diff --git a/ChangeLog b/ChangeLog index 88807fb9ce60..a4ee98ea7e19 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,112 @@ +commit c123e126a4b98a9a377cf10521f178c9b2db5910 +Author: Francis Lachapelle +Date: Mon Aug 12 11:57:05 2013 -0400 + + Update NEWS file + +M NEWS.asciidoc + +commit 404deb3e186dc03161ffef8c2d7d26fdcf4e53dc +Author: James Rouzier +Date: Mon Aug 12 11:43:43 2013 -0400 + + Remove incorrect array dereference + +M lib/pf/web.pm + +commit 3d0ecc3395730912a9a17401a5ecd5e985e6bd7b +Author: Francis Lachapelle +Date: Mon Aug 12 11:37:56 2013 -0400 + + Restore ProfileFactory to previous state + +M lib/pf/Portal/ProfileFactory.pm + +commit 6e1fcd5c661a3adeea70a7c0bef3e801260116a1 +Author: Francis Lachapelle +Date: Mon Aug 12 11:33:34 2013 -0400 + + WISPr: respect authentication source + +M html/captive-portal/register.cgi +M lib/pf/authentication.pm +M lib/pf/web.pm +M lib/pf/web/wispr.pm + +commit 9c52b4e1c2cb263de6677c8fa24bf2aeb48fc35b +Author: Francis Lachapelle +Date: Mon Aug 12 10:58:40 2013 -0400 + + Fix OAuth2 authentication + +M lib/pf/web.pm + +commit da3634a29aabb0eee665929427883ecebb254ae2 +Author: Francis Lachapelle +Date: Fri Aug 9 17:47:22 2013 -0400 + + Bump to version 4.0.5-2 + +M conf/pf-release + +commit 17ab0853a347d3838f3ba25007290d755c1f03fc +Author: James Rouzier +Date: Fri Aug 9 19:17:05 2013 -0400 + + Fixed the call to update_profiles_guest_modes by adding the proper parameters to it + +M lib/pf/authentication.pm + +commit f32963b2dbe2b0cc828b73cfc4e56466a03e6184 +Author: James Rouzier +Date: Fri Aug 9 18:57:10 2013 -0400 + + match function expects a source_id or an array ref of source objects + +M lib/pf/authentication.pm + +commit 8d3a7b314817c6dc998edfab8b58732410942b4f +Author: Francis Lachapelle +Date: Fri Aug 9 16:34:06 2013 -0400 + + Fix auth::match to handle multiple sources + +M html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm +M lib/pf/authentication.pm + +commit 509a7f0b0dbf32ed1db23e0874f3213ea07eb231 +Author: Durand Fabrice +Date: Fri Aug 9 14:54:47 2013 -0400 + + Fix syntax + +M lib/pf/SNMP/MockedSwitch.pm + +commit 9378252275947f4a57770ad00d562c586fa1efaa +Author: Francis Lachapelle +Date: Fri Aug 9 14:26:38 2013 -0400 + + Improve Administration Guide + +M docs/PacketFence_Administration_Guide.asciidoc + +commit f100940f94c2e3f40c1465002b95fa508dc50dc6 +Author: Francis Lachapelle +Date: Fri Aug 9 14:21:43 2013 -0400 + + Update documentation for releae 4.0.5 + +M ChangeLog +M NEWS.asciidoc +M UPGRADE.asciidoc +M addons/packages/packetfence.spec +M conf/documentation.conf +M debian/changelog +M docs/PacketFence_Administration_Guide-docinfo.xml +M docs/PacketFence_Administration_Guide.asciidoc +M docs/docinfo.xml +M docs/includes/global-attributes.asciidoc + commit 51985fbf88e38a94b79e18b98b76c585ec3dd759 Author: Derek Wuelfrath Date: Fri Aug 9 13:53:02 2013 -0400 diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 8bc06ccf124b..f9040387c7de 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -11,6 +11,16 @@ This is a list of noteworthy changes across releases. For more details and developer visible changes see the ChangeLog file. For a list of compatibility related changes see the UPGRADE.asciidoc file. +Version 4.0.5-2 released on 2013-08-12 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Bug Fixes ++++++++++ + +* Fixed authentication with multiple sources +* Fixed oauth2 +* Authentication source is now respected when using WISPr + Version 4.0.5 released on 2013-08-09 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/conf/pf-release b/conf/pf-release index 989ec897dc82..e914532d462a 100644 --- a/conf/pf-release +++ b/conf/pf-release @@ -1 +1 @@ -PacketFence 4.0.5 +PacketFence 4.0.5-2 diff --git a/html/captive-portal/register.cgi b/html/captive-portal/register.cgi index 30475b9aa0f6..1fe0aa5cf336 100755 --- a/html/captive-portal/register.cgi +++ b/html/captive-portal/register.cgi @@ -67,7 +67,7 @@ if (defined($cgi->param('username')) && $cgi->param('username') ne '') { exit(0); } - my ($auth_return, $error, $source) = pf::web::web_user_authenticate($portalSession); + my ($auth_return, $error, $source_id) = pf::web::web_user_authenticate($portalSession); if ($auth_return != 1) { $logger->trace("authentication failed for " . $portalSession->getClientMac()); pf::web::generate_login_page($portalSession, $error); @@ -85,7 +85,7 @@ if (defined($cgi->param('username')) && $cgi->param('username') ne '') { # obtain node information provided by authentication module. We need to get the role (category here) # as web_node_register() might not work if we've reached the limit - my $value = &pf::authentication::match($source, $params, $Actions::SET_ROLE); + my $value = &pf::authentication::match($source_id, $params, $Actions::SET_ROLE); $logger->trace("Got role '$value' for username $pid"); @@ -96,13 +96,13 @@ if (defined($cgi->param('username')) && $cgi->param('username') ne '') { # If an access duration is defined, use it to compute the unregistration date; # otherwise, use the unregdate when defined. - $value = &pf::authentication::match($source, $params, $Actions::SET_ACCESS_DURATION); + $value = &pf::authentication::match($source_id, $params, $Actions::SET_ACCESS_DURATION); if (defined $value) { $value = POSIX::strftime("%Y-%m-%d %H:%M:%S", localtime(time + normalize_time($value))); $logger->trace("Computed unrege date from access duration: $value"); } else { - $value = &pf::authentication::match($source, $params, $Actions::SET_UNREG_DATE); + $value = &pf::authentication::match($source_id, $params, $Actions::SET_UNREG_DATE); } if (defined $value) { $logger->trace("Got unregdate $value for username $pid"); diff --git a/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm b/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm index 475dfd7b4d21..d0a1ab1a3779 100644 --- a/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm +++ b/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm @@ -38,7 +38,7 @@ sub supported_features { sub check_password { my ( $self, $password ) = @_; - my @internal_sources_id = map { $_->{'id'} } pf::authentication::getInternalAuthenticationSources(); + my @internal_sources_id = map { $_->{'id'} } @{pf::authentication::getInternalAuthenticationSources()}; my ($result, $message, $source_id) = &pf::authentication::authenticate($self->_user, $password, @internal_sources_id); if ($result) { diff --git a/lib/pf/Portal/ProfileFactory.pm b/lib/pf/Portal/ProfileFactory.pm index 380bd68a6de6..cc366d8b16b0 100644 --- a/lib/pf/Portal/ProfileFactory.pm +++ b/lib/pf/Portal/ProfileFactory.pm @@ -34,12 +34,12 @@ Create a new pf::Portal::Profile instance based on parameters given. =cut sub instantiate { - my ( $self, $mac, $options ) = @_; + my ( $self, $mac ) = @_; my $logger = Log::Log4perl::get_logger(__PACKAGE__); # We apply portal profiles based on the SSID and VLAN, we check the last_ssid for the given MAC and try to match # a portal profile using the previously fetched filters. If no match, we instantiate the default portal profile. - my $node_info = $options || node_view($mac); + my $node_info = node_view($mac); my @filter_ids = ((map { "$_:" . $node_info->{"last_$_"} } qw(ssid vlan)), @{$node_info}{'last_ssid','last_vlan'}); my $filtered_profile = first {exists $Profiles_Config{$_}} diff --git a/lib/pf/authentication.pm b/lib/pf/authentication.pm index f4f42a4c3ed0..62c66377bc41 100644 --- a/lib/pf/authentication.pm +++ b/lib/pf/authentication.pm @@ -95,8 +95,6 @@ our %TYPE_TO_SOURCE = ( our $logger = get_logger(); -$cached_profiles_config->addReloadCallbacks(update_profiles_guest_modes => \&update_profiles_guest_modes); - readAuthenticationConfigFile(); =item availableAuthenticationSourceTypes @@ -206,12 +204,14 @@ sub readAuthenticationConfigFile { } push(@authentication_sources, $current_source); } - update_profiles_guest_modes(); + update_profiles_guest_modes($cached_profiles_config,"update_profiles_guest_modes"); }] ); + $cached_profiles_config->addReloadCallbacks(update_profiles_guest_modes => \&update_profiles_guest_modes); + } else { $cached_authentication_config->ReadConfig(); - update_profiles_guest_modes(); + update_profiles_guest_modes($cached_profiles_config,"update_profiles_guest_modes"); } } @@ -343,7 +343,8 @@ Return instances of pf::Authentication::Source for internal sources =cut sub getInternalAuthenticationSources { - return grep { $_->{'class'} eq 'internal' } @authentication_sources; + my @internal = grep { $_->{'class'} eq 'internal' } @authentication_sources; + return \@internal; } =item deleteAuthenticationSource @@ -468,32 +469,30 @@ sub _authenticate_from_sources { =item match -This method tries to match a set of params in a specific source. If source_id is -undef, all sources will be tried. If action is undef, all actions will be returned. +This method tries to match a set of params in one or multiple sources. -If action is set, it'll return the value of the action immediately. +If action is undef, all actions will be returned. +If action is set, it will return the value of the action immediately. =cut sub match { my ($source_id, $params, $action) = @_; - my $actions; + my ($actions, @sources); $logger->debug("Match called with parameters ".join(", ", map { "$_ => $params->{$_}" } keys %$params)); - foreach my $current_source ( @authentication_sources ) { - if (defined $source_id && $source_id eq $current_source->id) { - $actions = $current_source->match($params); - last; - } - elsif (!defined $source_id) { - $actions = $current_source->match($params); + if (ref($source_id) eq 'ARRAY') { + @sources = @{$source_id}; + $source_id = undef; + } + else { + @sources = first { $_->id eq $source_id } @authentication_sources; + } - # First match in a source wins, and we stop looping - if (defined $actions) { - last; - } - } + foreach my $current_source ( @sources ) { + # First match in a source wins, and we stop looping + last if defined( $actions = $current_source->match($params)); } if (defined $action && defined $actions) { diff --git a/lib/pf/web.pm b/lib/pf/web.pm index d10ed3afaa9c..568584c8d7aa 100644 --- a/lib/pf/web.pm +++ b/lib/pf/web.pm @@ -383,11 +383,11 @@ sub generate_oauth2_result { my $token; eval { - $token = oauth2_client($provider)->get_access_token($portalSession->getCgi()->url_param('code')); + $token = oauth2_client($portalSession, $provider)->get_access_token($portalSession->getCgi()->url_param('code')); }; if ($@) { - $logger->info("OAuth2: failed to receive the token from the provider, redireting to login page"); + $logger->warn("OAuth2: failed to receive the token from the provider: $@"); generate_login_page( $portalSession, i18n("OAuth2 Error: Failed to get the token") ); return 0; } @@ -563,9 +563,8 @@ sub validate_form { =item web_user_authenticate - return (1, pf::web::auth subclass) for successfull authentication - return (0, undef) for inability to check credentials - return (0, pf::web::auth subclass) otherwise (pf::web::auth can give detailed error) + return (1, message string, source id string) for successfull authentication + return (0, message string, undef) otherwise =cut @@ -577,15 +576,15 @@ sub web_user_authenticate { my $session = $portalSession->getSession(); # validate login and password - my ($return, $message, $source) = &pf::authentication::authenticate($portalSession->cgi->param("username"), - $portalSession->cgi->param("password"), - @{$portalSession->getProfile->getInternalSources}); + my ($return, $message, $source_id) = &pf::authentication::authenticate($portalSession->cgi->param("username"), + $portalSession->cgi->param("password"), + $portalSession->getProfile->getInternalSources); if (defined($return) && $return == 1) { # save login into session $portalSession->session->param( "username", $portalSession->cgi->param("username") ); } - return ($return, $message, $source); + return ($return, $message, $source_id); } sub generate_registration_page { diff --git a/lib/pf/web/wispr.pm b/lib/pf/web/wispr.pm index f21368651178..47b5e8513d1c 100644 --- a/lib/pf/web/wispr.pm +++ b/lib/pf/web/wispr.pm @@ -74,7 +74,7 @@ sub handler { # Trace the user in the apache log $r->user($req->param("username")); - my ($return, $message) = &pf::web::web_user_authenticate($portalSession); + my ($return, $message, $source_id) = &pf::web::web_user_authenticate($portalSession); if ($return) { $logger->info("Authentification success for wispr client"); $stash = { @@ -107,7 +107,7 @@ sub handler { # obtain node information provided by authentication module. We need to get the role (category here) # as web_node_register() might not work if we've reached the limit - my $value = &pf::authentication::match(undef, $params, $Actions::SET_ROLE); + my $value = &pf::authentication::match($source_id, $params, $Actions::SET_ROLE); $logger->warn("Got role $value for username $pid"); @@ -116,7 +116,7 @@ sub handler { %info = (%info, (category => $value)); } - $value = &pf::authentication::match(undef, $params, $Actions::SET_ACCESS_DURATION); + $value = &pf::authentication::match($source_id, $params, $Actions::SET_ACCESS_DURATION); if (defined $value) { $logger->trace("No unregdate found - computing it from access duration"); @@ -124,7 +124,7 @@ sub handler { } else { $logger->trace("Unregdate found, we use it right away"); - $value = &pf::authentication::match(undef, $params, $Actions::SET_UNREG_DATE); + $value = &pf::authentication::match($source_id, $params, $Actions::SET_UNREG_DATE); } $logger->trace("Got unregdate $value for username $pid");