice +Date: Tue Dec 2 12:50:04 2014 -0500 + + Added missing dependencies + +M addons/packages/packetfence.spec +M debian/control +M debian/packetfence.conffiles + +commit 2e440b772f6e6b5ceede8e4097393fc4b7496aa2 +Author: Durand Fabrice +Date: Tue Dec 2 11:33:07 2014 -0500 + + Added global configuration parameter for the active active members list + +M conf/documentation.conf +M conf/pf.conf.defaults +M html/pfappserver/lib/pfappserver/Controller/Configuration.pm +M html/pfappserver/lib/pfappserver/I18N/i_default.po +M html/pfappserver/root/admin/configuration.tt +M lib/pf/clustermgmt.pm +M lib/pf/services/manager/keepalived.pm + +commit 114ae20c10e37b168904cd1798989c2cb489e993 +Author: Durand Fabrice +Date: Tue Dec 2 09:07:57 2014 -0500 + + Added keepalived configuration template + +A conf/keepalived.conf.example + +commit d9b61fca6cc72c18ad4c1e6faa6aaf8553b66f28 +Author: Durand Fabrice +Date: Tue Dec 2 09:04:46 2014 -0500 + + Added keepalived service and configuration + +M conf/documentation.conf +M conf/pf.conf.defaults +M lib/pf/clustermgmt.pm +M lib/pf/pfcmd.pm +M lib/pf/pfcmd/help.pm +A lib/pf/services/manager/keepalived.pm + +commit 6aa55d27bad0c6495711f4841de7a9ccd509dbe6 +Author: Durand Fabrice +Date: Mon Dec 1 10:35:15 2014 -0500 + + New service pfclustermgmt, New pfmon task sync_cluster + +M conf/documentation.conf +M conf/pf.conf.defaults +M html/pfappserver/lib/pfappserver/Form/Interface.pm +M lib/pf/clustermgmt.pm +M lib/pf/pfcmd.pm +M lib/pf/pfcmd/help.pm +M lib/pf/services/manager/haproxy.pm +A lib/pf/services/manager/pfclustermgmt.pm +M sbin/pfclustermgmt +M sbin/pfmon +D sbin/rpcclient.pl + +commit 1d35fc0a259f4ad2944c30653235161d2e4c6496 +Author: Durand Fabrice +Date: Thu Nov 27 16:43:14 2014 -0500 + + Added JSON RPC for cluster sync + +A conf/log.conf.d/pfclustermgmt.conf.example +A lib/pf/clustermgmt.pm +A sbin/pfclustermgmt +A sbin/rpcclient.pl + +commit 38f8177b9b455931b06c283c68231622882a88a9 +Author: Durand Fabrice +Date: Thu Nov 27 16:40:10 2014 -0500 + + Added active_active_mysql_master param + +M html/pfappserver/lib/pfappserver/Form/Interface.pm +M html/pfappserver/lib/pfappserver/Model/Interface.pm +M html/pfappserver/root/interface/create.tt +M html/pfappserver/root/interface/view.tt +M html/pfappserver/root/static/js/interface.js + +commit 6f94f1aa5f2e348f6ae27d6add6644235e0a727f +Author: Durand Fabrice +Date: Thu Nov 27 11:36:00 2014 -0500 + + Added isManaged logic in haproxy.pm + +M lib/pf/services/manager/haproxy.pm + +commit a55ca57acccb037bea07bb85b2c977ac512e28e6 +Author: Durand Fabrice +Date: Wed Nov 26 09:47:27 2014 -0500 + + Generate haproxy configuration + +D conf/haproxy.conf +A conf/haproxy.conf.example +M html/pfappserver/lib/pfappserver/Form/Interface.pm +M html/pfappserver/root/static/js/interface.js +M lib/pf/services/manager/dhcpd.pm +A lib/pf/services/manager/haproxy.pm + +commit e0b78872fb4dc5d14fe7feb81ec4a599e7c37f39 +Author: Durand Fabrice +Date: Wed Nov 26 08:46:12 2014 -0500 + + Added haproxy as a service + +M conf/documentation.conf +A conf/haproxy.conf +M conf/pf.conf.defaults +M lib/pf/pfcmd.pm +M lib/pf/pfcmd/help.pm + +commit 42d3027f6d3306f96176d520e12b6537ac744310 +Author: Durand Fabrice +Date: Tue Nov 25 10:44:07 2014 -0500 + + Enable tcp port 647 on interfaces where dhcpd is in active/active mode + +M lib/pf/iptables.pm + +commit 37d94e19a75804e5cca4b19f28bc3fd564a5c13d +Author: Durand Fabrice +Date: Tue Nov 25 10:30:18 2014 -0500 + + Introduce dhcp active active configuration + +M html/pfappserver/lib/pfappserver/Form/Interface.pm +M html/pfappserver/lib/pfappserver/Model/Interface.pm +M html/pfappserver/root/interface/create.tt +M html/pfappserver/root/interface/view.tt +M html/pfappserver/root/static/js/interface.js +M lib/pf/services/manager/dhcpd.pm + +commit 150d85764075a81b3384ab044bf9c43d48d0aca3 +Author: Durand Fabrice +Date: Mon Nov 24 15:11:31 2014 -0500 + + Allow dns configuration change in interfaceĀ“s network configuration + +M html/pfappserver/root/static/js/interface.js + +commit bf665f6069c494cb50aed7b7e29b99a1c3a7b9aa +Author: Durand Fabrice +Date: Fri Nov 21 16:41:48 2014 -0500 + + Change configuration parameters to use in pfdns + +M sbin/pfdns + +commit 4dc2db7efc334f9fe05074f889e0d67a6aa4bae1 +Author: Durand Fabrice +Date: Fri Oct 31 08:11:54 2014 -0400 + + Fix syntax + +M sbin/pfdns + +commit 504b15ce13ec9edcbc759ecc6ac885a99ecbf43b +Author: Durand Fabrice +Date: Wed Oct 22 11:11:38 2014 -0400 + + Fix pfdns packet size + +M sbin/pfdns + +commit 5c97672e0123ea584907c6f0035769604b22b007 +Author: Durand Fabrice +Date: Sun Oct 19 11:20:57 2014 -0400 + + Added support for haproxyip in pfdns + +M sbin/pfdns + +commit 8be4b7aa2dac7ca4f6ce3230f9fa2e9062ec78b1 +Author: Durand Fabrice +Date: Fri Nov 21 16:37:08 2014 -0500 + + Added admin gui active/active configuration + +M html/pfappserver/lib/pfappserver/Form/Config/Network.pm +M html/pfappserver/lib/pfappserver/Model/Interface.pm +M html/pfappserver/root/interface/create.tt +M html/pfappserver/root/interface/view.tt +M html/pfappserver/root/static/js/interface.js +M lib/pf/iptables.pm + +commit 6f98dd97a9ef6081923d4d342d141c428a3fdcc7 +Author: Durand Fabrice +Date: Fri Oct 17 22:18:28 2014 -0400 + + Enables tcp dns in iptables, only listen on the management ip for snmptrapd + +M conf/iptables.conf.example +M lib/pf/services/manager/snmptrapd.pm + +commit 01968731585f64876bbab22c94709799c447da01 +Author: Durand Fabrice +Date: Fri Nov 21 15:13:29 2014 -0500 + + Changed for actif/actif setup + +M conf/iptables.conf.example +A html/pfappserver/lib/pfappserver/Form/Field/IPAddresses.pm +M html/pfappserver/lib/pfappserver/Form/Interface.pm +M lib/pf/util.pm + +commit b06b6e57779e83ff83f0ca4d587fb8128dc701a1 +Author: Durand Fabrice +Date: Fri Oct 17 20:29:20 2014 -0400 + + NS query type is now managed by pfdns (Monit dns test use it) + +M sbin/pfdns + +commit f8c507f6538bc2052bdf9b26027a87a0a016afbf +Author: Durand Fabrice +Date: Thu Oct 16 20:45:49 2014 -0400 + + Iptables and vip change for actif/actif + +M conf/iptables.conf.example +M lib/pf/iptables.pm + +commit 0e646ce9ffe1114185a220930210c06e1f4fa9a4 +Author: Derek Wuelfrath +Date: Mon Mar 23 09:56:09 2015 -0400 + + Now use latest schema matching POST-RELEASE steps + +M Makefile + +commit 55231140e03bb133c26aa64c8e44fcc499ff4702 +Author: James Rouzier +Date: Mon Mar 23 09:50:23 2015 -0400 + + Fixed copy and paste error + +M sbin/pfconfig + +commit ce2e8b04201f9efe91995d5d322378a5109e7a1a +Author: Julien Semaan +Date: Mon Mar 23 09:43:09 2015 -0400 + + fix pod doc + +M lib/pfconfig/namespaces/config/Network.pm + +commit aae46ab84cf08da90809819041eba8b61ab18779 +Author: Julien Semaan +Date: Mon Mar 23 09:42:44 2015 -0400 + + make config::Network expire all interfaces config + +M lib/pfconfig/namespaces/config/Network.pm + +commit cbc8fc7a664aab0c9597ffa49dbd7bb19cf05b43 +Author: Julien Semaan +Date: Mon Mar 23 09:34:40 2015 -0400 + + fix comparator for changed values + +M addons/pfconfig/comparator/dumper.pl + +commit e7dce944eab19b206991fe55ddaa0d404ded64c0 +Author: Julien Semaan +Date: Mon Mar 23 09:04:19 2015 -0400 + + removed useless code that was ported to lib/pfconfig + +M lib/pf/config.pm + +commit e11451ad9ece87722486362ee482a68421a28a9d +Author: Julien Semaan +Date: Mon Mar 23 08:55:02 2015 -0400 + + delete control files when starting pfconfig + +M lib/pfconfig/constants.pm +M lib/pfconfig/util.pm +M sbin/pfconfig + +commit 54782e9fa77dc9f6798eb5ae7f6cf59f68594269 +Author: Julien Semaan +Date: Mon Mar 23 07:50:51 2015 -0400 + + Added pod doc to sbin/pfconfig + +M sbin/pfconfig + +commit 2f02cb9be990429a8b2f731d78816ba2ab0fa1ec +Author: Julien Semaan +Date: Mon Mar 23 07:48:39 2015 -0400 + + fix pod doc + copyrights in some files + +D addons/dev-helpers/exported-subs.pl +M lib/pf/config/util.pm +M lib/pfconfig/empty_string.pm +M lib/pfconfig/log.pm +M t/prepare-pfconfig.t + +commit 6844478396fc27b0a335350df68e86cf3d2c0c9f +Author: Julien Semaan +Date: Mon Mar 23 07:41:58 2015 -0400 + + change pfconfig's default db password to match pf.conf.defaults + +M conf/pfconfig.conf.example + +commit 0e351b6549d1f5cac0e6ce76722c30c06d460864 +Author: James Rouzier +Date: Sun Mar 22 12:49:43 2015 -0400 + + Fixed pod + +M html/pfappserver/lib/pfappserver/Model/Config/Pfconfig.pm +M lib/pf/ConfigStore/Authentication.pm +M lib/pf/profile/filter/all.pm + +commit fb3f77ac958d1b9102dc58033428c842e3cea6d9 +Author: James Rouzier +Date: Sun Mar 22 12:07:06 2015 -0400 + + Fix syntax error + +M lib/pf/ipset.pm + +commit c844a57dbeebc9fbe300aa7fb8df2008189c8526 +Author: Derek Wuelfrath +Date: Fri Mar 20 16:07:19 2015 -0400 + + We don't want this to run + +M sbin/pfmon + +commit b23a7d27443e66f3d94cd08efc0e0737f62d20cd +Author: Derek Wuelfrath +Date: Fri Mar 20 15:48:43 2015 -0400 + + OMAPI cache instead of iplog + +M lib/pf/CHI.pm +M lib/pf/iplog.pm + +commit d7d086c4fb2b2d5cdd2c7727fc7ed25d5aea5a7a +Author: Derek Wuelfrath +Date: Fri Mar 20 15:45:36 2015 -0400 + + Enhancements + +M lib/pf/iplog.pm + +commit 632139f4a756db92c012e8186c26dbb984cea2ac +Author: James Rouzier +Date: Fri Mar 20 15:36:33 2015 -0400 + + Set default view to HTML + +M html/pfappserver/lib/pfappserver.pm + +commit ec0e431e06feb38de2cb7a82182e268efef57dd9 +Author: Derek Wuelfrath +Date: Fri Mar 20 14:44:29 2015 -0400 + + mac2ip + +M lib/pf/iplog.pm + +commit d05a2365633db550d72c122067469fd898fa1dd5 +Author: Derek Wuelfrath +Date: Fri Mar 20 14:42:04 2015 -0400 + + Handling configuration + +M conf/documentation.conf +M conf/pf.conf.defaults +M html/pfappserver/lib/pfappserver/I18N/i_default.po +M lib/pf/config.pm +M lib/pf/iplog.pm +M lib/pf/services/manager/dhcpd.pm + +commit e9c0de9a697b5f7663eda36577766b08fed41d14 +Author: Louis Munro +Date: Fri Mar 20 13:08:10 2015 -0400 + + Added feault values for host and port so that pf::node does not choke. + +M lib/pf/StatsD.pm + +commit 68380ca9855800f652cf7c6552e3ef21d8d62cd8 +Author: Louis Munro +Date: Fri Mar 20 11:57:11 2015 -0400 + + Added untaint checks to host and port for StatsD. + Added a counter for node_register and node_unregister. + +M lib/pf/StatsD.pm +M lib/pf/node.pm + +commit b8f6481d187ed469a35875d979f3347e219ea053 +Author: Derek Wuelfrath +Date: Fri Mar 20 10:49:49 2015 -0400 + + Useless call to pf::iplog + +M lib/pf/ipset.pm + +commit 52c6b13afdb17ef363f8c2ce4b0efd713dcad8ad +Author: Derek Wuelfrath +Date: Thu Mar 19 13:38:39 2015 -0400 + + Rename functions + - Also get rid of export... stop polluting namespaces + +M addons/iplog-cleanup.pl +M html/captive-portal/lib/captiveportal/Base/Controller.pm +M html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm +M html/pfappserver/lib/pfappserver/Model/Node.pm +M lib/pf/Portal/Session.pm +M lib/pf/api.pm +M lib/pf/iplog.pm +M lib/pf/ipset.pm +M lib/pf/lookup/node.pm +M lib/pf/provisioner/mobileiron.pm +M lib/pf/provisioner/sepm.pm +M lib/pf/scan.pm +M lib/pf/trigger.pm +M lib/pf/web.pm +M lib/pf/web/custom.pm +M lib/pf/web/externalportal.pm +M lib/pf/web/wispr.pm +M sbin/pfdetect +M sbin/pfdhcplistener +M sbin/pfmon + +commit 14251b9c82245fbf42520abcbebfe4e9838f15ee +Author: Derek Wuelfrath +Date: Thu Mar 19 11:28:46 2015 -0400 + + Code cleanup + +M lib/pf/iplog.pm + +commit 059b78c4c373cf8699cbb32c6c8fa40d8dd57f43 +Author: Derek Wuelfrath +Date: Thu Mar 19 11:15:44 2015 -0400 + + list_open + +M lib/pf/iplog.pm + +commit 302ca6b15bbd1a26c29a15e77681e63f061951f4 +Author: Derek Wuelfrath +Date: Thu Mar 19 11:09:45 2015 -0400 + + iplog_view_open rework + +M html/pfappserver/lib/pfappserver/Model/Node.pm +M lib/pf/iplog.pm +M lib/pf/ipset.pm +M lib/pf/lookup/node.pm + +commit 73000e1d5172aa191a2404321949c18cff5d360a +Author: Derek Wuelfrath +Date: Wed Mar 18 17:09:43 2015 -0400 + + Minor adjustements + +M lib/pf/iplog.pm + +commit aaaa11a706fda14445ba38fc5c99a2127ac642bc +Author: Derek Wuelfrath +Date: Wed Mar 18 16:04:36 2015 -0400 + + Missing argument + +M lib/pf/iplog.pm + +commit d9489e0a226b09dbde2093788d8e047b772dd4ad +Author: Derek Wuelfrath +Date: Wed Mar 18 14:53:44 2015 -0400 + + iplog history rework + +M lib/pf/iplog.pm + +commit 0db4640c8ec83ac534273be6344d19fa33a9f259 +Author: Derek Wuelfrath +Date: Tue Mar 17 15:46:50 2015 -0400 + + Renamming locationlog_history to locationlog_archive for consistency (SQL) + +M addons/database-backup-and-maintenance.sh +A addons/migrate-to-locationlog_archive.sh +D addons/migrate-to-locationlog_history.sh +M db/pf-schema-X.Y.Z.sql +M db/upgrade-X.X.X-X.Y.Z.sql +M docs/PacketFence_Administration_Guide.asciidoc + +commit 46eaed757eb3c699bc89097b5a1cd83f93796f1a +Author: Derek Wuelfrath +Date: Tue Mar 17 15:08:03 2015 -0400 + + Missing references for last commit + +M addons/database-backup-and-maintenance.sh +M lib/pf/iplog.pm + +commit 380c0f20ae6ba93b49a82c36d5a833e96fb893c1 +Author: Derek Wuelfrath +Date: Tue Mar 17 14:57:32 2015 -0400 + + Let's do some more schema modifications !! + - iplog is iplog as we know it (current records) + - iplog_history is now knowned as iplog_archive (containing only post-maintenance records) + - iplog_history as a new table containing past records before beeing pushed to iplog_archive + +M db/pf-schema-X.Y.Z.sql +M db/upgrade-X.X.X-X.Y.Z.sql + +commit 43b7508a2280a75c7eb99d9cbcfe0eea0fa2bae7 +Author: Derek Wuelfrath +Date: Tue Mar 17 08:57:23 2015 -0400 + + Streamlined iplog_history + +M bin/pfcmd.pl +M html/pfappserver/lib/pfappserver/Model/Node.pm +M lib/pf/iplog.pm +M lib/pf/lookup/node.pm + +commit eb7829fac6a2f5ea999ed00c32a4e052eb550614 +Author: Derek Wuelfrath +Date: Mon Mar 16 21:43:26 2015 -0400 + + Minor modifications to comments / logging + +M lib/pf/iplog.pm + +commit fe73d219557275d40c9d979d48b512797052aefe +Author: Derek Wuelfrath +Date: Mon Mar 16 17:15:21 2015 -0400 + + Dead code + +M lib/pf/iplog.pm + +commit 5500c54837a121cd75813b474e10179ad6ddb265 +Author: Derek Wuelfrath +Date: Mon Mar 16 16:29:38 2015 -0400 + + Typo + +M lib/pf/iplog.pm + +commit 63bfd10ca47a909feac321bcc6165d554d958cad +Author: Derek Wuelfrath +Date: Mon Mar 16 16:27:58 2015 -0400 + + Added some check + +M lib/pf/iplog.pm + +commit 30b7a232217968cc5a25a6b31eb175571bb93913 +Author: Derek Wuelfrath +Date: Mon Mar 16 16:25:09 2015 -0400 + + Adjusted logging statements + +M lib/pf/iplog.pm + +commit 1ad1a3858e3f97e9c4a63c1e125432b53fd1224b +Author: Derek Wuelfrath +Date: Mon Mar 16 16:14:25 2015 -0400 + + Added trigger name to pod + +M lib/pf/iplog.pm + +commit 27430855f2bfce9a45e83da657b8c0bb635c6257 +Author: Derek Wuelfrath +Date: Mon Mar 16 16:04:59 2015 -0400 + + Streamlined open and close of iplog + +M lib/pf/api.pm +M lib/pf/iplog.pm +M lib/pf/web/externalportal.pm + +commit 0676a37c909a5109f9cf45c26fc20988b4e8b766 +Author: Derek Wuelfrath +Date: Mon Mar 16 12:42:30 2015 -0400 + + Adjusted comment + +M lib/pf/iplog.pm + +commit 5c7d099914336713cf0af8cae0befb7bd8134788 +Author: Derek Wuelfrath +Date: Mon Mar 16 12:39:54 2015 -0400 + + Dead code + +M lib/pf/iplog.pm + +commit bad0b4d732b81a9354bc2bdde195b8bc2c646ac3 +Author: Derek Wuelfrath +Date: Mon Mar 16 11:04:23 2015 -0400 + + Fixed lenght for ipv6 + +M db/pf-schema-X.Y.Z.sql +M db/upgrade-X.X.X-X.Y.Z.sql + +commit 9567a94d2fa789497ac0285be5ebc950e85e6384 +Author: Derek Wuelfrath +Date: Sun Mar 15 18:48:52 2015 -0400 + + Fixed MAC addresses length + +M db/pf-schema-X.Y.Z.sql +M db/upgrade-X.X.X-X.Y.Z.sql + +commit f0d510d08ef3efae2ed71c07d9359d31d968ffee +Author: James Rouzier +Date: Sun Mar 15 15:49:53 2015 -0400 + + Improve pod doc and logging + +M lib/pf/iplog.pm + +commit 2f8ebbc67d7fe02411443421f7d6b422de91c7ef +Author: James Rouzier +Date: Sun Mar 15 15:44:28 2015 -0400 + + Updated pod doc + +M lib/pf/OMAPI.pm + +commit 01bc35c6cde6cc7dfc2ef369bfddbc9dded920b5 +Author: James Rouzier +Date: Fri Mar 13 16:51:13 2015 -0400 + + Do not return an expired lease + +M lib/pf/iplog.pm + +commit e6155ad2e099dbe2b592f98e9ecd81ecd2b830dd +Author: Derek Wuelfrath +Date: Fri Mar 13 16:13:52 2015 -0400 + + Schema changes: + - timestamp + - trigger + +M db/pf-schema-X.Y.Z.sql +M db/upgrade-X.X.X-X.Y.Z.sql + +commit 16e0c8ba52f1cb5a132ca66ba7fa1d36e8e6fe3e +Author: Derek Wuelfrath +Date: Fri Mar 13 15:21:14 2015 -0400 + + Schema adjustments + +M db/pf-schema-X.Y.Z.sql +M db/upgrade-X.X.X-X.Y.Z.sql + +commit cd293d44ac66c3410e786da7fcdf56855fef1ce5 +Author: Derek Wuelfrath +Date: Fri Mar 13 14:22:31 2015 -0400 + + Minor adjustments + +M lib/pf/iplog.pm + +commit 0230bd4d37369eae0e60dedfa94cfd39a0fe3e66 +Author: Derek Wuelfrath +Date: Fri Mar 13 14:18:47 2015 -0400 + + Remove (now) unused libs + +M lib/pf/iplog.pm + +commit 1d74c217c3cf823cc6d1dac9067b50f4d7dc7380 +Author: James Rouzier +Date: Fri Mar 13 13:54:48 2015 -0400 + + Fix typo + +M lib/pf/iplog.pm + +commit 1c7a3670ffce7102d8c4e2e2cc332c1a5199f58f +Author: James Rouzier +Date: Fri Mar 13 13:51:26 2015 -0400 + + Expire all iplog entries in 1 minute + +M lib/pf/iplog.pm + +commit d3f488fd72a38ec91a153afe3cda4c4f29c44f05 +Author: James Rouzier +Date: Fri Mar 13 13:40:44 2015 -0400 + + Add missing module + +M lib/pf/iplog.pm + +commit 103ce28c1d22f84e57da8a024ad1dce2a9a78cf3 +Author: Derek Wuelfrath +Date: Fri Mar 13 13:16:36 2015 -0400 + + Reworked ip2mac + - Removed the 'date' argument since it was not used + - Removed useless check using ARP/PING + - Removed related to ARP method + - Refactored matching methods + +M lib/pf/iplog.pm + +commit 6d39bffdf6970a08365371e1d039e513cc6d155a +Author: Derek Wuelfrath +Date: Fri Mar 13 11:23:27 2015 -0400 + + Typos + +M conf/pf.conf.defaults + +commit 3849940ad6b8b0c262d5a1304ecca4610163879f +Author: Derek Wuelfrath +Date: Fri Mar 13 11:21:23 2015 -0400 + + Missing primary key + +M db/pf-schema-X.Y.Z.sql +M db/upgrade-X.X.X-X.Y.Z.sql + +commit 82168e44c4a81a40e039452981215e2315695178 +Author: Derek Wuelfrath +Date: Fri Mar 13 11:09:13 2015 -0400 + + Reworked schema + - New table for performances + - varchar 255 to handle ipv6 + +M db/pf-schema-X.Y.Z.sql +M db/upgrade-X.X.X-X.Y.Z.sql + +commit 6f60b0592671cef5e022e87ae2980c9bba5aef9e +Author: James Rouzier +Date: Thu Mar 12 17:22:23 2015 -0400 + + Updated documentation + +M lib/pf/OMAPI.pm + +commit a73c2f932f286a023e30ad1d09727399dd942e9e +Author: James Rouzier +Date: Thu Mar 12 17:21:21 2015 -0400 + + Update documentation + +M lib/pf/OMAPI.pm + +commit cb53f1d821a484b78597f0c67b1e9bfab7e7cb6c +Author: James Rouzier +Date: Thu Mar 12 17:16:07 2015 -0400 + + Fixed typo + +M lib/pf/OMAPI.pm + +commit 1bdca46781d71eaf29464633651dc2459ee62181 +Author: James Rouzier +Date: Thu Mar 12 17:14:27 2015 -0400 + + Renamed keyname to key_name and move omapi from teh advanced section to it's own + +M addons/dev-helpers/omapi.pl +M conf/documentation.conf +M conf/pf.conf.defaults +M html/pfappserver/lib/pfappserver/I18N/i_default.po +M lib/pf/iplog.pm +M lib/pf/services/manager/dhcpd.pm + +commit ceea9d1a1ad7f108555c9b280ec66751142fe4cb +Author: James Rouzier +Date: Thu Mar 12 16:43:21 2015 -0400 + + rename field keyname to key_name + +M lib/pf/OMAPI.pm + +commit c25bca61fb7eb11128afccfd3506f3cbe26ccf47 +Author: jrouzierinverse +Date: Thu Mar 12 14:03:23 2015 -0400 + + Updating the default value for omapi_key_name + +M conf/pf.conf.defaults + +commit 21e5eeb66a9f7f0451301ec5aad41efa061e4fa5 +Author: James Rouzier +Date: Tue Mar 10 11:03:29 2015 -0400 + + Update copyright + +M addons/dev-helpers/omapi.pl +M lib/pf/OMAPI.pm + +commit bce3a1b47dad285c6bddbfaa08323d56e54e48e8 +Author: James Rouzier +Date: Wed Dec 17 10:30:35 2014 -0500 + + Add new packages + +M debian/control + +commit 988f22770022a16c6aa78c64af444cd3b57bdb9f +Author: James Rouzier +Date: Mon Dec 15 14:22:19 2014 -0500 + + Added new packages + +M addons/packages/packetfence.spec + +commit 4edc3385a4e0c914060fa2fb4584cda63c4e4521 +Author: James Rouzier +Date: Wed Nov 19 13:31:12 2014 -0500 + + If omapi is enabled then configure it for dhcpd server + +M lib/pf/services/manager/dhcpd.pm + +commit 1d2f0018c55d3874485e8aab7f04dddbfd6f3aed +Author: James Rouzier +Date: Wed Nov 19 13:30:12 2014 -0500 + + Added an omapi section + +M conf/dhcpd.conf + +commit 386aa0f95725d22ffea46e71fd59b25b93be505d +Author: James Rouzier +Date: Wed Nov 19 11:53:33 2014 -0500 + + Reformatted script + +M addons/dev-helpers/omapi.pl + +commit 8ec4e9826e17108667e2c0f95bf998843c220482 +Author: James Rouzier +Date: Tue Nov 18 15:41:10 2014 -0500 + + Use UTC to check expiration + +M lib/pf/iplog.pm + +commit 0e3732995f235ab26d9b3a9bfc18622715ebf5d1 +Author: James Rouzier +Date: Tue Nov 18 15:40:27 2014 -0500 + + Added missing module and fix check for data + +M lib/pf/iplog.pm + +commit 50fe7cfed20391fcf1422ad2a2d373562f5ba50b +Author: James Rouzier +Date: Tue Nov 18 15:03:00 2014 -0500 + + Cache the results of the omapi lookup + +M lib/pf/iplog.pm + +commit 4f0ea1ba50383e54896f26d77f8e9b0f345ab174 +Author: James Rouzier +Date: Tue Nov 18 15:02:01 2014 -0500 + + Fix the packing of the mac address + +M lib/pf/OMAPI.pm + +commit fd1ab1e82804bdb32796f96f7594a1db04ad8028 +Author: James Rouzier +Date: Tue Nov 18 15:01:21 2014 -0500 + + Added support for mac + +M addons/dev-helpers/omapi.pl + +commit 151facfd8c46062990068b906abed59302c7bcae +Author: James Rouzier +Date: Thu Nov 13 15:37:37 2014 -0500 + + Added new namespace iplog + +M lib/pf/CHI.pm + +commit 58b7ec619964e6fdc29ad97a471503d36bd50255 +Author: James Rouzier +Date: Wed Nov 12 16:58:56 2014 -0500 + + Zero pad the mac address + +M lib/pf/OMAPI.pm + +commit e3cf81f66cdf31b6c07f7d5013d83624fd4911a7 +Author: James Rouzier +Date: Wed Nov 12 13:12:49 2014 -0500 + + New function mac2ipomapi + +M lib/pf/iplog.pm + +commit 0fee8fa14da99f8a9ebe880db0c0d0c5f4ea3c42 +Author: James Rouzier +Date: Wed Nov 12 13:11:41 2014 -0500 + + Refactor creating the omapi client to the function _get_omapi_client + +M lib/pf/iplog.pm + +commit 8f86831a2537848bed1f8f4f91fd9965fafe3a49 +Author: James Rouzier +Date: Wed Nov 12 12:11:00 2014 -0500 + + Add ip option + +M addons/dev-helpers/omapi.pl + +commit b585b71b888bbac7a622d1c3e36968b06a9cc43b +Author: James Rouzier +Date: Wed Nov 12 11:57:33 2014 -0500 + + Fixed issue with typos + +M lib/pf/iplog.pm + +commit 0e8b315dc07c170ca2e653b071747ac87aac5e56 +Author: jrouzierinverse +Date: Wed Nov 12 11:25:58 2014 -0500 + + Fixed hard coded value for ip + +M lib/pf/iplog.pm + +commit c2e529a21475f05dc4daa39e2b90ebb8d23536b8 +Author: James Rouzier +Date: Mon Nov 10 17:13:06 2014 -0500 + + Updated pod doc + +M lib/pf/OMAPI.pm + +commit f01b497a0b5135c45aa423cdb68aee41b1490c11 +Author: James Rouzier +Date: Mon Nov 10 16:15:50 2014 -0500 + + Use the omapi client if advanced.use_omapi_to_lookup_mac is enabled + +M lib/pf/iplog.pm + +commit 0c0b30373ea267a2b59deb6829175274e2c1f1d5 +Author: James Rouzier +Date: Mon Nov 10 15:59:28 2014 -0500 + + Add new parameters for using omapi for ip -> mac resolution + +M conf/documentation.conf +M conf/pf.conf.defaults + +commit 6f5c87c43a03c7280b8e5e8872abddfd4ee6db23 +Author: James Rouzier +Date: Mon Nov 10 14:17:27 2014 -0500 + + Set the default values using sub routines + +M lib/pf/OMAPI.pm + +commit fc798fa39ba317ae6c82d3c15fa3fef379a6209c +Author: James Rouzier +Date: Mon Nov 10 13:35:03 2014 -0500 + + Remove DDP and switch to Data::Dumper + +M addons/dev-helpers/omapi.pl + +commit 570fe94330307d1a73d7ed20986a2d70cc21308d +Author: James Rouzier +Date: Mon Nov 10 13:34:22 2014 -0500 + + Removed unused import pairs + +M lib/pf/OMAPI.pm + +commit a8cc679a25fb50ae6eeafe898f7a87da5ed4469a +Author: James Rouzier +Date: Mon Nov 10 09:53:29 2014 -0500 + + Script for testing omapi connections + +A addons/dev-helpers/omapi.pl + +commit cb1b31531f04234c3955435b5c149893ccfe8836 +Author: James Rouzier +Date: Mon Nov 10 09:53:05 2014 -0500 + + New module for connectioning and querying omapi service + +A lib/pf/OMAPI.pm + +commit f9726494fe7edf6d9e3d9b04927a55a6527e7000 +Author: Louis Munro +Date: Thu Mar 19 15:10:24 2015 -0400 + + Added statsd calls to vlan.pm. + +M lib/pf/radius.pm +M lib/pf/vlan.pm + +commit 925ad00bd18d8109c4ac3b94dc28af239368cf51 +Author: Louis Munro +Date: Thu Mar 19 14:49:06 2015 -0400 + + Added more statsd calls in radius.pm. + +M lib/pf/radius.pm + +commit f23bc736000c7a17b745fc8bbe529a2d7d6c52c2 +Author: Louis Munro +Date: Thu Mar 19 14:29:19 2015 -0400 + + Added an end() convenience method to pf::StatsD to automatically compute + elapsed time. + + Added StatsD support to raddb/packetfence.pm. + +M lib/pf/StatsD.pm +M lib/pf/radius.pm +M raddb/packetfence.pm + +commit f130c429c6861952374db07384620b338733306c +Author: Louis Munro +Date: Fri Mar 13 16:26:50 2015 -0400 + + Added basic statsd support. + +M conf/documentation.conf +M conf/httpd.conf.d/httpd.aaa +M conf/httpd.conf.d/httpd.admin +M conf/httpd.conf.d/httpd.portal +M conf/httpd.conf.d/httpd.webservices +M conf/pf.conf.defaults +M html/pfappserver/lib/pfappserver/I18N/en.po +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Configuration.pm +M html/pfappserver/root/admin/configuration.tt +A lib/Etsy/StatsD.pm +A lib/pf/StatsD.pm +A lib/pf/StatsD/util.pm +A lib/pf/WebAPI/ChildInitHandler.pm +M lib/pf/WebAPI/InitHandler.pm +M lib/pf/radius.pm +A t/StatsD-util.t +A t/StatsD.t + +commit 0c1bb5df0b4b445a056b32273613737678e8249a +Author: Julien Semaan +Date: Thu Mar 19 14:21:11 2015 -0400 + + Deactivate warnings while reading from the socket + +M lib/pfconfig/cached.pm + +commit 5c8a00cad0e29b931276b64305af85f40cccd44f +Author: James Rouzier +Date: Thu Mar 19 12:50:42 2015 -0400 + + Do not lock pidfile in createpid + +M lib/pf/services/util.pm + +commit 5c577a070bc27f95011c8908dfaee0eb2b26d3b0 +Author: James Rouzier +Date: Mon Mar 16 17:59:11 2015 -0400 + + Refactored admin group creation + +M html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm + +commit 007250454e02fb60674bbce0f1161287448961ce +Author: James Rouzier +Date: Mon Mar 16 17:58:42 2015 -0400 + + Fix error from rebase + +M lib/pf/admin_roles.pm + +commit c695c0d96bf319688737b935bb7fdf07f8a2c972 +Author: James Rouzier +Date: Mon Mar 16 16:19:36 2015 -0400 + + Fixed typo + +M lib/pf/constants/admin_roles.pm + +commit 99c7442718544337cea816bff65d2d8b0e5a9505 +Author: James Rouzier +Date: Mon Mar 2 12:31:59 2015 -0500 + + Do not show the multiple user creation sections if the admin user does not have the the right to the action USERS_CREATE_MULTIPLE + +M html/pfappserver/root/admin/users.tt +M html/pfappserver/root/user/create.tt + +commit 79c51600be32dd25b2a808c1f180a4be9dd23874 +Author: James Rouzier +Date: Mon Mar 2 12:29:57 2015 -0500 + + Restrict the creation of multiple user with the admin action USERS_CREATE_MULTIPLE + +M html/pfappserver/lib/pfappserver/PacketFence/Controller/User.pm + +commit bb903f9ef3ab4b9601a94014fdbe7e5af27196fc +Author: James Rouzier +Date: Mon Mar 2 12:24:28 2015 -0500 + + Fixed actions not being picked up for AdminRoleAny attribute + +M html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm + +commit 5a2cd464b327f31ffefe872b70830fa17922309a +Author: James Rouzier +Date: Mon Mar 2 11:28:35 2015 -0500 + + Added new attribute AdminRoleAny + +M html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm +M html/pfappserver/lib/pfappserver/Base/Controller.pm + +commit 594b4096e954f57e9a055d292b0e8c0d9d137ec4 +Author: James Rouzier +Date: Mon Mar 2 11:05:50 2015 -0500 + + Added support for action USERS_CREATE_MULTIPLE + +M html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm +M html/pfappserver/lib/pfappserver/I18N/i_default.po + +commit 964b0000a2e1de9527c2d39128ce89efcf49a9e1 +Author: James Rouzier +Date: Mon Mar 2 10:50:16 2015 -0500 + + fix typo + +M lib/pf/admin_roles.pm + +commit d3363c3f0cc38cabaa56a8320e0304cded06e70f +Author: James Rouzier +Date: Mon Mar 2 10:20:29 2015 -0500 + + Added new action USERS_CREATE_MULTIPLE + +M lib/pf/admin_roles.pm +M lib/pf/constants/admin_roles.pm + +commit 0c7c2a872f3395806f42423739d8d21c8ab6142c +Author: Julien Semaan +Date: Mon Mar 16 16:04:46 2015 -0400 + + Set proper rights on pfconfig startup + +M addons/pfconfig/pfconfig.init + +commit 2b8303e50150eeeaf81c9edda3599337a5a4b123 +Author: James Rouzier +Date: Mon Mar 16 12:10:36 2015 -0400 + + Ensure that the file permissions of the socket is correct + +M sbin/pfconfig + +commit d5bd17f35b5d375416a7ba1c772e6cf5c74416c8 +Author: Louis Munro +Date: Mon Mar 16 10:58:17 2015 -0400 + + Used a constant for "plaintext". + +M lib/pf/password.pm + +commit e7c10de0c587d4a1c593ab7c45caa15e34e412f4 +Author: Louis Munro +Date: Mon Mar 16 10:54:57 2015 -0400 + + Renamed 'Database Passwords' to 'Local Database Passwords' for added + expliciteness in configurator. + +M html/pfappserver/root/configurator/configuration.tt + +commit 23805dbb3b0513494db6477f1e5ddb955ff96896 +Author: Louis Munro +Date: Mon Mar 16 10:53:30 2015 -0400 + + Cleaned up some. + +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Configurator.pm + +commit 4404d1a04c3f44617395b721ec6b776f5c56f907 +Author: Louis Munro +Date: Mon Mar 16 10:51:32 2015 -0400 + + Optimised regex match for algorithm type. + +M lib/pf/password.pm + +commit 9e7611a27ccb171c08bea5cc792bc05442fdb46d +Author: Louis Munro +Date: Mon Mar 16 10:48:46 2015 -0400 + + Added modules to build files. + +M addons/packages/packetfence.spec +M debian/control + +commit 60aca3532c9959ecac4d7dfa9f36787a166832a1 +Author: Louis Munro +Date: Mon Mar 16 10:38:05 2015 -0400 + + Moved algorithm strings to constants. + Moved 'use' statements to top of file. + +M lib/pf/password.pm + +commit d8a0f65fe80393e37e5c4fa09f323c666a7f6249 +Author: Louis Munro +Date: Mon Mar 16 10:11:26 2015 -0400 + + Removed unused cases for NT hashes and md5. + +M lib/pf/password.pm + +commit c5cfcbb5c58d0ffeda223423013ad1369d86c31b +Author: Louis Munro +Date: Mon Mar 16 10:07:33 2015 -0400 + + Removed useless version number in pf::password. + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm +M lib/pf/password.pm +M lib/pf/web/guest.pm + +commit 81de8ab6db832cf04189cd7bcd5fe2a09aa56930 +Author: Louis Munro +Date: Fri Mar 13 09:33:30 2015 -0400 + + Modified to add configurator support. + +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Configurator.pm +M html/pfappserver/root/configurator/configuration.tt +M html/pfappserver/root/static/configurator/configuration.js + +commit 195bd1ce4901c727ce0a6a84cc3a1ab43a33efdd +Author: Louis Munro +Date: Thu Mar 12 16:08:45 2015 -0400 + + Added coded so that emailed passwords are cleartext and not hashes. + +M html/pfappserver/lib/pfappserver/Model/User.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/User.pm + +commit 1585e277475d2c1c20a482b0bb20df26c637bbe5 +Author: Louis Munro +Date: Thu Mar 12 14:47:10 2015 -0400 + + Now passing the newly created users passwords through the session so we + can print them out later. + +M html/pfappserver/lib/pfappserver/PacketFence/Controller/User.pm + +commit da83e2f07dbac71a94061397498d15fe44fa0007 +Author: Louis Munro +Date: Wed Mar 11 15:44:46 2015 -0400 + + Changed the default to hash_password for bcrypt. + +M conf/pf.conf.defaults + +commit e3e7292b2b9d27dd884242aea41d541ea93a6cad +Author: Louis Munro +Date: Wed Mar 11 15:06:02 2015 -0400 + + Fixed the unhandled case of empty password in User form (to have PF + generate the password)> + +M lib/pf/password.pm + +commit 3d5f5e7c3c8145759ce7a1b471fcc9889780972e +Author: Louis Munro +Date: Wed Mar 11 14:22:05 2015 -0400 + + Removed unused database hashing_cost and hash_passwords. + +M conf/pf.conf.defaults + +commit bce901fbef623ea32fab465b31e2f65b0e2411b1 +Author: Louis Munro +Date: Mon Mar 16 09:46:49 2015 -0400 + + Rebasing. + Added pf::constants to pf::password. + +M conf/radiusd/sql.conf.example +M db/pf-schema-X.Y.Z.sql +M db/upgrade-X.X.X-X.Y.Z.sql +M docs/PacketFence_Administration_Guide.asciidoc +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm +M html/pfappserver/lib/pfappserver/Model/DB.pm +M html/pfappserver/lib/pfappserver/Model/Search/User.pm +M html/pfappserver/lib/pfappserver/Model/User.pm +A lib/pf/password.pm +M lib/pf/person.pm +D lib/pf/temporary_password.pm +M lib/pf/web/guest.pm +M raddb/sites-available/packetfence-tunnel +A t/password.t +D t/temporary_password.t + +commit 514c520244e4232f5a8a731ed6df62a470b5c3c8 +Author: Louis Munro +Date: Thu Mar 12 17:09:36 2015 -0400 + + Rebased on devel. + Updated reference to temporary_password => password. + +M lib/pf/Authentication/Source/SQLSource.pm + +commit ac7a64209ef93f1a175304f86a730dd1195fa4da +Author: Louis Munro +Date: Wed Mar 4 14:11:31 2015 -0500 + + Added 18n strings. + +M html/pfappserver/lib/pfappserver/I18N/en.po +M html/pfappserver/lib/pfappserver/I18N/i_default.po + +commit b52e83e7e6c57278f49dd23523f7d3def62fe9e4 +Author: Louis Munro +Date: Wed Mar 4 13:32:18 2015 -0500 + + Moved "database" option to " advanced" until we find a better place for + them. + I am open to suggestions... + +M conf/documentation.conf +M conf/pf.conf.defaults +M lib/pf/temporary_password.pm + +commit a7135c3b8c0a7a6219ecf57365a695ed554727fc +Author: Louis Munro +Date: Thu Feb 26 16:02:39 2015 -0500 + + Fixed the admin. Can now reset a password properly. + +M html/pfappserver/lib/pfappserver/Model/DB.pm +M lib/pf/temporary_password.pm + +commit 137f54e675535efdf5cb065767fb31136a30ffae +Author: Louis Munro +Date: Thu Feb 26 14:48:59 2015 -0500 + + Modified reset_password so it checks to see if hashing is configured and + acts accordingly. + +M lib/pf/temporary_password.pm + +commit ef44d800952edcefd46b38258e6af61ab44ddc64 +Author: Louis Munro +Date: Thu Feb 26 14:31:17 2015 -0500 + + fixed broken documention because of =<< operator. + +M conf/documentation.conf + +commit ec6063730bd2aef025608c0f28b426bff51f09f5 +Author: Louis Munro +Date: Thu Feb 26 10:51:18 2015 -0500 + + Update temporary_password version. + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm +M lib/pf/temporary_password.pm +M lib/pf/web/guest.pm + +commit ec7d060e60ec4c3bc99f75a7762a04d738a62131 +Author: Louis Munro +Date: Mon Sep 1 17:11:58 2014 -0400 + + Added configuration settings in pf.conf.defaults. + +M conf/documentation.conf +M conf/pf.conf.defaults +M lib/pf/temporary_password.pm +M t/temporary_password.t + +commit 081d930c8b2c863adaf28e03f6856cfcf4270e20 +Author: Louis Munro +Date: Tue Aug 26 12:29:06 2014 -0400 + + New branch because devel is currently broken and I can't test. + +M lib/pf/temporary_password.pm +A t/temporary_password.t + +commit b80d8353b0d66fc0aca3938dca7655095995cb36 +Author: James Rouzier +Date: Sun Mar 15 16:17:43 2015 -0400 + + Fixed getopts call + +M sbin/pfconfig + +commit 0db01757e72820f742859698ba32d0de1c2d8a5d +Author: James Rouzier +Date: Sun Mar 15 14:51:05 2015 -0400 + + pf::config no longer re-exports $ACCT_TIME_MODIFIER_RE $DEADLINE_UNIT + +M html/pfappserver/lib/pfappserver/Form/Field/ExtendedDuration.pm +M lib/pf/accounting.pm +M lib/pf/config.pm +M lib/pf/web/util.pm + +commit 0afe2798f8116706a04f0b51c68cf7c12f757f34 +Author: James Rouzier +Date: Sun Mar 15 14:39:31 2015 -0400 + + pf::config no longer re-exports $TIME_MODIFIER_RE + +M bin/pfcmd.pl +M html/pfappserver/lib/pfappserver/Form/Field/Duration.pm +M html/pfappserver/lib/pfappserver/Form/Field/ExtendedDuration.pm +M lib/pf/config.pm +M lib/pf/config/util.pm +M lib/pf/pfcmd/checkup.pm +M lib/pf/web/util.pm + +commit eb828c1cfa364c698f3dcb238d766869e29008b5 +Author: James Rouzier +Date: Sun Mar 15 14:28:06 2015 -0400 + + Add signal handling code and remove pid when the shutting down pfconfig + +M sbin/pfconfig + +commit d8fa18e98894cf017e968493f00193929229a2be +Author: James Rouzier +Date: Sun Mar 15 14:29:02 2015 -0400 + + Move deletepid to pf::services::util + +M lib/pf/services/util.pm +M lib/pf/util.pm + +commit 113927f58296eb874aa41e1a05a3068e5aae05e5 +Author: James Rouzier +Date: Fri Mar 13 16:18:46 2015 -0400 + + Export ADMIN_ACTIONS from pf::constants::admin_roles + +M addons/extract_i18n_strings.pl +M html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm +M lib/pf/admin_roles.pm + +commit 4f75e63d480d4a6accbffc1e84e29ae0c95fedc9 +Author: James Rouzier +Date: Fri Mar 13 16:16:52 2015 -0400 + + Allow ADMIN_ACTIONS to be exported + +M lib/pf/constants/admin_roles.pm + +commit 2ef2cace2278f4664ab2699747c89aecb76f9c05 +Author: Julien Semaan +Date: Fri Mar 13 13:03:24 2015 -0400 + + Remove calls to dumper + +M lib/pf/violation_config.pm + +commit 72719ad1b54d85f8a1054a0718509b2e24a059b0 +Author: Julien Semaan +Date: Fri Mar 13 12:55:35 2015 -0400 + + change path of udp reflector sources + +M docs/PacketFence_Administration_Guide.asciidoc + +commit bfde675c87da40dfc1c6059ce86bb9398306c7a3 +Author: James Rouzier +Date: Fri Mar 13 11:35:21 2015 -0400 + + Call get_all_unittests in smoke.t instead of automatically in TestUtils + +M t/TestUtils.pm +M t/smoke.t + +commit eb98902946d421c0c4414549c58664d8b779ed18 +Author: James Rouzier +Date: Fri Mar 13 11:18:40 2015 -0400 + + Fix missing include + +M lib/pfconfig/namespaces/config/Profiles.pm + +commit 17766afcedc528d0adbcaba6315819ccdaeb8bf1 +Author: Derek Wuelfrath +Date: Fri Mar 13 11:01:57 2015 -0400 + + No longer needed + +D db/upgrade-X.X.X-5.0.0.sql +M db/upgrade-X.X.X-X.Y.Z.sql + +commit 80b8009e5215b5d0014e3653fe8f3ff41c9f4ab8 +Author: James Rouzier +Date: Fri Mar 13 10:49:54 2015 -0400 + + pf::config does not re-exports TRUE,FALSE and default_pid + +M lib/pf/config.pm +M lib/pf/config/util.pm +M lib/pf/firewallsso/Checkpoint.pm +M lib/pf/util.pm + +commit 31db40fa4c3f87f33bf81c115e2e222392cfac52 +Author: Julien Semaan +Date: Fri Mar 13 10:45:08 2015 -0400 + + added search to cached_hash + +M lib/pf/iptables.pm +M lib/pfconfig/cached_hash.pm + +commit a50db97a9b969fb9dbbbbe2e469ce80655bb2c12 +Author: Julien Semaan +Date: Fri Mar 13 10:20:59 2015 -0400 + + added a method to search a hash of config + used in in iptables + +M lib/pf/iptables.pm +M lib/pf/util.pm + +commit f5af215b13703935321759b533ddfa5666153231 +Author: Julien Semaan +Date: Fri Mar 13 10:06:07 2015 -0400 + + remove useless use of provisioner configstore + +M lib/pf/provisioner/mobileiron.pm + +commit 484ceed25d5546cef1468bf079bfa81cb8f2c94a +Author: Julien Semaan +Date: Fri Mar 13 10:03:26 2015 -0400 + + move from configstore to hashes in factories + +M lib/pf/factory/firewallsso.pm +M lib/pf/factory/provisioner.pm +M lib/pf/firewallsso.pm +M lib/pf/firewallsso/BarracudaNG.pm +M lib/pf/firewallsso/Checkpoint.pm +M lib/pf/firewallsso/FortiGate.pm +M lib/pf/firewallsso/PaloAlto.pm +M lib/pfconfig/namespaces/config/Firewall_SSO.pm + +commit 60ad319ddc77257baa0ce47276243529b48b613f +Author: Julien Semaan +Date: Fri Mar 13 09:09:08 2015 -0400 + + Remove centos 7 i386 doc for udp reflector + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 9ddf536fb678400ff2167fa88eaa1875bf3c077a +Author: Durand Fabrice +Date: Fri Mar 13 08:31:32 2015 -0400 + + Fix for packaging + +M addons/packages/packetfence.spec +A debian/packetfence-config.conffiles +M debian/rules + +commit 46e0c00429d2c2441994da90117e77a55af776f6 +Author: James Rouzier +Date: Thu Mar 12 20:24:09 2015 -0400 + + Update copyright + +M t/configstore-2-pfconfig.t + +commit b5582f238f3bee5bb95fb3942596d458d7080ea7 +Author: James Rouzier +Date: Thu Mar 12 19:46:31 2015 -0400 + + Import is_type_inline + +M lib/pfconfig/namespaces/config/Network.pm +M lib/pfconfig/namespaces/interfaces.pm + +commit baaff93b9fe92b0decdbff03b0096852bf93360f +Author: James Rouzier +Date: Thu Mar 12 19:44:08 2015 -0400 + + Added new utility functions is_type_inline + +M lib/pfconfig/util.pm + +commit 9c0d52699a3b0f2d39278a4d52d57914430b2c71 +Author: James Rouzier +Date: Thu Mar 12 19:42:58 2015 -0400 + + Remove duplicated constants + +M lib/pf/config.pm + +commit 17c8f0ee72dba1c5d72e1bbbf09f93b10d154098 +Author: James Rouzier +Date: Thu Mar 12 19:41:22 2015 -0400 + + Allow constants to be exportable + +M lib/pf/constants/config.pm + +commit 63715ece70f6cca1b6e45b30539b003a9fa456d9 +Author: Durand Fabrice +Date: Thu Mar 12 16:25:46 2015 -0400 + + Added version number for pfcmd-suid and pfconfig dependence + +M addons/packages/packetfence.spec + +commit 79fd6ed0fe761dc6634963a45449452956cb5b8b +Author: Francis Lachapelle +Date: Thu Mar 12 14:32:06 2015 -0400 + + Localization + +M addons/extract_i18n_strings.pl +M html/pfappserver/lib/pfappserver/I18N/i_default.po +M html/pfappserver/root/configurator/database.tt + +commit be244f6282d2bcc0b676a774a5ef0b6233d6ed4f +Author: Julien Semaan +Date: Thu Mar 12 11:58:18 2015 -0400 + + Adjust mac-limit remove for EX2200 + +M lib/pf/Switch/Juniper/EX2200.pm + +commit 6c5e42ab4bae1ed9b73fa62d535613ff6dae8dc1 +Author: Francis Lachapelle +Date: Thu Mar 12 10:38:43 2015 -0400 + + Update year in templates of configurator + +M html/pfappserver/root/configurator/admin.tt +M html/pfappserver/root/configurator/configuration.tt +M html/pfappserver/root/configurator/database.tt +M html/pfappserver/root/configurator/enforcement.tt +M html/pfappserver/root/configurator/networks.tt +M html/pfappserver/root/configurator/services.tt + +commit 092ce936183426ec4a6993085549fe39170338e6 +Author: Julien Semaan +Date: Wed Mar 11 14:32:51 2015 -0400 + + make ADMIN_ACTIONS an alias instead of a copy + +M lib/pf/admin_roles.pm + +commit 76beaf9c11ed43d16c2524183eaa34ecaa898efe +Author: Julien Semaan +Date: Wed Mar 11 14:31:19 2015 -0400 + + unjavascriptize dumper.pl + +M addons/pfconfig/comparator/dumper.pl + +commit 9a70af9ea542e2baa077722cd547a976ebfc8b46 +Author: Julien Semaan +Date: Wed Mar 11 14:21:47 2015 -0400 + + add pfconfig setup in PfFilePaths + +M t/PfFilePaths.pm + +commit f9bee020077291879ac8b647d3b138fa7f67f6fd +Author: Julien Semaan +Date: Wed Mar 11 14:21:16 2015 -0400 + + remove tests on deprecated code + +M t/pfcmd.t + +commit d66997bec8710de40d68d07109e95045adb6e670 +Author: Julien Semaan +Date: Wed Mar 11 14:19:56 2015 -0400 + + add deprecation message to pfcmd config + +M bin/pfcmd.pl + +commit cd4f2d9b028e623d4ab25015fc7c6b665701e00e +Author: Julien Semaan +Date: Wed Mar 11 13:37:54 2015 -0400 + + fix pf configstore not handling defaults + +M lib/pf/ConfigStore/Pf.pm + +commit dd185ad5a0ceb1d8d1efbdfba766cfd2fa6af794 +Author: Julien Semaan +Date: Wed Mar 11 12:47:38 2015 -0400 + + Added pfconfig in the configurator flow + +A html/pfappserver/lib/pfappserver/Model/Config/Pfconfig.pm +M html/pfappserver/lib/pfappserver/Model/Config/System.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Configurator.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/DB.pm + +commit 6e6e55b47673ded165ae0fe9e0b101b8ea764ad2 +Author: Julien Semaan +Date: Wed Mar 11 11:23:56 2015 -0400 + + added keyed to schema + +M db/pf-schema-X.Y.Z.sql + +commit 6363bcd3d454b3597b1f7c8d56ed5c3db2c89669 +Author: Julien Semaan +Date: Wed Mar 11 11:19:53 2015 -0400 + + make pfconfig yell loud when it can't connect to mysql + +M lib/pfconfig/backend/mysql.pm + +commit e12b3966e1ec18c29b00b0620afaafb82e7ffaf6 +Author: Julien Semaan +Date: Wed Mar 11 14:55:30 2015 -0400 + + rework configurator reload for pfconfig + +M html/pfappserver/lib/pfappserver/Model/PfConfigAdapter.pm + +commit f141ff0944eaa3358db25fda8dc8144a8537002a +Author: Julien Semaan +Date: Wed Mar 11 14:25:30 2015 -0400 + + changes to make it work fine with the configurator + +M html/pfappserver/lib/pfappserver/Model/PfConfigAdapter.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/DB.pm +M lib/pf/ConfigStore.pm +M lib/pf/ConfigStore/Interface.pm +M lib/pfconfig/backend/mysql.pm + +commit 39c586d15ff2af5a4d74079a4e2a9d5d4d31508c +Author: Durand Fabrice +Date: Wed Mar 11 11:12:33 2015 -0400 + + Touch pf.conf if the file doesn't exist + +M addons/packages/packetfence.spec +M debian/packetfence.postinst + +commit d0e9a2214b2ef6ff4460492aa03f574fe860c42e +Author: Julien Semaan +Date: Wed Mar 11 09:40:01 2015 -0400 + + add touch of pf.conf to Makefile @fdurand will do the packaging + +M Makefile + +commit a9b96153ba242ea80c3b3c1f7938857c246b47ef +Author: Julien Semaan +Date: Wed Mar 11 08:37:34 2015 -0400 + + remove commented code + +M lib/pf/violation_config.pm + +commit 7433c63100e55d572663729bc6f467cfa6ffe93d +Author: Julien Semaan +Date: Wed Mar 11 08:31:35 2015 -0400 + + instanciate config hashes in module instead of sub + +M lib/pf/config.pm + +commit 5fec84ea5b4657b42f63ae9d64df4f8b3014fb77 +Author: Julien Semaan +Date: Wed Mar 11 08:29:25 2015 -0400 + + fix pod doc + +M lib/pfconfig/namespaces/config/Provisioning.pm + +commit 4d10246c5b21d5fc3c99f752b909dc3db4e2386a +Author: Julien Semaan +Date: Wed Mar 11 08:28:13 2015 -0400 + + moved pfconfig's constants to their file + +M lib/pfconfig/cached.pm +M lib/pfconfig/config.pm +A lib/pfconfig/constants.pm +M lib/pfconfig/util.pm +M sbin/pfconfig + +commit cf36f22fa1952ecd0c9810ccb6b1fb6c6fc568a8 +Author: Julien Semaan +Date: Wed Mar 11 08:27:45 2015 -0400 + + remove useless commented code + +M lib/pfconfig/namespaces/config/Pf.pm + +commit f5cf42ea4268dc5fbc079fbde5175607212d8979 +Author: Julien Semaan +Date: Wed Mar 11 08:27:25 2015 -0400 + + removed double import + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm + +commit 67b77db205f676f9c088de624b633fe743ec4756 +Author: Julien Semaan +Date: Wed Mar 11 08:14:26 2015 -0400 + + remove data dumpers + +M addons/pfconfig/comparator/comparator.pl +M addons/pfconfig/comparator/dumper.pl +M t/pfconfig.t + +commit efe174ac35bcc984d02a3435f3cd52327b098f5c +Author: Julien Semaan +Date: Wed Mar 11 08:11:17 2015 -0400 + + removed useless data dumpers + +M lib/pfconfig/cached.pm +M lib/pfconfig/cached_array.pm +M lib/pfconfig/cached_hash.pm +M lib/pfconfig/cached_scalar.pm +M lib/pfconfig/manager.pm +M lib/pfconfig/namespaces/config.pm +M lib/pfconfig/namespaces/config/AdminRoles.pm +M lib/pfconfig/namespaces/config/ApacheFilters.pm +M lib/pfconfig/namespaces/config/Authentication.pm +M lib/pfconfig/namespaces/config/Documentation.pm +M lib/pfconfig/namespaces/config/Firewall_SSO.pm +M lib/pfconfig/namespaces/config/FloatingDevices.pm +M lib/pfconfig/namespaces/config/Network.pm +M lib/pfconfig/namespaces/config/Pf.pm +M lib/pfconfig/namespaces/config/PfDefault.pm +M lib/pfconfig/namespaces/config/Profiles.pm +M lib/pfconfig/namespaces/config/Provisioning.pm +M lib/pfconfig/namespaces/config/Realm.pm +M lib/pfconfig/namespaces/config/Switch.pm +M lib/pfconfig/namespaces/config/Violations.pm +M lib/pfconfig/namespaces/config/VlanFilters.pm +M lib/pfconfig/namespaces/config/template.pm +M lib/pfconfig/namespaces/interfaces.pm +M lib/pfconfig/namespaces/resource.pm + +commit c7fe22c6c7d9d50471c3a71c5eef5a588e23f698 +Author: Julien Semaan +Date: Tue Mar 10 15:44:45 2015 -0400 + + remove 2012 deprecated code + +M lib/pfconfig/namespaces/config/Network.pm + +commit 3e25a994bf6ade0e9428d25fb725e5a350a1bf2d +Author: Julien Semaan +Date: Tue Mar 10 15:42:04 2015 -0400 + + added proxy.conf.inc to gitignore + +M .gitignore + +commit cd4aeb65504ab6cf6faf04d0b5fbcda4ec8ac308 +Author: Julien Semaan +Date: Tue Mar 10 15:37:45 2015 -0400 + + apache filter namespace in pfconfig + +A lib/pfconfig/namespaces/config/ApacheFilters.pm + +commit 1e1145f452b50dab552808b86d91e73b10d0a08c +Author: Julien Semaan +Date: Tue Mar 10 15:29:08 2015 -0400 + + fix indentation + +M lib/pf/ConfigStore.pm + +commit cab83c2dec20d5fa8e96b019e60c962ec05a331a +Author: Julien Semaan +Date: Tue Mar 10 15:28:30 2015 -0400 + + remove polluted stuff + +M conf/httpd.conf.d/httpd.proxy +D conf/log.conf.d/pfconfig.conf.example + +commit bec2099af930d81256f16782afb8966348e33dbf +Author: jrouzierinverse +Date: Tue Mar 10 15:26:14 2015 -0400 + + Remove unneeded comment + +M t/has_unit_test.t + +commit ff7d1787a5dd5bbbc3e64625172dcf0422347caf +Author: Julien Semaan +Date: Tue Mar 10 15:25:25 2015 -0400 + + revert change to spec file + +M addons/packages/packetfence.spec + +commit af2dc53246e006294aa7a5aae2d5dab9da0bba7b +Author: Julien Semaan +Date: Tue Mar 10 15:14:31 2015 -0400 + + add apachefilters to pfconfig + +M addons/pfconfig/comparator/dumper.pl +M lib/pf/web/filter.pm +M t/pfconfig.t + +commit 1b5714ff3da1f4104111591510d6753b99531c3e +Author: Julien Semaan +Date: Tue Mar 10 14:51:10 2015 -0400 + + pass pfconfig in perltidy + +M lib/pfconfig/backend.pm +M lib/pfconfig/backend/bdb.pm +M lib/pfconfig/backend/memcached.pm +M lib/pfconfig/backend/mysql.pm +M lib/pfconfig/cached.pm +M lib/pfconfig/cached_array.pm +M lib/pfconfig/cached_hash.pm +M lib/pfconfig/cached_scalar.pm +M lib/pfconfig/config.pm +M lib/pfconfig/log.pm +M lib/pfconfig/manager.pm +M lib/pfconfig/namespaces/config.pm +M lib/pfconfig/namespaces/config/AdminRoles.pm +M lib/pfconfig/namespaces/config/Authentication.pm +M lib/pfconfig/namespaces/config/Documentation.pm +M lib/pfconfig/namespaces/config/Firewall_SSO.pm +M lib/pfconfig/namespaces/config/FloatingDevices.pm +M lib/pfconfig/namespaces/config/Network.pm +M lib/pfconfig/namespaces/config/Pf.pm +M lib/pfconfig/namespaces/config/PfDefault.pm +M lib/pfconfig/namespaces/config/Profiles.pm +M lib/pfconfig/namespaces/config/Provisioning.pm +M lib/pfconfig/namespaces/config/Realm.pm +M lib/pfconfig/namespaces/config/Switch.pm +M lib/pfconfig/namespaces/config/Violations.pm +M lib/pfconfig/namespaces/config/VlanFilters.pm +M lib/pfconfig/namespaces/config/template.pm +M lib/pfconfig/namespaces/interfaces.pm +M lib/pfconfig/namespaces/interfaces/inline_nets.pm +M lib/pfconfig/namespaces/interfaces/routed_isolation_nets.pm +M lib/pfconfig/namespaces/interfaces/routed_registration_nets.pm +M lib/pfconfig/namespaces/resource.pm +M lib/pfconfig/namespaces/resource/CaptivePortal.pm +M lib/pfconfig/namespaces/resource/Database.pm +M lib/pfconfig/namespaces/resource/Profile_Filters.pm +M lib/pfconfig/namespaces/resource/array_test.pm +M lib/pfconfig/namespaces/resource/default_switch.pm +M lib/pfconfig/namespaces/resource/fqdn.pm +M lib/pfconfig/namespaces/resource/guest_self_registration.pm +M lib/pfconfig/timeme.pm +M lib/pfconfig/util.pm + +commit 0709eef09af1474d0a3ba40ce8d57f53fea62ac5 +Author: Julien Semaan +Date: Tue Mar 10 14:43:32 2015 -0400 + + add message when accessing undef in cached_hash + +M lib/pfconfig/cached_hash.pm + +commit 03fa62d2a172f1d5cc1643d328fdc77b2e10a8ae +Author: Julien Semaan +Date: Tue Mar 10 14:43:00 2015 -0400 + + change bad variables path + +M conf/httpd.conf.d/httpd.portal + +commit 10bbede89119e58cbb779daa2256210393778320 +Author: Julien Semaan +Date: Tue Mar 10 14:08:31 2015 -0400 + + code cleanup + +D addons/cache-timing.txt +D addons/create_resource.sh +D addons/pfconfig/memcached.init +D addons/radius-timing.txt +M bin/pfcmd.pl +M conf/httpd.conf.d/log.conf +M conf/pf-release +M conf/pfconfig.conf.example +M lib/pf/ConfigStore/AdminRoles.pm +M lib/pf/ConfigStore/Profile.pm +M lib/pf/ConfigStore/Violations.pm +D lib/pf/ConfigStore/admin_roles.pm +D lib/pf/ConfigStore/authentication.pm +D lib/pf/ConfigStore/config.pm +D lib/pf/ConfigStore/violation_config.pm +D lib/pf/ConfigStore/vlan_filters.pm + +commit 7393ffcacdca7cb0f98b02c6648b5ff6f899ec16 +Author: Julien Semaan +Date: Tue Mar 10 13:39:15 2015 -0400 + + Revert "remove pfconfig to merge with fix/cache" + + This reverts commit 5f67221447882df5f517f7a2b01154818b2812eb. + +A lib/pfconfig/backend.pm +A lib/pfconfig/backend/bdb.pm +A lib/pfconfig/backend/memcached.pm +A lib/pfconfig/backend/mysql.pm +A lib/pfconfig/cached.pm +A lib/pfconfig/cached_array.pm +A lib/pfconfig/cached_hash.pm +A lib/pfconfig/cached_scalar.pm +A lib/pfconfig/log.pm +A lib/pfconfig/manager.pm +A lib/pfconfig/namespaces/config.pm +A lib/pfconfig/namespaces/config/Switch.pm +A lib/pfconfig/namespaces/config/template.pm +A lib/pfconfig/namespaces/resource.pm +A lib/pfconfig/timeme.pm +A lib/pfconfig/util.pm + +commit 7b1227a39140a29e144b2a1419cdce486ef994bf +Author: Julien Semaan +Date: Tue Mar 10 13:39:05 2015 -0400 + + Revert "Used 4.6.1 switch factory for merge with fix/cache" + + This reverts commit a8619f55ddcd2030f5dd0a5b6011ba9518200eb5. + +M lib/pf/SwitchFactory.pm + +commit a8619f55ddcd2030f5dd0a5b6011ba9518200eb5 +Author: Julien Semaan +Date: Tue Mar 10 13:29:16 2015 -0400 + + Used 4.6.1 switch factory for merge with fix/cache + +M lib/pf/SwitchFactory.pm + +commit 5f67221447882df5f517f7a2b01154818b2812eb +Author: Julien Semaan +Date: Tue Mar 10 13:28:41 2015 -0400 + + remove pfconfig to merge with fix/cache + +D lib/pfconfig/backend.pm +D lib/pfconfig/backend/bdb.pm +D lib/pfconfig/backend/memcached.pm +D lib/pfconfig/backend/mysql.pm +D lib/pfconfig/cached.pm +D lib/pfconfig/cached_array.pm +D lib/pfconfig/cached_hash.pm +D lib/pfconfig/cached_scalar.pm +D lib/pfconfig/log.pm +D lib/pfconfig/manager.pm +D lib/pfconfig/namespaces/config.pm +D lib/pfconfig/namespaces/config/Switch.pm +D lib/pfconfig/namespaces/config/template.pm +D lib/pfconfig/namespaces/resource.pm +D lib/pfconfig/timeme.pm +D lib/pfconfig/util.pm + +commit 10ecdc0e808e49807ca42a72153638a03ee59ca6 +Author: Julien Semaan +Date: Tue Mar 10 12:42:59 2015 -0400 + + add violations loading to configreload + +M bin/pfcmd.pl + +commit 2b25b6ed38cf99ac10b55db227578263dc7b5abc +Author: Julien Semaan +Date: Tue Mar 10 11:20:03 2015 -0400 + + missing import + +M lib/pfconfig/namespaces/resource/Profile_Filters.pm + +commit dd9c18531a1694ebc8abf930c420439ac30923ad +Author: Julien Semaan +Date: Tue Mar 10 10:32:09 2015 -0400 + + removed infinite loop in profiles resource creation + +M lib/pfconfig/namespaces/config/Profiles.pm +M lib/pfconfig/namespaces/resource/guest_self_registration.pm + +commit 1ec58bfd27c35538ee8f49c9d23c0526f9bcd971 +Author: Julien Semaan +Date: Tue Mar 10 10:18:13 2015 -0400 + + Rework portal profiles resoruces in pfconfig + +M lib/pfconfig/namespaces/config/Profiles.pm +M lib/pfconfig/namespaces/resource/Profile_Filters.pm + +commit fcdce02e6837225aa9aac7a5c0352139f62db6a2 +Author: Julien Semaan +Date: Tue Mar 10 10:17:53 2015 -0400 + + add ignores to pfconfig + +M addons/pfconfig/comparator/comparator.pl + +commit a0099237357ec39157d210fabf2879c9a4c6e6b6 +Author: Julien Semaan +Date: Tue Mar 10 08:49:55 2015 -0400 + + Added config for pfconfig + made backend mysql + +M .gitignore +A conf/pfconfig.conf.example +A db/upgrade-X.X.X-5.0.0.sql +M lib/pfconfig/backend/mysql.pm +A lib/pfconfig/config.pm +M lib/pfconfig/manager.pm +M lib/pfconfig/util.pm + +commit 420d183af6409393e89df960a7666f7b90eb7d25 +Author: Julien Semaan +Date: Tue Mar 10 08:38:08 2015 -0400 + + readd the default to config::Violation + +M lib/pfconfig/namespaces/config/Violations.pm + +commit bb616ef5fc34fb1676f5df2623e87e7ddb1c4e07 +Author: Julien Semaan +Date: Tue Mar 10 08:33:42 2015 -0400 + + add guest_self_registration hash to pfconfig + +M lib/pf/authentication.pm +M lib/pf/config.pm +M lib/pf/constants/config.pm +M lib/pfconfig/namespaces/config/Authentication.pm +A lib/pfconfig/namespaces/resource/guest_self_registration.pm + +commit 1bca8b66f506ba58ebe6176766679077428e2d85 +Author: Julien Semaan +Date: Tue Mar 10 08:32:52 2015 -0400 + + change bad import + +M lib/pf/ConfigStore/Network.pm + +commit 73986730f74c88590611bf8323ed25ccca82a1f8 +Author: Derek Wuelfrath +Date: Mon Mar 9 15:36:17 2015 -0400 + + POST-Release steps + +M NEWS.asciidoc +M UPGRADE.asciidoc +M conf/pf-release +A db/pf-schema-X.Y.Z.sql +A db/upgrade-X.X.X-X.Y.Z.sql + +commit 67d80db0d5d06ba068c24b9aabc270a0863b34de +Author: Julien Semaan +Date: Mon Mar 9 14:15:20 2015 -0400 + + add switches to comparator + +M addons/pfconfig/comparator/dumper.pl + +commit 16882089b8e5325864477471a2150caaf84b67e6 +Author: Julien Semaan +Date: Mon Mar 9 14:05:11 2015 -0400 + + moved duplicated code + +M lib/pfconfig/namespaces/config.pm +M lib/pfconfig/namespaces/config/AdminRoles.pm +M lib/pfconfig/namespaces/config/Documentation.pm +M lib/pfconfig/namespaces/config/Firewall_SSO.pm +M lib/pfconfig/namespaces/config/FloatingDevices.pm +M lib/pfconfig/namespaces/config/Network.pm +M lib/pfconfig/namespaces/config/Pf.pm +M lib/pfconfig/namespaces/config/PfDefault.pm +M lib/pfconfig/namespaces/config/Profiles.pm +M lib/pfconfig/namespaces/config/Provisioning.pm +M lib/pfconfig/namespaces/config/Realm.pm +M lib/pfconfig/namespaces/config/Switch.pm +M lib/pfconfig/namespaces/config/Violations.pm +M lib/pfconfig/namespaces/config/VlanFilters.pm +M lib/pfconfig/namespaces/config/template.pm + +commit ef01c886b8c3b5925567a8883f376f4fcb726a94 +Author: Julien Semaan +Date: Mon Mar 9 13:50:44 2015 -0400 + + fix indentation + +M lib/pfconfig/backend.pm +M lib/pfconfig/backend/bdb.pm +M lib/pfconfig/backend/memcached.pm +M lib/pfconfig/backend/mysql.pm +M lib/pfconfig/cached.pm +M lib/pfconfig/cached_array.pm +M lib/pfconfig/cached_hash.pm +M lib/pfconfig/cached_scalar.pm +M lib/pfconfig/empty_string.pm +M lib/pfconfig/log.pm +M lib/pfconfig/manager.pm +M lib/pfconfig/namespaces/config.pm +M lib/pfconfig/namespaces/config/Authentication.pm +M lib/pfconfig/namespaces/config/Documentation.pm +M lib/pfconfig/namespaces/config/Firewall_SSO.pm +M lib/pfconfig/namespaces/config/FloatingDevices.pm +M lib/pfconfig/namespaces/config/Network.pm +M lib/pfconfig/namespaces/config/Pf.pm +M lib/pfconfig/namespaces/config/PfDefault.pm +M lib/pfconfig/namespaces/config/Profiles.pm +M lib/pfconfig/namespaces/config/Provisioning.pm +M lib/pfconfig/namespaces/config/Realm.pm +M lib/pfconfig/namespaces/config/Switch.pm +M lib/pfconfig/namespaces/config/Violations.pm +M lib/pfconfig/namespaces/config/VlanFilters.pm +M lib/pfconfig/namespaces/config/template.pm +M lib/pfconfig/namespaces/interfaces.pm +M lib/pfconfig/namespaces/resource.pm +M lib/pfconfig/namespaces/resource/array_test.pm +M lib/pfconfig/namespaces/resource/default_switch.pm +M lib/pfconfig/timeme.pm +M sbin/pfconfig + +commit 7f6c8df043206b9b7f1a7ba08c94a202218649b9 +Author: Julien Semaan +Date: Mon Mar 9 13:25:47 2015 -0400 + + moved methods and use to remove duplicate methods + +M lib/pf/config.pm +M lib/pf/constants/config.pm +M lib/pf/util.pm +M lib/pf/violation_config.pm +M lib/pfconfig/manager.pm +M lib/pfconfig/namespaces/config.pm +M lib/pfconfig/namespaces/config/Pf.pm +M lib/pfconfig/namespaces/resource/Profile_Filters.pm + +commit 60062266a1281a85d33b227e3cf4d0c320ffba4f +Author: Julien Semaan +Date: Mon Mar 9 13:06:44 2015 -0400 + + added more pod doc + +M lib/pfconfig/backend.pm +M lib/pfconfig/cached.pm +M lib/pfconfig/cached_array.pm +M lib/pfconfig/cached_hash.pm +M lib/pfconfig/cached_scalar.pm +M lib/pfconfig/empty_string.pm +M lib/pfconfig/log.pm +M lib/pfconfig/manager.pm +M lib/pfconfig/timeme.pm +M lib/pfconfig/util.pm + +commit 2a5a3f02b8b4081c3309b8eb126f46e58083d782 +Author: James Rouzier +Date: Wed Dec 3 18:52:25 2014 -0500 + + Default date for create for valid_from + +M html/pfappserver/lib/pfappserver/Form/User/Create.pm + +commit 08ec378c7ed132f5b1c7d4a6056ebbbd737d5838 +Author: Julien Semaan +Date: Mon Mar 9 10:56:35 2015 -0400 + + add doc and remove comments + +M addons/pfconfig/comparator/comparator.pl +M addons/pfconfig/comparator/config-comparator.sh +M addons/pfconfig/comparator/dumper.pl + +commit 632b2b5b20856465e4ce2bf2b4bb37901533ce8e +Author: Julien Semaan +Date: Mon Mar 9 10:50:20 2015 -0400 + + added config comparator for pfconfig + +A addons/pfconfig/comparator/comparator.pl +A addons/pfconfig/comparator/config-comparator.sh +A addons/pfconfig/comparator/dumper.pl + +commit d717f4bf0a3b9d401b055f247b9344acf4256512 +Author: Julien Semaan +Date: Mon Mar 9 08:03:58 2015 -0400 + + add ordered sections to config::Pf + +M lib/pfconfig/namespaces/config/Pf.pm + +commit 3b0020eeca73b82dd15796305ec7f3b44a180e70 +Author: Durand Fabrice +Date: Fri Mar 6 15:16:48 2015 -0500 + + ChangeLog + +M ChangeLog + +commit 3fe8e590b41add82012d0bcac60a17f56599f944 +Author: James Rouzier +Date: Fri Mar 6 15:05:45 2015 -0500 + + Make the id field readonly when viewing a profile + +M html/pfappserver/root/config/profile/tab-content.tt + +commit 01505dd62ed6724ea1f2d741482aa72990445bb6 +Author: Julien Semaan +Date: Fri Mar 6 14:58:22 2015 -0500 + + remove pf::config::cached files from basecode + +M bin/pfcmd.pl +M lib/pf/ConfigStore/Interface.pm +M lib/pf/ConfigStore/Pf.pm +M lib/pf/ConfigStore/Profile.pm +M lib/pf/admin_roles.pm +M lib/pf/authentication.pm +M lib/pf/config.pm +M lib/pf/file_paths.pm +M lib/pf/pfcmd/checkup.pm +M lib/pf/violation_config.pm +M lib/pf/vlan/filter.pm +M sbin/pfbandwidthd + +commit 5cdd5558235fa64cdc93a5ed5728b10896489ede +Author: Louis Munro +Date: Fri Mar 6 14:40:19 2015 -0500 + + Fixed typos and updated UPGRADE.asciidoc to reflect schema change. + +M NEWS.asciidoc +M UPGRADE.asciidoc + +commit 096117218874209f61c82ca01f6d725b408c84af +Author: Derek Wuelfrath +Date: Fri Mar 6 14:35:38 2015 -0500 + + Missing entry + +M UPGRADE.asciidoc + +commit cef6e30597cf5083864b61756e89ead72ba198e8 +Author: Louis Munro +Date: Fri Mar 6 14:13:25 2015 -0500 + + Reverted last update on this library. + It breaks the build. + This should not be the last step before a release but the first one + after... + +M lib/HTTP/BrowserDetect.pm + +commit 523c50fa0d77cb1dbb50349b106eaa016567c5d1 +Author: Julien Semaan +Date: Fri Mar 6 13:40:52 2015 -0500 + + extract write logic of authentication to configstore + +M html/pfappserver/lib/pfappserver/Model/Authentication.pm +M html/pfappserver/lib/pfappserver/Model/Authentication/Source.pm +M html/pfappserver/lib/pfappserver/Model/Config/Authentication.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Authentication/Source.pm +M lib/pf/ConfigStore.pm +M lib/pf/ConfigStore/Authentication.pm +M lib/pf/authentication.pm +M lib/pfconfig/namespaces/config.pm + +commit 6b5c4fea2935956dad9b571f66dc0ba33a7acba9 +Author: Louis Munro +Date: Fri Mar 6 13:40:43 2015 -0500 + + Last commit before release. + Updated versions numbers and HTTP::BrowserDetect. + +M NEWS.asciidoc +M addons/packages/packetfence.spec +M conf/pf-release +A db/pf-schema-4.7.0.sql +D db/pf-schema-X-Y-Z.sql +A db/upgrade-4.6.0-4.7.0.sql +D db/upgrade-X.X.X-X.Y.Z.sql +M debian/changelog +M docs/docinfo.xml +M docs/includes/global-attributes.asciidoc +M lib/HTTP/BrowserDetect.pm + +commit f94f9e0bf983d30ed4745d70a3f76ed2971002c2 +Author: Durand Fabrice +Date: Fri Mar 6 13:36:39 2015 -0500 + + Updated translation + +M conf/locale/de/LC_MESSAGES/packetfence.po +M conf/locale/es/LC_MESSAGES/packetfence.po +M conf/locale/fr/LC_MESSAGES/packetfence.po +M conf/locale/he_IL/LC_MESSAGES/packetfence.po +M conf/locale/it/LC_MESSAGES/packetfence.po +M conf/locale/nl/LC_MESSAGES/packetfence.po +M conf/locale/pl_PL/LC_MESSAGES/packetfence.po +M conf/locale/pt_BR/LC_MESSAGES/packetfence.po +M html/pfappserver/lib/pfappserver/I18N/fr.po + +commit 768ee5abf70c040761dbc087aeda93e52bed9395 +Author: Francis Lachapelle +Date: Fri Mar 6 13:23:33 2015 -0500 + + Localization + +M html/pfappserver/lib/pfappserver/I18N/i_default.po + +commit 43dcf90147342b187b96b8edec0033718fa4d790 +Author: Durand Fabrice +Date: Fri Mar 6 13:18:50 2015 -0500 + + Updated extract_i18n_strings.pl + +M addons/extract_i18n_strings.pl + +commit 348a913d112715140955e0a321cfdc6a6ac224ff +Author: Louis Munro +Date: Fri Mar 6 12:26:58 2015 -0500 + + Updated NEWS file to reflect SSL changes for FREAK attack. + +M NEWS.asciidoc + +commit 91d78631dfdcf0a238b9f9701ac8974040b8ebf6 +Author: Louis Munro +Date: Fri Mar 6 12:22:30 2015 -0500 + + Fixed missing comma in admin, aaa and webservices configuration. + +M conf/httpd.conf.d/httpd.aaa +M conf/httpd.conf.d/httpd.admin +M conf/httpd.conf.d/httpd.webservices + +commit db4e08b76ae05520556337c2a2ac242c62acaaf7 +Author: Louis Munro +Date: Thu Mar 5 10:35:20 2015 -0500 + + Restricts the allowed ciphers to prevent FREAK SSL attack. + Turns on HSTS. + +M conf/httpd.conf.d/httpd.aaa +M conf/httpd.conf.d/httpd.admin +M conf/httpd.conf.d/httpd.portal +M conf/httpd.conf.d/httpd.proxy +M conf/httpd.conf.d/httpd.webservices + +commit 5efcbfb0f6c7a8f395398016530f456a7b621fc7 +Author: Durand Fabrice +Date: Fri Mar 6 12:01:40 2015 -0500 + + Missing a string to localize "Detected Between" + +M html/pfappserver/root/admin/nodes.tt + +commit 7c5e61aaffd69e3354d05eabf5c03f0c40c9f134 +Author: Louis Munro +Date: Fri Mar 6 11:56:57 2015 -0500 + + Added Aerohive roaming and PacketFence-config items to NEWS. + Reworded a few items for legibility. + +M NEWS.asciidoc + +commit ba80cbd7aab5083c13783648a4c522f41ea1362d +Author: Durand Fabrice +Date: Fri Mar 6 11:40:54 2015 -0500 + + Standardize log + +M lib/pf/activation.pm + +commit 8bc77286e443dfdf6191083e624e99afbb223ceb +Author: Durand Fabrice +Date: Fri Mar 6 11:18:04 2015 -0500 + + Standardize log + +M lib/pf/Switch.pm + +commit b84c7ffd51c446faeec550e3b729a0c01fa39efa +Author: Durand Fabrice +Date: Fri Mar 6 09:08:36 2015 -0500 + + Re-order trapping options + +M conf/pf.conf.defaults + +commit 78ab8ced0da67ac776e8d9a28334e40e1ad84270 +Author: Julien Semaan +Date: Fri Mar 6 08:34:25 2015 -0500 + + remove commented code + +M lib/pf/config.pm + +commit e59eff742df15f43ae2b1e7042d55fabf9b4d26a +Author: Julien Semaan +Date: Fri Mar 6 08:33:43 2015 -0500 + + remove violations defaults to config + remove profile configstore access + +M lib/pf/config.pm +M lib/pfconfig/namespaces/config/Violations.pm + +commit 3866510c6ce21484d9efe9ebf0c8fe1b87f5078e +Author: Julien Semaan +Date: Fri Mar 6 08:26:53 2015 -0500 + + missing import in htpasswdsource + +M lib/pf/Authentication/Source/HtpasswdSource.pm + +commit 5c6e10aebccae161cb8af3ad053a62674ba0a562 +Author: Durand Fabrice +Date: Thu Mar 5 16:09:55 2015 -0500 + + remove var/cache/pfconfig on upgrade + +M debian/packetfence-config.preinst +M debian/packetfence.init + +commit 1371a9ee91ddd52f89b15e5d835db9a56ed13da9 +Author: Durand Fabrice +Date: Thu Mar 5 15:54:17 2015 -0500 + + Fixed syntax in po file + +M conf/locale/en/LC_MESSAGES/packetfence.po + +commit 9dd691caca467d393d02a3cb4c99c158c2f738e4 +Author: Durand Fabrice +Date: Thu Mar 5 15:37:04 2015 -0500 + + Updated portal string + +M conf/locale/en/LC_MESSAGES/packetfence.po + +commit 628060bdca166e144756f37e828ecc761a920347 +Author: Julien Semaan +Date: Thu Mar 5 15:13:17 2015 -0500 + + readd forgotten file during merge + +A conf/httpd.conf.d/httpd.portal + +commit cf3e993bf514bbef56a08f58951a51d2d1bf69b5 +Author: Durand Fabrice +Date: Thu Mar 5 14:56:08 2015 -0500 + + Added extract_i18n for the captive portal + +A addons/extract_i18n_strings_portal.pl + +commit 8f113f49aaae75affc82f7d2072a5e12357083a5 +Author: Durand Fabrice +Date: Thu Mar 5 14:50:00 2015 -0500 + + Revert "Added html parser in extract_i18n_strings.pl script" + + This reverts commit 67c2bc73ec5b5626e2b02a81c82b2912250fb898. + +M addons/extract_i18n_strings.pl + +commit 67c2bc73ec5b5626e2b02a81c82b2912250fb898 +Author: Durand Fabrice +Date: Thu Mar 5 14:39:36 2015 -0500 + + Added html parser in extract_i18n_strings.pl script + +M addons/extract_i18n_strings.pl + +commit 6faf213890ad4e53c1abec556a2c588408358c0f +Author: James Rouzier +Date: Thu Mar 5 14:01:59 2015 -0500 + + Fixed the number of parameters return + +M lib/pf/ConfigStore/Switch.pm + +commit 719a5e7f7a0196e1f5c993773f898fcaa16f87a4 +Author: Durand Fabrice +Date: Thu Mar 5 11:27:22 2015 -0500 + + Change path for debian packaging + +M debian/rules + +commit 9b8b002d1b640557d74120e6c16f021a2ca2cece +Author: Julien Semaan +Date: Tue Mar 3 10:41:53 2015 -0500 + + make monitor_int + management_network empty str by default + +M lib/pfconfig/namespaces/interfaces.pm + +commit c107f6580d29ac9befcb44cf91e6b251cd180719 +Author: Julien Semaan +Date: Tue Mar 3 10:41:27 2015 -0500 + + add handling of empty string for bdb backend + +M lib/pfconfig/backend/bdb.pm +A lib/pfconfig/empty_string.pm + +commit dae1bd6918c84c5b881aeefc7b370492a4c7c832 +Author: Julien Semaan +Date: Mon Mar 2 15:00:11 2015 -0500 + + implement exists for cached_array + cached_hash + +M lib/pfconfig/cached_array.pm +M lib/pfconfig/cached_hash.pm +M sbin/pfconfig +M t/pfconfig.t + +commit e1bce0f51e3d302c82f4047bf3945344328b0f5c +Author: Julien Semaan +Date: Mon Mar 2 14:59:54 2015 -0500 + + give encoder to cached.pm + +M lib/pfconfig/cached.pm + +commit 3edb61f91bf2844bb1e3b3d01f2c881f324c776d +Author: Julien Semaan +Date: Mon Mar 2 14:15:04 2015 -0500 + + add tests for key exists in cached_hash + +M sbin/pfconfig +M t/pfconfig.t + +commit edb2ea126a5e5be3cf76405cdb7e780c6c91766d +Author: Julien Semaan +Date: Mon Mar 2 13:45:42 2015 -0500 + + fix chkconfig on pfconfig init script + +M addons/pfconfig/pfconfig.init + +commit f063e3596835c163f896c719e977b60df65f6965 +Author: Durand Fabrice +Date: Mon Mar 2 09:59:19 2015 -0500 + + Define packetfence-config as a noarch package + +M addons/packages/packetfence.spec + +commit dec2f9ea48a6992e07049e5ac6fe4c504fa47326 +Author: Julien Semaan +Date: Fri Feb 27 13:55:39 2015 -0500 + + add limit to connect to pfconfig + +M lib/pfconfig/cached.pm + +commit 7df9791ac2765cbf3f8476f14604a873c8486833 +Author: Julien Semaan +Date: Fri Feb 27 11:59:50 2015 -0500 + + missing file in spec + +M addons/packages/packetfence.spec + +commit 245516261994de49b2bfb58d4afc91c079f0a43a +Author: Durand Fabrice +Date: Fri Feb 27 11:56:09 2015 -0500 + + Fixed perl library name + +M debian/control + +commit 09c350c4621eebd19f7974c392fc98c36ec54fa3 +Author: Julien Semaan +Date: Fri Feb 27 11:38:21 2015 -0500 + + Revert "comment out doc generation temporarly" + + This reverts commit 8ad7ead0067656b93cc4c1aea386fb5bf2934d50. + +M addons/packages/packetfence.spec + +commit 1fd0d58c00d672b892a944365fdee7712ea8d402 +Author: Julien Semaan +Date: Fri Feb 27 11:35:03 2015 -0500 + + comment out doc generation temporarly + +M addons/packages/packetfence.spec + +commit e5f790d304e373ba200d64f15cb74e7e45161989 +Author: Durand Fabrice +Date: Fri Feb 27 11:32:46 2015 -0500 + + Fixed path for pfconfig + +M addons/packages/packetfence.spec + +commit d2be2055492ff5d6e42114af258c95c2e51eebd2 +Author: Julien Semaan +Date: Fri Feb 27 11:05:23 2015 -0500 + + fix builds + +M addons/packages/packetfence.spec + +commit a02b525a63549b36b3f450d1fc5c4d0bf7a71da2 +Author: Julien Semaan +Date: Fri Feb 27 10:52:10 2015 -0500 + + fix forgotten renaming + +M addons/packages/packetfence.spec + +commit 98792aa3544e3992634ff9abb0d5fcba39f2f418 +Author: Julien Semaan +Date: Fri Feb 27 10:50:12 2015 -0500 + + rename packetfence-pfconfig packetfence-config + +M addons/packages/packetfence.spec +M debian/control +A debian/packetfence-config.init +A debian/packetfence-config.postinst +A debian/packetfence-config.postrm +A debian/packetfence-config.preinst +A debian/packetfence-config.prerm +D debian/packetfence-pfconfig.init +D debian/packetfence-pfconfig.postinst +D debian/packetfence-pfconfig.postrm +D debian/packetfence-pfconfig.preinst +D debian/packetfence-pfconfig.prerm +M debian/packetfence.init +M debian/rules + +commit baedd971ccb10e19b9a007872825eb20af62e7fe +Author: Julien Semaan +Date: Fri Feb 27 10:39:37 2015 -0500 + + fix init script start order + +M addons/pfconfig/pfconfig.init +M debian/packetfence-pfconfig.init +M debian/packetfence.init + +commit 45b5d484aace3011453aa6933fdc12fe4db66101 +Author: Julien Semaan +Date: Fri Feb 27 10:18:03 2015 -0500 + + ameliorations to pfconfig cmd + +M addons/pfconfig/cmd.pl + +commit d45209efda8f28a095dce0e0ffd555b9e0da86c6 +Author: Durand Fabrice +Date: Fri Feb 27 10:32:33 2015 -0500 + + PacketFence depend of packetfence-pfconfig + +M addons/packages/packetfence.spec +M debian/control + +commit 0fc51068945d4f8d6ef8205f1ab89f8f1c33c1ce +Author: Durand Fabrice +Date: Fri Feb 27 10:23:36 2015 -0500 + + Renamed packetfence-config to packetfence-pfconfig + +M addons/packages/packetfence.spec + +commit a247820318a0a45319f8789be7d44b5212bdb02b +Author: Durand Fabrice +Date: Fri Feb 27 10:18:43 2015 -0500 + + Moved dependencies in packetfence-pfconfig + +M addons/packages/packetfence.spec + +commit c58f31e122004b2ddbdf7b8c49b2baafbff3ffcf +Author: Durand Fabrice +Date: Fri Feb 27 10:13:04 2015 -0500 + + Added packetfence-pfconfig package for debian + +M debian/control +A debian/packetfence-pfconfig.postinst +A debian/packetfence-pfconfig.postrm +A debian/packetfence-pfconfig.preinst +A debian/packetfence-pfconfig.prerm +M debian/rules + +commit 17f46a94768f4e779c564398eb3c48d0b923dce5 +Author: Durand Fabrice +Date: Fri Feb 27 09:39:43 2015 -0500 + + Added packetfence-config package in spec file + +M addons/packages/packetfence.spec + +commit 0d66f2203d5fb295094cc320938504844b561274 +Author: Julien Semaan +Date: Fri Feb 27 10:11:31 2015 -0500 + + move the pfconfig socket (again) + +M lib/pfconfig/util.pm + +commit 9527aed34580d1aed558a27cd50b1cccd5068af3 +Author: Julien Semaan +Date: Fri Feb 27 09:56:09 2015 -0500 + + fix bad interfaces creation + +M lib/pfconfig/manager.pm +M lib/pfconfig/namespaces/interfaces.pm + +commit 1957336ae96dac4d57e257896d31e4244d90f016 +Author: Julien Semaan +Date: Fri Feb 27 09:12:10 2015 -0500 + + fix missing use + +M lib/pfconfig/namespaces/resource/Profile_Filters.pm + +commit 1826dbf4bb416bc32de568aad520274913d2a5ac +Author: Julien Semaan +Date: Thu Feb 26 14:38:58 2015 -0500 + + remove benchmark pfconfig + +D addons/benchmark-pfconfig.pl + +commit e935716f051ef9e4b6040fece08ffd370a45f3e2 +Author: Julien Semaan +Date: Thu Feb 26 14:18:50 2015 -0500 + + remove cache benchmarker + +D addons/benchmark-a-cache.pl + +commit a90e7e05196607c3c47d6ad1d685553f1e334eb0 +Author: Julien Semaan +Date: Thu Feb 26 14:15:36 2015 -0500 + + add control file dir creation + +M addons/packages/packetfence.spec + +commit b20cfaa5fca45ea05dfa65e0163fb3df47744160 +Author: Julien Semaan +Date: Thu Feb 26 14:03:57 2015 -0500 + + create control files dir in builds + +M addons/packages/packetfence.spec + +commit 4e03e1d97acbfc11aea201c49e119d98b9f738e8 +Author: Julien Semaan +Date: Thu Feb 26 13:30:16 2015 -0500 + + change socket path + +M lib/pfconfig/util.pm + +commit 590eabab7da1a648c10beb4c83bf6c236dc905bf +Author: Julien Semaan +Date: Thu Feb 26 12:40:11 2015 -0500 + + move pfconfig socket + +M lib/pfconfig/util.pm + +commit 7d80dda897a9db73561ed423952c8027c34a76aa +Author: Julien Semaan +Date: Thu Feb 26 12:39:10 2015 -0500 + + add authentication and add ordered section list to config + +A lib/pf/ConfigStore/authentication.pm +M lib/pf/authentication.pm +M lib/pfconfig/manager.pm +M lib/pfconfig/namespaces/config.pm +M lib/pfconfig/namespaces/config/Authentication.pm +M t/configstore-2-pfconfig.t + +commit d5228c40b1de0dd92dec9a11693d3aad502022f7 +Author: Julien Semaan +Date: Thu Feb 26 10:28:11 2015 -0500 + + Add sbin/pfconfig to spec file + +M addons/packages/packetfence.spec + +commit 81d6aeb1b82dd5c7dda40d34b1842741ca3f9fc7 +Author: Julien Semaan +Date: Thu Feb 26 10:09:00 2015 -0500 + + remove dumper + +M lib/pfconfig/namespaces/config.pm + +commit f644d5d0da973a68b843d12416748899379959b7 +Author: Julien Semaan +Date: Thu Feb 26 10:08:27 2015 -0500 + + missing program in prepare config + +M t/prepare-pfconfig.t + +commit 81f75301ebbde36eeb4412f17ac2f43c9f98908d +Author: Julien Semaan +Date: Thu Feb 26 10:05:22 2015 -0500 + + make prepare pfconfig executable + +M t/prepare-pfconfig.t + +commit 8100b24b09f0c0054de0568a6e73b8731bca6ff4 +Author: Julien Semaan +Date: Thu Feb 26 09:58:55 2015 -0500 + + fix pf::util test with renaming + +M t/util.t + +commit 658f681c177bd246ffc2d0894a61a474531fb686 +Author: Julien Semaan +Date: Thu Feb 26 09:58:43 2015 -0500 + + add test preparation for pfconfig + +A t/prepare-pfconfig.t + +commit 8e7f986e3824a0c5d57251841e42477f5931876b +Author: Julien Semaan +Date: Thu Feb 26 09:57:54 2015 -0500 + + deactivate authentication in pfconfig + +M conf/httpd.conf.d/httpd.portal +M lib/pfconfig/namespaces/config/Authentication.pm + +commit 0dc6b2600bce5b9e58fe6adfa588bb1160941837 +Author: Julien Semaan +Date: Thu Feb 26 09:05:32 2015 -0500 + + fix pf::config::util + +M lib/pf/config/util.pm + +commit 46fbf36a29f33b845e3b07c11a3e4ee598a99a73 +Author: Julien Semaan +Date: Thu Feb 26 08:40:59 2015 -0500 + + add exported-subs finder + +A addons/dev-helpers/exported-subs.pl + +commit a075d67d07c171e58159b3ac272bf9a7dea93fb3 +Author: Julien Semaan +Date: Thu Feb 26 08:40:30 2015 -0500 + + move config dependant utils out of pf::util + +M bin/pfcmd.pl +M bin/pfcmd_vlan +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm +M html/pfappserver/lib/pfappserver/Model/Node.pm +M html/pfappserver/lib/pfappserver/Model/User.pm +M lib/pf/Switch/Cisco/Catalyst_2950.pm +M lib/pf/Switch/MockedSwitch.pm +M lib/pf/action.pm +M lib/pf/config.pm +A lib/pf/config/util.pm +M lib/pf/enforcement.pm +M lib/pf/floatingdevice.pm +M lib/pf/locationlog.pm +M lib/pf/pfcmd/checkup.pm +M lib/pf/pfcmd/report.pm +M lib/pf/radius.pm +M lib/pf/services/manager/httpd.pm +M lib/pf/services/manager/snort.pm +M lib/pf/util.pm +M lib/pf/violation.pm +M lib/pf/vlan.pm +M lib/pf/web/util.pm +M sbin/pfdhcplistener +M sbin/pfsetvlan + +commit 2512803590e0884280028ab2c12d2349fcf21e09 +Author: Julien Semaan +Date: Wed Feb 25 16:16:24 2015 -0500 + + Added vlan filters + provisioning + fixed tests + +A lib/pf/ConfigStore/admin_roles.pm +A lib/pf/ConfigStore/violation_config.pm +A lib/pf/ConfigStore/vlan_filters.pm +M lib/pf/admin_roles.pm +M lib/pf/config.pm +M lib/pf/vlan/filter.pm +M lib/pfconfig/namespaces/config.pm +M lib/pfconfig/namespaces/config/AdminRoles.pm +A lib/pfconfig/namespaces/config/Provisioning.pm +M lib/pfconfig/namespaces/config/Realm.pm +M lib/pfconfig/namespaces/config/Violations.pm +A lib/pfconfig/namespaces/config/VlanFilters.pm +M t/configstore-2-pfconfig.t + +commit fb1f90374ac7983b05578e04014a0fd32a82802a +Author: Julien Semaan +Date: Wed Feb 25 14:20:37 2015 -0500 + + fix global hashes in pfconfig + +M lib/pf/config.pm +M lib/pfconfig/namespaces/config/FloatingDevices.pm +M lib/pfconfig/namespaces/config/Realm.pm + +commit 3141497b4c9d226b86043db534d5837f6ee48f61 +Author: Julien Semaan +Date: Wed Feb 25 14:20:23 2015 -0500 + + fix test + +M t/configstore-2-pfconfig.t + +commit 3aaf992fe831a4eb7df1f61db08d1067b34c3bee +Author: Julien Semaan +Date: Wed Feb 25 13:26:09 2015 -0500 + + added debian init script + +A debian/packetfence-pfconfig.init + +commit 839780b0152a137aeb5b8938fcee384fffea729c +Author: Julien Semaan +Date: Wed Feb 25 10:30:33 2015 -0500 + + switch from pf::config::cached to configstore for interface detection in pfdns + +M sbin/pfdns + +commit d3a2f2a9a6f2960624c01e5b185e1f65119299f8 +Author: Julien Semaan +Date: Wed Feb 25 08:20:23 2015 -0500 + + add bdb to dependencies + +M addons/packages/packetfence.spec + +commit b63f2348aafcbe313a812b5c5f6d7f9aaf11fbad +Author: Julien Semaan +Date: Tue Feb 24 14:43:26 2015 -0500 + + missing import in memcached backend + +M lib/pfconfig/backend/memcached.pm + +commit 36f86874902ea6156a03fe29081346ee5eef4263 +Author: Julien Semaan +Date: Tue Feb 24 14:43:11 2015 -0500 + + use BDB as a L2 backend + +A lib/pfconfig/backend/bdb.pm +M lib/pfconfig/manager.pm + +commit d85482111575ddde4c8112948e65b9c93e682c6f +Author: Julien Semaan +Date: Tue Feb 24 14:15:40 2015 -0500 + + Fix issue between Sereal and perl threads (thanks james) + +M lib/pfconfig/cached.pm + +commit 7da46de16e0fc9452a10e8c16b06a7489d8b1fb7 +Author: Julien Semaan +Date: Tue Feb 24 13:49:59 2015 -0500 + + add pfconfig hooks in ConfigStore + +M lib/pf/ConfigStore/AdminRoles.pm +M lib/pf/ConfigStore/Authentication.pm +M lib/pf/ConfigStore/Firewall_SSO.pm +M lib/pf/ConfigStore/FloatingDevice.pm +M lib/pf/ConfigStore/Network.pm +M lib/pf/ConfigStore/Pf.pm +M lib/pf/ConfigStore/Profile.pm +M lib/pf/ConfigStore/Provisioning.pm +M lib/pf/ConfigStore/Realm.pm +M lib/pf/ConfigStore/Switch.pm +M lib/pf/ConfigStore/VlanFilters.pm + +commit 2f878e06207294e885d80e8b48f3d601fcfd1606 +Author: Julien Semaan +Date: Tue Feb 24 13:42:05 2015 -0500 + + rework the tied resource creation as the factory was creating them as copies + +M lib/pf/ConfigStore.pm +M lib/pf/ConfigStore/Violations.pm +M lib/pf/SwitchFactory.pm +M lib/pf/admin_roles.pm +M lib/pf/config.pm +M lib/pf/db.pm +M lib/pf/violation_config.pm +M lib/pfconfig/cached.pm +M lib/pfconfig/cached_array.pm +M lib/pfconfig/cached_hash.pm +M lib/pfconfig/log.pm +A lib/pfconfig/namespaces/config/Violations.pm +M sbin/pfconfig + +commit 66c5921a98c7b6412c7ba8f3752d85ba9493e9f8 +Author: Julien Semaan +Date: Tue Feb 24 10:22:59 2015 -0500 + + migrate configstore to use old pf::config (pf::ConfigStore::config) + +M html/pfappserver/lib/pfappserver/Form/Config/Pf.pm +M lib/pf/ConfigStore/AdminRoles.pm +M lib/pf/ConfigStore/Authentication.pm +M lib/pf/ConfigStore/Interface.pm +M lib/pf/ConfigStore/Network.pm +M lib/pf/ConfigStore/Pf.pm +M lib/pf/ConfigStore/Profile.pm +M lib/pf/ConfigStore/Violations.pm + +commit 628feaf00b67c675edd144c0db39cf55b4e45abf +Author: Julien Semaan +Date: Tue Feb 24 10:22:34 2015 -0500 + + fix pfconfig doc + +M addons/pfconfig/README.asciidoc + +commit 11890e0704883bf76588ee6380d1ce046d6bcd5e +Author: Julien Semaan +Date: Tue Feb 24 10:22:17 2015 -0500 + + reexport true + false in pf::config + +M lib/pf/config.pm + +commit 689a14d16f3f9f6059fd36c26201de0ce34eb23b +Author: Julien Semaan +Date: Tue Feb 24 08:51:05 2015 -0500 + + Fluffied up the pfconfig service + +A addons/pfconfig/README.asciidoc +A addons/pfconfig/memcached.init +A addons/pfconfig/pfconfig.init +D pfconfig.init + +commit 4f4a0358750625f77bc687c68a87284438bb2c7c +Author: Julien Semaan +Date: Mon Feb 23 14:05:40 2015 -0500 + + touchups to pfconfig command line + +M addons/pfconfig/cmd.pl + +commit cc7119a422ce002987f798de9285c5d905a5bc4b +Author: Julien Semaan +Date: Mon Feb 23 14:02:51 2015 -0500 + + add logfast to debian dependencies + +M debian/control + +commit a8e171191931157ff3d524166377f66f06f00b82 +Author: Julien Semaan +Date: Mon Feb 23 14:02:33 2015 -0500 + + Add command line for pfconfig + +A addons/pfconfig/cmd.pl +M lib/pfconfig/cached.pm +M lib/pfconfig/manager.pm + +commit 334c24c50a8649fb3257dabe9e73b50140e54733 +Author: Julien Semaan +Date: Thu Mar 5 11:07:16 2015 -0500 + + Add pfconfig cache dir to fixpermissions + +M bin/pfcmd.pl +M lib/pf/file_paths.pm +M lib/pfconfig/backend/bdb.pm + +commit 6b26bbc23cc2416c5cc2e6007668e8502cd75b87 +Author: Durand Fabrice +Date: Thu Mar 5 11:01:06 2015 -0500 + + Added new directory in var/ with the correct permissions in debian/ubuntu packaging + +M debian/rules + +commit 3043322cde93b58480464a056f5dcc2e321f7e2b +Author: Durand Fabrice +Date: Thu Mar 5 10:36:46 2015 -0500 + + Removed useless log + +M lib/pf/person.pm + +commit 71a218300a9c20ec544566197c821c2b80ce2512 +Author: Julien Semaan +Date: Thu Mar 5 10:11:10 2015 -0500 + + Rework dynamic_unreg_date to handle undef dates + + - Will actually return the undef value when being given one + - Will now return undef if the date generation fails (like giving it the month 13) + +M lib/pf/config.pm + +commit 85e0614476d29fd36a3af2df33151cc0f60f36c9 +Author: Derek Wuelfrath +Date: Thu Mar 5 09:49:08 2015 -0500 + + Fixing wrong comment + +M db/upgrade-X.X.X-X.Y.Z.sql + +commit 711f5e06bc18e5b82eefa84a4d16e3a984453896 +Author: James Rouzier +Date: Thu Mar 5 09:43:13 2015 -0500 + + There is no showError + +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Pf.pm + +commit db9433829b1134d67bd06efabdc083c8398a1a6e +Author: Durand Fabrice +Date: Thu Mar 5 08:48:19 2015 -0500 + + Changed $c->error to $self->showError + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/DeviceRegistration.pm +M html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Pf.pm + +commit 3af36d3fbd67828861dc723fd15629335f72fae3 +Author: Julien Semaan +Date: Thu Mar 5 08:47:53 2015 -0500 + + make WLC_http hybrid (802.1x vlan + web auth) + +M lib/pf/Switch/Cisco/WLC_http.pm + +commit 876d24666c7c8c00d9a84ae8f34d6af382bb6164 +Author: Julien Semaan +Date: Thu Mar 5 08:43:38 2015 -0500 + + add pfconfig startup in debian pf init script + +M debian/packetfence.init + +commit 987c289d8c6957e0eb5521b2d13ff8875e517fa4 +Author: Durand Fabrice +Date: Wed Mar 4 18:28:05 2015 -0500 + + Removed var/control from debian packaging + +M debian/rules + +commit 22a69155278f49691bdb989aeb7f4a2b1010aae5 +Author: Durand Fabrice +Date: Wed Mar 4 18:26:11 2015 -0500 + + Removed DEBHELPER in packetfence.prerm + +M debian/packetfence.prerm + +commit 3d51c7876618dfd90d54b94c281519cbcd22887a +Author: Durand Fabrice +Date: Wed Mar 4 18:18:41 2015 -0500 + + Removed DEBHELPER section + +M debian/packetfence-config.postinst +M debian/packetfence-config.prerm + +commit ce0070c90185fb544c68948a7ad63d95e50c400d +Author: Durand Fabrice +Date: Wed Mar 4 17:57:05 2015 -0500 + + Stop packetfence-config on remove + +M debian/packetfence-config.postrm + +commit 1b676918913c94a03f0c5d78a8c093c901223632 +Author: James Rouzier +Date: Wed Mar 4 17:13:54 2015 -0500 + + Update error message when saving a file + +M lib/pf/ConfigStore.pm +M lib/pf/config/cached.pm + +commit 2beb83a656b1834325ec07940dc1dc498775def3 +Author: James Rouzier +Date: Tue Dec 2 11:05:21 2014 -0500 + + Will display error message from ConfigStore::commit on error + +M html/pfappserver/lib/pfappserver/Base/Model/Config.pm + +commit 75172efc2fb38c4e7325221556195367a9a33eec +Author: James Rouzier +Date: Tue Dec 2 11:01:15 2014 -0500 + + commit Will result an error message on failure + +M lib/pf/ConfigStore.pm + +commit 79d935d1b0be867ee67f49cade8c6e8676d6655d +Author: Durand Fabrice +Date: Wed Mar 4 16:30:07 2015 -0500 + + fix syntax from last commit + +M debian/packetfence.postrm + +commit e9d94a637f08824e6ca4dd8a26bcfcb3f8d88632 +Author: Durand Fabrice +Date: Wed Mar 4 16:27:45 2015 -0500 + + Updated packetfence.postrm script to test if the user pf can be removed + +M debian/packetfence.postrm + +commit 1e86a57b1d0359e5b789e3bf3f804a74478f37d8 +Author: Durand Fabrice +Date: Wed Mar 4 16:04:58 2015 -0500 + + Updated packetfence-config init script + +M debian/packetfence-config.init + +commit bd4e6359b44571fe88808ebad4887baf8f4c9a58 +Author: Durand Fabrice +Date: Wed Mar 4 15:40:26 2015 -0500 + + Updated Provides name in packetfence-config init script + +M debian/packetfence-config.init + +commit 75b337b60a0e07454cff9dce100598bab3fa844c +Author: Durand Fabrice +Date: Wed Mar 4 15:27:43 2015 -0500 + + Updated debian packaging + +M debian/packetfence-config.postrm +M debian/packetfence.postinst +M debian/packetfence.postrm + +commit 948c763151858221475bd55e76249ea1e390c2f6 +Author: Zammit Ludovic +Date: Wed Mar 4 14:07:31 2015 -0500 + + section moved and rewritten + +M docs/PacketFence_Administration_Guide.asciidoc + +commit ebc152f20e2605e54d7506d344d3a529029f86ea +Author: Francis Lachapelle +Date: Wed Mar 4 13:31:20 2015 -0500 + + Fix typo in administration guide + +M docs/PacketFence_Administration_Guide.asciidoc + +commit b41bcf4a5e203d8d48d12b6ae7b485a3a4d95fbe +Author: Durand Fabrice +Date: Wed Mar 4 12:58:34 2015 -0500 + + Fix error in log if undef value + +M lib/pf/Switch.pm + +commit 58dc652997b06906259e030895097ab847debee0 +Author: Zammit Ludovic +Date: Wed Mar 4 12:51:28 2015 -0500 + + Added a quick documentation on the node role usage as a filter in portal profiles + +M docs/PacketFence_Administration_Guide.asciidoc + +commit a54f8ffd6ccf201a615a3c57f4a4b97d1f917fa8 +Author: Durand Fabrice +Date: Wed Mar 4 11:48:40 2015 -0500 + + Changed log message when a device hit the portal + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm + +commit cf24a245f43fae332457f79c1ead99aedf0dff43 +Author: Durand Fabrice +Date: Wed Mar 4 11:44:42 2015 -0500 + + Fixed pfarp_remote for the new api function + +M addons/pfarp_remote/sbin/pfarp_remote +M lib/pf/api.pm + +commit d3d4585643998920a9b19a2c3f2b73d6948267ab +Author: James Rouzier +Date: Wed Mar 4 11:42:13 2015 -0500 + + Used the renamed path pfappserver::PacketFence::Controller instead of pfappserver::Controller + +M addons/extract_i18n_strings.pl +M html/pfappserver/lib/pfappserver/I18N/i_default.po + +commit 9f40cf66963991d7bc4c0bda85afebc15cd4f238 +Author: Julien Semaan +Date: Wed Mar 4 11:18:25 2015 -0500 + + update news for #373 + +M NEWS.asciidoc + +commit 2426f7125cf77974e6ee200a19a26e1ce322890b +Author: Zammit Ludovic +Date: Wed Mar 4 11:13:42 2015 -0500 + + remove lib/pf/profile/filter/category.pm + +D lib/pf/profile/filter/category.pm + +commit 784860d36de374d1fcbce38b6caa9ef4f7cdef9c +Author: Zammit Ludovic +Date: Wed Mar 4 11:05:24 2015 -0500 + + fix category key + +M lib/pf/profile/filter/node_role.pm + +commit ca30c03014144adae147adc86030f7a58a0373ba +Author: James Rouzier +Date: Wed Mar 4 10:51:43 2015 -0500 + + Add empty directory var/control + +A var/control/.gitignore + +commit 0c38243590383ba34462b685b71c4ddfcb3a3dce +Author: Julien Semaan +Date: Wed Mar 4 10:50:31 2015 -0500 + + rework the touch of a pfconfig control file + +M lib/pfconfig/manager.pm + +commit f912d2cbf79598a3fe9cbcf80202e04b65553b94 +Author: Julien Semaan +Date: Wed Mar 4 10:05:30 2015 -0500 + + rework pfconfig handling in packetfence init + +M packetfence.init + +commit 318b1cccfd660bb3d0ab5924c7f432e72cf3a48b +Author: Durand Fabrice +Date: Wed Mar 4 09:19:43 2015 -0500 + + Added new search attributes for LDAP auth source: description and groupMembership + +M lib/pf/Authentication/Source/LDAPSource.pm + +commit d187d5eec1a683c2900fa1efaf7df377ca460d46 +Author: James Rouzier +Date: Tue Mar 3 16:15:12 2015 -0500 + + Fixed license + +M html/captive-portal/lib/captiveportal/Role/Request.pm +M lib/pf/constants/Portal/Profile.pm + +commit 6c42ea14a98ef8be17bd850ce1b9eb28f4fd7889 +Author: Durand Fabrice +Date: Tue Mar 3 15:43:33 2015 -0500 + + Changed error to showError in sponsor portal to be able to have the message translated + +M conf/locale/en/LC_MESSAGES/packetfence.po +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm + +commit 2d69bd05e768be1bb0faa2e4cf5edf924dbc0f5c +Author: Durand Fabrice +Date: Tue Mar 3 14:07:51 2015 -0500 + + Modify postrm script + +M debian/packetfence.postrm + +commit aa118b6eff5abb3e1951cf00dbb64519c21f89ee +Author: Durand Fabrice +Date: Tue Mar 3 13:47:57 2015 -0500 + + Removed purge instruction in packetfence-config.postrm + +M debian/packetfence-config.postrm + +commit 8a313f7f8c5eebc84c86ecb737c83d50e07345ec +Author: Durand Fabrice +Date: Tue Mar 3 13:38:17 2015 -0500 + + Exception in packetfence.postrm for bin/pfcmd + +M debian/packetfence.postrm + +commit 34c9e326e911593d846f3d2c024d5f83ad75fd43 +Author: Durand Fabrice +Date: Tue Mar 3 13:29:09 2015 -0500 + + Be sure that packetfence-config canĀ“t start without packetfence installed + +M addons/packages/packetfence.spec +M debian/control +M debian/packetfence-config.init +M packetfence.init + +commit 35b7e4d8f65626600b18fe0d41a293811a89d744 +Author: Durand Fabrice +Date: Tue Mar 3 12:43:49 2015 -0500 + + Fixed syntax in debian/control + +M debian/control + +commit a7713d4f044bcbb68871cd4bba22cd6b2276b6b6 +Author: Durand Fabrice +Date: Tue Mar 3 12:40:43 2015 -0500 + + Change in debian control (for packetfence-pfcmd-suid) + +M debian/control + +commit eb0e2cc639a8a6b9e07d1af58f273dd5e54e9c53 +Author: Durand Fabrice +Date: Tue Mar 3 12:33:34 2015 -0500 + + Change control file for debian/ubuntu + +M debian/control + +commit ea664eca6752b0aa36c23a718c2127261cfc25d5 +Author: Durand Fabrice +Date: Tue Mar 3 11:56:54 2015 -0500 + + Predepend change for packetfence-pfcmd + +M debian/control +M debian/packetfence.postrm + +commit 2d3bbf76461726938da0a1afb5ef200831a5fa44 +Author: James Rouzier +Date: Tue Mar 3 11:42:07 2015 -0500 + + Fix issue where if there are no conditions the saved search is not being restored properly + + Fixes #399 + +M html/pfappserver/root/static/admin/searches.js + +commit f2e1502462949f609e59b7f226cc2cf4a984ecda +Author: Durand Fabrice +Date: Tue Mar 3 11:39:44 2015 -0500 + + Modifed debian packaging (dependencie) + +M debian/control + +commit c2fd1adcf934914f296ef37fb0f0c7129688acad +Author: Durand Fabrice +Date: Tue Mar 3 11:30:06 2015 -0500 + + Change in debian packaging + +M debian/packetfence-config.postrm +M debian/packetfence.postrm + +commit 9a5e9fdb34894482138289541c562ff9769515ad +Author: Durand Fabrice +Date: Tue Mar 3 11:05:55 2015 -0500 + + Added Predepends in packetfence-config packaging + +M debian/control + +commit 8bbf4ef871d1e2bcd15043b2d61d30b7f5fb9db9 +Author: Durand Fabrice +Date: Tue Mar 3 10:16:59 2015 -0500 + + removed set_unreg_date function in api.pm and copy the code in modify_node function + +M lib/pf/api.pm + +commit 281bd3e0ed5a4cc05e801b2fffb3a98a8553db58 +Author: Durand Fabrice +Date: Tue Mar 3 10:12:22 2015 -0500 + + Updated postrm for packetfence and packetfence-config + +M debian/packetfence-config.postrm +M debian/packetfence.postrm + +commit ce63d8d96325034353e2a29571c736b357be9dd8 +Author: James Rouzier +Date: Mon Feb 16 11:12:16 2015 -0500 + + remove the use of the pf::SwitchFactory object + + Since the pf::SwitchFactory->instantiate method does not use any state. + It was just extra overhead to have to create a pf::SwitchFactory object to instantiate switch objects + +M addons/accounting.pl +M addons/autodiscover.pl +M addons/connect_and_read.pl +M addons/convertToPortSecurity.pl +M addons/dev-helpers/dump.pl +M addons/network-save-configs.pl +M addons/recovery.pl +M bin/pfcmd_vlan +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm +M lib/pf/SwitchFactory.pm +M lib/pf/api.pm +M lib/pf/enforcement.pm +M lib/pf/radius.pm +M lib/pf/services/manager/snmptrapd.pm +M lib/pf/web/backend_modperl_require.pl +M lib/pf/web/externalportal.pm +M sbin/pfsetvlan +M t/SNMP.t +M t/SwitchFactory.t +M t/floatingdevice.t +M t/integration/radius.t +M t/network-devices/cisco.t +M t/network-devices/threecom.t +M t/services.t +M t/vlan.t + +commit f5bda874e592df445dd3a2687d1ac9a435d7c702 +Author: James Rouzier +Date: Mon Feb 16 11:06:03 2015 -0500 + + Remove deprecated benchmark script + +D t/benchmarks/switchFactory.pl + +commit 01f8a2ac535b63d3973c5f0cdb36cf444e24acfd +Author: James Rouzier +Date: Wed Feb 18 13:11:39 2015 -0500 + + Update Copyright + +M t/has_unit_test.t + +commit cdc80c7965738eecc7e9a0b0f8ec6c2b7efa1d50 +Author: James Rouzier +Date: Wed Feb 18 13:05:23 2015 -0500 + + Example test + +A t/example.t + +commit fa9511d6225c4a135d44e58b67ab4b64c1f73870 +Author: James Rouzier +Date: Mon Feb 2 15:33:39 2015 -0500 + + Will automatically run new unittest placed in t/unittest + +M t/TestUtils.pm + +commit d6e0586a6214e4b70feba84459611d1d18aa54cc +Author: James Rouzier +Date: Mon Feb 2 14:53:51 2015 -0500 + + Fixed path and unit test name + +M t/has_unit_test.t + +commit d0bfdd9c444d1fb03994df1f4deaa44a7c589680 +Author: James Rouzier +Date: Tue Apr 15 12:13:09 2014 -0400 + + Add unit test checker + +A t/has_unit_test.t + +commit 1928cdd9b698b9bbf508cb4c9d85f61c33faba27 +Author: Durand Fabrice +Date: Tue Mar 3 09:29:58 2015 -0500 + + Removed snort and suricata as depencencies + +M debian/control + +commit 32fa101fc41289697b288223cc00ae0ad909ee6a +Author: Julien Semaan +Date: Tue Mar 3 09:22:36 2015 -0500 + + Make MSM controller inherit from Switch instead of HP + +M lib/pf/Switch/HP/Controller_MSM710.pm + +commit 78c708930177f5f7afac8cafd40310fe32c50a0c +Author: Durand Fabrice +Date: Tue Mar 3 09:03:16 2015 -0500 + + Fix for debian packaging + +M debian/packetfence-config.postrm +M debian/packetfence.postrm +M debian/rules + +commit e9180e8613e552b9853a26e2f38ebab5d98fe793 +Author: Julien Semaan +Date: Tue Mar 3 08:22:39 2015 -0500 + + Add excluded files to addons/pfconfig + +M addons/packages/packetfence.spec + +commit 3d75821597aed09ec5c96d60b1c510c9aa81434f +Author: Julien Semaan +Date: Tue Mar 3 07:51:08 2015 -0500 + + Added addons/pfconfig/ to install section + +M addons/packages/packetfence.spec + +commit 8f597b271652dd29d80a3c89115abe2df77f04c9 +Author: Durand Fabrice +Date: Mon Mar 2 18:26:38 2015 -0500 + + Added new function in api.pm (set_unreg_date) + +M lib/pf/api.pm +M lib/pf/util.pm + +commit 49df77148dcb11a848b886080403d4378335b2c7 +Author: Durand Fabrice +Date: Mon Mar 2 17:55:42 2015 -0500 + + Evaluate role in vlan filter + +M lib/pf/vlan/filter.pm + +commit 98af62d1f658eb99521cc5af9301904ce6a728fe +Author: Julien Semaan +Date: Mon Mar 2 16:51:56 2015 -0500 + + Added /usr/local/pf/addons/pfconfig/cmd.pl to packaging + +M addons/packages/packetfence.spec + +commit 0c00928e9b0ec2600fe138892c30e3ea249436e3 +Author: Durand Fabrice +Date: Mon Mar 2 16:23:59 2015 -0500 + + Added libphp-serialization-perl as a dependencie in debian/ubuntu + +M debian/control + +commit ac78cc926c3e634ff3a8fe507f78cbc666712317 +Author: Durand Fabrice +Date: Mon Mar 2 16:20:29 2015 -0500 + + Revert "Added libphp-session-perl as a dependencie" + + This reverts commit 374f19b3aaa9231e6ee05a33041ffdc0c3c1fcdc. + +M debian/control + +commit f502df671004cb0c848298cc0c7047e13fc83d3c +Author: Durand Fabrice +Date: Mon Mar 2 16:18:03 2015 -0500 + + Added libphp-session-perl as a dependencie + +M debian/control + +commit 0b47512c0dadaf20c5c748cc25005f49d4fe934a +Author: Durand Fabrice +Date: Mon Mar 2 16:15:31 2015 -0500 + + Fix debian rules file + +M debian/rules + +commit 5689360b4fef1b261be9369d028fc8c7fd9cbe57 +Author: James Rouzier +Date: Mon Mar 2 16:14:56 2015 -0500 + + Added pfconfig.t to the compile tests + +M t/TestUtils.pm + +commit 90e2a6189855502baa3303b4a43fbcdce1a90bc9 +Author: James Rouzier +Date: Mon Mar 2 16:09:22 2015 -0500 + + Add test script to test pfconfig libs + +A t/pfconfig.t + +commit 2e0bcf756f97143ae66755865ff6a6b1e6ec4eee +Author: James Rouzier +Date: Mon Mar 2 16:08:49 2015 -0500 + + Do not test pfconfig libs + +M t/pf.t + +commit eacab5fd7c6dd7ccb124d85a6747e8a6ee34a54e +Author: Durand Fabrice +Date: Mon Mar 2 15:48:00 2015 -0500 + + Removed useless dependencie in debian packaging + +M debian/control + +commit 2163ad9676bb12fcdbecc6b3ced53f29c17f1ead +Author: Durand Fabrice +Date: Mon Mar 2 15:14:10 2015 -0500 + + Fixed debian rules file + +M debian/rules + +commit 17682e6e073cdfef7eab3b850baf34eed9a9dca8 +Author: Durand Fabrice +Date: Mon Mar 2 15:02:00 2015 -0500 + + Removed dependencie + +M addons/packages/packetfence.spec + +commit a1f0d6fc16275f87267bba330c3923ba19520b15 +Author: Durand Fabrice +Date: Mon Mar 2 15:00:54 2015 -0500 + + Set noarch for packetfence-config + +M addons/packages/packetfence.spec + +commit 130f2ce88ceb82a63329c1de94a4e92c6893e5ef +Author: Durand Fabrice +Date: Mon Mar 2 14:23:54 2015 -0500 + + Test if pf user exist before trying to remove it + +M addons/packages/packetfence.spec + +commit 37d4cf1008ff53f7dd781ad65e47d293beb40adc +Author: Durand Fabrice +Date: Mon Mar 2 14:01:02 2015 -0500 + + replace space by tab in debian/rules + +M debian/rules + +commit 030d304597cf3bff3e71470bd786751d70ea979b +Author: Julien Semaan +Date: Mon Mar 2 13:45:42 2015 -0500 + + fix chkconfig on pfconfig init script + +M addons/pfconfig/pfconfig.init + +commit d6befe9abd3dea68e5622302018793fa45306b4c +Author: Julien Semaan +Date: Mon Mar 2 13:03:59 2015 -0500 + + missing supportsRoamingAccounting in MockedSwitch + +M lib/pf/Switch/MockedSwitch.pm + +commit a85bc0d8920d2720956a88ba661dbff9d99ed4bb +Author: Durand Fabrice +Date: Mon Mar 2 11:49:06 2015 -0500 + + Fix missing attribute in locationlog + +M lib/pf/locationlog.pm + +commit fe4d32d829c161c013e84276e1fd25571df9faa9 +Author: Julien Semaan +Date: Mon Mar 2 11:40:34 2015 -0500 + + fixes in documentation + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 11282c5198561b06795277745b9db70708201389 +Author: Zammit Ludovic +Date: Mon Mar 2 11:36:58 2015 -0500 + + Fix label module name + +M html/pfappserver/lib/pfappserver/I18N/i_default.po +A lib/pf/profile/filter/node_role.pm + +commit 0f7e087ce507d0b1ce6700802fd093c2494efe0b +Author: Julien Semaan +Date: Mon Mar 2 11:29:45 2015 -0500 + + fix lists + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 04b780f89a5efa457c1460e8ae7e317e91f3320b +Author: Julien Semaan +Date: Mon Mar 2 11:26:44 2015 -0500 + + layout fixes + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 3e26e7586cf8fd2f4044c2965e8c9b76fc974829 +Author: Julien Semaan +Date: Mon Mar 2 11:21:37 2015 -0500 + + Add support for udp_reflector based traffic to pfdhcplistener + +M docs/PacketFence_Administration_Guide.asciidoc +M lib/pf/util/dhcp.pm + +commit 988c76555b000c7b95a54e2162c0163ee59699bf +Author: Durand Fabrice +Date: Mon Mar 2 11:04:25 2015 -0500 + + Added old roaming snmp trap code as comment for AeroHIVE AP + +M lib/pf/Switch/AeroHIVE.pm + +commit ec9a054965603cf34dba00e58c65b30f903844dd +Author: Durand Fabrice +Date: Mon Mar 2 11:01:11 2015 -0500 + + Fix wrong portal instantiate on 802.1x autoreg + +M lib/pf/Portal/ProfileFactory.pm +M lib/pf/vlan.pm + +commit 9efaf07d02543d4700e44e8371c5ecec17eba302 +Author: Derek Wuelfrath +Date: Mon Mar 2 10:54:46 2015 -0500 + + Fixing previous commit (wrong version) + +M UPGRADE.asciidoc + +commit 1a6e7ef78981844a7ec4fea41e91deacd74f8623 +Author: Derek Wuelfrath +Date: Mon Mar 2 10:53:31 2015 -0500 + + Missing upgrade procedure + +M UPGRADE.asciidoc + +commit 2da8e815d678e18db117b1642d7642fe9ba039ce +Author: James Rouzier +Date: Mon Mar 2 10:18:57 2015 -0500 + + Update .gitignore file + +M .gitignore + +commit 7be803c19d98cda7f6f87eab2fae8ea9e3337e86 +Author: Julien Semaan +Date: Mon Mar 2 09:05:11 2015 -0500 + + various fixes to setRole flow + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm + +commit 5904de1d92774e71e69b0f64c795e7037c299eed +Author: Julien Semaan +Date: Fri Feb 27 16:05:17 2015 -0500 + + pass source id in guest + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm + +commit 10538002500633c0af21c098ef7625e00e757509 +Author: Antoine Amacher +Date: Fri Feb 27 15:50:48 2015 -0500 + + fix refs + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm + +commit ada718d90f9d03f7ab4d2ffa449310f2f3b81e87 +Author: Julien Semaan +Date: Fri Feb 27 15:41:48 2015 -0500 + + gix syntax + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm + +commit a698597a3595febda1984217a02a2f552f66e577 +Author: Julien Semaan +Date: Fri Feb 27 15:29:37 2015 -0500 + + use setrole in guest registration + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm + +commit 28ce0990d4900795b8776daf8dc88eafdc2f2694 +Author: Julien Semaan +Date: Fri Feb 27 15:22:05 2015 -0500 + + made error message better + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm + +commit 142200a25753aaf8eeb56e2e8002cf7aa53b072c +Author: Julien Semaan +Date: Thu Feb 26 14:36:56 2015 -0500 + + Show better error messages when auth doesn't give proper role or unregdate + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm + +commit 5475c1b63f3486658c17a29ecb7a7cd5057d5a9c +Author: Durand Fabrice +Date: Sat Feb 28 17:30:20 2015 -0500 + + Normalize log + +M lib/pf/node.pm + +commit 253288b497fae729f2f50c4b0d85e8298ac04aa0 +Author: Durand Fabrice +Date: Sat Feb 28 17:09:50 2015 -0500 + + Standardize log + +M lib/pf/vlan.pm +M lib/pf/vlan/filter.pm + +commit ab87c5582e0dacd6127597745ebdaf1fef73a8e0 +Author: Durand Fabrice +Date: Sat Feb 28 17:05:58 2015 -0500 + + Removed : Use of uninitialized value $switch_mac in httpd.aaa.error log file + +M lib/pf/radius.pm + +commit 48ccebe8cc82e1877455c66a89326f6a2371a642 +Author: Julien Semaan +Date: Fri Feb 27 13:55:39 2015 -0500 + + add limit to connect to pfconfig + +M lib/pfconfig/cached.pm + +commit 6e3725f76f42c8a8c261bc99825cad9c1ec9075b +Author: Julien Semaan +Date: Fri Feb 27 11:59:50 2015 -0500 + + missing file in spec + +M addons/packages/packetfence.spec + +commit 062c4b16d4b877262367ed9c9de6ce001bfe63fb +Author: Durand Fabrice +Date: Fri Feb 27 11:56:09 2015 -0500 + + Fixed perl library name + +M debian/control + +commit 3ae8fb57321e199ec56a071d9bcf5050037a45f9 +Author: Julien Semaan +Date: Fri Feb 27 11:38:21 2015 -0500 + + Revert "comment out doc generation temporarly" + + This reverts commit 8ad7ead0067656b93cc4c1aea386fb5bf2934d50. + +M addons/packages/packetfence.spec + +commit 84e1fd7099cc726ec701c5949f31277d1dfe76ed +Author: Julien Semaan +Date: Fri Feb 27 11:35:03 2015 -0500 + + comment out doc generation temporarly + +M addons/packages/packetfence.spec + +commit c63fd0a17722119131802cdf126b8822abed5454 +Author: Durand Fabrice +Date: Fri Feb 27 11:32:46 2015 -0500 + + Fixed path for pfconfig + +M addons/packages/packetfence.spec + +commit 4298a17e5c1a9f654931b544a8a869be08dfa1af +Author: Julien Semaan +Date: Fri Feb 27 11:05:23 2015 -0500 + + fix builds + +M addons/packages/packetfence.spec + +commit 01ef7e242863b5d3a9c51478b0e2b10d724333af +Author: Julien Semaan +Date: Fri Feb 27 10:52:10 2015 -0500 + + fix forgotten renaming + +M addons/packages/packetfence.spec + +commit dac5be4cbd91b338f2a28ff9f865f0c236c76790 +Author: Julien Semaan +Date: Fri Feb 27 10:50:12 2015 -0500 + + rename packetfence-pfconfig packetfence-config + +M addons/packages/packetfence.spec +M debian/control +A debian/packetfence-config.init +A debian/packetfence-config.postinst +A debian/packetfence-config.postrm +A debian/packetfence-config.preinst +A debian/packetfence-config.prerm +D debian/packetfence-pfconfig.init +D debian/packetfence-pfconfig.postinst +D debian/packetfence-pfconfig.postrm +D debian/packetfence-pfconfig.preinst +D debian/packetfence-pfconfig.prerm +M debian/packetfence.init +M debian/rules + +commit 9c6db9f7bd59c5dcac42647a0d361416747c8aab +Author: Julien Semaan +Date: Fri Feb 27 10:39:37 2015 -0500 + + fix init script start order + +M addons/pfconfig/pfconfig.init +M debian/packetfence-pfconfig.init +M debian/packetfence.init + +commit 22ee9aca97fe512a4830974d113f035a15a3f65a +Author: Julien Semaan +Date: Fri Feb 27 10:18:03 2015 -0500 + + ameliorations to pfconfig cmd + +M addons/pfconfig/cmd.pl + +commit 38c5b1b50f7f6508bae03981506276d8b0eafcdb +Author: Durand Fabrice +Date: Fri Feb 27 10:32:33 2015 -0500 + + PacketFence depend of packetfence-pfconfig + +M addons/packages/packetfence.spec +M debian/control + +commit 1966429269cf45b67251938784555104dfe49b4e +Author: Durand Fabrice +Date: Fri Feb 27 10:23:36 2015 -0500 + + Renamed packetfence-config to packetfence-pfconfig + +M addons/packages/packetfence.spec + +commit c2dbeb0d38cb267f87774423efa7fc96facbd4ab +Author: Durand Fabrice +Date: Fri Feb 27 10:18:43 2015 -0500 + + Moved dependencies in packetfence-pfconfig + +M addons/packages/packetfence.spec + +commit 042f8dbbf4e8bc850ee9522139afc7089740aaf1 +Author: Durand Fabrice +Date: Fri Feb 27 10:13:04 2015 -0500 + + Added packetfence-pfconfig package for debian + +M debian/control +A debian/packetfence-pfconfig.postinst +A debian/packetfence-pfconfig.postrm +A debian/packetfence-pfconfig.preinst +A debian/packetfence-pfconfig.prerm +M debian/rules + +commit c9c49190989c4baad27660945d9f1e57351b2cae +Author: Durand Fabrice +Date: Fri Feb 27 09:39:43 2015 -0500 + + Added packetfence-config package in spec file + +M addons/packages/packetfence.spec + +commit 506218ab74840c66a5c5cb3eddc7d811235a69b0 +Author: Julien Semaan +Date: Fri Feb 27 10:11:31 2015 -0500 + + move the pfconfig socket (again) + +M lib/pfconfig/util.pm + +commit c838dd2e20f80eefab17fb8147a69629216aec7e +Author: Louis Munro +Date: Fri Feb 27 15:40:40 2015 -0500 + + Updated NEWS file for PR 394. + +M NEWS.asciidoc + +commit f8fd304e754a9870765383bfaae3fee31c53236d +Author: James Rouzier +Date: Fri Feb 27 15:30:09 2015 -0500 + + Added label for date range + +M html/pfappserver/root/admin/nodes.tt + +commit 2eaa51ecd86677b21479ade31f159d89ad6869ef +Author: Julien Semaan +Date: Fri Feb 27 14:38:19 2015 -0500 + + news entry for #356 + +M NEWS.asciidoc + +commit 4c2e114a96dd4607d1fd87496af5087b9a2b6839 +Author: James Rouzier +Date: Fri Feb 27 13:58:20 2015 -0500 + + Update copyright + +M conf/locale/de/LC_MESSAGES/packetfence.po +M conf/locale/es/LC_MESSAGES/packetfence.po +M conf/locale/fr/LC_MESSAGES/packetfence.po +M conf/locale/he_IL/LC_MESSAGES/packetfence.po +M conf/locale/it/LC_MESSAGES/packetfence.po +M conf/locale/nl/LC_MESSAGES/packetfence.po +M conf/locale/pl_PL/LC_MESSAGES/packetfence.po +M conf/locale/pt_BR/LC_MESSAGES/packetfence.po +M html/pfappserver/lib/pfappserver/I18N/fr.po + +commit de1449177c7c5bac934e06007ed783c5ff876f35 +Author: Louis Munro +Date: Fri Feb 27 11:43:14 2015 -0500 + + Updated NEWS file for PR 318 (made admin GUI customizable). + +M NEWS.asciidoc + +commit 47f7779afa0380ff915200bc7ae62324e6f54d28 +Author: Durand Fabrice +Date: Fri Feb 27 11:37:23 2015 -0500 + + Updated NEWS.asciidoc file + +M NEWS.asciidoc + +commit a59c63af588695cd310ef8cf04894a2e63630641 +Author: Louis Munro +Date: Fri Feb 27 11:27:54 2015 -0500 + + Added NEWS entry for PR 343. + +M NEWS.asciidoc + +commit 0650c9905617afc8b06756e16ee1eaf8e4ba81c0 +Author: Louis Munro +Date: Fri Feb 27 11:22:43 2015 -0500 + + Reworded previous NEWS entry. + Now contains more better message. + +M NEWS.asciidoc + +commit 80afea6e368495061d4ceee6ccaeef14bad7e03b +Author: Louis Munro +Date: Fri Feb 27 11:20:55 2015 -0500 + + Updated NEWS file to include PR 360. + +M NEWS.asciidoc + +commit a4912af3d6fcf547a21f90b0ef14c427e1fd5cf1 +Author: Louis Munro +Date: Fri Feb 27 11:18:38 2015 -0500 + + Updated NEWS file for PR 361. + +M NEWS.asciidoc + +commit 3e74a66b1ce3beb98adea3b2bcc05f0122c8bba8 +Author: Louis Munro +Date: Fri Feb 27 11:15:09 2015 -0500 + + Updated NEWS file for PR 341. + +M NEWS.asciidoc + +commit d4f221a96d78f6e5ee1a392a467bfc0cc20112aa +Author: Louis Munro +Date: Fri Feb 27 11:11:55 2015 -0500 + + Added NEWS entry for PR 362. + +M NEWS.asciidoc + +commit d03f7c3a36f5293f89c5438ee0949efb1b43e4ea +Author: Julien Semaan +Date: Thu Feb 26 14:15:36 2015 -0500 + + add control file dir creation + +M addons/packages/packetfence.spec + +commit 4e3b9447cb7dfa08de11fb4d3884ccae38aabc95 +Author: Julien Semaan +Date: Thu Feb 26 14:03:57 2015 -0500 + + create control files dir in builds + +M addons/packages/packetfence.spec + +commit a9109788d6d1610fd18e2472e3dcfd7079554f81 +Author: Julien Semaan +Date: Thu Feb 26 13:30:16 2015 -0500 + + change socket path + +M lib/pfconfig/util.pm + +commit 53fddb3f8c4bbaeb03e175925c8669ca2d7622db +Author: Julien Semaan +Date: Thu Feb 26 12:40:11 2015 -0500 + + move pfconfig socket + +M lib/pfconfig/util.pm + +commit 81863559900a6e520026e416d2b6b4cd71fc8d75 +Author: Julien Semaan +Date: Thu Feb 26 10:28:11 2015 -0500 + + Add sbin/pfconfig to spec file + +M addons/packages/packetfence.spec + +commit 4be6ef753f5dd28c6d9342132e64df08e24d7db5 +Author: Julien Semaan +Date: Thu Feb 26 10:08:27 2015 -0500 + + missing program in prepare config + +M t/prepare-pfconfig.t + +commit a2db525237b30362a547c8875dc68ff93755ce8a +Author: Julien Semaan +Date: Thu Feb 26 10:05:22 2015 -0500 + + make prepare pfconfig executable + +M t/prepare-pfconfig.t + +commit 08737515b7a6e0def37473467092797bd432b8b2 +Author: Julien Semaan +Date: Thu Feb 26 09:58:43 2015 -0500 + + add test preparation for pfconfig + +A t/prepare-pfconfig.t + +commit 40fb992cc7d3f3e3afa7658642115e4a085e8c0b +Author: Zammit Ludovic +Date: Fri Feb 20 13:12:32 2015 -0500 + + fix label Node role + +M html/pfappserver/lib/pfappserver/I18N/i_default.po + +commit e2f9984f1e95e2902da3ea9fdc22ebe33095f63e +Author: Zammit Ludovic +Date: Fri Feb 20 12:57:47 2015 -0500 + + Add filter category on portal profile + +M html/pfappserver/lib/pfappserver/I18N/i_default.po +A lib/pf/profile/filter/category.pm + +commit 0fe712ed7cdbd8d549b33ee9e9e7043749b5feb0 +Author: Durand Fabrice +Date: Thu Feb 19 09:45:05 2015 -0500 + + Fixed syntax + +M html/pfappserver/lib/pfappserver/Form/Config/ProfileCommon.pm +M lib/pf/vlan.pm + +commit 6e65596a327204046a372923ad9cea6eb1c06b04 +Author: Durand Fabrice +Date: Tue Feb 17 09:45:50 2015 -0500 + + Dynamic_unregdate is only after we call SET_UNREG_DATE + +M lib/pf/vlan.pm + +commit fbbb885e970d1f8c7201ba4faa6d05fedd526c94 +Author: Durand Fabrice +Date: Mon Feb 16 16:11:29 2015 -0500 + + Added field dot1x_recompute_role_from_portal + +M html/pfappserver/lib/pfappserver/Form/Config/ProfileCommon.pm + +commit 1d11ed600032fde1d6c1911365ce0edba9133ca1 +Author: Durand Fabrice +Date: Tue Feb 10 10:12:32 2015 -0500 + + Added $autoreg variable to be sure of the current status of the node + +M lib/pf/radius.pm +M lib/pf/vlan.pm + +commit bcb9891c7e8f12a982030d946df819778419543a +Author: Durand Fabrice +Date: Tue Feb 10 08:47:46 2015 -0500 + + Fixed syntax and add configuration parameter in checkup.pm + +M lib/pf/pfcmd/checkup.pm +M lib/pf/vlan.pm + +commit ffbee43001b0ae75c134620c26720ef82065b9b5 +Author: Durand Fabrice +Date: Mon Feb 9 16:29:38 2015 -0500 + + return 1 as vlan id if autoregister vlan filter rule match + +M lib/pf/vlan.pm +M lib/pf/vlan/filter.pm + +commit 2c40828e634bb2cf2360b1549766a45f2469338d +Author: Durand Fabrice +Date: Mon Feb 9 15:42:58 2015 -0500 + + Added dot1x_recompute_role_from_portal on the portal profile to recompute or not the role when we do a dot1x connection + +M html/pfappserver/lib/pfappserver/Form/Config/ProfileCommon.pm +M lib/pf/Portal/Profile.pm +M lib/pf/vlan.pm + +commit b455db4eeec9aed48d2ef32257a26e494ad51639 +Author: Durand Fabrice +Date: Mon Feb 9 15:30:50 2015 -0500 + + Moved the call to vlan filter in getRegistrationVlan to be sure that the status of the node is unreg or in pending mode + +M lib/pf/vlan.pm + +commit a2da2e34496e479b132e20b7f79910938ad68d7e +Author: Durand Fabrice +Date: Wed Feb 4 15:31:36 2015 -0500 + + If 802.1x without autoreg then we compute the role + +M lib/pf/vlan.pm + +commit ee822af24c911b8d1b97097288470b93381120a5 +Author: Durand Fabrice +Date: Wed Feb 4 13:49:48 2015 -0500 + + Remove call to person and lookup_person in vlan.pm (done in node_register) + +M lib/pf/node.pm +M lib/pf/vlan.pm + +commit 1216e4a2f8a37ca17644a3eee45300f7dc1f035a +Author: Durand Fabrice +Date: Wed Feb 4 10:41:06 2015 -0500 + + Moved code from getNormalVlan to getNodeInfoForAutoReg + +M lib/pf/vlan.pm + +commit b99fd0f17c5732cc21c103ddbb69cc2888269ea8 +Author: James Rouzier +Date: Thu Feb 26 18:00:11 2015 -0500 + + Make Start date begin at 00:00 and end date end at 23:59 + +M html/pfappserver/lib/pfappserver/Model/Search/Node.pm + +commit a70917d42b9e01d7e3ca76b54a789f4d90c39ce9 +Author: James Rouzier +Date: Thu Feb 26 12:57:12 2015 -0500 + + Allow advanced search conditions to be optional + +M html/pfappserver/root/admin/nodes.tt +M html/pfappserver/root/static/js/node.js + +commit d63e83f749e7ebdf86fe73add422183109535031 +Author: James Rouzier +Date: Thu Feb 26 12:53:58 2015 -0500 + + Date range now searches detect_date + +M html/pfappserver/lib/pfappserver/Model/Search/Node.pm + +commit c9ea799184bb10ad8453b2982cdb7f1afc8b4bea +Author: Durand Fabrice +Date: Thu Feb 26 15:25:26 2015 -0500 + + Removed snmp roaming support for AeroHIVE + +M lib/pf/Switch/AeroHIVE.pm + +commit cdb0fd4cdf8f9a7bbb5fc3e91a5af9a9d5384cd3 +Author: Durand Fabrice +Date: Thu Feb 26 15:18:19 2015 -0500 + + Fixed charset in portal pages + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Sms.pm +M lib/pf/web/guest.pm + +commit 74e71241af6f6a8461d936eb7adaa4d73dc5124b +Author: Durand Fabrice +Date: Thu Feb 26 14:45:57 2015 -0500 + + Fix charset in signup + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm + +commit 19d8d94653b178848dc675312a0da97b6f9288b2 +Author: Durand Fabrice +Date: Thu Feb 26 14:22:53 2015 -0500 + + Only provides the real locales of the portal + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm + +commit 877a930651ce21583bd51c84fcfdf2329c22bc23 +Author: Durand Fabrice +Date: Thu Feb 26 14:12:50 2015 -0500 + + Fixed charset on error messages on the portal + +M html/captive-portal/lib/captiveportal/Base/Controller.pm + +commit 0a2c1608efb191265555d6591a46f8c33956c9e2 +Author: James Rouzier +Date: Tue Feb 24 15:34:34 2015 -0500 + + Consider customizable files as configurations + +M addons/packages/packetfence.spec +M debian/packetfence.conffiles + +commit 77bac7a675416e6204670b707564904b7b9d6982 +Author: James Rouzier +Date: Tue Feb 24 14:48:19 2015 -0500 + + Made Controller::User customizable + +M html/pfappserver/lib/pfappserver/Controller/User.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/User.pm + +commit f9e72fdfcffe31d0b3bfe0354cf11e7d727becc3 +Author: James Rouzier +Date: Tue Feb 24 14:48:14 2015 -0500 + + Made Controller::Interface customizable + +M html/pfappserver/lib/pfappserver/Controller/Interface.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Interface.pm + +commit 57a970f79cf126dcc88edce3e5c912b288670bec +Author: James Rouzier +Date: Tue Feb 24 14:48:10 2015 -0500 + + Made Controller::Graph customizable + +M html/pfappserver/lib/pfappserver/Controller/Graph.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Graph.pm + +commit edb554097c491d86a6ccaebfd4c7f7e92795e740 +Author: James Rouzier +Date: Tue Feb 24 14:48:07 2015 -0500 + + Made Controller::DB customizable + +M html/pfappserver/lib/pfappserver/Controller/DB.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/DB.pm + +commit c492e0f084e5cc636eaca74370c7229a5de08059 +Author: James Rouzier +Date: Tue Feb 24 14:48:01 2015 -0500 + + Made Controller::Configuration customizable + +M html/pfappserver/lib/pfappserver/Controller/Configuration.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Configuration.pm + +commit 13658aa458b1b2424ef324902108d28251f707ff +Author: James Rouzier +Date: Tue Feb 24 14:46:53 2015 -0500 + + Made Controller::Roles customizable + +M html/pfappserver/lib/pfappserver/Controller/Roles.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Roles.pm + +commit 6adc9b69cf35911a127f144032a1db958729036b +Author: James Rouzier +Date: Tue Feb 24 14:46:49 2015 -0500 + + Made Controller::Admin customizable + +M html/pfappserver/lib/pfappserver/Controller/Admin.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Admin.pm + +commit 3702a88bde366c2838f2d84d6db2a28239b9e453 +Author: James Rouzier +Date: Tue Feb 24 14:46:45 2015 -0500 + + Made Controller::Configurator customizable + +M html/pfappserver/lib/pfappserver/Controller/Configurator.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Configurator.pm + +commit ba9957089affa314a6bc78e0bf7fc84096cec55f +Author: James Rouzier +Date: Tue Feb 24 14:46:38 2015 -0500 + + Made Controller::Violation customizable + +M html/pfappserver/lib/pfappserver/Controller/Violation.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Violation.pm + +commit 2235bceacaa8cd19941bf21cffdf62f5c37a9c69 +Author: James Rouzier +Date: Tue Feb 24 14:46:34 2015 -0500 + + Made Controller::Root customizable + +M html/pfappserver/lib/pfappserver/Controller/Root.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Root.pm + +commit b54928e878603c525601b0671e5bbe519b197792 +Author: James Rouzier +Date: Tue Feb 24 14:46:28 2015 -0500 + + Made Controller::Service customizable + +M html/pfappserver/lib/pfappserver/Controller/Service.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Service.pm + +commit 8a82bcd824735c2dc739fa6a8f78dbfdd48f63a2 +Author: James Rouzier +Date: Tue Feb 24 14:46:23 2015 -0500 + + Made Controller::Node customizable + +M html/pfappserver/lib/pfappserver/Controller/Node.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Node.pm + +commit 2feb7d84df279f3b2ed39b57a17fb09106783514 +Author: James Rouzier +Date: Tue Feb 24 14:46:18 2015 -0500 + + Made Controller::SoH customizable + +M html/pfappserver/lib/pfappserver/Controller/SoH.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/SoH.pm + +commit e8155cfd9d0bb0a0cafa2ee056f6f0dcb2e2569c +Author: James Rouzier +Date: Tue Feb 24 14:46:13 2015 -0500 + + Made Controller::Config::Firewall_SSO customizable + +M html/pfappserver/lib/pfappserver/Controller/Config/Firewall_SSO.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Firewall_SSO.pm + +commit 9fb5add4ab44fb33566cce96d577171437158124 +Author: James Rouzier +Date: Tue Feb 24 14:46:09 2015 -0500 + + Made Controller::Config::System customizable + +M html/pfappserver/lib/pfappserver/Controller/Config/System.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/System.pm + +commit f6c4f58ab31a8b04e072c9ba5f7e3e5f1c19f082 +Author: James Rouzier +Date: Tue Feb 24 14:46:05 2015 -0500 + + Made Controller::Config::Wrix customizable + +M html/pfappserver/lib/pfappserver/Controller/Config/Wrix.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Wrix.pm + +commit 9061268ee140e4e4e8ef074bc42ba4ee89c60e8f +Author: James Rouzier +Date: Tue Feb 24 14:44:59 2015 -0500 + + Made Controller::Config::Authentication::Source customizable + +M html/pfappserver/lib/pfappserver/Controller/Config/Authentication/Source.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Authentication/Source.pm + +commit 0c35c544c94658b7c487c8cbc58c140514ba9cfe +Author: James Rouzier +Date: Tue Feb 24 14:44:53 2015 -0500 + + Made Controller::Config::FloatingDevice customizable + +M html/pfappserver/lib/pfappserver/Controller/Config/FloatingDevice.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/FloatingDevice.pm + +commit 0d5828abb11e772e35d6a1b213be898a0ab0bbce +Author: James Rouzier +Date: Tue Feb 24 14:44:47 2015 -0500 + + Made Controller::Config::Authentication customizable + +M html/pfappserver/lib/pfappserver/Controller/Config/Authentication.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Authentication.pm + +commit e74c2927955dffcd5d051784e789e843bbbbab85 +Author: James Rouzier +Date: Tue Feb 24 14:44:40 2015 -0500 + + Made Controller::Config::Provisioning customizable + +M html/pfappserver/lib/pfappserver/Controller/Config/Provisioning.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Provisioning.pm + +commit 71b4db05439a0ccb1e178f859fb26c65681b35d0 +Author: James Rouzier +Date: Tue Feb 24 14:44:35 2015 -0500 + + Made Controller::Config::MacAddress customizable + +M html/pfappserver/lib/pfappserver/Controller/Config/MacAddress.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/MacAddress.pm + +commit 5f9fb26191f3dede987740a0c4095d6b9b40a74a +Author: James Rouzier +Date: Tue Feb 24 14:44:28 2015 -0500 + + Made Controller::Config::AdminRoles customizable + +M html/pfappserver/lib/pfappserver/Controller/Config/AdminRoles.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/AdminRoles.pm + +commit 97a0ea55a04fcdd009cb79d06ff5f2ce83cdb843 +Author: James Rouzier +Date: Tue Feb 24 14:44:23 2015 -0500 + + Made Controller::Config::Realm customizable + +M html/pfappserver/lib/pfappserver/Controller/Config/Realm.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Realm.pm + +commit 46457444e6ef4dcf61e7fddab00e8de001de0037 +Author: James Rouzier +Date: Tue Feb 24 14:44:19 2015 -0500 + + Made Controller::Config::Profile customizable + +M html/pfappserver/lib/pfappserver/Controller/Config/Profile.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Profile.pm + +commit 699d990053e90f5f9e63b2d565b4362782213337 +Author: James Rouzier +Date: Tue Feb 24 14:44:15 2015 -0500 + + Made Controller::Config::Switch customizable + +M html/pfappserver/lib/pfappserver/Controller/Config/Switch.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Switch.pm + +commit f60fda4f8c564e602515dfc3d753359d7a768647 +Author: James Rouzier +Date: Tue Feb 24 14:44:11 2015 -0500 + + Made Controller::Config::Fingerprints customizable + +M html/pfappserver/lib/pfappserver/Controller/Config/Fingerprints.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerprints.pm + +commit 1d0be370cd513835cdcf1e8294ef12615b2082bc +Author: James Rouzier +Date: Tue Feb 24 14:44:07 2015 -0500 + + Made Controller::Config::Pf customizable + +M html/pfappserver/lib/pfappserver/Controller/Config/Pf.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Pf.pm + +commit eca76aba8615b7cd1511bb94b97902324d281984 +Author: James Rouzier +Date: Tue Feb 24 14:44:01 2015 -0500 + + Made Controller::Config::Networks customizable + +M html/pfappserver/lib/pfappserver/Controller/Config/Networks.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Networks.pm + +commit 88c6a1e7a6b7c1850a5397e5c68ac6023512b357 +Author: James Rouzier +Date: Tue Feb 24 14:43:56 2015 -0500 + + Made Controller::Config::Profile::Default customizable + +M html/pfappserver/lib/pfappserver/Controller/Config/Profile/Default.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Profile/Default.pm + +commit 3e1f3b31bce96dff328cbee66cd8792d4798a0e5 +Author: James Rouzier +Date: Tue Feb 24 14:43:51 2015 -0500 + + Made Controller::Config::UserAgents customizable + +M html/pfappserver/lib/pfappserver/Controller/Config/UserAgents.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/UserAgents.pm + +commit 5033ef5c357d3190acdd7559e0ea6385ec946773 +Author: James Rouzier +Date: Tue Feb 24 14:43:48 2015 -0500 + + Made Controller::SavedSearch::User customizable + +M html/pfappserver/lib/pfappserver/Controller/SavedSearch/User.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/SavedSearch/User.pm + +commit 4ce6dc5fd85048eb1fd352bd7a96010e59ded570 +Author: James Rouzier +Date: Tue Feb 24 14:43:44 2015 -0500 + + Made Controller::SavedSearch::Node customizable + +M html/pfappserver/lib/pfappserver/Controller/SavedSearch/Node.pm +A html/pfappserver/lib/pfappserver/PacketFence/Controller/SavedSearch/Node.pm + +commit ea82ba494cb3dd9896b735183d9c8de1d232d4d8 +Author: James Rouzier +Date: Tue Feb 24 13:45:39 2015 -0500 + + Rename pfappserver.conf to pfappserver.conf.example + +D html/pfappserver/pfappserver.conf +A html/pfappserver/pfappserver.conf.example + +commit 2eeb7e90756f7a6e6f7c9daef18f7499bb994240 +Author: Durand Fabrice +Date: Thu Feb 26 13:03:14 2015 -0500 + + Fixed wrong syntax for status only on production network + +M conf/httpd.conf.d/httpd.portal + +commit 62d7799dfdb0dd5da67719112b381c099292ca1b +Author: Durand Fabrice +Date: Tue Feb 24 17:46:47 2015 -0500 + + Fixed packaging for /usr/local/pf/sbin/pfconfig + +M addons/packages/packetfence.spec + +commit ed5c3b28e5147b20f7cbfb5693e5b04fd8f0cf5c +Author: Julien Semaan +Date: Mon Feb 23 13:25:46 2015 -0500 + + add Log::Fast as dependency + +M addons/packages/packetfence.spec + +commit 2d43d3bcc752b2a21c7b747755a9407af47b96d2 +Author: Durand Fabrice +Date: Mon Feb 23 08:15:45 2015 -0500 + + BUMP to version 5.0.0 + +M conf/pf-release + +commit 5b869c2f7b005ceed5ede17899afb8fbf1e5aef0 +Author: Louis Munro +Date: Mon Feb 16 09:47:06 2015 -0500 + + Removes sslv3 support. + + It is being removed across all browsers because there is no way to fix + it for known flaws and attack vectors (e.g. POODLE). + +M conf/httpd.conf.d/httpd.aaa +M conf/httpd.conf.d/httpd.admin +M conf/httpd.conf.d/httpd.portal +M conf/httpd.conf.d/httpd.proxy +M conf/httpd.conf.d/httpd.webservices + +commit 71107ded9341b69fe1df7047110ffd08f152ca1d +Author: Julien Semaan +Date: Mon Feb 23 12:30:37 2015 -0500 + + migrate floating devices to pfconfig + +M lib/pf/config.pm +A lib/pfconfig/namespaces/config/FloatingDevices.pm + +commit 303ee8b8b4ae3d1ca52b3f5f10dd700541a3b2b0 +Author: Julien Semaan +Date: Mon Feb 23 12:30:03 2015 -0500 + + create control files dir in init script + +M pfconfig.init + +commit 3b867a12ad44e5851aa8d317ce59d820a5ccaa90 +Author: Julien Semaan +Date: Mon Feb 23 11:52:40 2015 -0500 + + migrate networks.conf + +M lib/pf/config.pm +M lib/pf/constants/config.pm +A lib/pfconfig/namespaces/config/Network.pm +M lib/pfconfig/namespaces/config/Profiles.pm +A lib/pfconfig/namespaces/interfaces/inline_nets.pm +A lib/pfconfig/namespaces/interfaces/routed_isolation_nets.pm +A lib/pfconfig/namespaces/interfaces/routed_registration_nets.pm + +commit fb9ff2e6a81e80f168c885579c40e9c65756b5ca +Author: Julien Semaan +Date: Mon Feb 23 11:16:50 2015 -0500 + + make create_resource.sh executable + +M addons/create_resource.sh + +commit e02b5aefcde3243e8ba391475c9f964f1cdf0908 +Author: Julien Semaan +Date: Mon Feb 23 11:16:34 2015 -0500 + + remove temp file + +D lib/pfconfig/.manager.pm.swo + +commit 5c721a512c4d5252dda9fb55b712283ae3cf2827 +Author: Julien Semaan +Date: Mon Feb 23 11:13:52 2015 -0500 + + Added profiles.conf + +M lib/pf/config.pm +A lib/pfconfig/namespaces/config/Profiles.pm +A lib/pfconfig/namespaces/resource/Profile_Filters.pm + +commit 7660adb77f12cb78dd2e6446d7334c1acb54485c +Author: Julien Semaan +Date: Mon Feb 23 11:13:09 2015 -0500 + + go back to old way for authentication + +M lib/pf/Authentication/Source.pm +M lib/pf/authentication.pm + +commit 6052d2ff2a306d63c85b5545e75bbf80e88d52db +Author: Julien Semaan +Date: Mon Feb 23 10:28:27 2015 -0500 + + adjustements to pfconfig init script + +M pfconfig.init + +commit e6d24d3fffee6abec6f3eac1e8aadac16ff3773e +Author: Julien Semaan +Date: Mon Feb 23 10:23:31 2015 -0500 + + ignore authentication resources + +A lib/pfconfig/.manager.pm.swo +M lib/pfconfig/manager.pm +M lib/pfconfig/namespaces/config/Authentication.pm + +commit 5c25c3ad1a20d512bf36d5e729dbbc486dee6d7a +Author: Julien Semaan +Date: Mon Feb 23 10:23:04 2015 -0500 + + Merge constants pull request + +M lib/pf/Authentication/Source.pm +M lib/pf/authentication.pm +M lib/pf/constants/authentication.pm + +commit 3555327a47e2b60b6d9e2876e0d3356c50c75975 +Author: Julien Semaan +Date: Mon Feb 23 08:37:48 2015 -0500 + + Add basic auth config resource + configstore test is dynamic + +A lib/pf/constants/authentication.pm +A lib/pfconfig/namespaces/config/Authentication.pm +A lib/pfconfig/namespaces/interfaces.pm +A lib/pfconfig/namespaces/resource/authentication_lookup.pm +A lib/pfconfig/namespaces/resource/authentication_sources.pm +M t/configstore-2-pfconfig.t + +commit f174df5f3dd1dbf70a1db73136b9586f0c983c42 +Author: Julien Semaan +Date: Mon Feb 23 08:12:04 2015 -0500 + + moved interfaces to global namespace + +M lib/pf/config.pm +A lib/pfconfig/namespaces/interfaces/dhcplistener_ints.pm +A lib/pfconfig/namespaces/interfaces/ha_ints.pm +A lib/pfconfig/namespaces/interfaces/inline_enforcement_nets.pm +A lib/pfconfig/namespaces/interfaces/internal_nets.pm +A lib/pfconfig/namespaces/interfaces/listen_ints.pm +A lib/pfconfig/namespaces/interfaces/management_network.pm +A lib/pfconfig/namespaces/interfaces/monitor_int.pm +A lib/pfconfig/namespaces/interfaces/vlan_enforcement_nets.pm +D lib/pfconfig/namespaces/resource/interfaces.pm +D lib/pfconfig/namespaces/resource/interfaces/dhcplistener_ints.pm +D lib/pfconfig/namespaces/resource/interfaces/ha_ints.pm +D lib/pfconfig/namespaces/resource/interfaces/inline_enforcement_nets.pm +D lib/pfconfig/namespaces/resource/interfaces/internal_nets.pm +D lib/pfconfig/namespaces/resource/interfaces/listen_ints.pm +D lib/pfconfig/namespaces/resource/interfaces/management_network.pm +D lib/pfconfig/namespaces/resource/interfaces/monitor_int.pm +D lib/pfconfig/namespaces/resource/interfaces/vlan_enforcement_nets.pm + +commit 1946b09cd8357c4688f03cbcfe499234919a971f +Author: Julien Semaan +Date: Sun Feb 22 21:10:14 2015 -0500 + + switch to Tie::Scalar + +M lib/pfconfig/cached_scalar.pm + +commit 9c211bff427a5321d10e93990c4f8dfdc0162ebe +Author: Julien Semaan +Date: Fri Feb 20 16:10:29 2015 -0500 + + added scalar cached object + finished pf.conf in new store + +A addons/create_resource.sh +M lib/pf/config.pm +A lib/pf/constants/config.pm +M lib/pf/db.pm +M lib/pf/factory/config.pm +M lib/pf/pfcmd/checkup.pm +M lib/pf/services/manager.pm +A lib/pfconfig/cached_scalar.pm +M lib/pfconfig/namespaces/config.pm +M lib/pfconfig/namespaces/config/Pf.pm +A lib/pfconfig/namespaces/resource/CaptivePortal.pm +A lib/pfconfig/namespaces/resource/Database.pm +A lib/pfconfig/namespaces/resource/fqdn.pm +A lib/pfconfig/namespaces/resource/interfaces.pm +A lib/pfconfig/namespaces/resource/interfaces/dhcplistener_ints.pm +A lib/pfconfig/namespaces/resource/interfaces/ha_ints.pm +A lib/pfconfig/namespaces/resource/interfaces/inline_enforcement_nets.pm +A lib/pfconfig/namespaces/resource/interfaces/internal_nets.pm +A lib/pfconfig/namespaces/resource/interfaces/listen_ints.pm +A lib/pfconfig/namespaces/resource/interfaces/management_network.pm +A lib/pfconfig/namespaces/resource/interfaces/monitor_int.pm +A lib/pfconfig/namespaces/resource/interfaces/vlan_enforcement_nets.pm +M sbin/pfconfig + +commit 42038221e2697bd7e7d2e4f42d5e729ba2d49bc7 +Author: Julien Semaan +Date: Fri Feb 20 13:06:39 2015 -0500 + + correct typo in firewall sso config instanciation + +M lib/pf/config.pm + +commit b299a23d173d80213daa10a0c304c1c0f641e8a4 +Author: Julien Semaan +Date: Fri Feb 20 13:05:09 2015 -0500 + + moved to sereal seriliazation for the pipe output + +M lib/pfconfig/cached.pm +M lib/pfconfig/cached_array.pm +M sbin/pfconfig + +commit 435c8708f7afc8cded9171eec464dac950808250 +Author: Julien Semaan +Date: Fri Feb 20 11:34:59 2015 -0500 + + make pfconfig and cached support multi-line responses + +M addons/benchmark-pfconfig.pl +M lib/pfconfig/cached.pm +M sbin/pfconfig + +commit 1830c3aac4f49a3c43ce0a6b348997114c4e2876 +Author: Julien Semaan +Date: Fri Feb 20 08:27:26 2015 -0500 + + Added realm config + +A lib/pfconfig/namespaces/config/Realm.pm + +commit 1e591353a214d89c737fd0f13eb660533b2f40b5 +Author: Julien Semaan +Date: Thu Feb 19 19:14:59 2015 -0500 + + migrate resource in pfconfig + +M lib/pf/config.pm +M lib/pfconfig/cached_hash.pm +M lib/pfconfig/manager.pm +M sbin/pfconfig + +commit cb096fabfa8ef876bea0ede32a892d53454d0048 +Author: Julien Semaan +Date: Thu Feb 19 15:08:53 2015 -0500 + + Changed backend to mysql + +A lib/pfconfig/backend/mysql.pm +M lib/pfconfig/manager.pm + +commit 73d62cbb2dc03987064e04a9d16a7d4de7ed3b72 +Author: Julien Semaan +Date: Wed Feb 18 10:01:56 2015 -0500 + + adjustements for circular dependencies + +M lib/pfconfig/manager.pm +M lib/pfconfig/namespaces/config.pm +M lib/pfconfig/namespaces/config/Pf.pm +M sbin/pfconfig + +commit 02e287a03076ca5f1c24590b44bb85af8a206e54 +Author: Julien Semaan +Date: Tue Feb 17 15:34:06 2015 -0500 + + remove hardcoded variables + +M lib/pfconfig/cached.pm +M lib/pfconfig/manager.pm +A lib/pfconfig/util.pm +M sbin/pfconfig + +commit a9b4941c2ee206dd1d54c83829e1348e2899fd3c +Author: Julien Semaan +Date: Tue Feb 17 14:13:14 2015 -0500 + + add preloading to pfconfig + +M addons/benchmark-a-cache.pl +M addons/benchmark-pfconfig.pl +M sbin/pfconfig + +commit 2ec4ad1290862c782509e1069d6f5899be8559cd +Author: Julien Semaan +Date: Tue Feb 17 14:04:19 2015 -0500 + + add lib to benchmark-a-cache + +M addons/benchmark-a-cache.pl +M addons/benchmark-pfconfig.pl + +commit 9805ddee59ff1fc134f56e18766c04c877a7deda +Author: Julien Semaan +Date: Tue Feb 17 13:35:43 2015 -0500 + + rewrite pfconfig to abstract serialization + change benchmark + +M addons/benchmark-a-cache.pl +M addons/benchmark-pfconfig.pl +M lib/pfconfig/cached.pm +M sbin/pfconfig + +commit bcfede9abd62f3e68eac0bf2f1bc8f6affa4cf21 +Author: Julien Semaan +Date: Tue Feb 17 11:53:17 2015 -0500 + + rework manager error message + +M lib/pfconfig/manager.pm + +commit d1fa15c48c274f019e7a88b18b1b56f77ccd8a0d +Author: Julien Semaan +Date: Tue Feb 17 11:53:02 2015 -0500 + + add more benchmarks + +A addons/benchmark-a-cache.pl +M addons/benchmark-pfconfig.pl +A addons/cache-timing.txt + +commit 7647142b0c76362d9b6aa130183c9df2aa142a8d +Author: Julien Semaan +Date: Mon Feb 16 17:25:18 2015 -0500 + + Multiple changes - see details + + - Added factory for configuration hashes + - Added admin_roles + documentation hashes to pfconfig + - Removed circular dependency for admin_roles + - Added better error messages to pfconfig + +M lib/pf/SwitchFactory.pm +M lib/pf/admin_roles.pm +M lib/pf/config.pm +A lib/pf/constants/admin_roles.pm +A lib/pf/factory/config.pm +M lib/pfconfig/cached.pm +M lib/pfconfig/manager.pm +M lib/pfconfig/namespaces/config/AdminRoles.pm +M sbin/pfconfig + +commit e95238fdb51b2419cc46924bd6add0d27f1f9f27 +Author: Julien Semaan +Date: Mon Feb 16 12:00:42 2015 -0500 + + added radius timing report file + +A addons/radius-timing.txt + +commit 190921bce39063e7ab7f57db4ae5cbf27ccec7e9 +Author: Julien Semaan +Date: Mon Feb 16 11:24:16 2015 -0500 + + add microsecond time to apache logs + +M conf/httpd.conf.d/log.conf + +commit 300f12dad1639ceca235324c1e2ad0fe3a9791ed +Author: Julien Semaan +Date: Mon Feb 16 08:12:23 2015 -0500 + + readded overlay cache + +M lib/pf/SwitchFactory.pm + +commit e3598f66ad4200c96ea12d9c57ede06ed7f7c875 +Author: Julien Semaan +Date: Mon Feb 16 08:08:14 2015 -0500 + + minor changes + +M addons/benchmark-pfconfig.pl +M lib/pfconfig/cached.pm +M lib/pfconfig/log.pm +M lib/pfconfig/manager.pm + +commit bf5b84f768b486d0e03909450dc5895e1c39b06c +Author: Julien Semaan +Date: Fri Feb 13 14:40:30 2015 -0500 + + added expire all + added pfconfig::manager to pfcmd + +M bin/pfcmd.pl +M lib/pfconfig/manager.pm + +commit 6324988d322623aebc7f0df1185843ab0862d598 +Author: Julien Semaan +Date: Fri Feb 13 14:09:45 2015 -0500 + + minor optimization + +M lib/pfconfig/cached.pm +M lib/pfconfig/manager.pm + +commit aa6e4b9a103f25b28a4c7662de3cc4fbabb2a63f +Author: Julien Semaan +Date: Fri Feb 13 14:02:57 2015 -0500 + + added superclass for cached_hash + cached_array + +A lib/pfconfig/cached.pm + +commit a4ca7c9fca8f87026585c13e568a984cac4ad635 +Author: Julien Semaan +Date: Fri Feb 13 14:01:57 2015 -0500 + + optimize code and remove calls to timeme + +M addons/benchmark-pfconfig.pl +M lib/pfconfig/cached_hash.pm +M lib/pfconfig/log.pm +M lib/pfconfig/timeme.pm +M sbin/pfconfig + +commit 91a986c731b20dc9022d7840bdbe810c3e9f88bd +Author: Julien Semaan +Date: Thu Feb 12 15:51:16 2015 -0500 + + remove code duplication + +M lib/pfconfig/cached_array.pm +M lib/pfconfig/cached_hash.pm + +commit 5f6231459577c3071d88a55621a1aa9b28b659fc +Author: Julien Semaan +Date: Thu Feb 12 10:29:40 2015 -0500 + + Added per process subcache + put the socket in shm + +A addons/benchmark-pfconfig.pl +M lib/pfconfig/cached_array.pm +M lib/pfconfig/cached_hash.pm +M lib/pfconfig/log.pm +M lib/pfconfig/timeme.pm +M sbin/pfconfig + +commit f39b16b9907686cbcf3be12e4c13ea9985bfcbf9 +Author: Julien Semaan +Date: Wed Feb 11 15:46:38 2015 -0500 + + Added cached_array for proxied array access to pfconfig + +A lib/pfconfig/cached_array.pm +M lib/pfconfig/cached_hash.pm +A lib/pfconfig/namespaces/resource/array_test.pm +M sbin/pfconfig +M t/pfconfig.t + +commit 0bb9787eb7b2ba31fb5bc13d7f02a8be8007e16b +Author: Julien Semaan +Date: Wed Feb 11 13:30:42 2015 -0500 + + added test for firewall sso + +M t/configstore-2-pfconfig.t + +commit b827321e1dad1b98076f45914a10bacc3062bd3c +Author: Julien Semaan +Date: Wed Feb 11 13:30:23 2015 -0500 + + added template for config of pfconfig + +A lib/pfconfig/namespaces/config/template.pm + +commit fe2072cbb74399a4463142cb671c5d49c4215639 +Author: Julien Semaan +Date: Wed Feb 11 13:30:09 2015 -0500 + + added firewall sso to pfconfig + +A lib/pfconfig/namespaces/config/Firewall_SSO.pm + +commit 41003f71d6f3221f3804e19a631d7b5f7816a51e +Author: Julien Semaan +Date: Mon Feb 9 15:53:30 2015 -0500 + + Added undef return to pfconfig + +M lib/pfconfig/cached_hash.pm +M sbin/pfconfig + +commit 0364cebdf084ba412039281dc6d658622d55ecda +Author: Julien Semaan +Date: Mon Feb 9 15:53:17 2015 -0500 + + Fix bad _id in switch + +M lib/pf/SwitchFactory.pm + +commit 84b5e07856d25753d8e64ce6844f2a65b852dd40 +Author: Julien Semaan +Date: Mon Feb 9 09:49:56 2015 -0500 + + Added admin role resource + small code cleanup + +M lib/pfconfig/namespaces/config.pm +A lib/pfconfig/namespaces/config/AdminRoles.pm +M lib/pfconfig/namespaces/config/Switch.pm +M t/configstore-2-pfconfig.t + +commit 8ed86e232f6e129355bba469b7cd7f25bb8a062c +Author: Julien Semaan +Date: Fri Feb 6 22:13:14 2015 -0500 + + Added pf.conf, documentation.conf to new pfconfig service + +A lib/pf/ConfigStore/config.pm +M lib/pfconfig/namespaces/config.pm +A lib/pfconfig/namespaces/config/Documentation.pm +A lib/pfconfig/namespaces/config/Pf.pm +A lib/pfconfig/namespaces/config/PfDefault.pm +M lib/pfconfig/namespaces/config/Switch.pm +M t/configstore-2-pfconfig.t + +commit 1aea0508725f495cbc1fe36c0e2bbbbcbbae5be4 +Author: Julien Semaan +Date: Fri Feb 6 16:38:41 2015 -0500 + + Added post creation of the switches + +M lib/pfconfig/namespaces/config.pm +M lib/pfconfig/namespaces/config/Switch.pm +A t/configstore-2-pfconfig.t + +commit dbe6852a6446318468c1464d33b0bc46351ed5ca +Author: Julien Semaan +Date: Fri Feb 6 11:44:38 2015 -0500 + + add subsecond memory cache expiration + +M lib/pfconfig/cached_hash.pm +M lib/pfconfig/manager.pm +M lib/pfconfig/timeme.pm +M sbin/pfconfig + +commit 9d466f152c6a34462fee720a47d9caa04c30ce51 +Author: Julien Semaan +Date: Fri Feb 6 11:43:57 2015 -0500 + + add a faster logger + +A lib/pfconfig/log.pm + +commit ea310d28cd811cd140b18b0c2ea6d04dd08adf00 +Author: Julien Semaan +Date: Thu Feb 5 21:38:39 2015 -0500 + + fixed pfconfig log config + +M conf/log.conf.d/pfconfig.conf.example + +commit 243bd4b7106c2b0bbb938f4bd7e7fbe35807722a +Author: Julien Semaan +Date: Thu Feb 5 21:37:03 2015 -0500 + + added pod doc + +M lib/pfconfig/backend.pm +M lib/pfconfig/backend/memcached.pm +M lib/pfconfig/cached_hash.pm +M lib/pfconfig/manager.pm +M lib/pfconfig/namespaces/config.pm +M lib/pfconfig/namespaces/config/Switch.pm +M lib/pfconfig/namespaces/resource.pm +M lib/pfconfig/namespaces/resource/default_switch.pm +M lib/pfconfig/timeme.pm + +commit 8c5c96ed4bf586cc6c744be84146782a8aa613fa +Author: Julien Semaan +Date: Thu Feb 5 21:35:07 2015 -0500 + + added logging configuration + +A conf/log.conf.d/pfconfig.conf.example + +commit ef2f140769d276b2c7e75583f25a74bf5353405b +Author: Julien Semaan +Date: Thu Feb 5 18:17:11 2015 -0500 + + fix namespace in switch configstore + +M lib/pf/ConfigStore/Switch.pm + +commit 7368a4ee031e316e8801b24cd9a3dc87478a2d14 +Author: Julien Semaan +Date: Thu Feb 5 18:16:51 2015 -0500 + + start pfconfig as pf + +M pfconfig.init + +commit 002e252a8b108cb3f83b7e0d8d99177bae1d9706 +Author: Julien Semaan +Date: Thu Feb 5 18:03:01 2015 -0500 + + adjust refactoring to lib/pf + +M lib/pf/SwitchFactory.pm +M lib/pf/config.pm +M lib/pfconfig/manager.pm + +commit 6c79d9c06be5c0da836ca50143137c1713fde741 +Author: Julien Semaan +Date: Thu Feb 5 17:49:09 2015 -0500 + + Removed useless logging messages + +M lib/pf/api.pm +M lib/pf/radius.pm +M lib/pf/radius/rpc.pm +M lib/pf/services/util.pm +M raddb/packetfence.pm + +commit 5fda98271fa3f53d7bd975c30cf3e0a8d26fc379 +Author: Julien Semaan +Date: Thu Feb 5 17:43:08 2015 -0500 - Made Controller::Config::AdminRoles customizable + Refactoring of pfconfig + + - Created first unit test (./t/pfconfig.t). YAY :D + - Depends on the service running - that part should go in another test later + - Added logging + - Added init script (./pfconfig.init) + - Refactored code -M html/pfappserver/lib/pfappserver/Controller/Config/AdminRoles.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/AdminRoles.pm +M lib/pfconfig/backend.pm +M lib/pfconfig/backend/memcached.pm +M lib/pfconfig/cached_hash.pm +M lib/pfconfig/manager.pm +M lib/pfconfig/namespaces/config.pm +M lib/pfconfig/namespaces/config/Switch.pm +M lib/pfconfig/namespaces/resource.pm +M lib/pfconfig/timeme.pm +A pfconfig.init +M sbin/pfconfig +A t/pfconfig.t -commit 97a0ea55a04fcdd009cb79d06ff5f2ce83cdb843 -Author: James Rouzier -Date: Tue Feb 24 14:44:23 2015 -0500 +commit c012472dbd6f104deef1ae75a0580508ed37b38c +Author: Julien Semaan +Date: Thu Feb 5 14:58:48 2015 -0500 - Made Controller::Config::Realm customizable + Refactored zicache into pfconfig -M html/pfappserver/lib/pfappserver/Controller/Config/Realm.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Realm.pm +D addons/cachemaster.pl +M lib/pf/ConfigStore/Switch.pm +M lib/pf/SwitchFactory.pm +M lib/pf/config.pm +A lib/pfconfig/backend.pm +A lib/pfconfig/backend/memcached.pm +A lib/pfconfig/cached_hash.pm +A lib/pfconfig/manager.pm +A lib/pfconfig/namespaces/config.pm +A lib/pfconfig/namespaces/config/Switch.pm +A lib/pfconfig/namespaces/resource.pm +A lib/pfconfig/namespaces/resource/default_switch.pm +A lib/pfconfig/timeme.pm +D lib/zicache/backend.pm +D lib/zicache/backend/memcached.pm +D lib/zicache/namespaces/config.pm +D lib/zicache/namespaces/config/Switch.pm +D lib/zicache/namespaces/resource.pm +D lib/zicache/namespaces/resource/default_switch.pm +D lib/zicache/timeme.pm +D lib/zicache/zicache.pm +D lib/zicache/zihash.pm +A sbin/pfconfig -commit 46457444e6ef4dcf61e7fddab00e8de001de0037 -Author: James Rouzier -Date: Tue Feb 24 14:44:19 2015 -0500 +commit 608f21c1ccadc776903b64c6bd940c5873b6fde3 +Author: Julien Semaan +Date: Mon Feb 2 15:03:54 2015 -0500 - Made Controller::Config::Profile customizable + add more abstraction layers -M html/pfappserver/lib/pfappserver/Controller/Config/Profile.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Profile.pm +A lib/zicache/backend.pm +A lib/zicache/backend/memcached.pm +M lib/zicache/namespaces/config.pm +A lib/zicache/namespaces/resource.pm +A lib/zicache/namespaces/resource/default_switch.pm +M lib/zicache/zicache.pm +M lib/zicache/zihash.pm -commit 699d990053e90f5f9e63b2d565b4362782213337 -Author: James Rouzier -Date: Tue Feb 24 14:44:15 2015 -0500 +commit 4b23a49339f0591a2c93cc4b8d3bee32973b2287 +Author: Julien Semaan +Date: Mon Feb 2 11:39:19 2015 -0500 - Made Controller::Config::Switch customizable + removed duplicate method -M html/pfappserver/lib/pfappserver/Controller/Config/Switch.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Switch.pm +M lib/zicache/namespaces/config.pm -commit f60fda4f8c564e602515dfc3d753359d7a768647 -Author: James Rouzier -Date: Tue Feb 24 14:44:11 2015 -0500 +commit a227b4d92bdb2afae218f8c8bc90bbc9a432d40c +Author: Julien Semaan +Date: Mon Feb 2 11:38:47 2015 -0500 - Made Controller::Config::Fingerprints customizable + reworked keys method on zihash -M html/pfappserver/lib/pfappserver/Controller/Config/Fingerprints.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Fingerprints.pm +M addons/cachemaster.pl +M lib/zicache/namespaces/config.pm +M lib/zicache/namespaces/config/Switch.pm +M lib/zicache/zicache.pm -commit 1d0be370cd513835cdcf1e8294ef12615b2082bc -Author: James Rouzier -Date: Tue Feb 24 14:44:07 2015 -0500 +commit 229db4d42deb72f6366352d8529f011d14fef9d0 +Author: Julien Semaan +Date: Mon Feb 2 09:33:50 2015 -0500 - Made Controller::Config::Pf customizable + implemented keys on zihash -M html/pfappserver/lib/pfappserver/Controller/Config/Pf.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Pf.pm +M addons/cachemaster.pl +M lib/zicache/namespaces/config/Switch.pm +M lib/zicache/zicache.pm +M lib/zicache/zihash.pm -commit eca76aba8615b7cd1511bb94b97902324d281984 -Author: James Rouzier -Date: Tue Feb 24 14:44:01 2015 -0500 +commit fe94ef2fe62e5313a694a1b356dfd6e5f638c33b +Author: Julien Semaan +Date: Sun Feb 1 13:07:09 2015 -0500 - Made Controller::Config::Networks customizable + Made config baseclass -M html/pfappserver/lib/pfappserver/Controller/Config/Networks.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Networks.pm +D lib/zicache/namespaces/Switch.pm +A lib/zicache/namespaces/config.pm +A lib/zicache/namespaces/config/Switch.pm +M lib/zicache/zicache.pm -commit 88c6a1e7a6b7c1850a5397e5c68ac6023512b357 -Author: James Rouzier -Date: Tue Feb 24 14:43:56 2015 -0500 +commit 7651b8f2450b41c7d59dd7c44857751255105c6d +Author: Julien Semaan +Date: Fri Jan 30 15:22:59 2015 -0500 - Made Controller::Config::Profile::Default customizable + Various changes : + + - Add object oriented namespaces that build the config overlay + - Move the sockets to pf directory + - Cleanup the code a little + - Zicache is now object oriented (but still cached zicache) -M html/pfappserver/lib/pfappserver/Controller/Config/Profile/Default.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/Profile/Default.pm +M addons/cachemaster.pl +M lib/pf/SwitchFactory.pm +A lib/zicache/namespaces/Switch.pm +M lib/zicache/zicache.pm +M lib/zicache/zihash.pm -commit 3e1f3b31bce96dff328cbee66cd8792d4798a0e5 -Author: James Rouzier -Date: Tue Feb 24 14:43:51 2015 -0500 +commit 7c39200a45fb97bd5baf10c41347ec3b5e11e9bd +Author: Julien Semaan +Date: Fri Jan 30 11:28:19 2015 -0500 - Made Controller::Config::UserAgents customizable + override switch commit for new cache -M html/pfappserver/lib/pfappserver/Controller/Config/UserAgents.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/Config/UserAgents.pm +M lib/pf/ConfigStore/Switch.pm -commit 5033ef5c357d3190acdd7559e0ea6385ec946773 -Author: James Rouzier -Date: Tue Feb 24 14:43:48 2015 -0500 +commit 7e8ddd7a6f1186e1874fa97ebeb829f8d3cf0b59 +Author: Julien Semaan +Date: Fri Jan 30 10:38:20 2015 -0500 - Made Controller::SavedSearch::User customizable + Dirty integration with SwitchFactory -M html/pfappserver/lib/pfappserver/Controller/SavedSearch/User.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/SavedSearch/User.pm +M addons/cachemaster.pl +M lib/pf/SwitchFactory.pm +D lib/zicache/.zicache.pm.swo +M lib/zicache/zicache.pm -commit 4ce6dc5fd85048eb1fd352bd7a96010e59ded570 -Author: James Rouzier -Date: Tue Feb 24 14:43:44 2015 -0500 +commit b5ed10b1c964b612db9f1356b99231338f352c8b +Author: Julien Semaan +Date: Thu Jan 29 22:29:28 2015 -0500 - Made Controller::SavedSearch::Node customizable + working with 127.0.0.1 bug -M html/pfappserver/lib/pfappserver/Controller/SavedSearch/Node.pm -A html/pfappserver/lib/pfappserver/PacketFence/Controller/SavedSearch/Node.pm +A addons/cachemaster.pl +M lib/pf/SwitchFactory.pm +M lib/pf/api.pm +M lib/pf/config.pm +M lib/pf/radius.pm +M lib/pf/radius/rpc.pm +M lib/pf/services/util.pm +A lib/zicache/.zicache.pm.swo +A lib/zicache/timeme.pm +A lib/zicache/zicache.pm +A lib/zicache/zihash.pm +M raddb/packetfence.pm -commit ea82ba494cb3dd9896b735183d9c8de1d232d4d8 +commit a26f38408c5592a0e27e212e9bf0bf874494a6ca Author: James Rouzier -Date: Tue Feb 24 13:45:39 2015 -0500 +Date: Sat Jan 24 17:37:10 2015 -0500 - Rename pfappserver.conf to pfappserver.conf.example + Moved to use pf::constants -D html/pfappserver/pfappserver.conf -A html/pfappserver/pfappserver.conf.example +M addons/extract_i18n_strings.pl +M bin/pfcmd.pl +M bin/pfcmd_vlan +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Sms.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Node/Manager.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Status.pm +M html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm +M html/pfappserver/lib/pfappserver/Model/Interface.pm +M html/pfappserver/lib/pfappserver/Model/Node.pm +M html/pfappserver/lib/pfappserver/Model/PfConfigAdapter.pm +M lib/pf/Authentication/Source/BlackholeSource.pm +M lib/pf/Authentication/Source/ChainedSource.pm +M lib/pf/Authentication/Source/HtpasswdSource.pm +M lib/pf/Authentication/Source/KerberosSource.pm +M lib/pf/Authentication/Source/LDAPSource.pm +M lib/pf/Authentication/Source/NullSource.pm +M lib/pf/Authentication/Source/RADIUSSource.pm +M lib/pf/Authentication/Source/SMSSource.pm +M lib/pf/Authentication/Source/SQLSource.pm +M lib/pf/Connection.pm +M lib/pf/Portal/Profile.pm +M lib/pf/Portal/Session.pm +M lib/pf/Switch.pm +M lib/pf/Switch/AeroHIVE.pm +M lib/pf/Switch/AeroHIVE/AP_http.pm +M lib/pf/Switch/AeroHIVE/BR100.pm +M lib/pf/Switch/AlliedTelesis.pm +M lib/pf/Switch/Anyfi.pm +M lib/pf/Switch/Aruba.pm +M lib/pf/Switch/ArubaSwitch.pm +M lib/pf/Switch/Avaya.pm +M lib/pf/Switch/Avaya/WC.pm +M lib/pf/Switch/Belair.pm +M lib/pf/Switch/Brocade.pm +M lib/pf/Switch/Cisco.pm +M lib/pf/Switch/Cisco/Aironet.pm +M lib/pf/Switch/Cisco/Catalyst_2950.pm +M lib/pf/Switch/Cisco/Catalyst_2960.pm +M lib/pf/Switch/Cisco/Catalyst_2960_http.pm +M lib/pf/Switch/Cisco/WLC.pm +M lib/pf/Switch/Cisco/WLC_2100.pm +M lib/pf/Switch/Cisco/WLC_http.pm +M lib/pf/Switch/Dell/Force10.pm +M lib/pf/Switch/Dlink/DGS_3100.pm +M lib/pf/Switch/Dlink/DGS_3200.pm +M lib/pf/Switch/Dlink/DWS_3026.pm +M lib/pf/Switch/EdgeCore.pm +M lib/pf/Switch/Enterasys/V2110.pm +M lib/pf/Switch/Extreme.pm +M lib/pf/Switch/Extricom.pm +M lib/pf/Switch/H3C.pm +M lib/pf/Switch/HP/Controller_MSM710.pm +M lib/pf/Switch/HP/Procurve_2500.pm +M lib/pf/Switch/HP/Procurve_2600.pm +M lib/pf/Switch/HP/Procurve_5400.pm +M lib/pf/Switch/Hostapd.pm +M lib/pf/Switch/Huawei.pm +M lib/pf/Switch/Huawei/S5710.pm +M lib/pf/Switch/Juniper.pm +M lib/pf/Switch/Juniper/EX2200.pm +M lib/pf/Switch/LG.pm +M lib/pf/Switch/Meru.pm +M lib/pf/Switch/Mikrotik.pm +M lib/pf/Switch/MockedSwitch.pm +M lib/pf/Switch/Motorola.pm +M lib/pf/Switch/Netgear/FSM726v1.pm +M lib/pf/Switch/Netgear/FSM7328S.pm +M lib/pf/Switch/Netgear/MSeries.pm +M lib/pf/Switch/Nortel.pm +M lib/pf/Switch/Nortel/BPS2000.pm +M lib/pf/Switch/Ruckus.pm +M lib/pf/Switch/ThreeCom/Switch_4200G.pm +M lib/pf/Switch/Trapeze.pm +M lib/pf/Switch/WirelessModuleTemplate.pm +M lib/pf/Switch/Xirrus.pm +M lib/pf/Switch/Xirrus/AP_http.pm +M lib/pf/accounting.pm +M lib/pf/activation.pm +M lib/pf/authentication.pm +M lib/pf/config.pm +M lib/pf/constants.pm +M lib/pf/enforcement.pm +M lib/pf/floatingdevice.pm +M lib/pf/import.pm +M lib/pf/inline.pm +M lib/pf/node.pm +M lib/pf/os.pm +M lib/pf/pfcmd/checkup.pm +M lib/pf/provisioner/ibm.pm +M lib/pf/radius.pm +M lib/pf/scan.pm +M lib/pf/scan/openvas.pm +M lib/pf/services/manager/dhcpd.pm +M lib/pf/services/manager/snmptrapd.pm +M lib/pf/services/manager/snort.pm +M lib/pf/services/manager/suricata.pm +M lib/pf/soh.pm +M lib/pf/useragent.pm +M lib/pf/util.pm +M lib/pf/vlan.pm +M lib/pf/vlan/custom_example.pm +M lib/pf/web.pm +M lib/pf/web/billing.pm +M lib/pf/web/guest.pm +M lib/pf/web/util.pm +M sbin/pfdhcplistener +M sbin/pfsetvlan +M t/dao/person.t +M t/floatingdevice.t +M t/services.t +M t/vlan.t -commit 2eeb7e90756f7a6e6f7c9daef18f7499bb994240 -Author: Durand Fabrice -Date: Thu Feb 26 13:03:14 2015 -0500 +commit 00e36e30059ae22adb9b7ca138a0d3a917dd8ff9 +Author: James Rouzier +Date: Sat Jan 24 17:11:49 2015 -0500 - Fixed wrong syntax for status only on production network + Added new module for constants -M conf/httpd.conf.d/httpd.portal +A lib/pf/constants.pm commit fd19ba99eba70a5db331c751358756a6bffb31ad Author: Julien Semaan @@ -3500,6 +13762,22 @@ M lib/pf/authentication.pm M lib/pf/config.pm M lib/pf/iptables.pm +commit 35046f5089e9d60b9d70994a2d9718eee1ee51ce +Author: Dennis +Date: Tue Feb 3 18:54:13 2015 +0100 + + Update Procurve_2920.pm + +M lib/pf/Switch/HP/Procurve_2920.pm + +commit dbe07c4602a2ca4338afe78c11fb8d0fa995d2af +Author: Dennis +Date: Tue Feb 3 18:51:57 2015 +0100 + + Update NEWS.asciidoc + +M NEWS.asciidoc + commit 1f83d5ef50e860c90beb94aeedbeed8eb26bdc28 Author: James Rouzier Date: Tue Feb 3 12:30:49 2015 -0500 @@ -3593,6 +13871,15 @@ Date: Tue Feb 3 08:42:42 2015 -0500 M html/pfappserver/lib/pfappserver/Controller/Config/Fingerprints.pm +commit 4f69050a9b5b87989dcf02c43ad0fb74a107a17e +Author: erSitzt +Date: Tue Feb 3 11:56:10 2015 +0100 + + Changed indentation to 4 spaces + Removed unnecessary function + +M lib/pf/Switch/HP/Procurve_2920.pm + commit 7e08d03d5aaf763fb91bee5ed6430ca9c2f70258 Author: Julien Semaan Date: Mon Feb 2 16:02:19 2015 -0500 @@ -3817,6 +14104,42 @@ Date: Mon Feb 2 10:19:03 2015 -0500 M html/pfappserver/lib/pfappserver/Controller/Config/Authentication/Source.pm +commit e2167629b69945ffec996c487403ccc1a7d101de +Author: Dennis +Date: Mon Feb 2 15:44:48 2015 +0100 + + Removed proxy support entry + +M NEWS.asciidoc + +commit 85393592bbb5175aa99c491f1bdfeef9dea39e8c +Author: Dennis +Date: Mon Feb 2 15:33:33 2015 +0100 + + Proxysupport for dhcp fingerprint update removed + + Works only in cli, has to be reviewed. + +M lib/pf/os.pm + +commit 4449027c2c798382e9548ee954640761c6698ba2 +Author: erSitzt +Date: Mon Feb 2 15:14:01 2015 +0100 + + Updated NEWS.asciidoc + +M NEWS.asciidoc + +commit 6f507f01a4c1d83c49fcf8320ea5669089a6ab7c +Author: erSitzt +Date: Mon Feb 2 15:12:00 2015 +0100 + + Added env_proxy to LWP::UserAgent in update_dhcp_fingerprints_conf + Added support for HP ProCurve 2920 + +A lib/pf/Switch/HP/Procurve_2920.pm +M lib/pf/os.pm + commit ac7e9ced01eda87729a8697c386d7215a7dcc081 Author: James Rouzier Date: Fri Jan 30 15:39:19 2015 -0500 diff --git a/Makefile b/Makefile index 5672e4d4b906..e2902e0a99ca 100644 --- a/Makefile +++ b/Makefile @@ -44,10 +44,20 @@ doc-opendaylight-pdf: doc-checkpoint-pdf: asciidoc -a docinfo2 -b docbook -d book -d book -o docs/docbook/PacketFence_Checkpoint_Quick_Install_Guide.docbook docs/PacketFence_Checkpoint_Quick_Install_Guide.asciidoc; fop -c docs/fonts/fop-config.xml -xsl docs/docbook/xsl/packetfence-fo.xsl -xml docs/docbook/PacketFence_Checkpoint_Quick_Install_Guide.docbook -pdf docs/PacketFence_Checkpoint_Quick_Install_Guide.pdf +doc-clustering-pdf: + asciidoc -a docinfo2 -b docbook -d book -d book -o docs/docbook/PacketFence_Clustering_Guide.docbook docs/PacketFence_Clustering_Guide.asciidoc; fop -c docs/fonts/fop-config.xml -xsl docs/docbook/xsl/packetfence-fo.xsl -xml docs/docbook/PacketFence_Clustering_Guide.docbook -pdf docs/PacketFence_Clustering_Guide.pdf + +doc-out-of-band-zen: + asciidoc -a docinfo2 -b docbook -d book -d book -o docs/docbook/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN.docbook docs/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN.asciidoc; fop -c docs/fonts/fop-config.xml -xsl docs/docbook/xsl/packetfence-fo.xsl -xml docs/docbook/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN.docbook -pdf docs/PacketFence_Out-of-Band_Deployment_Quick_Guide_ZEN.pdf + +doc-inline-zen: + asciidoc -a docinfo2 -b docbook -d book -d book -o docs/docbook/PacketFence_Inline_Deployment_Quick_Guide_ZEN.docbook docs/PacketFence_Inline_Deployment_Quick_Guide_ZEN.asciidoc; fop -c docs/fonts/fop-config.xml -xsl docs/docbook/xsl/packetfence-fo.xsl -xml docs/docbook/PacketFence_Inline_Deployment_Quick_Guide_ZEN.docbook -pdf docs/PacketFence_Inline_Deployment_Quick_Guide_ZEN.pdf + .PHONY: configurations configurations: find -type f -name '*.example' -print0 | while read -d $$'\0' file; do cp -n $$file "$$(dirname $$file)/$$(basename $$file .example)"; done + touch /usr/local/pf/conf/pf.conf .PHONY: ssl-certs @@ -108,13 +118,17 @@ translation: .PHONY: mysql-schema mysql-schema: - cd /usr/local/pf/db;\ - VERSIONSQL=$$( ls -r pf-schema-[0-9]*.[0-9]*.[0-9]*.sql | head -1);\ - ln -f -s $$VERSIONSQL ./pf-schema.sql; + ln -f -s /usr/local/pf/db/pf-schema-X.Y.Z.sql /usr/local/pf/db/pf-schema.sql; .PHONY: chown_pf chown_pf: chown -R pf:pf * -devel: configurations conf/ssl/server.crt bin/pfcmd raddb/certs/dh sudo lib/pf/pfcmd/pfcmd_pregrammar.pm translation mysql-schema raddb/sites-enabled chown_pf permissions +.PHONY: fingerbank + +fingerbank: + rm -f /usr/local/pf/lib/fingerbank + ln -s /usr/local/fingerbank/lib/fingerbank /usr/local/pf/lib/fingerbank \ + +devel: configurations conf/ssl/server.crt bin/pfcmd raddb/certs/dh sudo lib/pf/pfcmd/pfcmd_pregrammar.pm translation mysql-schema raddb/sites-enabled fingerbank chown_pf permissions diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 795b961b1de6..6e2274dcb3b2 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -11,6 +11,38 @@ This is a list of noteworthy changes across releases. For more details and developer visible changes see the ChangeLog file. For a list of compatibility related changes see the UPGRADE.asciidoc file. +Version 5.0.0 released on 2015-04-15 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +New Features +++++++++++++ +* New active/active clustering mode. This allows HTTP and RADIUS load balancing and improves availability. +* Fingerbank integration for accurate devices fingerprinting. It is now easier than ever to share devices fingerprinting. +* Built-in support for StatsD. This allows fine grained performance monitoring and can be used to create a dashboard using Graphite. +* Local database passwords are now encrypted using bcrypt by default on all new installations. The old plaintext mode is still supported for legacy installations and to allow migration to the new mode. +* Devices can now have a "bypass role" that allows the administrator to manage them completely manually. This allows for exceptions to the authorization rules. +* Support for ISC DHCP OMAPI queries. This allows PacketFence to dynamically query a dhcpd instance to establish IP to MAC mappings. + +Enhancements +++++++++++++ +* Completely rewritten pfcmd command. pfcmd is now much easier to extend and will allow us to integrate more features in the near future. +* Rewritten IP/MAC mapping (iplog). Iplog should now never overflow. +* New admin role action USERS_CREATE_MULTIPLE for finer grained control of the admin GUI. An administrative account can now be prevented from creating more than one other account. +* PacketFence will no longer start MySQL when starting. +* PacketFence will accept to start even if there are no internal networks. +* Added a new listening port to pfdhcplistener to listen for replicated traffic. +* Added a 'default' default user in replacement of the admin one. +* Adds support for HP ProCurve 2920 switches. +* Iptables will now allow access to the captive portal from the production network by default. +* Major documentation rewrite and improvements. + +Bug Fixes ++++++++++ +* Fixed violations applying portal redirection when using web authentication on a Cisco WLC +* Registration and Isolation VLAN ids can now be any string allowed by the RFCs. +* Devices can no longer remain in "pending" state indefinitely. + + Version 4.7.0 released on 2015-03-06 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/UPGRADE.asciidoc b/UPGRADE.asciidoc index 0e9b3d891d14..e10336522da9 100644 --- a/UPGRADE.asciidoc +++ b/UPGRADE.asciidoc @@ -11,6 +11,71 @@ For RedHat-based systems, run the following command: PacketFence should now be upgraded. However, there may be extra steps required depending on the version you are upgrading from. Please review the following notes about upgrading from an older release. +Upgrading from a version prior to 5.0.0 +--------------------------------------- + +Upgrading a version of PacketFence older than 4.1 to v5 will be a complex undertaking. +While it's entirely possible if done meticulously, we +suggest you start from scratch and move your customizations and +nodes information over to your new installation. + +Please note that the sections below are cumulative. That is to say, if you are upgrading from version 4.3 to version 5.0 you must apply in order all changes in between the two versions, including database schema changes. + +As always, taking a complete backup of your current installation is strongly recommended. +A backup should contain a copy of all PacketFence files as well as a copy of the database. +You can take a backup of the pf directory with the following command: + + tar -C /usr/local -czf /root/packetfence.tar.gz pf + +A backup of the database can be taken using the procedure described in the next section. + +Configuration changes +^^^^^^^^^^^^^^^^^^^^^ + +You must manually enter the MySQL password of the pf user in the conf/pfconfig.conf file. +The MySQL password is saved in the conf/pf.conf file under the [database] section. +Copy the following from conf/pf.conf to conf/pfconfig.conf: + + pass=$YOURPASSWORDHERE + +iptables changes +^^^^^^^^^^^^^^^^ + +The iptables configuration file doesn't use the generated rules '%%input_mgmt_guest_rules%%' anymore. +Make sure you remove this line from conf/iptables.conf. + +Also a lot of additions were made to the iptables configuration file. +Make sure you add the new rules in conf/iptables.conf.example to your existing iptables file or execute the following command to replace the whole file. + + cp /usr/local/pf/conf/iptables.conf.example /usr/local/pf/conf/iptables.conf + +Using EAP local authentication +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +If you are using EAP MS-CHAP local authentication, meaning your 802.1x connections authenticate against your local database, you will need to make sure you deactivate password encryption in the database. +In the administration interface, go in 'Configuration -> Advanced' and set 'Database passwords hashing method' to `plaintext` + + +Database schema update +^^^^^^^^^^^^^^^^^^^^^^ + +Before making any changes to your database, ensure that you have a backup. +A complete database backup can be taken using this command: + + mysqldump --opt -u root -p pf | gzip > /root/packetfence_db.sql.gz + +If your database is more than a few hundred megabytes, you may also want to consider using a tool such as Percona XtraBackup which makes for much faster restores than mysqldump. + + +Multiple changes have been made to the database schema. You will need to update it accordingly. +Since we will be dropping and recreating the 'iplog' table it is essential that you have a backup if you need the data it contains. + +Make sure you run the following to update your schema: + + mysql -u root -p pf -v < db/upgrade-4.7.0-5.0.0.sql + +Once completed, update the file /usr/local/pf/conf/currently-at to match the new release number (PacketFence 5.0.0). + Upgrading from a version prior to 4.7.0 --------------------------------------- @@ -163,6 +228,8 @@ Configuration changes The parameters `trapping.redirecturl` and `trapping.always_use_redirecturl` from `pf.conf` (or `pf.conf.defaults`) were moved to the default portal profile in `profiles.conf`. +The parameter `registration.range` has been deprecated. Make sure you remove it from your configuration file. + The action `set_access_level` of authentication sources in `authentication.conf` must now match one of the admin roles defined in `adminroles.conf`. The previous level `4294967295` must be replaced by *ALL* and the level `0` by *NONE*. diff --git a/addons/accounting.pl b/addons/accounting.pl index a73bdb89484f..1908678023f8 100755 --- a/addons/accounting.pl +++ b/addons/accounting.pl @@ -35,15 +35,12 @@ =head1 DESCRIPTION my $logger = Log::Log4perl->get_logger(''); -my $switchFactory = new pf::SwitchFactory( - -configFile => INSTALL_DIR . '/conf/switches.conf' -); my $pool = Thread::Pool->new( { workers => 10, do => sub { my ($switchDesc) = @_; - my $switch = $switchFactory->instantiate($switchDesc); + my $switch = pf::SwitchFactory->instantiate($switchDesc); if (!$switch) { $logger->error("Can not instantiate switch $switchDesc !"); return 0; @@ -91,7 +88,7 @@ =head1 DESCRIPTION } ); -my %Config = %{ $switchFactory->config }; +my %Config = %{ pf::SwitchFactory->config }; delete $Config{'default'}; delete $Config{'127.0.0.1'}; diff --git a/addons/autodiscover.pl b/addons/autodiscover.pl index 163283c7d924..9c6d60ce3288 100755 --- a/addons/autodiscover.pl +++ b/addons/autodiscover.pl @@ -96,16 +96,15 @@ =head1 LICENSE ); my $logger = Log::Log4perl->get_logger(''); -my $switchFactory = new pf::SwitchFactory( -configFile => CONF_FILE ); -foreach my $switchDesc ( sort keys %{ $switchFactory->{'_config'} } ) { +foreach my $switchDesc ( sort keys %{ pf::SwitchFactory->config } ) { if (( $switchDesc ne 'default' ) && ( $switchDesc ne '127.0.0.1' ) - && ( $switchFactory->{'_config'}->{$switchDesc}->{'mode'} + && ( pf::SwitchFactory->config->{$switchDesc}->{'mode'} =~ /^discovery/ ) ) { - my $switch = $switchFactory->instantiate($switchDesc); + my $switch = pf::SwitchFactory->instantiate($switchDesc); if (!$switch) { print "Can not instantiate switch $switchDesc\n"; next; @@ -144,13 +143,13 @@ =head1 LICENSE my $node_info = node_view($mac); if ( ( $node_info->{'last_switch'} ne $switch->{_ip} ) || ( $node_info->{'last_port'} ne $ifIndex ) - || ($node_info->{'voip'} ne $isPhone)) + || ($node_info->{'voip'} ne $isPhone)) { print "\n node switch and port not up2date (old info is " . "switch " . $node_info->{'last_switch'} . " " . "ifIndex " . $node_info->{'last_port'} . " " - . "VoIP: " . $node_info->{'voip'} + . "VoIP: " . $node_info->{'voip'} . ")\n"; locationlog_synchronize($switch->{_ip}, $ifIndex, $vlan, $mac, $isPhone, ''); print "switch: " . $switch->{_ip} . "\n"; diff --git a/addons/connect_and_read.pl b/addons/connect_and_read.pl index f046c3588829..2540abcc3c85 100755 --- a/addons/connect_and_read.pl +++ b/addons/connect_and_read.pl @@ -81,13 +81,12 @@ =head1 DESCRIPTION ); my $logger = Log::Log4perl->get_logger(''); -my $switchFactory = new pf::SwitchFactory( -configFile => CONF_FILE ); -my %Config = %{ $switchFactory->config }; +my %Config = %{ pf::SwitchFactory->config }; foreach my $switch_ip ( sort keys %Config ) { if ( ( $switch_ip ne '127.0.0.1' ) && ( $switch_ip ne 'default' ) ) { - my $switch = $switchFactory->instantiate($switch_ip); + my $switch = pf::SwitchFactory->instantiate($switch_ip); if (!$switch) { print "Can not instantiate switch $switch_ip ! See log for details\n"; } else { diff --git a/addons/convertToPortSecurity.pl b/addons/convertToPortSecurity.pl index 60e7ce3381b0..0794cda9d32b 100755 --- a/addons/convertToPortSecurity.pl +++ b/addons/convertToPortSecurity.pl @@ -97,15 +97,14 @@ =head1 DESCRIPTION ); my $logger = Log::Log4perl->get_logger(''); -my $switchFactory = new pf::SwitchFactory( -configFile => CONF_FILE ); my $OID_ifDesc = '1.3.6.1.2.1.2.2.1.2'; -if ( !exists( $switchFactory->config->{$switch_ip} ) ) { +if ( !exists( pf::SwitchFactory->config->{$switch_ip} ) ) { $logger->logdie("switch $switch_ip not found in switch.conf"); } -my $switchType = $switchFactory->config->{$switch_ip}{'type'}; +my $switchType = pf::SwitchFactory->config->{$switch_ip}{'type'}; if (!( $switchType =~ /Cisco::Catalyst_29(50|60|70)|Cisco::Catalyst_35(50|60)/ ) @@ -119,7 +118,7 @@ =head1 DESCRIPTION or $logger->logdie("can't open config backup file $backup_config"); $logger->debug("instantiating switch object"); -my $switch = $switchFactory->instantiate($switch_ip); +my $switch = pf::SwitchFactory->instantiate($switch_ip); if (!$switch) { $logger->logdie("Can not instantiate switch $switch_ip"); } diff --git a/addons/database-backup-and-maintenance.sh b/addons/database-backup-and-maintenance.sh index e943010aa14b..6fa701526179 100644 --- a/addons/database-backup-and-maintenance.sh +++ b/addons/database-backup-and-maintenance.sh @@ -2,10 +2,10 @@ # # Database maintenance and backup # -# - Move entries older than a month from locationlog to locationlog_history +# - Move entries older than a month from locationlog to locationlog_archive # - Optimize tables on sunday # - compressed mysqldump to $BACKUP_DIRECTORY, rotate and clean -# - archive locationlog_history entries older than a year the first day of each month +# - archive locationlog_archive entries older than a year the first day of each month # # Copyright (C) 2005-2015 Inverse inc. # @@ -13,7 +13,7 @@ # # Licensed under the GPL # -# Installation: make sure you have locationlog_history (based on locationlog) and edit DB_PWD to fit your password. +# Installation: make sure you have locationlog_archive (based on locationlog) and edit DB_PWD to fit your password. NB_DAYS_TO_KEEP_DB=30 NB_DAYS_TO_KEEP_FILES=30 @@ -59,14 +59,14 @@ fi # is MySQL running? meaning we are the live packetfence if [ -f /var/run/mysqld/mysqld.pid ]; then - # locationlog cleanup: all the closed entries older than a month are moved to locationlog_history + # locationlog cleanup: all the closed entries older than a month are moved to locationlog_archive # in order to keep locationlog small - mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e "INSERT INTO locationlog_history SELECT * FROM locationlog WHERE ((end_time IS NOT NULL OR end_time <> 0) AND end_time < DATE_SUB(CURDATE(), INTERVAL 1 MONTH));" + mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e "INSERT INTO locationlog_archive SELECT * FROM locationlog WHERE ((end_time IS NOT NULL OR end_time <> 0) AND end_time < DATE_SUB(CURDATE(), INTERVAL 1 MONTH));" mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e "DELETE FROM locationlog WHERE ((end_time IS NOT NULL OR end_time <> 0) AND end_time < DATE_SUB(CURDATE(), INTERVAL 1 MONTH));" - # iplog cleanup: all the closed entries older than a month are moved to iplog_history + # iplog cleanup: all the closed entries older than a month are moved to iplog_archive # in order to keep iplog small - mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e "INSERT INTO iplog_history SELECT * FROM iplog WHERE (end_time <> '0000-00-00 00:00:00' AND end_time < DATE_SUB(CURDATE(), INTERVAL 1 MONTH));" + mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e "INSERT INTO iplog_archive SELECT * FROM iplog WHERE (end_time <> '0000-00-00 00:00:00' AND end_time < DATE_SUB(CURDATE(), INTERVAL 1 MONTH));" mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e "DELETE FROM iplog WHERE (end_time <> '0000-00-00 00:00:00' AND end_time < DATE_SUB(CURDATE(), INTERVAL 1 MONTH));" ## accounting cleanup. We keep only the last 2 months of acounting data to prevent those tables from getting to large. @@ -94,11 +94,11 @@ if [ -f /var/run/mysqld/mysqld.pid ]; then # let's archive on the first day of the month if [ `/bin/date +%d` -eq '01' ]; then - # flushing old locationlog_history records into sql files for archival then removing from database + # flushing old locationlog_archive records into sql files for archival then removing from database current_filename=$ARCHIVE_DIRECTORY/$ARCHIVE_DB_FILENAME-`date +%Y%m%d`.sql - mysqldump -u $DB_USER -p$DB_PWD $DB_NAME --tables locationlog_history --skip-opt --no-create-info --quick --where='((end_time IS NOT NULL OR end_time <> 0) AND end_time < DATE_FORMAT(DATE_SUB(CURDATE(), INTERVAL 1 YEAR),"%Y-%m-01"))' > $current_filename && \ + mysqldump -u $DB_USER -p$DB_PWD $DB_NAME --tables locationlog_archive --skip-opt --no-create-info --quick --where='((end_time IS NOT NULL OR end_time <> 0) AND end_time < DATE_FORMAT(DATE_SUB(CURDATE(), INTERVAL 1 YEAR),"%Y-%m-01"))' > $current_filename && \ gzip $current_filename && \ - mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e 'LOCK TABLES locationlog_history WRITE; DELETE FROM locationlog_history WHERE ((end_time IS NOT NULL OR end_time <> 0) AND end_time < DATE_FORMAT(DATE_SUB(CURDATE(), INTERVAL 1 YEAR),"%Y-%m-01")); UNLOCK TABLES;' + mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e 'LOCK TABLES locationlog_archive WRITE; DELETE FROM locationlog_archive WHERE ((end_time IS NOT NULL OR end_time <> 0) AND end_time < DATE_FORMAT(DATE_SUB(CURDATE(), INTERVAL 1 YEAR),"%Y-%m-01")); UNLOCK TABLES;' #Clean Accounting for previous year... if needed mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e 'DELETE FROM radacct WHERE YEAR(acctstarttime) < YEAR(CURRENT_DATE());' diff --git a/addons/dev-helpers/centos-chroot/cleanup-chroot.sh b/addons/dev-helpers/centos-chroot/cleanup-chroot.sh new file mode 100644 index 000000000000..093751ee93a3 --- /dev/null +++ b/addons/dev-helpers/centos-chroot/cleanup-chroot.sh @@ -0,0 +1,2 @@ +#!/bin/bash +service mysqld stop diff --git a/addons/dev-helpers/centos-chroot/init-chroot.sh b/addons/dev-helpers/centos-chroot/init-chroot.sh new file mode 100644 index 000000000000..a9801bf3c90e --- /dev/null +++ b/addons/dev-helpers/centos-chroot/init-chroot.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +PFDIR=/usr/local/pf + +GIT_REPO=https://github.com/inverse-inc/packetfence.git + +BRANCH=devel + +git clone -b $BRANCH "$GIT_REPO" "$PFDIR" + + +YUM="yum --enablerepo=packetfence --enablerepo=packetfence-devel -y" +$YUM makecache +echo installing the packetfence dependecies + +REPOQUERY="repoquery --queryformat=%{NAME} --enablerepo=packetfence --enablerepo=packetfence-devel -c /etc/yum.conf -C --pkgnarrow=all" + +rpm -q --requires --specfile $PFDIR/addons/packages/packetfence.spec | grep -v packetfence | perl -pi -e's/ +$//' | sort -u | xargs -d '\n' $REPOQUERY --whatprovides | sort -u | grep -v perl-LDAP | xargs $YUM install + +cd /chroot-tools + +cp -f my.cnf /etc/ + +service mysqld start + +mysql -uroot < init-pf-db.sql + +adduser pf + + +cat < $PFDIR/conf/pf.conf +[interface eth0] +ip=$(ip addr show dev eth0 | grep -Poh '(?<=inet )\d+(\.\d+){3}') +type=management +mask=$(ipcalc -4 -m $(ip addr show dev eth0 | grep -Poh '(?<=inet )\d+(\.\d+){3}\/\d+') | perl -pi -e's/^.*=//') +EOF + +cd $PFDIR +make devel + +mysql -uroot pf < db/pf-schema.sql + +./bin/pfcmd configreload hard + + diff --git a/addons/dev-helpers/centos-chroot/init-pf-db.sql b/addons/dev-helpers/centos-chroot/init-pf-db.sql new file mode 100644 index 000000000000..ec26abad93d6 --- /dev/null +++ b/addons/dev-helpers/centos-chroot/init-pf-db.sql @@ -0,0 +1,4 @@ +CREATE DATABASE IF NOT EXISTS pf; +GRANT SELECT,INSERT,UPDATE,DELETE,EXECUTE,LOCK TABLES ON pf.* TO pf@'%' IDENTIFIED BY 'packet'; +GRANT SELECT,INSERT,UPDATE,DELETE,EXECUTE,LOCK TABLES ON pf.* TO pf@'localhost' IDENTIFIED BY 'packet'; +FLUSH PRIVILEGES; diff --git a/addons/dev-helpers/centos-chroot/make_chroot.sh b/addons/dev-helpers/centos-chroot/make_chroot.sh new file mode 100644 index 000000000000..0c736de639c9 --- /dev/null +++ b/addons/dev-helpers/centos-chroot/make_chroot.sh @@ -0,0 +1,83 @@ +#!/bin/bash +# Creates a chroot environment that it suitable for testing +# +# Copyright (C) 2005-2014 Inverse inc. +# +# Author: Inverse inc. +# +# Licensed under the GPL +# +# + +if [ -z "$1" ];then + echo "Usage: $0 CHROOT_DIR" + exit 1 +fi + +PFDIR=/usr/local/pf +CHROOT_TOOLS=$PFDIR/addons/dev-helpers/centos-chroot/ + +CHROOT_NAME="$1" + +CHROOT=/var/chroot/$CHROOT_NAME + +#Removing any old mounted filesystems + +for d in proc dev +do + MPOINT=$CHROOT/$d + if mountpoint -q "$MPOINT" ;then + umount "$MPOINT" + if [ $? != 0 ];then + echo cannot umount $MPOINT + exit 1 + fi + fi +done + +if [ -d $CHROOT ];then + rm -rf $CHROOT + if [ $? != 0 ];then + echo cannot delete $CHROOT + exit + fi +fi + +mkdir -p $CHROOT/tmp + +if [ $? != 0 ];then + echo cannot create $CHROOT + exit +fi + +rpm --initdb --root=$CHROOT + +pushd $CHROOT/tmp &> /dev/null +yumdownloader centos-release +wget "http://packetfence.org/downloads/PacketFence/RHEL6/`uname -i`/RPMS/packetfence-release-1-1.el6.noarch.rpm" +popd +rpm -i --root=$CHROOT --nodeps $CHROOT/tmp/*rpm +YUM="yum --installroot=$CHROOT -y" +echo Updating the yum cache + +$YUM makecache + +echo installing the yum in the chroot +$YUM install yum yum-utils vim gcc git mysql-server xargs + +mkdir -p $CHROOT/root +cp $CHROOT/etc/skel/.??* $CHROOT/root + +for d in proc dev +do + mkdir -p $CHROOT/$d + mount --bind /$d $CHROOT/$d +done + +cp /etc/resolv.conf $CHROOT/etc/resolv.conf +cp /etc/sysconfig/network $CHROOT/etc/sysconfig/network +cp -r $CHROOT_TOOLS $CHROOT/chroot-tools + +exit + +chroot $CHROOT bash /chroot-tools/init-chroot.sh diff --git a/addons/dev-helpers/centos-chroot/my.cnf b/addons/dev-helpers/centos-chroot/my.cnf new file mode 100644 index 000000000000..0afbea196906 --- /dev/null +++ b/addons/dev-helpers/centos-chroot/my.cnf @@ -0,0 +1,11 @@ +[mysqld] +skip-networking +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +user=mysql +# Disabling symbolic-links is recommended to prevent assorted security risks +symbolic-links=0 + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid diff --git a/addons/dev-helpers/centos-chroot/test-chroot.sh b/addons/dev-helpers/centos-chroot/test-chroot.sh new file mode 100644 index 000000000000..2f60f9620224 --- /dev/null +++ b/addons/dev-helpers/centos-chroot/test-chroot.sh @@ -0,0 +1,4 @@ +#!/bin/bash +cd /usr/local/pf/t + +./smoke.t diff --git a/addons/dev-helpers/dump.pl b/addons/dev-helpers/dump.pl index b3b4ac6a4ef3..8095fc5b33f8 100755 --- a/addons/dev-helpers/dump.pl +++ b/addons/dev-helpers/dump.pl @@ -121,7 +121,7 @@ sub parseArgs { sub _run { my ($self) = @_; require pf::SwitchFactory; - print Data::Dumper::Dumper(pf::SwitchFactory->getInstance->instantiate($self->args)); + print Data::Dumper::Dumper(pf::SwitchFactory->instantiate($self->args)); } package pf::dump::switches; diff --git a/addons/dev-helpers/omapi.pl b/addons/dev-helpers/omapi.pl new file mode 100644 index 000000000000..d9e2ab2d3c4f --- /dev/null +++ b/addons/dev-helpers/omapi.pl @@ -0,0 +1,74 @@ +#!/usr/bin/perl + +=head1 NAME + +omapi - test script for checking omapi connections + +=cut + +=head1 DESCRIPTION + +omapi + +=cut + +use strict; +use warnings; +use lib qw(/usr/local/pf/lib); +use pf::OMAPI; +use Getopt::Long; + +my %options = ( + host => 'localhost', + port => 7911 +); + +GetOptions(\%options, "port=i", "host=s", "key_name=s", "key_base64=s", "ip=s", "mac=s") + || die "Invalid parameter passed"; + +die " keyname, key_base64 not provided or mac or ip" + unless defined $options{key_name} && defined $options{key_base64} && (defined $options{ip} || defined $options{mac}); + +my $ip = delete $options{ip}; +my $mac = delete $options{mac}; + +my $omapi = pf::OMAPI->new(\%options); +my $data; + +if (defined $ip) { + $data = $omapi->lookup({type => 'lease'}, {'ip-address' => $ip}); +} +if (defined $mac) { + $data = $omapi->lookup({type => 'lease'}, {'hardware-address' => $mac}); +} + +use Data::Dumper; +print Dumper $data; + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2015 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + diff --git a/addons/dev-helpers/update-copyright.sh b/addons/dev-helpers/update-copyright.sh new file mode 100755 index 000000000000..c6f0aa18926d --- /dev/null +++ b/addons/dev-helpers/update-copyright.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +FILE=$0 + +perl -pi -e's/Copyright.*(20(0[0-9]|1[0-4])-)?20(0[0-9]|1[0-4]).*Inverse/Copyright (C) 2005-2015 Inverse/' $(grep --exclude="$FILE" -Prl 'Copyright.*(20(0[0-9]|1[0-4])-)?20(0[0-9]|1[0-4]).*Inverse' lib/ html/ addons/ sbin/ bin/ raddb/ ) diff --git a/addons/extract_i18n_strings.pl b/addons/extract_i18n_strings.pl index 6fb52620f20b..f1fa3576cd11 100644 --- a/addons/extract_i18n_strings.pl +++ b/addons/extract_i18n_strings.pl @@ -22,16 +22,19 @@ =head1 DESCRIPTION use pf::factory::provisioner; use pf::factory::firewallsso; use pf::factory::profile::filter; +use pf::factory::triggerParser; use pf::Switch::constants; use pfappserver::PacketFence::Controller::Graph; use pfappserver::Model::Node; use pfappserver::Form::Config::Wrix; use pfappserver::Form::Config::ProfileCommon; use pf::config; +use pf::constants::admin_roles qw(@ADMIN_ACTIONS); use constant { APP => 'html/pfappserver', CONF => 'conf', + FINGERBANK_CONF => '/usr/local/fingerbank/conf' }; my %strings = (); @@ -234,7 +237,7 @@ =head2 parse_conf =cut sub parse_conf { - my $file = CONF.'/documentation.conf'; + my $files = [CONF.'/documentation.conf', FINGERBANK_CONF.'/fingerbank.conf.doc']; sub _format_description { my $description = join("\n", @{$_[0]}); @@ -252,43 +255,43 @@ sub parse_conf { return $description; } - my ($line, $section, @options, @desc); - open(FILE, $file); - while (defined($line = )) { - chomp $line; - if ($line =~ m/^\[(([^\.]+).*?)\]$/) { - if (scalar @desc) { - add_string($2, $file); - add_string($section, $file); - add_string(_format_description(\@desc), "$file ($section)"); - } - if (scalar @options) { - map { add_string($_, "$file ($section options)") } @options; + foreach my $file (@$files) { + my ($line, $section, @options, @desc); + open(FILE, $file); + while (defined($line = )) { + chomp $line; + if ($line =~ m/^\[(([^\.]+).*?)\]$/) { + if (scalar @desc) { + add_string($2, $file); + add_string($section, $file); + add_string(_format_description(\@desc), "$file ($section)"); + } + if (scalar @options) { + map { add_string($_, "$file ($section options)") } @options; + } + @desc = (); + @options = (); + $section = $1; + } elsif ($line =~ m/^options=(.*)$/) { + @options = split(/\|/, $1); + } elsif ($line =~ m/^description=/) { + @desc = (); + while (defined($line = )) { + chomp $line; + last if ($line =~ m/^EOT$/); + push(@desc, $line); + } } - @desc = (); - @options = (); - $section = $1; } - elsif ($line =~ m/^options=(.*)$/) { - @options = split(/\|/, $1); + if (scalar @desc) { + add_string($section, $file); + add_string(_format_description(\@desc), "$file ($section)"); } - elsif ($line =~ m/^description=/) { - @desc = (); - while (defined($line = )) { - chomp $line; - last if ($line =~ m/^EOT$/); - push(@desc, $line); - } + if (scalar @options) { + map { add_string($_, "$file ($section options)") } @options; } + close(FILE); } - if (scalar @desc) { - add_string($section, $file); - add_string(_format_description(\@desc), "$file ($section)"); - } - if (scalar @options) { - map { add_string($_, "$file ($section options)") } @options; - } - close(FILE); } =head2 extract_modules @@ -308,7 +311,7 @@ sub extract_modules { } } - const('pf::config', 'VALID_TRIGGER_TYPES', \@pf::config::VALID_TRIGGER_TYPES); + const('pf::config', 'VALID_TRIGGER_TYPES', \@pf::factory::triggerParser::VALID_TRIGGER_TYPES); const('pf::config', 'SoH Actions', \@pf::config::SOH_ACTIONS); const('pf::config', 'SoH Classes', \@pf::config::SOH_CLASSES); const('pf::config', 'SoH Status', \@pf::config::SOH_STATUS); diff --git a/addons/iplog-cleanup.pl b/addons/iplog-cleanup.pl index 64eb8e1f5d47..86bfa7301864 100755 --- a/addons/iplog-cleanup.pl +++ b/addons/iplog-cleanup.pl @@ -41,7 +41,7 @@ =head1 DESCRIPTION pod2usage(-msg => "Expire must be greater than 0", -exitval => 2, -verbose => 0) unless $options{expire}; -iplog_cleanup(@options{qw(expire batch timeout)}); +pf::iplog::cleanup(@options{qw(expire batch timeout)}); =head1 AUTHOR diff --git a/addons/migrate-to-locationlog_history.sh b/addons/migrate-to-locationlog_archive.sh similarity index 87% rename from addons/migrate-to-locationlog_history.sh rename to addons/migrate-to-locationlog_archive.sh index 6a41e851c71b..c573817c0765 100755 --- a/addons/migrate-to-locationlog_history.sh +++ b/addons/migrate-to-locationlog_archive.sh @@ -1,15 +1,15 @@ #!/bin/bash # -# Slowly migrate content of locationlog to locationlog_history +# Slowly migrate content of locationlog to locationlog_archive # # Only useful if your locationlog is too big and you want to slowly move it -# into locationlog_history and you do not want to do it in one batch like the +# into locationlog_archive and you do not want to do it in one batch like the # database-backup-and-maintenance script would do # # It will proceed day by day starting by the older entries first and sleeping # for 5 minutes between each batch. # -# Usage: migrate-to-locationlog_history.sh +# Usage: migrate-to-locationlog_archive.sh # Where is the number of days to migrate the records of. # # Copyright (C) 2005-2015 Inverse inc. @@ -40,7 +40,7 @@ if [[ -n "$1" ]]; then # move day by day (from last day) the content of locationlog for the number of iterations specified on CLI for ((I=1; I<=$1; I++)); do - /usr/bin/mysql -u $DB_USER -p$DB_PASS $DB_NAME -vvv -e "INSERT INTO locationlog_history select * from locationlog where ((end_time IS NOT NULL OR end_time <> 0) and end_time < adddate(\"$EARLIEST\",$I))" + /usr/bin/mysql -u $DB_USER -p$DB_PASS $DB_NAME -vvv -e "INSERT INTO locationlog_archive select * from locationlog where ((end_time IS NOT NULL OR end_time <> 0) and end_time < adddate(\"$EARLIEST\",$I))" /usr/bin/mysql -u $DB_USER -p$DB_PASS $DB_NAME -vvv -e "delete from locationlog where ((end_time IS NOT NULL OR end_time <> 0) and end_time < adddate(\"$EARLIEST\",$I))" echo "Sleeping for 5 minutes. Zzz" sleep 300 diff --git a/addons/network-save-configs.pl b/addons/network-save-configs.pl index b6ae4ab241a0..2812d98fe2a2 100755 --- a/addons/network-save-configs.pl +++ b/addons/network-save-configs.pl @@ -101,15 +101,14 @@ =head1 DESCRIPTION Log::Log4perl->easy_init({ level => $logLevel, layout => '%p: %m (%rms elapsed)%n' }); my $logger = Log::Log4perl->get_logger(''); -my $networkDeviceFactory = new pf::SwitchFactory( -configFile => CONF_FILE ); -my %Config = %{ $networkDeviceFactory->config }; +my %Config = %{ pf::SwitchFactory->config }; foreach my $network_device_ip ( sort keys %Config ) { next if ($network_device_ip eq 'default'); next if ($network_device_ip eq '127.0.0.1'); - my $networkDevice = $networkDeviceFactory->instantiate($network_device_ip); + my $networkDevice = pf::SwitchFactory->instantiate($network_device_ip); if (!$networkDevice) { $logger->error("[$network_device_ip] Can't instantiate network device!"); diff --git a/addons/packages/packetfence.spec b/addons/packages/packetfence.spec index 497d508acd5d..853a1f0a7957 100644 --- a/addons/packages/packetfence.spec +++ b/addons/packages/packetfence.spec @@ -28,6 +28,7 @@ # Summary: PacketFence network registration / worm mitigation system %global real_name packetfence +%global perl_version 5.10.1 Name: %{real_name}-source Version: %{ver} Release: %{rev}%{?dist} @@ -96,7 +97,7 @@ Requires: make Requires: net-tools Requires: net-snmp >= 5.3.2.2 Requires: mysql, mysql-server, perl(DBD::mysql) -Requires: perl >= 5.8.8 +Requires: perl >= %{perl_version} # replaces the need for perl-suidperl which was deprecated in perl 5.12 (Fedora 14) Requires(pre): %{real_name}-pfcmd-suid Requires: perl(Bit::Vector) @@ -128,6 +129,8 @@ Requires: perl(Time::HiRes) Requires: ipset, sudo Requires: perl(File::Which), perl(NetAddr::IP) Requires: perl(Net::LDAP) +Requires: perl(Net::IP) +Requires: perl(Digest::HMAC_MD5) # TODO: we should depend on perl modules not perl-libwww-perl package # find out what they are and specify them as perl(...::...) instead of perl-libwww-perl # LWP::Simple is one of them (required by inlined Net::MAC::Vendor and probably other stuff) @@ -185,6 +188,8 @@ Requires: perl(UNIVERSAL::require) Requires: perl(YAML) Requires: perl(Try::Tiny) Requires: perl(Crypt::GeneratePassword) +Requires: perl(Bytes::Random::Secure) +Requires: perl(Crypt::Eksblowfish::Bcrypt) Requires: perl(MIME::Lite::TT) Requires: perl(Cache::Cache), perl(HTML::Parser) Requires: perl(URI::Escape::XS) @@ -264,7 +269,10 @@ Requires: perl(Test::NoWarnings) Requires: perl(Net::UDP) # For managing the number of connections per device Requires: mod_qos -Requires: %{real_name}-config +Requires: %{real_name}-config = %{ver} +Requires: %{real_name}-pfcmd-suid = %{ver} +Requires: haproxy >= 1.5, keepalived >= 1.2 +Requires: fingerbank = 1.0.0 %description -n %{real_name} @@ -281,7 +289,7 @@ as %package -n %{real_name}-remote-snort-sensor Group: System Environment/Daemons -Requires: perl >= 5.8.0, perl(File::Tail), perl(Config::IniFiles), perl(IO::Socket::SSL), perl(XML::Parser), perl(Crypt::SSLeay), perl(LWP::Protocol::https) +Requires: perl >= %{perl_version}, perl(File::Tail), perl(Config::IniFiles), perl(IO::Socket::SSL), perl(XML::Parser), perl(Crypt::SSLeay), perl(LWP::Protocol::https) Requires: perl(Moo), perl(Data::MessagePack), perl(WWW::Curl) Conflicts: %{real_name} AutoReqProv: 0 @@ -296,7 +304,7 @@ server. %package -n %{real_name}-remote-arp-sensor Group: System Environment/Daemons -Requires: perl >= 5.8.0, perl(Config::IniFiles), perl(IO::Socket::SSL), perl(XML::Parser), perl(Crypt::SSLeay), perl(LWP::Protocol::https), perl(Net::Pcap) >= 0.16, memcached, perl(Cache::Memcached) +Requires: perl >= %{perl_version}, perl(Config::IniFiles), perl(IO::Socket::SSL), perl(XML::Parser), perl(Crypt::SSLeay), perl(LWP::Protocol::https), perl(Net::Pcap) >= 0.16, memcached, perl(Cache::Memcached) Requires: perl(Moo), perl(Data::MessagePack), perl(WWW::Curl) Conflicts: %{real_name} AutoReqProv: 0 @@ -311,7 +319,6 @@ for sending MAC and IP from ARP requests to a PacketFence server. %package -n %{real_name}-pfcmd-suid Group: System Environment/Daemons BuildRequires: gcc -Requires: %{real_name} >= 3.6.0 AutoReqProv: 0 Summary: Replace pfcmd by a C wrapper for suid @@ -488,6 +495,10 @@ ln -s ../sites-available/packetfence-soh packetfence-soh ln -s ../sites-available/packetfence-tunnel packetfence-tunnel ln -s ../sites-available/dynamic-clients dynamic-clients +# Fingerbank symlinks +cd $RPM_BUILD_ROOT/usr/local/pf/lib +ln -s /usr/local/fingerbank/lib/fingerbank fingerbank + cd $curdir #end create symlinks @@ -500,6 +511,7 @@ if ! /usr/bin/id pf &>/dev/null; then /usr/sbin/useradd -r -d "/usr/local/pf" -s /bin/sh -c "PacketFence" -M pf || \ echo Unexpected error adding user "pf" && exit fi +/usr/sbin/usermod -G fingerbank pf #if [ ! `tty | cut -c0-8` = "/dev/tty" ]; #then @@ -543,7 +555,6 @@ fi %post -n %{real_name} -echo "Adding PacketFence startup script" /sbin/chkconfig --add packetfence #Check if log files exist and create them with the correct owner @@ -561,6 +572,7 @@ if [ ! -f /usr/local/pf/conf/ssl/server.crt ]; then -out /usr/local/pf/conf/ssl/server.crt\ -keyout /usr/local/pf/conf/ssl/server.key\ -nodes -config /usr/local/pf/conf/openssl.cnf + cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key > /usr/local/pf/conf/ssl/server.pem fi @@ -594,6 +606,15 @@ else echo "DH already exists, won't touch it!" fi +#Check if RADIUS have a dh +if [ ! -f /usr/local/pf/conf/pf.conf ]; then + echo "Touch pf.conf because it doesnt exist" + touch /usr/local/pf/conf/pf.conf + chown pf.pf /usr/local/pf/conf/pf.conf +else + echo "pf.conf already exists, won't touch it!" +fi + #Add for sudo if (grep "^Defaults.*requiretty" /etc/sudoers > /dev/null ) ; then sed -i 's/^Defaults.*requiretty/#Defaults requiretty/g' /etc/sudoers @@ -634,6 +655,7 @@ echo "Adding PacketFence remote ARP Sensor startup script" /sbin/chkconfig --add pfarp %post -n %{real_name}-config +chown pf.pf /usr/local/pf/conf/pfconfig.conf echo "Adding PacketFence config startup script" /sbin/chkconfig --add packetfence-config @@ -721,6 +743,10 @@ fi /usr/local/pf/addons/logrotate %dir /usr/local/pf/addons/packages /usr/local/pf/addons/packages/* +%dir /usr/local/pf/addons/pfconfig +%dir /usr/local/pf/addons/pfconfig/comparator +%attr(0755, pf, pf) /usr/local/pf/addons/pfconfig/comparator/*.pl +%attr(0755, pf, pf) /usr/local/pf/addons/pfconfig/comparator/*.sh %dir /usr/local/pf/addons/snort %attr(0755, pf, pf) /usr/local/pf/addons/snort/update_rules.pl /usr/local/pf/addons/snort/oinkmaster.conf @@ -733,8 +759,11 @@ fi %attr(0755, pf, pf) /usr/local/pf/addons/watchdog/*.sh %dir /usr/local/pf/bin %attr(0755, pf, pf) /usr/local/pf/bin/pfcmd.pl +%attr(0755, pf, pf) /usr/local/pf/bin/pfcmd-old.pl %attr(0755, pf, pf) /usr/local/pf/bin/pfcmd_vlan %attr(0755, pf, pf) /usr/local/pf/bin/pftest +%attr(0755, pf, pf) /usr/local/pf/bin/cluster/management_update +%attr(0755, pf, pf) /usr/local/pf/bin/cluster/sync %doc /usr/local/pf/ChangeLog %dir /usr/local/pf/conf /usr/local/pf/conf/*.example @@ -804,6 +833,10 @@ fi %config(noreplace) /usr/local/pf/conf/provisioning.conf /usr/local/pf/conf/provisioning.conf.example %dir /usr/local/pf/conf/radiusd +%config(noreplace) /usr/local/pf/conf/radiusd/clients.conf.inc + /usr/local/pf/conf/radiusd/clients.conf.inc.example +%config(noreplace) /usr/local/pf/conf/radiusd/packetfence-cluster + /usr/local/pf/conf/radiusd/packetfence-cluster.example %config(noreplace) /usr/local/pf/conf/radiusd/proxy.conf.inc /usr/local/pf/conf/radiusd/proxy.conf.inc.example %config(noreplace) /usr/local/pf/conf/radiusd/eap.conf @@ -827,6 +860,8 @@ fi %config(noreplace) /usr/local/pf/conf/vlan_filters.conf /usr/local/pf/conf/vlan_filters.conf.example %config /usr/local/pf/conf/dhcpd.conf +%config(noreplace) /usr/local/pf/conf/haproxy.conf + /usr/local/pf/conf/haproxy.conf.example %dir /usr/local/pf/conf/httpd.conf.d %config /usr/local/pf/conf/httpd.conf.d/captive-portal-common.conf %config /usr/local/pf/conf/httpd.conf.d/httpd.aaa @@ -839,6 +874,10 @@ fi %config(noreplace) /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf.example %config(noreplace) /usr/local/pf/conf/iptables.conf +%config(noreplace) /usr/local/pf/conf/keepalived.conf + /usr/local/pf/conf/keepalived.conf.example +%config(noreplace) /usr/local/pf/conf/cluster.conf + /usr/local/pf/conf/cluster.conf.example %config(noreplace) /usr/local/pf/conf/listener.msg /usr/local/pf/conf/listener.msg.example %config(noreplace) /usr/local/pf/conf/popup.msg @@ -927,7 +966,6 @@ fi %config(noreplace) /usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Config/AdminRoles.pm %config(noreplace) /usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Config/Authentication.pm %config(noreplace) /usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Config/Authentication/Source.pm -%config(noreplace) /usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Config/Fingerprints.pm %config(noreplace) /usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Config/Firewall_SSO.pm %config(noreplace) /usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Config/FloatingDevice.pm %config(noreplace) /usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Config/MacAddress.pm @@ -1068,6 +1106,8 @@ fi %files -n %{real_name}-config %attr(0755, root, root) %{_initrddir}/packetfence-config %dir /usr/local/pf +%dir /usr/local/pf/conf +%config(noreplace) /usr/local/pf/conf/pfconfig.conf %dir /usr/local/pf/lib %dir /usr/local/pf/lib/pfconfig /usr/local/pf/lib/pfconfig/* @@ -1078,6 +1118,9 @@ fi %exclude /usr/local/pf/addons/pfconfig/pfconfig.init %changelog +* Wed Apr 15 2015 Inverse - 5.0.0-1 +- New release 5.0.0 + * Fri Mar 06 2015 Inverse - 4.7.0-1 - New release 4.7.0 diff --git a/addons/pfconfig/README.asciidoc b/addons/pfconfig/README.asciidoc index e501c8b575f0..8b21e0b74440 100644 --- a/addons/pfconfig/README.asciidoc +++ b/addons/pfconfig/README.asciidoc @@ -34,3 +34,4 @@ addons/pfconfig/cmd.pl get config::Switch Start PacketFence # service packetfence start + diff --git a/addons/pfconfig/cmd.pl b/addons/pfconfig/cmd.pl index 1c5cdbe5caa6..a2d480bd50c9 100755 --- a/addons/pfconfig/cmd.pl +++ b/addons/pfconfig/cmd.pl @@ -31,15 +31,27 @@ =head1 DESCRIPTION =cut use lib '/usr/local/pf/lib'; +use strict; +use warnings; use Switch; use pfconfig::manager; +use pfconfig::util; my $cmd = $ARGV[0]; my $manager = pfconfig::manager->new; switch($cmd) { + case 'expire' { + my $namespace = $ARGV[1]; + if(defined($namespace)){ + $manager->expire($namespace); + } + else{ + print STDERR "ERROR ! Namespace not defined" + } + } case 'reload' { $manager->expire_all(); } @@ -50,12 +62,13 @@ =head1 DESCRIPTION } } case 'show' { - my $namespace = $ARGV[1]; + my $full_namespace = $ARGV[1]; + my ($namespace, @args) = pfconfig::util::parse_namespace($full_namespace); if(defined($namespace)){ my @namespaces = $manager->list_namespaces(); if ( grep {$_ eq $namespace} @namespaces){ use Data::Dumper; - print Dumper($manager->get_cache($namespace)); + print Dumper($manager->get_cache($full_namespace)); } else{ print STDERR "ERROR ! Unknown namespace.\n"; @@ -81,10 +94,13 @@ =head1 DESCRIPTION exit; } } + case 'clear_overlay' { + $manager->clear_overlayed_namespaces(); + } else { print STDERR "ERROR ! Unknown command.\n"; print STDERR "Commands : \n"; - print STDERR "reload|list|show |get \n"; + print STDERR "reload|list|show |get |clear_overlay \n"; exit; } }; diff --git a/addons/pfconfig/comparator/comparator.pl b/addons/pfconfig/comparator/comparator.pl new file mode 100644 index 000000000000..10b4af1aac94 --- /dev/null +++ b/addons/pfconfig/comparator/comparator.pl @@ -0,0 +1,105 @@ +#!/usr/bin/perl + +=head1 NAME + +comparator.pl + +=head1 SYNOPSIS + +comparator.pl + +=head1 DESCRIPTION + +Compares two different configuration dumps for differences + +No need to use it directly, use addons/pfconfig/comparator/config-comparator.sh + +=cut + +use strict; +use warnings; + +use Sereal::Decoder; +use Test::Deep; + +my $DECODER = Sereal::Decoder->new; + +my $file1 = $ARGV[0]; +my $file2 = $ARGV[1]; + +my $data1 = read_decode($file1); +my $data2 = read_decode($file2); + +### +# We remove the ignored keys here + +# stored_config_files was removed +delete $data1->{'pf::config'}->{'\\@pf::config::stored_config_files'}; +delete $data2->{'pf::config'}->{'\\@pf::config::stored_config_files'}; + +# YES an NO were removed +delete $data1->{'pf::config'}->{'$pf::config::NO'}; +delete $data2->{'pf::config'}->{'$pf::config::NO'}; + +delete $data1->{'pf::config'}->{'$pf::config::YES'}; +delete $data2->{'pf::config'}->{'$pf::config::YES'}; + +foreach my $ns (keys %$data1){ + my ($ok, $stack) = Test::Deep::cmp_details($data1->{$ns}, $data2->{$ns}); + if($ok) { + print "Namespace $ns is the same ! Great success !\n"; + } + else { + print "Namespace $ns changed : ".Test::Deep::deep_diag($stack); + } +} + +sub read_decode { + my ($file) = @_; + open(my $fh1, "<", $file) + or die "cannot open < $file: $!"; + + my $data = ''; + while (my $row = <$fh1>) { + chomp $row; + $data .= "$row\n" + } + my $decoded_data = $DECODER->decode($data); + return $decoded_data; +} + +=back + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2015 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + +# vim: set shiftwidth=4: +# vim: set expandtab: +# vim: set backspace=indent,eol,start: + diff --git a/addons/pfconfig/comparator/config-comparator.sh b/addons/pfconfig/comparator/config-comparator.sh new file mode 100755 index 000000000000..3897345fa604 --- /dev/null +++ b/addons/pfconfig/comparator/config-comparator.sh @@ -0,0 +1,58 @@ +#!/bin/bash +# +# Config comparator +# +# - This will compare the generated configuration in different modules in two different branches. +# - Note that the pfconfig data that is seen is the one running in the service +# +# Copyright (C) 2005-2015 Inverse inc. +# +# Author: Inverse inc. +# +# Licensed under the GPL +# + +LE_DIR='/tmp/config-comparator' + +BRANCH_1=$1 +BRANCH_2=$2 + +if [ -z "$BRANCH_1" ] || [ -z "$BRANCH_2" ]; then + echo "Missing branch names : " + echo "Usage : config-comparator " + exit 1 +fi; + +mkdir -p $LE_DIR +rm -fr $LE_DIR/* + +cd $LE_DIR + +git clone https://github.com/inverse-inc/packetfence.git +cp -frp packetfence packetfenceb1 +cp -frp packetfence packetfenceb2 + +cd $LE_DIR/packetfenceb1 && git checkout $BRANCH_1 +if [ $? -ne 0 ]; then + echo "Failed to checkout $BRANCH_1" + exit 5 +fi + +cd $LE_DIR/packetfenceb2 && git checkout $BRANCH_2 +if [ $? -ne 0 ]; then + echo "Failed to checkout $BRANCH_2" + exit 5 +fi + +cd $LE_DIR + +cp -frp /usr/local/pf/addons/pfconfig/comparator/dumper.pl . +cp -frp /usr/local/pf/addons/pfconfig/comparator/comparator.pl . + +service packetfence-config restart +/usr/local/pf/bin/pfcmd configreload hard + +perl dumper.pl "$LE_DIR/packetfenceb1/lib" packetfenceb1 +perl dumper.pl "$LE_DIR/packetfenceb2/lib" packetfenceb2 + +perl comparator.pl "$LE_DIR/packetfenceb1.out" "$LE_DIR/packetfenceb2.out" diff --git a/addons/pfconfig/comparator/dumper.pl b/addons/pfconfig/comparator/dumper.pl new file mode 100755 index 000000000000..1f59e788752f --- /dev/null +++ b/addons/pfconfig/comparator/dumper.pl @@ -0,0 +1,155 @@ +#!/usr/bin/perl + +=head1 NAME + +dumper.pl + +=head1 SYNOPSIS + +dumper.pl + +=head1 DESCRIPTION + +Dumps the configuration for a codebase + +No need to use it directly, use addons/pfconfig/comparator/config-comparator.sh + +=cut + +use strict; +use warnings; + +use Data::Dumper; +use Sereal::Encoder; + +unless ($ARGV[0] && $ARGV[1]){ + print "Missing arguments"; + exit; +} + +my $BASE = $ARGV[1]; +use lib $ARGV[0]; + +my $ENCODER = Sereal::Encoder->new; +our %configs; + +{ + use pf::config; + my @exported = @pf::config::EXPORT; + my @badvalues = ('%ConfigProvisioning', '$ACCT_TIME_MODIFIER_RE', '$DEADLINE_UNIT', '$FALSE', '$TRUE', '$TIME_MODIFIER_RE', '$default_pid'); + @exported = grep { !($_ ~~ @badvalues ) } @exported; + $configs{'pf::config'} = dump_module('pf::config', @exported); + + # we ignore categories since they're now inflated + foreach my $firewall (keys %{$configs{'pf::config'}{'\\%pf::config::ConfigFirewallSSO'}}){ + $configs{'pf::config'}{'\\%pf::config::ConfigFirewallSSO'}{$firewall}{categories} = undef; + } +} + +{ + use pf::violation_config; + + my @variables = ('%Violation_Config'); + $configs{'pf::violation_config'} = dump_module("pf::violation_config", @variables); + +} + +{ + use pf::admin_roles; + + my @exported = @pf::admin_roles::EXPORT; + my @badvalues = ('@ADMIN_ACTIONS'); + @exported = grep { !($_ ~~ @badvalues ) } @exported; + $configs{'pf::admin_roles'} = dump_module("pf::admin_roles", @exported); + +} + +{ + use pf::vlan::filter; + + my @variables = ('%ConfigVlanFilters'); + $configs{'pf::vlan::filter'} = dump_module("pf::vlan::filter", @variables); + +} + +{ + use pf::authentication; + + my @exported = (@pf::authentication::EXPORT, '%authentication_lookup', '%TYPE_TO_SOURCE'); + $configs{'pf::authentication'} = dump_module("pf::authentication", @exported); + +} + +{ + use pf::SwitchFactory; + + $configs{switches} = pf::SwitchFactory->config(); + +} + +{ + use pf::web::filter; + + my @variables = ('%ConfigApacheFilters'); + $configs{'pf::web::filter'} = dump_module("pf::web::filter", @variables); + +} + +my $output = $ENCODER->encode(\%configs); +open(my $fh, ">", "/tmp/config-comparator/$BASE.out") + or die "cannot open > /tmp/config-comparator/$BASE.out: $!"; +print $fh $output; + +sub dump_module { + my ($file1, @variables) = @_; + my %data; + foreach my $variable (@variables){ + # we are only testing variables since we're changing the subs + # we also don't want the pf::config::cached variables + if($variable =~ s/^([\$@%]{1})// && !($variable =~ /^cached_.*/ )){ + my $sign = $1; + $sign =~ s/%/\\%/; + $sign =~ s/@/\\@/; + my $name = $sign.$file1."::$variable"; + my $elem = eval($name); + $data{$name} = $elem; + } + } + return \%data; +} + +=back + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2015 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + +# vim: set shiftwidth=4: +# vim: set expandtab: +# vim: set backspace=indent,eol,start: + diff --git a/addons/pfconfig/pfconfig.init b/addons/pfconfig/pfconfig.init old mode 100644 new mode 100755 index ca561d1be8f3..56b9642c5a46 --- a/addons/pfconfig/pfconfig.init +++ b/addons/pfconfig/pfconfig.init @@ -32,6 +32,7 @@ start() { # create directory, fix rights and remove previous socket mkdir -p $control_files_dir chown -R $User.$User $control_files_dir + chmod 0775 $control_files_dir rm -f $socket_path daemon --user=$User ${prog} -d RETVAL=$? diff --git a/addons/recovery.pl b/addons/recovery.pl index da02e2b11623..304c4e497e30 100755 --- a/addons/recovery.pl +++ b/addons/recovery.pl @@ -127,13 +127,12 @@ =head1 LICENSE ); my $logger = Log::Log4perl->get_logger(''); -my $switchFactory = new pf::SwitchFactory( -configFile => CONF_FILE ); my @switchDescriptions; -foreach my $key ( keys %{ $switchFactory->config } ) { +foreach my $key ( keys %{ pf::SwitchFactory->config } ) { if (( $key ne 'default' ) && ( $key ne '127.0.0.1' ) - && ( $switchFactory->config->{$key}->{type} ne + && ( pf::SwitchFactory->config->{$key}->{type} ne 'Cisco::Aironet_1242' ) ) { @@ -209,7 +208,7 @@ sub recoverSwitch { my $switchDesc = shift(); my $txt = ''; my $format = "%-2.2s %7.7s %-7.7s %-7.7s %-7.7s %-20.20s %-20.20s\n"; - my $switch = $switchFactory->instantiate($switchDesc); + my $switch = pf::SwitchFactory->instantiate($switchDesc); if (!$switch) { return "Can not instantiate switch $switchDesc\n"; } diff --git a/bin/cluster/management_update b/bin/cluster/management_update new file mode 100755 index 000000000000..c9c03f3418dd --- /dev/null +++ b/bin/cluster/management_update @@ -0,0 +1,75 @@ +#!/usr/bin/perl + +=head1 NAME + +Script to call when there is a change in the management state + +=head1 SYNOPSIS + +bin/cluster/management_update + +=head1 DESCRIPTION + +Made for keepalived so the pf services can be adjusted depending of the running node + +=cut + +use constant INSTALL_DIR => '/usr/local/pf'; +use lib INSTALL_DIR . "/lib"; + +use pf::log; + +my $logger = get_logger; + +$logger->info("Refreshing services for management mode"); + +my $vrrp_ip = $ARGV[1]; +my $state = $ARGV[2]; +my $priority = $ARGV[3]; + +if($state eq "MASTER"){ + $logger->info("Transition to master state, starting management services."); + `/usr/local/pf/bin/pfcmd service pfdhcplistener start`; + `/usr/local/pf/bin/pfcmd service pfmon start`; +} +elsif($state eq "SLAVE"){ + $logger->info("Transition to master state, stoping management services."); + `/usr/local/pf/bin/pfcmd service pfdhcplistener stop`; + `/usr/local/pf/bin/pfcmd service pfmon stop`; +} + +=back + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2015 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + +# vim: set shiftwidth=4: +# vim: set expandtab: +# vim: set backspace=indent,eol,start: + diff --git a/bin/cluster/sync b/bin/cluster/sync new file mode 100755 index 000000000000..e2c9c0225acc --- /dev/null +++ b/bin/cluster/sync @@ -0,0 +1,179 @@ +#!/usr/bin/perl + +=head1 NAME + +Script to synchronize cluster either as the master node or as a slave node + +=head1 SYNOPSIS + +bin/cluster/sync --as-master to push out the configuration to the other nodes +bin/cluster/sync --from= --api-user= --api-password= to sync the configuration from a master server to this server + +=head1 DESCRIPTION + +Made for keepalived so the pf services can be adjusted depending of the running node + +=cut + +use strict; +use warnings; + +use constant INSTALL_DIR => '/usr/local/pf'; +use lib INSTALL_DIR . "/lib"; + +use pf::log; +use pf::api::jsonrpcclient; +use Getopt::Long; +use pf::api::jsonrpcclient; +use pf::config::cached; +use pfconfig::constants; +use pf::file_paths; +use pf::cluster; + +my ($master_server, $as_master, $api_user, $api_password); +GetOptions ( + "from=s" => \$master_server, + "api-user=s" => \$api_user, + "api-password=s" => \$api_password, + "as-master" => \$as_master +); + +unless($master_server || $as_master){ + print STDERR "You should either set --from or --as-master \n"; + exit; +} + +my $logger = get_logger; + +use Module::Pluggable + 'search_path' => [qw(pf::ConfigStore)], + 'sub_name' => 'stores', + 'require' => 1, + ; + +our @tmp_stores = __PACKAGE__->stores(); + +my @ignored = qw(pf::ConfigStore::Group pf::ConfigStore::Wrix pf::ConfigStore::Interface pf::ConfigStore::Role::ValidGenericID); + +our @stores; + +foreach my $store (@tmp_stores){ + next if ($store ~~ @ignored); + push @stores, $store; +} + +my @files = ($server_cert, $server_key, $server_pem, $pfconfig::constants::CONFIG_FILE_PATH, "$conf_dir/iptables.conf"); + +open(my $fh, '<', '/usr/local/pf/conf/cluster-files.txt') + or print "WARN : Couldn't open the list of additionnal files to sync."; +while (my $row = <$fh>) { + chomp $row; + push @files, $row; +} +close($fh); + +if($as_master){ + print "Synching cluster with this node as the configuration master\n"; + + my $apiclient = pf::api::jsonrpcclient->new(); + + foreach my $store (@stores){ + eval { + print "Synching storage : $store\n"; + my $cs = $store->new; + my $pfconfig_namespace = $cs->pfconfigNamespace; + my $config_file = $cs->configFile; + my %data = ( + namespace => $pfconfig_namespace, + conf_file => $config_file, + ); + my ($result) = $apiclient->call( 'expire_cluster', %data ); + }; + if($@){ + print STDERR "Failed to sync store : $store \n"; + } + } + + + foreach my $server (@cluster_servers){ + next if($server->{host} eq $host_id); + my $apiclient = pf::api::jsonrpcclient->new(host => $server->{management_ip}, proto => 'https'); + foreach my $file (@files){ + eval { + print "Synching file : $file on $server->{host} \n"; + my %data = ( conf_file => $file, from => pf::cluster::current_server()->{management_ip} ); + my ($result) = $apiclient->call( 'distant_download_configfile', %data ); + }; + if($@){ + print STDERR "Failed to sync file : $file . $@\n"; + } + } + } +} + +if($master_server){ + print "Synching this server from node $master_server \n"; + + my $apiclient = pf::api::jsonrpcclient->new(host => $master_server, proto => 'https', username => $api_user, password => $api_password); + + foreach my $store (@stores) { + my $cs = $store->new; + my $config_file = $cs->configFile; + push @files, $config_file; + } + + foreach my $file (@files){ + eval { + print "Synching file : $file\n"; + my %data = ( conf_file => $file ); + my ($result) = $apiclient->call( 'download_configfile', %data ); + open(my $fh, '>', $file); + print $fh $result; + close($fh); + `chown pf.pf $file`; + }; + if($@){ + print STDERR "Failed to sync file : $file . $@\n"; + } + } + + pf::config::cached::updateCacheControl(); + pf::config::cached::ReloadConfigs(1); + +} + +=back + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2015 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + +# vim: set shiftwidth=4: +# vim: set expandtab: +# vim: set backspace=indent,eol,start: + diff --git a/bin/pfcmd-old.pl b/bin/pfcmd-old.pl new file mode 100755 index 000000000000..3c662d6c4823 --- /dev/null +++ b/bin/pfcmd-old.pl @@ -0,0 +1,2463 @@ +#!/usr/bin/perl -T + +=head1 NAME + +pfcmd - PacketFence command line interface + +=head1 SYNOPSIS + +pfcmd [options] + + Command: + checkup | perform a sanity checkup and report any problems + class | view violation classes + config | query, set, or get help on pf.conf configuration paramaters + configfiles | push or pull configfiles into/from database + floatingnetworkdeviceconfig | query/modify floating network devices configuration parameters + fingerprint | view DHCP Fingerprints + fixpermissions | fix permissions of files + graph | trending graphs + history | IP/MAC history + ifoctetshistorymac | accounting history + ifoctetshistoryswitch | accounting history + ifoctetshistoryuser | accounting history + import | bulk import of information into the database + interfaceconfig | query/modify interface configuration parameters + ipmachistory | IP/MAC history + locationhistorymac | Switch/Port history + locationhistoryswitch | Switch/Port history + lookup | node or pid lookup against local data store + manage | manage node entries + networkconfig | query/modify network configuration parameters + node | node manipulation + nodeaccounting | RADIUS Accounting Information + nodecategory | nodecategory manipulation + nodeuseragent | View User-Agent information associated to a node + person | person manipulation + reload | rebuild fingerprints without restart + report | current usage reports + schedule | Nessus scan scheduling + service | start/stop/restart and get PF daemon status + switchconfig | query/modify switches.conf configuration parameters + switchlocation | view switchport description and location + traplog | update traplog RRD files and graphs or obtain + switch IPs + trigger | view and throw triggers + ui | used by web UI to create menu hierarchies and dashboard + update | download canonical fingerprint or OUI data + useragent | view User-Agent fingerprint information + version | output version information + violation | violation manipulation + violationconfig | query/modify violations.conf configuration parameters + +=cut + +use strict; +use warnings; + +# force UID/EUID to root to allow socket binds, etc +# required for non-root (and GUI) service restarts to work +$> = 0; +$< = 0; + +use Data::Dumper; +use English qw( -no_match_vars ) ; # Avoids regex performance penalty +use POSIX(); +use Readonly; +use File::Spec::Functions qw(catfile); +use Date::Parse; +use File::Basename qw(basename); +use Log::Log4perl; +use Try::Tiny; +use List::MoreUtils qw(part any); +use Scalar::Util qw(tainted); + +use constant { + INSTALL_DIR => '/usr/local/pf', + JUST_MANAGED => 1, + INCLUDE_DEPENDS_ON => 2, +}; + +use lib INSTALL_DIR . "/lib"; + +use pf::log; +use pf::constants; +use pf::config; +use pf::config::ui; +use pf::pfcmd; +use pf::util; +use pf::config::util; +use HTTP::Status qw(is_success); +use List::MoreUtils qw(all true); +use List::Util qw(first); +use Term::ANSIColor; +use IO::Interactive qw(is_interactive); +use pf::constants::config qw($TIME_MODIFIER_RE); + +# Perl taint mode setup (see: perlsec) +delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; +$ENV{PATH} = "/bin:/sbin:/usr/bin:/usr/sbin"; + +# Uncomment the following line to enable tracing in the grammar +# Warning: doing so will break the web admin +# TODO: this parameter should be exposed to the CLI +#our $RD_TRACE = 1; + +my $logger = get_logger(); + +Readonly my $delimiter => '|'; +use vars qw/%cmd $grammar/; +my $command; +our %ACTION_MAP = ( + status => \&statusOfService, + start => \&startService, + stop => \&stopService, + watch => \&watchService, + restart => \&restartService, +); + +our ($SERVICE_HEADER, $IS_INTERACTIVE); +our ($RESET_COLOR, $WARNING_COLOR, $ERROR_COLOR, $SUCCESS_COLOR); + +my $count = $ENV{PER_PAGE}; +my $offset = $ENV{PAGE_NUM}; + +@ARGV = ( $ENV{ARGS} ) if ( $ENV{ARGS} ); + +if ( $offset && $offset > 0 ) { + $offset = $offset - 1; + $offset = $offset * $count; +} + + +if ( defined $ENV{GATEWAY_INTERFACE} ) { + require CGI; + import CGI qw(-no_debug :standard); + my $q = new CGI; + if ( $q->param('ARGS') ) { + @ARGV = $q->param("ARGS"); + print $q->header; + } elsif ( scalar(@ARGV) == 0 ) { + print 'ERROR in parameters'; + return (0); + } +} + +# generate pre-compiled grammar +#Parse::RecDescent->Precompile($grammar, "pfcmd_pregrammar"); +#exit 1; + +# dynamic grammar parsing (slow) +#my $parser=Parse::RecDescent->new($grammar); + +# FIXME: all of this is confusing duplication, we need to get rid of one of both method to call a sub +my %cmd_tmp = pf::pfcmd::parseCommandLine( join(' ', @ARGV) ); +if (! exists($cmd_tmp{'grammar'})) { + %cmd = %cmd_tmp; + # TODO minor refactoring: call method using exit( method() ) instead of appending an exit(1) + my %commands = ( + 'cache' => sub { exit (cache()) }, + 'checkup' => sub { + my $return = checkup(); + print "Nothing to report.\n" if ($return == $FALSE); + exit(1); + }, + 'fixpermissions' => sub { exit (fixpermissions()) }, + 'configreload' => sub { exit (configreload($cmd{command}[1])) }, + 'class' => sub { class(); exit(1); }, + 'config' => sub { config(); exit(0); }, + 'configfiles' => sub { configfiles(); exit(1); }, + 'floatingnetworkdeviceconfig' => sub { floatingnetworkdeviceconfig(); exit(1); }, + 'fingerprint' => sub { fingerprint(); exit(1); }, + 'graph' => sub { graph(); exit(1); }, + 'help' => sub { help(); exit(0); }, + 'history' => sub { history(); exit(1); }, + 'ifoctetshistorymac' => sub { ifoctetshistorymac(); exit(1); }, + 'ifoctetshistoryswitch' => sub { ifoctetshistoryswitch(); exit(1); }, + 'ifoctetshistoryuser' => sub { ifoctetshistoryuser(); exit(1); }, + 'import' => sub { import_data(); exit(1); }, + 'interfaceconfig' => sub { interfaceconfig(); exit(1); }, + 'ipmachistory' => sub { ipmachistory(); exit(1); }, + 'locationhistorymac' => sub { locationhistorymac(); exit(1); }, + 'locationhistoryswitch' => sub { locationhistoryswitch(); exit(1); }, + 'lookup' => sub { lookup(); exit(1); }, + 'manage' => sub { exit(manage()); }, + 'networkconfig' => sub { networkconfig(); exit(1); }, + 'node' => sub { + require pf::node; + import pf::node; + command_param('node'); + exit(1); + }, + 'nodeaccounting' => sub { nodeaccounting(); exit(1) }, + 'nodecategory' => sub { nodecategory(); exit(1); }, + 'nodeuseragent' => sub { nodeuseragent(); exit(1); }, + 'person' => sub { + require pf::person; + import pf::person; + command_param('person'); + exit(1); + }, + 'reload' => sub { reload(); exit(1); }, + 'report' => sub { report(); exit(1); }, + 'schedule' => sub { schedule(); exit(1); }, + 'service' => sub { exit service(); }, + 'switchconfig' => sub { switchconfig(); exit(1); }, + 'switchlocation' => sub { switchlocation(); exit(1); }, + 'traplog' => sub { traplog(); exit(1); }, + 'trigger' => sub { trigger(); exit(1); }, + 'ui' => sub { ui(); exit(1); }, + 'update' => sub { update(); exit(1); }, + 'useragent' => sub { useragent(); exit(1); }, + 'version' => sub { version(); exit(1); }, + 'violation' => sub { + require pf::violation; + import pf::violation; + command_param('violation'); + exit(1); + }, + 'violationconfig' => sub { violationconfig(); exit(1); }, + ); + if ( $commands{ $cmd{'command'}[0] } ) { + $commands{ $cmd{'command'}[0] }->(); + } else { + die "unknown command"; + }; + +} else { + if ($cmd_tmp{'grammar'} == 0) { + + # if argument list is not empty then it's a command not understood + if (@ARGV) { + # line number is a hack for web admin error output + print STDERR "Command not understood. (pfcmd grammar test failed at line ".__LINE__.".)\n"; + } + require pf::pfcmd::help; + pf::pfcmd::help::usage(); + exit(1); + } + $command = $cmd{'command'}[0]; +} + +#if ($command =~ /^(version|class|help|history|ipmachistory|locationhistoryswitch|locationhistorymac|ifoctetshistorymac|ifoctetshistoryswitch|ifoctetshistoryuser|report|ui|graph|switchlocation|nodecategory|trigger)$/i) { +# ($main::{$command} or sub { print "No such sub: $_\n" })->(); +# exit 1; +#} + +if ( lc($command) eq 'person' ) { + require pf::person; + import pf::person; + command_param($command); +} elsif ( lc($command) eq 'node' ) { + require pf::node; + import pf::node; + command_param($command); +} elsif ( lc($command) eq 'violation' ) { + require pf::violation; + import pf::violation; + command_param($command); +} else { + # calling a function looked up dynamically: first test coderef existence + if (!exists(&{$main::{$command}})) { + print "No such sub: $command at line ".__LINE__.".\n"; + } else { + # then execute main::$command sub + $logger->debug("executing sub " . $command . "()"); + # TODO: wrapping this around a try / catch block wouldn't hurt + &{$main::{$command}}(); + } +} + +# END MAIN + +sub help { + my $service = ($cmd{command}[1] || ''); + require pf::pfcmd::help; + my $functionName = "pf::pfcmd::help::help_$service"; + if ( !$service || !defined(&$functionName) ) { + pf::pfcmd::help::usage($TRUE); + } else { + ( $pf::pfcmd::help::{ "help_" . $service } )->(); + } +} + +# will be replaced in 1.6ish with SOAP +# +sub manage { + my $option = $cmd{manage_options}[0]; + my $mac = lc( $cmd{manage_options}[1] ); + my $id; + $id = $cmd{manage_options}[2] if ( defined $cmd{manage_options}[2] ); + my $function = "manage_" . $option; + if ( $option eq "register" ) { + return 1 if ( !$id ); + my %params = format_assignment( @{ $cmd{assignment} } ); + require pf::node; + pf::node::node_register( $mac, $id, %params ); + } elsif ( $option eq "deregister" ) { + require pf::node; + pf::node::node_deregister($mac); + } elsif ( $option eq "vclose" ) { + return 2 if ( !$id ); + require pf::violation; + print pf::violation::violation_close( $mac, $id ); + } elsif ( $option eq "vopen" ) { + return 3 if ( !$id ); + require pf::violation; + print (pf::violation::violation_add( $mac, $id ) ? 1 : 0); + } + require pf::enforcement; + pf::enforcement::reevaluate_access( $mac, $function ); + return 0; +} + +sub locationhistoryswitch { + require pf::locationlog; + import pf::locationlog; + my $switch = $cmd{command}[1]; + my $ifIndex = $cmd{command}[2]; + my $date; + $date = str2time( $cmd{command}[3] ) if ( defined $cmd{command}[1] ); + my %params; + $params{'ifIndex'} = $ifIndex; + + if ($date) { + $params{'date'} = $date; + } + exit( + print_results( "locationlog_history_switchport", $switch, %params ) ); +} + +sub locationhistorymac { + require pf::locationlog; + import pf::locationlog; + my $mac = $cmd{command}[1]; + my %params; + $params{'mac'} = $mac; + $params{'date'} = str2time( $cmd{command}[2] ) if ( defined $cmd{command}[2] ); + exit( print_results( "locationlog_history_mac", $mac, %params ) ); +} + +sub ifoctetshistoryswitch { + require pf::ifoctetslog; + import pf::ifoctetslog; + my $switch = $cmd{command}[1]; + my $ifIndex = $cmd{command}[2]; + my %params; + $params{'ifIndex'} = $ifIndex; + if (scalar(@{$cmd{command}}) == 5) { + $params{'start_time'} = str2time( $cmd{command}[3] ); + $params{'end_time'} = str2time( $cmd{command}[4] ); + } + exit( + print_results( "ifoctetslog_history_switchport", $switch, %params ) ); +} + +sub ifoctetshistorymac { + require pf::ifoctetslog; + import pf::ifoctetslog; + my $mac = $cmd{command}[1]; + my %params; + if (scalar(@{$cmd{command}}) == 4) { + $params{'start_time'} = str2time( $cmd{command}[2] ); + $params{'end_time'} = str2time( $cmd{command}[3] ); + } + exit( print_results( "ifoctetslog_history_mac", $mac, %params ) ); +} + +sub ifoctetshistoryuser { + require pf::ifoctetslog; + import pf::ifoctetslog; + my $user = $cmd{command}[1]; + my %params; + if (scalar(@{$cmd{command}}) == 4) { + $params{'start_time'} = str2time( $cmd{command}[2] ); + $params{'end_time'} = str2time( $cmd{command}[3] ); + } + exit( print_results( "ifoctetslog_history_user", $user, %params ) ); +} + +sub nodecategory { + require pf::nodecategory; + import pf::nodecategory; + my $sub_cmd = $cmd{'nodecategory_options'}[0]; + my $id = $cmd{'nodecategory_options'}[1]; + + if ($sub_cmd eq 'view') { + + if ($id eq 'all') { + exit(print_results("nodecategory_view_all")); + + } else { + exit(print_results("nodecategory_view", $id)); + } + + } elsif ($sub_cmd eq 'add') { + + my %params = format_assignment(@{$cmd{'nodecategory_assignment'}}); + try { + nodecategory_add(%params); + } catch { + chomp($_); + $logger->logcarp("$_"); + }; + + } elsif ($sub_cmd eq 'edit') { + + my %params = format_assignment(@{$cmd{'nodecategory_assignment'}}); + try { + nodecategory_modify($id, %params); + } catch { + chomp($_); + $logger->logcarp("$_"); + }; + + } elsif ($sub_cmd eq 'delete') { + + try { + nodecategory_delete($id); + } catch { + chomp($_); + $logger->logcarp("$_"); + }; + } + return 1; +} + +sub nodeaccounting { + my ( $function, $id ); + require pf::accounting; + pf::accounting->import(qw(node_accounting_view node_accounting_view_all)); + $id = $cmd{command}[2]; + if ( $id && $id ne 'all' ) { + $function = "node_accounting_view"; + } else { + $function = "node_accounting_view_all"; + } + exit( print_results( $function, $id ) ); +} + +sub nodeuseragent { + my ( $function, $id ); + require pf::useragent; + pf::useragent->import(qw(node_useragent_view node_useragent_view_all)); + $id = $cmd{command}[2]; + if ( $id && $id ne 'all' ) { + $function = "node_useragent_view"; + } else { + $function = "node_useragent_view_all"; + } + exit( print_results( $function, $id ) ); +} + +sub switchlocation { + require pf::switchlocation; + import pf::switchlocation; + my $switch = $cmd{command}[2]; + my %params; + $params{'ifIndex'} = $cmd{command}[3]; + exit( + print_results( "switchlocation_view_switchport", $switch, %params ) ); +} + +sub violationconfig { + require Config::IniFiles; + my %violations_conf; + tie %violations_conf, 'Config::IniFiles', + ( -file => "$conf_dir/violations.conf" ); + my @errors = @Config::IniFiles::errors; + if ( scalar(@errors) ) { + $logger->error( "Error reading violations.conf: " + . join( "\n", @errors ) + . "\n" ); + return 0; + } + + my $mode; + if ( scalar( @{ $cmd{'command'} } ) == 1 ) { + if ( exists( $cmd{'violationconfig_options'} ) ) { + $mode = $cmd{'violationconfig_options'}[0]; + } + } else { + $mode = $cmd{'command'}[1]; + } + + if ( $mode eq 'get' ) { + foreach my $section ( tied(%violations_conf)->Sections ) { + foreach my $key ( keys %{ $violations_conf{$section} } ) { + $violations_conf{$section}{$key} =~ s/\s+$//; + } + } + + my @fields = field_order(); + print join( $delimiter, @fields ) . "\n"; + + # Now that we printed all the fields, we skip the key since it's not + # under the config section but actually the section itself + shift @fields; + + # Loop, filter and display + foreach my $section ( keys %violations_conf ) { + if ( $cmd{'command'}[2] eq 'all' || $cmd{'command'}[2] eq $section ) { + + my @values; + foreach my $column (@fields) { + push @values, + ( $violations_conf{$section}{$column} || $violations_conf{'defaults'}{$column} || '' ); + } + print $section . $delimiter . join( $delimiter, @values ) . "\n"; + } + } + } elsif ( $mode eq 'delete' ) { + my $section = $cmd{'command'}[2]; + # TODO: this seems wrong. 1st: hardcoded violation id, 2nd: how does the web react to that print? + if ( $section + =~ /^(default|all|1100001|1100004|1100005|1100009|1100010|1200001|1200003)$/ + ) + { + print "This violation can't be deleted (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } else { + if ( tied(%violations_conf)->SectionExists($section) ) { + tied(%violations_conf)->DeleteSection($section); + tied(%violations_conf) + ->RewriteConfig() + or $logger->logdie("Unable to write config to $conf_dir/violations.conf. " + ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # web ui hack + require pf::configfile; + import pf::configfile; + configfile_import( $conf_dir . "/violations.conf" ); + } else { + print "Unknown violation $section! (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } + } + } elsif ( $mode eq 'edit' ) { + my $section = $cmd{'violationconfig_options'}[1]; + my @assignments = @{ $cmd{'violationconfig_assignment'} }; + if ( tied(%violations_conf)->SectionExists($section) ) { + foreach my $assignment (@assignments) { + my ( $param, $value ) = @$assignment; + if ($section eq 'defaults') { + if ( defined( $violations_conf{$section}{$param} ) ) { + tied(%violations_conf) + ->setval( $section, $param, $value ); + } else { + tied(%violations_conf) + ->newval( $section, $param, $value ); + } + } else { + if ( defined( $violations_conf{$section}{$param} ) ) { + if ( ( !exists( $violations_conf{'defaults'}{$param} ) ) + || ( $violations_conf{'defaults'}{$param} ne $value ) + ) + { + tied(%violations_conf) + ->setval( $section, $param, $value ); + } else { + tied(%violations_conf)->delval( $section, $param ); + } + } else { + if ( ( !exists( $violations_conf{'defaults'}{$param} ) ) + || ( $violations_conf{'defaults'}{$param} ne $value ) + ) + { + tied(%violations_conf) + ->newval( $section, $param, $value ); + } + } + } + } + tied(%violations_conf) + ->RewriteConfig() + or $logger->logdie("Unable to write config to $conf_dir/violations.conf. " + ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # web ui hack + require pf::configfile; + import pf::configfile; + configfile_import( $conf_dir . "/violations.conf" ); + } else { + print "Unknown violation $section! (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } + } elsif ( $mode eq 'add' ) { + my $section = $cmd{'violationconfig_options'}[1]; + my @assignments = @{ $cmd{'violationconfig_assignment'} }; + if ( !( tied(%violations_conf)->SectionExists($section) ) ) { + tied(%violations_conf)->AddSection($section); + foreach my $assignment (@assignments) { + my ( $param, $value ) = @$assignment; + if ( ( !exists( $violations_conf{'defaults'}{$param} ) ) + || ( $violations_conf{'defaults'}{$param} ne $value ) ) + { + tied(%violations_conf) + ->newval( $section, $param, $value ); + } + } + tied(%violations_conf) + ->RewriteConfig() + or $logger->logdie("Unable to write config to $conf_dir/violations.conf. " + ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # web ui hack + require pf::configfile; + import pf::configfile; + configfile_import( $conf_dir . "/violations.conf" ); + } else { + print "Violation $section already exists! (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } + } +} + +sub floatingnetworkdeviceconfig { + require Config::IniFiles; + my $configFile = $floating_devices_file; + my %floatingnetworkdevice_conf; + + tie %floatingnetworkdevice_conf, 'Config::IniFiles', ( -file => $configFile, -allowempty => 1 ); + my @errors = @Config::IniFiles::errors; + if ( scalar(@errors) ) { + $logger->error("Error reading $configFile: " . join( "\n", @errors ) . "\n" ); + return 0; + } + + my $mode; + if ( scalar( @{ $cmd{'command'} } ) == 1 ) { + if ( exists( $cmd{'floatingnetworkdeviceconfig_options'} ) ) { + $mode = $cmd{'floatingnetworkdeviceconfig_options'}[0]; + } + } else { + $mode = $cmd{'command'}[1]; + } + + if ( $mode eq 'get' ) { + foreach my $section ( tied(%floatingnetworkdevice_conf)->Sections ) { + foreach my $key ( keys %{ $floatingnetworkdevice_conf{$section} } ) { + $floatingnetworkdevice_conf{$section}{$key} =~ s/\s+$//; + } + } + + my @sections_tmp = keys %floatingnetworkdevice_conf; + my @sections = map substr( $_, 4 ) => sort map pack( 'C4' => /(\d+)\.(\d+)\.(\d+)\.(\d+)/ ) + . $_ => @sections_tmp; + + my @fields = field_order(); + print join( $delimiter, @fields ) . "\n"; + + # Now that we printed all the fields, we skip the key since it's not + # under the config section but actually the section itself + shift @fields; + + # Loop, filter and display + foreach my $section (@sections) { + if ( $cmd{'command'}[2] eq 'all' || $cmd{'command'}[2] eq $section ) { + my @values; + foreach my $column (@fields) { + push @values, ( $floatingnetworkdevice_conf{$section}{$column} || '' ); + } + print $section . $delimiter . join( $delimiter, @values ) . "\n"; + } + } + + } elsif ( $mode eq 'delete' ) { + my $section = $cmd{'command'}[2]; + if ( $section =~ /^(all|stub)$/ ) { + print "This floating network device can't be deleted. (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } else { + if ( tied(%floatingnetworkdevice_conf)->SectionExists($section) ) { + tied(%floatingnetworkdevice_conf)->DeleteSection($section); + my $tied_floatingnetworkdevice = tied(%floatingnetworkdevice_conf); + $tied_floatingnetworkdevice->RewriteConfig() + or $logger->logdie("Unable to write config to $configFile. " + ."You might want to check the file's permissions. (see pfcmd)"); # web ui hack + require pf::configfile; + import pf::configfile; + configfile_import($configFile); + } else { + print "Unknown floating network device $section! (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } + } + } elsif ( $mode eq 'edit' ) { + my $section = $cmd{'floatingnetworkdeviceconfig_options'}[1]; + my @assignments = @{ $cmd{'floatingnetworkdeviceconfig_assignment'} }; + if ( tied(%floatingnetworkdevice_conf)->SectionExists($section) ) { + foreach my $assignment (@assignments) { + my ( $param, $value ) = @$assignment; + if ( defined( $floatingnetworkdevice_conf{$section}{$param} ) ) { + tied(%floatingnetworkdevice_conf)->setval( $section, $param, $value ); + } else { + tied(%floatingnetworkdevice_conf)->newval( $section, $param, $value ); + } + } + my $tied_floatingnetworkdevice = tied(%floatingnetworkdevice_conf); + $tied_floatingnetworkdevice->RewriteConfig() + or $logger->logdie("Unable to write config to $configFile. " + ."You might want to check the file's permissions. (see pfcmd)"); # web ui hack + require pf::configfile; + import pf::configfile; + configfile_import($configFile); + } else { + print "Unknown floating network device $section! (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } + } elsif ( $mode eq 'add' ) { + my $section = $cmd{'floatingnetworkdeviceconfig_options'}[1]; + my @assignments = @{ $cmd{'floatingnetworkdeviceconfig_assignment'} }; + if ( !( tied(%floatingnetworkdevice_conf)->SectionExists($section) ) ) { + foreach my $assignment (@assignments) { + tied(%floatingnetworkdevice_conf)->AddSection($section); + my ( $param, $value ) = @$assignment; + tied(%floatingnetworkdevice_conf)->newval( $section, $param, $value ); + } + my $tied_floatingnetworkdevice = tied(%floatingnetworkdevice_conf); + $tied_floatingnetworkdevice->RewriteConfig() + or $logger->logdie("Unable to write config to $configFile. " + ."You might want to check the file's permissions. (see pfcmd)"); # web ui hack + require pf::configfile; + import pf::configfile; + configfile_import($configFile); + } else { + print "Floating network device $section already exists! (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } + } +} + +sub networkconfig { + + my $mode; + if ( scalar( @{ $cmd{'command'} } ) == 1 ) { + if ( exists( $cmd{'networkconfig_options'} ) ) { + $mode = $cmd{'networkconfig_options'}[0]; + } + } else { + $mode = $cmd{'command'}[1]; + } + + if ( $mode eq 'get' ) { + + my @networks_tmp = keys %ConfigNetworks; + my @networks = map substr( $_, 4 ) => sort map pack( 'C4' => /(\d+)\.(\d+)\.(\d+)\.(\d+)/ ) + . $_ => @networks_tmp; + + my @fields = field_order(); + print join( $delimiter, @fields ) . "\n"; + + # Now that we printed all the fields, we skip the key since it's not + # under the config section but actually the section itself + shift @fields; + + # Loop, filter and display + foreach my $network (@networks) { + if ( $cmd{'command'}[2] eq 'all' || $cmd{'command'}[2] eq $network ) + { + my @values; + foreach my $column (@fields) { + # pf_gateway to next_hop translation + # TODO remove code once pf_gateway is deprecated (somewhere in 2012) + if ($column eq 'next_hop' + && !defined($ConfigNetworks{$network}{$column}) + && defined($ConfigNetworks{$network}{'pf_gateway'})) { + $ConfigNetworks{$network}{$column} = $ConfigNetworks{$network}{'pf_gateway'}; + } + push @values, ( $ConfigNetworks{$network}{$column} || '' ); + } + print $network . $delimiter . join( $delimiter, @values ) . "\n"; + } + } + } elsif ( $mode eq 'delete' ) { + my $network = $cmd{'command'}[2]; + if ( $network eq 'all' ) { + print "This network can't be deleted (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } else { + if ( tied(%ConfigNetworks)->SectionExists($network) ) { + tied(%ConfigNetworks)->DeleteSection($network); + my $tied_network = tied(%ConfigNetworks); + $tied_network->RewriteConfig() + or $logger->logdie("Unable to write config to $network_config_file. " + ."You might want to check the file's permissions. (see pfcmd)"); # web ui hack + require pf::configfile; + import pf::configfile; + configfile_import( $network_config_file ); + } else { + print "Unknown network $network! (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } + } + } elsif ( $mode eq 'edit' ) { + my $network = $cmd{'networkconfig_options'}[1]; + my @assignments = @{ $cmd{'networkconfig_assignment'} }; + if ( tied(%ConfigNetworks)->SectionExists($network) ) { + foreach my $assignment (@assignments) { + my ( $param, $value ) = @$assignment; + if ( defined( $ConfigNetworks{$network}{$param} ) ) { + tied(%ConfigNetworks)->setval( $network, $param, $value ); + } else { + tied(%ConfigNetworks)->newval( $network, $param, $value ); + } + } + my $tied_network = tied(%ConfigNetworks); + $tied_network->RewriteConfig() + or $logger->logdie("Unable to write config to $network_config_file. " + ."You might want to check the file's permissions. (see pfcmd)"); # web ui hack + require pf::configfile; + import pf::configfile; + configfile_import( $network_config_file ); + } else { + print "Unknown network $network! (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } + } elsif ( $mode eq 'add' ) { + my $network = $cmd{'networkconfig_options'}[1]; + my @assignments = @{ $cmd{'networkconfig_assignment'} }; + if ( !( tied(%ConfigNetworks)->SectionExists($network) ) ) { + foreach my $assignment (@assignments) { + tied(%ConfigNetworks)->AddSection($network); + my ( $param, $value ) = @$assignment; + tied(%ConfigNetworks)->newval( $network, $param, $value ); + } + my $tied_network = tied(%ConfigNetworks); + $tied_network->RewriteConfig() + or $logger->logdie("Unable to write config to $network_config_file. " + ."You might want to check the file's permissions. (see pfcmd)"); # web ui hack + require pf::configfile; + import pf::configfile; + configfile_import( $network_config_file ); + } else { + print "Network $network already exists! (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } + } +} + +sub import_data { + require pf::import; + import pf::import; + my $type = $cmd{command}[1]; + my $file = $cmd{command}[2]; + $logger->info("Import requested. Type: $type, file to import: $file"); + my $result; + if (lc($type) eq 'nodes') { + pf::import::nodes($file); + $result = 1; + } elsif (lc($type) eq 'wrix') { + require pf::DB::Wrix::Manager; + pf::DB::Wrix::Manager->import; + $result = pf::DB::Wrix::Manager->importCsv($file); + } + if($result) { + print "Import process complete\n"; + } else { + print "Error importing $file for $type\n"; + } +} + +sub interfaceconfig { + require Config::IniFiles; + my %pf_conf; + tie %pf_conf, 'Config::IniFiles', ( -file => "$conf_dir/pf.conf" ); + my @errors = @Config::IniFiles::errors; + if ( scalar(@errors) ) { + $logger->error( + "Error reading pf.conf: " . join( "\n", @errors ) . "\n" ); + return 0; + } + + my $mode; + if ( scalar( @{ $cmd{'command'} } ) == 1 ) { + if ( exists( $cmd{'interfaceconfig_options'} ) ) { + $mode = $cmd{'interfaceconfig_options'}[0]; + } + } else { + $mode = $cmd{'command'}[1]; + } + + if ( $mode eq 'get' ) { + foreach my $section ( tied(%pf_conf)->Sections ) { + foreach my $key ( keys %{ $pf_conf{$section} } ) { + $pf_conf{$section}{$key} =~ s/\s+$//; + } + } + + my @fields = field_order(); + print join( $delimiter, @fields ) . "\n"; + + # Now that we printed all the fields, we skip the key since it's not + # under the config section but actually the section itself + shift @fields; + + # Loop, filter and display + foreach my $section ( keys %pf_conf ) { + if ( $section =~ /^interface (.+)$/ ) { + my $interface_name = $1; + if ( $cmd{'command'}[2] eq 'all' || $cmd{'command'}[2] eq $interface_name ) { + my @values; + foreach my $column (@fields) { + push @values, ( $pf_conf{$section}{$column} || '' ); + } + print $interface_name . $delimiter . join( $delimiter, @values ) . "\n"; + } + } + } + } elsif ( $mode eq 'delete' ) { + my $section = $cmd{'command'}[2]; + my $section_name = "interface $section"; + if ( $section eq 'all' ) { + print "This interface can't be deleted (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } else { + if ( tied(%pf_conf)->SectionExists($section_name) ) { + tied(%pf_conf)->DeleteSection($section_name); + tied(%pf_conf)->RewriteConfig() + or $logger->logdie("Unable to write config to $conf_dir/pf.conf. " + ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # web ui hack + require pf::configfile; + import pf::configfile; + configfile_import( $conf_dir . "/pf.conf" ); + } else { + print "Unknown interface $section! (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } + } + } elsif ( $mode eq 'edit' ) { + my $section = $cmd{'interfaceconfig_options'}[1]; + my $section_name = "interface $section"; + my @assignments = @{ $cmd{'interfaceconfig_assignment'} }; + if ( tied(%pf_conf)->SectionExists($section_name) ) { + foreach my $assignment (@assignments) { + my ( $param, $value ) = @$assignment; + if ( defined( $pf_conf{$section_name}{$param} ) ) { + tied(%pf_conf)->setval( $section_name, $param, $value ); + } else { + tied(%pf_conf)->newval( $section_name, $param, $value ); + } + } + tied(%pf_conf)->RewriteConfig() + or $logger->logdie("Unable to write config to $conf_dir/pf.conf. " + ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # web ui hack + require pf::configfile; + import pf::configfile; + configfile_import( $conf_dir . "/pf.conf" ); + } else { + print "Unknown interface $section! (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } + } elsif ( $mode eq 'add' ) { + my $section = $cmd{'interfaceconfig_options'}[1]; + my $section_name = "interface $section"; + my @assignments = @{ $cmd{'interfaceconfig_assignment'} }; + if ( !( tied(%pf_conf)->SectionExists($section_name) ) ) { + foreach my $assignment (@assignments) { + tied(%pf_conf)->AddSection($section_name); + my ( $param, $value ) = @$assignment; + tied(%pf_conf)->newval( $section_name, $param, $value ); + } + tied(%pf_conf)->RewriteConfig() + or $logger->logdie("Unable to write config to $conf_dir/pf.conf. " + ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # web ui hack + require pf::configfile; + import pf::configfile; + configfile_import( $conf_dir . "/pf.conf" ); + } else { + print "Interface $section already exists! (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } + } +} + +sub switchconfig { + require Config::IniFiles; + my %switches_conf; + tie %switches_conf, 'Config::IniFiles', + ( -file => "$conf_dir/switches.conf" ); + my @errors = @Config::IniFiles::errors; + if ( scalar(@errors) ) { + $logger->error( + "Error reading switches.conf: " . join( "\n", @errors ) . "\n" ); + return 0; + } + + my $mode; + if ( scalar( @{ $cmd{'command'} } ) == 1 ) { + if ( exists( $cmd{'switchconfig_options'} ) ) { + $mode = $cmd{'switchconfig_options'}[0]; + } + } else { + $mode = $cmd{'command'}[1]; + } + + if ( $mode eq 'get' ) { + foreach my $section ( tied(%switches_conf)->Sections ) { + foreach my $key ( keys %{ $switches_conf{$section} } ) { + $switches_conf{$section}{$key} =~ s/\s+$//; + } + } + + #sort the switches (http://www.sysarch.com/Perl/sort_paper.html) + my %switches_conf_tmp = %switches_conf; + delete $switches_conf_tmp{'default'}; + delete $switches_conf_tmp{'127.0.0.1'}; + my @sections_tmp = keys(%switches_conf_tmp); + my @sections + = map substr( $_, 4 ) => sort + map pack( 'C4' => /(\d+)\.(\d+)\.(\d+)\.(\d+)/ ) + . $_ => @sections_tmp; + unshift( @sections, 'default' ); + + my @fields = field_order(); + print join( $delimiter, @fields ) . "\n"; + + # Now that we printed all the fields, we skip the key since it's not + # under the config section but actually the section itself + shift @fields; + + # Loop, filter and display + foreach my $section (@sections) { + if ( $cmd{'command'}[2] eq 'all' || $cmd{'command'}[2] eq $section ) { + my @values; + foreach my $column (@fields) { + push @values, + ( $switches_conf{$section}{$column} || $switches_conf{'default'}{$column} || '' ); + } + print $section . $delimiter . join( $delimiter, @values ) . "\n"; + } + } + } elsif ( $mode eq 'delete' ) { + my $section = $cmd{'command'}[2]; + if ( $section =~ /^(default|all)$/ ) { + print "This switch can't be deleted (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } else { + if ( tied(%switches_conf)->SectionExists($section) ) { + tied(%switches_conf)->DeleteSection($section); + my $tied_switch = tied(%switches_conf); + $tied_switch->RewriteConfig() + or $logger->logdie("Unable to write config to $conf_dir/switches.conf. " + ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # hack + require pf::configfile; + import pf::configfile; + configfile_import( $conf_dir . "/switches.conf" ); + } else { + print "Unknown switch $section! (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } + } + } elsif ( $mode eq 'edit' ) { + my $section = $cmd{'switchconfig_options'}[1]; + my @assignments = @{ $cmd{'switchconfig_assignment'} }; + if ( tied(%switches_conf)->SectionExists($section) ) { + foreach my $assignment (@assignments) { + my ( $param, $value ) = @$assignment; + if ($section eq 'default') { + if ( defined( $switches_conf{$section}{$param} ) ) { + tied(%switches_conf) + ->setval( $section, $param, $value ); + } else { + tied(%switches_conf) + ->newval( $section, $param, $value ); + } + } else { + if ( defined( $switches_conf{$section}{$param} ) ) { + if ( ( !exists( $switches_conf{'default'}{$param} ) ) + || ( $switches_conf{'default'}{$param} ne $value ) ) + { + tied(%switches_conf) + ->setval( $section, $param, $value ); + } else { + tied(%switches_conf)->delval( $section, $param ); + } + } else { + if ( ( !exists( $switches_conf{'default'}{$param} ) ) + || ( $switches_conf{'default'}{$param} ne $value ) ) + { + tied(%switches_conf) + ->newval( $section, $param, $value ); + } + } + } + } + my $tied_switch = tied(%switches_conf); + $tied_switch->RewriteConfig() + or $logger->logdie("Unable to write config to $conf_dir/switches.conf. " + ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # web ui hack + require pf::configfile; + import pf::configfile; + configfile_import( $conf_dir . "/switches.conf" ); + } else { + print "Unknown switch $section! (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } + } elsif ( $mode eq 'add' ) { + my $section = $cmd{'switchconfig_options'}[1]; + my @assignments = @{ $cmd{'switchconfig_assignment'} }; + if ( !( tied(%switches_conf)->SectionExists($section) ) ) { + foreach my $assignment (@assignments) { + tied(%switches_conf)->AddSection($section); + my ( $param, $value ) = @$assignment; + if ( ( !exists( $switches_conf{'default'}{$param} ) ) + || ( $switches_conf{'default'}{$param} ne $value ) ) + { + tied(%switches_conf)->newval( $section, $param, $value ); + } + } + my $tied_switch = tied(%switches_conf); + $tied_switch->RewriteConfig() + or $logger->logdie("Unable to write config to $conf_dir/switches.conf. " + ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # web ui hack + require pf::configfile; + import pf::configfile; + configfile_import( $conf_dir . "/switches.conf" ); + } else { + print "Switch $section already exists! (Error at line ".__LINE__." in pfcmd)\n"; + exit; + } + } +} + +# +# host history +# +sub history { + require pf::iplog; + import pf::iplog; + my $addr = $cmd{command}[1]; + my $date; + $date = str2time( $cmd{command}[2] ) if ( defined $cmd{command}[1] ); + my ( $function, %params ); + $function = "iplog_history"; + if ($date) { + $params{'date'} = $date; + } + exit( print_results( $function, $addr, %params ) ); +} + +sub ipmachistory { + require pf::iplog; + import pf::iplog; + my $addr = $cmd{command}[1]; + my ( $function, %params ); + $function = "iplog_history"; + if (scalar(@{$cmd{command}}) == 4) { + $params{'start_time'} = str2time( $cmd{command}[2] ); + $params{'end_time'} = str2time( $cmd{command}[3] ); + } + exit( print_results( $function, $addr, %params ) ); +} + +sub traplog { + require pf::traplog; + import pf::traplog; + if ( ( scalar( @{ $cmd{'command'} } ) == 2 ) + && ( $cmd{command}[1] eq 'update' ) ) + { + traplog_update_rrd(); + } else { + my $nb = $cmd{'command'}[1]; + my %params; + $params{'timespan'} = $cmd{'command'}[2]; + exit( + print_results( + 'traplog_get_switches_with_most_traps', + $nb, %params + ) + ); + } + exit; +} + +# +# stop/start pf services +# return service status +# + +sub service { + my $service = $cmd{command}[1]; + my $action = $cmd{command}[2]; + require pf::services; + import pf::services; + $SERVICE_HEADER ="service|command\n"; + $IS_INTERACTIVE = is_interactive(); + $RESET_COLOR = $IS_INTERACTIVE ? color 'reset' : ''; + $WARNING_COLOR = $IS_INTERACTIVE ? color $Config{advanced}{pfcmd_warning_color} : ''; + $ERROR_COLOR = $IS_INTERACTIVE ? color $Config{advanced}{pfcmd_error_color} : ''; + $SUCCESS_COLOR = $IS_INTERACTIVE ? color $Config{advanced}{pfcmd_success_color} : ''; + + my $actionHandler; + $action =~ /^(.*)$/; + $action = $1; + if(exists $ACTION_MAP{$action} && defined ($actionHandler = $ACTION_MAP{$action})) { + $service =~ /^(.*)$/; + $service = $1; + my @services; + if($service eq 'pf') { + @services = @pf::services::ALL_SERVICES; + } else { + @services = ($service); + } + return $actionHandler->($service,@services); + } + return $FALSE; +} + +sub postPfStartService { + my ($managers) = @_; + my $count = true {$_->status ne '0'} @$managers; + configreload('hard') unless $count; +} + +sub startService { + my ($service,@services) = @_; + my @managers = getManagers(\@services,INCLUDE_DEPENDS_ON | JUST_MANAGED); + print $SERVICE_HEADER; + my $count = 0; + postPfStartService(\@managers) if $service eq 'pf'; + + my ($noCheckupManagers,$checkupManagers) = part { $_->shouldCheckup } @managers; + + if($noCheckupManagers && @$noCheckupManagers) { + foreach my $manager (@$noCheckupManagers) { + _doStart($manager); + } + } + if($checkupManagers && @$checkupManagers) { + checkup( map {$_->name} @$checkupManagers); + foreach my $manager (@$checkupManagers) { + _doStart($manager); + } + } + return 0; +} + +sub _doStart { + my ($manager) = @_; + my $command; + my $color = ''; + if($manager->status ne '0') { + $color = $WARNING_COLOR; + $command = 'already started'; + } else { + if($manager->start) { + $command = 'start'; + $color = $SUCCESS_COLOR; + } else { + $command = 'not started'; + $color = $ERROR_COLOR; + } + } + print $manager->name,"|${color}${command}${RESET_COLOR}\n"; +} + +sub getManagers { + my ($services,$flags) = @_; + $flags = 0 unless defined $flags; + my %seen; + my $includeDependsOn = $flags & INCLUDE_DEPENDS_ON; + my $justManaged = $flags & JUST_MANAGED; + my @serviceManagers = + grep { (!exists $seen{$_->name}) && ($seen{$_->name} = 1) && ( !$justManaged || $_->isManaged ) && !$_->isvirtual } + map { + my $m = $_; + my @managers; + if ($includeDependsOn) { + push @managers, grep {defined $_} + map {pf::services::get_service_manager($_)} @{$m->dependsOnServices}; + } + if($m->isa("pf::services::manager::submanager")) { + push @managers,$m->managers; + } else { + push @managers,$m; + } + + @managers + } + grep { defined $_ } + map { pf::services::get_service_manager($_) } @$services; + return @serviceManagers; +} + +sub getIptablesTechnique { + require pf::inline::custom; + my $iptables = pf::inline::custom->new(); + return $iptables->{_technique}; +} + +sub stopService { + my ($service,@services) = @_; + my @managers = getManagers(\@services); + #push memcached to back of the list + my %exclude = ( + memcached => undef, + ); + my ($push_managers,$infront_managers) = part { exists $exclude{ $_->name } ? 0 : 1 } @managers; + @managers = (); + @managers = @$infront_managers if $infront_managers; + push @managers, @$push_managers if $push_managers; + print $SERVICE_HEADER; + my $command; + my $color = ''; + foreach my $manager (@managers) { + if($manager->status eq '0') { + $command = 'already stopped'; + $color = $WARNING_COLOR; + } else { + if($manager->stop) { + $color = $SUCCESS_COLOR; + $command = 'stop'; + } else { + $color = $ERROR_COLOR; + $command = 'not stopped'; + } + } + print $manager->name,"|${color}${command}${RESET_COLOR}\n"; + } + return 0; +} + +sub restartService { + my ($service,@services) = @_; + stopService(@_); + local $SERVICE_HEADER = ''; + startService(@_); +} + +sub watchService { + my ($service,@services) = @_; + my @stoppedServiceManagers = + grep { $_->status eq '0' } + getManagers(\@services, JUST_MANAGED | INCLUDE_DEPENDS_ON); + if(@stoppedServiceManagers) { + my @stoppedServices = map { $_->name } @stoppedServiceManagers; + $logger->info("watch found incorrectly stopped services: " . join(", ", @stoppedServices)); + print "The following processes are not running:\n" . " - " + . join( "\n - ", @stoppedServices ) . "\n"; + if ( isenabled( $Config{'servicewatch'}{'email'} ) ) { + my %message; + $message{'subject'} = "PF WATCHER ALERT"; + $message{'message'} + = "The following processes are not running:\n" . " - " + . join( "\n - ", @stoppedServices ) . "\n"; + pfmailer(%message); + } + if ( isenabled( $Config{'servicewatch'}{'restart'} ) ) { + print $SERVICE_HEADER; + foreach my $manager (@stoppedServiceManagers) { + $manager->watch; + print join('|',$manager->name,"watch"),"\n"; + } + return 0; + } + } + return 1; +} + +sub statusOfService { + my ($service,@services) = @_; + my @managers = getManagers(\@services); + print "service|shouldBeStarted|pid\n"; + my $notStarted = 0; + foreach my $manager (@managers) { + my $color = ''; + my $isManaged = $manager->isManaged; + my $status = $manager->status; + if($status eq '0' ) { + if ($isManaged) { + $color = $ERROR_COLOR; + $notStarted++; + } else { + $color = $WARNING_COLOR; + } + } else { + $color = $SUCCESS_COLOR; + } + print $manager->name,"|${color}$isManaged|$status${RESET_COLOR}\n"; + } + return ( $notStarted ? 3 : 0); +} + +sub class { + my ( $function, $id ); + require pf::class; + import pf::class; + $id = $cmd{'command'}[2]; + if ( $id && $id !~ /all/ ) { + $function = "class_view"; + } else { + $function = "class_view_all"; + } + exit( print_results( $function, $id ) ); +} + +sub checkup { + require pf::services; + require pf::pfcmd::checkup; + no warnings "once"; #avoids only used once warnings generated by the access of pf::pfcmd::checkup namespace + my @services; + if(@_) { + @services = @_; + } else { + @services = @pf::services::ALL_SERVICES; + } + + my @problems = pf::pfcmd::checkup::sanity_check(pf::services::service_list(@services)); + foreach my $entry (@problems) { + chomp $entry->{$pf::pfcmd::checkup::MESSAGE}; + print $entry->{$pf::pfcmd::checkup::SEVERITY} . " - " . $entry->{$pf::pfcmd::checkup::MESSAGE} . "\n"; + } + + # if there is a fatal problem, exit with status 255 + foreach my $entry (@problems) { + if ($entry->{$pf::pfcmd::checkup::SEVERITY} eq $pf::pfcmd::checkup::FATAL) { + exit(255); + } + } + + if (@problems) { + return $TRUE; + } else { + return $FALSE; + } +} + +# +sub trigger { + my ( $function, $id, %params ); + require pf::trigger; + import pf::trigger; + $id = $cmd{command}[2]; + if ( ( defined $cmd{command}[3] ) && ( $cmd{command}[3] ne '' ) ) { + if ( $id eq 'all' ) { + $id = $cmd{command}[3]; + $function = "trigger_view_type"; + } else { + $params{'type'} = $cmd{command}[3]; + $function = "trigger_view"; + } + } elsif ( $id && $id !~ /all/ ) { + $function = "trigger_view_tid"; + } else { + $function = "trigger_view_all"; + } + exit( print_results( $function, $id, %params ) ); +} + +# +sub fingerprint { + my ( $function, $id ); + require pf::os; + import pf::os; + $id = $cmd{command}[2]; + if ( $id && $id ne 'all' ) { + $function = "dhcp_fingerprint_view"; + } else { + $function = "dhcp_fingerprint_view_all"; + } + exit( print_results( $function, $id ) ); +} + +sub useragent { + my ( $function, $id ); + require pf::useragent; + pf::useragent->import(qw(view view_all)); + $id = $cmd{command}[2]; + if ( $id && $id ne 'all' ) { + $function = "view"; + } else { + $function = "view_all"; + } + exit( print_results( $function, $id ) ); +} + +sub version { + # TODO: move this code into library code and have pf::config hold the value somewhere. + # Then report the version in Web Services API calls like for the Extreme Switches' appName + my ( $pfrelease_fh, $release ); + open( $pfrelease_fh, '<', "$conf_dir/pf-release" ) + || $logger->logdie("Unable to open $conf_dir/pf-release: $!"); + $release = <$pfrelease_fh>; + close($pfrelease_fh); + print $release; +} + +# +# schedule a host scan +# +sub schedule { + my $command = $cmd{command}[0]; + my $service; + $service = $cmd{command}[1] if ( defined $cmd{command}[1] ); + my $option = $cmd{schedule_options}[0]; + my $hostaddr = $cmd{schedule_options}[1]; + my %params = format_assignment( @{ $cmd{assignment} } ); + + #scan now, no cron entry + if ( $option && $option eq 'now' ) { + + $logger->trace("pcmd schedule now called"); + + require pf::scan; + pf::scan::run_scan($hostaddr); + + $logger->trace("leaving pfcmd schedule now"); + + # or modify cron + } else { + require pf::schedule; + + my $date = $params{date} || 0; + + my $cron = new pf::schedule(); + $cron->load_cron("pf"); + print join( $delimiter, ( "id", "date", "hosts" ) ) . "\n"; + if ( $option eq 'view' ) { + if ( $hostaddr eq 'all' ) { + print $cron->get_indexes(); + } else { + my $cronref = $cron->get_index($hostaddr); + if (defined($cronref)) { + print join( $delimiter, $cron->get_index($hostaddr) ) . "\n"; + } + } + return (1); + } elsif ( $option eq 'add' ) { + $logger->trace("Adding scheduled scan cron entry with date: $date"); + my @fields = split( /\s+/, $date ); + if ( !$date + || scalar(@fields) != 5 + || $date !~ /^([\d\-\,\/\* ])+$/) + { + print "Date format incorrect $date\n"; + $logger->error("date format incorrect"); + return (0); + } else { + $cron->add_index( $date, + $bin_dir . "/pfcmd schedule now $hostaddr" ); + } + } elsif ( $option eq 'delete' ) { + $cron->delete_index($hostaddr); + $cron->write_cron("pf"); + return 1; + } elsif ( $option eq 'edit' ) { + my $id = $hostaddr; + my ( $oldate, $oldaddr ) + = ( $cron->get_index($id) )[ 1, 2 ]; + $hostaddr = $oldaddr; + $hostaddr = $params{hosts} if ( $params{hosts} ); + $date = $oldate if ( !$date ); + $logger->info("updating schedule number $id to date=$date,hostaddr=$hostaddr"); + $cron->update_index($id, $date, $bin_dir."/pfcmd schedule now $hostaddr"); + } else { + $logger->error("Schedule Failed"); + return (0); + } + + print $cron->get_indexes(); + $cron->write_cron("pf"); + } +} + +# +# +# +sub config_entry { + my ( $param, $value ) = @_; + my ( $default, $orig_param, $dot_param, $param2, $type, $options, $val ); + + $orig_param = $param; + $dot_param = $param; + $dot_param =~ s/\s+/\./g; + ( $param, $param2 ) = split( " ", $param ) if ( $param =~ /\s/ ); + + if ( defined( $Default_Config{$orig_param}{$value} ) ) { + $default = $Default_Config{$orig_param}{$value}; + } else { + $default = ""; + } + if ( defined( $Doc_Config{"$param.$value"}{'options'} ) ) { + $options = $Doc_Config{"$param.$value"}{'options'}; + $options = join(";",@$options); + } else { + $options = ""; + } + if ( defined( $Doc_Config{"$param.$value"}{'type'} ) ) { + $type = $Doc_Config{"$param.$value"}{'type'}; + } else { + $type = "text"; + } + if ( defined( $Config{$orig_param}{$value} ) ) { + $val = "$dot_param.$value=$Config{$orig_param}{$value}"; + } else { + $val = "$dot_param.$value="; + } + return join( "|", $val, $default, $options, $type ) . "\n"; +} + +# +# This doesn't work anymore with pfconfig +# pfcmd will be rewritten so we leave it empty with a nice message +# +sub config { + print STDERR "This command has been deprecated. Please use the web administration interface.\n"; + exit(1); +} + +# +# run reports +# +sub report { + require pf::pfcmd::report; + import pf::pfcmd::report; + my $option = $cmd{command}[0]; + my $service; + $service = $cmd{command}[1] if ( defined $cmd{command}[1] ); + my $type; + if ( ( defined $cmd{command}[2] ) && ( $cmd{command}[2] ne '' ) ) { + $type = $cmd{command}[2]; + } else { + $type = 'all'; + } + exit( print_results( "report_" . $service . "_" . $type ) ); +} + +sub configfiles { + my $option = $cmd{command}[1]; + require pf::configfile; + import pf::configfile; + if ( $option eq "push" ) { + foreach my $config_file (@stored_config_files) { + configfile_import($config_file); + } + } elsif ( $option eq "pull" ) { + foreach my $config_file (@stored_config_files) { + configfile_export($config_file); + } + } + exit; +} + +# +# +# +sub reload { + my $option = $cmd{command}[1]; + if ( $option eq "fingerprints" ) { + require pf::os; + my $fp_total = pf::os::import_dhcp_fingerprints({ force => $TRUE }); + $logger->info("$fp_total DHCP fingerprints reloaded"); + print "$fp_total DHCP fingerprints reloaded\n"; + } + exit; +} + +sub update { + my $option = $cmd{command}[1]; + require LWP::UserAgent; + my $browser = LWP::UserAgent->new; + if ( $option eq "fingerprints" ) { + require pf::os; + my ($status,$version_msg,$total) = pf::os::update_dhcp_fingerprints_conf(); + if ( is_success($status) ) { + print "DHCP fingerprints updated via $dhcp_fingerprints_url to $version_msg\n"; + print "$total DHCP fingerprints reloaded\n"; + } + else { + $logger->logdie( $version_msg); + } + } + elsif ( $option eq "oui" ) { + my ($status,$msg) = download_oui(); + if ( is_success($status) ) { + load_oui(1); + print "$msg\n"; + } + else { + $logger->logdie($msg); + } + } + exit; +} + +sub graph { + my $graph = $cmd{command}[1]; + if ( ( $graph ne 'ifoctetshistoryuser' ) + && ( $graph ne 'ifoctetshistorymac' ) + && ( $graph ne 'ifoctetshistoryswitch' ) ) + { + require pf::pfcmd::graph; + import pf::pfcmd::graph; + my $interval; + if ( defined $cmd{command}[2] ) { + $interval = $cmd{command}[2]; + } else { + $interval = "day"; + } + exit( print_graph_results( \&{"main::graph_$graph"}, $interval ) ); + } else { + require pf::ifoctetslog; + import pf::ifoctetslog; + my %params; + $params{'start_time'} = str2time( $cmd{command}[-2] ); + $params{'end_time'} = str2time( $cmd{command}[-1] ); + my @results; + if ( $graph eq 'ifoctetshistoryuser' ) { + @results = ifoctetslog_graph_user( $cmd{command}[2], %params ); + } elsif ( $graph eq 'ifoctetshistorymac' ) { + @results = ifoctetslog_graph_mac( $cmd{command}[2], %params ); + } elsif ( $graph eq 'ifoctetshistoryswitch' ) { + $params{'ifIndex'} = $cmd{command}[3]; + @results + = ifoctetslog_graph_switchport( $cmd{command}[2], %params ); + } + print "count|mydate|series\n"; + foreach my $set (@results) { + print $set->{'throughPutIn'} . "|" . $set->{'mydate'} . "|in\n"; + print $set->{'throughPutOut'} . "|" . $set->{'mydate'} . "|out\n"; + } + } +} + +sub lookup { + my $option = $cmd{command}[0]; + my $service = $cmd{command}[1]; + my $id = $cmd{command}[2]; + + push @INC, $bin_dir; + if ( $service eq 'person' ) { + require pf::person; + import pf::person; + require pf::lookup::person; + my $tmp_lookup = pf::lookup::person::lookup_person($id); + print $tmp_lookup; + } else { + require pf::lookup::node; + my $tmp_lookup = pf::lookup::node::lookup_node($id); + print $tmp_lookup; + } +} + +# +# parse ui.conf config file +# +sub ui { + my $service = $cmd{command}[1]; + my $option = $cmd{command}[2]; + my $interval = $cmd{command}[3]; + if ( $service eq "menus" ) { + + Readonly my %table2key => ( + 'person' => 'pid', + 'node' => 'mac', + 'violation' => 'id', + 'class' => 'vid', + 'trigger' => 'trigger', + 'scan' => 'id', + ); + + # TODO: remove this test when we will reactivate Scan from web admin, it is no longer valid + # check if Net::Nessus::ScanLite is installed + my $scanLiteInstalled = 1; + eval 'use Net::Nessus::ScanLite'; + if ($@) { + $scanLiteInstalled = 0; + } + + # read in configuration file + my %uiconfig; + tie %uiconfig, 'pf::config::cached', ( -file => $ui_config_file ) + or $logger->logdie("Unable to open $ui_config_file $!"); + + my $string; + foreach my $section ( tied(%uiconfig)->Sections ) { + my @array = split( /\./, $section ); + my $service; + $service = $array[1] if ( $array[1] ); + + # don't show scan menu if feature is not installed + next if ( ( defined $service ) && ( $service eq "scan" ) && ( !$scanLiteInstalled ) ); + + $string .= join( "|", @array ) . "|"; + my @keys; + + foreach + my $key ( split( /\s*,\s*/, $uiconfig{$section}{'display'} ) ) + { + my $key2; + if ( defined $service + && defined( $table2key{$service} ) + && $table2key{$service} eq $key ) + { + $key2 = $key . "*"; + } else { + $key2 = $key; + } + $key =~ s/^-//; + # don't show scan menu if feature is not installed + next if ( ( $key eq "scan" ) && ( !$scanLiteInstalled ) ); + + if ( defined $uiconfig{$section}{$key} ) { + push @keys, "$key2='$uiconfig{$section}{$key}'"; + } else { + push @keys, "$key2='$key2'"; + } + } + $string .= join( ":", @keys ) . "\n"; + } + print $string; + } elsif ( $service eq "dashboard" ) { + require pf::pfcmd::dashboard; + import pf::pfcmd::dashboard; + $interval = 3 unless ($interval); + exit( print_results( "nugget_" . $option, $interval ) ); + } else { + require pf::pfcmd::help; + pf::pfcmd::help::usage("help"); + } +} + +# +# node,person,violation parser +# +# TODO: this method could be streamlined to remove all corner cases that grew in it over time +sub command_param { + my ($type) = @_; + my $options = $type . "_options"; + my $option = $cmd{$options}[0]; + my $id = $cmd{$options}[1]; + + # strip out the delimiter + $id =~ s/$delimiter//g; + my $function = $type; + if ( $option eq "view" ) { + $function .= "_view"; + $function .= "_all" if ( $id eq 'all' ); + my %params; + + #use Data::Dumper; + #print Dumper(%cmd); + if ( defined( $cmd{'orderby_options'} ) ) { + $params{'orderby'} = 'order by ' . $cmd{'orderby_options'}[2]; + if ( scalar( @{ $cmd{'orderby_options'} } ) == 4 ) { + $params{'orderby'} .= " " . $cmd{'orderby_options'}[3]; + } + } + if ( defined( $cmd{'limit_options'} ) ) { + $params{'limit'} + = 'limit ' + . $cmd{'limit_options'}[1] . ',' + . $cmd{'limit_options'}[3]; + } + if ( defined( $cmd{'node_filter'} ) ) { + $function .= "_all"; + $params{'where'}{'type'} = $cmd{'node_filter'}[0]; + $params{'where'}{'value'} = $cmd{'node_filter'}[1]; + } + exit( print_results( $function, $id, %params ) ); + return (0); + } elsif ( $option eq "count" ) { + $function .= "_count_all"; + my %params; + if ( defined( $cmd{'node_filter'} ) ) { + $params{'where'}{'type'} = $cmd{'node_filter'}[0]; + $params{'where'}{'value'} = $cmd{'node_filter'}[1]; + } + exit( print_results( $function, $id, %params ) ); + return (0); + } elsif ( $option eq "add" ) { + $function .= "_add"; + } elsif ( $option eq "edit" ) { + $function .= "_modify"; + } elsif ( $option eq "delete" ) { + $function .= "_delete"; + } else { + usage("param"); + } + + my $assignment = $type . "_assignment"; + my %params = format_assignment( @{ $cmd{$assignment} } ); + my $returnValue = 0; + if ( ( $function eq "node_modify" ) || ( $function eq "node_add" ) ) { + $id = lc($id); + } + + #print Dumper(%params); + # run update/or delete and check return val + if ( $function eq "violation_add" ) { + # test coderef existence + if (!exists(&{$main::{$function}})) { + print "No such sub: $function at line ".__LINE__.".\n"; + } else { + require JSON; + my $output = $cmd{$options}[3]; + # execute coderef main::$function sub + $logger->info( "pfcmd calling $function for " . $params{mac} ); + my ($result) = &{$main::{$function}}($params{mac}, $params{vid}, %params); + if(defined $output && $output eq 'json') { + my %json; + $json{'id'} = $result if $result > 0; + $json{'warnings'} = [violation_last_warnings()]; + $json{'errors'} = [violation_last_errors()]; + print JSON::to_json(\%json); + } else { + my @warnings = violation_last_warnings(); + my @errors = violation_last_errors(); + print STDERR join("\n","Warnings:",@warnings),"\n" if @warnings; + print STDERR join("\n","Errors:",@errors),"\n" if @errors; + } + } + } else { + if ( $function eq "violation_delete" ) { + my @violation_data = violation_view($id); + if ( scalar(@violation_data) == 1 ) { + $params{mac} = $violation_data[0]->{'mac'}; + } else { + $params{mac} = ''; + } + } elsif ( $function eq "violation_modify" ) { + if ( ( !exists( $params{'mac'} ) ) || ( $params{'mac'} eq '' ) ) { + my @violation_data = violation_view($id); + if ( scalar(@violation_data) == 1 ) { + $params{mac} = $violation_data[0]->{'mac'}; + } else { + $params{mac} = ''; + } + } + } + # test coderef existence + if (!exists(&{$main::{$function}})) { + print "No such sub: $function at line ".__LINE__.".\n"; + } else { + + # execute coderef main::$function sub + $logger->info("pfcmd calling $function for $id"); + $returnValue = &{$main::{$function}}($id, %params); + } + } + if ( $returnValue != 2 ) { + + #print "$function updated\n"; + if ( $function =~ /^person_add|person_modify$/ ) { + $logger->debug( + "$function was called - we don't need to recalculate iptables and switchport VLAN assignments" + ); + } else { + # TODO proper exception framework please? + if ( ($function =~ /^node_delete$/) and ($returnValue == 0) ) { + $logger->logdie("Cannot delete this node since there are some records in locationlog table " + . "indicating that this node might still be connected and active on the network " + . "(pfcmd line ".__LINE__.".)" + ); + } elsif ( ($function =~ /^person_delete$/) and ($returnValue == 0) ) { + $logger->logdie( + "Cannot delete this person since there are some nodes associated to it. (pfcmd line ".__LINE__.".)" + ); + } + + require pf::enforcement; + if ( ($function eq 'violation_add') + || ( $function eq 'violation_delete' ) + || ( $function eq 'violation_modify' ) ) { + pf::enforcement::reevaluate_access( $params{mac}, $function ); + } else { + pf::enforcement::reevaluate_access( $id, $function ); + } + } + return (0); + } else { + if ( $function =~ /^node_add$/ ) { + print "Error adding a node: The node already exists. (pfcmd line ".__LINE__.")\n"; + } else { + print "error: please consult log for more information\n"; + } + return (2); + } +} + +# +# given a function name and a table will execute the function and correctly format the output +# example: print_results("node","node_view_all"); +# +sub print_results { + my ( $function, $key, %params ) = @_; + my $total; + my @results; + # calling a function looked up dynamically: first test coderef existence + my $functionName = "main::$function"; + if ( !defined(&$functionName) ) { + print "No such sub $function at line ". __LINE__ .".\n"; + } else { + # then execute the method (looking up using main::..) + @results = &{$main::{$function}}($key, %params); + } + $total = scalar(@results); + if ($count) { + $offset = scalar(@results) if ( $offset > scalar(@results) ); + $count = scalar(@results) - $offset + if ( $offset + $count > scalar(@results) ); + @results = splice( @results, $offset, $count ); + } + + my @fields = field_order(); + push @fields, keys( %{ $results[0] } ) if ( !scalar(@fields) ); + + if ( scalar(@fields) ) { + print join( $delimiter, @fields ) . "\n"; + foreach my $row (@results) { + next + if ( defined( $row->{'mydate'} ) + && $row->{'mydate'} =~ /^00/ ); + my @values = (); + foreach my $field (@fields) { + my $value = $row->{$field}; + if ( defined($value) && $value !~ /^0000-00-00 00:00:00$/ ) { + + # little hack to reverse dates + if ( $value =~ /^(\d+)\/(\d+)$/ ) { + $value = "$2/$1"; + } elsif ( $value =~ /^(\d+)\/(\d+)\/(\d+)$/ ) { + $value = "$2/$3/$1"; + } + push @values, $value; + } else { + push @values, ""; + } + } + print join( $delimiter, @values ) . "\n"; + } + } + return ($total); +} + +# This function has dirtied my soul. I beg forgiveness for the disgusting code that follows. +# I need a brillo pad and a long, long shower... + +sub print_graph_results { + my ( $function, $interval ) = @_; + require Date::Parse; + + # TOTAL HACK, but we avoid using yet another module + my %months = ( + "01" => "31", + "02" => "28", + "03" => "31", + "04" => "30", + "05" => "31", + "06" => "30", + "07" => "31", + "08" => "31", + "09" => "30", + "10" => "31", + "11" => "30", + "12" => "31" + ); + + my @results; + if ($function) { + @results = $function->($interval); + } else { + print "No such sub $function\n"; + exit; + } + my %series; + foreach my $result (@results) { + next if ( $result->{'mydate'} =~ /0000/ ); + my $s = $result->{'series'}; + push( @{ $series{$s} }, $result ); + } + my @fields = field_order(); + push @fields, keys( %{ $results[0] } ) if ( !scalar(@fields) ); + print join( "|", @fields ) . "\n"; + + #determine first and last time in all series + my $first_time = undef; + my $last_time = undef; + foreach my $s ( keys(%series) ) { + my $start_year; + my $start_mon = 1; + my $start_day = 1; + my $end_year; + my $end_mon = 1; + my $end_day = 1; + my @results = @{ $series{$s} }; + if ( $interval eq "day" ) { + ( $start_year, $start_mon, $start_day ) + = split( /\//, $results[0]->{'mydate'} ); + ( $end_year, $end_mon, $end_day ) + = split( /\//, $results[ scalar(@results) - 1 ]->{'mydate'} ); + } elsif ( $interval eq "month" ) { + ( $start_year, $start_mon ) + = split( /\//, $results[0]->{'mydate'} ); + ( $end_year, $end_mon ) + = split( /\//, $results[ scalar(@results) - 1 ]->{'mydate'} ); + } elsif ( $interval eq "year" ) { + $start_year = $results[0]->{'mydate'}; + $end_year = $results[ scalar(@results) - 1 ]->{'mydate'}; + } + my $start_time = Date::Parse::str2time( + "$start_year-$start_mon-$start_day" . "T00:00:00.0000000" ); + my $end_time = Date::Parse::str2time( + "$end_year-$end_mon-$end_day" . "T00:00:00.0000000" ); + if ( ( !defined($first_time) ) || ( $start_time < $first_time ) ) { + $first_time = $start_time; + } + if ( ( !defined($last_time) ) || ( $end_time > $last_time ) ) { + $last_time = $end_time; + } + } + + #add, if necessary, first and last time entries to all series + foreach my $s ( keys(%series) ) { + my $start_year; + my $start_mon = 1; + my $start_day = 1; + my $end_year; + my $end_mon = 1; + my $end_day = 1; + my @results = @{ $series{$s} }; + if ( $interval eq "day" ) { + ( $start_year, $start_mon, $start_day ) + = split( /\//, $results[0]->{'mydate'} ); + ( $end_year, $end_mon, $end_day ) + = split( /\//, $results[ scalar(@results) - 1 ]->{'mydate'} ); + } elsif ( $interval eq "month" ) { + ( $start_year, $start_mon ) + = split( /\//, $results[0]->{'mydate'} ); + ( $end_year, $end_mon ) + = split( /\//, $results[ scalar(@results) - 1 ]->{'mydate'} ); + } elsif ( $interval eq "year" ) { + $start_year = $results[0]->{'mydate'}; + $end_year = $results[ scalar(@results) - 1 ]->{'mydate'}; + } + my $start_time = Date::Parse::str2time( + "$start_year-$start_mon-$start_day" . "T00:00:00.0000000" ); + my $end_time = Date::Parse::str2time( + "$end_year-$end_mon-$end_day" . "T00:00:00.0000000" ); + if ( $start_time > $first_time ) { + my $new_record; + foreach my $field (@fields) { + if ( $field eq "mydate" ) { + $new_record->{$field} = POSIX::strftime( "%Y/%m/%d", + localtime($first_time) ); + } elsif ( $field eq "count" ) { + $new_record->{$field} = 0; + } else { + $new_record->{$field} + = $results[ scalar(@results) - 1 ]->{$field}; + } + } + unshift( @{ $series{$s} }, $new_record ); + } + if ( $end_time < $last_time ) { + my $new_record; + foreach my $field (@fields) { + if ( $field eq "mydate" ) { + $new_record->{$field} = POSIX::strftime( "%Y/%m/%d", + localtime($last_time) ); + } else { + $new_record->{$field} + = $results[ scalar(@results) - 1 ]->{$field}; + } + } + push( @{ $series{$s} }, $new_record ); + } + } + + foreach my $s ( keys(%series) ) { + my @results = @{ $series{$s} }; + my $year = POSIX::strftime( "%Y", localtime ); + my $month = POSIX::strftime( "%m", localtime ); + my $day = POSIX::strftime( "%d", localtime ); + my $date; + if ( $interval eq "day" ) { + $date = "$year/$month/$day"; + } elsif ( $interval eq "month" ) { + $date = "$year/$month"; + } elsif ( $interval eq "year" ) { + $date = "$year"; + } else { + } + if ( $results[ scalar(@results) - 1 ]->{'mydate'} ne $date ) { + my %tmp = %{ $results[ scalar(@results) - 1 ] }; + $tmp{'mydate'} = $date; + push( @results, \%tmp ); + } + push( @results, $results[0] ) if ( scalar(@results) == 1 ); + if ( $interval eq "day" ) { + for ( my $r = 0; $r < scalar(@results) - 1; $r++ ) { + my ( $start_year, $start_mon, $start_day ) + = split( /\//, $results[$r]->{'mydate'} ); + my ( $end_year, $end_mon, $end_day ) + = split( /\//, $results[ $r + 1 ]->{'mydate'} ); + my $start_time + = Date::Parse::str2time( + "$start_year-$start_mon-$start_day" + . "T00:00:00.0000000" ); + my $end_time = Date::Parse::str2time( + "$end_year-$end_mon-$end_day" . "T00:00:00.0000000" ); + for ( + my $current_time = $start_time; + $current_time < $end_time; + $current_time += 86400 + ) + { + my @values; + foreach my $field (@fields) { + if ( $field eq "mydate" ) { + push( + @values, + POSIX::strftime( + "%m/%d/%Y", localtime($current_time) + ) + ); + } else { + push( @values, $results[$r]->{$field} ); + } + } + print join( "|", @values ) . "\n"; + } + } + my ( $year, $mon, $day ) + = split( /\//, $results[ scalar(@results) - 1 ]->{'mydate'} ); + my @values; + foreach my $field (@fields) { + if ( $field eq "mydate" ) { + push( + @values, + join( "/", + sprintf( "%02d", $mon ), + sprintf( "%02d", $day ), + sprintf( "%02d", $year ) ) + ); + } else { + push( @values, + $results[ scalar(@results) - 1 ]->{$field} ); + } + } + print join( "|", @values ) . "\n"; + + } elsif ( $interval eq "month" ) { + for ( my $r = 0; $r < scalar(@results) - 1; $r++ ) { + my ( $start_year, $start_mon ) + = split( /\//, $results[$r]->{'mydate'} ); + my ( $end_year, $end_mon ) + = split( /\//, $results[ $r + 1 ]->{'mydate'} ); + my $mstart = $start_mon; + for ( my $i = $start_year; $i <= $end_year; $i++ ) { + my $mend; + if ( $i == $end_year ) { + $mend = $end_mon; + } else { + $mend = "12"; + } + for ( my $ii = $mstart; $ii <= $mend; $ii++ ) { + if ( !( $i == $end_year && $ii == $end_mon ) ) { + my @values; + foreach my $field (@fields) { + if ( $field eq "mydate" ) { + push( + @values, + join( "/", + sprintf( "%02d", $ii ), + sprintf( "%02d", $i ) ) + ); + } else { + push( @values, $results[$r]->{$field} ); + } + } + print join( "|", @values ) . "\n"; + } + } + $mstart = 1; + } + } + my ( $year, $mon ) + = split( /\//, $results[ scalar(@results) - 1 ]->{'mydate'} ); + my @values; + foreach my $field (@fields) { + if ( $field eq "mydate" ) { + push( + @values, + join( "/", + sprintf( "%02d", $mon ), + sprintf( "%02d", $year ) ) + ); + } else { + push( @values, + $results[ scalar(@results) - 1 ]->{$field} ); + } + } + print join( "|", @values ) . "\n"; + } elsif ( $interval eq "year" ) { + for ( my $r = 0; $r < scalar(@results) - 1; $r++ ) { + my ($start_year) = $results[$r]->{'mydate'}; + my ($end_year) = $results[ $r + 1 ]->{'mydate'}; + for ( my $i = $start_year; $i <= $end_year; $i++ ) { + if ( !( $i == $end_year ) ) { + my @values; + foreach my $field (@fields) { + if ( $field eq "mydate" ) { + push( @values, sprintf( "%02d", $i ) ); + } else { + push( @values, $results[$r]->{$field} ); + } + } + print join( "|", @values ) . "\n"; + } + } + } + my ($year) = $results[ scalar(@results) - 1 ]->{'mydate'}; + my @values; + foreach my $field (@fields) { + if ( $field eq "mydate" ) { + push( @values, sprintf( "%02d", $year ) ); + } else { + push( @values, + $results[ scalar(@results) - 1 ]->{$field} ); + } + } + print join( "|", @values ) . "\n"; + } + } +} + +# +# format a hash of assignments based on the grammar +# example: format_assignment($cmd{node_assignment}); +# +sub format_assignment { + my @fields = @_; + my ( @columns, @values, @assignment, %return ); + foreach my $array (@fields) { + my $column = $array->[0]; + my $value = $array->[1]; + my $assignment = $array->[2]; + $column =~ s/$delimiter//g; + $value =~ s/$delimiter//g; + $return{$column} = $value; + } + return (%return); +} + +sub field_order { + return pf::config::ui->instance->field_order("@ARGV"); +} + +sub fixpermissions { + my $pfcmd = "${bin_dir}/pfcmd"; + my @extra_var_dirs = map { catfile($var_dir,$_) } qw(run cache conf sessions); + _changeFilesToOwner('pf',@log_files, @stored_config_files, $install_dir, $bin_dir, $conf_dir, $var_dir, $lib_dir, $log_dir, $generated_conf_dir, $tt_compile_cache_dir, $pfconfig_cache_dir, @extra_var_dirs); + _changeFilesToOwner('root',$pfcmd); + chmod(06755,$pfcmd); + chmod(0664, @stored_config_files); + chmod(02775, $conf_dir, $var_dir, $log_dir, $generated_conf_dir,$install_dir, $pfconfig_cache_dir, @extra_var_dirs); + chmod(02770, $pfconfig_cache_dir); + return 0; +} + +sub _changeFilesToOwner { + my ($user,@files) = @_; + my ($login,$pass,$uid,$gid) = getpwnam($user); + chown $uid,$gid,@files; +} + +sub configreload { + my ($type) = @_; + $type = 'soft' unless defined $type; + $logger->trace("configreload $type"); + my $force = $type eq 'hard' ? 1 : 0; + require pf::violation_config; + require pf::authentication; + require pf::admin_roles; + require pf::ConfigStore::AdminRoles; + require pf::ConfigStore::Authentication; + require pf::ConfigStore::FloatingDevice; + require pf::ConfigStore::Interface; + require pf::ConfigStore::Provisioning; + require pf::ConfigStore::Network; + require pf::ConfigStore::Pf; + require pf::ConfigStore::Profile; + require pf::ConfigStore::Switch; + require pf::ConfigStore::Violations; + require pf::ConfigStore::Wrix; + require pf::web::filter; + require pf::vlan::filter; + pf::config::cached::updateCacheControl(); + pf::config::cached::ReloadConfigs($force); + + # reload pfconfig's config + require pfconfig::manager; + my $manager = pfconfig::manager->new; + $manager->expire_all; + + # reload violations into DB + require pf::violation_config; + pf::violation_config::loadViolationsIntoDb(); + return 0; +} + +sub cache { + require pf::CHI; + my $namespace = $cmd{command}[1]; + my $action = $cmd{command}[2]; + $namespace = $1 if $namespace =~ /^(.*+)$/; + $action = $1 if $action =~ /^(.*+)$/; + unless ( any { $namespace eq $_ } @pf::CHI::CACHE_NAMESPACES ) { + print "the namespace '$namespace' does not exist\n"; + return 1; + } + my $cache = pf::CHI->new( namespace => $namespace); + if ($action eq 'list' ) { + print join("\n",$cache->get_keys),"\n"; + } elsif ($action eq 'clear') { + $cache->remove($_) for map { /^(.*)$/;$1 } $cache->get_keys; + } elsif ($action eq 'remove') { + my $key = $cmd{command}[3]; + $key = $1 if $key =~ /^(.*)$/; + $cache->remove($key); + } elsif ($action eq 'dump') { + my $key = $cmd{command}[3]; + $key = $1 if $key =~ /^(.*)$/; + require Data::Dumper; + print Data::Dumper::Dumper($cache->get($key)); + } elsif ($action eq 'expire') { + for my $key ($cache->get_keys) { + $cache->remove($key) if $cache->exists_and_is_expired($key); + } + } + + return 0; +} + + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2015 Inverse inc. + +Copyright (C) 2005 Kevin Amorin + +Copyright (C) 2005 David LaPorte + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + diff --git a/bin/pfcmd.pl b/bin/pfcmd.pl index 7fbeb0259eab..3fdf8fb80e4a 100755 --- a/bin/pfcmd.pl +++ b/bin/pfcmd.pl @@ -1,2518 +1,27 @@ #!/usr/bin/perl -T - =head1 NAME -pfcmd - PacketFence command line interface +pfcmd -=head1 SYNOPSIS +=cut -pfcmd [options] +=head1 DESCRIPTION - Command: - checkup | perform a sanity checkup and report any problems - class | view violation classes - config | query, set, or get help on pf.conf configuration paramaters - configfiles | push or pull configfiles into/from database - floatingnetworkdeviceconfig | query/modify floating network devices configuration parameters - fingerprint | view DHCP Fingerprints - fixpermissions | fix permissions of files - graph | trending graphs - history | IP/MAC history - ifoctetshistorymac | accounting history - ifoctetshistoryswitch | accounting history - ifoctetshistoryuser | accounting history - import | bulk import of information into the database - interfaceconfig | query/modify interface configuration parameters - ipmachistory | IP/MAC history - locationhistorymac | Switch/Port history - locationhistoryswitch | Switch/Port history - lookup | node or pid lookup against local data store - manage | manage node entries - networkconfig | query/modify network configuration parameters - node | node manipulation - nodeaccounting | RADIUS Accounting Information - nodecategory | nodecategory manipulation - nodeuseragent | View User-Agent information associated to a node - person | person manipulation - reload | rebuild fingerprints without restart - report | current usage reports - schedule | Nessus scan scheduling - service | start/stop/restart and get PF daemon status - switchconfig | query/modify switches.conf configuration parameters - switchlocation | view switchport description and location - traplog | update traplog RRD files and graphs or obtain - switch IPs - trigger | view and throw triggers - ui | used by web UI to create menu hierarchies and dashboard - update | download canonical fingerprint or OUI data - useragent | view User-Agent fingerprint information - version | output version information - violation | violation manipulation - violationconfig | query/modify violations.conf configuration parameters +driver script for pfcmd =cut use strict; use warnings; +use lib qw(/usr/local/pf/lib); # force UID/EUID to root to allow socket binds, etc # required for non-root (and GUI) service restarts to work $> = 0; $< = 0; -use Data::Dumper; -use English qw( -no_match_vars ) ; # Avoids regex performance penalty -use POSIX(); -use Readonly; -use File::Spec::Functions qw(catfile); -use Date::Parse; -use File::Basename qw(basename); -use Log::Log4perl; -use Try::Tiny; -use List::MoreUtils qw(part any); -use Scalar::Util qw(tainted); - -use constant { - INSTALL_DIR => '/usr/local/pf', - JUST_MANAGED => 1, - INCLUDE_DEPENDS_ON => 2, -}; - -use lib INSTALL_DIR . "/lib"; - -use pf::log; -use pf::config; -use pf::config::ui; -use pf::pfcmd; -use pf::util; -use HTTP::Status qw(is_success); -use List::MoreUtils qw(all true); -use List::Util qw(first); -use Term::ANSIColor; -use IO::Interactive qw(is_interactive); - -# Perl taint mode setup (see: perlsec) -delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; -$ENV{PATH} = "/bin:/sbin:/usr/bin:/usr/sbin"; - -# Uncomment the following line to enable tracing in the grammar -# Warning: doing so will break the web admin -# TODO: this parameter should be exposed to the CLI -#our $RD_TRACE = 1; - -my $logger = get_logger(); - -Readonly my $delimiter => '|'; -use vars qw/%cmd $grammar/; -my $command; -our %ACTION_MAP = ( - status => \&statusOfService, - start => \&startService, - stop => \&stopService, - watch => \&watchService, - restart => \&restartService, -); - -our ($SERVICE_HEADER, $IS_INTERACTIVE); -our ($RESET_COLOR, $WARNING_COLOR, $ERROR_COLOR, $SUCCESS_COLOR); - -my $count = $ENV{PER_PAGE}; -my $offset = $ENV{PAGE_NUM}; - -@ARGV = ( $ENV{ARGS} ) if ( $ENV{ARGS} ); - -if ( $offset && $offset > 0 ) { - $offset = $offset - 1; - $offset = $offset * $count; -} - - -if ( defined $ENV{GATEWAY_INTERFACE} ) { - require CGI; - import CGI qw(-no_debug :standard); - my $q = new CGI; - if ( $q->param('ARGS') ) { - @ARGV = $q->param("ARGS"); - print $q->header; - } elsif ( scalar(@ARGV) == 0 ) { - print 'ERROR in parameters'; - return (0); - } -} - -# generate pre-compiled grammar -#Parse::RecDescent->Precompile($grammar, "pfcmd_pregrammar"); -#exit 1; - -# dynamic grammar parsing (slow) -#my $parser=Parse::RecDescent->new($grammar); - -# FIXME: all of this is confusing duplication, we need to get rid of one of both method to call a sub -my %cmd_tmp = pf::pfcmd::parseCommandLine( join(' ', @ARGV) ); -if (! exists($cmd_tmp{'grammar'})) { - %cmd = %cmd_tmp; - # TODO minor refactoring: call method using exit( method() ) instead of appending an exit(1) - my %commands = ( - 'cache' => sub { exit (cache()) }, - 'checkup' => sub { - my $return = checkup(); - print "Nothing to report.\n" if ($return == $FALSE); - exit(1); - }, - 'fixpermissions' => sub { exit (fixpermissions()) }, - 'configreload' => sub { exit (configreload($cmd{command}[1])) }, - 'class' => sub { class(); exit(1); }, - 'config' => sub { config(); exit(0); }, - 'configfiles' => sub { configfiles(); exit(1); }, - 'floatingnetworkdeviceconfig' => sub { floatingnetworkdeviceconfig(); exit(1); }, - 'fingerprint' => sub { fingerprint(); exit(1); }, - 'graph' => sub { graph(); exit(1); }, - 'help' => sub { help(); exit(0); }, - 'history' => sub { history(); exit(1); }, - 'ifoctetshistorymac' => sub { ifoctetshistorymac(); exit(1); }, - 'ifoctetshistoryswitch' => sub { ifoctetshistoryswitch(); exit(1); }, - 'ifoctetshistoryuser' => sub { ifoctetshistoryuser(); exit(1); }, - 'import' => sub { import_data(); exit(1); }, - 'interfaceconfig' => sub { interfaceconfig(); exit(1); }, - 'ipmachistory' => sub { ipmachistory(); exit(1); }, - 'locationhistorymac' => sub { locationhistorymac(); exit(1); }, - 'locationhistoryswitch' => sub { locationhistoryswitch(); exit(1); }, - 'lookup' => sub { lookup(); exit(1); }, - 'manage' => sub { exit(manage()); }, - 'networkconfig' => sub { networkconfig(); exit(1); }, - 'node' => sub { - require pf::node; - import pf::node; - command_param('node'); - exit(1); - }, - 'nodeaccounting' => sub { nodeaccounting(); exit(1) }, - 'nodecategory' => sub { nodecategory(); exit(1); }, - 'nodeuseragent' => sub { nodeuseragent(); exit(1); }, - 'person' => sub { - require pf::person; - import pf::person; - command_param('person'); - exit(1); - }, - 'reload' => sub { reload(); exit(1); }, - 'report' => sub { report(); exit(1); }, - 'schedule' => sub { schedule(); exit(1); }, - 'service' => sub { exit service(); }, - 'switchconfig' => sub { switchconfig(); exit(1); }, - 'switchlocation' => sub { switchlocation(); exit(1); }, - 'traplog' => sub { traplog(); exit(1); }, - 'trigger' => sub { trigger(); exit(1); }, - 'ui' => sub { ui(); exit(1); }, - 'update' => sub { update(); exit(1); }, - 'useragent' => sub { useragent(); exit(1); }, - 'version' => sub { version(); exit(1); }, - 'violation' => sub { - require pf::violation; - import pf::violation; - command_param('violation'); - exit(1); - }, - 'violationconfig' => sub { violationconfig(); exit(1); }, - ); - if ( $commands{ $cmd{'command'}[0] } ) { - $commands{ $cmd{'command'}[0] }->(); - } else { - die "unknown command"; - }; - -} else { - if ($cmd_tmp{'grammar'} == 0) { - - # if argument list is not empty then it's a command not understood - if (@ARGV) { - # line number is a hack for web admin error output - print STDERR "Command not understood. (pfcmd grammar test failed at line ".__LINE__.".)\n"; - } - require pf::pfcmd::help; - pf::pfcmd::help::usage(); - exit(1); - } - $command = $cmd{'command'}[0]; -} - -#if ($command =~ /^(version|class|help|history|ipmachistory|locationhistoryswitch|locationhistorymac|ifoctetshistorymac|ifoctetshistoryswitch|ifoctetshistoryuser|report|ui|graph|switchlocation|nodecategory|trigger)$/i) { -# ($main::{$command} or sub { print "No such sub: $_\n" })->(); -# exit 1; -#} - -if ( lc($command) eq 'person' ) { - require pf::person; - import pf::person; - command_param($command); -} elsif ( lc($command) eq 'node' ) { - require pf::node; - import pf::node; - command_param($command); -} elsif ( lc($command) eq 'violation' ) { - require pf::violation; - import pf::violation; - command_param($command); -} else { - # calling a function looked up dynamically: first test coderef existence - if (!exists(&{$main::{$command}})) { - print "No such sub: $command at line ".__LINE__.".\n"; - } else { - # then execute main::$command sub - $logger->debug("executing sub " . $command . "()"); - # TODO: wrapping this around a try / catch block wouldn't hurt - &{$main::{$command}}(); - } -} - -# END MAIN - -sub help { - my $service = ($cmd{command}[1] || ''); - require pf::pfcmd::help; - my $functionName = "pf::pfcmd::help::help_$service"; - if ( !$service || !defined(&$functionName) ) { - pf::pfcmd::help::usage($TRUE); - } else { - ( $pf::pfcmd::help::{ "help_" . $service } )->(); - } -} - -# will be replaced in 1.6ish with SOAP -# -sub manage { - my $option = $cmd{manage_options}[0]; - my $mac = lc( $cmd{manage_options}[1] ); - my $id; - $id = $cmd{manage_options}[2] if ( defined $cmd{manage_options}[2] ); - my $function = "manage_" . $option; - if ( $option eq "register" ) { - return 1 if ( !$id ); - my %params = format_assignment( @{ $cmd{assignment} } ); - require pf::node; - pf::node::node_register( $mac, $id, %params ); - } elsif ( $option eq "deregister" ) { - require pf::node; - pf::node::node_deregister($mac); - } elsif ( $option eq "vclose" ) { - return 2 if ( !$id ); - require pf::violation; - print pf::violation::violation_close( $mac, $id ); - } elsif ( $option eq "vopen" ) { - return 3 if ( !$id ); - require pf::violation; - print (pf::violation::violation_add( $mac, $id ) ? 1 : 0); - } - require pf::enforcement; - pf::enforcement::reevaluate_access( $mac, $function ); - return 0; -} - -sub locationhistoryswitch { - require pf::locationlog; - import pf::locationlog; - my $switch = $cmd{command}[1]; - my $ifIndex = $cmd{command}[2]; - my $date; - $date = str2time( $cmd{command}[3] ) if ( defined $cmd{command}[1] ); - my %params; - $params{'ifIndex'} = $ifIndex; - - if ($date) { - $params{'date'} = $date; - } - exit( - print_results( "locationlog_history_switchport", $switch, %params ) ); -} - -sub locationhistorymac { - require pf::locationlog; - import pf::locationlog; - my $mac = $cmd{command}[1]; - my %params; - $params{'mac'} = $mac; - $params{'date'} = str2time( $cmd{command}[2] ) if ( defined $cmd{command}[2] ); - exit( print_results( "locationlog_history_mac", $mac, %params ) ); -} - -sub ifoctetshistoryswitch { - require pf::ifoctetslog; - import pf::ifoctetslog; - my $switch = $cmd{command}[1]; - my $ifIndex = $cmd{command}[2]; - my %params; - $params{'ifIndex'} = $ifIndex; - if (scalar(@{$cmd{command}}) == 5) { - $params{'start_time'} = str2time( $cmd{command}[3] ); - $params{'end_time'} = str2time( $cmd{command}[4] ); - } - exit( - print_results( "ifoctetslog_history_switchport", $switch, %params ) ); -} - -sub ifoctetshistorymac { - require pf::ifoctetslog; - import pf::ifoctetslog; - my $mac = $cmd{command}[1]; - my %params; - if (scalar(@{$cmd{command}}) == 4) { - $params{'start_time'} = str2time( $cmd{command}[2] ); - $params{'end_time'} = str2time( $cmd{command}[3] ); - } - exit( print_results( "ifoctetslog_history_mac", $mac, %params ) ); -} - -sub ifoctetshistoryuser { - require pf::ifoctetslog; - import pf::ifoctetslog; - my $user = $cmd{command}[1]; - my %params; - if (scalar(@{$cmd{command}}) == 4) { - $params{'start_time'} = str2time( $cmd{command}[2] ); - $params{'end_time'} = str2time( $cmd{command}[3] ); - } - exit( print_results( "ifoctetslog_history_user", $user, %params ) ); -} - -sub nodecategory { - require pf::nodecategory; - import pf::nodecategory; - my $sub_cmd = $cmd{'nodecategory_options'}[0]; - my $id = $cmd{'nodecategory_options'}[1]; - - if ($sub_cmd eq 'view') { - - if ($id eq 'all') { - exit(print_results("nodecategory_view_all")); - - } else { - exit(print_results("nodecategory_view", $id)); - } - - } elsif ($sub_cmd eq 'add') { - - my %params = format_assignment(@{$cmd{'nodecategory_assignment'}}); - try { - nodecategory_add(%params); - } catch { - chomp($_); - $logger->logcarp("$_"); - }; - - } elsif ($sub_cmd eq 'edit') { - - my %params = format_assignment(@{$cmd{'nodecategory_assignment'}}); - try { - nodecategory_modify($id, %params); - } catch { - chomp($_); - $logger->logcarp("$_"); - }; - - } elsif ($sub_cmd eq 'delete') { - - try { - nodecategory_delete($id); - } catch { - chomp($_); - $logger->logcarp("$_"); - }; - } - return 1; -} - -sub nodeaccounting { - my ( $function, $id ); - require pf::accounting; - pf::accounting->import(qw(node_accounting_view node_accounting_view_all)); - $id = $cmd{command}[2]; - if ( $id && $id ne 'all' ) { - $function = "node_accounting_view"; - } else { - $function = "node_accounting_view_all"; - } - exit( print_results( $function, $id ) ); -} - -sub nodeuseragent { - my ( $function, $id ); - require pf::useragent; - pf::useragent->import(qw(node_useragent_view node_useragent_view_all)); - $id = $cmd{command}[2]; - if ( $id && $id ne 'all' ) { - $function = "node_useragent_view"; - } else { - $function = "node_useragent_view_all"; - } - exit( print_results( $function, $id ) ); -} - -sub switchlocation { - require pf::switchlocation; - import pf::switchlocation; - my $switch = $cmd{command}[2]; - my %params; - $params{'ifIndex'} = $cmd{command}[3]; - exit( - print_results( "switchlocation_view_switchport", $switch, %params ) ); -} - -sub violationconfig { - require Config::IniFiles; - my %violations_conf; - tie %violations_conf, 'Config::IniFiles', - ( -file => "$conf_dir/violations.conf" ); - my @errors = @Config::IniFiles::errors; - if ( scalar(@errors) ) { - $logger->error( "Error reading violations.conf: " - . join( "\n", @errors ) - . "\n" ); - return 0; - } - - my $mode; - if ( scalar( @{ $cmd{'command'} } ) == 1 ) { - if ( exists( $cmd{'violationconfig_options'} ) ) { - $mode = $cmd{'violationconfig_options'}[0]; - } - } else { - $mode = $cmd{'command'}[1]; - } - - if ( $mode eq 'get' ) { - foreach my $section ( tied(%violations_conf)->Sections ) { - foreach my $key ( keys %{ $violations_conf{$section} } ) { - $violations_conf{$section}{$key} =~ s/\s+$//; - } - } - - my @fields = field_order(); - print join( $delimiter, @fields ) . "\n"; - - # Now that we printed all the fields, we skip the key since it's not - # under the config section but actually the section itself - shift @fields; - - # Loop, filter and display - foreach my $section ( keys %violations_conf ) { - if ( $cmd{'command'}[2] eq 'all' || $cmd{'command'}[2] eq $section ) { - - my @values; - foreach my $column (@fields) { - push @values, - ( $violations_conf{$section}{$column} || $violations_conf{'defaults'}{$column} || '' ); - } - print $section . $delimiter . join( $delimiter, @values ) . "\n"; - } - } - } elsif ( $mode eq 'delete' ) { - my $section = $cmd{'command'}[2]; - # TODO: this seems wrong. 1st: hardcoded violation id, 2nd: how does the web react to that print? - if ( $section - =~ /^(default|all|1100001|1100004|1100005|1100009|1100010|1200001|1200003)$/ - ) - { - print "This violation can't be deleted (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } else { - if ( tied(%violations_conf)->SectionExists($section) ) { - tied(%violations_conf)->DeleteSection($section); - tied(%violations_conf) - ->RewriteConfig() - or $logger->logdie("Unable to write config to $conf_dir/violations.conf. " - ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # web ui hack - require pf::configfile; - import pf::configfile; - configfile_import( $conf_dir . "/violations.conf" ); - } else { - print "Unknown violation $section! (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } - } - } elsif ( $mode eq 'edit' ) { - my $section = $cmd{'violationconfig_options'}[1]; - my @assignments = @{ $cmd{'violationconfig_assignment'} }; - if ( tied(%violations_conf)->SectionExists($section) ) { - foreach my $assignment (@assignments) { - my ( $param, $value ) = @$assignment; - if ($section eq 'defaults') { - if ( defined( $violations_conf{$section}{$param} ) ) { - tied(%violations_conf) - ->setval( $section, $param, $value ); - } else { - tied(%violations_conf) - ->newval( $section, $param, $value ); - } - } else { - if ( defined( $violations_conf{$section}{$param} ) ) { - if ( ( !exists( $violations_conf{'defaults'}{$param} ) ) - || ( $violations_conf{'defaults'}{$param} ne $value ) - ) - { - tied(%violations_conf) - ->setval( $section, $param, $value ); - } else { - tied(%violations_conf)->delval( $section, $param ); - } - } else { - if ( ( !exists( $violations_conf{'defaults'}{$param} ) ) - || ( $violations_conf{'defaults'}{$param} ne $value ) - ) - { - tied(%violations_conf) - ->newval( $section, $param, $value ); - } - } - } - } - tied(%violations_conf) - ->RewriteConfig() - or $logger->logdie("Unable to write config to $conf_dir/violations.conf. " - ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # web ui hack - require pf::configfile; - import pf::configfile; - configfile_import( $conf_dir . "/violations.conf" ); - } else { - print "Unknown violation $section! (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } - } elsif ( $mode eq 'add' ) { - my $section = $cmd{'violationconfig_options'}[1]; - my @assignments = @{ $cmd{'violationconfig_assignment'} }; - if ( !( tied(%violations_conf)->SectionExists($section) ) ) { - tied(%violations_conf)->AddSection($section); - foreach my $assignment (@assignments) { - my ( $param, $value ) = @$assignment; - if ( ( !exists( $violations_conf{'defaults'}{$param} ) ) - || ( $violations_conf{'defaults'}{$param} ne $value ) ) - { - tied(%violations_conf) - ->newval( $section, $param, $value ); - } - } - tied(%violations_conf) - ->RewriteConfig() - or $logger->logdie("Unable to write config to $conf_dir/violations.conf. " - ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # web ui hack - require pf::configfile; - import pf::configfile; - configfile_import( $conf_dir . "/violations.conf" ); - } else { - print "Violation $section already exists! (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } - } -} - -sub floatingnetworkdeviceconfig { - require Config::IniFiles; - my $configFile = $floating_devices_file; - my %floatingnetworkdevice_conf; - - tie %floatingnetworkdevice_conf, 'Config::IniFiles', ( -file => $configFile, -allowempty => 1 ); - my @errors = @Config::IniFiles::errors; - if ( scalar(@errors) ) { - $logger->error("Error reading $configFile: " . join( "\n", @errors ) . "\n" ); - return 0; - } - - my $mode; - if ( scalar( @{ $cmd{'command'} } ) == 1 ) { - if ( exists( $cmd{'floatingnetworkdeviceconfig_options'} ) ) { - $mode = $cmd{'floatingnetworkdeviceconfig_options'}[0]; - } - } else { - $mode = $cmd{'command'}[1]; - } - - if ( $mode eq 'get' ) { - foreach my $section ( tied(%floatingnetworkdevice_conf)->Sections ) { - foreach my $key ( keys %{ $floatingnetworkdevice_conf{$section} } ) { - $floatingnetworkdevice_conf{$section}{$key} =~ s/\s+$//; - } - } - - my @sections_tmp = keys %floatingnetworkdevice_conf; - my @sections = map substr( $_, 4 ) => sort map pack( 'C4' => /(\d+)\.(\d+)\.(\d+)\.(\d+)/ ) - . $_ => @sections_tmp; - - my @fields = field_order(); - print join( $delimiter, @fields ) . "\n"; - - # Now that we printed all the fields, we skip the key since it's not - # under the config section but actually the section itself - shift @fields; - - # Loop, filter and display - foreach my $section (@sections) { - if ( $cmd{'command'}[2] eq 'all' || $cmd{'command'}[2] eq $section ) { - my @values; - foreach my $column (@fields) { - push @values, ( $floatingnetworkdevice_conf{$section}{$column} || '' ); - } - print $section . $delimiter . join( $delimiter, @values ) . "\n"; - } - } - - } elsif ( $mode eq 'delete' ) { - my $section = $cmd{'command'}[2]; - if ( $section =~ /^(all|stub)$/ ) { - print "This floating network device can't be deleted. (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } else { - if ( tied(%floatingnetworkdevice_conf)->SectionExists($section) ) { - tied(%floatingnetworkdevice_conf)->DeleteSection($section); - my $tied_floatingnetworkdevice = tied(%floatingnetworkdevice_conf); - $tied_floatingnetworkdevice->RewriteConfig() - or $logger->logdie("Unable to write config to $configFile. " - ."You might want to check the file's permissions. (see pfcmd)"); # web ui hack - require pf::configfile; - import pf::configfile; - configfile_import($configFile); - } else { - print "Unknown floating network device $section! (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } - } - } elsif ( $mode eq 'edit' ) { - my $section = $cmd{'floatingnetworkdeviceconfig_options'}[1]; - my @assignments = @{ $cmd{'floatingnetworkdeviceconfig_assignment'} }; - if ( tied(%floatingnetworkdevice_conf)->SectionExists($section) ) { - foreach my $assignment (@assignments) { - my ( $param, $value ) = @$assignment; - if ( defined( $floatingnetworkdevice_conf{$section}{$param} ) ) { - tied(%floatingnetworkdevice_conf)->setval( $section, $param, $value ); - } else { - tied(%floatingnetworkdevice_conf)->newval( $section, $param, $value ); - } - } - my $tied_floatingnetworkdevice = tied(%floatingnetworkdevice_conf); - $tied_floatingnetworkdevice->RewriteConfig() - or $logger->logdie("Unable to write config to $configFile. " - ."You might want to check the file's permissions. (see pfcmd)"); # web ui hack - require pf::configfile; - import pf::configfile; - configfile_import($configFile); - } else { - print "Unknown floating network device $section! (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } - } elsif ( $mode eq 'add' ) { - my $section = $cmd{'floatingnetworkdeviceconfig_options'}[1]; - my @assignments = @{ $cmd{'floatingnetworkdeviceconfig_assignment'} }; - if ( !( tied(%floatingnetworkdevice_conf)->SectionExists($section) ) ) { - foreach my $assignment (@assignments) { - tied(%floatingnetworkdevice_conf)->AddSection($section); - my ( $param, $value ) = @$assignment; - tied(%floatingnetworkdevice_conf)->newval( $section, $param, $value ); - } - my $tied_floatingnetworkdevice = tied(%floatingnetworkdevice_conf); - $tied_floatingnetworkdevice->RewriteConfig() - or $logger->logdie("Unable to write config to $configFile. " - ."You might want to check the file's permissions. (see pfcmd)"); # web ui hack - require pf::configfile; - import pf::configfile; - configfile_import($configFile); - } else { - print "Floating network device $section already exists! (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } - } -} - -sub networkconfig { - - my $mode; - if ( scalar( @{ $cmd{'command'} } ) == 1 ) { - if ( exists( $cmd{'networkconfig_options'} ) ) { - $mode = $cmd{'networkconfig_options'}[0]; - } - } else { - $mode = $cmd{'command'}[1]; - } - - if ( $mode eq 'get' ) { - - my @networks_tmp = keys %ConfigNetworks; - my @networks = map substr( $_, 4 ) => sort map pack( 'C4' => /(\d+)\.(\d+)\.(\d+)\.(\d+)/ ) - . $_ => @networks_tmp; - - my @fields = field_order(); - print join( $delimiter, @fields ) . "\n"; - - # Now that we printed all the fields, we skip the key since it's not - # under the config section but actually the section itself - shift @fields; - - # Loop, filter and display - foreach my $network (@networks) { - if ( $cmd{'command'}[2] eq 'all' || $cmd{'command'}[2] eq $network ) - { - my @values; - foreach my $column (@fields) { - # pf_gateway to next_hop translation - # TODO remove code once pf_gateway is deprecated (somewhere in 2012) - if ($column eq 'next_hop' - && !defined($ConfigNetworks{$network}{$column}) - && defined($ConfigNetworks{$network}{'pf_gateway'})) { - $ConfigNetworks{$network}{$column} = $ConfigNetworks{$network}{'pf_gateway'}; - } - push @values, ( $ConfigNetworks{$network}{$column} || '' ); - } - print $network . $delimiter . join( $delimiter, @values ) . "\n"; - } - } - } elsif ( $mode eq 'delete' ) { - my $network = $cmd{'command'}[2]; - if ( $network eq 'all' ) { - print "This network can't be deleted (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } else { - if ( tied(%ConfigNetworks)->SectionExists($network) ) { - tied(%ConfigNetworks)->DeleteSection($network); - my $tied_network = tied(%ConfigNetworks); - $tied_network->RewriteConfig() - or $logger->logdie("Unable to write config to $network_config_file. " - ."You might want to check the file's permissions. (see pfcmd)"); # web ui hack - require pf::configfile; - import pf::configfile; - configfile_import( $network_config_file ); - } else { - print "Unknown network $network! (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } - } - } elsif ( $mode eq 'edit' ) { - my $network = $cmd{'networkconfig_options'}[1]; - my @assignments = @{ $cmd{'networkconfig_assignment'} }; - if ( tied(%ConfigNetworks)->SectionExists($network) ) { - foreach my $assignment (@assignments) { - my ( $param, $value ) = @$assignment; - if ( defined( $ConfigNetworks{$network}{$param} ) ) { - tied(%ConfigNetworks)->setval( $network, $param, $value ); - } else { - tied(%ConfigNetworks)->newval( $network, $param, $value ); - } - } - my $tied_network = tied(%ConfigNetworks); - $tied_network->RewriteConfig() - or $logger->logdie("Unable to write config to $network_config_file. " - ."You might want to check the file's permissions. (see pfcmd)"); # web ui hack - require pf::configfile; - import pf::configfile; - configfile_import( $network_config_file ); - } else { - print "Unknown network $network! (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } - } elsif ( $mode eq 'add' ) { - my $network = $cmd{'networkconfig_options'}[1]; - my @assignments = @{ $cmd{'networkconfig_assignment'} }; - if ( !( tied(%ConfigNetworks)->SectionExists($network) ) ) { - foreach my $assignment (@assignments) { - tied(%ConfigNetworks)->AddSection($network); - my ( $param, $value ) = @$assignment; - tied(%ConfigNetworks)->newval( $network, $param, $value ); - } - my $tied_network = tied(%ConfigNetworks); - $tied_network->RewriteConfig() - or $logger->logdie("Unable to write config to $network_config_file. " - ."You might want to check the file's permissions. (see pfcmd)"); # web ui hack - require pf::configfile; - import pf::configfile; - configfile_import( $network_config_file ); - } else { - print "Network $network already exists! (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } - } -} - -sub import_data { - require pf::import; - import pf::import; - my $type = $cmd{command}[1]; - my $file = $cmd{command}[2]; - $logger->info("Import requested. Type: $type, file to import: $file"); - my $result; - if (lc($type) eq 'nodes') { - pf::import::nodes($file); - $result = 1; - } elsif (lc($type) eq 'wrix') { - require pf::DB::Wrix::Manager; - pf::DB::Wrix::Manager->import; - $result = pf::DB::Wrix::Manager->importCsv($file); - } - if($result) { - print "Import process complete\n"; - } else { - print "Error importing $file for $type\n"; - } -} - -sub interfaceconfig { - require Config::IniFiles; - my %pf_conf; - tie %pf_conf, 'Config::IniFiles', ( -file => "$conf_dir/pf.conf" ); - my @errors = @Config::IniFiles::errors; - if ( scalar(@errors) ) { - $logger->error( - "Error reading pf.conf: " . join( "\n", @errors ) . "\n" ); - return 0; - } - - my $mode; - if ( scalar( @{ $cmd{'command'} } ) == 1 ) { - if ( exists( $cmd{'interfaceconfig_options'} ) ) { - $mode = $cmd{'interfaceconfig_options'}[0]; - } - } else { - $mode = $cmd{'command'}[1]; - } - - if ( $mode eq 'get' ) { - foreach my $section ( tied(%pf_conf)->Sections ) { - foreach my $key ( keys %{ $pf_conf{$section} } ) { - $pf_conf{$section}{$key} =~ s/\s+$//; - } - } - - my @fields = field_order(); - print join( $delimiter, @fields ) . "\n"; - - # Now that we printed all the fields, we skip the key since it's not - # under the config section but actually the section itself - shift @fields; - - # Loop, filter and display - foreach my $section ( keys %pf_conf ) { - if ( $section =~ /^interface (.+)$/ ) { - my $interface_name = $1; - if ( $cmd{'command'}[2] eq 'all' || $cmd{'command'}[2] eq $interface_name ) { - my @values; - foreach my $column (@fields) { - push @values, ( $pf_conf{$section}{$column} || '' ); - } - print $interface_name . $delimiter . join( $delimiter, @values ) . "\n"; - } - } - } - } elsif ( $mode eq 'delete' ) { - my $section = $cmd{'command'}[2]; - my $section_name = "interface $section"; - if ( $section eq 'all' ) { - print "This interface can't be deleted (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } else { - if ( tied(%pf_conf)->SectionExists($section_name) ) { - tied(%pf_conf)->DeleteSection($section_name); - tied(%pf_conf)->RewriteConfig() - or $logger->logdie("Unable to write config to $conf_dir/pf.conf. " - ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # web ui hack - require pf::configfile; - import pf::configfile; - configfile_import( $conf_dir . "/pf.conf" ); - } else { - print "Unknown interface $section! (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } - } - } elsif ( $mode eq 'edit' ) { - my $section = $cmd{'interfaceconfig_options'}[1]; - my $section_name = "interface $section"; - my @assignments = @{ $cmd{'interfaceconfig_assignment'} }; - if ( tied(%pf_conf)->SectionExists($section_name) ) { - foreach my $assignment (@assignments) { - my ( $param, $value ) = @$assignment; - if ( defined( $pf_conf{$section_name}{$param} ) ) { - tied(%pf_conf)->setval( $section_name, $param, $value ); - } else { - tied(%pf_conf)->newval( $section_name, $param, $value ); - } - } - tied(%pf_conf)->RewriteConfig() - or $logger->logdie("Unable to write config to $conf_dir/pf.conf. " - ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # web ui hack - require pf::configfile; - import pf::configfile; - configfile_import( $conf_dir . "/pf.conf" ); - } else { - print "Unknown interface $section! (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } - } elsif ( $mode eq 'add' ) { - my $section = $cmd{'interfaceconfig_options'}[1]; - my $section_name = "interface $section"; - my @assignments = @{ $cmd{'interfaceconfig_assignment'} }; - if ( !( tied(%pf_conf)->SectionExists($section_name) ) ) { - foreach my $assignment (@assignments) { - tied(%pf_conf)->AddSection($section_name); - my ( $param, $value ) = @$assignment; - tied(%pf_conf)->newval( $section_name, $param, $value ); - } - tied(%pf_conf)->RewriteConfig() - or $logger->logdie("Unable to write config to $conf_dir/pf.conf. " - ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # web ui hack - require pf::configfile; - import pf::configfile; - configfile_import( $conf_dir . "/pf.conf" ); - } else { - print "Interface $section already exists! (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } - } -} - -sub switchconfig { - require Config::IniFiles; - my %switches_conf; - tie %switches_conf, 'Config::IniFiles', - ( -file => "$conf_dir/switches.conf" ); - my @errors = @Config::IniFiles::errors; - if ( scalar(@errors) ) { - $logger->error( - "Error reading switches.conf: " . join( "\n", @errors ) . "\n" ); - return 0; - } - - my $mode; - if ( scalar( @{ $cmd{'command'} } ) == 1 ) { - if ( exists( $cmd{'switchconfig_options'} ) ) { - $mode = $cmd{'switchconfig_options'}[0]; - } - } else { - $mode = $cmd{'command'}[1]; - } - - if ( $mode eq 'get' ) { - foreach my $section ( tied(%switches_conf)->Sections ) { - foreach my $key ( keys %{ $switches_conf{$section} } ) { - $switches_conf{$section}{$key} =~ s/\s+$//; - } - } - - #sort the switches (http://www.sysarch.com/Perl/sort_paper.html) - my %switches_conf_tmp = %switches_conf; - delete $switches_conf_tmp{'default'}; - delete $switches_conf_tmp{'127.0.0.1'}; - my @sections_tmp = keys(%switches_conf_tmp); - my @sections - = map substr( $_, 4 ) => sort - map pack( 'C4' => /(\d+)\.(\d+)\.(\d+)\.(\d+)/ ) - . $_ => @sections_tmp; - unshift( @sections, 'default' ); - - my @fields = field_order(); - print join( $delimiter, @fields ) . "\n"; - - # Now that we printed all the fields, we skip the key since it's not - # under the config section but actually the section itself - shift @fields; - - # Loop, filter and display - foreach my $section (@sections) { - if ( $cmd{'command'}[2] eq 'all' || $cmd{'command'}[2] eq $section ) { - my @values; - foreach my $column (@fields) { - push @values, - ( $switches_conf{$section}{$column} || $switches_conf{'default'}{$column} || '' ); - } - print $section . $delimiter . join( $delimiter, @values ) . "\n"; - } - } - } elsif ( $mode eq 'delete' ) { - my $section = $cmd{'command'}[2]; - if ( $section =~ /^(default|all)$/ ) { - print "This switch can't be deleted (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } else { - if ( tied(%switches_conf)->SectionExists($section) ) { - tied(%switches_conf)->DeleteSection($section); - my $tied_switch = tied(%switches_conf); - $tied_switch->RewriteConfig() - or $logger->logdie("Unable to write config to $conf_dir/switches.conf. " - ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # hack - require pf::configfile; - import pf::configfile; - configfile_import( $conf_dir . "/switches.conf" ); - } else { - print "Unknown switch $section! (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } - } - } elsif ( $mode eq 'edit' ) { - my $section = $cmd{'switchconfig_options'}[1]; - my @assignments = @{ $cmd{'switchconfig_assignment'} }; - if ( tied(%switches_conf)->SectionExists($section) ) { - foreach my $assignment (@assignments) { - my ( $param, $value ) = @$assignment; - if ($section eq 'default') { - if ( defined( $switches_conf{$section}{$param} ) ) { - tied(%switches_conf) - ->setval( $section, $param, $value ); - } else { - tied(%switches_conf) - ->newval( $section, $param, $value ); - } - } else { - if ( defined( $switches_conf{$section}{$param} ) ) { - if ( ( !exists( $switches_conf{'default'}{$param} ) ) - || ( $switches_conf{'default'}{$param} ne $value ) ) - { - tied(%switches_conf) - ->setval( $section, $param, $value ); - } else { - tied(%switches_conf)->delval( $section, $param ); - } - } else { - if ( ( !exists( $switches_conf{'default'}{$param} ) ) - || ( $switches_conf{'default'}{$param} ne $value ) ) - { - tied(%switches_conf) - ->newval( $section, $param, $value ); - } - } - } - } - my $tied_switch = tied(%switches_conf); - $tied_switch->RewriteConfig() - or $logger->logdie("Unable to write config to $conf_dir/switches.conf. " - ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # web ui hack - require pf::configfile; - import pf::configfile; - configfile_import( $conf_dir . "/switches.conf" ); - } else { - print "Unknown switch $section! (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } - } elsif ( $mode eq 'add' ) { - my $section = $cmd{'switchconfig_options'}[1]; - my @assignments = @{ $cmd{'switchconfig_assignment'} }; - if ( !( tied(%switches_conf)->SectionExists($section) ) ) { - foreach my $assignment (@assignments) { - tied(%switches_conf)->AddSection($section); - my ( $param, $value ) = @$assignment; - if ( ( !exists( $switches_conf{'default'}{$param} ) ) - || ( $switches_conf{'default'}{$param} ne $value ) ) - { - tied(%switches_conf)->newval( $section, $param, $value ); - } - } - my $tied_switch = tied(%switches_conf); - $tied_switch->RewriteConfig() - or $logger->logdie("Unable to write config to $conf_dir/switches.conf. " - ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # web ui hack - require pf::configfile; - import pf::configfile; - configfile_import( $conf_dir . "/switches.conf" ); - } else { - print "Switch $section already exists! (Error at line ".__LINE__." in pfcmd)\n"; - exit; - } - } -} - -# -# host history -# -sub history { - require pf::iplog; - import pf::iplog; - my $addr = $cmd{command}[1]; - my $date; - $date = str2time( $cmd{command}[2] ) if ( defined $cmd{command}[1] ); - my ( $function, %params ); - if ( $addr =~ /^(\d{1,3}\.){3}\d{1,3}$/ ) { - $function = "iplog_history_ip"; - } else { - $function = "iplog_history_mac"; - } - if ($date) { - $params{'date'} = $date; - } - exit( print_results( $function, $addr, %params ) ); -} - -sub ipmachistory { - require pf::iplog; - import pf::iplog; - my $addr = $cmd{command}[1]; - my ( $function, %params ); - if ( $addr =~ /^(\d{1,3}\.){3}\d{1,3}$/ ) { - $function = "iplog_history_ip"; - } else { - $function = "iplog_history_mac"; - } - if (scalar(@{$cmd{command}}) == 4) { - $params{'start_time'} = str2time( $cmd{command}[2] ); - $params{'end_time'} = str2time( $cmd{command}[3] ); - } - exit( print_results( $function, $addr, %params ) ); -} - -sub traplog { - require pf::traplog; - import pf::traplog; - if ( ( scalar( @{ $cmd{'command'} } ) == 2 ) - && ( $cmd{command}[1] eq 'update' ) ) - { - traplog_update_rrd(); - } else { - my $nb = $cmd{'command'}[1]; - my %params; - $params{'timespan'} = $cmd{'command'}[2]; - exit( - print_results( - 'traplog_get_switches_with_most_traps', - $nb, %params - ) - ); - } - exit; -} - -# -# stop/start pf services -# return service status -# - -sub service { - my $service = $cmd{command}[1]; - my $action = $cmd{command}[2]; - require pf::services; - import pf::services; - $SERVICE_HEADER ="service|command\n"; - $IS_INTERACTIVE = is_interactive(); - $RESET_COLOR = $IS_INTERACTIVE ? color 'reset' : ''; - $WARNING_COLOR = $IS_INTERACTIVE ? color $Config{advanced}{pfcmd_warning_color} : ''; - $ERROR_COLOR = $IS_INTERACTIVE ? color $Config{advanced}{pfcmd_error_color} : ''; - $SUCCESS_COLOR = $IS_INTERACTIVE ? color $Config{advanced}{pfcmd_success_color} : ''; - - my $actionHandler; - $action =~ /^(.*)$/; - $action = $1; - if(exists $ACTION_MAP{$action} && defined ($actionHandler = $ACTION_MAP{$action})) { - $service =~ /^(.*)$/; - $service = $1; - my @services; - if($service eq 'pf') { - @services = @pf::services::ALL_SERVICES; - } else { - @services = ($service); - } - return $actionHandler->($service,@services); - } - return $FALSE; -} - -sub postPfStartService { - my ($managers) = @_; - my $count = true {$_->status ne '0'} @$managers; - configreload('hard') unless $count; -} - -sub startService { - my ($service,@services) = @_; - my @managers = getManagers(\@services,INCLUDE_DEPENDS_ON | JUST_MANAGED); - print $SERVICE_HEADER; - my $count = 0; - postPfStartService(\@managers) if $service eq 'pf'; - - my ($noCheckupManagers,$checkupManagers) = part { $_->shouldCheckup } @managers; - - if($noCheckupManagers && @$noCheckupManagers) { - foreach my $manager (@$noCheckupManagers) { - _doStart($manager); - } - } - if($checkupManagers && @$checkupManagers) { - checkup( map {$_->name} @$checkupManagers); - foreach my $manager (@$checkupManagers) { - _doStart($manager); - } - } - return 0; -} - -sub _doStart { - my ($manager) = @_; - my $command; - my $color = ''; - if($manager->status ne '0') { - $color = $WARNING_COLOR; - $command = 'already started'; - } else { - if($manager->start) { - $command = 'start'; - $color = $SUCCESS_COLOR; - } else { - $command = 'not started'; - $color = $ERROR_COLOR; - } - } - print $manager->name,"|${color}${command}${RESET_COLOR}\n"; -} - -sub getManagers { - my ($services,$flags) = @_; - $flags = 0 unless defined $flags; - my %seen; - my $includeDependsOn = $flags & INCLUDE_DEPENDS_ON; - my $justManaged = $flags & JUST_MANAGED; - my @serviceManagers = - grep { (!exists $seen{$_->name}) && ($seen{$_->name} = 1) && ( !$justManaged || $_->isManaged ) && !$_->isvirtual } - map { - my $m = $_; - my @managers; - if ($includeDependsOn) { - push @managers, grep {defined $_} - map {pf::services::get_service_manager($_)} @{$m->dependsOnServices}; - } - if($m->isa("pf::services::manager::submanager")) { - push @managers,$m->managers; - } else { - push @managers,$m; - } - - @managers - } - grep { defined $_ } - map { pf::services::get_service_manager($_) } @$services; - return @serviceManagers; -} - -sub getIptablesTechnique { - require pf::inline::custom; - my $iptables = pf::inline::custom->new(); - return $iptables->{_technique}; -} - -sub stopService { - my ($service,@services) = @_; - my @managers = getManagers(\@services); - #push memcached to back of the list - my %exclude = ( - memcached => undef, - ); - my ($push_managers,$infront_managers) = part { exists $exclude{ $_->name } ? 0 : 1 } @managers; - @managers = (); - @managers = @$infront_managers if $infront_managers; - push @managers, @$push_managers if $push_managers; - print $SERVICE_HEADER; - my $command; - my $color = ''; - foreach my $manager (@managers) { - if($manager->status eq '0') { - $command = 'already stopped'; - $color = $WARNING_COLOR; - } else { - if($manager->stop) { - $color = $SUCCESS_COLOR; - $command = 'stop'; - } else { - $color = $ERROR_COLOR; - $command = 'not stopped'; - } - } - print $manager->name,"|${color}${command}${RESET_COLOR}\n"; - } - return 0; -} - -sub restartService { - my ($service,@services) = @_; - stopService(@_); - local $SERVICE_HEADER = ''; - startService(@_); -} - -sub watchService { - my ($service,@services) = @_; - my @stoppedServiceManagers = - grep { $_->status eq '0' } - getManagers(\@services, JUST_MANAGED | INCLUDE_DEPENDS_ON); - if(@stoppedServiceManagers) { - my @stoppedServices = map { $_->name } @stoppedServiceManagers; - $logger->info("watch found incorrectly stopped services: " . join(", ", @stoppedServices)); - print "The following processes are not running:\n" . " - " - . join( "\n - ", @stoppedServices ) . "\n"; - if ( isenabled( $Config{'servicewatch'}{'email'} ) ) { - my %message; - $message{'subject'} = "PF WATCHER ALERT"; - $message{'message'} - = "The following processes are not running:\n" . " - " - . join( "\n - ", @stoppedServices ) . "\n"; - pfmailer(%message); - } - if ( isenabled( $Config{'servicewatch'}{'restart'} ) ) { - print $SERVICE_HEADER; - foreach my $manager (@stoppedServiceManagers) { - $manager->watch; - print join('|',$manager->name,"watch"),"\n"; - } - return 0; - } - } - return 1; -} - -sub statusOfService { - my ($service,@services) = @_; - my @managers = getManagers(\@services); - print "service|shouldBeStarted|pid\n"; - my $notStarted = 0; - foreach my $manager (@managers) { - my $color = ''; - my $isManaged = $manager->isManaged; - my $status = $manager->status; - if($status eq '0' ) { - if ($isManaged) { - $color = $ERROR_COLOR; - $notStarted++; - } else { - $color = $WARNING_COLOR; - } - } else { - $color = $SUCCESS_COLOR; - } - print $manager->name,"|${color}$isManaged|$status${RESET_COLOR}\n"; - } - return ( $notStarted ? 3 : 0); -} - -sub class { - my ( $function, $id ); - require pf::class; - import pf::class; - $id = $cmd{'command'}[2]; - if ( $id && $id !~ /all/ ) { - $function = "class_view"; - } else { - $function = "class_view_all"; - } - exit( print_results( $function, $id ) ); -} - -sub checkup { - require pf::services; - require pf::pfcmd::checkup; - no warnings "once"; #avoids only used once warnings generated by the access of pf::pfcmd::checkup namespace - my @services; - if(@_) { - @services = @_; - } else { - @services = @pf::services::ALL_SERVICES; - } - - my @problems = pf::pfcmd::checkup::sanity_check(pf::services::service_list(@services)); - foreach my $entry (@problems) { - chomp $entry->{$pf::pfcmd::checkup::MESSAGE}; - print $entry->{$pf::pfcmd::checkup::SEVERITY} . " - " . $entry->{$pf::pfcmd::checkup::MESSAGE} . "\n"; - } - - # if there is a fatal problem, exit with status 255 - foreach my $entry (@problems) { - if ($entry->{$pf::pfcmd::checkup::SEVERITY} eq $pf::pfcmd::checkup::FATAL) { - exit(255); - } - } - - if (@problems) { - return $TRUE; - } else { - return $FALSE; - } -} - -# -sub trigger { - my ( $function, $id, %params ); - require pf::trigger; - import pf::trigger; - $id = $cmd{command}[2]; - if ( ( defined $cmd{command}[3] ) && ( $cmd{command}[3] ne '' ) ) { - if ( $id eq 'all' ) { - $id = $cmd{command}[3]; - $function = "trigger_view_type"; - } else { - $params{'type'} = $cmd{command}[3]; - $function = "trigger_view"; - } - } elsif ( $id && $id !~ /all/ ) { - $function = "trigger_view_tid"; - } else { - $function = "trigger_view_all"; - } - exit( print_results( $function, $id, %params ) ); -} - -# -sub fingerprint { - my ( $function, $id ); - require pf::os; - import pf::os; - $id = $cmd{command}[2]; - if ( $id && $id ne 'all' ) { - $function = "dhcp_fingerprint_view"; - } else { - $function = "dhcp_fingerprint_view_all"; - } - exit( print_results( $function, $id ) ); -} - -sub useragent { - my ( $function, $id ); - require pf::useragent; - pf::useragent->import(qw(view view_all)); - $id = $cmd{command}[2]; - if ( $id && $id ne 'all' ) { - $function = "view"; - } else { - $function = "view_all"; - } - exit( print_results( $function, $id ) ); -} - -sub version { - # TODO: move this code into library code and have pf::config hold the value somewhere. - # Then report the version in Web Services API calls like for the Extreme Switches' appName - my ( $pfrelease_fh, $release ); - open( $pfrelease_fh, '<', "$conf_dir/pf-release" ) - || $logger->logdie("Unable to open $conf_dir/pf-release: $!"); - $release = <$pfrelease_fh>; - close($pfrelease_fh); - print $release; -} - -# -# schedule a host scan -# -sub schedule { - my $command = $cmd{command}[0]; - my $service; - $service = $cmd{command}[1] if ( defined $cmd{command}[1] ); - my $option = $cmd{schedule_options}[0]; - my $hostaddr = $cmd{schedule_options}[1]; - my %params = format_assignment( @{ $cmd{assignment} } ); - - #scan now, no cron entry - if ( $option && $option eq 'now' ) { - - $logger->trace("pcmd schedule now called"); - - require pf::scan; - pf::scan::run_scan($hostaddr); - - $logger->trace("leaving pfcmd schedule now"); - - # or modify cron - } else { - require pf::schedule; - - my $date = $params{date} || 0; - - my $cron = new pf::schedule(); - $cron->load_cron("pf"); - print join( $delimiter, ( "id", "date", "hosts" ) ) . "\n"; - if ( $option eq 'view' ) { - if ( $hostaddr eq 'all' ) { - print $cron->get_indexes(); - } else { - my $cronref = $cron->get_index($hostaddr); - if (defined($cronref)) { - print join( $delimiter, $cron->get_index($hostaddr) ) . "\n"; - } - } - return (1); - } elsif ( $option eq 'add' ) { - $logger->trace("Adding scheduled scan cron entry with date: $date"); - my @fields = split( /\s+/, $date ); - if ( !$date - || scalar(@fields) != 5 - || $date !~ /^([\d\-\,\/\* ])+$/) - { - print "Date format incorrect $date\n"; - $logger->error("date format incorrect"); - return (0); - } else { - $cron->add_index( $date, - $bin_dir . "/pfcmd schedule now $hostaddr" ); - } - } elsif ( $option eq 'delete' ) { - $cron->delete_index($hostaddr); - $cron->write_cron("pf"); - return 1; - } elsif ( $option eq 'edit' ) { - my $id = $hostaddr; - my ( $oldate, $oldaddr ) - = ( $cron->get_index($id) )[ 1, 2 ]; - $hostaddr = $oldaddr; - $hostaddr = $params{hosts} if ( $params{hosts} ); - $date = $oldate if ( !$date ); - $logger->info("updating schedule number $id to date=$date,hostaddr=$hostaddr"); - $cron->update_index($id, $date, $bin_dir."/pfcmd schedule now $hostaddr"); - } else { - $logger->error("Schedule Failed"); - return (0); - } - - print $cron->get_indexes(); - $cron->write_cron("pf"); - } -} - -# -# -# -sub config_entry { - my ( $param, $value ) = @_; - my ( $default, $orig_param, $dot_param, $param2, $type, $options, $val ); - - $orig_param = $param; - $dot_param = $param; - $dot_param =~ s/\s+/\./g; - ( $param, $param2 ) = split( " ", $param ) if ( $param =~ /\s/ ); - - if ( defined( $Default_Config{$orig_param}{$value} ) ) { - $default = $Default_Config{$orig_param}{$value}; - } else { - $default = ""; - } - if ( defined( $Doc_Config{"$param.$value"}{'options'} ) ) { - $options = $Doc_Config{"$param.$value"}{'options'}; - $options = join(";",@$options); - } else { - $options = ""; - } - if ( defined( $Doc_Config{"$param.$value"}{'type'} ) ) { - $type = $Doc_Config{"$param.$value"}{'type'}; - } else { - $type = "text"; - } - if ( defined( $Config{$orig_param}{$value} ) ) { - $val = "$dot_param.$value=$Config{$orig_param}{$value}"; - } else { - $val = "$dot_param.$value="; - } - return join( "|", $val, $default, $options, $type ) . "\n"; -} - -# -# parse pf.conf and defaults from pf.conf.defaults -# -sub config { - my $option = $cmd{command}[1]; - my $param = $cmd{command}[2]; - my $value = ""; - - if ( lc($option) eq 'set' ) { - if ($param =~ /^([^=]+)=(.+)?$/) { - $param = $1; - $value = (defined($2) ? $2 : ''); - } - else { - require pf::pfcmd::help; - pf::pfcmd::help::usage("config"); - } - } - - # get rid of spaces (a la [interface X]) - #$param =~ s/\s+/./g; - - my $parm; - my $section; - - if ( $param =~ /^(interface)\.(.+)+\.([^.]+)$/ ) { - $parm = $3; - $section = "$1 $2"; - } elsif ( $param =~ /^(proxies)\.(.+)$/ ) { - $parm = $2; - $section = $1; - } else { - my @stuff = split( /\./, $param ); - $parm = pop(@stuff); - $section = join( " ", @stuff ); - } - - if ( lc($option) eq 'get' ) { - if ( $param eq 'all' ) { - foreach my $a ( sort keys(%Config) ) { - foreach my $b ( keys( %{ $Config{$a} } ) ) { - print config_entry( $a, $b ); - } - } - exit; - } - if ( defined( $Config{$section}{$parm} ) ) { - print config_entry( $section, $parm ); - } else { - print "Unknown configuration parameter: $section.$param!\n"; - exit($pf::pfcmd::ERROR_CONFIG_UNKNOWN_PARAM); - } - } elsif ( lc($option) eq 'help' ) { - if ( defined( $Doc_Config{$param}{'description'} ) ) { - print uc($param) . "\n"; - print "Default: $Default_Config{$section}{$parm}\n" - if ( defined( $Default_Config{$section}{$parm} ) ); - print "Options: $Doc_Config{$param}{'options'}\n" - if ( defined( $Doc_Config{$param}{'options'} ) ); - if ( ref( $Doc_Config{$param}{'description'} ) eq 'ARRAY' ) { - print join( "\n", @{ $Doc_Config{$param}{'description'} } ) - . "\n"; - } else { - print $Doc_Config{$param}{'description'} . "\n"; - } - } else { - print "No help available for $param\n"; - exit($pf::pfcmd::ERROR_CONFIG_NO_HELP);; - } - } elsif ( lc($option) eq 'set' ) { - if ( !defined( $Config{$section}{$parm} ) ) { - print "Unknown configuration parameter $section.$parm!\n"; - exit($pf::pfcmd::ERROR_CONFIG_UNKNOWN_PARAM); - } else { - - #write out the local config only - with the new value. - if ( defined( $Config{$section}{$parm} ) ) { - if ( ( !defined( $Config{$section}{$param} ) ) - || ( $Default_Config{$section}{$parm} ne $value ) ) - { - $cached_pf_config->setval( $section, $parm, $value ); - } else { - $cached_pf_config->delval( $section, $parm ); - } - } elsif ( $Default_Config{$section}{$parm} ne $value ) { - $cached_pf_config->newval( $section, $parm, $value ); - } - $cached_pf_config->RewriteConfig() - or $logger->logdie("Unable to write config to $pf_config_file. " - ."You might want to check the file's permissions. (pfcmd line ".__LINE__.".)"); # web ui hack - require pf::configfile; - import pf::configfile; - configfile_import( $conf_dir . "/pf.conf" ); - } - } -} - -# -# run reports -# -sub report { - require pf::pfcmd::report; - import pf::pfcmd::report; - my $option = $cmd{command}[0]; - my $service; - $service = $cmd{command}[1] if ( defined $cmd{command}[1] ); - my $type; - if ( ( defined $cmd{command}[2] ) && ( $cmd{command}[2] ne '' ) ) { - $type = $cmd{command}[2]; - } else { - $type = 'all'; - } - exit( print_results( "report_" . $service . "_" . $type ) ); -} - -sub configfiles { - my $option = $cmd{command}[1]; - require pf::configfile; - import pf::configfile; - if ( $option eq "push" ) { - foreach my $config_file (@stored_config_files) { - configfile_import($config_file); - } - } elsif ( $option eq "pull" ) { - foreach my $config_file (@stored_config_files) { - configfile_export($config_file); - } - } - exit; -} - -# -# -# -sub reload { - my $option = $cmd{command}[1]; - if ( $option eq "fingerprints" ) { - require pf::os; - my $fp_total = pf::os::import_dhcp_fingerprints({ force => $TRUE }); - $logger->info("$fp_total DHCP fingerprints reloaded"); - print "$fp_total DHCP fingerprints reloaded\n"; - } - exit; -} - -sub update { - my $option = $cmd{command}[1]; - require LWP::UserAgent; - my $browser = LWP::UserAgent->new; - if ( $option eq "fingerprints" ) { - require pf::os; - my ($status,$version_msg,$total) = pf::os::update_dhcp_fingerprints_conf(); - if ( is_success($status) ) { - print "DHCP fingerprints updated via $dhcp_fingerprints_url to $version_msg\n"; - print "$total DHCP fingerprints reloaded\n"; - } - else { - $logger->logdie( $version_msg); - } - } - elsif ( $option eq "oui" ) { - my ($status,$msg) = download_oui(); - if ( is_success($status) ) { - load_oui(1); - print "$msg\n"; - } - else { - $logger->logdie($msg); - } - } - exit; -} - -sub graph { - my $graph = $cmd{command}[1]; - if ( ( $graph ne 'ifoctetshistoryuser' ) - && ( $graph ne 'ifoctetshistorymac' ) - && ( $graph ne 'ifoctetshistoryswitch' ) ) - { - require pf::pfcmd::graph; - import pf::pfcmd::graph; - my $interval; - if ( defined $cmd{command}[2] ) { - $interval = $cmd{command}[2]; - } else { - $interval = "day"; - } - exit( print_graph_results( \&{"main::graph_$graph"}, $interval ) ); - } else { - require pf::ifoctetslog; - import pf::ifoctetslog; - my %params; - $params{'start_time'} = str2time( $cmd{command}[-2] ); - $params{'end_time'} = str2time( $cmd{command}[-1] ); - my @results; - if ( $graph eq 'ifoctetshistoryuser' ) { - @results = ifoctetslog_graph_user( $cmd{command}[2], %params ); - } elsif ( $graph eq 'ifoctetshistorymac' ) { - @results = ifoctetslog_graph_mac( $cmd{command}[2], %params ); - } elsif ( $graph eq 'ifoctetshistoryswitch' ) { - $params{'ifIndex'} = $cmd{command}[3]; - @results - = ifoctetslog_graph_switchport( $cmd{command}[2], %params ); - } - print "count|mydate|series\n"; - foreach my $set (@results) { - print $set->{'throughPutIn'} . "|" . $set->{'mydate'} . "|in\n"; - print $set->{'throughPutOut'} . "|" . $set->{'mydate'} . "|out\n"; - } - } -} - -sub lookup { - my $option = $cmd{command}[0]; - my $service = $cmd{command}[1]; - my $id = $cmd{command}[2]; - - push @INC, $bin_dir; - if ( $service eq 'person' ) { - require pf::person; - import pf::person; - require pf::lookup::person; - my $tmp_lookup = pf::lookup::person::lookup_person($id); - print $tmp_lookup; - } else { - require pf::lookup::node; - my $tmp_lookup = pf::lookup::node::lookup_node($id); - print $tmp_lookup; - } -} - -# -# parse ui.conf config file -# -sub ui { - my $service = $cmd{command}[1]; - my $option = $cmd{command}[2]; - my $interval = $cmd{command}[3]; - if ( $service eq "menus" ) { - - Readonly my %table2key => ( - 'person' => 'pid', - 'node' => 'mac', - 'violation' => 'id', - 'class' => 'vid', - 'trigger' => 'trigger', - 'scan' => 'id', - ); - - # TODO: remove this test when we will reactivate Scan from web admin, it is no longer valid - # check if Net::Nessus::ScanLite is installed - my $scanLiteInstalled = 1; - eval 'use Net::Nessus::ScanLite'; - if ($@) { - $scanLiteInstalled = 0; - } - - # read in configuration file - my %uiconfig; - tie %uiconfig, 'pf::config::cached', ( -file => $ui_config_file ) - or $logger->logdie("Unable to open $ui_config_file $!"); - - my $string; - foreach my $section ( tied(%uiconfig)->Sections ) { - my @array = split( /\./, $section ); - my $service; - $service = $array[1] if ( $array[1] ); - - # don't show scan menu if feature is not installed - next if ( ( defined $service ) && ( $service eq "scan" ) && ( !$scanLiteInstalled ) ); - - $string .= join( "|", @array ) . "|"; - my @keys; - - foreach - my $key ( split( /\s*,\s*/, $uiconfig{$section}{'display'} ) ) - { - my $key2; - if ( defined $service - && defined( $table2key{$service} ) - && $table2key{$service} eq $key ) - { - $key2 = $key . "*"; - } else { - $key2 = $key; - } - $key =~ s/^-//; - # don't show scan menu if feature is not installed - next if ( ( $key eq "scan" ) && ( !$scanLiteInstalled ) ); - - if ( defined $uiconfig{$section}{$key} ) { - push @keys, "$key2='$uiconfig{$section}{$key}'"; - } else { - push @keys, "$key2='$key2'"; - } - } - $string .= join( ":", @keys ) . "\n"; - } - print $string; - } elsif ( $service eq "dashboard" ) { - require pf::pfcmd::dashboard; - import pf::pfcmd::dashboard; - $interval = 3 unless ($interval); - exit( print_results( "nugget_" . $option, $interval ) ); - } else { - require pf::pfcmd::help; - pf::pfcmd::help::usage("help"); - } -} - -# -# node,person,violation parser -# -# TODO: this method could be streamlined to remove all corner cases that grew in it over time -sub command_param { - my ($type) = @_; - my $options = $type . "_options"; - my $option = $cmd{$options}[0]; - my $id = $cmd{$options}[1]; - - # strip out the delimiter - $id =~ s/$delimiter//g; - my $function = $type; - if ( $option eq "view" ) { - $function .= "_view"; - $function .= "_all" if ( $id eq 'all' ); - my %params; - - #use Data::Dumper; - #print Dumper(%cmd); - if ( defined( $cmd{'orderby_options'} ) ) { - $params{'orderby'} = 'order by ' . $cmd{'orderby_options'}[2]; - if ( scalar( @{ $cmd{'orderby_options'} } ) == 4 ) { - $params{'orderby'} .= " " . $cmd{'orderby_options'}[3]; - } - } - if ( defined( $cmd{'limit_options'} ) ) { - $params{'limit'} - = 'limit ' - . $cmd{'limit_options'}[1] . ',' - . $cmd{'limit_options'}[3]; - } - if ( defined( $cmd{'node_filter'} ) ) { - $function .= "_all"; - $params{'where'}{'type'} = $cmd{'node_filter'}[0]; - $params{'where'}{'value'} = $cmd{'node_filter'}[1]; - } - exit( print_results( $function, $id, %params ) ); - return (0); - } elsif ( $option eq "count" ) { - $function .= "_count_all"; - my %params; - if ( defined( $cmd{'node_filter'} ) ) { - $params{'where'}{'type'} = $cmd{'node_filter'}[0]; - $params{'where'}{'value'} = $cmd{'node_filter'}[1]; - } - exit( print_results( $function, $id, %params ) ); - return (0); - } elsif ( $option eq "add" ) { - $function .= "_add"; - } elsif ( $option eq "edit" ) { - $function .= "_modify"; - } elsif ( $option eq "delete" ) { - $function .= "_delete"; - } else { - usage("param"); - } - - my $assignment = $type . "_assignment"; - my %params = format_assignment( @{ $cmd{$assignment} } ); - my $returnValue = 0; - if ( ( $function eq "node_modify" ) || ( $function eq "node_add" ) ) { - $id = lc($id); - } - - #print Dumper(%params); - # run update/or delete and check return val - if ( $function eq "violation_add" ) { - # test coderef existence - if (!exists(&{$main::{$function}})) { - print "No such sub: $function at line ".__LINE__.".\n"; - } else { - require JSON; - my $output = $cmd{$options}[3]; - # execute coderef main::$function sub - $logger->info( "pfcmd calling $function for " . $params{mac} ); - my ($result) = &{$main::{$function}}($params{mac}, $params{vid}, %params); - if(defined $output && $output eq 'json') { - my %json; - $json{'id'} = $result if $result > 0; - $json{'warnings'} = [violation_last_warnings()]; - $json{'errors'} = [violation_last_errors()]; - print JSON::to_json(\%json); - } else { - my @warnings = violation_last_warnings(); - my @errors = violation_last_errors(); - print STDERR join("\n","Warnings:",@warnings),"\n" if @warnings; - print STDERR join("\n","Errors:",@errors),"\n" if @errors; - } - } - } else { - if ( $function eq "violation_delete" ) { - my @violation_data = violation_view($id); - if ( scalar(@violation_data) == 1 ) { - $params{mac} = $violation_data[0]->{'mac'}; - } else { - $params{mac} = ''; - } - } elsif ( $function eq "violation_modify" ) { - if ( ( !exists( $params{'mac'} ) ) || ( $params{'mac'} eq '' ) ) { - my @violation_data = violation_view($id); - if ( scalar(@violation_data) == 1 ) { - $params{mac} = $violation_data[0]->{'mac'}; - } else { - $params{mac} = ''; - } - } - } - # test coderef existence - if (!exists(&{$main::{$function}})) { - print "No such sub: $function at line ".__LINE__.".\n"; - } else { - - # execute coderef main::$function sub - $logger->info("pfcmd calling $function for $id"); - $returnValue = &{$main::{$function}}($id, %params); - } - } - if ( $returnValue != 2 ) { - - #print "$function updated\n"; - if ( $function =~ /^person_add|person_modify$/ ) { - $logger->debug( - "$function was called - we don't need to recalculate iptables and switchport VLAN assignments" - ); - } else { - # TODO proper exception framework please? - if ( ($function =~ /^node_delete$/) and ($returnValue == 0) ) { - $logger->logdie("Cannot delete this node since there are some records in locationlog table " - . "indicating that this node might still be connected and active on the network " - . "(pfcmd line ".__LINE__.".)" - ); - } elsif ( ($function =~ /^person_delete$/) and ($returnValue == 0) ) { - $logger->logdie( - "Cannot delete this person since there are some nodes associated to it. (pfcmd line ".__LINE__.".)" - ); - } - - require pf::enforcement; - if ( ($function eq 'violation_add') - || ( $function eq 'violation_delete' ) - || ( $function eq 'violation_modify' ) ) { - pf::enforcement::reevaluate_access( $params{mac}, $function ); - } else { - pf::enforcement::reevaluate_access( $id, $function ); - } - } - return (0); - } else { - if ( $function =~ /^node_add$/ ) { - print "Error adding a node: The node already exists. (pfcmd line ".__LINE__.")\n"; - } else { - print "error: please consult log for more information\n"; - } - return (2); - } -} - -# -# given a function name and a table will execute the function and correctly format the output -# example: print_results("node","node_view_all"); -# -sub print_results { - my ( $function, $key, %params ) = @_; - my $total; - my @results; - # calling a function looked up dynamically: first test coderef existence - my $functionName = "main::$function"; - if ( !defined(&$functionName) ) { - print "No such sub $function at line ". __LINE__ .".\n"; - } else { - # then execute the method (looking up using main::..) - @results = &{$main::{$function}}($key, %params); - } - $total = scalar(@results); - if ($count) { - $offset = scalar(@results) if ( $offset > scalar(@results) ); - $count = scalar(@results) - $offset - if ( $offset + $count > scalar(@results) ); - @results = splice( @results, $offset, $count ); - } - - my @fields = field_order(); - push @fields, keys( %{ $results[0] } ) if ( !scalar(@fields) ); - - if ( scalar(@fields) ) { - print join( $delimiter, @fields ) . "\n"; - foreach my $row (@results) { - next - if ( defined( $row->{'mydate'} ) - && $row->{'mydate'} =~ /^00/ ); - my @values = (); - foreach my $field (@fields) { - my $value = $row->{$field}; - if ( defined($value) && $value !~ /^0000-00-00 00:00:00$/ ) { - - # little hack to reverse dates - if ( $value =~ /^(\d+)\/(\d+)$/ ) { - $value = "$2/$1"; - } elsif ( $value =~ /^(\d+)\/(\d+)\/(\d+)$/ ) { - $value = "$2/$3/$1"; - } - push @values, $value; - } else { - push @values, ""; - } - } - print join( $delimiter, @values ) . "\n"; - } - } - return ($total); -} - -# This function has dirtied my soul. I beg forgiveness for the disgusting code that follows. -# I need a brillo pad and a long, long shower... - -sub print_graph_results { - my ( $function, $interval ) = @_; - require Date::Parse; - - # TOTAL HACK, but we avoid using yet another module - my %months = ( - "01" => "31", - "02" => "28", - "03" => "31", - "04" => "30", - "05" => "31", - "06" => "30", - "07" => "31", - "08" => "31", - "09" => "30", - "10" => "31", - "11" => "30", - "12" => "31" - ); - - my @results; - if ($function) { - @results = $function->($interval); - } else { - print "No such sub $function\n"; - exit; - } - my %series; - foreach my $result (@results) { - next if ( $result->{'mydate'} =~ /0000/ ); - my $s = $result->{'series'}; - push( @{ $series{$s} }, $result ); - } - my @fields = field_order(); - push @fields, keys( %{ $results[0] } ) if ( !scalar(@fields) ); - print join( "|", @fields ) . "\n"; - - #determine first and last time in all series - my $first_time = undef; - my $last_time = undef; - foreach my $s ( keys(%series) ) { - my $start_year; - my $start_mon = 1; - my $start_day = 1; - my $end_year; - my $end_mon = 1; - my $end_day = 1; - my @results = @{ $series{$s} }; - if ( $interval eq "day" ) { - ( $start_year, $start_mon, $start_day ) - = split( /\//, $results[0]->{'mydate'} ); - ( $end_year, $end_mon, $end_day ) - = split( /\//, $results[ scalar(@results) - 1 ]->{'mydate'} ); - } elsif ( $interval eq "month" ) { - ( $start_year, $start_mon ) - = split( /\//, $results[0]->{'mydate'} ); - ( $end_year, $end_mon ) - = split( /\//, $results[ scalar(@results) - 1 ]->{'mydate'} ); - } elsif ( $interval eq "year" ) { - $start_year = $results[0]->{'mydate'}; - $end_year = $results[ scalar(@results) - 1 ]->{'mydate'}; - } - my $start_time = Date::Parse::str2time( - "$start_year-$start_mon-$start_day" . "T00:00:00.0000000" ); - my $end_time = Date::Parse::str2time( - "$end_year-$end_mon-$end_day" . "T00:00:00.0000000" ); - if ( ( !defined($first_time) ) || ( $start_time < $first_time ) ) { - $first_time = $start_time; - } - if ( ( !defined($last_time) ) || ( $end_time > $last_time ) ) { - $last_time = $end_time; - } - } - - #add, if necessary, first and last time entries to all series - foreach my $s ( keys(%series) ) { - my $start_year; - my $start_mon = 1; - my $start_day = 1; - my $end_year; - my $end_mon = 1; - my $end_day = 1; - my @results = @{ $series{$s} }; - if ( $interval eq "day" ) { - ( $start_year, $start_mon, $start_day ) - = split( /\//, $results[0]->{'mydate'} ); - ( $end_year, $end_mon, $end_day ) - = split( /\//, $results[ scalar(@results) - 1 ]->{'mydate'} ); - } elsif ( $interval eq "month" ) { - ( $start_year, $start_mon ) - = split( /\//, $results[0]->{'mydate'} ); - ( $end_year, $end_mon ) - = split( /\//, $results[ scalar(@results) - 1 ]->{'mydate'} ); - } elsif ( $interval eq "year" ) { - $start_year = $results[0]->{'mydate'}; - $end_year = $results[ scalar(@results) - 1 ]->{'mydate'}; - } - my $start_time = Date::Parse::str2time( - "$start_year-$start_mon-$start_day" . "T00:00:00.0000000" ); - my $end_time = Date::Parse::str2time( - "$end_year-$end_mon-$end_day" . "T00:00:00.0000000" ); - if ( $start_time > $first_time ) { - my $new_record; - foreach my $field (@fields) { - if ( $field eq "mydate" ) { - $new_record->{$field} = POSIX::strftime( "%Y/%m/%d", - localtime($first_time) ); - } elsif ( $field eq "count" ) { - $new_record->{$field} = 0; - } else { - $new_record->{$field} - = $results[ scalar(@results) - 1 ]->{$field}; - } - } - unshift( @{ $series{$s} }, $new_record ); - } - if ( $end_time < $last_time ) { - my $new_record; - foreach my $field (@fields) { - if ( $field eq "mydate" ) { - $new_record->{$field} = POSIX::strftime( "%Y/%m/%d", - localtime($last_time) ); - } else { - $new_record->{$field} - = $results[ scalar(@results) - 1 ]->{$field}; - } - } - push( @{ $series{$s} }, $new_record ); - } - } - - foreach my $s ( keys(%series) ) { - my @results = @{ $series{$s} }; - my $year = POSIX::strftime( "%Y", localtime ); - my $month = POSIX::strftime( "%m", localtime ); - my $day = POSIX::strftime( "%d", localtime ); - my $date; - if ( $interval eq "day" ) { - $date = "$year/$month/$day"; - } elsif ( $interval eq "month" ) { - $date = "$year/$month"; - } elsif ( $interval eq "year" ) { - $date = "$year"; - } else { - } - if ( $results[ scalar(@results) - 1 ]->{'mydate'} ne $date ) { - my %tmp = %{ $results[ scalar(@results) - 1 ] }; - $tmp{'mydate'} = $date; - push( @results, \%tmp ); - } - push( @results, $results[0] ) if ( scalar(@results) == 1 ); - if ( $interval eq "day" ) { - for ( my $r = 0; $r < scalar(@results) - 1; $r++ ) { - my ( $start_year, $start_mon, $start_day ) - = split( /\//, $results[$r]->{'mydate'} ); - my ( $end_year, $end_mon, $end_day ) - = split( /\//, $results[ $r + 1 ]->{'mydate'} ); - my $start_time - = Date::Parse::str2time( - "$start_year-$start_mon-$start_day" - . "T00:00:00.0000000" ); - my $end_time = Date::Parse::str2time( - "$end_year-$end_mon-$end_day" . "T00:00:00.0000000" ); - for ( - my $current_time = $start_time; - $current_time < $end_time; - $current_time += 86400 - ) - { - my @values; - foreach my $field (@fields) { - if ( $field eq "mydate" ) { - push( - @values, - POSIX::strftime( - "%m/%d/%Y", localtime($current_time) - ) - ); - } else { - push( @values, $results[$r]->{$field} ); - } - } - print join( "|", @values ) . "\n"; - } - } - my ( $year, $mon, $day ) - = split( /\//, $results[ scalar(@results) - 1 ]->{'mydate'} ); - my @values; - foreach my $field (@fields) { - if ( $field eq "mydate" ) { - push( - @values, - join( "/", - sprintf( "%02d", $mon ), - sprintf( "%02d", $day ), - sprintf( "%02d", $year ) ) - ); - } else { - push( @values, - $results[ scalar(@results) - 1 ]->{$field} ); - } - } - print join( "|", @values ) . "\n"; - - } elsif ( $interval eq "month" ) { - for ( my $r = 0; $r < scalar(@results) - 1; $r++ ) { - my ( $start_year, $start_mon ) - = split( /\//, $results[$r]->{'mydate'} ); - my ( $end_year, $end_mon ) - = split( /\//, $results[ $r + 1 ]->{'mydate'} ); - my $mstart = $start_mon; - for ( my $i = $start_year; $i <= $end_year; $i++ ) { - my $mend; - if ( $i == $end_year ) { - $mend = $end_mon; - } else { - $mend = "12"; - } - for ( my $ii = $mstart; $ii <= $mend; $ii++ ) { - if ( !( $i == $end_year && $ii == $end_mon ) ) { - my @values; - foreach my $field (@fields) { - if ( $field eq "mydate" ) { - push( - @values, - join( "/", - sprintf( "%02d", $ii ), - sprintf( "%02d", $i ) ) - ); - } else { - push( @values, $results[$r]->{$field} ); - } - } - print join( "|", @values ) . "\n"; - } - } - $mstart = 1; - } - } - my ( $year, $mon ) - = split( /\//, $results[ scalar(@results) - 1 ]->{'mydate'} ); - my @values; - foreach my $field (@fields) { - if ( $field eq "mydate" ) { - push( - @values, - join( "/", - sprintf( "%02d", $mon ), - sprintf( "%02d", $year ) ) - ); - } else { - push( @values, - $results[ scalar(@results) - 1 ]->{$field} ); - } - } - print join( "|", @values ) . "\n"; - } elsif ( $interval eq "year" ) { - for ( my $r = 0; $r < scalar(@results) - 1; $r++ ) { - my ($start_year) = $results[$r]->{'mydate'}; - my ($end_year) = $results[ $r + 1 ]->{'mydate'}; - for ( my $i = $start_year; $i <= $end_year; $i++ ) { - if ( !( $i == $end_year ) ) { - my @values; - foreach my $field (@fields) { - if ( $field eq "mydate" ) { - push( @values, sprintf( "%02d", $i ) ); - } else { - push( @values, $results[$r]->{$field} ); - } - } - print join( "|", @values ) . "\n"; - } - } - } - my ($year) = $results[ scalar(@results) - 1 ]->{'mydate'}; - my @values; - foreach my $field (@fields) { - if ( $field eq "mydate" ) { - push( @values, sprintf( "%02d", $year ) ); - } else { - push( @values, - $results[ scalar(@results) - 1 ]->{$field} ); - } - } - print join( "|", @values ) . "\n"; - } - } -} - -# -# format a hash of assignments based on the grammar -# example: format_assignment($cmd{node_assignment}); -# -sub format_assignment { - my @fields = @_; - my ( @columns, @values, @assignment, %return ); - foreach my $array (@fields) { - my $column = $array->[0]; - my $value = $array->[1]; - my $assignment = $array->[2]; - $column =~ s/$delimiter//g; - $value =~ s/$delimiter//g; - $return{$column} = $value; - } - return (%return); -} - -sub field_order { - return pf::config::ui->instance->field_order("@ARGV"); -} - -sub fixpermissions { - my $pfcmd = "${bin_dir}/pfcmd"; - my @extra_var_dirs = map { catfile($var_dir,$_) } qw(run cache conf sessions); - _changeFilesToOwner('pf',@log_files, @stored_config_files, $install_dir, $bin_dir, $conf_dir, $var_dir, $lib_dir, $log_dir, $generated_conf_dir, $tt_compile_cache_dir, $pfconfig_cache_dir, @extra_var_dirs); - _changeFilesToOwner('root',$pfcmd); - chmod(06755,$pfcmd); - chmod(0664, @stored_config_files); - chmod(02775, $conf_dir, $var_dir, $log_dir, $generated_conf_dir,$install_dir, $pfconfig_cache_dir, @extra_var_dirs); - chmod(02770, $pfconfig_cache_dir); - return 0; -} - -sub _changeFilesToOwner { - my ($user,@files) = @_; - my ($login,$pass,$uid,$gid) = getpwnam($user); - chown $uid,$gid,@files; -} - -sub configreload { - my ($type) = @_; - $type = 'soft' unless defined $type; - $logger->trace("configreload $type"); - my $force = $type eq 'hard' ? 1 : 0; - require pf::violation_config; - require pf::authentication; - require pf::admin_roles; - require pf::ConfigStore::AdminRoles; - require pf::ConfigStore::Authentication; - require pf::ConfigStore::FloatingDevice; - require pf::ConfigStore::Interface; - require pf::ConfigStore::Provisioning; - require pf::ConfigStore::Network; - require pf::ConfigStore::Pf; - require pf::ConfigStore::Profile; - require pf::ConfigStore::Switch; - require pf::ConfigStore::Violations; - require pf::ConfigStore::Wrix; - require pf::web::filter; - require pf::vlan::filter; - pf::config::cached::updateCacheControl(); - pf::config::cached::ReloadConfigs($force); - require pfconfig::manager; - my $manager = pfconfig::manager->new; - $manager->expire_all; - return 0; -} - -sub cache { - require pf::CHI; - my $namespace = $cmd{command}[1]; - my $action = $cmd{command}[2]; - $namespace = $1 if $namespace =~ /^(.*+)$/; - $action = $1 if $action =~ /^(.*+)$/; - unless ( any { $namespace eq $_ } @pf::CHI::CACHE_NAMESPACES ) { - print "the namespace '$namespace' does not exist\n"; - return 1; - } - my $cache = pf::CHI->new( namespace => $namespace); - if ($action eq 'list' ) { - print join("\n",$cache->get_keys),"\n"; - } elsif ($action eq 'clear') { - $cache->remove($_) for map { /^(.*)$/;$1 } $cache->get_keys; - } elsif ($action eq 'remove') { - my $key = $cmd{command}[3]; - $key = $1 if $key =~ /^(.*)$/; - $cache->remove($key); - } elsif ($action eq 'dump') { - my $key = $cmd{command}[3]; - $key = $1 if $key =~ /^(.*)$/; - require Data::Dumper; - print Data::Dumper::Dumper($cache->get($key)); - } elsif ($action eq 'expire') { - for my $key ($cache->get_keys) { - $cache->remove($key) if $cache->exists_and_is_expired($key); - } - } - - return 0; -} +use pf::cmd::pf; +exit pf::cmd::pf->new({args => \@ARGV})->run(); =head1 AUTHOR @@ -2525,10 +34,6 @@ =head1 COPYRIGHT Copyright (C) 2005-2015 Inverse inc. -Copyright (C) 2005 Kevin Amorin - -Copyright (C) 2005 David LaPorte - =head1 LICENSE This program is free software; you can redistribute it and/or diff --git a/bin/pfcmd_vlan b/bin/pfcmd_vlan index 922aa18e3639..11bff5f1a086 100755 --- a/bin/pfcmd_vlan +++ b/bin/pfcmd_vlan @@ -92,11 +92,13 @@ use constant { use lib INSTALL_DIR . '/lib'; use pf::db; +use pf::constants; use pf::config; use pf::enforcement; use pf::locationlog; use pf::SwitchFactory; use pf::util; +use pf::config::util; use pf::log; use threads; @@ -217,7 +219,6 @@ if ($logLevel) { } # TODO we should consolidate calls which need similar parameters and unduplicate tests and error reporting -my $switchFactory = pf::SwitchFactory->getInstance(); if ($reevaluateAccess) { if (!defined($mac) || $mac eq '' ) { @@ -234,7 +235,7 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - my $switch = $switchFactory->instantiate($switchDescRegExp); + my $switch = pf::SwitchFactory->instantiate($switchDescRegExp); if (!$switch) { exit_wrong_args("unknown switch $switchDescRegExp"); } else { @@ -254,7 +255,7 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - my $switch = $switchFactory->instantiate($switchDescRegExp); + my $switch = pf::SwitchFactory->instantiate($switchDescRegExp); if (!$switch) { exit_wrong_args("unknown switch $switchDescRegExp"); } else { @@ -271,7 +272,7 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - my $switch = $switchFactory->instantiate($switchDescRegExp); + my $switch = pf::SwitchFactory->instantiate($switchDescRegExp); if (!$switch) { exit_wrong_args("unknown switch $switchDescRegExp"); } else { @@ -285,7 +286,7 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - my $switch = $switchFactory->instantiate($switchDescRegExp); + my $switch = pf::SwitchFactory->instantiate($switchDescRegExp); if (!$switch) { exit_wrong_args("unknown switch $switchDescRegExp"); } else { @@ -300,7 +301,7 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - my $switch = $switchFactory->instantiate($switchDescRegExp); + my $switch = pf::SwitchFactory->instantiate($switchDescRegExp); if (!$switch) { exit_wrong_args("unknown switch $switchDescRegExp"); } else { @@ -384,7 +385,7 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - my $switch = $switchFactory->instantiate($switchDescRegExp); + my $switch = pf::SwitchFactory->instantiate($switchDescRegExp); if (!$switch) { exit_wrong_args("unknown switch $switchDescRegExp"); } else { @@ -405,7 +406,7 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - my $switch = $switchFactory->instantiate($switchDescRegExp); + my $switch = pf::SwitchFactory->instantiate($switchDescRegExp); if (!$switch) { exit_wrong_args("unknown switch $switchDescRegExp"); } else { @@ -441,7 +442,7 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - my $switch = $switchFactory->instantiate($switchDescRegExp); + my $switch = pf::SwitchFactory->instantiate($switchDescRegExp); if (!$switch) { exit_wrong_args("unknown switch $switchDescRegExp"); } else { @@ -460,7 +461,7 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - my $switch = $switchFactory->instantiate($switchDescRegExp); + my $switch = pf::SwitchFactory->instantiate($switchDescRegExp); if (!$switch) { exit_wrong_args("unknown switch $switchDescRegExp"); } else { @@ -503,7 +504,7 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - my $switch = $switchFactory->instantiate($switchDescRegExp); + my $switch = pf::SwitchFactory->instantiate($switchDescRegExp); if (!$switch) { exit_wrong_args("unknown switch $switchDescRegExp"); } else { @@ -554,7 +555,7 @@ if ($reevaluateAccess) { "switch ".$switch->{_ip}." ifIndex $ifIndex " . "connection type: ".$connection_type_explained{$conn_type} ); - my $trapSender = $switchFactory->instantiate('127.0.0.1'); + my $trapSender = pf::SwitchFactory->instantiate('127.0.0.1'); $trapSender->sendLocalReAssignVlanTrap($switch, $ifIndex, $conn_type); } else { $logger->warn( @@ -637,7 +638,7 @@ if ($reevaluateAccess) { exit_wrong_args("The MAC argument is necessary"); } $logger->debug("start handling 'getLocation' command"); - my %Config = %{ $switchFactory->config }; + my %Config = %{ pf::SwitchFactory->config }; #remove unwanted switches if ( $switchDescRegExp eq '' ) { @@ -664,7 +665,7 @@ if ($reevaluateAccess) { $i++; if ( ( $key ne 'default' ) && ( $key ne '127.0.0.1') ) { $switch_ip = $key; - my $switch = $switchFactory->instantiate($switch_ip); + my $switch = pf::SwitchFactory->instantiate($switch_ip); if (!$switch) { print "Can not instantiate switch $switch_ip ! See log files for details\n"; } else { diff --git a/conf/adminroles.conf.example b/conf/adminroles.conf.example index a3914c693d86..fb7a07956fb2 100644 --- a/conf/adminroles.conf.example +++ b/conf/adminroles.conf.example @@ -3,7 +3,7 @@ actions=NODES_READ,NODES_CREATE,NODES_UPDATE,NODES_DELETE description=Nodes management [User Manager] -actions=USERS_CREATE,USERS_DELETE,USERS_READ,USERS_UPDATE,USERS_SET_ROLE,USERS_SET_ACCESS_DURATION,USERS_SET_UNREG_DATE,USERS_SET_ACCESS_LEVEL,USERS_MARK_AS_SPONSOR +actions=USERS_CREATE,USERS_DELETE,USERS_READ,USERS_UPDATE,USERS_SET_ROLE,USERS_SET_ACCESS_DURATION,USERS_SET_UNREG_DATE,USERS_SET_ACCESS_LEVEL,USERS_MARK_AS_SPONSOR,USERS_CREATE_MULTIPLE description=Users management [Violation Manager] diff --git a/conf/cluster.conf.example b/conf/cluster.conf.example new file mode 100644 index 000000000000..949aded29c0b --- /dev/null +++ b/conf/cluster.conf.example @@ -0,0 +1,6 @@ +# Cluster configuration file for active/active +# This file will have it deactivated by default +# To activate the active/active mode, set a management IP in the cluster section +# Before doing any changes to this file, read the documentation +[CLUSTER] +management_ip= diff --git a/conf/dhcpd.conf b/conf/dhcpd.conf index a16c4afba969..1a402d733b48 100644 --- a/conf/dhcpd.conf +++ b/conf/dhcpd.conf @@ -5,4 +5,8 @@ ddns-update-style none; ignore client-updates; log-facility local6; +%%omapi%% + +%%active%% + %%networks%% diff --git a/conf/documentation.conf b/conf/documentation.conf index 5b41b84ecbd0..c5dd71aeec84 100644 --- a/conf/documentation.conf +++ b/conf/documentation.conf @@ -107,6 +107,20 @@ description=<{'alerting'}{'fromaddr'}) && $PfConfig->{'alerting'}{'fromaddr'} ne '') { $ServerAdmin = $PfConfig->{'alerting'}{'fromaddr'}; @@ -149,8 +150,6 @@ if (defined($management_network->{'Tip'}) && $management_network->{'Tip'} ne '') CustomLog => $install_dir.'/logs/httpd.aaa.access combined', SSLEngine => 'on', Include => $var_dir.'/conf/ssl-certificates.conf', - # HSTS (mod_headers is required) (15768000 seconds = 6 months) - Header => 'always add Strict-Transport-Security "max-age=15768000"', Location => { "/" => { SetHandler => 'modperl', diff --git a/conf/httpd.conf.d/httpd.admin b/conf/httpd.conf.d/httpd.admin index 3d1b6e7c41c9..d143d6ceae02 100644 --- a/conf/httpd.conf.d/httpd.admin +++ b/conf/httpd.conf.d/httpd.admin @@ -68,7 +68,6 @@ PerlSwitches -I/usr/local/pf/lib PerlSwitches -I/usr/local/pf/html/pfappserver/lib PerlLoadModule pfappserver PerlLoadModule pf::WebAPI::InitHandler -PerlChildInitHandler pf::WebAPI::InitHandler::child_init BEGIN { @@ -76,8 +75,11 @@ BEGIN { } use pf::config qw(); +use pf::cluster qw(); my $PfConfig = \%pf::config::Config; +my $cluster_enabled = $pf::cluster::cluster_enabled; +my $ConfigCluster = \%pf::cluster::ConfigCluster; my $management_network = $pf::config::management_network; my $install_dir = $pf::config::install_dir; my $var_dir = $pf::config::var_dir; @@ -87,22 +89,32 @@ $PidFile = $install_dir.'/var/run/httpd.admin.pid'; $Include = $install_dir.'/conf/httpd.conf.d/log.conf'; +$PerlChildInitHandler = "pf::WebAPI::InitHandler::child_init"; + if (defined($management_network->{'Tip'}) && $management_network->{'Tip'} ne '') { if (defined($management_network->{'Tvip'}) && $management_network->{'Tvip'} ne '') { - $Listen = $management_network->{'Tvip'}.":".$PfConfig->{'ports'}{'admin'}; - $vhost = $management_network->{'Tvip'}.":".$PfConfig->{'ports'}{'admin'}; + push (@Listen, $management_network->{'Tvip'}.":".$PfConfig->{'ports'}{'admin'}); + push (@Listen, $management_network->{'Tvip'}.":".$PfConfig->{'ports'}{'pf_status'}); + $vhost = $management_network->{'Tvip'}; + } elsif ( $cluster_enabled ){ + push (@Listen, $ConfigCluster->{'CLUSTER'}{'management_ip'}.":".$PfConfig->{'ports'}{'admin'}); + push (@Listen, $ConfigCluster->{'CLUSTER'}{'management_ip'}.":".$PfConfig->{'ports'}{'pf_status'}); + $vhost = $ConfigCluster->{'CLUSTER'}{'management_ip'}; } else { - $Listen = $management_network->{'Tip'}.":".$PfConfig->{'ports'}{'admin'}; - $vhost = $management_network->{'Tip'}.":".$PfConfig->{'ports'}{'admin'}; + push (@Listen, $management_network->{'Tip'}.":".$PfConfig->{'ports'}{'admin'}); + push (@Listen, $management_network->{'Tip'}.":".$PfConfig->{'ports'}{'pf_status'}); + $vhost = $management_network->{'Tip'}; } } else { - $Listen = "0.0.0.0:".$PfConfig->{'ports'}{'admin'}; - $vhost = "0.0.0.0:".$PfConfig->{'ports'}{'admin'}; + push (@Listen, "0.0.0.0:".$PfConfig->{'ports'}{'admin'}); + push (@Listen, "0.0.0.0:".$PfConfig->{'ports'}{'pf_status'}); + $vhost = "0.0.0.0"; } $User = "pf"; $Group = "pf"; + $TypesConfig = '/etc/mime.types'; if (defined($PfConfig->{'alerting'}{'fromaddr'}) && $PfConfig->{'alerting'}{'fromaddr'} ne '') { @@ -137,8 +149,10 @@ $SSLHonorCipherOrder = "on"; $ErrorLog = $install_dir.'/logs/httpd.admin.error'; -$NameVirtualHost => $vhost; -push @{ $VirtualHost{$vhost} }, +push (@NameVirtualHost,$vhost.":".$PfConfig->{'ports'}{'admin'}); +push (@NameVirtualHost,$vhost.":".$PfConfig->{'ports'}{'pf_status'}); + +push @{ $VirtualHost{$vhost.":".$PfConfig->{'ports'}{'admin'}} }, { ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}, DocumentRoot => $install_dir.'/html/pfappserver/lib', @@ -148,8 +162,6 @@ push @{ $VirtualHost{$vhost} }, SSLEngine => 'on', Include => $var_dir.'/conf/ssl-certificates.conf', SSLProxyEngine => 'on', - # HSTS (mod_headers is required) (15768000 seconds = 6 months) - Header => 'always add Strict-Transport-Security "max-age=15768000"', PerlModule => 'pf::web::admin', PerlTransHandler => 'pf::web::admin->proxy_portal', ProxyRequests => 'off', @@ -166,6 +178,16 @@ push @{ $VirtualHost{$vhost} }, }, }, }; +push @{ $VirtualHost{$vhost.":".$PfConfig->{'ports'}{'pf_status'}} }, + { + ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}, + DocumentRoot => $install_dir.'/html/pfappserver/lib', + ErrorLog => $install_dir.'/logs/httpd.admin.error', + CustomLog => $install_dir.'/logs/httpd.admin.access combined', + AllowEncodedSlashes => "on", + PerlModule => 'pf::clustermgmt', + PerlTransHandler => 'pf::clustermgmt', + }; diff --git a/conf/httpd.conf.d/httpd.portal b/conf/httpd.conf.d/httpd.portal index c8dd051c80cd..a55de0c4e56e 100644 --- a/conf/httpd.conf.d/httpd.portal +++ b/conf/httpd.conf.d/httpd.portal @@ -144,8 +144,10 @@ TypesConfig /etc/mime.types BEGIN { use pf::log 'service' => 'httpd.portal'; } -use pf::config qw(); +use pf::config qw(); +use pf::constants::config; use pf::util qw(isenabled); +use pf::config::util; use pf::authentication(); use pf::web::constants(); use Tie::DxHash; @@ -175,6 +177,7 @@ $Include = $install_dir.'/conf/httpd.conf.d/log.conf'; $User = "pf"; $Group = "pf"; + $PerlOptions = "+GlobalRequest"; $ProxyRequests = "Off"; @@ -203,6 +206,7 @@ if( pf::config::isenabled ($PfConfig->{services}{httpd_mod_qos})) { $HostnameLookups = "off"; $MaxRequestsPerChild = "1000"; $PerlInitHandler = "pf::WebAPI::InitHandler"; +$PerlChildInitHandler = "pf::WebAPI::InitHandler::child_init"; $SSLPassPhraseDialog = "builtin"; @@ -218,7 +222,7 @@ $SSLHonorCipherOrder = "on"; $ErrorLog = $install_dir.'/logs/portal_error_log'; -my $routedNets = join(" ", pf::util::get_routed_isolation_nets(), pf::util::get_routed_registration_nets() , pf::util::get_inline_nets()); +my $routedNets = join(" ", pf::config::util::get_routed_isolation_nets(), pf::config::util::get_routed_registration_nets() , pf::config::util::get_inline_nets()); my $loadbalancersIp = join(" ", keys %{$pf::config::CAPTIVE_PORTAL{'loadbalancers_ip'}}); my $status_only_on_production = pf::config::isenabled ($PfConfig->{captive_portal}{status_only_on_production}); my $allowed_from_all_urls = ''; @@ -244,8 +248,8 @@ if ($guest_regist_allowed && isenabled($pf::config::Config{'guests_self_registra $allowed_from_all_urls .= "|$WEB::URL_SIGNUP|$WEB::CGI_SIGNUP|$WEB::URL_PREREGISTER"; } # /activate/email allowed if sponsor or email mode enabled -my $email_enabled = $pf::authentication::guest_self_registration{$SELFREG_MODE_EMAIL}; -my $sponsor_enabled = $pf::authentication::guest_self_registration{$SELFREG_MODE_SPONSOR}; +my $email_enabled = $pf::authentication::guest_self_registration{$pf::constants::config::SELFREG_MODE_EMAIL}; +my $sponsor_enabled = $pf::authentication::guest_self_registration{$pf::constants::config::SELFREG_MODE_SPONSOR}; if ($guest_regist_allowed && ($email_enabled || $sponsor_enabled)) { # | is for a regexp "or" as this is pulled from a 'Location ~' statement $allowed_from_all_urls .= "|$WEB::URL_EMAIL_ACTIVATION"; @@ -363,8 +367,6 @@ foreach my $interface (@internal_nets) { SSLEngine => 'on', SSLProxyEngine => 'on', Include => "${var_dir}/conf/ssl-certificates.conf", - # HSTS (mod_headers is required) (15768000 seconds = 6 months) - Header => 'always add Strict-Transport-Security "max-age=15768000"' )); } @@ -481,8 +483,6 @@ if (defined($management_network->{'Tip'}) && $management_network->{'Tip'} ne '') SSLEngine => 'on', SSLProxyEngine => 'on', Include => "${var_dir}/conf/ssl-certificates.conf", - # HSTS (mod_headers is required) (15768000 seconds = 6 months) - Header => 'always add Strict-Transport-Security "max-age=15768000"' ); } diff --git a/conf/httpd.conf.d/httpd.webservices b/conf/httpd.conf.d/httpd.webservices index 8b07216aeb16..a347ddab35e1 100644 --- a/conf/httpd.conf.d/httpd.webservices +++ b/conf/httpd.conf.d/httpd.webservices @@ -94,6 +94,7 @@ $User = "pf"; $Group = "pf"; $PerlInitHandler = "pf::WebAPI::InitHandler"; +$PerlChildInitHandler = "pf::WebAPI::InitHandler::child_init"; if (defined($PfConfig->{'alerting'}{'fromaddr'}) && $PfConfig->{'alerting'}{'fromaddr'} ne '') { $ServerAdmin = $PfConfig->{'alerting'}{'fromaddr'}; @@ -149,8 +150,6 @@ if (defined($management_network->{'Tip'}) && $management_network->{'Tip'} ne '') CustomLog => $install_dir.'/logs/httpd.webservices.access combined', SSLEngine => 'on', Include => $var_dir.'/conf/ssl-certificates.conf', - # HSTS (mod_headers is required) (15768000 seconds = 6 months) - Header => 'always add Strict-Transport-Security "max-age=15768000"', Location => { "/" => { SetHandler => 'modperl', diff --git a/conf/iptables.conf.example b/conf/iptables.conf.example index 03e374c02bbc..08dddfaa7244 100644 --- a/conf/iptables.conf.example +++ b/conf/iptables.conf.example @@ -14,12 +14,20 @@ :input-management-if - [0:0] # SSH -A input-management-if --match state --state NEW --match tcp --protocol tcp --dport 22 --jump ACCEPT +# HTTP and HTTPS for the portal +-A input-management-if --protocol tcp --match tcp --dport 80 --jump ACCEPT +-A input-management-if --protocol tcp --match tcp --dport 443 --jump ACCEPT # Web Admin -A input-management-if --protocol tcp --match tcp --dport %%web_admin_port%% --jump ACCEPT # Webservices -A input-management-if --protocol tcp --match tcp --dport %%webservices_port%% --jump ACCEPT # AAA -A input-management-if --protocol tcp --match tcp --dport %%aaa_port%% --jump ACCEPT +# PacketFence Status +-A input-management-if --protocol tcp --match tcp --dport %%status_port%% --jump ACCEPT +# haproxy stats (uncomment if activating the haproxy dashboard) +#-A input-management-if --protocol tcp --match tcp --dport 1025 --jump ACCEPT + # RADIUS -A input-management-if --protocol tcp --match tcp --dport 1812 --jump ACCEPT -A input-management-if --protocol udp --match udp --dport 1812 --jump ACCEPT @@ -34,11 +42,15 @@ -A input-management-if --protocol tcp --match tcp --dport 9392 --jump ACCEPT # Nessus Administration Interface -A input-management-if --protocol tcp --match tcp --dport 8834 --jump ACCEPT -# HTTPS for email confirmation or sponsor activation on the captive portal (if enabled) -%%input_mgmt_guest_rules%% +# VRRP +-A input-management-if -d 224.0.0.0/8 -j ACCEPT +-A input-management-if -p vrrp -j ACCEPT +# Mysql +-A input-management-if --protocol tcp --match tcp --dport 3306 --jump ACCEPT :input-internal-vlan-if - [0:0] # DNS +-A input-internal-vlan-if --protocol tcp --match tcp --dport 53 --jump ACCEPT -A input-internal-vlan-if --protocol udp --match udp --dport 53 --jump ACCEPT # DHCP -A input-internal-vlan-if --protocol udp --match udp --dport 67 --jump ACCEPT @@ -46,6 +58,7 @@ # HTTP (captive-portal) -A input-internal-vlan-if --protocol tcp --match tcp --dport 80 --jump ACCEPT -A input-internal-vlan-if --protocol tcp --match tcp --dport 443 --jump ACCEPT +-A input-internal-vlan-if --protocol tcp --match tcp --dport 647 --jump ACCEPT %%input_inter_vlan_if%% :input-internal-inline-if - [0:0] @@ -68,6 +81,7 @@ # allow everyone else behind inline interface (not registered, isolated, etc.) -A input-internal-inline-if --protocol tcp --match tcp --dport 80 --jump ACCEPT -A input-internal-inline-if --protocol tcp --match tcp --dport 443 --jump ACCEPT +-A input-internal-inline-if --protocol tcp --match tcp --dport 647 --jump ACCEPT %%input_inter_inline_rules%% :input-highavailability-if - [0:0] @@ -78,6 +92,8 @@ -A input-highavailability-if --protocol udp --match udp --dport 5407 --jump ACCEPT #DRBD -A input-highavailability-if --protocol tcp --match tcp --dport 7788 --jump ACCEPT +# Heartbeat +-A input-highavailability-if --protocol tcp --match tcp --dport 694 --jump ACCEPT ### FORWARD ### :FORWARD DROP [0:0] diff --git a/conf/keepalived.conf.example b/conf/keepalived.conf.example new file mode 100644 index 000000000000..f4537bf1199c --- /dev/null +++ b/conf/keepalived.conf.example @@ -0,0 +1,17 @@ +global_defs { + notification_email { + %%emailaddr%% + } + notification_email_from %%fromaddr%% + smtp_server %%smtpserver%% + smtp_connect_timeout 30 + router_id LVS_DEVEL +} + +vrrp_script haproxy { + script "killall -0 haproxy" + interval 2 + weight 2 +} + +%%vrrp%% diff --git a/conf/locale/de/LC_MESSAGES/packetfence.po b/conf/locale/de/LC_MESSAGES/packetfence.po index 298f24352708..ed2c671274e9 100644 --- a/conf/locale/de/LC_MESSAGES/packetfence.po +++ b/conf/locale/de/LC_MESSAGES/packetfence.po @@ -7,14 +7,14 @@ # Translators: # Christian Mack , 2014 # Dennis B. , 2013 -# Ettore Atalan , 2014 +# Ettore Atalan , 2014-2015 # inverse , 2013 # Tino Matysiak , 2011 msgid "" msgstr "" "Project-Id-Version: PacketFence\n" -"PO-Revision-Date: 2015-03-05 20:55+0000\n" -"Last-Translator: inverse \n" +"PO-Revision-Date: 2015-03-08 15:13+0000\n" +"Last-Translator: Ettore Atalan \n" "Language-Team: German (http://www.transifex.com/projects/p/packetfence/language/de/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -1098,12 +1098,12 @@ msgstr "" # html/captive-portal/templates/provisioner/sepm.html msgid "Alternate installer" -msgstr "" +msgstr "Alternatives Installationsprogramm" # html/captive-portal/templates/provisioner/mobileiron.html # html/captive-portal/templates/provisioner/sepm.html msgid "Click here to download" -msgstr "" +msgstr "Klicken Sie hier zum Herunterladen" # html/captive-portal/templates/provisioner/ibm.html # html/captive-portal/templates/provisioner/opswat.html @@ -1126,7 +1126,7 @@ msgstr "" # html/captive-portal/templates/device-registration.html msgid "Device Type" -msgstr "" +msgstr "GerƤtetyp" # html/captive-portal/templates/status.html msgid "Extend Access" @@ -1139,7 +1139,7 @@ msgstr "" # html/captive-portal/templates/gaming-registration.html msgid "Gaming Device Type" -msgstr "" +msgstr "SpielgerƤtetyp" # html/captive-portal/templates/gaming-landing.html msgid "Gaming Landing" @@ -1147,7 +1147,7 @@ msgstr "" # html/captive-portal/templates/guest/sms_confirmation.html msgid "I don't have a PIN" -msgstr "" +msgstr "Ich habe keine PIN" # html/captive-portal/templates/provisioner/mobileiron.html msgid "If you are using an Android phone or tablet," @@ -1161,7 +1161,7 @@ msgstr "" # html/captive-portal/templates/activated.html msgid "Local account creation" -msgstr "" +msgstr "Lokale Kontoerstellung" # html/captive-portal/templates/status.html msgid "Login to manage registered devices" @@ -1172,29 +1172,29 @@ msgstr "" # html/captive-portal/templates/login.html # html/captive-portal/templates/status.html msgid "Login with Facebook account" -msgstr "" +msgstr "Mit Facebook-Konto anmelden" # html/captive-portal/templates/device-login.html # html/captive-portal/templates/gaming-login.html # html/captive-portal/templates/login.html # html/captive-portal/templates/status.html msgid "Login with GitHub account" -msgstr "" +msgstr "Mit GitHub-Konto anmelden" # html/captive-portal/templates/device-login.html # html/captive-portal/templates/gaming-login.html # html/captive-portal/templates/login.html # html/captive-portal/templates/status.html msgid "Login with Google account" -msgstr "" +msgstr "Mit Google-Konto anmelden" # html/captive-portal/templates/login.html msgid "Login with LinkedIn account" -msgstr "" +msgstr "Mit LinkedIn-Konto anmelden" # html/captive-portal/templates/login.html msgid "Login with Windows Live account" -msgstr "" +msgstr "Mit Windows-Live-Konto anmelden" # html/captive-portal/templates/pending.html # html/captive-portal/templates/release.html @@ -1203,7 +1203,7 @@ msgstr "" # html/captive-portal/templates/status.html msgid "OS Type" -msgstr "" +msgstr "BS-Typ" # html/captive-portal/templates/provisioner/ibm.html # html/captive-portal/templates/provisioner/opswat.html @@ -1264,33 +1264,33 @@ msgstr "" # html/captive-portal/templates/violations/zotob.fr.html # html/captive-portal/templates/violations/zotob.html msgid "Quarantine" -msgstr "" +msgstr "QuarantƤne" # html/captive-portal/templates/device-registration.html # html/captive-portal/templates/gaming-registration.html msgid "Register" -msgstr "" +msgstr "Registrieren" # html/captive-portal/templates/device-registration.html # html/captive-portal/templates/gaming-registration.html msgid "Registration" -msgstr "" +msgstr "Registrierung" # html/captive-portal/templates/status.html msgid "Registration Date" -msgstr "" +msgstr "Registrierungsdatum" # html/captive-portal/templates/device-registration.html msgid "Select Console" -msgstr "" +msgstr "Konsole auswƤhlen" # html/captive-portal/templates/gaming-registration.html msgid "Select Gaming Console" -msgstr "" +msgstr "Spielkonsole auswƤhlen" # html/captive-portal/templates/status.html msgid "State - Network Access" -msgstr "" +msgstr "Status - Netzwerkzugang" # html/captive-portal/templates/provisioner/mobileiron.html msgid "To complete your network activation you need to install MobileIron" @@ -1334,7 +1334,7 @@ msgstr "" # html/captive-portal/templates/status.html msgid "You have no registered devices." -msgstr "" +msgstr "Sie haben keine registrierten GerƤte." # html/captive-portal/templates/provisioner/accept.html msgid "You should not seeing this page, something went wrong." @@ -1342,7 +1342,7 @@ msgstr "" # html/captive-portal/templates/status.html msgid "Your Network Access Status" -msgstr "" +msgstr "Ihr Netzwerkzugangsstatus" # html/captive-portal/templates/status.html msgid "Your current device is not registered on our network." @@ -1362,4 +1362,4 @@ msgstr "" # html/captive-portal/templates/status.html msgid "Your registered devices" -msgstr "" +msgstr "Ihr registrierten GerƤte" diff --git a/conf/locale/pt_BR/LC_MESSAGES/packetfence.po b/conf/locale/pt_BR/LC_MESSAGES/packetfence.po index 2bd46e9174cc..356dc276574b 100644 --- a/conf/locale/pt_BR/LC_MESSAGES/packetfence.po +++ b/conf/locale/pt_BR/LC_MESSAGES/packetfence.po @@ -6,15 +6,17 @@ # # Translators: # Brivaldo Junior , 2011 -# Diego de Souza Lopes , 2011-2014 +# Diego de Souza Lopes , 2011-2015 # Diego de Souza Lopes , 2013 # Diego de Souza Lopes , 2011, 2012 # inverse , 2013 +# Liliane Lewis Xerxenevsky , 2015 +# Sandro Wambier , 2015 msgid "" msgstr "" "Project-Id-Version: PacketFence\n" -"PO-Revision-Date: 2015-03-05 20:55+0000\n" -"Last-Translator: inverse \n" +"PO-Revision-Date: 2015-04-10 17:50+0000\n" +"Last-Translator: Liliane Lewis Xerxenevsky \n" "Language-Team: Portuguese (Brazil) (http://www.transifex.com/projects/p/packetfence/language/pt_BR/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -696,7 +698,7 @@ msgstr "Seu sistema foi encontrado infectado por um worm Zotob e estĆ” explorand msgid "" "Your network access is currently being enabled. Once network connectivity is" " established you will be automatically redirected." -msgstr "O seu acesso Ć  rede estĆ” atualmente sendo ativado. Uma vez que, a conectividade da rede for estabelecida, o usuĆ”rio serĆ” automaticamente redirecionado." +msgstr "Aguarde, seu acesso Ć  rede estĆ” sendo ativado." msgid "Your network access is currently being enabled. Please wait..." msgstr "O seu acesso Ć  rede estĆ” sendo ativado. Por favor, aguarde..." @@ -938,7 +940,7 @@ msgid "" msgstr "Houve um problema ao tentar localizar o computador para registrar. O problema foi registrado." msgid "does not have permission to sponsor a user" -msgstr "" +msgstr "Sem permissĆ£o para patrocinar um usuĆ”rio" msgid "" "The device with MAC address %s has already been authorized to your network." @@ -954,7 +956,7 @@ msgid "Guest pre-registration is not allowed by policy" msgstr "PrĆ©-registro de Convidado nĆ£o Ć© permitido pela polĆ­tica." msgid "Maximum amount of retries attempted" -msgstr "" +msgstr "Quantidade mĆ”xima de tentativas ao tentar novamente" msgid "" "If you choose to have your access sponsored, we will send " @@ -1088,122 +1090,122 @@ msgstr "Desde que o modo NAT Ć© desativado, o PacketFence irĆ” ajustar Ć s regra msgid "" "A local account has been created to allow access to node status features. " "Here are the information associated with that account" -msgstr "" +msgstr "Uma conta local foi criada para dar acesso ao status do nĆ³. Aqui estĆ£o as informaƧƵes relacionadas a esta conta." # html/captive-portal/templates/provisioner/deny.html msgid "" "According to the provisioner configuration, this device cannot access the " "network." -msgstr "" +msgstr "De acordo com a configuraĆ§Ć£o de provisioner, este dispositivo nĆ£o pode acessar a rede." # html/captive-portal/templates/provisioner/sepm.html msgid "Alternate installer" -msgstr "" +msgstr "Instalador alternativo" # html/captive-portal/templates/provisioner/mobileiron.html # html/captive-portal/templates/provisioner/sepm.html msgid "Click here to download" -msgstr "" +msgstr "Clique aqui para fazer o download" # html/captive-portal/templates/provisioner/ibm.html # html/captive-portal/templates/provisioner/opswat.html # html/captive-portal/templates/provisioner/symantec.html msgid "Click here to go to the download website" -msgstr "" +msgstr "Clique aqui para ir atĆ© a pĆ”gina de download" # html/captive-portal/templates/provisioner/windows.html msgid "Click to download the agent." -msgstr "" +msgstr "Clique aqui para fazer o download do agente" # html/captive-portal/templates/device-registration.html # html/captive-portal/templates/gaming-registration.html msgid "Device MAC address" -msgstr "" +msgstr "EndereƧo MAC do dispositivo" # html/captive-portal/templates/device-landing.html msgid "Device Registration Landing" -msgstr "" +msgstr "Registro de dispositivo de desembarque" # html/captive-portal/templates/device-registration.html msgid "Device Type" -msgstr "" +msgstr "Tipo do dispositivo" # html/captive-portal/templates/status.html msgid "Extend Access" -msgstr "" +msgstr "Estender Acesso" # html/captive-portal/templates/violations/bandwidth_expiration.html # html/captive-portal/templates/violations/time_expiration.html msgid "Expiration" -msgstr "" +msgstr "ExpiraĆ§Ć£o" # html/captive-portal/templates/gaming-registration.html msgid "Gaming Device Type" -msgstr "" +msgstr "Tipo de dispositivo de Gaming" # html/captive-portal/templates/gaming-landing.html msgid "Gaming Landing" -msgstr "" +msgstr "Desembarque de Gaming" # html/captive-portal/templates/guest/sms_confirmation.html msgid "I don't have a PIN" -msgstr "" +msgstr "Eu nĆ£o tenho um PIN" # html/captive-portal/templates/provisioner/mobileiron.html msgid "If you are using an Android phone or tablet," -msgstr "" +msgstr "Se vocĆŖ estĆ” usando um telefone ou tablet Android," # html/captive-portal/templates/provisioner/windows.html msgid "" "In order to complete your connection to the secure SSID, you will need to " "run the agent available below." -msgstr "" +msgstr "A fim de completar sua conexĆ£o com o SSID seguro, vocĆŖ precisarĆ” de executar o agente disponĆ­vel abaixo." # html/captive-portal/templates/activated.html msgid "Local account creation" -msgstr "" +msgstr "CriaĆ§Ć£o de conta Local" # html/captive-portal/templates/status.html msgid "Login to manage registered devices" -msgstr "" +msgstr "Conecte-se para gerenciar dispositivos registrados" # html/captive-portal/templates/device-login.html # html/captive-portal/templates/gaming-login.html # html/captive-portal/templates/login.html # html/captive-portal/templates/status.html msgid "Login with Facebook account" -msgstr "" +msgstr "Conecte-se com conta Facebook" # html/captive-portal/templates/device-login.html # html/captive-portal/templates/gaming-login.html # html/captive-portal/templates/login.html # html/captive-portal/templates/status.html msgid "Login with GitHub account" -msgstr "" +msgstr "Conecte-se com conta GitHub" # html/captive-portal/templates/device-login.html # html/captive-portal/templates/gaming-login.html # html/captive-portal/templates/login.html # html/captive-portal/templates/status.html msgid "Login with Google account" -msgstr "" +msgstr "Conecte-se com conta Google" # html/captive-portal/templates/login.html msgid "Login with LinkedIn account" -msgstr "" +msgstr "Conecte-se com conta Linkedln" # html/captive-portal/templates/login.html msgid "Login with Windows Live account" -msgstr "" +msgstr "Conecte-se com conta Windows Live" # html/captive-portal/templates/pending.html # html/captive-portal/templates/release.html msgid "Network access has been granted" -msgstr "" +msgstr "O acesso Ć  rede foi concedido" # html/captive-portal/templates/status.html msgid "OS Type" -msgstr "" +msgstr "Tipo de SO" # html/captive-portal/templates/provisioner/ibm.html # html/captive-portal/templates/provisioner/opswat.html @@ -1211,18 +1213,18 @@ msgstr "" msgid "" "Once the application is installed, click 'Continue' to activate your network" " connection" -msgstr "" +msgstr "Uma vez que a aplicaĆ§Ć£o estĆ” instalada, clique em \"Continuar\" para ativar sua conexĆ£o a rede" # html/captive-portal/templates/provisioner/mobileiron.html # html/captive-portal/templates/provisioner/sepm.html msgid "" "Once the application is installed, click next to activate your network " "connection" -msgstr "" +msgstr "Uma vez que a aplicaĆ§Ć£o estĆ” instalada, clique em prĆ³ximo para ativar sua conexĆ£o a rede" # html/captive-portal/templates/status.html msgid "Open in new popup window" -msgstr "" +msgstr "Abrir em uma nova janela pop-up" # html/captive-portal/templates/violations/bandwidth_expiration.html # html/captive-portal/templates/violations/bandwidth_limit.fr.html @@ -1264,102 +1266,102 @@ msgstr "" # html/captive-portal/templates/violations/zotob.fr.html # html/captive-portal/templates/violations/zotob.html msgid "Quarantine" -msgstr "" +msgstr "Quarentena" # html/captive-portal/templates/device-registration.html # html/captive-portal/templates/gaming-registration.html msgid "Register" -msgstr "" +msgstr "Registrar" # html/captive-portal/templates/device-registration.html # html/captive-portal/templates/gaming-registration.html msgid "Registration" -msgstr "" +msgstr "Registro" # html/captive-portal/templates/status.html msgid "Registration Date" -msgstr "" +msgstr "Data de Registro" # html/captive-portal/templates/device-registration.html msgid "Select Console" -msgstr "" +msgstr "Selecionar Console" # html/captive-portal/templates/gaming-registration.html msgid "Select Gaming Console" -msgstr "" +msgstr "Selecionar Console Gaming" # html/captive-portal/templates/status.html msgid "State - Network Access" -msgstr "" +msgstr "Estado - Acesso Ć  Rede" # html/captive-portal/templates/provisioner/mobileiron.html msgid "To complete your network activation you need to install MobileIron" -msgstr "" +msgstr "Para completar sua ativaĆ§Ć£o a rede vocĆŖ precisa instalar o MobileIron" # html/captive-portal/templates/provisioner/ibm.html msgid "" "To complete your network activation you need to install the IBM client." -msgstr "" +msgstr "Para completar sua ativaĆ§Ć£o a rede vocĆŖ precisa instalar o cliente IBM." # html/captive-portal/templates/provisioner/opswat.html msgid "" "To complete your network activation you need to install the OPSWAT GEARS " "client." -msgstr "" +msgstr "Para completar sua ativaĆ§Ć£o a rede vocĆŖ precisa instalar o cliente OPSWAT GEARS." # html/captive-portal/templates/provisioner/sepm.html msgid "" "To complete your network activation you need to install the Symantec " "Endpoint Manager" -msgstr "" +msgstr "Para completar sua ativaĆ§Ć£o a rede vocĆŖ precisa instalar o Symantec Endpoint Manager" # html/captive-portal/templates/provisioner/symantec.html msgid "" "To complete your network activation you need to install the Symantec client." -msgstr "" +msgstr "Para completar sua ativaĆ§Ć£o a rede vocĆŖ precisa instalar o cliente Symantec." # html/captive-portal/templates/provisioner/accept.html msgid "" "To the administrator : you should probably file a bug report on the " "PacketFence website" -msgstr "" +msgstr "Para o administrador: vocĆŖ provavelmente deve enviar um relatĆ³rio de bug no site do PacketFence" # html/captive-portal/templates/provisioner/accept.html msgid "To the user : try clicking Continue to see if it fixes the problem" -msgstr "" +msgstr "Para o usuĆ”rio: experimente clicar em \"Continuar\" para ver se resolve o problema" # html/captive-portal/templates/status.html msgid "Unregister" -msgstr "" +msgstr "Cancelar Registro" # html/captive-portal/templates/status.html msgid "You have no registered devices." -msgstr "" +msgstr "VocĆŖ nĆ£o tem dispositivos registrados." # html/captive-portal/templates/provisioner/accept.html msgid "You should not seeing this page, something went wrong." -msgstr "" +msgstr "VocĆŖ nĆ£o deve ver esta pĆ”gina, algo deu errado." # html/captive-portal/templates/status.html msgid "Your Network Access Status" -msgstr "" +msgstr "Seus status de acesso Ć  rede" # html/captive-portal/templates/status.html msgid "Your current device is not registered on our network." -msgstr "" +msgstr "Seu dispositivo atual nĆ£o estĆ” registrado em nossa rede." # html/captive-portal/templates/status.html msgid "Your network access ends in " -msgstr "" +msgstr "Seu acesso Ć  rede termina em " # html/captive-portal/templates/status.html msgid "Your network access has expired." -msgstr "" +msgstr "Seu acesso Ć  rede expirou." # html/captive-portal/templates/status.html msgid "Your network access is paused" -msgstr "" +msgstr "Seu acesso Ć  rede estĆ” pausado" # html/captive-portal/templates/status.html msgid "Your registered devices" -msgstr "" +msgstr "Seus dispositivos registrados" diff --git a/conf/log.conf.d/httpd.admin.conf.example b/conf/log.conf.d/httpd.admin.conf.example index 6d744ab84445..7a1dcda8005b 100644 --- a/conf/log.conf.d/httpd.admin.conf.example +++ b/conf/log.conf.d/httpd.admin.conf.example @@ -4,10 +4,15 @@ log4perl.rootLogger = INFO, HTTPD_ADMIN ### Catalyst logger ### ## Used to separate Catalyst framework logs in a different log file log4perl.category.Catalyst = WARN, CATALYST - ## Prevent the message from bubbling up to it's parents log4perl.additivity.Catalyst = 0 +### Fingerbank logger ### +## Used to separate Fingerbank logs in a different log file +log4perl.category.fingerbank = INFO, FINGERBANK +## Prevent the message from bubbling up to it's parents +log4perl.additivity.fingerbank = 0 + ### Categories ### # Below, you can specify different categories (based on package names) for different logging levels #log4perl.category.pf.SNMP = WARN @@ -23,7 +28,6 @@ log4perl.appender.HTTPD_ADMIN.umask = 0002 log4perl.appender.HTTPD_ADMIN.user = pf log4perl.appender.HTTPD_ADMIN.group = pf - ### General Catalyst (pfappserver) log facility configuration ### log4perl.appender.CATALYST = Log::Log4perl::Appender::File log4perl.appender.CATALYST.filename = /usr/local/pf/logs/httpd.admin.catalyst @@ -33,3 +37,13 @@ log4perl.appender.CATALYST.layout.ConversionPattern = %d{MMM dd HH:mm:ss} log4perl.appender.CATALYST.umask = 0002 log4perl.appender.CATALYST.user = pf log4perl.appender.CATALYST.group = pf + +### General Fingerbank log facility configuration ### +log4perl.appender.FINGERBANK = Log::Log4perl::Appender::File +log4perl.appender.FINGERBANK.filename = /usr/local/fingerbank/logs/fingerbank.log +log4perl.appender.FINGERBANK.mode = append +log4perl.appender.FINGERBANK.layout = PatternLayout +log4perl.appender.FINGERBANK.layout.ConversionPattern = %d{MMM dd HH:mm:ss} %X{proc}(%X{tid}) %p: %m (%M)%n +log4perl.appender.FINGERBANK.umask = 0002 +log4perl.appender.FINGERBANK.user = pf +log4perl.appender.FINGERBANK.group = pf diff --git a/conf/log.conf.d/httpd.portal.conf.example b/conf/log.conf.d/httpd.portal.conf.example index 3fc34e07026e..374c68574fcd 100644 --- a/conf/log.conf.d/httpd.portal.conf.example +++ b/conf/log.conf.d/httpd.portal.conf.example @@ -8,6 +8,12 @@ log4perl.category.Catalyst = WARN, CATALYST ## Prevent the message from bubbling up to it's parents log4perl.additivity.Catalyst = 0 +### Fingerbank logger ### +## Used to separate Fingerbank logs in a different log file +log4perl.category.fingerbank = INFO, FINGERBANK +## Prevent the message from bubbling up to it's parents +log4perl.additivity.fingerbank = 0 + ### Categories ### # Below, you can specify different categories (based on package names) for different logging levels #log4perl.category.pf.SNMP = WARN @@ -35,3 +41,13 @@ log4perl.appender.CATALYST.layout.ConversionPattern = %d{MMM dd HH:mm:ss} log4perl.appender.CATALYST.umask = 0002 log4perl.appender.CATALYST.user = pf log4perl.appender.CATALYST.group = pf + +### General Fingerbank log facility configuration ### +log4perl.appender.FINGERBANK = Log::Log4perl::Appender::File +log4perl.appender.FINGERBANK.filename = /usr/local/fingerbank/logs/fingerbank.log +log4perl.appender.FINGERBANK.mode = append +log4perl.appender.FINGERBANK.layout = PatternLayout +log4perl.appender.FINGERBANK.layout.ConversionPattern = %d{MMM dd HH:mm:ss} %X{proc}(%X{tid}) %p: %m (%M)%n +log4perl.appender.FINGERBANK.umask = 0002 +log4perl.appender.FINGERBANK.user = pf +log4perl.appender.FINGERBANK.group = pf diff --git a/conf/log.conf.d/pfconfig.conf.example b/conf/log.conf.d/pfconfig.conf.example new file mode 100644 index 000000000000..07b0574bf95a --- /dev/null +++ b/conf/log.conf.d/pfconfig.conf.example @@ -0,0 +1,18 @@ +### pfdns logger ### +log4perl.rootLogger = ERROR, PFCONFIG + +### Categories ### +# Below, you can specify different categories (based on package names) for different logging levels +#log4perl.category.pf.SNMP = WARN + +### Logging for pfdns +log4perl.appender.PFCONFIG = Log::Log4perl::Appender::File +log4perl.appender.PFCONFIG.filename = /usr/local/pf/logs/pfconfig.log +log4perl.appender.PFCONFIG.syswrite = 1 +log4perl.appender.PFCONFIG.mode = append +log4perl.appender.PFCONFIG.layout = PatternLayout +log4perl.appender.PFCONFIG.layout.ConversionPattern = %d{MMM dd HH:mm:ss} %X{proc}(%X{tid}) %p: %m %n +log4perl.appender.PFCONFIG.umask = 0002 +log4perl.appender.PFCONFIG.user = pf +log4perl.appender.PFCONFIG.group = pf + diff --git a/conf/log.conf.d/pfdhcplistener.conf.example b/conf/log.conf.d/pfdhcplistener.conf.example index d7a044ac247d..48474679e456 100644 --- a/conf/log.conf.d/pfdhcplistener.conf.example +++ b/conf/log.conf.d/pfdhcplistener.conf.example @@ -5,6 +5,12 @@ log4perl.rootLogger = INFO, PFDHCPLISTENER # Below, you can specify different categories (based on package names) for different logging levels #log4perl.category.pf.SNMP = WARN +### Fingerbank logger ### +## Used to separate Fingerbank logs in a different log file +log4perl.category.fingerbank = INFO, FINGERBANK +## Prevent the message from bubbling up to it's parents +log4perl.additivity.fingerbank = 0 + ### Logging for pfdhcplistener log4perl.appender.PFDHCPLISTENER = Log::Log4perl::Appender::File log4perl.appender.PFDHCPLISTENER.filename = /usr/local/pf/logs/pfdhcplistener.log @@ -16,3 +22,12 @@ log4perl.appender.PFDHCPLISTENER.umask = 0002 log4perl.appender.PFDHCPLISTENER.user = pf log4perl.appender.PFDHCPLISTENER.group = pf +### General Fingerbank log facility configuration ### +log4perl.appender.FINGERBANK = Log::Log4perl::Appender::File +log4perl.appender.FINGERBANK.filename = /usr/local/fingerbank/logs/fingerbank.log +log4perl.appender.FINGERBANK.mode = append +log4perl.appender.FINGERBANK.layout = PatternLayout +log4perl.appender.FINGERBANK.layout.ConversionPattern = %d{MMM dd HH:mm:ss} %X{proc}(%X{tid}) %p: %m (%M)%n +log4perl.appender.FINGERBANK.umask = 0002 +log4perl.appender.FINGERBANK.user = pf +log4perl.appender.FINGERBANK.group = pf diff --git a/conf/pf-release b/conf/pf-release index 7fe35055ca1c..e2366e695ca9 100644 --- a/conf/pf-release +++ b/conf/pf-release @@ -1 +1 @@ -PacketFence 4.7.0 +PacketFence 5.0.0 diff --git a/conf/pf.conf.defaults b/conf/pf.conf.defaults index fa698f592365..b029cb406c25 100644 --- a/conf/pf.conf.defaults +++ b/conf/pf.conf.defaults @@ -274,6 +274,11 @@ soap=9090 # # Port of the aaa http interface listens on. aaa=7070 +# +#port.pf_status +# +# Port of the packetfence status http interface listends on. +pf_status=9191 [scan] # @@ -433,6 +438,11 @@ ldap_auth=enabled # Should DHCPd be managed by PacketFence? dhcpd=enabled # +# services.haproxy +# +# Should haproxy be started? +haproxy=enabled +# # services.pfdns # # Should pfdns be managed by PacketFence? @@ -513,6 +523,11 @@ pfmon=enabled # Should pfdhcplistener be started? pfdhcplistener=enabled # +# services.keepalived +# +# Should keepalived be started? +keepalived=enabled +# # services.snort_binary # # Location of the snort binary. Only necessary to change if you are not running the RPMed version. @@ -523,6 +538,11 @@ snort_binary=/usr/sbin/snort # Location of the suricata binary. suricata_binary=/usr/bin/suricata # +# services.haproxy_binary +# +# Location of the haproxy binary. Only necessary to change if you are not running the RPMed version. +haproxy_binary=/usr/sbin/haproxy +# # services.httpd_binary # # Location of the apache binary. Only necessary to change if you are not running the RPMed version. @@ -557,6 +577,11 @@ iptables_binary=/sbin/iptables # # Location of the memcached binary. Only necessary to change if you are not running the pre-packaged version. memcached_binary=/usr/bin/memcached +# +# services.keepalived_binary +# +# Location of the keepalived binary. Only necessary to change if you are not running the RPMed version. +keepalived_binary=/usr/sbin/keepalived # # services.memcached_memory_usage # @@ -757,6 +782,50 @@ pfcmd_warning_color=yellow # # Color of the success text for pfcmd pfcmd_success_color=green +# +# advanced.hash_passwords +# +# The algorithm to use to hash the passwords in the local database. +hash_passwords=bcrypt + +# +# advanced.hashing_cost +# +# The cost factor to apply to the password hashing if applicable. +# Currently only applies to bcrypt. +hashing_cost=8 + +[omapi] +# +# omapi.ip2mac_lookup +# +# Use OMAPI to query DHCPd for the MAC address of a given IP address +ip2mac_lookup=enabled +# +# omapi.mac2ip_lookup +# +# Use OMAPI to query DHCPd for the IP address of a given MAC address +mac2ip_lookup=enabled +# +# omapi.key_name +# +# The OMAPI key name for signing messages +key_name=pf_omapi_key +# +# omapi.key_base64 +# +# The OMAPI base64 key for signing messages +key_base64= +# +# omapi.port +# +# The OMAPI port number +port=7911 +# +# omapi.host +# +# The OMAPI host +host=localhost [provisioning] # @@ -820,7 +889,7 @@ mirapay_hash_password = # node_import.pid # # Default pid value to assign to imported nodes. -pid=admin +pid=default # # node_import.category # @@ -955,3 +1024,26 @@ provisioning_compliance_poll_interval=300s # # Interval at which Packetfence purges the ldap_auth cache ldap_auth_cache_cleanup_interval=600s + +[active_active] +# +# active_active.password +# +# Shared KEY for vrrp protocol (Must be the same on all members). +password=1234 +# +# active_active.virtual_router_id +# +# Shared KEY for vrrp protocol (Must be the same on all members). +virtual_router_id=50 + +[monitoring] +# +# monitoring.statsd_host +# +statsd_host=localhost +# +# monitoring.statsd_port +# +statsd_port=8125 + diff --git a/conf/pfconfig.conf.example b/conf/pfconfig.conf.example new file mode 100644 index 000000000000..480b9d81c433 --- /dev/null +++ b/conf/pfconfig.conf.example @@ -0,0 +1,6 @@ +[mysql] +host=localhost +user=pf +pass=packet +db=pf +port=3306 diff --git a/conf/radiusd/clients.conf.inc.example b/conf/radiusd/clients.conf.inc.example new file mode 100644 index 000000000000..61b125811cdd --- /dev/null +++ b/conf/radiusd/clients.conf.inc.example @@ -0,0 +1 @@ +%%config%% diff --git a/conf/radiusd/packetfence-cluster.example b/conf/radiusd/packetfence-cluster.example new file mode 100644 index 000000000000..55dca2472c52 --- /dev/null +++ b/conf/radiusd/packetfence-cluster.example @@ -0,0 +1,60 @@ +listen { + ipaddr = %%virt_ip%% + port = 0 + type = auth + virtual_server = pf.cluster +} + +listen { + ipaddr = %%virt_ip%% + port = 0 + type = acct + virtual_server = pf.cluster +} + +%%members%% + +# Put all of the servers into a pool. +home_server_pool pf_pool.cluster { + type = client-port-balance + +%%home_server%% + +} + +home_server_pool pfacct_pool.cluster { + type = load-balance + +%%home_server%% + +} + +realm packetfence { + auth_pool = pf_pool.cluster + acct_pool = pfacct_pool.cluster +} + +server pf.cluster { + pre-proxy { + # Insert pre-proxy rules here + } + + post-proxy { + } + + authorize { + update control { + Proxy-To-Realm := "packetfence" + } + } + + + authenticate { + } + accounting { + update control { + Proxy-To-Realm := "packetfence" + } + } + +} diff --git a/conf/radiusd/sql.conf.example b/conf/radiusd/sql.conf.example index 93692085585b..3ca447a54c12 100644 --- a/conf/radiusd/sql.conf.example +++ b/conf/radiusd/sql.conf.example @@ -45,7 +45,7 @@ sql pfguest { acct_table1 = "radacct" acct_table2 = "radacct" postauth_table = "radpostauth" - authcheck_table = "temporary_password" + authcheck_table = "password" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" @@ -63,7 +63,7 @@ sql pfguest { JOIN activation using (pid) \ WHERE pid = '%{SQL-User-Name}' \ AND (SELECT type from activation WHERE pid='%{SQL-User-Name}' ORDER BY code_id DESC LIMIT 1) = \"guest\" \ - AND now() <= temporary_password.unregdate \ + AND now() <= password.unregdate \ LIMIT 1 " authorize_reply_query = "" @@ -87,7 +87,7 @@ sql pfsponsor { acct_table1 = "radacct" acct_table2 = "radacct" postauth_table = "radpostauth" - authcheck_table = "temporary_password" + authcheck_table = "password" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" @@ -105,7 +105,7 @@ sql pfsponsor { JOIN activation using (pid) \ WHERE pid = '%{SQL-User-Name}' \ AND (SELECT type from activation WHERE pid='%{SQL-User-Name}' ORDER BY code_id DESC LIMIT 1) = \"sponsor\" \ - AND now() <= temporary_password.unregdate \ + AND now() <= password.unregdate \ LIMIT 1 " authorize_reply_query = "" @@ -129,7 +129,7 @@ sql pfsms { acct_table1 = "radacct" acct_table2 = "radacct" postauth_table = "radpostauth" - authcheck_table = "temporary_password" + authcheck_table = "password" authreply_table = "radreply" groupcheck_table = "radgroupcheck" @@ -148,7 +148,7 @@ sql pfsms { JOIN activation using (pid) \ WHERE pid = '%{SQL-User-Name}' \ AND (SELECT type from activation WHERE pid='%{SQL-User-Name}' ORDER BY code_id DESC LIMIT 1) = \"sms\" \ - AND now() <= temporary_password.unregdate \ + AND now() <= password.unregdate \ LIMIT 1 " @@ -174,7 +174,7 @@ sql pflocal { acct_table1 = "radacct" acct_table2 = "radacct" postauth_table = "radpostauth" - authcheck_table = "temporary_password" + authcheck_table = "password" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" diff --git a/conf/violations.conf.example b/conf/violations.conf.example index 12e9312b2c6a..0b53ce699d45 100644 --- a/conf/violations.conf.example +++ b/conf/violations.conf.example @@ -49,44 +49,41 @@ enabled=Y vlan=registration # -# Example config to block a whole class of devices based on their MAC address -# Trigger format: The number is a decimal representation of the OUI (Vendor) portion of the MAC. -# To generate such a representation you can use perl -e "print hex('001620');" -# There is a copy of the oui.txt file in conf/ to help you match vendor name and vendor mac. +# Example config to block a whole class of devices based on their MAC address vendor +# Trigger format: The number is the ID of the MAC vendor from the 'MAC Vendor' list in Fingerbank (either 'upstream' or 'local' or both) +# +# The below example blocks MAC Vendor ID 42 which is 'IMC Networks corp.' # [1100003] desc=MAC Vendor isolation example template=banned_devices -trigger=VENDORMAC::5664 +trigger=MAC_VENDOR::42 actions=trap,email,log enabled=N # -# Example config to block an OS based on their dhcp fingerprint -# Trigger format: an id (defined as os_id in os_type table) -# Right now the only way to find the os id is to query the database but it should be feasible -# from the pfcmd tool or the web gui in the future. -# From a MySQL prompt, a 'select * from os_type;' will give you what you need. Just put in -# the os_id next to OS::. In exemple to block Windows 95 you would use: OS::104 +# Example config to block a device based on it's type or class +# Trigger format: The number is the ID of the device (type or class or both) from the 'Device' list in Fingerbank (either 'upstream' or 'local' or both) # # The below example blocks Windows 95, 98, 98SE, NT4 and ME. # [1100004] desc=Ancient OS isolation example template=banned_os -trigger=OS::104,OS::103,OS::106,OS::105,OS::102 +trigger=DEVICE::28,DEVICE::29,DEVICE::30,DEVICE::31,DEVICE::32 actions=trap,email,log enabled=N # # Example config to block a specific Browser User Agent -# This works in the same way as OS does. -# Trigger format: an id (as in configuration -> user-agent ) +# Trigger format: The number is the ID of the user-agent from the 'User Agent' list in Fingerbank (either 'upstream' or 'local' or both) +# +# The below example blocks user-agents IDs 101 and 102. # [1100005] desc=Browser isolation example template=banned_devices -trigger=USERAGENT::101,USERAGENT::102 +trigger=USER_AGENT::101,USER_AGENT::102 actions=trap,email,log enabled=N @@ -100,14 +97,14 @@ enabled=N [1100007] desc=Auto-register Device example priority=1 -trigger=OS::3,OS::6,OS::7,OS::8,OS::10,OS::12,OS::13 +trigger=DEVICE::3,DEVICE::6,DEVICE::7,DEVICE::8,DEVICE::10,DEVICE::12,DEVICE::13 actions=log,autoreg enabled=N [1100008] desc=Disable NATing Routers and APs template=nat -trigger=Detect::1100005,Detect::1100006,Detect::1100007,OS::4 +trigger=Detect::1100005,Detect::1100006,Detect::1100007,DEVICE::4 actions=trap,email,log enabled=N @@ -329,24 +326,23 @@ template=banned_devices actions=email,log,trap enabled=N priority=10 -trigger=USERAGENT::300,OS::11 +trigger=DEVICE::11 [3000002] -desc=Block iPhone and iPod touch +desc=Block Apple iPod, iPhone or iPad template=banned_devices actions=trap,email,log enabled=N priority=10 -trigger=OS::1102,USERAGENT::101,USERAGENT::102 +trigger=DEVICE::193 -# MAC vendors: 00:0f:86, 00:1c:cc, 00:21:06, 00:23:7a, 00:24:9f, 00:25:57 [3000003] desc=Block BlackBerries template=banned_devices actions=trap,email,log enabled=N priority=10 -trigger=VENDORMAC::3974,VENDORMAC::7372,VENDORMAC::8454,VENDORMAC::9082,VENDORMAC::9375,VENDORMAC::9559,USERAGENT::103 +trigger=DEVICE::192 [3000004] desc=Block PS3 and PSP @@ -354,13 +350,12 @@ template=banned_devices actions=trap,email,log enabled=N priority=10 -trigger=USERAGENT::111,USERAGENT::112,OS::605 +trigger=DEVICE::274 -# MAC vendor: 00:13:b6 [3000005] desc=Block Slingbox template=banned_devices actions=trap,email,log enabled=N priority=10 -trigger=VENDORMAC::5046,OS::703 +trigger=DEVICE::143 diff --git a/conf/vlan_filters.conf.example b/conf/vlan_filters.conf.example index 719012cbce1d..1991bed0cc50 100644 --- a/conf/vlan_filters.conf.example +++ b/conf/vlan_filters.conf.example @@ -1,6 +1,7 @@ # Vlan filter configuration # -# you can trigger rule on specific scope (NormalVlan, RegistrationVlan, ViolationVlan, AutoRegister, InlineVlan, NodeInfoForAutoReg) +# you can trigger rule on specific scope (NormalVlan, RegistrationVlan, ViolationVlan, AutoRegister, InlineVlan, NodeInfoForAutoReg, IsPhone) +# CAUTION: The IsPhone scope is only available on RADIUS based switches # # Make a simple rule like this: # @@ -39,6 +40,18 @@ # scope = NormalVlan # role = nointernet # +# This will autoregister any device beginning by a set of known Avaya MAC address OUI and consider it as phone +# +# [avaya_phones] +# filter = node_info +# operator = match +# attribute = mac +# value = ^(00:04:0d|84:83:71|00:07:3b|00:09:6e|00:0d:18|00:0d:28|00:1b:4f|24:d9:21|2c:f4:c5|34:75:c7|3c:b1:5b|70:38:ee|b4:b0:17).* +# +# [autoreg:avaya_phones] +# scope = IsPhone +# role = default +# # It means that when PacketFence tries to get the normal VLAN for the node and if the category of the node is # the default one and the ssid is OpenWrt-SECURE and the time is between 11am and 2pm from Monday to Friday, # we return the role "nointernet" (which you will have configured in the switch configuration). diff --git a/db/pf-schema-5.0.0.sql b/db/pf-schema-5.0.0.sql new file mode 100644 index 000000000000..c89f36372251 --- /dev/null +++ b/db/pf-schema-5.0.0.sql @@ -0,0 +1,908 @@ +-- +-- Table structure for table `class` +-- + +CREATE TABLE class ( + vid int(11) NOT NULL, + description varchar(255) NOT NULL default "none", + auto_enable char(1) NOT NULL default "Y", + max_enables int(11) NOT NULL default 0, + grace_period int(11) NOT NULL, + window varchar(255) NOT NULL default 0, + vclose int(11), + priority int(11) NOT NULL, + template varchar(255), + max_enable_url varchar(255), + redirect_url varchar(255), + button_text varchar(255), + enabled char(1) NOT NULL default "N", + vlan varchar(255), + target_category varchar(255), + delay_by int(11) NOT NULL default 0, + PRIMARY KEY (vid) +) ENGINE=InnoDB; + +-- +-- Table structure for table `trigger` +-- +CREATE TABLE `trigger` ( + vid int(11) default NULL, + tid_start varchar(255) NOT NULL, + tid_end varchar(255) NOT NULL, + type varchar(255) default NULL, + whitelisted_categories varchar(255) NOT NULL default '', + PRIMARY KEY (vid,tid_start,tid_end,type), + KEY `trigger` (tid_start,tid_end,type), + CONSTRAINT `0_64` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB; + +-- +-- Table structure for table `person` +-- + +CREATE TABLE person ( + pid varchar(255) NOT NULL, + `firstname` varchar(255) default NULL, + `lastname` varchar(255) default NULL, + `email` varchar(255) default NULL, + `telephone` varchar(255) default NULL, + `company` varchar(255) default NULL, + `address` varchar(255) default NULL, + `notes` varchar(255), + `sponsor` varchar(255) default NULL, + `anniversary` varchar(255) default NULL, + `birthday` varchar(255) default NULL, + `gender` char(1) default NULL, + `lang` varchar(255) default NULL, + `nickname` varchar(255) default NULL, + `cell_phone` varchar(255) default NULL, + `work_phone` varchar(255) default NULL, + `title` varchar(255) default NULL, + `building_number` varchar(255) default NULL, + `apartment_number` varchar(255) default NULL, + `room_number` varchar(255) default NULL, + `custom_field_1` varchar(255) default NULL, + `custom_field_2` varchar(255) default NULL, + `custom_field_3` varchar(255) default NULL, + `custom_field_4` varchar(255) default NULL, + `custom_field_5` varchar(255) default NULL, + `custom_field_6` varchar(255) default NULL, + `custom_field_7` varchar(255) default NULL, + `custom_field_8` varchar(255) default NULL, + `custom_field_9` varchar(255) default NULL, + `portal` varchar(255) default NULL, + `source` varchar(255) default NULL, + PRIMARY KEY (pid) +) ENGINE=InnoDB; + + +-- +-- Table structure for table `node_category` +-- + +CREATE TABLE `node_category` ( + `category_id` int NOT NULL AUTO_INCREMENT, + `name` varchar(255) NOT NULL, + `max_nodes_per_pid` int default 0, + `notes` varchar(255) default NULL, + PRIMARY KEY (`category_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; + +-- +-- Insert 'default' category +-- + +INSERT INTO `node_category` (category_id,name,notes) VALUES ("1","default","Placeholder role/category, feel free to edit"); + +-- +-- Insert 'guest' category +-- + +INSERT INTO `node_category` (category_id,name,notes) VALUES ("2","guest","Guests"); + +-- +-- Insert 'gaming' category +-- + +INSERT INTO `node_category` (category_id,name,notes) VALUES ("3","gaming","Gaming devices"); + +-- +-- Table structure for table `node` +-- + +CREATE TABLE node ( + mac varchar(17) NOT NULL, + pid varchar(255) NOT NULL default "admin", + category_id int default NULL, + detect_date datetime NOT NULL default "0000-00-00 00:00:00", + regdate datetime NOT NULL default "0000-00-00 00:00:00", + unregdate datetime NOT NULL default "0000-00-00 00:00:00", + lastskip datetime NOT NULL default "0000-00-00 00:00:00", + time_balance int(10) unsigned DEFAULT NULL, + bandwidth_balance int(10) unsigned DEFAULT NULL, + status varchar(15) NOT NULL default "unreg", + user_agent varchar(255) default NULL, + computername varchar(255) default NULL, + notes varchar(255) default NULL, + last_arp datetime NOT NULL default "0000-00-00 00:00:00", + last_dhcp datetime NOT NULL default "0000-00-00 00:00:00", + dhcp_fingerprint varchar(255) default NULL, + dhcp_vendor varchar(255) default NULL, + device_type varchar(255) default NULL, + device_class varchar(255) default NULL, + bypass_vlan varchar(50) default NULL, + voip enum('no','yes') NOT NULL DEFAULT 'no', + autoreg enum('no','yes') NOT NULL DEFAULT 'no', + sessionid varchar(30) default NULL, + machine_account varchar(255) default NULL, + bypass_role_id int default NULL, + PRIMARY KEY (mac), + KEY pid (pid), + KEY category_id (category_id), + KEY `node_status` (`status`, `unregdate`), + KEY `node_dhcpfingerprint` (`dhcp_fingerprint`), + CONSTRAINT `0_57` FOREIGN KEY (`pid`) REFERENCES `person` (`pid`) ON DELETE CASCADE ON UPDATE CASCADE, + CONSTRAINT `node_category_key` FOREIGN KEY (`category_id`) REFERENCES `node_category` (`category_id`) +) ENGINE=InnoDB; + +-- +-- Table structure for table `node_useragent` +-- + +CREATE TABLE `node_useragent` ( + mac varchar(17) NOT NULL, + os varchar(255) DEFAULT NULL, + browser varchar(255) DEFAULT NULL, + device enum('no','yes') NOT NULL DEFAULT 'no', + device_name varchar(255) DEFAULT NULL, + mobile enum('no','yes') NOT NULL DEFAULT 'no', + PRIMARY KEY (mac) +) ENGINE=InnoDB; + +-- +-- Trigger to delete the node_useragent associated with a mac when deleting this mac from the node table +-- + +DROP TRIGGER IF EXISTS node_useragent_delete_trigger; +DELIMITER / +CREATE TRIGGER node_useragent_delete_trigger AFTER DELETE ON node +FOR EACH ROW +BEGIN + DELETE FROM node_useragent WHERE mac = OLD.mac; +END / +DELIMITER ; + +-- +-- Table structure for table `action` +-- + +CREATE TABLE action ( + vid int(11) NOT NULL, + action varchar(255) NOT NULL, + PRIMARY KEY (vid,action), + CONSTRAINT `FOREIGN` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB; + +-- +-- Table structure for table `violation` +-- + +CREATE TABLE violation ( + id int NOT NULL AUTO_INCREMENT, + mac varchar(17) NOT NULL, + vid int(11) NOT NULL, + start_date datetime NOT NULL, + release_date datetime default "0000-00-00 00:00:00", + status varchar(10) default "open", + ticket_ref varchar(255) default NULL, + notes text, + KEY mac (mac), + KEY vid (vid), + KEY status (status), + KEY ind1 (mac,status,vid), + KEY violation_release_date (release_date), + CONSTRAINT `0_60` FOREIGN KEY (`mac`) REFERENCES `node` (`mac`) ON DELETE CASCADE ON UPDATE CASCADE, + CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE, + PRIMARY KEY (id) +) ENGINE=InnoDB; + +-- +-- Table structure for table `iplog` +-- + +CREATE TABLE iplog ( + mac varchar(17) NOT NULL, + ip varchar(45) NOT NULL, + start_time datetime NOT NULL, + end_time datetime default "0000-00-00 00:00:00", + PRIMARY KEY (ip), + KEY iplog_mac_end_time (mac,end_time), + KEY iplog_end_time (end_time) +) ENGINE=InnoDB; + +-- +-- Trigger to insert old record from 'iplog' in 'iplog_history' before updating the current one +-- + +DROP TRIGGER IF EXISTS iplog_insert_in_iplog_history_before_update_trigger; +DELIMITER / +CREATE TRIGGER iplog_insert_in_iplog_history_before_update_trigger BEFORE UPDATE ON iplog +FOR EACH ROW +BEGIN + INSERT INTO iplog_history SET ip = OLD.ip, mac = OLD.mac, start_time = OLD.start_time, end_time = CASE + WHEN OLD.end_time = '0000-00-00 00:00:00' THEN NOW() + WHEN OLD.end_time > NOW() THEN NOW() + ELSE OLD.end_time + END; +END / +DELIMITER ; + +-- +-- Table structure for table `iplog_history` +-- + +CREATE TABLE iplog_history ( + mac varchar(17) NOT NULL, + ip varchar(45) NOT NULL, + start_time datetime NOT NULL, + end_time timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP +) ENGINE=InnoDB; + +-- +-- Table structure for table `iplog_archive` +-- + +CREATE TABLE iplog_archive ( + mac varchar(17) NOT NULL, + ip varchar(45) NOT NULL, + start_time datetime NOT NULL, + end_time datetime NOT NULL +) ENGINE=InnoDB; + +CREATE TABLE `locationlog` ( + `mac` varchar(17) default NULL, + `switch` varchar(17) NOT NULL default '', + `port` varchar(8) NOT NULL default '', + `vlan` varchar(50) default NULL, + `connection_type` varchar(50) NOT NULL default '', + `dot1x_username` varchar(255) NOT NULL default '', + `ssid` varchar(32) NOT NULL default '', + `start_time` datetime NOT NULL default '0000-00-00 00:00:00', + `end_time` datetime default NULL, + `switch_ip` varchar(17) DEFAULT NULL, + `switch_mac` varchar(17) DEFAULT NULL, + `stripped_user_name` varchar (255) DEFAULT NULL, + `realm` varchar (255) DEFAULT NULL, + `session_id` VARCHAR(255) DEFAULT NULL, + KEY `locationlog_view_mac` (`mac`, `end_time`), + KEY `locationlog_end_time` ( `end_time`), + KEY `locationlog_view_switchport` (`switch`,`port`,`end_time`,`vlan`) +) ENGINE=InnoDB; + +CREATE TABLE `locationlog_archive` ( + `mac` varchar(17) default NULL, + `switch` varchar(17) NOT NULL default '', + `port` varchar(8) NOT NULL default '', + `vlan` varchar(50) default NULL, + `connection_type` varchar(50) NOT NULL default '', + `dot1x_username` varchar(255) NOT NULL default '', + `ssid` varchar(32) NOT NULL default '', + `start_time` datetime NOT NULL default '0000-00-00 00:00:00', + `end_time` datetime default NULL, + `switch_ip` varchar(17) DEFAULT NULL, + `switch_mac` varchar(17) DEFAULT NULL, + `stripped_user_name` varchar (255) DEFAULT NULL, + `realm` varchar (255) DEFAULT NULL, + `session_id` VARCHAR(255) DEFAULT NULL, + KEY `locationlog_archive_view_mac` (`mac`, `end_time`), + KEY `locationlog_end_time` ( `end_time`), + KEY `locationlog_view_switchport` (`switch`,`port`,`end_time`,`vlan`) +) ENGINE=InnoDB; + +CREATE TABLE `userlog` ( + `mac` varchar(17) NOT NULL default '', + `pid` varchar(255) default NULL, + `start_time` datetime NOT NULL default '0000-00-00 00:00:00', + `end_time` datetime default NULL, + PRIMARY KEY (`mac`,`start_time`), + KEY `pid` (`pid`), + CONSTRAINT `userlog_ibfk_1` FOREIGN KEY (`mac`) REFERENCES `node` (`mac`) ON DELETE CASCADE +) ENGINE=InnoDB; + +CREATE TABLE `ifoctetslog` ( + `switch` varchar(17) NOT NULL default '', + `port` varchar(8) NOT NULL default '', + `read_time` datetime NOT NULL default '0000-00-00 00:00:00', + `mac` varchar(17) default NULL, + `ifInOctets` bigint(20) unsigned NOT NULL default '0', + `ifOutOctets` bigint(20) unsigned NOT NULL default '0', + PRIMARY KEY (`switch`,`port`,`read_time`) +) ENGINE=InnoDB; + +CREATE TABLE `traplog` ( + `switch` varchar(30) NOT NULL default '', + `ifIndex` smallint(6) NOT NULL default '0', + `parseTime` datetime NOT NULL default '0000-00-00 00:00:00', + `type` varchar(30) NOT NULL default '', + KEY `switch` (`switch`,`ifIndex`), + KEY `parseTime` (`parseTime`) +) ENGINE=InnoDB; + +CREATE TABLE `configfile` ( + `filename` varchar(255) NOT NULL, + `filecontent` text NOT NULL, + `lastmodified` datetime NOT NULL +) ENGINE=InnoDB default CHARSET=latin1; + +-- +-- Table structure for table `password` +-- + +CREATE TABLE `password` ( + `pid` varchar(255) NOT NULL, + `password` varchar(255) NOT NULL, + `valid_from` datetime default NULL, + `expiration` datetime NOT NULL, + `access_duration` varchar(255) default NULL, + `access_level` varchar(255) DEFAULT 'NONE', + `category` int DEFAULT NULL, + `sponsor` tinyint(1) NOT NULL default 0, + `unregdate` datetime NOT NULL default "0000-00-00 00:00:00", + PRIMARY KEY (pid) +) ENGINE=InnoDB; + +-- +-- Insert default users +-- + +INSERT INTO `person` (pid,notes) VALUES ("admin","Default Admin User - do not delete"); +INSERT INTO `person` (pid,notes) VALUES ("default","Default User - do not delete"); +INSERT INTO password (pid, password, valid_from, expiration, access_duration, access_level, category) VALUES ('admin', 'admin', NOW(), '2038-01-01', NULL, 'ALL', NULL); + +-- +-- Trigger to delete the temp password from 'password' when deleting the pid associated with +-- + +DROP TRIGGER IF EXISTS password_delete_trigger; +DELIMITER / +CREATE TRIGGER password_delete_trigger AFTER DELETE ON person +FOR EACH ROW +BEGIN + DELETE FROM `password` WHERE pid = OLD.pid; +END / +DELIMITER ; + +-- +-- Table structure for table `sms_carrier` +-- +-- Source: StatusNet +-- Schema fetched on 2010-10-15 from: +-- http://gitorious.org/statusnet/mainline/blobs/raw/master/db/statusnet.sql +-- + +CREATE TABLE sms_carrier ( + id integer primary key comment 'primary key for SMS carrier', + name varchar(64) unique key comment 'name of the carrier', + email_pattern varchar(255) not null comment 'sprintf pattern for making an email address from a phone number', + created datetime not null comment 'date this record was created', + modified timestamp comment 'date this record was modified' +) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_bin; + +-- +-- Insert data for table `sms_carrier` +-- +-- Source: StatusNet +-- Data fetched on 2011-07-20 from: +-- http://gitorious.org/statusnet/mainline/blobs/raw/master/db/sms_carrier.sql +-- + +INSERT INTO sms_carrier + (id, name, email_pattern, created) +VALUES + (100056, '3 River Wireless', '%s@sms.3rivers.net', now()), + (100057, '7-11 Speakout', '%s@cingularme.com', now()), + (100058, 'Airtel (Karnataka, India)', '%s@airtelkk.com', now()), + (100059, 'Alaska Communications Systems', '%s@msg.acsalaska.com', now()), + (100060, 'Alltel Wireless', '%s@message.alltel.com', now()), + (100061, 'AT&T Wireless', '%s@txt.att.net', now()), + (100062, 'Bell Mobility (Canada)', '%s@txt.bell.ca', now()), + (100063, 'Boost Mobile', '%s@myboostmobile.com', now()), + (100064, 'Cellular One (Dobson)', '%s@mobile.celloneusa.com', now()), + (100065, 'Cingular (Postpaid)', '%s@cingularme.com', now()), + (100066, 'Centennial Wireless', '%s@cwemail.com', now()), + (100067, 'Cingular (GoPhone prepaid)', '%s@cingularme.com', now()), + (100068, 'Claro (Nicaragua)', '%s@ideasclaro-ca.com', now()), + (100069, 'Comcel', '%s@comcel.com.co', now()), + (100070, 'Cricket', '%s@sms.mycricket.com', now()), + (100071, 'CTI', '%s@sms.ctimovil.com.ar', now()), + (100072, 'Emtel (Mauritius)', '%s@emtelworld.net', now()), + (100073, 'Fido (Canada)', '%s@fido.ca', now()), + (100074, 'General Communications Inc.', '%s@msg.gci.net', now()), + (100075, 'Globalstar', '%s@msg.globalstarusa.com', now()), + (100076, 'Helio', '%s@myhelio.com', now()), + (100077, 'Illinois Valley Cellular', '%s@ivctext.com', now()), + (100078, 'i wireless', '%s.iws@iwspcs.net', now()), + (100079, 'Meteor (Ireland)', '%s@sms.mymeteor.ie', now()), + (100080, 'Mero Mobile (Nepal)', '%s@sms.spicenepal.com', now()), + (100081, 'MetroPCS', '%s@mymetropcs.com', now()), + (100082, 'Movicom', '%s@movimensaje.com.ar', now()), + (100083, 'Mobitel (Sri Lanka)', '%s@sms.mobitel.lk', now()), + (100084, 'Movistar (Colombia)', '%s@movistar.com.co', now()), + (100085, 'MTN (South Africa)', '%s@sms.co.za', now()), + (100086, 'MTS (Canada)', '%s@text.mtsmobility.com', now()), + (100087, 'Nextel (Argentina)', '%s@nextel.net.ar', now()), + (100088, 'Orange (Poland)', '%s@orange.pl', now()), + (100089, 'Personal (Argentina)', '%s@personal-net.com.ar', now()), + (100090, 'Plus GSM (Poland)', '%s@text.plusgsm.pl', now()), + (100091, 'President\'s Choice (Canada)', '%s@txt.bell.ca', now()), + (100092, 'Qwest', '%s@qwestmp.com', now()), + (100093, 'Rogers (Canada)', '%s@pcs.rogers.com', now()), + (100094, 'Sasktel (Canada)', '%s@sms.sasktel.com', now()), + (100095, 'Setar Mobile email (Aruba)', '%s@mas.aw', now()), + (100096, 'Solo Mobile', '%s@txt.bell.ca', now()), + (100097, 'Sprint (PCS)', '%s@messaging.sprintpcs.com', now()), + (100098, 'Sprint (Nextel)', '%s@page.nextel.com', now()), + (100099, 'Suncom', '%s@tms.suncom.com', now()), + (100100, 'T-Mobile', '%s@tmomail.net', now()), + (100101, 'T-Mobile (Austria)', '%s@sms.t-mobile.at', now()), + (100102, 'Telus Mobility (Canada)', '%s@msg.telus.com', now()), + (100103, 'Thumb Cellular', '%s@sms.thumbcellular.com', now()), + (100104, 'Tigo (Formerly Ola)', '%s@sms.tigo.com.co', now()), + (100105, 'Unicel', '%s@utext.com', now()), + (100106, 'US Cellular', '%s@email.uscc.net', now()), + (100107, 'Verizon', '%s@vtext.com', now()), + (100108, 'Virgin Mobile (Canada)', '%s@vmobile.ca', now()), + (100109, 'Virgin Mobile (USA)', '%s@vmobl.com', now()), + (100110, 'YCC', '%s@sms.ycc.ru', now()), + (100111, 'Orange (UK)', '%s@orange.net', now()), + (100112, 'Cincinnati Bell Wireless', '%s@gocbw.com', now()), + (100113, 'T-Mobile Germany', '%s@t-mobile-sms.de', now()), + (100114, 'Vodafone Germany', '%s@vodafone-sms.de', now()), + (100115, 'E-Plus', '%s@smsmail.eplus.de', now()), + (100116, 'Cellular South', '%s@csouth1.com', now()), + (100117, 'ChinaMobile (139)', '%s@139.com', now()), + (100118, 'Dialog Axiata', '%s@dialog.lk', now()); + +-- Adding RADIUS nas client table + +CREATE TABLE radius_nas ( + nasname varchar(128) NOT NULL, + shortname varchar(32), + type varchar(30) default 'other', + ports int(5), + secret varchar(60) default 'secret' NOT NULL, + community varchar(50), + description varchar(200) default 'RADIUS Client', + config_timestamp BIGINT, + PRIMARY KEY nasname (nasname) +) ENGINE=InnoDB; + +-- Adding RADIUS accounting table + +CREATE TABLE radacct ( + radacctid bigint(21) NOT NULL AUTO_INCREMENT, + acctsessionid varchar(64) NOT NULL default '', + acctuniqueid varchar(32) NOT NULL default '', + username varchar(64) NOT NULL default '', + groupname varchar(64) NOT NULL default '', + realm varchar(64) default '', + nasipaddress varchar(15) NOT NULL default '', + nasportid varchar(15) default NULL, + nasporttype varchar(32) default NULL, + acctstarttime datetime NULL default NULL, + acctstoptime datetime NULL default NULL, + acctsessiontime int(12) default NULL, + acctauthentic varchar(32) default NULL, + connectinfo_start varchar(50) default NULL, + connectinfo_stop varchar(50) default NULL, + acctinputoctets bigint(20) default NULL, + acctoutputoctets bigint(20) default NULL, + calledstationid varchar(50) NOT NULL default '', + callingstationid varchar(50) NOT NULL default '', + acctterminatecause varchar(32) NOT NULL default '', + servicetype varchar(32) default NULL, + framedprotocol varchar(32) default NULL, + framedipaddress varchar(15) NOT NULL default '', + acctstartdelay int(12) default NULL, + acctstopdelay int(12) default NULL, + xascendsessionsvrkey varchar(10) default NULL, + PRIMARY KEY (radacctid), + KEY username (username), + KEY framedipaddress (framedipaddress), + KEY acctsessionid (acctsessionid), + KEY acctsessiontime (acctsessiontime), + KEY acctuniqueid (acctuniqueid), + KEY acctstarttime (acctstarttime), + KEY acctstoptime (acctstoptime), + KEY nasipaddress (nasipaddress), + KEY callingstationid (callingstationid) +) ENGINE=InnoDB; + +-- Adding RADIUS update log table + +CREATE TABLE radacct_log ( + acctsessionid varchar(64) NOT NULL default '', + username varchar(64) NOT NULL default '', + nasipaddress varchar(15) NOT NULL default '', + acctstatustype varchar(25) NOT NULL default '', + timestamp datetime NULL default NULL, + acctinputoctets bigint(20) default NULL, + acctoutputoctets bigint(20) default NULL, + acctsessiontime int(12) default NULL, + KEY acctsessionid (acctsessionid), + KEY username (username), + KEY nasipaddress (nasipaddress), + KEY timestamp (timestamp) +) ENGINE=InnoDB; + +-- Adding RADIUS Updates Stored Procedure + +DROP PROCEDURE IF EXISTS acct_update; +DELIMITER / +CREATE PROCEDURE acct_update( + IN p_timestamp datetime, + IN p_acctsessiontime int(12), + IN p_acctinputoctets bigint(20), + IN p_acctoutputoctets bigint(20), + IN p_acctsessionid varchar(64), + IN p_username varchar(64), + IN p_nasipaddress varchar(15), + IN p_framedipaddress varchar(15), + IN p_acctstatustype varchar(25) +) +BEGIN + DECLARE Previous_Input_Octets bigint(20); + DECLARE Previous_Output_Octets bigint(20); + DECLARE Previous_Session_Time int(12); + + # Collect traffic previous values in the update table + SELECT SUM(acctinputoctets), SUM(acctoutputoctets), SUM(acctsessiontime) + INTO Previous_Input_Octets, Previous_Output_Octets, Previous_Session_Time + FROM radacct_log + WHERE acctsessionid = p_acctsessionid + AND username = p_username + AND nasipaddress = p_nasipaddress; + + # Set values to 0 when no previous records + IF (Previous_Session_Time IS NULL) THEN + SET Previous_Session_Time = 0; + SET Previous_Input_Octets = 0; + SET Previous_Output_Octets = 0; + END IF; + + # Update record with new traffic + UPDATE radacct SET + framedipaddress = p_framedipaddress, + acctsessiontime = p_acctsessiontime, + acctinputoctets = p_acctinputoctets, + acctoutputoctets = p_acctoutputoctets + WHERE acctsessionid = p_acctsessionid + AND username = p_username + AND nasipaddress = p_nasipaddress + AND (acctstoptime IS NULL OR acctstoptime = 0); + + # Create new record in the log table + INSERT INTO radacct_log + (acctsessionid, username, nasipaddress, + timestamp, acctstatustype, acctinputoctets, acctoutputoctets, acctsessiontime) + VALUES + (p_acctsessionid, p_username, p_nasipaddress, + p_timestamp, p_acctstatustype, (p_acctinputoctets - Previous_Input_Octets), (p_acctoutputoctets - Previous_Output_Octets), + (p_acctsessiontime - Previous_Session_Time)); +END / +DELIMITER ; + +-- Adding RADIUS Start Stored Procedure + +DROP PROCEDURE IF EXISTS acct_start; +DELIMITER / +CREATE PROCEDURE acct_start ( + IN p_acctsessionid varchar(64), + IN p_acctuniqueid varchar(32), + IN p_username varchar(64), + IN p_realm varchar(64), + IN p_nasipaddress varchar(15), + IN p_nasportid varchar(15), + IN p_nasporttype varchar(32), + IN p_acctstarttime datetime, + IN p_acctstoptime datetime, + IN p_acctsessiontime int(12), + IN p_acctauthentic varchar(32), + IN p_connectioninfo_start varchar(50), + IN p_connectioninfo_stop varchar(50), + IN p_acctinputoctets bigint(20), + IN p_acctoutputoctets bigint(20), + IN p_calledstationid varchar(50), + IN p_callingstationid varchar(50), + IN p_acctterminatecause varchar(32), + IN p_servicetype varchar(32), + IN p_framedprotocol varchar(32), + IN p_framedipaddress varchar(15), + IN p_acctstartdelay varchar(12), + IN p_acctstopdelay varchar(12), + IN p_xascendsessionsvrkey varchar(10), + IN p_acctstatustype varchar(25) +) +BEGIN + # Insert new record with new traffic + INSERT INTO radacct + (acctsessionid, acctuniqueid, username, + realm, nasipaddress, nasportid, + nasporttype, acctstarttime, acctstoptime, + acctsessiontime, acctauthentic, connectinfo_start, + connectinfo_stop, acctinputoctets, acctoutputoctets, + calledstationid, callingstationid, acctterminatecause, + servicetype, framedprotocol, framedipaddress, + acctstartdelay, acctstopdelay, xascendsessionsvrkey) + VALUES + (p_acctsessionid, p_acctuniqueid, p_username, + p_realm, p_nasipaddress, p_nasportid, + p_nasporttype, p_acctstarttime, p_acctstoptime, + p_acctsessiontime, p_acctauthentic, p_connectioninfo_start, + p_connectioninfo_stop, p_acctinputoctets, p_acctoutputoctets, + p_calledstationid, p_callingstationid, p_acctterminatecause, + p_servicetype, p_framedprotocol, p_framedipaddress, + p_acctstartdelay, p_acctstopdelay, p_xascendsessionsvrkey); + + # Create new record in the log table + INSERT INTO radacct_log + (acctsessionid, username, nasipaddress, + timestamp, acctstatustype, acctinputoctets, acctoutputoctets, acctsessiontime) + VALUES + (p_acctsessionid, p_username, p_nasipaddress, + p_acctstarttime, p_acctstatustype,p_acctinputoctets,p_acctoutputoctets,p_acctsessiontime); +END / +DELIMITER ; + +-- Adding RADIUS Stop Stored Procedure + +DROP PROCEDURE IF EXISTS acct_stop; +DELIMITER / +CREATE PROCEDURE acct_stop( + IN p_timestamp datetime, + IN p_acctsessiontime int(12), + IN p_acctinputoctets bigint(20), + IN p_acctoutputoctets bigint(20), + IN p_acctterminatecause varchar(12), + IN p_acctdelaystop varchar(32), + IN p_connectinfo_stop varchar(50), + IN p_acctsessionid varchar(64), + IN p_username varchar(64), + IN p_nasipaddress varchar(15), + IN p_acctstatustype varchar(25) +) +BEGIN + DECLARE Previous_Input_Octets bigint(20); + DECLARE Previous_Output_Octets bigint(20); + DECLARE Previous_Session_Time int(12); + + # Collect traffic previous values in the update table + SELECT SUM(acctinputoctets), SUM(acctoutputoctets), SUM(acctsessiontime) + INTO Previous_Input_Octets, Previous_Output_Octets, Previous_Session_Time + FROM radacct_log + WHERE acctsessionid = p_acctsessionid + AND username = p_username + AND nasipaddress = p_nasipaddress; + + # Set values to 0 when no previous records + IF (Previous_Session_Time IS NULL) THEN + SET Previous_Session_Time = 0; + SET Previous_Input_Octets = 0; + SET Previous_Output_Octets = 0; + END IF; + + # Update record with new traffic + UPDATE radacct SET + acctstoptime = p_timestamp, + acctsessiontime = p_acctsessiontime, + acctinputoctets = p_acctinputoctets, + acctoutputoctets = p_acctoutputoctets, + acctterminatecause = p_acctterminatecause, + connectinfo_stop = p_connectinfo_stop + WHERE acctsessionid = p_acctsessionid + AND username = p_username + AND nasipaddress = p_nasipaddress + AND (acctstoptime IS NULL OR acctstoptime = 0); + + # Create new record in the log table + INSERT INTO radacct_log + (acctsessionid, username, nasipaddress, + timestamp, acctstatustype, acctinputoctets, acctoutputoctets, acctsessiontime) + VALUES + (p_acctsessionid, p_username, p_nasipaddress, + p_timestamp, p_acctstatustype, (p_acctinputoctets - Previous_Input_Octets), (p_acctoutputoctets - Previous_Output_Octets), + (p_acctsessiontime - Previous_Session_Time)); +END / +DELIMITER ; + +-- +-- Statement of Health (SoH) related +-- +-- The web interface allows you to create any number of named filters, +-- which are a collection of rules. A rule is a specific condition that +-- must be satisfied by the statement of health, e.g. "anti-virus is not +-- installed". The rules in a filter are ANDed together to determine if +-- the specified action is to be executed. + +-- +-- One entry per filter. +-- + +CREATE TABLE soh_filters ( + filter_id int NOT NULL PRIMARY KEY AUTO_INCREMENT, + name varchar(32) NOT NULL UNIQUE, + + -- If action is null, this filter won't do anything. Otherwise this + -- column may have any value; "accept" and "violation" are currently + -- recognised and acted upon. + action varchar(32), + + -- If action = 'violation', then this column contains the vid of a + -- violation to trigger. (I wish I could write a constraint to + -- express this.) + vid int +) ENGINE=InnoDB; + +INSERT INTO soh_filters (name) VALUES ('Default'); + +-- +-- One entry for each rule in a filter. +-- + +CREATE TABLE soh_filter_rules ( + rule_id int NOT NULL PRIMARY KEY AUTO_INCREMENT, + + filter_id int NOT NULL, + FOREIGN KEY (filter_id) REFERENCES soh_filters (filter_id) + ON DELETE CASCADE, + + -- Any valid health class, e.g. "antivirus" + class varchar(32) NOT NULL, + + -- Must be 'is' or 'is not' + op varchar(16) NOT NULL, + + -- May be 'ok', 'installed', 'enabled', 'disabled', 'uptodate', + -- 'microsoft' for now; more values may be used in future. + status varchar(16) NOT NULL +) ENGINE=InnoDB; + +-- +-- Table structure for table `scan` +-- + +CREATE TABLE scan ( + id varchar(20) NOT NULL, + ip varchar(255) NOT NULL, + mac varchar(17) NOT NULL, + type varchar(255) NOT NULL, + start_date datetime NOT NULL, + update_date timestamp NOT NULL ON UPDATE CURRENT_TIMESTAMP, + status varchar(255) NOT NULL, + report_id varchar(255) NOT NULL, + PRIMARY KEY (id) +) ENGINE=InnoDB; + +-- +-- Table structure for table `billing` +-- + +CREATE TABLE billing ( + id varchar(20) NOT NULL, + ip varchar(255) NOT NULL, + mac varchar(17) NOT NULL, + type varchar(255) NOT NULL, + start_date datetime NOT NULL, + update_date timestamp NOT NULL ON UPDATE CURRENT_TIMESTAMP, + status varchar(255) NOT NULL, + item varchar(255) NOT NULL, + price varchar(255) NOT NULL, + person varchar(255) NOT NULL, + PRIMARY KEY (id) +) ENGINE=InnoDB; + +-- +-- Table structure for table `savedsearch` +-- + +CREATE TABLE savedsearch ( + id int NOT NULL AUTO_INCREMENT, + pid varchar(255) NOT NULL, + namespace varchar(255) NOT NULL, + name varchar(255) NOT NULL, + query text, + in_dashboard tinyint, + PRIMARY KEY (id) +) ENGINE=InnoDB; + +-- +-- Table structure for table +-- + +CREATE TABLE inline_accounting ( + outbytes bigint unsigned NOT NULL DEFAULT '0' COMMENT 'orig_raw_pktlen', + inbytes bigint unsigned NOT NULL DEFAULT '0' COMMENT 'reply_raw_pktlen', + ip varchar(16) NOT NULL, + firstseen DATETIME NOT NULL, + lastmodified DATETIME NOT NULL, + status int unsigned NOT NULL default 0, + PRIMARY KEY (ip, firstseen), + INDEX (ip) + ) ENGINE=InnoDB; + +-- +-- Table structure for wrix +-- + +CREATE TABLE wrix ( + id varchar(255) NOT NULL, + `Provider_Identifier` varchar(255) NULL DEFAULT NULL, + `Location_Identifier` varchar(255) NULL DEFAULT NULL, + `Service_Provider_Brand` varchar(255) NULL DEFAULT NULL, + `Location_Type` varchar(255) NULL DEFAULT NULL, + `Sub_Location_Type` varchar(255) NULL DEFAULT NULL, + `English_Location_Name` varchar(255) NULL DEFAULT NULL, + `Location_Address1` varchar(255) NULL DEFAULT NULL, + `Location_Address2` varchar(255) NULL DEFAULT NULL, + `English_Location_City` varchar(255) NULL DEFAULT NULL, + `Location_Zip_Postal_Code` varchar(255) NULL DEFAULT NULL, + `Location_State_Province_Name` varchar(255) NULL DEFAULT NULL, + `Location_Country_Name` varchar(255) NULL DEFAULT NULL, + `Location_Phone_Number` varchar(255) NULL DEFAULT NULL, + `SSID_Open_Auth` varchar(255) NULL DEFAULT NULL, + `SSID_Broadcasted` varchar(255) NULL DEFAULT NULL, + `WEP_Key` varchar(255) NULL DEFAULT NULL, + `WEP_Key_Entry_Method` varchar(255) NULL DEFAULT NULL, + `WEP_Key_Size` varchar(255) NULL DEFAULT NULL, + `SSID_1X` varchar(255) NULL DEFAULT NULL, + `SSID_1X_Broadcasted` varchar(255) NULL DEFAULT NULL, + `Security_Protocol_1X` varchar(255) NULL DEFAULT NULL, + `Client_Support` varchar(255) NULL DEFAULT NULL, + `Restricted_Access` varchar(255) NULL DEFAULT NULL, + `Location_URL` varchar(255) NULL DEFAULT NULL, + `Coverage_Area` varchar(255) NULL DEFAULT NULL, + `Open_Monday` varchar(255) NULL DEFAULT NULL, + `Open_Tuesday` varchar(255) NULL DEFAULT NULL, + `Open_Wednesday` varchar(255) NULL DEFAULT NULL, + `Open_Thursday` varchar(255) NULL DEFAULT NULL, + `Open_Friday` varchar(255) NULL DEFAULT NULL, + `Open_Saturday` varchar(255) NULL DEFAULT NULL, + `Open_Sunday` varchar(255) NULL DEFAULT NULL, + `Longitude` varchar(255) NULL DEFAULT NULL, + `Latitude` varchar(255) NULL DEFAULT NULL, + `UTC_Timezone` varchar(255) NULL DEFAULT NULL, + `MAC_Address` varchar(255) NULL DEFAULT NULL, + PRIMARY KEY (id) +) ENGINE=InnoDB; + +-- +-- Table structure for table `activation` +-- + +CREATE TABLE activation ( + `code_id` int NOT NULL AUTO_INCREMENT, + `pid` varchar(255) default NULL, + `mac` varchar(17) default NULL, + `contact_info` varchar(255) NOT NULL, -- email or phone number were approbation request is sent + `carrier_id` int(11) NULL, + `activation_code` varchar(255) NOT NULL, + `expiration` datetime NOT NULL, + `status` varchar(60) default NULL, + `type` varchar(60) NOT NULL, + `portal` varchar(255) default NULL, + PRIMARY KEY (code_id), + KEY `mac` (mac), + KEY `identifier` (pid, mac), + KEY `activation` (activation_code, status) +) ENGINE=InnoDB; + + +-- +-- Table structure for table `keyed` +-- + +CREATE TABLE keyed ( + id VARCHAR(255), + value LONGBLOB, + PRIMARY KEY(id) +) ENGINE=InnoDB; diff --git a/db/upgrade-4.7.0-5.0.0.sql b/db/upgrade-4.7.0-5.0.0.sql new file mode 100644 index 000000000000..8daa2157d4b0 --- /dev/null +++ b/db/upgrade-4.7.0-5.0.0.sql @@ -0,0 +1,112 @@ +-- +-- PacketFence SQL schema upgrade from 4.7.0 to 5.0.0 +-- + +-- +-- Add table to cache in MySQL +-- + +CREATE TABLE keyed ( + id VARCHAR(255), + value LONGBLOB, + PRIMARY KEY(id) +) ENGINE=InnoDB; + +RENAME TABLE temporary_password TO `password`; + +-- +-- Rename existing `iplog_history` to `iplog_archive` +-- + +RENAME TABLE iplog_history TO iplog_archive; + +-- +-- Rename existing `locationlog_history` to `locationlog_archive` +-- + +RENAME TABLE locationlog_history TO locationlog_archive; + +-- +-- Table structure for new `iplog_history` table +-- + +CREATE TABLE iplog_history ( + mac varchar(17) NOT NULL, + ip varchar(45) NOT NULL, + start_time datetime NOT NULL, + end_time timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP +) ENGINE=InnoDB; + +-- +-- Drop Table structure for table 'iplog' +-- + +DROP TABLE iplog; + +-- +-- Table structure for table `iplog` +-- + +CREATE TABLE iplog ( + mac varchar(17) NOT NULL, + ip varchar(45) NOT NULL, + start_time datetime NOT NULL, + end_time datetime default "0000-00-00 00:00:00", + PRIMARY KEY (ip), + KEY iplog_mac_end_time (mac,end_time), + KEY iplog_end_time (end_time) +) ENGINE=InnoDB; + +-- +-- Trigger to insert old record from 'iplog' in 'iplog_history' before updating the current one +-- + +DROP TRIGGER IF EXISTS iplog_insert_in_iplog_history_before_update_trigger; +DELIMITER / +CREATE TRIGGER iplog_insert_in_iplog_history_before_update_trigger BEFORE UPDATE ON iplog +FOR EACH ROW +BEGIN + INSERT INTO iplog_history SET ip = OLD.ip, mac = OLD.mac, start_time = OLD.start_time, end_time = CASE + WHEN OLD.end_time = '0000-00-00 00:00:00' THEN NOW() + WHEN OLD.end_time > NOW() THEN NOW() + ELSE OLD.end_time + END; +END / +DELIMITER ; + +-- +-- Table structure for table 'iplog_archive' +-- + +ALTER TABLE iplog_archive MODIFY mac varchar(17) NOT NULL, + MODIFY ip varchar(45) NOT NULL, + MODIFY end_time datetime NOT NULL; + +-- +-- Insert a new 'default' user +-- + +INSERT INTO `person` (pid,notes) VALUES ("default","Default User - do not delete"); + +-- +-- Reassigning all unregistered nodes to the 'default' pid +-- + +UPDATE `node` SET pid = 'default' WHERE status = 'unreg' AND pid = 'admin'; + +-- +-- Alter node table for bypass_role,dhcp_vendor,device_type,device_class +-- + +ALTER TABLE node ADD `bypass_role_id` INT DEFAULT NULL, + ADD dhcp_vendor VARCHAR(255) AFTER dhcp_fingerprint, + ADD device_type VARCHAR(255) AFTER dhcp_vendor, + ADD device_class VARCHAR(255) AFTER device_type; + +-- +-- Add a column to store the session id in the locationlog +-- + +ALTER TABLE locationlog ADD `session_id` VARCHAR(255) DEFAULT NULL; +ALTER TABLE locationlog_archive ADD `session_id` VARCHAR(255) DEFAULT NULL; + diff --git a/debian/changelog b/debian/changelog index 24a0af9755be..27afcafe1cea 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +packetfence (5.0.0) unstable; urgency=low + + * Version 5.0.0 + + -- Inverse Wed, 15 Apr 2015 12:00:00 -0400 + packetfence (4.7.0) unstable; urgency=low * Version 4.7.0 diff --git a/debian/control b/debian/control index d114d7d675e2..b3c62b12e56b 100644 --- a/debian/control +++ b/debian/control @@ -12,7 +12,8 @@ Package: packetfence Architecture: all # TODO: We can probably move these in Depends since 3.5.0 (managed RADIUS feature) Pre-Depends: ca-certificates, freeradius (>= 2.2.5), freeradius-ldap, freeradius-postgresql, - freeradius-mysql, freeradius-krb5, dhcp3-server, ca-certificates, packetfence-pfcmd-suid, packetfence-config + freeradius-mysql, freeradius-krb5, dhcp3-server, ca-certificates, packetfence-pfcmd-suid (>= ${Source-Version}), packetfence-config (>= ${Source-Version}), + fingerbank (>= 1.0), Breaks: libdata-alias-perl Depends: ${misc:Depends}, vlan, make, openssl, openssl-blacklist, openssl-blacklist-extra, @@ -50,7 +51,7 @@ Depends: ${misc:Depends}, vlan, make, libnet-telnet-perl, libregexp-common-perl, libreadonly-perl, libtemplate-perl, libterm-readkey-perl, libuniversal-require-perl, libthread-serialize-perl, - libnet-ldap-perl, libcrypt-generatepassword-perl, perl-doc, + libnet-ldap-perl, libcrypt-generatepassword-perl, libbytes-random-secure-perl, libcrypt-eksblowfish-perl, perl-doc, librrds-perl, libnetpacket-perl (>= 1.3), libcache-cache-perl, libcarp-perl, libiptables-libiptc-perl, libload-perl, libmime-lite-tt-perl, libmime-lite-perl, libconfig-general-perl, libproc-processtable-perl, libfile-flock-perl, libperl-version-perl, @@ -58,6 +59,7 @@ Depends: ${misc:Depends}, vlan, make, liblinux-fd-perl, liblinux-inotify2-perl, libfile-touch-perl, libhash-merge-perl, libcrypt-openssl-x509-perl,libconst-fast-perl, libtime-period-perl, libsereal-encoder-perl, libsereal-decoder-perl, libdata-serializer-sereal-perl (>= 1.04), libphp-serialization-perl, + libnet-ip-perl, libdigest-hmac-perl, # hard-coded to specific version because v3 broke the API and we haven't ported to it yet # see #1313: Port our Net-Appliance-Session to the version 3 API # http://packetfence.org/bugs/view.php?id=1313 @@ -68,7 +70,7 @@ Depends: ${misc:Depends}, vlan, make, libparse-nessus-nbe-perl, libtest-mockdbi-perl, libsoap-lite-perl (>= 1.0), libnet-frame-perl, libthread-pool-perl, libwww-curl-perl, libposix-2008-perl, libdata-messagepack-stream-perl, libdata-messagepack-perl, - libnet-nessus-xmlrpc-perl (>= 0.4),libfile-slurp-perl, + libnet-nessus-xmlrpc-perl (>= 0.4), libfile-slurp-perl, # required for ipset libnetaddr-ip-perl, libfile-which-perl, # FIXME track what requires the conveyor stuff and identify it. If we can, get rid of it. @@ -100,6 +102,7 @@ Depends: ${misc:Depends}, vlan, make, libauthen-radius-perl, libauthen-krb5-simple-perl, # used by bin/pftest libio-interactive-perl, + haproxy (>= 1.5), keepalived (>= 1.2), Recommends: freeradius (>= 2.2.5), freeradius-ldap, freeradius-postgresql, freeradius-mysql, freeradius-krb5, isc-dhcp-server | dhcp3-server Description: PacketFence network registration / worm mitigation system PacketFence is an open source network access control (NAC) system. diff --git a/debian/packetfence-config.conffiles b/debian/packetfence-config.conffiles new file mode 100644 index 000000000000..e1ec75783cbf --- /dev/null +++ b/debian/packetfence-config.conffiles @@ -0,0 +1 @@ +/usr/local/pf/conf/pfconfig.conf diff --git a/debian/packetfence-config.postinst b/debian/packetfence-config.postinst index 27bd453f4f44..3adf4fa42bd9 100644 --- a/debian/packetfence-config.postinst +++ b/debian/packetfence-config.postinst @@ -20,6 +20,7 @@ set -e case "$1" in configure) + chown pf.pf /usr/local/pf/conf/pfconfig.conf update-rc.d packetfence-config defaults 60 || exit 0 ;; diff --git a/debian/packetfence-config.preinst b/debian/packetfence-config.preinst index aed410c86704..900fddd41b52 100644 --- a/debian/packetfence-config.preinst +++ b/debian/packetfence-config.preinst @@ -13,6 +13,13 @@ set -e # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package +stop_service_if_exists() { + SERVICE=$1 + if [ $(set +e;invoke-rc.d --quiet --query $SERVICE stop; echo "$?") == "104" ];then + invoke-rc.d $SERVICE stop + fi +} + case "$1" in install) diff --git a/debian/packetfence.conffiles b/debian/packetfence.conffiles index 240047773a83..3c0ad856f9b4 100644 --- a/debian/packetfence.conffiles +++ b/debian/packetfence.conffiles @@ -28,6 +28,7 @@ /usr/local/pf/conf/snort/reference.config /usr/local/pf/conf/switches.conf /usr/local/pf/conf/dhcpd.conf +/usr/local/pf/conf/haproxy.conf /usr/local/pf/conf/httpd.conf.d/captive-portal-common.conf /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf /usr/local/pf/conf/httpd.conf.d/httpd.webservices @@ -36,6 +37,7 @@ /usr/local/pf/conf/httpd.conf.d/httpd.admin /usr/local/pf/conf/httpd.conf.d/log.conf /usr/local/pf/conf/iptables.conf +/usr/local/pf/conf/keepalived.conf /usr/local/pf/conf/listener.msg /usr/local/pf/conf/popup.msg /usr/local/pf/conf/radiusd/eap.conf @@ -113,7 +115,6 @@ /usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Config/AdminRoles.pm /usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Config/Authentication.pm /usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Config/Authentication/Source.pm -/usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Config/Fingerprints.pm /usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Config/Firewall_SSO.pm /usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Config/FloatingDevice.pm /usr/local/pf/html/pfappserver/lib/pfappserver/Controller/Config/MacAddress.pm diff --git a/debian/packetfence.postinst b/debian/packetfence.postinst index 15693707c6e6..99fd297c9692 100644 --- a/debian/packetfence.postinst +++ b/debian/packetfence.postinst @@ -69,16 +69,25 @@ case "$1" in -out /usr/local/pf/conf/ssl/server.crt\ -keyout /usr/local/pf/conf/ssl/server.key\ -nodes -config /usr/local/pf/conf/openssl.cnf + cat /usr/local/pf/conf/ssl/server.crt /usr/local/pf/conf/ssl/server.key > /usr/local/pf/conf/ssl/server.pem fi if [ ! -f /usr/local/pf/raddb/certs/dh ]; then - echo "Bulding default RADIUS certificates..." + echo "Building default RADIUS certificates..." cd /usr/local/pf/raddb/certs make dh else echo "DH already exists, won't touch it!" fi + if [ ! -f /usr/local/pf/conf/pf.conf ]; then + echo "pf.conf doesnt exits" + touch /usr/local/pf/conf/pf.conf + chown pf.pf /usr/local/pf/conf/pf.conf + else + echo "pf.conf already exists, won't touch it!" + fi + # managing services set +e for service in apache2 snmptrapfmt bind9 freeradius apparmor isc-dhcp-server; do @@ -107,8 +116,8 @@ case "$1" in if ! ( grep '^Defaults:pf.*!requiretty' /etc/sudoers > /dev/null ) ; then echo 'Defaults:pf !requiretty' >> /etc/sudoers fi - /usr/local/pf/bin/pfcmd configreload service packetfence-config restart + /usr/local/pf/bin/pfcmd configreload update-rc.d packetfence defaults 60 || exit 0 echo "* Please fire up your Web browser and go to https://@ip_packetfence:1443/configurator to complete your PacketFence configuration." echo "* Please stop your iptables service if you don't have access to configurator." diff --git a/debian/packetfence.preinst b/debian/packetfence.preinst index 6c969d5bf780..a82f5001b07e 100644 --- a/debian/packetfence.preinst +++ b/debian/packetfence.preinst @@ -15,19 +15,20 @@ set -e stop_service_if_exists() { SERVICE=$1 - if [ $(set +e;invoke-rc.d --quiet --query packetfence stop; echo $?) = 104 ];then - invoke-rc.d packetfence stop + if [ $(set +e;invoke-rc.d --quiet --query $SERVICE stop; echo "$?") == "104" ];then + invoke-rc.d $SERVICE stop fi } case "$1" in install) if [ -z "$(getent passwd pf)" ]; then - useradd -r -d "/usr/local/pf" -s /bin/sh -c "PacketFence" -M pf + useradd -U -r -d "/usr/local/pf" -s /bin/sh -c "PacketFence" -M pf echo "create pf user" else echo "pf user already exist" fi + usermod -G fingerbank pf if [ -e /etc/lsb-release ]; then usermod -a -G pf dhcpd fi diff --git a/debian/rules b/debian/rules index 8159ae2b0845..ad7d167ff5a6 100755 --- a/debian/rules +++ b/debian/rules @@ -51,7 +51,7 @@ install: build for i in `find * ! -path 'debian/*' ! -path 'debian' ! -path 't/*' ! -path 't' ! -path 'lib/pfconfig/*' ! -path 'lib/pfconfig' ! -path 'sbin/pfconfig' -type d`; do \ install -d -m0700 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/$$i; \ done - for i in `find * ! -path 'debian/*' ! -path 'debian' ! -path 't/*' ! -path 't' ! -path 'lib/pfconfig/*' ! -path 'lib/pfconfig' ! -path 'sbin/pfconfig' ! -type d`; do \ + for i in `find * ! -path 'debian/*' ! -path 'debian' ! -path 't/*' ! -path 't' ! -path 'lib/pfconfig/*' ! -path 'lib/pfconfig' ! -path 'sbin/pfconfig' ! -path 'conf/pfconfig.conf*' ! -type d`; do \ $(INSTALL) $$i $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/$$i; \ done for i in `find * -path 't*' -type d`; do \ @@ -113,8 +113,10 @@ install: build install -d -m0755 $(CURDIR)/debian/packetfence-pfcmd-suid$(PREFIX)/$(NAME)/bin gcc src/pfcmd.c -o $(CURDIR)/debian/packetfence-pfcmd-suid$(PREFIX)/$(NAME)/bin/pfcmd install -d $(CURDIR)/debian/packetfence-config$(PREFIX)/$(NAME)/sbin + install -d -m0700 $(CURDIR)/debian/packetfence-config$(PREFIX)/$(NAME)/conf install -d -m2770 $(CURDIR)/debian/packetfence-config$(PREFIX)/$(NAME)/var/cache/pfconfig install -m0755 sbin/pfconfig $(CURDIR)/debian/packetfence-config$(PREFIX)/$(NAME)/sbin + install -m0600 conf/pfconfig.conf $(CURDIR)/debian/packetfence-config$(PREFIX)/$(NAME)/conf echo $(C_ID) > $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/conf/git_commit_id # Install our logrotate file into debian/ so dh_installlogrotate will be able to do it's magic install addons/logrotate $(CURDIR)/debian/packetfence.logrotate @@ -149,13 +151,16 @@ binary-arch: build install /usr/local/pf/raddb/sites-available/packetfence /usr/local/pf/raddb/sites-enabled/packetfence \ /usr/local/pf/raddb/sites-available/packetfence-soh /usr/local/pf/raddb/sites-enabled/packetfence-soh \ /usr/local/pf/raddb/sites-available/packetfence-tunnel /usr/local/pf/raddb/sites-enabled/packetfence-tunnel \ - /usr/local/pf/raddb/sites-available/dynamic-clients /usr/local/pf/raddb/sites-enabled/dynamic-clients + /usr/local/pf/raddb/sites-available/dynamic-clients /usr/local/pf/raddb/sites-enabled/dynamic-clients \ + /usr/local/fingerbank/lib/fingerbank /usr/local/pf/lib/fingerbank dh_strip dh_compress # PERMISSIONS # Executables chmod 0755 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/addons/*.pl chmod 0755 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/addons/*.sh + chmod 0755 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/addons/pfconfig/comparator/*.pl + chmod 0755 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/addons/pfconfig/comparator/*.sh chmod 0755 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/addons/upgrade/*.pl chmod 0755 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/addons/snort/*.pl chmod 0755 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/addons/watchdog/*.sh diff --git a/docs/PacketFence_Administration_Guide.asciidoc b/docs/PacketFence_Administration_Guide.asciidoc index 53703463edd7..c3631fb71ed6 100644 --- a/docs/PacketFence_Administration_Guide.asciidoc +++ b/docs/PacketFence_Administration_Guide.asciidoc @@ -15,19 +15,21 @@ Administration Guide include::includes/global-attributes.asciidoc[] -AboutĀ thisĀ Guide +About this Guide ---------------- This guide will walk you through the installation and the day to day administration of the PacketFence solution. The latest version of this guide is available at http://www.packetfence.org/documentation/ -OtherĀ sourcesĀ ofĀ information +Other sources of information ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Network Devices Configuration Guide:: +The following documents are included in the package and release tarballs. + +_Network Devices Configuration Guide_ (pdf):: Covers switch, controllers and access points configuration. -Developers Guide:: +_Developer's Guide_ (pdf):: Covers captive portal customization, VLAN management customization and instructions for supporting new hardware. `CREDITS`:: @@ -40,12 +42,10 @@ Developers Guide:: `ChangeLog`:: Covers all changes to the source code. -These files are included in the package and release tarballs. - Introduction ------------ -PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) system. Boosting an impressive feature set including a captive portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with the Snort/Suricata IDS and the Nessus vulnerability scanner; PacketFence can be used to effectively secure networks - from small to very large heterogeneous networks. +PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) system. Boosting an impressive feature set including a captive portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with IDS, vulnerability scanners and firewalls; PacketFence can be used to effectively secure networks - from small to very large heterogeneous networks. Features ~~~~~~~~ @@ -54,29 +54,29 @@ Out of band (VLAN Enforcement):: PacketFence's operation is completely out of band when using VLAN enforcement which allows the solution to scale geographically and to be more resilient to failures. In Band (Inline Enforcement):: - PacketFence can also be configured to be in-band, especially when you have non-manageable network switches or access points. PacketFence can also work with both VLAN and Inline enforcement activated for maximum scalability and security while allowing older hardware to still be secured using Inline enforcement. + PacketFence can also be configured to be in-band, especially when you have non-manageable network switches or access points. PacketFence can also work with both VLAN and Inline enforcement activated for maximum scalability and security while allowing older hardware to still be secured using inline enforcement. Both layer-2 and layer-3 are supported for inline enforcement. Hybrid support (Inline Enforcement with RADIUS support):: PacketFence can also be configured as hybrid, if you have a manageable device that supports 802.1X and/or MAC-authentication. This feature can be enabled using a RADIUS attribute (MAC address, SSID, port) or using full inline mode on the equipment. Hotspot support (Web Auth Enforcement):: - PacketFence can also be configured as hotspot, if you have a manageable device that support an external captive portal (like + PacketFence can also be configured as hotspot, if you have a manageable device that supports an external captive portal (like Cisco WLC or Aruba IAP). Voice over IP (VoIP) support:: - Also called IP Telephony (IPT), VoIP is fully supported (even in heterogeneous environments) for multiple switch vendors (Cisco, Edge-Core, HP, LinkSys, Nortel Networks and many more). + Also called IP Telephony (IPT), VoIP is fully supported (even in heterogeneous environments) for multiple switch vendors (Cisco, Avaya, HP and many more). 802.1X:: - 802.1X wireless and wired is supported through a http://www.freeradius.org[FreeRADIUS] module. + 802.1X wireless and wired is supported through our http://www.freeradius.org[FreeRADIUS] module. Wireless integration:: - PacketFence integrates perfectly with wireless networks through a http://www.freeradius.org/[FreeRADIUS] module. This allows you to secure your wired and wireless networks the same way using the same user database and using the same captive portal, providing a consistent user experience. Mixing Access Points (AP) vendors and Wireless Controllers is supported. + PacketFence integrates perfectly with wireless networks through our http://www.freeradius.org/[FreeRADIUS] module. This allows you to secure your wired and wireless networks the same way using the same user database and using the same captive portal, providing a consistent user experience. Mixing Access Points (AP) vendors and Wireless Controllers is supported. Registration:: PacketFence supports an optional registration mechanism similar to "captive portal" solutions. Contrary to most captive portal solutions, PacketFence remembers users who previously registered and will automatically give them access without another authentication. Of course, this is configurable. An Acceptable Use Policy can be specified such that users cannot enable network access without first accepting it. Detection of abnormal network activities:: - Abnormal network activities (computer virus, worms, spyware, traffic denied by establishment policy, etc.) can be detected using local and remote http://www.snort.org/[Snort] or Suricata sensors. Beyond simple detection, PacketFence layers its own alerting and suppression mechanism on each alert type. A set of configurable actions for each violation is available to administrators. + Abnormal network activities (computer virus, worms, spyware, traffic denied by establishment policy, etc.) can be detected using local and remote http://www.snort.org/[Snort] or http://suricata-ids.org/[Suricata] sensors. Beyond simple detection, PacketFence layers its own alerting and suppression mechanism on each alert type. A set of configurable actions for each violation is available to administrators. Proactive vulnerability scans:: Either http://www.nessus.org/nessus/[Nessus] or http://www.openvas.org[OpenVAS] vulnerability scans can be performed upon registration, scheduled or on an ad-hoc basis. PacketFence correlates the scan engine vulnerability ID's of each scan to the violation configuration, returning content specific web pages about which vulnerability the host may have. @@ -87,14 +87,17 @@ Isolation of problematic devices:: Remediation through a captive portal:: Once trapped, all network traffic is terminated by the PacketFence system. Based on the node's current status (unregistered, open violation, etc), the user is redirected to the appropriate URL. In the case of a violation, the user will be presented with instructions for the particular situation he/she is in reducing costly help desk intervention. +Firewall integration:: + PacketFence provides Single-Sign On features with many firewalls. Upon connection on the wired or wireless network, PacketFence can dynamically update the IP/user association on firewalls for them to apply, if required, per-user or per-group filtering policies. + Command-line and Web-based management:: Web-based and command-line interfaces for all management tasks. Guest Access:: PacketFence supports a special guest VLAN out of the box. You configure your network so that the guest VLAN only goes out to the Internet and the registration VLAN and the captive portal are the components used to explain to the guest how to register for access and how his access works. This is usually branded by the organization offering the access. Several means of registering guests are possible. PacketFence does also support guest access bulk creations and imports. -Gaming devices registration:: - A registered user can access a special Web page to register a gaming device of his own. This registration process will require login from the user and then will register gaming devices with pre-approved MAC OUI into a configurable category. +Devices registration:: + A registered user can access a special Web page to register a device of his own. This registration process will require login from the user and then will register devices with pre-approved MAC OUI into a configurable category. PacketFence is developed by a community of developers located mainly in North America. More information can be found at http://www.packetfence.org. @@ -108,6 +111,8 @@ VLAN enforcement is pictured in the above diagram. Inline enforcement should be Components ~~~~~~~~~~ +PacketFence requires various components to work such as a Web server, a database server, and a RADIUS server. It interacts with external tools to extend its functionalities. + image::docs/images/diagram-components.png[scaledwidth="100%",alt="System components overview"] System Requirements @@ -121,12 +126,12 @@ PacketFence reuses many components in an infrastructure. Thus, it requires the f [options="compact"] * Database server (MySQL or MariaDB) * Web server (Apache) +* DHCP server (ISC DHCP) +* RADIUS server (FreeRADIUS) Depending on your setup you may have to install additional components like: [options="compact"] -* DHCP server (ISC DHCP) -* RADIUS server (FreeRADIUS) * NIDS (Snort/Suricata) In this guide, we assume that all those components are running on the same server (i.e., "localhost" or "127.0.0.1") that PacketFence will be installed on. @@ -140,7 +145,7 @@ The following table provides recommendations for the required components, togeth |MySQL server |MySQL 5.1 |Web server |Apache 2.2 |DHCP server |DHCP 4.1 -|RADIUS server |FreeRADIUS 2.2.0 +|RADIUS server |FreeRADIUS 2.2.x |Snort |Snort 2.9.1 |Suricata |Suricata 1.4.1 |======================================== @@ -150,26 +155,24 @@ More recent versions of the software mentioned above can also be used. Minimum Hardware Requirements ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The following provides a list of server hardware recommendations: +The following provides a list of the minimum server hardware recommendations: [options="compact"] * Intel or AMD CPU 3 GHz -* 4 GB of RAM +* 8 GB of RAM * 100 GB of disk space (RAID-1 recommended) -* 1 Network card - - +1 for high-availability - - +1 for intrusion detection +* 1 Network card (2 recommended) Operating System Requirements ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -PacketFence supports the following operating systems on the i386 or x86_64 architectures: +PacketFence supports the following operating systems on the x86_64 architectures: [options="compact"] * Red Hat Enterprise Linux 6.x Server * Community ENTerprise Operating System (CentOS) 6.x * Debian 7.0 (Wheezy) -* Ubuntu 12.04 LTS +* Ubuntu 12.04 LTS (Precise Pangolin) Make sure that you can install additional packages from your standard distribution. For example, if you are using Red Hat Enterprise Linux, you have to be subscribed to the Red Hat Network before continuing with the PacketFence software installation. @@ -214,16 +217,17 @@ On a Debian or Ubuntu system, do: apt-get update apt-get upgrade +Regarding SELinux or AppArmor, even if these features may be wanted by some organizations, PacketFence will not run properly if SELinux or AppArmor are enabled. You will need to explicitly disable SELinux in the `/etc/selinux/config` file and AppArmor with *update-rc.d -f apparmor stop*, *update-rc.d -f apparmor teardown* and *update-rc.d -f apparmor remove*. Regarding resolvconf, you can remove the symlink to that file and simply create the `/etc/resolv.conf` file with the content you want. RedHat-based systems ^^^^^^^^^^^^^^^^^^^^ -NOTE: Includes CentOS and Scientific Linux. Both i386 and x86_64 architectures supported. +NOTE: Applies to CentOS and Scientific Linux but only the x86_64 architecture is supported. RHEL 6.x ^^^^^^^^ -NOTE: These are extra steps are required for RHEL 6 systems only. Derivatives such as CentOS or Scientific Linux don't need to take the extra steps. +NOTE: These are extra steps are required for RHEL 6 systems only, excluding derivatives such as CentOS or Scientific Linux. RedHat Enterprise Linux users need to take an additional setup step. If you are not using the RHN Subscription Management from RedHat you need to enable the optional channel by running the following as root: @@ -263,15 +267,27 @@ Once the repository is defined, you can install PacketFence with all its dependencies, and the required external services (Database server, DHCP server, RADIUS server) using: - yum groupinstall --enablerepo=packetfence Packetfence-complete - -Or, if you prefer, to install only the core PacketFence without all the external services, you can use: - yum install --enablerepo=packetfence packetfence +Once installed, the Web-based configuration interface will automatically be started. You can access it from https://@ip_of_packetfence:1443/configurator + Debian and Ubuntu ^^^^^^^^^^^^^^^^^ +First for debian, you must enable non-free and backports repository: + +For non-free, edit the file `/etc/apt/source.list` and add non-free like that: + + deb http://debian.mirror.iweb.ca/debian/ wheezy main non-free + +For backports: + + echo 'deb http://http.debian.net/debian wheezy-backports main' > /etc/apt/sources.list.d/wheezy-backports.list + +For Ubuntu you need to enable another repository: + + add-apt-repository ppa:vbernat/haproxy-1.5 + In order to use the repository, create a file named `/etc/apt/sources.list.d/packetfence.list` with the following content when using Debian 7.0 (Wheezy): deb http://inverse.ca/downloads/PacketFence/debian wheezy wheezy @@ -288,89 +304,195 @@ server, DHCP server, RADIUS server) using: sudo apt-get update sudo apt-get install packetfence -Configuration -------------- +Once installed, the Web-based configuration interface will automatically be started. You can access it from https://@ip_of_packetfence:1443/configurator -In this section, you'll learn how to configure PacketFence. PacketFence will use MySQL, Apache, ISC DHCP, iptables and FreeRADIUS. As previously mentioned, we assume that those components run on the same server on which PacketFence is being installed. +Get off on the right foot +------------------------- -First Step -~~~~~~~~~~ +Prior configuring PacketFence, you must chose an appropriate enforcement mode to be used by PacketFence with your networking equipment. The enforcement mode is the technique used to enforce registration and any subsequent access of devices on your network. PacketFence supports the following enforcement modes: + +[options="compact"] +* Inline +* Out-of-band +* Hybrid + +It is also possible to combine enforcement modes. For example, you could use the out-of-band mode on your wired switches, while using the inline mode on your old WiFi access points. + +The following sections will explain these enforcement modes. If you decide to use the inline mode, please refer to the PacketFence Inline Deployment Quick Guide using ZEN for a complete configuration example. If you device to use the out-of-band mode, please refer to the PacketFence Out-of-Band Deployment Quick Guide using ZEN + +Technical introduction to Inline enforcement +-------------------------------------------- + +Introduction +~~~~~~~~~~~~ + +Before the version 3.0 of PacketFence, it was not possible to support unmanageable devices such as entry-level consumer switches or access-points. Now, with the new inline mode, PacketFence can be use in-band for those devices. So in other words, PacketFence would become the gateway of that inline network, and NAT or route the traffic using IPTables/IPSet to the Internet (or to another section of the network). Let see how it works. + +Device configuration +~~~~~~~~~~~~~~~~~~~~ +No special configuration is needed on the unmanageable device. That's the beauty of it. You only need to ensure that the device is "talking" on the inline VLAN. At this point, all the traffic will be passing through PacketFence since it is the gateway for this VLAN. + +Access control +~~~~~~~~~~~~~~ -The first step after installing the necessary packages is the configuration step. PacketFence provides an helpful and detailed web-based configurator. +The access control relies entirely on IPTables/IPSet. When a user is not registered, and connects in the inline VLAN, PacketFence will give him an IP address. At this point, the user will be marked as unregistered in the ipset session, and all the Web traffic will be redirected to the captive portal and other traffic blocked. The user will have to register through the captive portal as in VLAN enforcement. When he registers, PacketFence changes the deviceĀ“s ipset session to allow the user's mac address to go through it. + +Limitations +~~~~~~~~~~~ -Like mentioned at the end of the packages installation, fire up a web browser and go to https://@ip_of_packetfence:1443/configurator. From there, the configuration process is splited in six (6) distinctive steps, after which you'll have a working PacketFence setup. +Inline enforcement because of it's nature has several limitations that one must be aware of. [options="compact"] -* Step 1: Enforcement technique. You'll choose either VLAN enforcement, inline enforcement or both; -* Step 2: Network configuration. You'll be able to configure the network interfaces of the system as well as assigning the correct interfaces for each of the required types of the chosen enforcement technique(s); -* Step 3: Database configuration. This step will create the PacketFence database and populate it with the correct structure. A MySQL user will also be created and assigned to the newly created database; -* Step 4: General configuration. You will need to configure some of the basic PacketFence configuration parameters; -* Step 5: Administrative user. This step will ask you to create an administrative user that will be able to access the web-based adminsitration interface once the services are functionals; -* Step 6: Let's do this! See the status of your configuration and start your new NAC! +* Everyone behind an inline interface is on the same Layer 2 LAN +* Every packet of authorized users goes through the PacketFence server increasing the servers' load considerably: Plan ahead for capacity +* Every packet of authorized users goes through the PacketFence server: it is a single point of failure for Internet access +* Ipset can store up to 65536 entries, so it is not possible to have a inline network class upper than B -NOTE: Keep in mind that the resulting PacketFence configuration will be located under `/usr/local/pf/conf/` and the configuration files can always be adjusted by hand afterward or from PacketFence's Web GUI. +This is why it is considered a poor man's way of doing access control. We have avoided it for a long time because of the above mentioned limitations. That said, being able to perform both inline and VLAN enforcement on the same server at the same time is a real advantage: it allows users to maintain maximum security while they deploy new and more capable network hardware providing a clean migration path to VLAN enforcement. -Web-based Administration Interface -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Technical introduction to Out-of-band enforcement +------------------------------------------------- -PacketFence provides a web-based administration interface for easy configuration and operational management. If you went through PacketFence's web-based configuration tool, you should have set the password for the `admin` user. If not, the default password is also `admin`. +Introduction +~~~~~~~~~~~~ -Once PacketFence is started, the administration interface is available at: https://@ip_of_packetfence:1443/ +VLAN assignment is currently performed using several different techniques. These techniques are compatible one to another but not on the same switch port. This means that you can use the more secure and modern techniques for your latest switches and another technique on the old switches that doesn't support latest techniques. As it's name implies, VLAN assignment means that PacketFence is the server that assigns the VLAN to a device. This VLAN can be one of your VLANs or it can be a special VLAN where PacketFence presents the captive portal for authentication or remediation. -Global configuration file (pf.conf) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +VLAN assignment effectively isolate your hosts at the OSI Layer2 meaning that it is the trickiest method to bypass and is the one which adapts best to your environment since it glues into your current VLAN assignment methodology. -The `/usr/local/pf/conf/pf.conf` file contains the PacketFence general configuration. For example, this is the place where we inform PacketFence it will work in VLAN isolation mode. +VLAN assignment techniques +~~~~~~~~~~~~~~~~~~~~~~~~~~ -All the default parameters and their descriptions are stored in `/usr/local/pf/conf/pf.conf.defaults`. +Wired: 802.1X + MAC Authentication +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -In order to override a default parameter, define it and set it in `pf.conf`. +802.1X provides port-based authentication, which involves communications between a supplicant, authenticator (known as NAS), and authentication server (known as AAA). The supplicant is often software on a client device, such as a laptop, the authenticator is a wired Ethernet switch or wireless access point, and the authentication server is generally a RADIUS server. -`/usr/local/pf/conf/documentation.conf` holds the complete list of all available parameters. +The supplicant (i.e., client device) is not allowed access through the authenticator to the network until the supplicantā€™s identity is authorized. With 802.1X port-based authentication, the supplicant provides credentials, such as user name / password or digital certificate, to the authenticator, and the authenticator forwards the credentials to the authentication server for verification. If the credentials are valid (in the authentication server database), the supplicant (client device) is allowed to access the network. The protocol for authentication is called Extensible Authentication Protocol (EAP) which have many variants. Both supplicant and authentication servers need to speak the same EAP protocol. Most popular EAP variant is PEAP-MsCHAPv2 (supported by Windows / Mac OSX / Linux for authentication against AD). -All these parameters are also accessible through the web-based administration interface under the Configuration tab. It is highly recommended that you use the web-based administration interface of PacketFence for any configuration changes. +In this context, PacketFence runs the authentication server (a FreeRADIUS instance) and will return the appropriate VLAN to the switch. A module that integrates in FreeRADIUS does a remote call to the PacketFence server to obtain that information. More and more devices have 802.1X supplicant which makes this approach more and more popular. -Apache Configuration -~~~~~~~~~~~~~~~~~~~~ +MAC Authentication is a new mechanism introduced by some switch vendor to handle the cases where a 802.1X supplicant does not exist. Different vendors have different names for it. Cisco calls it MAC Authentication Bypass (MAB), Juniper calls it MAC RADIUS, Extreme Networks calls it Netlogin, etc. After a timeout period, the switch will stop trying to perform 802.1X and will fallback to MAC Authentication. It has the advantage of using the same approach as 802.1X except that the MAC address is sent instead of the user name and there is no end-to-end EAP conversation (no strong authentication). Using MAC Authentication, devices like network printer or non-802.1X capable IP Phones can still gain access to the network and the right VLAN. -The PacketFenceĀ“s Apache configuration are located in `/usr/local/pf/conf/httpd.conf.d/`. +Wireless: 802.1X + MAC authentication +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -In this directory you have three important files: `httpd.admin`, `httpd.portal`, `httpd.webservice`. +Wireless 802.1X works like wired 802.1X and MAC authentication is the same as wired MAC Authentication. Where things change is that the 802.1X is used to setup the security keys for encrypted communication (WPA2-Enterprise) while MAC authentication is only used to authorize (allow or disallow) a MAC on the wireless network. -* `httpd.admin` is used to manage PacketFence admin interface -* `httpd.portal` is used to manage PacketFence captive portal interface -* `httpd.webservices` is used to manage PacketFence webservices interface +On wireless networks, the usual PacketFence setup dictate that you configure two SSIDs: an open one and a secure one. The open one is used to help users configure the secure one properly and requires authentication over the captive portal (which runs in HTTPS). -These files have been written using the Perl language and are completely dynamic - so they activate services only on the network interfaces provided for this purpose. +The following diagram demonstrates the flow between a mobile enpoint, a WiFi access point, a WiFi controller and PacketFence: -The other files in this directory are managed by PacketFence using templates, so it is easy to modify these files based on your configuration. SSL is enabled by default to secure access. +image::docs/images/radius_workflow.png[scaledwidth="100%",alt="WiFi RADIUS workflow"] -Upon PacketFence installation, self-signed certificates will be created in `/usr/local/pf/conf/ssl` (`server.key` and `server.crt`). Those certificates can be replaced anytime by your 3rd-party or existing wildcard certificate without problems. Please note that the CN (Common Name) needs to be the same as the one defined in the PacketFence configuration file (`pf.conf`). +1. User initiates association to WLAN AP and transmits MAC address. If user accesses network via a registered device in PacketFence go to 8 +2. The WLAN controller transmits MAC address via RADIUS to the PacketFence server to authenticate/authorize that MAC address on the AP +3. PacketFence server conducts address audit in its database. If it does not recognize the MAC address go to 4. If it does go to 8. +4. PacketFence server directs WLAN controller via RADIUS (RFC2868 attributes) to put the device in an "unauthenticated roleā€œ (set of ACLs that would limit/redirect the user to the PacketFence captive portal for registration, or we can also use a registration VLAN in which PacketFence does DNS blackholing and is the DHCP server) +5. The user's device issues a DHCP/DNS request to PacketFence (which is a DHCP/DNS server on this VLAN or for this role) which sends the IP and DNS information. At this point, ACLs are limiting/redirecting the user to the PacketFence's captive portal for authentication. PacketFence fingerprints the device (user-agent attributes, DHCP information & MAC address patterns) to which it can take various actions including: keep device on registration portal, direct to alternate captive portal, auto-register the device, auto-block the device, etc. If the device remains on the registration portal the user registers by providing the information (username/password, cell phone number, etc.). At this time PacketFence could also require the device to go through a posture assessment (using Nessus, OpenVAS, etc.) +6. If authentication is required (username/password) through a login form, those credentials are validated via the Directory server (or any other authentication sources - like LDAP, SQL, RADIUS, SMS, Facebook, Google+, etc.) which provides user attributes to PacketFence which creates user+device policy profile in its database. +7. PacketFence performs a Change of Authorization (RFC3576) on the controller and the user must be re-authenticated/reauthorized, so we go back to 1 +8. PacketFence server directs WLAN controller via RADIUS to put the device in an "authenticated roleā€œ, or in the "normal" VLAN -Captive Portal -^^^^^^^^^^^^^^ -Important parameters to configure regarding the captive portal are the following: +Web Auth mode +^^^^^^^^^^^^^ -* Redirect URL under *Configuration -> Portal Profile -> Portal Name* +Web authentication is a method on the switch that forwards http traffic of the device to the captive portal. +With this mode, your device will never change of VLAN ID but only the ACL associated to your device will change. +Refer to the Network Devices Configuration Guide to see a sample web auth configuration on a Cisco WLC. -For some browsers, it is preferable to redirect the user to a specific URL instead of the URL the user originally intended to visit. For these browsers, the URL defined in `redirecturl` will be the one where the user will be redirected. Affected browsers are Firefox 3 and later. +Port-security and SNMP +^^^^^^^^^^^^^^^^^^^^^^ -* IP under *Configuration -> Captive portal* +Relies on the port-security SNMP Traps. A fake static MAC address is assigned to all the ports this way any MAC address will generate a security violation and a trap will be sent to PacketFence. The system will authorize the MAC and set the port in the right VLAN. VoIP support is possible but tricky. It varies a lot depending on the switch vendor. Cisco is well supported but isolation of a PC behind an IP Phone leads to an interesting dilemma: either you shut the port (and the phone at the same time) or you change the data VLAN but the PC doesn't do DHCP (didn't detect link was down) so it cannot reach the captive portal. -This IP is used as the web server who hosts the `common/network-access-detection.gif` which is used to detect if network access was enabled. It cannot be a domain name since it is used in registration or quarantine where DNS is black-holed. It is recommended that you allow your users to reach your PacketFence server and put your LAN's PacketFence IP. By default we will make this reach PacketFence's website as an easier and more accessible solution. +Aside from the VoIP isolation dilemma, it is the technique that has proven to be reliable and that has the most switch vendor support. -SELinux -~~~~~~~ +More on SNMP traps VLAN isolation +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +When the VLAN isolation is working through SNMP traps all switch ports (on which VLAN isolation should be done) must be configured to send SNMP traps to the PacketFence host. On PacketFence, we use snmptrapd as the SNMP trap receiver. As it receives traps, it reformats and writes them into a flat file: `/usr/local/pf/logs/snmptrapd.log`. The multithreaded `pfsetvlan` daemon reads these traps from the flat file and responds to them by setting the switch port to the correct VLAN. Currently, we support switches from Cisco, Edge-core, HP, Intel, Linksys and Nortel (adding support for switches from another vendor implies extending the `pf::Switch` class). Depending on your switches capabilities, `pfsetvlan` will act on different types of SNMP traps. + +image::docs/images/diagram-trap-interaction.png[scaledwidth="50%",alt="pfsetvlan SNMP interactions diagram"] + +You need to create a registration VLAN (with a DHCP server, but no routing to other VLANs) in which PacketFence will put unregistered devices. If you want to isolate computers which have open violations in a separate VLAN, an isolation VLAN needs also to be created. + +linkUp/linkDown traps (deprecated) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +This is the most basic setup and it needs a third VLAN: the MAC detection VLAN. There should be nothing in this VLAN (no DHCP server) and it should not be routed anywhere; it is just an void VLAN. + +When a host connects to a switch port, the switch sends a linkUp trap to PacketFence. Since it takes some time before the switch learns the MAC address of the newly connected device, PacketFence immediately puts the port in the MAC detection VLAN in which the device will send DHCP requests (with no answer) in order for the switch to learn its MAC address. Then pfsetvlan will send periodical SNMP queries to the switch until the switch learns the MAC of the device. When the MAC address is known, pfsetvlan checks its status (existing ? registered ? any violations ?) in the database and puts the port in the appropriate VLAN. When a device is unplugged, the switch sends a 'linkDown' trap to PacketFence which puts the port into the MAC detection VLAN. + +When a computer boots, the initialization of the NIC generates several link status changes. And every time the switch sends a linkUp and a linkDown trap to PacketFence. Since PacketFence has to act on each of these traps, this generates unfortunately some unnecessary load on pfsetvlan. In order to optimize the trap treatment, PacketFence stops every thread for a 'linkUp trap' when it receives a 'linkDown' trap on the same port. But using only linkUp/linkDown traps is not the most scalable option. For example in case of power failure, if hundreds of computers boot at the same time, PacketFence would receive a lot of traps almost instantly and this could result in network connection latency. + +MAC notification traps +^^^^^^^^^^^^^^^^^^^^^^ + +If your switches support MAC notification traps (MAC learnt, MAC removed), we suggest that you activate them in addition to the linkUp/linkDown traps. This way, pfsetvlan does not need, after a linkUp trap, to query the switch continuously until the MAC has finally been learned. When it receives a linkUp trap for a port on which MAC notification traps are also enabled, it only needs to put the port in the MAC detection VLAN and can then free the thread. When the switch learns the MAC address of the device it sends a MAC learnt trap (containing the MAC address) to PacketFence. + +Port Security traps +^^^^^^^^^^^^^^^^^^^ + +In its most basic form, the Port Security feature remembers the MAC address connected to the switch port and allows only that MAC address to communicate on that port. If any other MAC address tries to communicate through the port, port security will not allow it and send a port-security trap. + +If your switches support this feature, *we strongly recommend to use it rather than linkUp/linkDown and/or MAC notifications*. Why? Because as long as a MAC address is authorized on a port and is the only one connected, the switch will send no trap whether the device reboots, plugs in or unplugs. This drastically reduces the SNMP interactions between the switches and PacketFence. + +When you enable port security traps you should not enable linkUp/linkDown nor MAC notification traps. + + +Technical introduction to Hybrid enforcement +-------------------------------------------- -Even if this feature may be wanted by some organizations, PacketFence will not run properly if SELinux is set to enforced. You will need to explicitly disable it in the `/etc/selinux/config` file. +Introduction +~~~~~~~~~~~ + +In previous versions of PacketFence, it was not possible to have RADIUS enabled for inline enforcement mode. Now with the new hybrid mode, all the devices that supports 802.1X or MAC-authentication can work with this mode. Let's see how it works. + +Device configuration +~~~~~~~~~~~~~~~~~~~~ + +You need to configure inline enforcement mode in PacketFence and configure your switch(es) / access point(s) to use the VLAN assignement techniques (802.1X or MAC-authentication). You also need to take care of a specific parameter in the switch configuration window, "Trigger to enable inline mode". This parameter is working like a trigger and you have the possibility to define different sort of triggers: + + ALWAYS:: + PORT:: + MAC:: + SSID:: + +where ALWAYS means that the device is always in inline mode, PORT specify the ifIndex of the port which will use inline enforcement, MAC a mac address that will be put in inline enforcement technique rather than VLAN enforcement and SSID an ssid name. +An example: + + SSID::GuestAccess,MAC::00:11:22:33:44:55 + +This will trigger all the nodes that connects to the _GuestAccess_ SSID to use inline enforcement mode (PacketFence will return a void VLAN or the `inlineVlan` if defined in switch configuration) and the MAC address `00:11:22:33:44:55` client if it connects on another SSID. + + +Configuration +------------- + +At this point in the documentation, PacketFence should be installed. You would also have chosen the right enforcement method for you and completed the initial configuration of PacketFence. The following section presents key concepts and features in PacketFence. + +PacketFence provides a web-based administration interface for easy configuration and operational management. If you went through PacketFence's web-based configuration tool, you should have set the password for the `admin` user. + +Once PacketFence is started, the administration interface is available at: https://@ip_of_packetfence:1443/ + +The next key steps are important to understand how PacketFence works. In order to get the solution working, you must first understand and configure the following aspects of the solution in this specific order: + +1. *roles* - a role in PacketFence will be eventually be mapped to a VLAN, an ACL or an external role. You must define the roles to use in your organization for network access +2. *authentication* - once roles are defined, you must create an appropraite authentication source in PacketFence. That will allow PacketFence to compute the right role to be used for an endpoint, or the user using it +3. *network devices* - once your roles and authentication sources are defined, you must add switches, WiFi controllers or APs to be mananaged by PacketFence. When doing so, you will configure how roles are being mapped to VLAN, ACLs or external roles +4. *portal profiles* - at this point, you are almost ready to test. You will need to set which authentication sources are to be used on the default captive portal, or create an other one to suit your needs +5. test! + +NOTE: If you plan to use 802.1X - please see the _FreeRADIUS Configuration_ section below. Roles Management ~~~~~~~~~~~~~~~~ Roles in PacketFence can be created from PacketFence administrative GUI - from the *Configuration -> Users -> Roles* section. From this interface, you can also limit the number of devices users belonging to certain roles can register. -Roles are dynamically computed by PacketFence, based on the rules (ie., a set of conditions and actions) from authentication sources, using a first-match wins algorithm. Roles are then matched to VLAN or internal roles on equipment from the *Configuration -> Network -> Switches* module. +Roles are dynamically computed by PacketFence, based on the rules (ie., a set of conditions and actions) from authentication sources, using a first-match wins algorithm. Roles are then matched to VLAN or internal roles or ACL on equipment from the *Configuration -> Network -> Switches* module. Authentication ~~~~~~~~~~~~~~ @@ -410,72 +532,72 @@ Let's say we have two roles: guest and employee. First, we define them *Configur Now, we want to authenticate employees using Active Directory (over LDAP), and guests using PacketFence's internal database - both using PacketFence's captive portal. From the *Configuration -> Users -> Sources*, we select *Add source -> AD*. We provide the following information: [options="compact"] -* Name: ad1 -* Description: Active Directory for Employees -* Host: 192.168.1.2:389 without SSL/TLS -* Base DN: CN=Users,DC=acme,DC=local -* Scope: One-level -* Username Attribute: sAMAccountName -* Bind DN: CN=Administrator,CN=Users,DC=acme,DC=local -* Password: acme123 +* *Name:* ad1 +* *Description:* Active Directory for Employees +* *Host:* 192.168.1.2:389 without SSL/TLS +* *Base DN:* CN=Users,DC=acme,DC=local +* *Scope:* One-level +* *Username Attribute:* sAMAccountName +* *Bind DN:* CN=Administrator,CN=Users,DC=acme,DC=local +* *Password:* acme123 Then, we add a rule by clicking on the *Add rule* button and provide the following information: [options="compact"] -* Name: employees -* Description: Rule for all employees +* *Name:* employees +* *Description:* Rule for all employees * Don't set any condition (as it's a catch-all rule) -* Set the following actions: +* Set the following *actions:* - Set role employee - Set unregistration date January 1st, 2020 Test the connection and save everything. Using the newly defined source, any username that actually matches in the source (using the sAMAccountName) will have the employee role and an unregistration date set to January 1st, 2020. -Now, since we want to authenticate guests from PacketFence's internal SQL database, accounts must be provisionned manually. You can do so from the *Configuration -> Users -> Create* section. When creating guests, specify "guest" for the *Set role* action, and set an access duration for 1 day. +Now, since we want to authenticate guests from PacketFence's internal SQL database, accounts must be provisionned manually. You can do so from the *Users -> Create* section. When creating guests, specify "guest" for the *Set role* action, and set an access duration for 1 day. If you would like to differentiate user authentication and machine authentication using Active Directory, one way to do it is by creating a second authentication sources, for machines: [options="compact"] -* Name: ad1 -* Description: Active Directory for Machines -* Host: 192.168.1.2:389 without SSL/TLS -* Base DN: CN=Computers,DC=acme,DC=local -* Scope: One-level -* Username Attribute: servicePrincipalName -* Bind DN: CN=Administrator,CN=Users,DC=acme,DC=local -* Password: acme123 +* *Name:* ad1 +* *Description:* Active Directory for Machines +* *Host:* 192.168.1.2:389 without SSL/TLS +* *Base DN:* CN=Computers,DC=acme,DC=local +* *Scope:* One-level +* *Username Attribute:* servicePrincipalName +* *Bind DN:* CN=Administrator,CN=Users,DC=acme,DC=local +* *Password:* acme123 Then, we add a rule: [options="compact"] -* Name: machines -* Description: Rule for all machines +* Name:* machines +* *Description:* Rule for all machines * Don't set any condition (as it's a catch-all rule) -* Set the following actions: +* Set the following *actions:* - Set role machineauth - Set unregistration date January 1st, 2020 -Note that when a rule is defined as a catch-all, it will always match if the username attribute matches the queried one. This applies for Active Directory, LDAP and Apache htpasswd file sources. Kerberos and RADIUS will act as true catch-all, and accept everything. +NOTE: When a rule is defined as a catch-all, it will always match if the username attribute matches the queried one. This applies for Active Directory, LDAP and Apache htpasswd file sources. Kerberos and RADIUS will act as true catch-all, and accept everything. Network Devices Definition (switches.conf) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This section applies only for VLAN enforcement. Users planning to do inline enforcement only can skip this section. -PacketFence needs to know which switches, access points or controllers it manages, their type and configuration. All this information is stored in `/usr/local/pf/conf/switches.conf`. You can modify the configuration directly in the `switches.conf` file or you can do it in the Web Administration panel under *Configuration -> Network -> Switches*. +PacketFence needs to know which switches, access points or controllers it manages, their type and configuration. All this information is stored in `/usr/local/pf/conf/switches.conf`. You can modify the configuration directly in the `switches.conf` file or you can do it from the Web Administration panel under *Configuration -> Network -> Switches* - which is now the preferred way. -This files contains a default section including: +The `/usr/local/pf/conf/switches.conf` configuration file contains a default section including: [options="compact"] * Default SNMP read/write communities for the switches -* Default working mode (see note about working mode below) +* Default working mode (see the note below about possible working modes) and a switch section for each switch (managed by PacketFence) including: [options="compact"] * Switch IP * Switch vendor/type -* Switch uplink ports (trunks and non-managed ports) +* Switch uplink ports (trunks and non-managed IfIndex) * per-switch re-definition of the VLANs (if required) NOTE: `switches.conf` is loaded at startup. A reload is required when changes @@ -484,7 +606,7 @@ are manually made to this file `/usr/local/pf/bin/pfcmd configreload`. Working modes ^^^^^^^^^^^^^ -There are three different working modes: +There are three different working modes for a switch in PacketFence: Testing:: pfsetvlan writes in the log files what it would normally do, but it doesn't do anything. @@ -493,10 +615,19 @@ pfsetvlan automatically-register all MAC addresses seen on the switch ports. As Production:: pfsetvlan sends the SNMP writes to change the VLAN on the switch ports. +RADIUS +^^^^^^ + +To set the RADIUS secret, set it from the Web administrative interface when adding a switch. Alternatively, edit the switch config file (`/usr/local/pf/conf/switches.conf`) and set the following parameters: + + radiusSecret = secretPassPhrase + +Moreover, the RADIUS secret is required to support the RADIUS Dynamic Authentication (Change of authorization or Disconnect) as defined in RFC3576. + SNMP v1, v2c and v3 ^^^^^^^^^^^^^^^^^^^ -PacketFence uses SNMP to communicate with most switches. Starting with 1.8, PacketFence now supports SNMP v3. You can use SNMP v3 for communication in both directions: from the switch to PacketFence and from PacketFence to the switch. +PacketFence uses SNMP to communicate with most switches. PacketFence also supports SNMP v3. You can use SNMP v3 for communication in both directions: from the switch to PacketFence and from PacketFence to the switch. SNMP usage is discouraged, you should now use RADIUS. However, even if RADIUS is being used, some switches might also require SNMP to be configured to work properly with PacketFence. From PacketFence to a switch ++++++++++++++++++++++++++++ @@ -546,7 +677,7 @@ Command-Line Interface: Telnet and SSH WARNING: Privilege detection is disabled in the current PacketFence version due to some issues (see http://www.packetfence.org/bugs/view.php?id=1370[#1370]). So make sure that the `cliUser` and `cliPwd` you provide always get you into a privileged mode (except for Trapeze hardware). -PackeFence needs sometimes to establish an interactive command-line session with a switch. This can be done using Telnet. Starting with 1.8, you can now use SSH. In order to do so, edit the switch config file (`/usr/local/pf/conf/switches.conf`) and set the following parameters: +PackeFence needs sometimes to establish an interactive command-line session with a switch. This can be done using Telnet. You can also use SSH. In order to do so, edit the switch configuration file (`/usr/local/pf/conf/switches.conf`) and set the following parameters: cliTransport = SSH (or Telnet) cliUser = admin @@ -564,23 +695,14 @@ PackeFence sometimes needs to establish a dialog with the Web Services capabilit wsUser = admin wsPwd = admin_pwd -NOTE: as of PacketFence 1.9.1 few switches require Web Services configuration in order to work. It can also be done through the Web Administration Interface under *Configuration -> Switches*. - -Radius Secret -^^^^^^^^^^^^^ - -For certain authentication mechanism, such as 802.1X or MAC Authentication, the RADIUS server needs to have the network device in its client list. As of PacketFence 3.0, we now use a database backend to store the RADIUS client information. In order to do so, edit the switch config file (`/usr/local/pf/conf/switches.conf`) and set the following parameters: - - radiusSecret= secretPassPhrase - -Also, starting with PacketFence 3.1, the RADIUS secret is required for our support of RADIUS Dynamic Authentication (Change of authorization or Disconnect) as defined in RFC3576. +It can also be done through the Web Administration Interface under *Configuration -> Switches*. Role-based enforcement support ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Some network devices support the assignment of a specific set of rules (firewall or ACLs) to a user. The idea is that these rules can be a lot more precise to control what a user can or cannot do compared to VLAN which have a larger network management overhead. +Some network devices support the assignment of a specific set of rules (firewall or ACLs) to a user. The idea is that these rules can be a lot more accurate to control what a user can or cannot do compared to VLAN which have a larger network management overhead. -PacketFence supports assigning roles on devices that supports it. The current role assignment strategy is to assign it along with the VLAN (that may change in the future). A special internal role to external role assignment must be configured in the switch configuration file (`/usr/local/pf/conf/switches.conf`). +PacketFence supports assigning roles on devices for switches and WiFi controllers that support it. The current role assignment strategy is to assign it along with the VLAN (that may change in the future). A special internal role to external role assignment must be configured in the switch configuration file (`/usr/local/pf/conf/switches.conf`). The current format is the following: @@ -592,316 +714,103 @@ And you assign it to the global `roles` parameter or the per-switch one. For exa engineeringRole=full-access salesRole=little-access -would return the `full-access` role to the nodes categorized as admin or engineering and the role `little-access` to nodes categorized as sales. +would return the `full-access` role to the nodes categorized as admin or engineering and the role `little-access` to nodes categorized as sales. It can also be done through the Web Administration Interface under *Configuration -> Switches*. -CAUTION: Make sure that the roles are properly defined on the network devices prior to assigning roles! - -Default VLAN/role assignment -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -This section applies only for VLAN enforcement. Users planning to do inline enforcement only can skip this section. - -The default VLAN assignment technique used in PacketFence is a per-switch one. The correct default VLAN for a given MAC is determined based on the computed role by PacketFence during the registration process for the device, or dynamically during an 802.1X authentication. The computed internal role will then be mapped to either a VLAN or an external role for the specific equipement the user is connected to. -This allows you to do easy per-building VLAN/role segmentation. +CAUTION: Make sure that the roles are properly defined on the network devices prior to assigning roles! -If you need more flexibility than what can be defined from the PacketFence's authentication sources (rules/conditions/actions) take a look at the FAQ entry http://www.packetfence.org/support/faqs/article/custom-vlan-assignment-behavior.html[Custom VLAN assignment behavior] available online. +Portal Profiles +~~~~~~~~~~~~~~~ -Inline enforcement configuration -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +PacketFence comes with a default portal profile. The follow parameters are important to configure no matter if you use the default portal profile or create a new one: -This section applies only for Inline enforcement. Users planning to do VLAN enforcement only can skip this section. +* Redirect URL under *Configuration -> Portal Profile -> Portal Name* -The inline enforcement is a very convenient method of performing access control on older network hardware that is not capable of doing VLAN enforcement or that is not supported by PacketFence. This technique is covered in details in the <<_technical_introduction_to_inline_enforcement,"Technical introduction to Inline enforcement" section>>. +For some browsers, it is preferable to redirect the user to a specific URL instead of the URL the user originally intended to visit. For these browsers, the URL defined in `redirecturl` will be the one where the user will be redirected. Affected browsers are Firefox 3 and later. -An important configuration parameter to have in mind when configuring inline enforcement is that the DNS reached by these users should be your actual production DNS server - which shouldn't be in the same broadcast domain as your inline users. The next section shows you how to configure the proper inline interface and it is in this section that you should refer to the proper production DNS. +* IP under *Configuration -> Captive portal* -Inline enforcement uses `ipset` to mark nodes as registered, unregistered and isolated. -It is also now possible to use multiple inline interfaces. A node registered on the first inline interface is marked with an ip:mac tuple (for L2, only ip for L3), so when the node tries to register on an other inline interface, PacketFence detects that the node is already registered on the first VLAN. -It is also possible to enable inline.should_reauth_on_vlan_change to force users to reauthenticate when they change VLAN. +This IP is used as the web server who hosts the `common/network-access-detection.gif` which is used to detect if network access was enabled. It cannot be a domain name since it is used in registration or quarantine where DNS is black-holed. It is recommended that you allow your users to reach your PacketFence server and put your LAN's PacketFence IP. By default we will make this reach PacketFence's website as an easier and more accessible solution. -The outgoing interface should be specified by adding in pf.conf the option interfaceSNAT in inline section. It is a comma delimited list of network interfaces like eth0,eth0.100. It's also possible to specify a network that will be routed instead of using NAT by adding in `conf/networks.conf` an option nat=no under one or more network sections. +In some cases, you may want to present a different captive portal (see below for the available customizations) according to the SSID, the VLAN, the switch IP/MAC or the URI the client connects to. To do so, PacketFence has the concept of portal profiles which gives you this possibility. -Another important setting is the `gateway` statement. Since it this the only way to get the PacketFence server inline interface IP address, it is mandatory to set it to this IP (which is supposed to be the same as in the `ip` statement of the inline interface in `conf/pf.conf`) . +When configured, portal profiles will override default values for which it is configured. When no values are configured in the profile, PacketFence will take its default ones (according to the "default" portal profile). -Hybrid mode -~~~~~~~~~~ +Here are the different configuration parameters that can be set for each portal profiles. The only mandatory parameter is "filter", otherwise, PacketFence won't be able to correctly apply the portal profile. The parameters must be set in conf/profiles.conf: -This section applies for hybrid support for the manageable devices that support 802.1X or MAC-authentication. + [profilename1] + description = the description of your portal profile + filter = the name of the SSID for which you'd like to apply the profile, or the VLAN number + billing_engine = either enabled or disabled + sources = comma-separated list of authentications sources (IDs) to use -Hybrid enforcement is a mixed method that offers the use of inline enforcement mode with VLAN enforcement mode on the same device. -This technique is covered in details in the <<_technical_introduction_to_hybrid_enforcement,"Technical introduction to Hybrid enforcement" section>> +Portal profiles should be managed from PacketFence's Web administrative GUI - from the *Configuration -> Portal Profiles* section. Adding a portal profile from that interface will correctly copy templates over - which can then be modified as you wish. -Web Auth mode -~~~~~~~~~~~~~ +* Filters under *Configuration -> Portal Profile -> Portal Name -> Fitlers* -This section applies for web authentication support for manageable devices that support web authentication with an external captive portal. +PacketFence offers the following filters: Connection Type, Network, Node Role, Port, realm, SSID, Switch, Switch Port, URI and VLAN. -Web authentication is a method on the switch that forwards http traffic of the device to the captive portal. -With this mode, your device will never change of VLAN ID but only the ACL associated to your device will change. -Refer to the Network Devices Configuration Guide to see a sample web auth configuration on a Cisco WLC. +Example with the most common ones: -DHCP and DNS Server Configuration (networks.conf) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -PacketFence automatically generates the DHCP configuration files for Registration, Isolation and Inline VLANs. This is done by editing the network interfaces from the configuration module of the administration Web interface (see the <<_first_step,First Step section>>). - -network:: Network subnet -netmask:: Network mask -gateway:: PacketFence IP address in this network -next_hop:: -Used only with routed networks; IP address of the router in this network (This is used to locally create static routes to the routed networks). See the <<_routed_networks,Routed Networks section>>) -domain-name:: DNS name -dns:: PacketFence IP address in this network. In inline type, set it to a valid DNS production server -dhcp_start:: Starting IP address of the DHCP scope -dhcp_end:: Ending IP address of the DHCP scope -dhcp_default_lease_time:: Default DHCP lease time -dhcp_max_lease_time:: Maximum DHCP lease time -type:: vlan-registration or vlan-isolation or inline -named:: -Is PacketFence the DNS for this network ? (Enabled/Disabled) set it to enabled -dhcpd:: -Is PacketFence the DHCP server for this network ? (Enabled/Disabled) set it to enabled -nat:: -Is PacketFence route or NAT the traffic for this network ? (yes/no) NAT enabled by default, set to no to route - -When starting PacketFence generates the DHCP configuration files by reading the information provided in `networks.conf`: - -The DHCP configuration file is written to `var/conf/dhcpd.conf` using `conf/dhcpd.conf` as a template. +* *SSID:* Guest-SSID +* *VLAN:* 100 -Production DHCP access -~~~~~~~~~~~~~~~~~~~~~~ +CAUTION: Node role will take effect only with a 802.1x connection or if you use VLAN filters. -In order to perform all of its access control duties, PacketFence needs to be able to map MAC addresses into IP addresses. +PacketFence relies extensively on Apache for its captive portal, administrative interface and Web services. The PacketFenceĀ“s Apache configuration are located in `/usr/local/pf/conf/httpd.conf.d/`. -For all the networks/VLANs where you want PacketFence to have the ability to isolate a node or to have IP information about nodes, you will need to perform *one* of the techniques below. +In this directory you have three important files: `httpd.admin`, `httpd.portal`, `httpd.webservices`, `httpd.aaa`. -Also note that this doesn't need to be done for the registration, isolation VLANs and inline interfaces since PacketFence acts as the DHCP server in these networks. +* `httpd.admin` is used to manage PacketFence admin interface +* `httpd.portal` is used to manage PacketFence captive portal interface +* `httpd.webservices` is used to manage PacketFence webservices interface +* `httpd.aaa` is use to manage incoming RADIUS request -IP Helpers (recommended) -^^^^^^^^^^^^^^^^^^^^^^^^ +These files have been written using the Perl language and are completely dynamic - so they activate services only on the network interfaces provided for this purpose. -If you are already using IP Helpers for your production DHCP in your production VLANs this approach is the simplest one and the one that works the best. +The other files in this directory are managed by PacketFence using templates, so it is easy to modify these files based on your configuration. SSL is enabled by default to secure access. -Add PacketFence's management IP address as the last `ip helper-address` statement in your network equipment. At this point PacketFence will receive a copy of all DHCP requests for that VLAN and will record what IP were distributed to what node using a `pfdhcplistener` daemon. +Upon PacketFence installation, self-signed certificates will be created in `/usr/local/pf/conf/ssl` (`server.key` and `server.crt`). Those certificates can be replaced anytime by your 3rd-party or existing wildcard certificate without problems. Please note that the CN (Common Name) needs to be the same as the one defined in the PacketFence configuration file (`pf.conf`). -By default no DHCP Server should be running on that interface where you are sending the requests. This is by design otherwise PacketFence would reply to the DHCP requests which would be a bad thing. +FreeRADIUS Configuration +~~~~~~~~~~~~~~~~~~~~~~~~ -Obtain a copy of the DHCP traffic -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +This section presents the FreeRADIUS configuration steps. In some occasions, a RADIUS server is mandatory in order to give access to the network. For example, the usage of WPA2-Enterprise (Wireless 802.1X), MAC authentication and Wired 802.1X all require a RADIUS server to authenticate the users and the devices, and then to push the proper roles or VLAN attributes to the network equipment. -Get a copy of all the DHCP Traffic to a dedicated physical interface in the PacketFence server and run `pfdhcplistener` on that interface. It will involve configuring your switch properly to perform port mirroring (aka network span) and adding in PacketFence the proper interface statement at the operating system level and in `pf.conf`. +Option 1: Authentication against Active Directory (AD) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -`/etc/sysconfig/network-scripts/ifcfg-eth2`: +Samba / Kerberos / Winbind +++++++++++++++++++++++++++ - DEVICE=eth2 - ONBOOT=yes - BOOTPROTO=none +Install Samba. You can either use the sources or use the package for your OS. For RHEL/CentOS, do: -Add to `pf.conf`: (IPs are not important they are there only so that PacketFence will start) +---- +yum install samba krb5-workstation +---- - [interface eth2] - mask=255.255.255.0 - type=dhcp-listener - gateway=192.168.1.5 - ip=192.168.1.1 +For Debian and Ubuntu, do: -Restart PacketFence and you should be good to go. +---- +apt-get install samba winbind krb5-user +---- -Interface in every VLAN -^^^^^^^^^^^^^^^^^^^^^^^ +NOTE: If you have Windows 7 PCs in your network, you need to use Samba version 3.5.0 (or greater). + +When done with the Samba install, modify your `/etc/hosts` in order to add the FQDN of your Active Directory servers. Then, you need to modify `/etc/krb5.conf`. Here is an example for the `DOMAIN.NET` domain for Centos/RHEL: -Because DHCP traffic is broadcast traffic, an alternative for small networks with few local VLANs is to put a VLAN interface for every VLAN on the PacketFence server and have a `pfdhcplistener` listen on that VLAN interface. +---- +[logging] + default = FILE:/var/log/krb5libs.log + kdc = FILE:/var/log/krb5kdc.log + admin_server = FILE:/var/log/kadmind.log -On the network side you need to make sure that the VLAN truly reaches all the way from your client to your DHCP infrastructure up to the PacketFence server. - -On the PacketFence side, first you need an operating system VLAN interface like the one below. Stored in `/etc/sysconfig/network-scripts/ifcfg-eth0.1010`: - - # Engineering VLAN - DEVICE=eth0.1010 - ONBOOT=yes - BOOTPROTO=static - IPADDR=10.0.101.4 - NETMASK=255.255.255.0 - VLAN=yes - -Then you need to specify in `pf.conf` that you are interested in that VLAN's DHCP by setting type to `dhcp-listener`. - - [interface eth0.1010] - mask=255.255.255.0 - type=dhcp-listener - gateway=10.0.101.1 - ip=10.0.101.4 - -Repeat the above for all your production VLANs then restart PacketFence. - -Host production DHCP on PacketFence -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -It's an option. Just modify `conf/dhcpd.conf` so that it will host your production DHCP properly and make sure that a `pfdhcplistener` runs on the same interface where production DHCP runs. However, please note that this is *NOT* recommended. See http://www.packetfence.org/bugs/view.php?id=1050[this ticket] to see why. - -Routed Networks -~~~~~~~~~~~~~~~ - -If your isolation and registration networks are not locally-reachable (at layer 2) on the network, but routed to the PacketFence server, you'll have to let the PacketFence server know this. PacketFence can even provide DHCP and DNS in these routed networks and provides an easy to use configuration interface. - -image::docs/images/diagram-routed-net.png[scaledwidth="100%",alt="Routed network exemple diagram"] - -For dhcpd, make sure that the clients DHCP requests are correctly forwarded (IP Helpers in the remote routers) to the PacketFence server. Then make sure you followed the instructions in the <<_dhcp_and_dns_server_configuration_networks_conf,DHCP and DNS Server Configuration (networks.conf)>> for your locally accessible network. - -If we consider the network architecture illustrated in the above schema, `conf/pf.conf` will include the local registration and isolation interfaces only. - - [interface eth0.2] - enforcement=vlan - ip=192.168.2.1 - type=internal - mask=255.255.255.0 - - [interface eth0.3] - enforcement=vlan - ip=192.168.3.1 - type=internal - mask=255.255.255.0 - -NOTE: PacketFence will not start unless you have at least one 'internal' interface, so you need to create local registration and isolation VLANs even if you don't intend to use them. Also, the 'internal' interfaces are the only ones on which dhcpd listens, so the remote registration and isolation subnets need to point their DHCP helper-address to those particular IPs. - -Then you need to provide the routed networks information to PacketFence. You can do it through the GUI in *Administration -> Networks* (or in `conf/networks.conf`). - -`conf/networks.conf` will look like this: - - [192.168.2.0] - netmask=255.255.255.0 - gateway=192.168.2.1 - next_hop= - domain-name=registration.example.com - dns=192.168.2.1 - dhcp_start=192.168.2.10 - dhcp_end=192.168.2.200 - dhcp_default_lease_time=300 - dhcp_max_lease_time=600 - type=vlan-registration - named=enabled - dhcpd=enabled - - [192.168.3.0] - netmask=255.255.255.0 - gateway=192.168.3.1 - next_hop= - domain-name=isolation.example.com - dns=192.168.3.1 - dhcp_start=192.168.3.10 - dhcp_end=192.168.3.200 - dhcp_default_lease_time=300 - dhcp_max_lease_time=600 - type=vlan-isolation - named=enabled - dhcpd=enabled - - [192.168.20.0] - netmask=255.255.255.0 - gateway=192.168.20.254 - next_hop=192.168.2.254 - domain-name=registration.example.com - dns=192.168.2.1 - dhcp_start=192.168.20.10 - dhcp_end=192.168.20.200 - dhcp_default_lease_time=300 - dhcp_max_lease_time=600 - type=vlan-registration - named=enabled - dhcpd=enabled - - [192.168.30.0] - netmask=255.255.255.0 - gateway=192.168.30.254 - next_hop=192.168.3.254 - domain-name=isolation.example.com - dns=192.168.3.1 - dhcp_start=192.168.30.10 - dhcp_end=192.168.30.200 - dhcp_default_lease_time=300 - dhcp_max_lease_time=600 - type=vlan-isolation - named=enabled - dhcpd=enabled - -DHCP clients on the registration and isolation networks receive the PF -server IP as their DNS server (dns=x.x.x.x), and PF spoofs DNS responses to -force clients via the portal. However, clients could manually configure -their DNS settings to escape the portal. To prevent this you will need to -apply an ACL on the access router nearest the clients, permitting access -only to the PF server and local DHCP broadcast traffic. - -For example, for the VLAN 20 remote registration network: - - ip access-list extended PF_REGISTRATION - permit ip any host 192.168.2.1 - permit udp any any eq 67 - deny ip any any log - interface vlan 20 - ip address 192.168.20.254 255.255.255.0 - ip helper-address 192.168.2.1 - ip access-group PF_REGISTRATION in - -If your edge switches support 'vlan-isolation' you can also apply the ACL -there. This has the advantage of preventing machines in isolation from -attempting to attack each other. - -FreeRADIUS Configuration -~~~~~~~~~~~~~~~~~~~~~~~~ - -This section presents the FreeRADIUS configuration steps. In some occasions, a RADIUS server is mandatory in order to give access to the network. For example, the usage of WPA2-Enterprise (Wireless 802.1X), MAC authentication and Wired 802.1X all requires a RADIUS server to authenticate the users and the devices, and then to push the proper VLAN to the network equipment. - -Option 1: Dynamic switch configuration -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Since PacketFence version 4.1 you are now be able to enable dynamic clients. -It mean that when you add a new switch configuration in PacketFenceĀ“s administration interface you donĀ“t have to restart radiusd service. - -To enable this feature make a symlink in `/usr/local/pf/raddb/site-enabled` directory: - - ln -s ../sites-available/dynamic-clients dynamic-clients - -and of course restart radiusd: - - /usr/local/pf/bin/pfcmd service radiusd restart - - - -Option 2: Authentication against Active Directory (AD) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Samba / Kerberos / Winbind -++++++++++++++++++++++++++ - -Install Samba 3 and NOT Samba 4. You can either use the sources or use the package for your OS. For RHEL/CentOS, do: - ----- -yum install samba krb5-workstation ----- - -For Debian and Ubuntu, do: - ----- -apt-get install samba winbind krb5-user ----- - -NOTE: If you have Windows 7 PCs in your network, you need to use Samba version 3.5.0 (or greater). - -When done with the Samba install, modify your `/etc/hosts` in order to add the FQDN of your Active Directory servers. Then, you need to modify `/etc/krb5.conf`. Here is an example for the `DOMAIN.NET` domain for Centos/RHEL: - ----- -[logging] - default = FILE:/var/log/krb5libs.log - kdc = FILE:/var/log/krb5kdc.log - admin_server = FILE:/var/log/kadmind.log - -[libdefaults] - default_realm = DOMAIN.NET - dns_lookup_realm = false - dns_lookup_kdc = false - ticket_lifetime = 24h - forwardable = yes +[libdefaults] + default_realm = DOMAIN.NET + dns_lookup_realm = false + dns_lookup_kdc = false + ticket_lifetime = 24h + forwardable = yes [realms] DOMAIN.NET = { @@ -1033,19 +942,65 @@ For Debian and Ubuntu: rad_recv: Access-Accept packet from host 127.0.0.1 port 18120, id=108, length=20 -Option 3: Local Authentication +Option 2: Local Authentication ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Add your user's entries at the end of the `/usr/local/pf/raddb/users` file with the following format: username Cleartext-Password := "password" -Option 4: Authentication against OpenLDAP -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Option 3: EAP authentication against OpenLDAP +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +To authenticate 802.1x connection against OpenLDAP you need to define the ldap connection in `/usr/local/pf/raddb/modules/ldap` and +be sure that the userpassword is define as a NTHASH or as cleartext. + +---- + ldap openldap { + server = "ldap.acme.com" + identity = "uid=admin,dc=acme,dc=com" + password = "password" + basedn = "dc=district,dc=acme,dc=com" + filter = "(uid=%{mschap:User-Name})" + ldap_connections_number = 5 + timeout = 4 + timelimit = 3 + net_timeout = 1 + tls { + } + dictionary_mapping = ${confdir}/ldap.attrmap + edir_account_policy_check = no + + keepalive { + # LDAP_OPT_X_KEEPALIVE_IDLE + idle = 60 + + # LDAP_OPT_X_KEEPALIVE_PROBES + probes = 3 + + # LDAP_OPT_X_KEEPALIVE_INTERVAL + interval = 3 + } + } +---- + +Next in `/usr/local/pf/raddb/sites-available/packetfence-tunnel` add in the authorize section: + +---- +authorize { + suffix + ntdomain + eap { + ok = return + } + files + openldap + } +---- + - To be contributed... -Option 5: EAP Guest Authentication on email, sponsor and sms registration +Option 4: EAP Guest Authentication on email, sponsor and SMS registration ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The goal here is to be able to use the credential PacketFence created on guest access and use this one on a secure connection. @@ -1056,7 +1011,7 @@ phone number and the PIN code. Note that this option doesn't currently work with the 'Reuse dot1x credentials' option of the captive portal. -In `/usr/local/pf/raddb/sites-available/packetfence-tunnel` there is an example on how to configure radius to enable this feature (uncomment to make it work). +In `/usr/local/pf/raddb/sites-available/packetfence-tunnel` there is an example on how to configure RADIUS to enable this feature (uncomment to make it work). In this example we activate this feature on a specific SSID name (Secure-Wireless), disabled by default NTLM Auth, test email credential (pfguest), test sponsor (pfsponsor) and test sms (pfsms). If all failled then we reactivate NTLM Auth. @@ -1078,10 +1033,10 @@ authorize { # update control { # MS-CHAP-Use-NTLM-Auth := No # } -## Check temporary_password table with email and password for a sponsor registration +## Check password table with email and password for a sponsor registration # pfguest # if (fail || notfound) { -## Check temporary_password table with email and password for a guest registration +## Check password table with email and password for a guest registration # pfsponsor # if (fail || notfound) { ## Check activation table with phone number and PIN code @@ -1096,11 +1051,14 @@ authorize { # } ---- -Option 6: EAP Local user Authentication +NOTE: For this feature to work, the users' passwords must be stored in cleartext in the database. + + +Option 5: EAP Local user Authentication ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The goal here is to use the local user you created in the admin GUI for EAP authentication. -The logic is exactly the same than in option 5, the difference is that we use another SSID and we only use local accounts. +The logic is exactly the same than in option 4, the difference is that we use another SSID and we only use local accounts. Edit `/usr/local/pf/raddb/sites-available/packetfence-tunnel` @@ -1116,7 +1074,7 @@ If it failled then we reactivate NTLM Auth. # update control { # MS-CHAP-Use-NTLM-Auth := No # } -## Check temporary_password table for local user +## Check password table for local user # pflocal # if (fail || notfound) { # update control { @@ -1126,6 +1084,7 @@ If it failled then we reactivate NTLM Auth. # } ---- +CAUTION: You will need to deasactivate password hashing in the database for local authentication to work. In the administration interface, go in 'Configuration -> Advanced' and set 'Database passwords hashing method' to `plaintext` Tests ^^^^^ @@ -1142,8 +1101,31 @@ Sending Access-Request of id 74 to 127.0.0.1 port 18120 rad_recv: Access-Accept packet from host 127.0.0.1:18120, id=74, length=20 ---- -Debug -^^^^^ +Debugging +--------- + +Log files +~~~~~~~~~ + +Here are the most important PacketFence log files: + +[options="compact"] +* `/usr/local/pf/logs/packetfence.log` ā€” PacketFence Core Log +* `/usr/local/pf/logs/httpd.portal.access` ā€” Apache ā€“ Captive Portal Access Log +* `/usr/local/pf/logs/httpd.portal.error` ā€” Apache ā€“ Captive Portal Error Log +* `/usr/local/pf/logs/httpd.admin.access` ā€” Apache ā€“ Web Admin/Services Access Log +* `/usr/local/pf/logs/httpd.admin.error` ā€” Apache ā€“ Web Admin/Services Error Log +* `/usr/local/pf/logs/httpd.webservices.access` ā€” Apache ā€“ Webservices Access Log +* `/usr/local/pf/logs/httpd.webservices.error` ā€” Apache ā€“ Webservices Error Log +* `/usr/local/pf/logs/httpd.aaa.access` ā€” Apache ā€“ AAA Access Log +* `/usr/local/pf/logs/httpd.aaa.error` ā€” Apache ā€“ AAA Error Log + +There are other log files in `/usr/local/pf/logs/` that could be relevant depending on what issue you are experiencing. Make sure you take a look at them. + +The main logging configuration file is `/usr/local/pf/conf/log.conf`. It contains the configuration for the `packetfence.log` file (`Log::Log4Perl`) and you normally don't need to modify it. The logging configuration files for every service are located under `/usr/local/pf/conf/log.conf.d/`. + +RADIUS Debugging +~~~~~~~~~~~~~~~~ First, check the FreeRADIUS logs. The file is located at `/usr/local/pf/logs/radius.log`. @@ -1165,839 +1147,743 @@ Now you can run `raddebug` easily: The above will output FreeRADIUS' debug logs for 5 minutes. See `man raddebug` for all the options. -Starting PacketFence Services -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Once PacketFence is fully installed and configured, start the services using the following command : - service packetfence start +More on VoIP Integration +------------------------ -You may verify using the `chkconfig` command that the PacketFence service is automatically started at boot time. +VoIP has been growing in popularity on enterprise networks. At first sight, the IT administrators think that deploying VoIP with a NAC poses a huge complicated challenge to resolve. In fact, depending of the hardware you have, not really. In this section, we will see why. -Log files -~~~~~~~~~ +CDP and LLDP are your friend +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Here are the most important PacketFence log files: +For those of you who are unaware of the existence of CDP or LLDP (or LLDP-MED), I suggest you start reading on this topic. Cisco Discovery Protocol (CDP) is device-discovery protocol that runs on all Cisco-manufactured equipment including routers, access servers, bridges, and switches. Using CDP, a device can advertise its existence to other devices and receive information about other devices on the same LAN or on the remote side of a WAN. In the world of VoIP, CDP is able to determine if the connecting device is an IP Phone or not, and tell the IP Phone to tag its ethernet frame using the configured voice VLAN on the switchport. -[options="compact"] -* `/usr/local/pf/logs/packetfence.log` ā€” PacketFence Core Log -* `/usr/local/pf/logs/httpd.portal.access` ā€” Apache ā€“ Captive Portal Access Log -* `/usr/local/pf/logs/httpd.portal.error` ā€” Apache ā€“ Captive Portal Error Log -* `/usr/local/pf/logs/httpd.admin.access` ā€” Apache ā€“ Web Admin/Services Access Log -* `/usr/local/pf/logs/httpd.admin.error` ā€” Apache ā€“ Web Admin/Services Error Log -* `/usr/local/pf/logs/httpd.webservices.access` ā€” Apache ā€“ Webservices Access Log -* `/usr/local/pf/logs/httpd.webservices.error` ā€” Apache ā€“ Webservices Error Log +On many other vendors, you are likely to find LLDP or LLDP-MED support. Link Layer Discovery Protocol (LLDP) is a vendor-neutral Link Layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors. Same as CDP, LLDP can tell an IP Phone which VLAN id is the voice VLAN. -There are other log files in `/usr/local/pf/logs/` that could be relevant depending on what issue you are experiencing. Make sure you take a look at them. +VoIP and VLAN assignment techniques +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The logging system's configuration file is `/usr/local/pf/conf/log.conf`. It contains the configuration for the `packetfence.log` file (`Log::Log4Perl`) and you normally don't need to modify it. +As you already know, PacketFence supports many VLAN assignment techniques such as port-security, mac authentication or 802.1X. Let's see how VoIP is doing with each of those. -Passthrough -~~~~~~~~~~~ +Port-security +^^^^^^^^^^^^^ -In order to use the passthrough feature in PacketFence, you need to enable it from the GUI in -*Configuration -> Trapping* and check *Passthrough*. +Using port-security, the VoIP device rely on CDP/LLDP to tag its ethernet frame using the configured voice VLAN on the switch port. After that, we ensure that a security trap is sent from the voice VLAN so that PacketFence can authorize the mac address on the port. When the PC connects, another security trap will be sent, but from the data VLAN. That way, we will have 1 mac address authorized on the voice VLAN, and 1 on the access VLAN. -There are two solutions for passthroughs - one using DNS resolution and iptables and the other one using Apache's mod_proxy module. -When enabled, PacketFence will use pfdns if you defined *Passthroughs*, or Apache mod-proxy if you defined *Proxy Passthroughs* to allow trapped devices to reach web sites. +NOTE: Not all vendors support VoIP on port-security, please refer to the Network Configuration Guide. -*DNS passthrough: -Add a new FQDN (should be a wildcard domain like *.google.com) in the Passthroughs section. When PacketFence receives a DNS request for this domain, it will answer the real IP address and punch a hole in the firewall (using iptables) to allow access. With this method, PacketFence must be the default gateway of your device. +Mac Authentication and 802.1X +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*mod_proxy passthrough: -Add a new FQDN (should be a wildcard domain like *.google.com) in the Proxy Passthroughs section. For this FQDN, PacketFence will answer the IP address of the captive portal and when a device hits the captive portal, PacketFence will detect that this FQDN has a passthrough configuration and will forward the traffic to mod_proxy. +Cisco hardware +++++++++++++++ -These two methods can be used together but DNS-based passthroughs have higher priority. +On Cisco switches, we are looking at the multi-domain configuration. The multi-domain means that we can have one device on the VOICE domain, and one device on the DATA domain. The domain assignment is done using a Cisco VSA. When the phone connects to the switchport, PacketFence will respond with the proper VSA only, no RADIUS tunneled attributes. CDP then tells the phone to tag its ethernet frames using the configured voice VLAN on the port. When a PC connects, the RADIUS server will return tunneled attributes, and the switch will place the port in the provided access VLAN. -Proxy Interception -~~~~~~~~~~~~~~~~~~ +Non-Cisco hardware +++++++++++++++++++ -PacketFence enables you to intercept proxy requests and forward them to the captive portal. It only works in layer 2 network because PacketFence must be the default gateway. -In order to use the Proxy Interception feature, you need to enable it from the GUI in -*Configuration -> Trapping* and check *Proxy Interception*. +On other vendor hardware, it is possible to make VoIP work using RADIUS VSAs. When a phone connects to a switchport, PacketFence needs to return the proper VSA to tell the switch to allow tagged frames from this device. When the PC will connect, we will be able to return standard RADIUS tunnel attributes to the switch, that will be the untagged VLAN. -Add the port you want to intercept (like 8080 or 3128) and add a new entry in the `/etc/hosts` file to resolve the fully qualified domain name (fqdn) of the captive portal to the IP address of the registration interface. This modification is mandatory in order for Apache to receives the proxy requests. +NOTE: Again, refer to the Network Configuration Guide to see if VoIP is supported on your switch hardware. +What if CDP/LLDP feature is missing +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Configuration by example ------------------------- +It is possible that your phone doesn't support CDP or LLDP. If it's the case, you are probably looking at the "DHCP way" of provisionning your phone with a voice VLAN. Some models will ask for a specific DHCP option so that the DHCP server can give the phone a voice VLAN id. The phone will then reboot, and tag its ethernet frame using the provided VLAN tag. -Here is an end-to-end sample configuration of PacketFence in "Hybrid" mode (VLAN mode and Inline mode at the same time). +In order to make this scenario work with PacketFence, you need to ensure that you tweak the registration and your production DHCP server to provide the DHCP option. You also need to make sure there is a voice VLAN properly configured on the port, and that you auto-register your IP Phones (On the first connect, the phone will be assigned on the registration VLAN). -Assumptions -~~~~~~~~~~~ +Advanced topics +--------------- -Throughout this configuration example we use the following assumptions for our network infrastructure: +This section covers advanced topics in PacketFence. Note that it is also possible to configure PacketFence manually using its configuration files instead of its Web administrative interface. It is still recommended to use the Web interface. -[options="compact"] -* There are two different types of manageable switches in our network: Cisco Catalyst 2900XL and Cisco Catalyst 2960, and one unmanageable device. -* VLAN 1 is the "normal" VLAN - users with the "default" role will be assigned to it -* VLAN 2 is the registration VLAN (unregistered devices will be put in this VLAN) -* VLAN 3 is the isolation VLAN (isolated devices will be put in this VLAN) -* VLANs 2 and 3 are spanned throughout the network -* VLAN 4 is the inline VLAN (In-Band, for unmanageable devices) -* We want to isolate computers using Limewire (peer-to-peer software) -* We use Snort as NIDS -* The traffic monitored by Snort is spanned on eth1 -* The DHCP server on the PacketFence box that will take care of IP address distribution in VLANs 2, 3 and 4 -* The DNS server on the PacketFence box that will take care of domain resolution in VLANs 2 and 3 and 4 - -The network setup looks like this: - -[options="header",cols="1,2,2,2,3",frame="topbot",grid="rows"] -|========================================================================= -|VLAN ID |VLAN Name |Subnet |Gateway |PacketFence Address -|1 |Normal |192.168.1.0/24 |192.168.1.1 |192.168.1.5 -|2 |Registration |192.168.2.0/24 |192.168.2.1 |192.168.2.1 -|3 |Isolation |192.168.3.0/24 |192.168.3.1 |192.168.3.1 -|4 |Inline |192.168.4.0/24 |192.168.4.1 |192.168.4.1 -|100 |Voice | | | -|========================================================================= - -Network Interfaces -~~~~~~~~~~~~~~~~~~ +In any case, the `/usr/local/pf/conf/pf.conf` file contains the PacketFence general configuration. For example, this is the place where we inform PacketFence it will work in VLAN isolation mode. -Here are the NICs startup scripts on PacketFence. +All the default parameters and their descriptions are stored in `/usr/local/pf/conf/pf.conf.defaults`. -`/etc/sysconfig/network-scripts/ifcfg-eth0`: +In order to override a default parameter, define it and set it in `pf.conf`. - DEVICE=eth0 - BROADCAST=192.168.1.255 - IPADDR=192.168.1.5 - NETMASK=255.255.255.0 - NETWORK=192.168.1.0 - ONBOOT=yes - TYPE=Ethernet +`/usr/local/pf/conf/documentation.conf` holds the complete list of all available parameters. -`/etc/sysconfig/network-scripts/ifcfg-eth0.2`: +All these parameters are also accessible through the web-based administration interface under the Configuration tab. It is highly recommended that you use the web-based administration interface of PacketFence for any configuration changes. - DEVICE=eth0.2 - ONBOOT=yes - BOOTPROTO=static - IPADDR=192.168.2.1 - NETMASK=255.255.255.0 - VLAN=yes +Apple and Android Wireless Provisioning +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -`/etc/sysconfig/network-scripts/ifcfg-eth0.3`: +Apple devices such as iPhones, iPads, iPods and Mac OS X (10.7+) support wireless profile importation using a special XML file format (mobileconfig). Android is also able to support this feature by importing the wireless profile with the Android PacketFence Agent. In fact, installing such file on your Apple device will automatically configure the wireless settings for a given SSID. This feature is often used when the SSID is hidden, and you want to ease the configuration steps on the mobile device (because it is often painful to configure manually). In PacketFence, we are going further, we generate the profile according to the administrator's preference and we pre-populate the file with the user's credentials (without the password). The user simply needs to install its generated file and he will be able to use the new SSID. - DEVICE=eth0.3 - ONBOOT=yes - BOOTPROTO=static - IPADDR=192.168.3.1 - NETMASK=255.255.255.0 - VLAN=yes +Configure the feature +^^^^^^^^^^^^^^^^^^^^^ -`/etc/sysconfig/network-scripts/ifcfg-eth0.4`: +First of all, you need to configure the SSID that your devices will use after they go though the authentication process. - DEVICE=eth0.4 - ONBOOT=yes - BOOTPROTO=static - IPADDR=192.168.4.1 - NETMASK=255.255.255.0 - VLAN=yes +In order to do that, in the administration interface, go in 'Configuration/Provisioners'. Then select the 'android' provisioner. Enter the SSID and save. -`/etc/sysconfig/network-scripts/ifcfg-eth1`. This NIC is used for the mirror of the traffic monitored by Snort. +Now do the same thing for the iOS provisioner. - DEVICE=eth1 - ONBOOT=yes - BOOTPROTO=none +After, you simply need to add the 'Android' and 'iOS' provisioners to your 'Portal Profile' configuration. -Trap receiver -^^^^^^^^^^^^^ +For Android, you must allow passthroughs in your `pf.conf` configuration file: -PacketFence uses `snmptrapd` as the trap receiver. It stores the community name used by the switch to send traps in the switch config file (`/usr/local/pf/conf/switches.conf`): + [trapping] + passthrough=enabled + passthroughs=*.ggpht.com,*.googleusercontent.com,android.clients.google.com,*.googleapis.com,*.android.clients.google.com - [default] - SNMPCommunityTrap = public +Profile generation +^^^^^^^^^^^^^^^^^^ -Switch Setup -~~~~~~~~~~~~ +Upon registration, instead of showing the default release page, the user will be showing another version of the page saying that the wireless profile has been generated with a clickable link on it. To install the profile, Apple user owner simply need to click on that link, and follow the instructions on their device. Android user owner simply click to the link and will be forwarded to Google Play to install PacketFence agent. Simply launch the application and click to configure will create the secure SSID profile. It is that simple. -In our example, we enable inline on a Cisco 2900LX and Port Security on a Cisco Catalyst 2960. Please consult the http://www.packetfence.org/documentation/[Network Devices Configuration Guide] for the complete list of supported switches and configuration instructions. +Billing Engine +~~~~~~~~~~~~~~ -inline -^^^^^^ +PacketFence integrates the ability to use a payment gateway to bill users to gain access to the network. When configured, the user who wants to access the network / Internet is prompted by a page asking for it's personnal information as well as it's credit card information. -On the 2900XL. +PacketFence currently supports two payment gateways: Authorize.net and Mirapay. -on each interface +The configuration to use the feature is fairly simple. The general configuration to enable / disable the billing engine can be done through the Web administration GUI (*Configuration -> Portal Profiles and Pages*) or from the `conf/profiles.conf` file: - switchport mode access - switchport access vlan 4 + [default] + billing_engine = enabled + ... -Port Security -^^^^^^^^^^^^^ +Billing engine parameters are specified in `conf/pf.conf` or from *Configuration -> Billing*: -On the 2960. + [billing] + gateway = authorize_net + authorizenet_posturl = The payment gateway processing URL + authorizenet_login = The merchant's unique API Login ID + authorizenet_trankey = The merchant's unique Transaction Key -global setup +It is also possible to configure multiple network access with different prices. +For example, you may want to provide basic Internet access with a decent speed at a specific price and another package with high speed connection at another price. - snmp-server community public RO - snmp-server community private RW - snmp-server enable traps port-security - snmp-server enable traps port-security trap-rate 1 - snmp-server host 192.168.1.5 version 2c public port-security +CAUTION: The use of different billing tiers requires different roles in PacketFence. Make sure to create these roles first otherwise you will run into problems. -On each interface, you need to initialize the port security by authorizing a fake MAC address with the following commands +To do so, some customizations is needed to the billing module. You'll need to redefined the `getAvailableTiers` method in the `lib/pf/billing/custom.pm` file. An example is already in place in the file. - switchport access vlan 1 - switchport port-security - switchport port-security maximum 2 - switchport port-security maximum 1 vlan access - switchport port-security violation restrict - switchport port-security mac-address 0200.0000.00xx +To assign a role by tiers (example: slow, medium and fast), edit the file `lib/pf/billing/custom.pm` -where `xx` stands for the interface index. + my %tiers = ( + tier1 => { + id => "tier1", + name => "Tier 1", + price => "1.00", + timeout => "7D", + usage_duration => '1D', + category => '', + description => "Tier 1 Internet Access", destination_url => "http://www.packetfence.org" + }, + ); -NOTE: Don't forget to update the startup-config. +*id* is used as the item value of the billing table. -switches.conf -~~~~~~~~~~~~~ +*name* is the name of the tier used on billing.html. -NOTE: You can use the Web Administration interface instead of performing the configuration in the flat files. +*price* is amount charged on the credit card. -Here is the `/usr/local/pf/conf/switches.conf` file for our setup. See <<_network_devices_definition_switches_conf,Network Device Definition>> for more information about the content of this file. +*timeout* is used to compute the unregistration date of the node. ----- -[default] -SNMPCommunityRead = public -SNMPCommunityWrite = private -SNMPommunityTrap = public -SNMPVersion = 1 -defaultVlan = 1 -registrationVlan = 2 -isolationVlan = 3 -macDetectionVlan = 5 -VoIPEnabled = no +*usage_duration* is the amount of non-contignuous access time for the node, set as the time_balance value of the node table. -[192.168.1.100] -type = Cisco::Catalyst_2900XL -mode = production -uplink = 24 +*category* is the role in which to put the node. -[192.168.1.101] -type = Cisco::Catalyst_2960 -mode = production -uplink = 25 -defaultVlan = 10 -radiusSecret=useStrongerSecret ----- +*description will* appear on the billing.html. -If you want to have a different read/write communities name for each switch, declare it in each switch section. +*destination_url* is the url that the device will be redirected after a successful authentication. -pf.conf -~~~~~~~ +Devices Registration +~~~~~~~~~~~~~~~~~~~~ -Here is the `/usr/local/pf/conf/pf.conf` file for our setup. For more information about `pf.conf` see <<_global_configuration_file_pf_conf,Global configuration file (pf.conf) section>>. +Users have the possibility to register their devices (Microsoft XBOX/XBOX360, Nintendo DS/Wii, Sony PlayStation and so on) right from a special portal page. When accessing this page, users will be prompted to login as if they were registering themselves. Once logged in, the portal will ask them to enter the device MAC address that will then be matched against a predefined list of authorized MAC OUI. The device will be registered with the user's id and can be assigned into a specific category for easier management. ----- -[general] -domain=yourdomain.org -#Put your External/Infra DNS servers here -dnsservers=4.2.2.2,4.2.2.1 -dhcpservers=192.168.2.1,192.168.3.1,192.168.5.1 +Here's how to configure the whole thing. +The portal page can be accessed by the following URL: https://YOUR_PORTAL_HOSTNAME/device-registration +This URL is accessible from within the network, in any VLAN that can reach the PacketFence server. -[trapping] -registration=enabled -detection=enabled -range=192.168.2.0/24,192.168.3.0/24,192.168.4.0/24 +The following can be configured by editing the pf.conf file: -[interface eth0] -mask=255.255.255.0 -type=management -gateway=192.168.1.1 -ip=192.168.1.5 + [registration] + device_registration = enabled + device_registration_role = gaming -[interface eth0.2] -mask=255.255.255.0 -type=internal -enforcement=vlan -gateway=192.168.2.1 -ip=192.168.2.1 +Make sure the role exists in PacketFence otherwise you will encounter registration errors. Moreover, make sure the role mapping for your particular equipment is done. -[interface eth0.3] -mask=255.255.255.0 -type=internal -enforcement=vlan -gateway=192.168.3.1 -ip=192.168.3.1 +These parameters can also be configured from the *Configuration -> Registration* section. -[interface eth0.4] -mask=255.255.255.0 -type=internal -enforcement=inline -gateway=192.168.4.1 -ip=192.168.4.1 +Eduroam +~~~~~~~ -[interface eth1] -mask=255.255.255.0 -type=monitor -gateway=192.168.1.5 -ip=192.168.1.1 ----- +[quote,eduroam, https://www.eduroam.org/] +_____________________ -NOTE: If you are running in an high-available setup (with a cluster IP), make sure to add the `vip` parameter to the configured `management` interface so that RADIUS dynamic auth messages can reach the network equipment correctly. +eduroam (education roaming) is the secure, world-wide roaming access service developed for the international research and education community. ----- -[interface eth0] -mask=255.255.255.0 -type=management -gateway=192.168.1.1 -ip=192.168.1.5 -vip=192.168.1.6 ----- +eduroam allows students, researchers and staff from participating institutions to obtain Internet connectivity across campus and when visiting other participating institutions by simply opening their laptop. +_____________________ -networks.conf -~~~~~~~~~~~~~ -Here is the `/usr/local/pf/conf/networks.conf` file for our setup. For more information about `networks.conf` see <<_dhcp_and_dns_server_configuration_networks_conf,DHCP and DNS Server configuration>>. - ----- -[192.168.2.0] -netmask=255.255.255.0 -gateway=192.168.2.1 -next_hop=192.168.2.254 -domain-name=registration.example.com -dns=192.168.2.1 -dhcp_start=192.168.2.10 -dhcp_end=192.168.2.200 -dhcp_default_lease_time=300 -dhcp_max_lease_time=600 -type=vlan-registration -named=enabled -dhcpd=enabled - -[192.168.3.0] -netmask=255.255.255.0 -gateway=192.168.3.1 -next_hop=192.168.3.254 -domain-name=isolation.example.com -dns=192.168.3.1 -dhcp_start=192.168.3.10 -dhcp_end=192.168.3.200 -dhcp_default_lease_time=300 -dhcp_max_lease_time=600 -type=vlan-isolation -named=enabled -dhcpd=enabled - -[192.168.4.0] -netmask=255.255.255.0 -gateway=192.168.4.1 -next_hop= -domain-name=inline.example.com -dns=4.2.2.2,4.2.2.1 -dhcp_start=192.168.4.10 -dhcp_end=192.168.4.254 -dhcp_default_lease_time=300 -dhcp_max_lease_time=600 -type=inline -named=enabled -dhcpd=enabled ----- - -Inline enforcement specifics -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +PacketFence supports integration with eduroam and allows participating institutions to authenticate both locally visiting users from other institutions as well as allowing other institutions to authenticate local users. -To see another important optional parameter that can be altered to do inline enforcement see the <<_inline_enforcement_configuration,Inline enforcement configuration section>>. -In order to have the inline mode properly working, you need to enable IP forwarding on your servers. To do it permanently, look in the `/etc/sysctl.conf`, and set the following line: +In order for PacketFence to allow eduroam authentication, the FreeRADIUS configuration of PacketFence must be modified to allow the eduroam servers to connect to it as clients as well as to proxy RADIUS authentication requests for users from outside institutions. - # Controls IP packet forwarding - net.ipv4.ip_forward = 1 -Save the file, and execute `sysctl -p` to reload the kernel parameters. +First, modify the /usr/local/pf/raddb/clients.conf file to allow the eduroam servers to connect to your PacketFence server. Add the eduroam servers as clients and make sure to add the proper RADIUS secret. Set a shortname to refer to these clients as you will later need it to exclude them from some parts of the PacketFence configuration. -Optional components -------------------- +clients.conf example: +---- +client tlrs1.eduroam.us { + secret = useStrongerSecret + shortname = tlrs1 +} -Blocking malicious activities with violations -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +client tlrs2.eduroam.us { + secret = useStrongerSecret + shortname = tlrs2 +} +---- -Policy violations allow you to restrict client system access based on violations of certain policies. For example, if you do not allow P2P type traffic on your network, and you are running the appropriate software to detect it and trigger a violation for a given client, PacketFence will give that client a "blocked" page which can be customized to your wishes. -In order to be able to block malicious activities, you need to install and configure the SNORT or Suricata IDS to talk with PacketFence. -Snort -^^^^^ -Installation -++++++++++++ -The installation procedure is quite simple for SNORT. We maintain a working version on the PacketFence repository. To install it, simply run the following command: +Secondly, modify the list of domains and proxy servers in /usr/local/pf/raddb/proxy.conf. You will need to define each of your domains as well as the DEFAULT domain. The DEFAULT realm will apply to any client that attempts to authenticate with a realm that is not otherwise defined in proxy.conf and will be proxied to the eduroam servers. - yum install snort +Define one or more home servers (servers to which eduroam requests should be proxied). -Configuration -+++++++++++++ +proxy.conf example: -PacketFence provides a basic `snort.conf` template that you may need to edit depending of the Snort version. The file is located in `/usr/local/pf/conf`. It is rarely necessary to change anything in that file to make Snort work and trap alerts. DO NOT edit the `snort.conf` located in `/usr/local/pf/var/conf`, all the modification will be destroyed on each PacketFence restart. + home_server tlrs1.eduroam.us { + type = auth + ipaddr = 257.128.1.1 + port = 1812 + secret = useStrongerSecret + require_message_authenticator = yes + } -Suricata -^^^^^^^^ +Define a pool of servers to group your eduroam home servers together. -Installation -++++++++++++ +proxy.conf example: -Since the suricata IDS is not packaged with the distros (except maybe Fedora, which we do not officially support), you need to build it the "old" way. + home_server_pool eduroam { + type = fail-over + home_server = tlrs1.eduroam.us + home_server = tlrs2.eduroam.us + } -The OISF provides a really well written how-to for that. It's available here: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/CentOS5 +Define realms to select which requests should be proxied to the eduroam server pool. +There should be one realm for each of your domains, and possibly one more per domain if +you intend to allow usernames of the DOMAIN\user form. -Configuration -+++++++++++++ +The REALM is set based on the domain found by the suffix or ntdomain modules +( see raddb/modules/realm ). +The suffix or ntdomain modules try to find a domain either with an @domain or suffix\username. -PacketFence will provide you with a basic `suricata.yaml` that you can modify to suit you own needs. The file is located in `/usr/local/pf/conf`. +* If none is found, the REALM is NULL. +* If a domain is found, FreeRADIUS tries to match one of the REALMS defined in this file. +* If the domain is either example.edu or EXAMPLE FreeRADIUS sets the corresponding REALM, +i.e. example.edu or EXAMPLE. +* If the REALM does not match either (and it isn't NULL), that means there was a domain +other than EXAMPLE or example.edu and we assume it is meant to be proxied to eduroam. +FreeRADIUS sets the DEFAULT realm (which is proxied to the eduroam authentication pool). -Violations -^^^^^^^^^^ +The REALM determines where the request is sent to. If the REALM authenticates locally +the requests are processed entirely by FreeRADIUS. If the REALM sets a different +home server pool, the requests are proxied to the servers defined within that pool. -In order to make PacketFence react to the Snort alerts, you need to explicitly tell the software to do so. Otherwise, the alerts will be discarded. This is quite simple to accomplish. In fact, you need to create a violation and add the Snort alert SID in the trigger section of a Violation. +proxy.conf example: +---- +# This realm is for requests which don't have an explicit realm +# prefix or suffix. User names like "bob" will match this one. +# No authentication server is defined, thus the authentication is +# done locally. +realm NULL { +} -PacketFence policy violations are controlled using the `/usr/local/pf/conf/violations.conf` configuration file. The violation format is as follows: +# This realm is for ntdomain users who might use the domain like +# this "EXAMPLE\username". +# No authentication server is defined, thus the authentication is +# done locally. +realm EXAMPLE { +} - [1234] - desc=Your Violation Description - priority=8 - template=