forked from inverse-inc/packetfence
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog.old
2621 lines (2128 loc) · 113 KB
/
ChangeLog.old
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
2011-01-04 Francois Gaudreault <fgaudreault@inverse.ca>
* pf/docs/PacketFence_Network_Devices_Configuration_Guide.odt:
Added Extricom controller documentation
* pf/docs/PacketFence_Administration_Guide.odt: Fixed typo in
the groupinstall section.
2010-12-20 Francois Gaudreault <fgaudreault@inverse.ca>
* pf/docs/PacketFence_Network_Devices_Configuration_Guide.odt:
Modify the supported Meru Network Devices module name
* pf/lib/pf/SNMP/Meru/MC.pm: Changed the name of the Meru
Controller module to a more generic one
2010-12-17 Francois Gaudreault <fgaudreault@inverse.ca>
* pf/docs/PacketFence_Network_Devices_Configuration_Guide.odt:
Modify the supported Meru Network Devices
* pf/conf/templates/snort.conf: Add missing TELNET_SERVERS variable
2010-12-16 Francois Gaudreault <fgaudreault@inverse.ca>
* pf/docs/PacketFence_ZEN_Installation_Guide.odt: Update the ZEN
documentation for version 2.0.0
* pf/lib/pf/SNMP/Extricom.pm, pf/lib/pf/SNMP/Extricom/EXSW800.pm :
Support for the Extricom Wireless Controllers
2010-12-14 Olivier Bilodeau <obilodeau@inverse.ca>
Version bump to 2.0.0
* pf/lib/pf/SNMP.pm: Fixes to VoIP removed some commented code
* pf/docs/PacketFence_Administration_Guide.odt: New Production DHCP
access section. Reworked other places here and there and fixed some
sections based on testing feedback.
* pf/lib/pf/node.pm: Fixed an issue where a node's last locationlog
information was wrong. SQL JOIN problem.
2010-12-13 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/docs/PacketFence_Administration_Guide.odt: Re-organization and
new documentation in the Administration Guide. Splitting concepts from
sample documentation.
* pf/conf/templates/configurator/reg-detect-vlan.conf,
pf/conf/templates/configurator/reg-vlan.conf,
pf/conf/templates/configurator/zen-vlan.conf: Added vlan.dhcpd and
vlan.named set to enabled by default. This is because our new
configuration is using networks.conf to automatically manage the
DHCP and DNS Servers. Along with updated documentation this fixes #1113.
http://www.packetfence.org/bugs/view.php?id=1113
2010-12-10 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/docs/PacketFence_Network_Devices_Configuration_Guide.odt: Added
Juniper documentation for MAC Authentication (Juniper's MAC RADIUS)
* pf/lib/pf/Nortel.pm: Documented an odd behavior with a Nortel
BayStack 470 that was in a stacked context in a previous life.
* pf/lib/pf/SNMP/Cisco/Catalyst_2960.pm, pf/lib/pf/SNMP/Juniper.pm,
pf/lib/pf/SNMP/MockedSwitch.pm, pf/lib/pf/SNMP.pm, pf/lib/pf/radius.pm:
VoIP refactoring so that RADIUS VSA's for VoIP support are determined
by the switch modules instead of pf::radius. Also added
supportsRadiusVoip capability so that switch can say they support VoIP
over RADIUS themselves.
* pf/lib/pf/SNMP/Aruba.pm, pf/lib/pf/SNMP/HP/Controller_MSM710.pm,
pf/lib/pf/SNMP.pm: Code to extract SSID out of RADIUS Access-Request
attributes has been properly distributed to AP/Controller modules.
* Renamed pf/README_SWITCHES to pf/README.network-devices: SWITCHES
is misleading so it's changed network-device
2010-12-09 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/SNMP/Juniper/EX.pm, pf/lib/pf/SNMP/Juniper.pm,
pf/lib/pf/SNMP.pm, pf/sbin/pfsetvlan: Juniper EX series Wired MAC
Authentication support without Voice over IP
Side effects:
- pfsetvlan now handles WIRED_MAC_AUTH properly (instead of as a failed
port-security traps not enabled type)
- Accidental inclusion of extractSsid() refactoring (will be completed
later)
2010-12-06 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/docs/PacketFence_Administration_Guide.odt: Changes to our default
FreeRADIUS configuration to fix some issues with VLAN assignment over
tunneled EAP types.
2010-12-06 Francois Gaudreault <fgaudreault@inverse.ca>
* pf/lib/pf/SNMP/Meru/MC3000.pm, pr/lib/pf/SNMP/Meru.pm :
New module to support the Meru Networks MC3000 Wireless Controler
(Meru::MC3000)
2010-12-01 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/addons/802.1X/packetfence.pm, pf/lib/pf/WebAPI.pm,
pf/lib/pf/radius.pm: Now sending the whole RAD_REQUEST hash to server
side so we can take more proper educated guess about the hardware in
the proper pf::SNMP::.. modules. Will be used for SSID discovery and
EAP-based MAC Authentication.
EAP-based MAC Authentication's Connection-Type is now properly set to
WIRED_MAC_AUTH (was WIRED_802_1X)
2010-11-29 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/addons/802.1X/packetfence.pm,
pf/docs/PacketFence_Administration_Guide.odt: Now able to detect MAC
Authentication over EAP and set Cleartext-Password appropriately for
the clients to be able to authenticate. Paves the way to MAC Auth with
Juniper and Extreme Networks.
* Dropping pf/docs/PacketFence_Installation_Guide.odt: Dropping this
guide in favor of the Administration Guide where we took all that was
good of the Install guide early last week.
* pf/conf/dhcp_fingerprints.conf: Added a new Fedora Linux
fingerprint (Fedora Linux 13)
2010-11-26 Regis Balzard <rbalzard@inverse.ca>
* pf/configurator.pl: Creates a proper conf/networks.conf file based on
user input. Fixes #1112;
http://www.packetfence.org/bugs/view.php?id=1112
* pf/docs/PacketFence_Administration_Guide.odt: Updated documentation
- new DHCP, DNS instructions integrated with networks.conf
- Changes to routed networks explanations
2010-11-26 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/bin/pfcmd, pf/conf/ui.conf, pf/html/admin/common.php,
pf/html/admin/configuration/switches.php,
pf/html/admin/configuration/violation.php, pf/html/admin/node/view.php,
pf/html/admin/violation/view.php, pf/lib/pf/config.pm, pf/lib/pf/os.pm,
pf/lib/pf/violation.pm: Web Admin UI changes. Fixes #820 and #1075;
- Changes to hidden fields
- Changes to order of fields
- Changes to default sorting
- Added ID field to dhcp fingerprints view
- Updated ConnectionType strings to be shorter and avoid confusing open SSIDs
and auth type
http://www.packetfence.org/bugs/view.php?id=820
http://www.packetfence.org/bugs/view.php?id=1075
* pf/bin/pfcmd_vlan: pfcmd_vlan now logs in logs/packetfence.log like
everyone else and when the -verbose flag is passed it'll log both to
file and to STDOUT. Fixes #874;
http://www.packetfence.org/bugs/view.php?id=874
2010-11-25 Regis Balzard <rbalzard@inverse.ca>
* pf/lib/pf/config.pm: fixed an issue when reading 'trunkPort' in
floating_network_device.conf
2010-11-25 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/README_SWITCHES: Added MAC Auth column and started a draft of a
wireless table
* pf/cgi-bin/redir.cgi, pf/cgi-bin/release.cgi, pf/cgi-bin/register.cgi:
pf::web stopped exporting methods in 1.9 branch but new method
get_client_ip was still called as if it did in this branch. Fixed this.
* pf/lib/pf/node.pm: Fixed node_add problem introduced when doing
database refactoring
* pf/addons/recovery.pl, pf/bin/pfcmd, pf/lib/pf/vlan.pm,
pf/sbin/pfsetvlan, pf/t/vlan.t: API change
- Renamed subroutines names from procedural to object-oriented style
- Removed custom_ from custom_doWeActOnThisTrap
* pf/ChangeLog, pf/lib/pf/radius.pm, pf/lib/pf/vlan/custom.pm,
pf/lib/pf/vlan.pm, pf/t/vlan.t: API improvements and new code samples
regarding VLAN assignments. Fixes #971;
- Renamed subroutines names from procedural to object-oriented style
- shouldAutoRegister now has 802.1X username in its parameters
- Unified interfaces between getViolationVlan, getRegistrationVlan and
getNormalVlan
- Added 802.1X username in getViolationVlan, getRegistrationVlan and
getNormalVlan
- Added samples in getNormalVlan and shouldAutoRegister
- POD improvements
http://www.packetfence.org/bugs/view.php?id=971
* pf/cgi-bin/register.cgi: Removed node.vlan assignment on captive
portal registration
2010-11-24 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/bin/flip.pl, pf/html/admin/common.php,
pf/lib/pf/SNMP/Cisco/Catalyst_2960.pm, pf/lib/pf/SNMP/MockedSwitch.pm,
pf/lib/pf/SNMP.pm, pf/lib/pf/config.pm, pf/lib/pf/radius/custom.pm,
pf/lib/pf/radius.pm, pf/lib/pf/vlan.pm, pf/t/data/switches.conf,
pf/t/radius.t: MAC Authentication Bypass is now Wired MAC
Authentication after some discussion. Changes required all over the
place.
* pf/t/pod.t and others: Important fix to POD doc test removing false
alarms and fixed all missing sections from basic test
* Moved test/ into addons/: test/ was a misleading directory for these
scripts
* Renamed pf/addons/802.1X/rlm_perl_packetfence.pl to
pf/addons/802.1X/packetfence.pm: Old name didn't bring any added value
and was kind of obscure, so it's renamed now to represent a module.
Note in UPGRADE and tests updated.
2010-11-23 Olivier Bilodeau <obilodeau@inverse.ca>
* docs/PacketFence_Administration_Guide.odt: A lot of content rework
for the admin guide. All big reworks are done, now we need to cleanup,
make it coherent and fix notes in comments.
2010-11-22 Francois Gaudreault <fgaudreault@inverse.ca>
* Add 802.1x configuration in the Network Devices configuration guide
2010-11-22 Olivier Bilodeau <obilodeau@inverse.ca>
* docs/PacketFence_Administration_Guide.odt: A lot of content rework
for the admin guide. It is still in a very rough stage though.
* Added pf/docs/PacketFence_Network_Devices_Configuration_Guide.odt:
New guide focused exclusively on network device configuration.
Currently, a draft with a mix of the admin guide switch config and new
material.
2010-11-19 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/installer.pl, pf/addons/snort/oinkmaster.conf,
pf/conf/violations.conf: New URL for emerging threats rules and also
took the opportunity to add new rulesets (botnet, malware, shellcode,
trojans and worms) Fixes #1102;
http://www.packetfence.org/bugs/view.php?id=1102
* renamed pf/db/upgrade-1.9.0-1.10.0.sql to
pf/db/upgrade-1.9.0-2.0.0.sql, modified pf/UPGRADE:
DB upgrade script now 1.9.0 to 2.0.0.
* pf/bin/pfcmd, pf/installer.pl, pf/t/pfcmd.t: Getting rid of the
database md5sums. Fixes #973;
They were used to identify database 'version' but were never reliable.
http://www.packetfence.org/bugs/view.php?id=973
* pf/db/pf-schema-2.0.0.sql, pf/installer.pl, pf/packetfence.spec:
New database schema for upcoming release. Package and installer
properly referencing to it.
* pf/lib/pf/vlan.pm: Returning registration VLAN if node status is
pending.
* pf/addons/captive-portal/registration-sms-confirmation/sms_carrier.sql:
SMS carrier database useful for registration confirmation over SMS
* pf/html/admin/node/import.php: Now removing uploaded file after
import. This is what was initially planned.
* pf/addons/loadMACintoDB.pl, pf/UPGRADE: Dropping loadMACintoDB.pl
script in favor of new node import facility available on CLI or web
admin.
2010-11-17 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/t/util.t, pf/lib/pf/import.pm, pf/lib/pf/util.pm, pf/t/all.t,
pf/t/smoke.t: Fixed a very long standing issue: valid_mac and
clean_mac didn't properly parse xxxx.xxxx.xxxx formatted MACs.
Also calling clean_mac on node importation allows it to be more
tolerant on MAC format input. Added tests!
* pf/html/admin/check_login.php, pf/html/admin/common/adminperm.inc,
pf/html/admin/common/helpers.inc, pf/html/admin/common.php: Removed php
script terminators (?>) from included files since they are not required
and cause problems (newlines after them corrupt jpgraph's graphics)
2010-11-16 Regis Balzard <rbalzard@inverse.ca>
* pf/bin/pfcmd: Added a log to indicate which service and command is
called. This would help debugging.
2010-11-16 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/html/admin/node/import.php, pf/lib/pf/import.pm, pf/bin/pfcmd,
pf/conf/ui.conf, pf/html/admin/check_login.php,
pf/html/admin/common/helpers.inc, pf/html/admin/node/help.html,
pf/lib/pf/pfcmd/help.pm, pf/lib/pf/pfcmd.pm: Node importation through
CLI and Web Administration. Automatically registers nodes on
importation.
2010-11-15 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/conf/dhcp_fingerprints.conf: Added a Gentoo DHCP fingerprint
2010-11-10 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/conf/locale/en/LC_MESSAGES/packetfence.po,
pf/conf/locale/fr/LC_MESSAGES/packetfence.po: Tells users to reboot if
they are behind a phone.
2010-11-09 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/db/pf-schema-1.10.0.sql: Removed the deprecated TYPE= syntax for
the current database schema file. Replaced by ENGINE=.
2010-11-08 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/conf/dhcp_fingerprints.conf: Added D-Link, Trendnet and Belkin
Wireless Router fingerprints and removed the Fluke one (conflicted
with Belkin and I wasn't sure of the source of the fluke one). Thanks
to David LaPorte for the fingerprints!
2010-11-04 Regis Balzard <rbalzard@inverse.ca>
* pf/docs/PacketFence_Administration_Guide.odt: Added instructions on
how to configure FreeRADIUS v2 to listen on a virtual IP.
2010-11-01 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/html/user/content/templates/pending.html, pf/cgi-bin/redir.cgi,
pf/html/admin/common/helpers.inc, pf/html/admin/common.php,
pf/html/admin/node/edit.php, pf/lib/pf/node.pm, pf/lib/pf/vlan.pm,
pf/lib/pf/web.pm: New 'pending' node status with updated VLAN
assignment call (stay in registration). This enables approval
workflows in user registrations.
* pf/lib/pf/web/util.pm: New web utilities file.
2010-10-30 Olivier Bilodeau <obilodeau@inverse.ca>
* conf/dhcp_fingerprints.conf: Added Avaya Phone and Aruba Access
Point 200 DHCP fingerprints.
2010-10-29 Francois Gaudreault <fgaudreault@inverse.ca>
* pf/addons/snort/oinkmaster.conf: Update url section for the new
emerging URL
2010-10-27 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/web, pf/lib/pf/web/custom.pm, pf/UPGRADE,
pf/cgi-bin/redir.cgi, pf/cgi-bin/register.cgi, pf/cgi-bin/release.cgi,
pf/lib/pf/web.pm, pf/packetfence.spec: New pf::web::custom file with
a recipe to redefine subs in pf::web in a clean way. Consumers had to
change so this is a 'breaking' update. Made the mention in UPGRADE.
Will simplify user upgrades. Partially fixes #1045;
http://www.packetfence.org/bugs/view.php?id=1045
2010-10-26 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/services/apache.pm, pf/t/integration.t,
pf/conf/documentation.conf, pf/conf/pf.conf.defaults,
pf/conf/templates/httpd.conf.apache22, pf/lib/pf/freeradius.pm,
pf/lib/pf/services.pm, pf/t/all.t, pf/t/services.t, pf/t/smoke.t,
pf/t/integration.t, pf/packetfence.spec: New feature: Passthrough using
mod_rewrite and reverse proxying. Leveraging existing configuration in
pf.conf (passthroughs section). Fixes #772;
Refactored new config generation into it's own pf::services::apache
module. Pushed along with some new tests.
http://www.packetfence.org/bugs/view.php?id=772
2010-10-25 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/docs/PacketFence_Administration_Guide.odt: Documented violation
with external URL behavior and the redirect_url feature.
* pf/addons/integration-testing/violations.conf, pf/lib/pf/services.pm,
pf/conf/templates/httpd.conf.apache22, UPGRADE:
Repaired violations with absolute URLs making PacketFence's captive
portal act as a reverse proxy. Fixes #1024;
http://www.packetfence.org/bugs/view.php?id=1024
2010-10-25 Regis Balzard <rbalzard@inverse.ca>
* pf/addons/802.1X/rlm_perl_packetfence.pl, pf/UPGRADE, pf/NEWS:
Re-worked the entire module: changed the tests order so we now filter
by SSID; got rid of anything related to guest since guest should now be
managed a distinct category; aadded a find_ssid() function in order to
read the SSID name from the attributes sent in the request; removed
many SQL queries and changed the one reading the node info; ...
2010-10-21 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/conf/dhcp_fingerprints.conf: New DHCP Fingerprints:
Cisco/Linksys, Netgear, D-Link Home Wireless Routers, Sony Ericsson
Android and Fluke DTX (network tester)
* pf/docs/PacketFence_Administration_Guide.odt: Added new "MySQL
optimization tool" section under MySQL optimizations and put a new
title on top of the Captive portal optimizations (they were under
MySQL optimizations!?)
2010-10-15 Francois Gaudreault <fgaudreault@inverse.ca>
* pf/docs/PacketFence_Administration_Guide.odt: Addition of some
documentation about log rotation.
2010-10-15 Francois Gaudreault <fgaudreault@inverse.ca>
* pf/docs/PacketFence_Installation_Guide.odt: Add the groupinstall
line for packetfence install.
* pf/docs/PacketFence_Administration_Guide.odt: Addition of some
documentation about Snort and Oinkmaster.
2010-10-13 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/docs/PacketFence_Administration_Guide.odt: Revamped SMC section
of the guide and added support instructions for 6128 L2.
Also clarified some FreeRADIUS config.
* pf/lib/pf/SNMP/SMC/TS6128L2.pm, pf/NEWS, pf/README_SWITCHES,
pf/UPGRADE, pf/html/admin/configuration/switches_add.php,
pf/html/admin/configuration/switches_edit.php,
pf/lib/pf/SNMP/SMC/TS6224M.pm, pf/lib/pf/SNMP/SMC/TS8800M.pm,
pf/lib/pf/SNMP/SMC.pm, pf/t/coding-style.t, pf/t/critic.t,
pf/t/hardware-snmp-objects.t, pf/t/pod.t: New hardware support: SMC
TigerStack 6128 L2 in port-security (feature sponsored by Seattle
Pacific University)
Also in there is a big update to the 8800M module powering the 8824M
and the 8848M.
* Lots: Whitespace changes to lots of files based on the result of the
last coding-style test results
2010-10-12 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/addons/freeradius-integration,
pf/addons/freeradius-integration/README,
pf/addons/freeradius-integration/freeradius-nas-table.sql,
pf/lib/pf/freeradius.pm, pf/bin/pfcmd, pf/conf/switches.conf,
pf/conf/ui.conf, pf/html/admin/configuration/switches.php,
pf/lib/pf/SNMP.pm, pf/lib/pf/SwitchFactory.pm, pf/lib/pf/pfcmd/pfcmd.pm,
pf/t/SwitchFactory.t, pf/t/coding-style.t, pf/t/critic.t,
pf/t/data/switches.conf, pf/t/data.t, pf/t/pf.t: New radiusSecret
parameter in conf/switches.conf. This allows to automatically configure
FreeRADIUS' clients.conf (NAS aka client switches or APs). Right now
it's disabled by default but one can enable it using the new addons
instructions (addons/freeradius-integration/README). Fixes #1028;
http://www.packetfence.org/bugs/view.php?id=1028
2010-10-08 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/web.pm: A well-placed typo was introduced in revno:
bb21d5f588c910e0c0bbc73881056dde72017518. I'm glad I fixed it.
Also improved indentation of the logger call while I was at it.
* pf/addons/802.1X/rlm_perl_packetfence_soap.pl: Improved SSID
autodetection for Colubris Wirless (HP ProCurve)
2010-10-08 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/violation.pm: Fixes to violation priorities. They were
inforced in the reverse order which broke scans when using default
configuration files.
* pf/bin/pfcmd: Better error reporting on file permission errors.
Fixes #1088;
http://www.packetfence.org/bugs/view.php?id=1088
* pf/t/coding-style.t: New coding-style test suite that validates
presence of tab characters for now. Added to all and smoke test
suites.
2010-10-07 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/locationlog.pm, pf/sbin/pfsetvlan: Important fixes to the
changes introduced for #995 and #1002. SQL errors and pfsetvlan thread
crashes.
* pf/lib/pf/radius.pm, pf/t/radius.t: Standardized method names to the
object form. Updated related tests.
* pf/lib/pf/SNMP/Cisco/Catalyst_2950.pm,
pf/lib/pf/SNMP/Cisco/Catalyst_2960.pm, pf/lib/pf/SNMP/MockedSwitch.pm,
pf/lib/pf/SNMP.pm, pf/lib/pf/radius.pm, pf/t/data/switches.conf,
pf/t/radius.t: pf::radius now verifies if switch supports Wired MAB
and 802.1X before processing request.
Change of default behavior: A request from a switch not defined in
switches.conf will fail now. Before we were trying to be nice and load
the settings of the default switch but we decided that it wasn't nice
for users if they don't realize something wrong first.
Made test pass and added a couple of them.
2010-10-07 Regis Balzard <rbalzard@inverse.ca>
* pf/lib/pf/SNMP/HP/Controller_MSM710.pm, pf/README_SWITCHES,
pf/html/admin/configuration/switches_add.php,
pf/html/admin/configuration/switches_edit.php, pf/t/critic.t,
pf/t/hardware-snmp-objects.t, pf/t/pod.t: Added support for HP ProCurve
MSM710 Mobility Controller.
2010-10-06 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/conf/dhcp_fingerprints.conf: Added HP ProCurve Access Point and
Controller fingerprints and Ricoh MFP.
* pf/conf/templates/httpd.conf.apache22: Apache debugging
instructions. Commented by default only there as a reminder.
2010-10-06 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/html/admin/node/edit.php: Fixed a regression where node fields
coming from locationlog where set to be editable and would cause
grammar failure during node editing.
* pf/addons/proxy-bypass/README,
pf/addons/proxy-bypass/squid-redirector.pl,
pf/addons/proxy-bypass/squid.conf-sample.patch, pf/cgi-bin/redir.cgi,
pf/cgi-bin/register.cgi, pf/cgi-bin/release.cgi,
pf/html/user/content/index.php, pf/lib/pf/config.pm, pf/lib/pf/web.pm:
New feature: Client Proxy Interception (proxy-bypass)
Requires squid and is not useful to everyone so it is in addons but
it's easy to install.
- squid config + redirector script
- Provided requirements, install instructions and basic troubleshooting.
- IP lookup code updated in core
Fixes #1035;
http://www.packetfence.org/bugs/view.php?id=1035
2010-10-01 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/radius.pm, pf/lib/pf/vlan.pm: Optional auto-registration
of EAP authenticated devices in order.
Example code more proper, re-ordered parameters for
getNodeInfoForAutoReg to make the interface consistent with other
related calls. Last touch on #1002;
http://www.packetfence.org/bugs/view.php?id=1002
* pf/NEWS, pf/conf/ui.conf, pf/db/pf-schema-1.10.0.sql,
pf/db/upgrade-1.9.0-1.10.0.sql, pf/html/admin/node/view.php,
pf/lib/pf/locationlog.pm, pf/lib/pf/lookup/node.pm, pf/lib/pf/node.pm
pf/lib/pf/pfcmd/report.pm, pf/lib/pf/pfcmd.pm, pf/lib/pf/radius.pm
pf/sbin/pfdhcplistener, pf/sbin/pfsetvlan: Adding dot1x_username and
ssid to locationlog and exposing it through node_view and friends.
Fixes #995 and #1002;
Required several changes to the booking aspects of packetfence so it is
a potentially destabilizing change. Database changes were made also.
http://www.packetfence.org/bugs/view.php?id=995
http://www.packetfence.org/bugs/view.php?id=1002
2010-09-30 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/UPGRADE, pf/addons/autodiscover.pl,
pf/addons/convertToPortSecurity.pl, pf/addons/loadMACintoDB.pl,
pf/addons/recovery.pl, pf/conf/ui.conf, pf/db/pf-schema-1.10.0.sql,
pf/db/upgrade-1.9.0-1.10.0.sql, pf/html/admin/common.php,
pf/html/admin/node/edit.php, pf/html/admin/node/view.php,
pf/lib/pf/SNMP.pm, pf/lib/pf/db.pm, pf/lib/pf/locationlog.pm,
pf/lib/pf/lookup/node.pm, pf/lib/pf/node.pm, pf/lib/pf/pfcmd/pfcmd.pm,
pf/lib/pf/pfcmd/report.pm, pf/lib/pf/radius/custom.pm,
pf/lib/pf/radius.pm, pf/lib/pf/util.pm, pf/lib/pf/violation.pm,
pf/lib/pf/vlan/custom.pm, pf/lib/pf/vlan.pm, pf/sbin/pfdhcplistener,
pf/t/vlan.t: The node table no longer carries duplicated data from
locationlog. Fixes #914;
As a side benefit the purpose of bypass_vlan is now more clear than
only vlan. Fixes #977;
pf::node calls still join with the locationlog so the changes are
somewhat transparent. Updated all callers.
- new locationlog_insert_closed to insert closed entries (used by
dhcplogger for option82 enabled packets)
- cleaner SQL queries
- locationlog_synchronize no longer needs to keep the node table updated
- changed default hidden fields and default items ordering in node view
and edit
- added default sorting options to node view (related to #820)
- no longer setting node.vlan to current switch's vlan in node register
- pf::vlan no longer needs to handle updated node calls
Also misc cleanup and fixes
http://www.packetfence.org/bugs/view.php?id=914
http://www.packetfence.org/bugs/view.php?id=977
* pf/addons/loadMACintoDB.pl: Added minimal POD for file and added to
minimum test suites
2010-09-28 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/packetfence.spec: Updated files manifest to remove pdp.cgi.
2010-09-27 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/docs/PacketFence_Administration_Guide.odt: Updated documentation
to reflect the re-worked FreeRADIUS modules using post-auth instead of
authorize calls.
* pf/addons/802.1X/rlm_perl_packetfence_soap.pl: Using post-auth
instead of authorize for the FreeRADIUS module, enables some incredible
stuff like auto-registration of successful EAP connections, etc. Fixes
#1034;
http://www.packetfence.org/bugs/view.php?id=1034
* pf/addons/802.1X/rlm_perl_packetfence.pl, UPGRADE: Re-worked the
module to work on post-auth calls instead of authorize calls. This
avoid work being done when the EAP credentials don't even pass and
improves overall correctness of the system (autoregistration in this
module is now possible). It can also improve performance in network
with a lot of wrong 802.1X requests as they no longer exercise the
PacketFence module. Backport of fix #1034 from trunk;
http://www.packetfence.org/bugs/view.php?id=1034
* pf/conf/dhcp_fingerprints.conf: Removed a space in the fingerprints
that's causing the Symbian OS to be the universal fingerprint for
nodes that don't have a fingerprint.
2010-09-24 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/addons/802.1X/rlm_perl_packetfence.pl: got rid of an unnecessary
te1st
2010-09-24 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/radius.pm, pf/lib/pf/vlan.pm: Added RADIUS User-Name to the
method signature of pf::vlan::getNodeInfoForAutoReg. Allows to record
the username of a node that would be automatically registered by policy.
Fixes #1000;
http://www.packetfence.org/bugs/view.php?id=1000
* Added pf/lib/pf/mod_perl_require.pl, modified
pf/conf/templates/httpd.conf.apache22: Pre-loading PacketFence modules
using a PerlRequire statement. Improves per-request latency and overall
performance. Thanks to Josh Ward from University of Oregon for the
initial research on the fix!
* Renamed pf/cgi-bin/pdp.cgi to pf/lib/pf/WebAPI.pm, modified
pf/addons/802.1X/rlm_perl_packetfence_soap.pl,
pf/conf/templates/httpd.conf.apache22, pf/lib/pf/WebAPI.pm,
pf/lib/pf/radius.pm, pf/lib/pf/vlan.pm, pf/t/critic.t, pf/t/pod.t
pf/t/podCoverage.t, pf/t/stress-test/soap-calls-radius_authorize
pf/t/stress-test/soap-calls-snort,
pf/addons/pfdetect_remote/sbin/pfdetect_remote: Ported cgi-bin/pdp.cgi
SOAP CGI handler to full blown mod_perl SOAP-Lite hosted module.
Fixes #1010;
Note: URI for Web Services changed from /cgi-bin/pdp.cgi to /webapi
http://www.packetfence.org/bugs/view.php?id=1010
2010-09-23 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/node.pm: Fixed a small but important merge mistake.
2010-09-23 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/vlan.pm: Removed all Logger calls setting shared 'tid'
information. First they were redundant since the MDC hash is global and
second, they are corrupting other places were we could be setting the
'tid' (like from a web call).
2010-09-22 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/packetfence.spec: 1.9.2dev started and removed invalid dependency.
See #882 for details;
http://www.packetfence.org/bugs/view.php?id=882
* pf/NEWS, pf/conf/pf-release,
pf/docs/PacketFence_Administration_Guide.odt,
pf/docs/PacketFence_Developers_Guide.odt,
pf/docs/PacketFence_Installation_Guide.odt, pf/packetfence.spec,
pf/t/pfcmd.t: New 1.9.1 release!
* pf/t/smoke.t: Added new smoke testsuite which is used by our building
process. A suite of tests quick to run, with no side-effects and that
should always pass.
2010-09-21 Regis Balzard <rbalzard@inverse.ca>
* pf/docs/PacketFence_Administration_Guide.odt:
Updated documentation for FreeRadius 1.x and added some for 2.x.
Fixes bug #1036;
http://www.packetfence.org/bugs/view.php?id=1036
* pf/docs/PacketFence_Administration_Guide.odt:
Updated (for clarification purpose) documentation for Cisco stacked
and 4500 Series switches. Fixes bug #1037;
http://www.packetfence.org/bugs/view.php?id=1037
2010-09-21 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/cgi-bin/pdp.cgi, pf/cgi-bin/redir.cgi, pf/cgi-bin/register.cgi,
pf/cgi-bin/release.cgi, pf/html/admin/administration/adduser.php,
pf/html/admin/administration/index.php,
pf/html/admin/administration/services.php,
pf/html/admin/administration/ui_options.php,
pf/html/admin/administration/version.php,
pf/html/admin/check_login.php, pf/html/admin/common/adminperm.inc,
pf/html/admin/common/helpers.inc, pf/html/admin/common.php,
pf/html/admin/configuration/fingerprint.php,
pf/html/admin/configuration/floatingnetworkdevice.php,
pf/html/admin/configuration/floatingnetworkdevice_add.php,
pf/html/admin/configuration/floatingnetworkdevice_edit.php,
pf/html/admin/configuration/index.php,
pf/html/admin/configuration/interfaces.php,
pf/html/admin/configuration/interfaces_add.php,
pf/html/admin/configuration/interfaces_edit.php,
pf/html/admin/configuration/main.php,
pf/html/admin/configuration/more_info.php,
pf/html/admin/configuration/networks.php,
pf/html/admin/configuration/networks_add.php,
pf/html/admin/configuration/networks_edit.php,
pf/html/admin/configuration/switches.php,
pf/html/admin/configuration/switches_add.php,
pf/html/admin/configuration/switches_edit.php,
pf/html/admin/configuration/violation.php,
pf/html/admin/configuration/violation_add.php,
pf/html/admin/configuration/violation_edit.php,
pf/html/admin/exporter.php, pf/html/admin/footer.php,
pf/html/admin/header.php, pf/html/admin/index.php,
pf/html/admin/login.php, pf/html/admin/node/add.php,
pf/html/admin/node/categories.php,
pf/html/admin/node/categories_add.php,
pf/html/admin/node/categories_edit.php,
pf/html/admin/node/edit.php, pf/html/admin/node/index.php,
pf/html/admin/node/lookup.php, pf/html/admin/node/view.php,
pf/html/admin/person/add.php, pf/html/admin/person/edit.php,
pf/html/admin/person/index.php, pf/html/admin/person/lookup.php,
pf/html/admin/person/view.php, pf/html/admin/printer.php,
pf/html/admin/scan/edit.php, pf/html/admin/scan/index.php,
pf/html/admin/scan/results.php, pf/html/admin/scan/scan.php,
pf/html/admin/status/dashboard.php, pf/html/admin/status/grapher.php,
pf/html/admin/status/graphs.php, pf/html/admin/status/index.php,
pf/html/admin/status/reports.php,
pf/html/admin/status/sajax-dashboard.php,
pf/html/admin/violation/add.php, pf/html/admin/violation/edit.php,
pf/html/admin/violation/index.php, pf/html/admin/violation/view.php,
pf/html/user/content/index.php, pf/html/user/content/style.php,
pf/html/user/content/violations/banned_devices.php,
pf/html/user/content/violations/banned_os.php,
pf/html/user/content/violations/darknet.php,
pf/html/user/content/violations/failed_scan.php,
pf/html/user/content/violations/generic.php,
pf/html/user/content/violations/lsass.php: Added copyright, license and
author info. Fixes #764;
http://www.packetfence.org/bugs/view.php?id=764
* pf/lib/pf/node.pm: Enforcing maxnodes the same way in register.cgi
and pf::node's node_register. Prevent situations where unregistered
nodes would be accounted for when enforcing maxnodes causing errors
internally but not visible in the captive portal. So this is both a
usability and correctness fix. Fixes #1057;
http://www.packetfence.org/bugs/view.php?id=1057
* pf/lib/pf/violation.pm: Added validation for violation grace period
in violation_trigger. Avoids unnecessary load in certain cases.
Fixes #857;
http://www.packetfence.org/bugs/view.php?id=857
* pf/cgi-bin/register.cgi, pf/conf/templates/httpd.conf.apache22,
pf/lib/pf/web.pm, pf/packetfence.spec: Captive portal now using
mod_perl. Huge performance gain. Up to 23x faster on some workloads we
tested. Fixes #879;
http://www.packetfence.org/bugs/view.php?id=879
2010-09-21 Regis Balzard <rbalzard@inverse.ca>
* pf/docs/PacketFence_Administration_Guide.odt:
Added a section in the performance optimization section regarding
blocking non browser requests in the captive portal
* pf/conf/dhcp_fingerprints.conf: New DHCP fingerprints: Cisco,
Netgear Router, Quanta Microsystems, Debian-based Linux, Nokia Tablet,
Symbian OS. Thanks to Sam Winotai (from Loyola Marymount University)
for the contribution!
2010-09-20 Regis Balzard <rbalzard@inverse.ca>
* pf/lib/pf/SNMP/Nortel/BayStack4500.pm: removed this file
* pf/lib/pf/SNMP/Nortel/ERS4500.pm: added this file
* pf/README_SWITCHES, pf/html/admin/configuration/switches_add.php,
pf/html/admin/configuration/switches_edit.php, pf/t/critic.t,
pf/t/hardware-snmp-objects.t, pf/t/pod.t: Fixed the error in the 4500
module name (was originally named BayStack 4500 but it is actually ERS
4500).
2010-09-17 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/conf/dhcp_fingerprints.conf: Fixed Siemens optiPoint WL2
Professional fingerprint.
* pf/html/admin/common.php, pf/lib/pf/pfcmd.pm: pfcmd's node filters now
supports arguments with spaces as long as they are double-quoted.
Viewing nodes per category on the admin interface was updated to use
this facility. Fixes #1056;
http://www.packetfence.org/bugs/view.php?id=1056
* pf/html/admin/common.php, pf/html/admin/node/view.php: Table
refreshes now re-do a count so paging in node table doesn't brake on
deletions. Fixes #1055;
http://www.packetfence.org/bugs/view.php?id=1055
2010-09-17 Regis Balzard <rbalzard@inverse.ca>
* pf/lib/pf/SNMP/Nortel/ERS2500.pm, pf/README_SWITCHES,
pf/html/admin/configuration/switches_add.php,
pf/html/admin/configuration/switches_edit.php, pf/t/critic.t,
pf/t/hardware-snmp-objects.t, pf/t/pod.t: Added support for Nortel ERS
2500 Series.
2010-09-17 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/SNMP/Extreme/Summit.pm,
pf/lib/pf/SNMP/Extreme/Summit_X250e.pm, pf/lib/pf/SNMP/Extreme.pm,
pf/html/admin/configuration/switches_add.php,
pf/html/admin/configuration/switches_edit.php:
Re-worked port-security (MAC address Lockdown) support and added Voice
over IP support for Extreme XOS. We removed the CLI requirement making
it a production ready module. Thanks to Extreme Networks for sponsoring
the feature and adding features to their ExtremeXOS making this
possible.
2010-09-17 Regis Balzard <rbalzard@inverse.ca>
* pf/lib/pf/SNMP/Nortel/BayStack4500.pm, pf/README_SWITCHES,
pf/html/admin/configuration/switches_add.php,
pf/html/admin/configuration/switches_edit.php, pf/t/critic.t,
pf/t/hardware-snmp-objects.t, pf/t/pod.t: Added support for Nortel 4500
Series. This module will replace the one for Nortel 4550 since the code
is the same for the entire serie.
2010-09-17 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/docs/PacketFence_Administration_Guide.odt: Added configuration
instructions for Extreme in port security and Voice over IP. Module is
now identified as covering the whole Extreme XOS series and previous
limitations were removed since the code has been fixed.
2010-09-15 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/addons/autodiscover.pl, pf/addons/loadMACintoDB.pl,
pf/lib/pf/node.pm, pf/sbin/pfdhcplistener, pf/UPGRADE: Removed print
statement from node_modify. Placed print statements in all callers that
cares. This was an important blocker to put the captive portal in
mod_perl and to allow our web services back-end in trunk to work
reliably. Fixes #1068;
http://packetfence.org/bugs/view.php?id=1068
* pf/lib/pf/node.pm: node_view, node_view_with_fingerprint,
node_view_all now returns empty '' category instead of NULL when node
doesn't have a category. This is more consistent with all the other
fields. Fixes #1063;
http://www.packetfence.org/bugs/view.php?id=1063
2010-09-14 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/t/critic.t, pf/t/pf.t, pf/t/pod.t: Added pf::radius and friends to
the bare-minimal tests (critic, compile and pod). Not sure why they
weren't already there...
* pf/lib/pf/radius.pm, pf/lib/pf/radius/constants.pm,
pf/lib/pf/radius/custom.pm, packetfence.spec: RADIUS constants are now
in a seperate file preventing odd errors when users override methods in
pf::radius::custom. Fixes #1001;
http://www.packetfence.org/bugs/view.php?id=1001
* pf/sbin/pfsetvlan: Fixed merge problem introduced yesterday where
pre-trunk code has been propagated in trunk by mistake breaking the
build.
2010-09-13 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/vlan/custom.pm: Importing more modules to avoid people using
custom code that doesn't compile even if they copiedy and pasted from
pf::vlan. Fixes #1001 for pf::vlan::custom since there are no specific
constants defined in pf::vlan.
http://www.packetfence.org/bugs/view.php?id=1001
* pf/lib/pf/node.pm: Sub node_register_auto no longer exported since
a while. Removing at the earliest point in trunk branch revno:
bad6d50ec65bad5779a30d488020eb49acad200d
* pf/packetfence.spec: Package version bump to 1.10.0 to clearly mark
a departure from 1.9.x
* pf/addons/802.1X/rlm_perl_packetfence_soap.pl: Added SSID detection
for Aruba wireless controllers.
* pf/conf/dhcp_fingerprints.conf: New DHCP fingerprints: Windows,
Alcatel, Siemens, Cisco, Linksys, Mitel IP phones, Cisco, Enterasys,
Trapeze APs, Debian, Ubuntu, Puppy Linux, Enterasys Switches, Nokia
Internet Tablet, HP iLO Agents, APC UPS, Polycom Video conferencing,
FreeBSD, Eye-Fi Wireless Memory Card, Novell Netware, Apple Netboot,
more PXE, Solaris 8 (SunOS 5.8) and Neoware's thin clients.
Thanks to Eric Kollmann for the contribution! See his OS/device
fingerprinting related work at: http://myweb.cableone.net/xnih/
2010-09-10 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/sbin/pfsetvlan: Added logging to highlight the fact that we are
connecting on a node's previous switch. Will prevent confusing people
like me. Fixes #1052;
http://www.packetfence.org/bugs/view.php?id=1052
Also made some unnecessary whitespace adjustments.. sorry I couldn't
resist...
* pf/bin/pfcmd: Fixes to the try {} catch {} syntax. No bug reported
but I found out it could be problematic since I was bitten by this
when working on the upcoming error handling in pf::SNMP::Extreme.
2010-09-08 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/SNMP/Aruba.pm, pf/lib/pf/SNMP/Cisco/Catalyst_2960.pm,
pf/lib/pf/SNMP/Cisco/Catalyst_3550.pm: Added some documentation for
Cisco (2960, 3550) and Aruba in the SNMP modules
* pf/docs/PacketFence_Administration_Guide.odt: Added configuration
instructions for Extreme in port security.
2010-09-07 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/SNMP/Cisco/ISR_1800.pm: Connection error is now shown in
the logs if there is a connection problem.
* pf/lib/pf/SNMP/Extreme/nas-pb.yml, pf/lib/pf/SNMP/Extreme/Summit.pm,
pf/lib/pf/SNMP/Extreme/Summit_X250e.pm, pf/lib/pf/SNMP/Extreme.pm,
pf/lib/pf/SNMP/constants.pm: Added port-security support for Extreme
XOS, called MAC Address Lockdown in Extreme's language. It relies on
CLI for now so it is not recommended for large networks. Extreme is
working on providing a solution for this.
2010-09-03 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/SNMP/MockedSwitch.pm, pf/t/hardware-snmp-objects.t: Added
new exceptions in the tests and implemented new trunk specific subs. So
that the new tests passes.
2010-09-02 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/SNMP/MockedSwitch.pm, pf/t/hardware-snmp-objects.t: New
pf::SNMP:MockedSwitch that will be used to test the efficiency of our
pfsetvlan daemon. Some tests to make sure it stays relevant.
* pf/docs/PacketFence_Administration_Guide.odt, pf/lib/SNMP/HP.pm:
Documented an HP behavior regarding port-security.
2010-08-27 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/SNMP/constants.pm: Added Q-BRIDGE section to the SNMP
constants and dot1qStaticUnicastStatus types.
2010-08-10 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/packetfence.spec, pf/t/critic.t, pf/t/pf.t, pf/t/pod.t: Added
perl(Authen::Radius) as a dependency in the RPM spec file. It's required
by the optional radius authentication in the captive portal. Fixes #1047;
http://packetfence.org/bugs/view.php?id=1047
Added the relevant tests to catch any similar situation in the future.
2010-08-10 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/SNMP/Intel/Express_460.pm: Ported Intel Express 460's web
screenscraping code to use new web services parameters
* pf/lib/pf/SNMP.pm, pf/lib/pf/SwitchFactory.pm, pf/t/SwitchFactory.t,
pf/t/data/switches.conf: pf::SNMP and SwitchFactory now supports new
Web Services switches.conf parameters.
Added test cases
* pf/UPGRADE: Added deprecation warning for htaccessUser and htaccessPwd
* pf/bin/pfcmd, pf/conf/switches.conf, pf/conf/ui.conf,
pf/docs/PacketFence_Administration_Guide.odt,
pf/html/admin/configuration/switches.php,
pf/html/admin/configuration/switches_add.php,
pf/html/admin/configuration/switches_edit.php,
pf/lib/pf/pfcmd/pfcmd.pm: switches.conf now accepts Web Services
related configuration (wsTransport, wsUser, wsPwd)
Also updated all related helpers, interfaces and documentation
2010-08-09 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/html/admin/login.php: Admin auth mechanism localuser+ldappass
also fallbacks to localpass on error
* pf/UPGRADE: Added an upgrade note about the Admin interface access
control
2010-08-08 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/t/stress-test/captive-portal.txt: Added some information on how
to stress test the captive portal
2010-08-05 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/docs/PacketFence_Administration_Guide.odt: Added two new Q&A:
- How can users authenticate using LDAP or Active Directory (AD)
instead of using a local flat file?
- How can I provide different rights to users of the admin Web
interface?
2010-08-04 Olivier Bilodeau <obilodeau@inverse.ca>
Merged org.packetfence.feature.granular-admin-access with revno
2c753bafa6f766c330510b2895729ecf42cd71d9
* pf/conf/pf-release, pf/packetfence.spec, pf/t/pfcmd.t: Officially
entering pre-release snapshots land for 1.9.1
* pf/README_SWITCHES: Aligned content with webiste regarding Aruba
support
* pf/lib/pf/scan.pm: Increasing log severity for a nessus scan error
Heading towards #1032 improvements;
http://www.packetfence.org/bugs/view.php?id=1032
2010-08-03 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/conf/dhcp_fingerprints.conf: New DHCP fingerprints: Cisco
Wireless Access Point and FortiOS
2010-07-23 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/NEWS, pf/UPGRADE: Starting the NEWS file for the next release
series out of trunk.
Added some info to UPGRADE because of yesterday's change and fixed the
database upgrade script that was renamed.
2010-07-22 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/html/admin/configuration/switches_add.php,
pf/html/admin/configuration/switches_edit.php: Corrected bad whitespace
again...
Now, to fix it for good, instead of asking people to behave, I'm
forcing vim parameters to enforce them! mouhahahhaa! :)
2010-07-22 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/lib/pf/radius.pm: A sample of working RADIUS VoIP authorization
for Cisco switches in pf::radius' authorize_voip. Fixes #1008;
http://www.packetfence.org/bugs/view.php?id=1008
* pf/lib/pf/lookup/node.pm: Output of node lookup is aligned. Fixes
#1006;
http://www.packetfence.org/bugs/view.php?id=1006
Also added vim modelines to force proper whitespace
2010-07-15 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/packetfence.spec, pf/NEWS: 1.9.0 released!
* pf/docs/PacketFence_Administration_Guide.odt: Added network and
components diagrams
2010-07-14 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/docs/PacketFence_Administration_Guide.odt: Replaced feature
intro text with updated one
2010-07-06 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/docs/PacketFence_Administration_Guide.odt,
pf/docs/PacketFence_Developers_Guide.odt,
pf/docs/PacketFence_Installation_Guide.odt: Version bump
* pf/docs/PacketFence_Developers_Guide.odt: Fixed bad propagation from
1_8 branch (copied document from 1_8 branch and re-did changes since
then).
* pf/docs/PacketFence_Administration_Guide.odt: Added doc for HP
ProCruve 3400cl (same as ProCurve 2600).
* pf/README_SWITHCES, pf/html/admin/configuration/switches_add.php,
pf/html/admin/configuration/switches_edit.php: Renamed Procurve to
ProCurve in the user visible locations since it's the official HP way.
* pf/docs/PacketFence_Administration_Guide.odt: Fixed Procurve 2600
SNMP configuration (Thanks to Andrew Niemantsverdriet for pointing it
out!)
2010-07-05 Olivier Bilodeau <obilodeau@inverse.ca>
* pf/docs/PacketFence_Administration_Guide.odt: Added documentation to
configure the Foundry FastIron 4802 in port-security with or without
VoIP (IPT)
* pf/docs/PacketFence_Administration_Guide.odt: Fixed small mistakes
* Renamed pf/lib/pf/SNMP/SMC/SMC8800M.pm to
pf/lib/pf/SNMP/SMC/TS8800M.pm, modified pf/lib/pf/SNMP/SMC/TS8800M.pm,
pf/lib/pf/SNMP/SMC.pm, pf/t/critic.t, pf/t/data.t,