diff --git a/.gitignore b/.gitignore index 2ac5cd0f8bc7..a8f78e52a54a 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ *.swp *.orig *.local +*.lockone .#* # Configuration not in git @@ -10,6 +11,8 @@ conf/httpd.conf conf/named.conf conf/pf.conf conf/*.lock +conf/*.lockonce +conf/log.conf.d/*.conf conf/nessus/ conf/currently-at bin/pfcmd @@ -21,6 +24,39 @@ db/pf-schema.sql raddb/eap.conf raddb/radiusd.conf raddb/sql.conf +conf/templates/* +conf/adminroles.conf +conf/authentication.conf +conf/floating_network_device.conf +conf/guest-managers.conf +conf/log.conf +conf/chi.conf +conf/nessus/remotescan.nessus +conf/networks.conf +conf/radiusd/eap.conf +conf/radiusd/radiusd.conf +conf/radiusd/sql.conf +conf/snort/classification.config +conf/snort/local.rules +conf/snort/reference.config +conf/switches.conf +conf/httpd.conf.d/ssl-certificates.conf +conf/iptables.conf +conf/listener.msg +conf/mdm.conf +conf/popup.msg +conf/profiles.conf +conf/snmptrapd.conf +conf/snort.conf +conf/snort.conf.pre_snort-2.8 +conf/suricata.yaml +conf/ui-global.conf +conf/violations.conf +html/captive-portal/captive_portal.conf +conf/pfdetect_remote.conf +conf/pfarp_remote.conf +conf/allowed-gaming-oui.txt + # translations conf/locale/*/*/*.mo diff --git a/CREDITS b/CREDITS index c9101f4864dc..ce5e58fdfd37 100644 --- a/CREDITS +++ b/CREDITS @@ -23,13 +23,17 @@ Ludovic Marcotte Tino Matysiak Abhijit Menon-Sen Joao Moreira +Louis Munro +Loick Pelet Jean Raby Maikel van der Roest James Rouzier Ponpitak Santipaptawon +Julien Semaan Philipp Snizek Juan Camilo Valencia Mario Varelli Olivier Roch Vilato Derek Wuelfrath -zappo \ No newline at end of file +Ludovic Zammit +zappo diff --git a/ChangeLog b/ChangeLog index a05ab8f956e5..e03cf9bb807a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10196 @@ +commit fa31a6528111d4b3c1cdaca502253a4b36335745 +Author: Francis Lachapelle +Date: Tue May 6 15:06:30 2014 -0400 + + Update UPGRADE file + +M UPGRADE.asciidoc + +commit 2bb109cc806e2f4832b7b999fba6a87a6056c9b5 +Author: James Rouzier +Date: Tue May 6 14:54:16 2014 -0400 + + Added timezones to Wrix + +M html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm + +commit 7996f9a50ed852b94e946f2bb797fae21906a2a3 +Author: Francis Lachapelle +Date: Tue May 6 14:47:19 2014 -0400 + + Prepare release 4.2.0 + +M ChangeLog +M NEWS.asciidoc +M addons/packages/packetfence.spec +M debian/changelog +M docs/PacketFence_Administration_Guide-docinfo.xml +M docs/PacketFence_Network_Devices_Configuration_Guide-docinfo.xml +M docs/docbook/xsl/titlepage-fo.xml +M docs/docinfo.xml +M docs/includes/global-attributes.asciidoc + +commit d92d63b145109753c5e37a2c3c73647aee402371 +Author: Francis Lachapelle +Date: Tue May 6 14:34:41 2014 -0400 + + Update HTTP/BrowserDetect.pm to version 1.70 + +M lib/HTTP/BrowserDetect.pm + +commit 9f0cc350c9a73f4ab80ade6dbf2c3756759cb321 +Author: Durand Fabrice +Date: Tue May 6 14:26:44 2014 -0400 + + Defined noarch + +M addons/packages/packetfence-release.spec + +commit 906c705818a6d17f58bbd0925b303dcf2bdcf274 +Author: Loick Pelet +Date: Tue May 6 14:26:19 2014 -0400 + + modified doc according to packetfence-release version + +M docs/PacketFence_Administration_Guide.asciidoc + +commit c088163a51a3b9ef77e645990546406703046db9 +Author: Francis Lachapelle +Date: Tue May 6 14:13:57 2014 -0400 + + Improve search form on WRIX management page + +M html/pfappserver/lib/pfappserver/Controller/Configuration/Wrix.pm +M html/pfappserver/root/configuration/wrix/search_form.tt + +commit 2751673a62fb2f0c21e5ac7ce6d686efbfc3299d +Author: Francis Lachapelle +Date: Tue May 6 14:13:14 2014 -0400 + + Improve logging + +M html/pfappserver/lib/pfappserver/Base/Model/DB.pm +M lib/pf/Switch/Cisco/Aironet_WDS.pm + +commit bb6ab87317865f25d6e8fe235023d713f56768a8 +Author: Francis Lachapelle +Date: Tue May 6 14:12:46 2014 -0400 + + Improve Administration Guide + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 68b7bb8b014085e53b95f47b9f4ac1e047260712 +Author: Loick Pelet +Date: Tue May 6 13:51:54 2014 -0400 + + cleanup footer + +M addons/packages/packetfence-release.spec + +commit cde7c9bb6a2e19cb1d9d9affa3b12df1bf6e0030 +Author: Loick Pelet +Date: Thu May 1 15:28:01 2014 -0400 + + fixed system variable issue + +M addons/packages/packetfence-release.spec + +commit b18e40685ffa307cf114db6c6132cca96963ef5f +Author: Loick Pelet +Date: Mon Apr 28 16:10:53 2014 -0400 + + modified documentation to use PacketFence release package + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 83206f918eab998eed61c0a6a24e85afd476db56 +Author: Loick Pelet +Date: Mon Apr 28 11:24:56 2014 -0400 + + fixed directory and install + +M addons/packages/packetfence-release.spec + +commit cf19a0ff211d30b8c47c18ae8c3a9ea26ff68c6c +Author: Loick Pelet +Date: Mon Apr 28 10:27:16 2014 -0400 + + removed src + +M addons/packages/packetfence-release.spec + +commit bae88301da6a192c8ace54a9398bdfc9d021e379 +Author: Loick Pelet +Date: Sun Apr 27 23:21:14 2014 -0400 + + created spec file for PacketFence RMP Repo file + +A addons/packages/packetfence-release.spec + +commit dd43e4e7c1e7f6d33c97883c2ab0a259605d936a +Author: James Rouzier +Date: Tue May 6 13:44:27 2014 -0400 + + Export downloads full data + +M html/pfappserver/lib/pfappserver/Controller/Configuration/Wrix.pm +M lib/pf/RoseDB/Wrix/Manager.pm + +commit f0a651865b8ad9deeb9b61937ec4ca714e0b8a0d +Author: Loick Pelet +Date: Tue May 6 13:42:55 2014 -0400 + + Added new categories and fingerprints and vendor-id + +M conf/dhcp_fingerprints.conf + +commit 01c4b3aae00f6c691c55d53577e6c9f4ea2a8835 +Author: Derek Wuelfrath +Date: Tue May 6 13:34:17 2014 -0400 + + Fixed wrong network configuration on Debian + +M html/pfappserver/root/interface/interface_debian.tt + +commit f14f6373b3f616d35b365db1051acf8573d37314 +Author: James Rouzier +Date: Tue May 6 13:17:05 2014 -0400 + + Added support for cloning + +M html/pfappserver/lib/pfappserver/Controller/Configuration/Wrix.pm + +commit ccb1c6cd69975c73bd2d8513f8e2ec812412de2b +Author: Durand Fabrice +Date: Tue May 6 13:17:55 2014 -0400 + + Added a prerequired dep + +M addons/packages/packetfence.spec + +commit e775841d839a997b7f3599bd26d191e260016bba +Author: Francis Lachapelle +Date: Tue May 6 13:03:29 2014 -0400 + + Fix style of pagination on WRIX management page + +M html/pfappserver/root/configuration/wrix/list.tt + +commit 4297d8aaeccd27bdf4af7e40ac15d89bd702fe0e +Author: James Rouzier +Date: Tue May 6 12:37:51 2014 -0400 + + Fixed pagination + +M html/pfappserver/root/configuration/wrix/list.tt + +commit cdc185b9c4256d8463d8f8202c2d4202c1a6117c +Author: James Rouzier +Date: Tue May 6 12:37:07 2014 -0400 + + Added page count + +M html/pfappserver/lib/pfappserver/Model/Config/Wrix.pm + +commit ba34c774edc995469c722c80ce60ef169904be37 +Author: James Rouzier +Date: Tue May 6 12:36:28 2014 -0400 + + Added page count + +M html/pfappserver/lib/pfappserver/Base/Controller/Crud/DB.pm + +commit d87bb89c0650575239a3522040cde0061cc097ee +Author: Durand Fabrice +Date: Tue May 6 11:59:34 2014 -0400 + + Remove doc about repo in PacketFence_Adminnistration_Guide + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 33377a368beb6e78416f2ccc673e3b43cf667aaa +Author: Durand Fabrice +Date: Tue May 6 11:26:30 2014 -0400 + + Fix for packaging + +M addons/packages/packetfence.spec + +commit 9a944002af118a18b6b4e45c29ec9b40cade28a4 +Author: Julien Semaan +Date: Tue May 6 11:21:36 2014 -0400 + + Add perl-Net-DNS and perl-Moose excludes in doc + +M docs/PacketFence_Administration_Guide.asciidoc + +commit a43cfd791cd437c13dbe3c0a4c39964a03c78c71 +Author: James Rouzier +Date: Tue May 6 11:06:34 2014 -0400 + + Load fingerprints into the database + +M html/pfappserver/lib/pfappserver/Controller/Configurator.pm + +commit ea60539eabfeb83d1b248706de792c3d250ddce2 +Author: James Rouzier +Date: Tue May 6 10:47:22 2014 -0400 + + Renamed gaming registration to device registration + +A conf/allowed_device_oui.txt.example +M html/captive-portal/lib/captiveportal/PacketFence/Controller/DeviceRegistration.pm +A html/captive-portal/templates/device-landing.html +A html/captive-portal/templates/device-login.html +A html/captive-portal/templates/device-registration.html +M lib/pf/file_paths.pm +A lib/pf/web/device_registration.pm +M lib/pf/web/gaming.pm + +commit 428bb0d04888f75058170c4653efe82e505c45ac +Author: James Rouzier +Date: Tue May 6 10:45:57 2014 -0400 + + undef is considered disabled + +M lib/pf/util.pm + +commit 9e3171fd80256c16576741291eef3f1d5151445d +Author: James Rouzier +Date: Tue May 6 09:44:52 2014 -0400 + + Change generate_fake_mac to fake_mac_enabled + +M html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm + +commit 911e2e3aa1f66734d93168347d88a6dd42790be6 +Author: Durand Fabrice +Date: Tue May 6 09:30:36 2014 -0400 + + Fixed fake_mac_address and dhcpd in networks.conf + +M html/pfappserver/lib/pfappserver/Model/Interface.pm +M lib/pf/util.pm + +commit 0f909454d50d55f102156baeb8b628562c574744 +Author: Durand Fabrice +Date: Tue May 6 08:32:29 2014 -0400 + + Change Copyright and rename dictionary file + +M raddb/dictionary +A raddb/dictionary.inverse +D raddb/dictionary.packetfence + +commit f76f853c67618b0089a2298f034482fb3b3df705 +Author: Durand Fabrice +Date: Tue May 6 08:27:52 2014 -0400 + + Fix Typo + +M NEWS.asciidoc + +commit 60a7e01bd0d20d0873e253b018ec19f260eeceab +Author: Durand Fabrice +Date: Tue May 6 08:14:32 2014 -0400 + + Fixed ExtractSsid in Cisco Aironet and Change the Vendor in radius dictionary + +M NEWS.asciidoc +M lib/pf/Switch/Cisco/Aironet.pm +M lib/pf/Switch/Cisco/Aironet_WDS.pm +M raddb/dictionary.packetfence + +commit 00d8fe6bd32022852279cb55c7d0ecd7b2551e8c +Author: James Rouzier +Date: Mon May 5 18:49:23 2014 -0400 + + force change of session id before running + +M html/pfappserver/lib/pfappserver/Model/Config/System.pm + +commit a9a2f2ade0ee8c43bf6d53a1739e60e9f2c4f299 +Author: Derek Wuelfrath +Date: Mon May 5 15:43:23 2014 -0400 + + Allow access to the portal engine from inline when registered + +M conf/iptables.conf.example + +commit 38ebacc2e9bb0dee6a1aa87cc02fc51c3b38f3ff +Author: Derek Wuelfrath +Date: Mon May 5 15:42:23 2014 -0400 + + Removed "Gaming" reference in device registration module. + +M html/captive-portal/templates/gaming-registration.html + +commit f6d19d6de3c8a2d59eafe693450382a21d64f878 +Author: Durand Fabrice +Date: Mon May 5 15:33:27 2014 -0400 + + Change control on a dep + +M debian/control + +commit bf53f56188f935353cdf774531c01162bad44aa1 +Author: James Rouzier +Date: Mon May 5 14:38:36 2014 -0400 + + Refactor loop to use all + +M html/pfappserver/lib/pfappserver/Controller/Configurator.pm + +commit ce797e7228fa212246ca24db67fd0395322d282a +Author: Julien Semaan +Date: Mon May 5 14:23:48 2014 -0400 + + Removed useless console log + +M html/pfappserver/root/static/configurator/services.js + +commit ba4acf585b47b729fd8b84b605c9306267f0e861 +Author: James Rouzier +Date: Mon May 5 14:08:14 2014 -0400 + + Set version of HTML::FormHandler to 0.40013 + +M addons/packages/packetfence.spec +M debian/control + +commit 26ec029852ccdea7347866140fefde948f925313 +Author: Julien Semaan +Date: Mon May 5 14:07:52 2014 -0400 + + Modify currently-at when finishing first pf startup + +M html/pfappserver/lib/pfappserver/Controller/Configurator.pm + +commit 15bb155d90e90641a0988d16126ec15a813eade4 +Author: Julien Semaan +Date: Mon May 5 14:07:20 2014 -0400 + + Minor code cleanup in configurator services.js + +M html/pfappserver/root/static/configurator/services.js + +commit 9ace67e3984eb7c18a1e27b12acea2091dbbfb92 +Author: Durand Fabrice +Date: Mon May 5 13:54:02 2014 -0400 + + Removed ulogd dep + +M debian/control + +commit df28b242c8500e7233424e62a194d02a8ab2a685 +Author: lzammit +Date: Mon May 5 13:38:00 2014 -0400 + + Update PacketFence_Administration_Guide.asciidoc + +M docs/PacketFence_Administration_Guide.asciidoc + +commit f50e34348471c30bb1243f0fdefac035f1026d0f +Author: Julien Semaan +Date: Mon May 5 13:23:50 2014 -0400 + + Refactor the service startup in the configurator so it's asynchronous + +M html/pfappserver/lib/pfappserver/Controller/Configurator.pm +M html/pfappserver/root/static/configurator/services.js + +commit 2be6a0f7bbd14010fba3d53cb4d6df182c6c8947 +Author: James Rouzier +Date: Mon May 5 13:09:10 2014 -0400 + + Update default values for rpc_server & rpc_proto + +M conf/radiusd/radiusd.conf.example + +commit 1cae8270a23f535a77d56d62d82a0c79970ccf9d +Author: Durand Fabrice +Date: Mon May 5 13:05:56 2014 -0400 + + Rename andriod to android + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm +M html/pfappserver/lib/pfappserver/Form/Portal/Common.pm + +commit 1f1ee5fec38898342f8759d59410712ac7b0eb25 +Author: James Rouzier +Date: Mon May 5 13:04:15 2014 -0400 + + Fixed default value for DEFAULT_RPC_PROTO + +M raddb/packetfence-soh.pm +M raddb/packetfence.pm + +commit 94b7a304efbf414381f6dd1ee79accecfbca98d8 +Author: James Rouzier +Date: Mon May 5 13:01:51 2014 -0400 + + Renamed soap_* to rpc_* and added new variables rpc_proto rpc_user and rpc_pass + +M conf/radiusd/radiusd.conf.example + +commit 07f4986d1f59f405a213cdd07ed7c9e9afb5a335 +Author: James Rouzier +Date: Mon May 5 12:12:12 2014 -0400 + + Added the ability to use username and passwords for radius rpc messages and configure https messages + Rename pf::radius::msgpackclient to pf::radius::rpc + +D lib/pf/radius/msgpackclient.pm +A lib/pf/radius/rpc.pm +M lib/pf/services/manager/radiusd.pm +M raddb/dictionary.packetfence +M raddb/packetfence-soh.pm +M raddb/packetfence.pm +M raddb/sites-available/packetfence +M raddb/sites-available/packetfence-soh +M raddb/sites-available/packetfence-tunnel + +commit b9a7a56332eed1e67d5076cd5e2863208d2a157d +Author: James Rouzier +Date: Mon May 5 12:08:48 2014 -0400 + + Fixed password special characters in passwords not being supported + +M lib/pf/WebAPI/AuthenHandler.pm + +commit f81460cafe57867a74859fe516d992b5a0c087cd +Author: Durand Fabrice +Date: Mon May 5 11:52:32 2014 -0400 + + Update Certificate Revocation List Domains + +M lib/pf/config.pm + +commit 1f6c9fb5eaa0db75298415deb7cc396d55205448 +Author: lzammit +Date: Mon May 5 11:45:09 2014 -0400 + + Update PacketFence_Administration_Guide.asciidoc + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 711344f06a2758afea46ee0443a54ac3e2b6c584 +Author: lzammit +Date: Mon May 5 11:43:45 2014 -0400 + + Update on the oAuth Google & FB documentation + +M docs/PacketFence_Administration_Guide.asciidoc + +commit b16dbac9f17f8671600766903f2000da2989595d +Author: Durand Fabrice +Date: Mon May 5 11:41:43 2014 -0400 + + Defined default oauth2 domains for google and facebook + +M lib/pf/Authentication/Source/FacebookSource.pm +M lib/pf/Authentication/Source/GoogleSource.pm + +commit 1d3d33f52786f28f6ebf1d8cde4bd6dc629ddb5c +Author: Julien Semaan +Date: Mon May 5 11:27:08 2014 -0400 + + Logic cleanup of provisionning in catalyst portal + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm + +commit b0ae44f8f43923a70e4dbb2ee3c39639771d2cd7 +Author: Julien Semaan +Date: Mon May 5 11:12:57 2014 -0400 + + Fix provisionning that was always triggered + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm + +commit 8ef6bf8feefb92a60460611ddd2834d379055825 +Author: Durand Fabrice +Date: Mon May 5 10:40:42 2014 -0400 + + Use invoke-rc.d in quiet mode + +M debian/packetfence.preinst + +commit 477323b08322b88d59ba934c9c07d987d514d115 +Author: Durand Fabrice +Date: Mon May 5 10:12:53 2014 -0400 + + Rename constant to be more generic + Include packetfence dictionary in radius config + +M raddb/dictionary +M raddb/dictionary.packetfence +M raddb/packetfence-soh.pm +M raddb/packetfence.pm +M raddb/sites-available/packetfence +M raddb/sites-available/packetfence-soh +M raddb/sites-available/packetfence-tunnel + +commit 5fb9d300c3fbfb0830d27ff78764f5795f08b7eb +Author: Durand Fabrice +Date: Mon May 5 10:07:30 2014 -0400 + + Added PacketFence´s freeradius dictionnary and replace constant name + +A raddb/dictionary.packetfence +M raddb/packetfence-soh.pm +M raddb/packetfence.pm +M raddb/sites-available/packetfence +M raddb/sites-available/packetfence-soh +M raddb/sites-available/packetfence-tunnel + +commit ae602c3d05e337b062d70041ac3b7067a8bb016e +Author: James Rouzier +Date: Mon May 5 09:56:18 2014 -0400 + + Clean the 'new mac' when modifying the node + +M lib/pf/node.pm + +commit f8eb0c9368f856d555edcb2606b9e6466406a341 +Author: James Rouzier +Date: Mon May 5 09:45:12 2014 -0400 + + fixpermissions is now the last target for make devel + +M Makefile + +commit 95a364c497072d15c54ebf7c8dfc7dadb676e386 +Author: Julien Semaan +Date: Mon May 5 08:56:43 2014 -0400 + + Comment mod_unique_id in portal http configuration + +M conf/httpd.conf.d/httpd.portal + +commit fc8206aa34119273bbea33f95c5030c31d3c4a7e +Author: James Rouzier +Date: Fri May 2 23:33:26 2014 -0400 + + Status should return "0" when there are no submanagers + +M lib/pf/services/manager/submanager.pm + +commit 35456064d86af4ddd06afc6624781dfe21510304 +Author: Loick Pelet +Date: Fri May 2 17:00:44 2014 -0400 + + fix permission changed before starting service + +M docs/PacketFence_Administration_Guide.asciidoc + +commit b1689fdd7add37415d83da984b6df83278292067 +Author: Loick Pelet +Date: Fri May 2 16:47:49 2014 -0400 + + improved samba configuration + +M docs/PacketFence_Administration_Guide.asciidoc + +commit ae672002c9a6ce8e65e668a1824ab595e51e812c +Author: lzammit +Date: Fri May 2 16:05:02 2014 -0400 + + Update PacketFence_Administration_Guide.asciidoc + + infos on billing configuration. + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 419030fa04ed18045171e5f5e9b9a28aace4cbdf +Author: James Rouzier +Date: Fri May 2 15:43:30 2014 -0400 + + Added a default message + +M lib/pf/billing/gateway/mirapay.pm + +commit 86c918803effce86a7d97b48407be988b8353a27 +Author: Durand Fabrice +Date: Fri May 2 15:36:29 2014 -0400 + + Specify the package name perl-aliased + +M addons/packages/packetfence.spec + +commit b0870b0e31a0d94d2732178497ce9e1cbe5531b7 +Author: James Rouzier +Date: Fri May 2 15:34:42 2014 -0400 + + Added additional validation + +M lib/pf/billing/gateway/mirapay.pm + +commit 7908bb02412c5062edcbee7922b1ccbc6e938b0c +Author: lzammit +Date: Fri May 2 15:30:40 2014 -0400 + + Update PacketFence_Administration_Guide.asciidoc + + Extra information on the billing set up. + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 526ad976ca2dd95c0ceba00dd99847d8c826603a +Author: James Rouzier +Date: Fri May 2 15:26:09 2014 -0400 + + Rename pf::DB to pf::RoseDB + +M html/pfappserver/lib/pfappserver/Model/Config/Wrix.pm +D lib/pf/Base/DB/Object.pm +D lib/pf/Base/DB/Object/Manager.pm +D lib/pf/Base/DB/Wrix.pm +D lib/pf/Base/DB/Wrix/Manager.pm +A lib/pf/Base/RoseDB/Object.pm +A lib/pf/Base/RoseDB/Object/Manager.pm +A lib/pf/Base/RoseDB/Wrix.pm +A lib/pf/Base/RoseDB/Wrix/Manager.pm +D lib/pf/DB.pm +D lib/pf/DB/Wrix.pm +D lib/pf/DB/Wrix/Manager.pm +A lib/pf/RoseDB.pm +A lib/pf/RoseDB/Wrix.pm +A lib/pf/RoseDB/Wrix/Manager.pm + +commit 4a2afc982d623a27276a324f219cb797e4400da6 +Author: Loick Pelet +Date: Fri May 2 15:13:24 2014 -0400 + + modified pre priorities + +M addons/packages/packetfence.spec + +commit fa6274b4b5b49a4567e5a776a0241720331e50be +Author: Derek Wuelfrath +Date: Fri May 2 15:11:29 2014 -0400 + + Added MySQL schema link for devel purposes + +M Makefile + +commit 185214d3f9f7054c02ec6f61a56234c73b6e92a3 +Author: Derek Wuelfrath +Date: Fri May 2 15:10:20 2014 -0400 + + Should check for dir rather than exist + +M lib/pf/services/manager/dhcpd.pm + +commit cbfa426122a39be4462c0343f595e641f689e0d0 +Author: lzammit +Date: Fri May 2 15:01:16 2014 -0400 + + Update PacketFence_Administration_Guide.asciidoc + +M docs/PacketFence_Administration_Guide.asciidoc + +commit a849118dfbfedd16ffabf3afc618e5110130d18e +Author: Julien Semaan +Date: Fri May 2 14:55:03 2014 -0400 + + Fixed Billing form validation + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm + +commit da9856cc1319d197093f4909070046f343786237 +Author: Derek Wuelfrath +Date: Fri May 2 14:52:28 2014 -0400 + + Full path in permission error messages + +M lib/pf/pfcmd/checkup.pm + +commit 566ae653866d1fa59c016a779d4a1398bd9bc829 +Author: James Rouzier +Date: Fri May 2 14:46:03 2014 -0400 + + Fixed refactor error + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm + +commit 17d86ddfa7edd1a94c3df50274900d1a05a65acc +Author: James Rouzier +Date: Fri May 2 14:19:44 2014 -0400 + + Include missing module and remove call to older api + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm + +commit 8a699cf78e13ed97834ba176e910a6b323c01e6d +Author: Durand Fabrice +Date: Fri May 2 14:11:08 2014 -0400 + + changed Requires to PreReq for somes packages + +M addons/packages/packetfence.spec + +commit 3634e6725a0a1cf7f756b72271e0e5c86b68b0c9 +Author: root +Date: Fri May 2 14:01:37 2014 -0400 + + Create dhcpd dir under var if non-existing + +M lib/pf/services/manager/dhcpd.pm + +commit 96515c74662d57242e00c4ca655d99415caefda1 +Author: James Rouzier +Date: Fri May 2 13:54:29 2014 -0400 + + Fix call to session + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm + +commit 586f67a089e812bcede2253f7f27b8e6a2204749 +Author: Julien Semaan +Date: Fri May 2 13:55:42 2014 -0400 + + Commented mod_unique_id since it makes httpd.portal crash because it absolutly needs a ip/host entry. + +M conf/httpd.conf.d/httpd.portal + +commit da601505076093cc3f1c16d0f9d6c234965aaa2c +Author: Francis Lachapelle +Date: Fri May 2 13:49:04 2014 -0400 + + Localization + +M html/pfappserver/lib/pfappserver/I18N/en.po + +commit 23630295baaf0a663674300515f59486ce210e59 +Author: James Rouzier +Date: Fri May 2 13:46:08 2014 -0400 + + Refactor use of old api + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm + +commit e296588e06f3e86d9f7fbf6abafcb863cc2ee09b +Author: James Rouzier +Date: Fri May 2 13:22:25 2014 -0400 + + Fixed return value of isManaged + +M lib/pf/services/manager/roles/pf_conf_trapping_engine.pm + +commit a776575c78967fdbf564743647d071f1d31c0401 +Author: James Rouzier +Date: Fri May 2 11:58:16 2014 -0400 + + Added new enhancement + +M NEWS.asciidoc + +commit 19ccdc80bc663b0e947e4e440b5fa4935678e505 +Author: Julien Semaan +Date: Fri May 2 11:39:44 2014 -0400 + + Remove rewrite of /release into /perl/release + +M conf/httpd.conf.d/captive-portal-cleanurls.conf + +commit 62eb807b72f3365dd8fd3bf7d5c415a74f89c846 +Author: Julien Semaan +Date: Fri May 2 10:40:40 2014 -0400 + + Fixed the default values and args of pf::temporary_password::generate + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm +M html/pfappserver/lib/pfappserver/Model/User.pm +M lib/pf/temporary_password.pm + +commit 9792a1f8dfaae4ed3d54990476a7e5e3c8c2b62b +Author: Durand Fabrice +Date: Fri May 2 10:27:27 2014 -0400 + + Removed BerkeleyDB packaging dep + +M addons/packages/packetfence.spec +M debian/control + +commit f1e7ce49207e6a998332bdcdfed15b9f008f1c0b +Author: Ludovic Marcotte +Date: Fri May 2 10:19:27 2014 -0400 + + Fixed typo + +M README + +commit a72516ca13f074341c0079d2a5100d2a011af6c4 +Author: Julien Semaan +Date: Fri May 2 09:55:29 2014 -0400 + + Added valid_from and expiration actions when creating a temporary password + +M lib/pf/temporary_password.pm + +commit a36b928c155432d5d129891f9ba85c1de44a9c5d +Author: Julien Semaan +Date: Fri May 2 09:54:40 2014 -0400 + + Fixed apache config for pre registration + +M conf/httpd.conf.d/httpd.portal + +commit 895f34a82a5e6e27a3aa4a2ac9dd3414089bba73 +Author: Julien Semaan +Date: Fri May 2 09:08:11 2014 -0400 + + Missing isenabled import in httpd.portal config + +M conf/httpd.conf.d/httpd.portal + +commit 0ab4bc0d75d921d0c75ae525fa6a76fdc94c7f57 +Author: Durand Fabrice +Date: Fri May 2 09:40:01 2014 -0400 + + Make snmptrapd start before pfsetvlan + +M lib/pf/services/manager/pfsetvlan.pm + +commit 0c469a8ef6fa02d6b23d189d2402f0022e3f93a6 +Author: Ludovic Marcotte +Date: Fri May 2 09:24:56 2014 -0400 + + Fixed typos in doc + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit b6b3d5824cdf3702054cc3cece44502c0bdc80f1 +Author: Ludovic Marcotte +Date: Fri May 2 08:54:08 2014 -0400 + + Axed that file content. + +M README.network-devices + +commit bb2696558077b2680454517b2a684a3e7df3f5f6 +Author: Ludovic Marcotte +Date: Fri May 2 08:35:40 2014 -0400 + + Fixed copyright/authors information + +M debian/copyright +M docs/docbook/fop-centos6.patch +M docs/docbook/xmlgraphics-fop-centos5.patch +M docs/docbook/xsl/headerfooter-fo.xsl +M docs/docbook/xsl/packetfence-fo-article.xsl +M docs/docbook/xsl/packetfence-fo.xsl +M lib/pf/Switch/Aruba.pm + +commit 1c4a291b0f0e6a646dcf72cbbb2ac497259564aa +Author: extrafu +Date: Fri May 2 08:19:42 2014 -0400 + + Update PacketFence_Administration_Guide.asciidoc + + Fixed typos. + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 251798da8a79ca78f27cdaade63a6df51fba445a +Author: extrafu +Date: Fri May 2 08:08:27 2014 -0400 + + Update PacketFenceZEN_Installation_Guide.asciidoc + +M docs/PacketFenceZEN_Installation_Guide.asciidoc + +commit 947bf8a98dc871dab8b2a1a439bb5c5ef3ab3452 +Author: extrafu +Date: Fri May 2 08:03:34 2014 -0400 + + Update CREDITS + +M CREDITS + +commit a814264fd3e4d8ceedc05eacf42e59e633c9ad96 +Author: extrafu +Date: Fri May 2 08:01:02 2014 -0400 + + Update README + +M README + +commit 456d2b7a308bcb959b88edaea9dd4cbf7f2846cd +Author: James Rouzier +Date: Thu May 1 16:50:20 2014 -0400 + + Migrated template data into httpd.portal + +M conf/httpd.conf.d/httpd.portal + +commit 6612f75b8c2164c8745f04842f8a89d56c986081 +Author: Julien Semaan +Date: Thu May 1 16:12:23 2014 -0400 + + Fixed device registration URL in web constants + +M lib/pf/web/constants.pm + +commit c45143163c1d46fe94b289bff092823cd3e503da +Author: Durand Fabrice +Date: Thu May 1 15:22:07 2014 -0400 + + Change year 2013 to 2014 in configurator + +M html/pfappserver/root/configurator/admin.tt +M html/pfappserver/root/configurator/configuration.tt +M html/pfappserver/root/configurator/database.tt +M html/pfappserver/root/configurator/enforcement.tt +M html/pfappserver/root/configurator/networks.tt +M html/pfappserver/root/configurator/services.tt + +commit 1241161fc869f3776d1d1b260dce1a586494c753 +Author: James Rouzier +Date: Thu May 1 15:14:21 2014 -0400 + + Make processTransaction a Private action + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm + +commit 26c2ea0f19823ab6c9d6ae090f6f48434a94d729 +Author: Julien Semaan +Date: Thu May 1 15:11:00 2014 -0400 + + Removed apple provisionning from the CGI portal + +M lib/pf/web.pm +M lib/pf/web/provisioning.pm + +commit 20abf61b9228110632cb40023cabbd1c781018dd +Author: Julien Semaan +Date: Thu May 1 15:09:46 2014 -0400 + + Removed mod perl URL for wireless mobile config + +M lib/pf/web/dispatcher.pm + +commit 2dd1311251eb6faff667258ec00969c6a5d6861f +Author: Durand Fabrice +Date: Thu May 1 15:09:25 2014 -0400 + + Added dep Perl(aliased) + +M addons/packages/packetfence.spec + +commit 695b382a6b7fff5850078ce55743d85817c4fbb1 +Author: James Rouzier +Date: Thu May 1 15:00:04 2014 -0400 + + Remove Billing controller + +D html/captive-portal/lib/captiveportal/Controller/Billing.pm + +commit 98e7f239ce1d6df921025635c54b4bad00b94c4b +Author: James Rouzier +Date: Thu May 1 14:59:12 2014 -0400 + + Remove old code from port + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm + +commit 6b1fefbde528af7c0ea6f39ad0e4cd3d881424b0 +Author: James Rouzier +Date: Thu May 1 14:54:53 2014 -0400 + + Rename the Billing module to Pay + +D html/captive-portal/lib/captiveportal/PacketFence/Controller/Billing.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm + +commit 491b5508d442cce3279075c6aff3a8d34d309972 +Author: James Rouzier +Date: Thu May 1 14:52:06 2014 -0400 + + Remove Pay + +D html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm + +commit 9175e11c5fea8fb76e91e36c79f5853a094b16a7 +Author: James Rouzier +Date: Thu May 1 14:51:12 2014 -0400 + + Send to Pay instead of Billing + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm + +commit 23c39c765c0d9b8268276b7ee5a3318e6027e57a +Author: James Rouzier +Date: Thu May 1 14:43:03 2014 -0400 + + Added new option doc_config + +M addons/dev-helpers/dump.pl + +commit 469deae304a578d1429162dd0eaf77b35f1527e5 +Author: Francis Lachapelle +Date: Thu May 1 14:38:08 2014 -0400 + + Improve trace logging in Portal::ProfileFactory + +M lib/pf/Portal/ProfileFactory.pm + +commit 698e136b86d4363f729848a78349701061a46dfb +Author: Francis Lachapelle +Date: Thu May 1 14:36:54 2014 -0400 + + Fix condition in register.cgi + +M html/captive-portal/register.cgi + +commit ed3f8b24781af80aa92ab1626a18cb0e133687a6 +Author: Francis Lachapelle +Date: Thu May 1 14:33:09 2014 -0400 + + Minor cleanup to addons/pf-maint.pl + +M addons/pf-maint.pl + +commit 086706944ac4d8684b0109507ab72b90945e51b1 +Author: James Rouzier +Date: Thu May 1 14:39:17 2014 -0400 + + Fix issue with pfdhcplistener status was not being shown corectly in the admin gui + +M lib/pf/services/manager/submanager.pm + +commit 12d8869284f252d73f42b7c5c5f497145da3a8f7 +Author: James Rouzier +Date: Thu May 1 14:20:56 2014 -0400 + + Added better defaults + +M lib/pf/CHI.pm + +commit 1abef14a6dfede8c2ed97976e93b054433cd0ab8 +Author: Julien Semaan +Date: Thu May 1 14:31:56 2014 -0400 + + Added violation templates extension localization + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Remediation.pm + +commit 8a253a708a7fafe26ddd72aa7ea41b7eb13006dc +Author: Francis Lachapelle +Date: Thu May 1 14:31:03 2014 -0400 + + Localization + +M html/pfappserver/lib/pfappserver/I18N/en.po + +commit dc9a10ceb273732dcacc93ce35d56516615fc15a +Author: Durand Fabrice +Date: Thu May 1 14:11:41 2014 -0400 + + Traduction for services + +M html/pfappserver/lib/pfappserver/I18N/en.po + +commit 13baf32d4af16404b608b01b484710812fe5eded +Author: James Rouzier +Date: Thu May 1 13:49:02 2014 -0400 + + Remove calls to cgi object + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Billing.pm +M lib/pf/billing.pm + +commit 308b24e31f5f3279e8cab9e0b8ea9c94a0a29ad3 +Author: James Rouzier +Date: Thu May 1 13:33:46 2014 -0400 + + Fixed default setting for for chi.conf + +M t/data/chi.conf + +commit 2af0cc14b6fdea74f7b9bf10d2453ec975d32621 +Author: Julien Semaan +Date: Thu May 1 13:18:37 2014 -0400 + + Corrected doc typo in Catalyst Root controller + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm + +commit 783533f5fe02bee2a6a4a2274d3c08cd161ebeeb +Author: Julien Semaan +Date: Thu May 1 13:11:01 2014 -0400 + + Added I18n support to catalyst portal + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm + +commit 207ea2a94c1fbf9ec26ce76c8ffdb9c0e9cd4d95 +Author: Francis Lachapelle +Date: Thu May 1 12:32:35 2014 -0400 + + Allow advanced search of nodes by OS type + + Fixes #1790 + +M NEWS.asciidoc +M html/pfappserver/root/admin/nodes.tt + +commit 449cdaa3e542925a0ce75584fb819a9aa0bb4bb9 +Author: Francis Lachapelle +Date: Thu May 1 12:00:17 2014 -0400 + + Restore improvement to the WRIX management page + + Please developers, watch out when merging branches! + +M html/pfappserver/root/configuration/wrix/index.tt +M html/pfappserver/root/configuration/wrix/list.tt + +commit d27960d6985ba6e6cf7ebe6f8ab61996ba8b9481 +Author: James Rouzier +Date: Thu May 1 11:44:08 2014 -0400 + + Added perl dependency IO::Interface + +M addons/packages/packetfence.spec + +commit b9ca14646a25d54d5178b74709eb50643d4d6289 +Author: James Rouzier +Date: Thu May 1 11:23:55 2014 -0400 + + Use the isManaged from parent class + +M lib/pf/services/manager/httpd.pm + +commit a9dc6ad051dd679b8488fa1f76ac3bba10a2c081 +Author: James Rouzier +Date: Thu May 1 11:21:36 2014 -0400 + + Change any dots in a service name to a underscore + +M lib/pf/services/manager.pm + +commit 930ced4dc555a64e021e729997152940f4fd2bda +Author: extrafu +Date: Thu May 1 11:10:20 2014 -0400 + + Update NEWS.asciidoc + +M NEWS.asciidoc + +commit 63240f32ccc602e64b73b87a350fdd72ced2ef74 +Author: extrafu +Date: Thu May 1 11:05:07 2014 -0400 + + Update NEWS.asciidoc + +M NEWS.asciidoc + +commit 436927916472242bd9ec4821330fe780b30115ac +Author: James Rouzier +Date: Thu May 1 10:51:31 2014 -0400 + + Added documentation for services.snmptrapd + +M conf/documentation.conf + +commit bf6cb1c06ff2f013ab423f7f3ff412cbd0388dd5 +Author: Francis Lachapelle +Date: Thu May 1 10:38:07 2014 -0400 + + Fix advanced search by node role + +M html/pfappserver/root/admin/nodes.tt + +commit e27b15f6240b4b94ecea78dce6d09e59ae3b889e +Author: James Rouzier +Date: Thu May 1 10:13:42 2014 -0400 + + New target chown_pf changes current directory to the pf usr + +M Makefile + +commit 36b1390799404bb8dfcac0ebd3dadd7693170fdc +Author: Julien Semaan +Date: Thu May 1 10:11:57 2014 -0400 + + Added snmptrapd to managed services in pf.conf.defaults + +M conf/pf.conf.defaults + +commit 9bb21610285d5cd61ec8e90d6d9fb12802ecc98b +Author: James Rouzier +Date: Thu May 1 10:04:03 2014 -0400 + + Display even if there is no name + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/WirelessProfile.pm + +commit 75e165f6a2854cfa317e553e5d66b43132369223 +Author: Francis Lachapelle +Date: Thu May 1 09:59:03 2014 -0400 + + Update UPGRADE file + +M UPGRADE.asciidoc + +commit 85630870184ecafb538acb57b691bc8a457db7a0 +Author: Francis Lachapelle +Date: Thu May 1 09:58:01 2014 -0400 + + Improve text-html conversion of documentation.conf + +M lib/pf/config.pm + +commit 0db7155fca4567c42e232816a66911e1aa716bd2 +Author: Francis Lachapelle +Date: Thu May 1 09:57:12 2014 -0400 + + Push registered nodes on stash of status page + +M lib/pf/web.pm + +commit ca1f0fcb08dcc81a8747c41d1edaf1ef1a0be574 +Author: Julien Semaan +Date: Thu May 1 09:19:08 2014 -0400 + + Fix httpd services name detection + +M lib/pf/services/manager/httpd.pm + +commit 19f9ce6a9f456993878e62f271aa938c459e9507 +Author: Julien Semaan +Date: Thu May 1 08:28:15 2014 -0400 + + Fixed request param clearing in Billing + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Billing.pm + +commit 26bad565b80f0208b9d5f2840e586a332ecdcfcd +Author: Julien Semaan +Date: Thu May 1 08:28:52 2014 -0400 + + Catalyst httpd.portal uses var/run/httpd.portal.pid + +M conf/httpd.conf.d/httpd.portal + +commit e5999ada82d724f36198ae4d821d22f122b8ce5f +Author: Durand Fabrice +Date: Thu May 1 08:13:25 2014 -0400 + + Replace httpd.portal.catalyst to httpd.portal.cgi (packaging) + Added config parameters to manage all packetfence services + +M addons/packages/packetfence.spec +M conf/documentation.conf +M conf/pf.conf.defaults +M debian/packetfence.conffiles +M html/pfappserver/lib/pfappserver/I18N/en.po + +commit 35b3ae4db0cb46154b509b6750f23ddb90a3330a +Author: Julien Semaan +Date: Thu May 1 08:00:33 2014 -0400 + + Added missing import in lib/pf/services/manager.pm + +M lib/pf/services/manager.pm + +commit fe047e784e593f7cdc7cacaedfdd2ec5ae8be7e1 +Author: James Rouzier +Date: Thu May 1 01:49:42 2014 -0400 + + Added Billing port + +A html/captive-portal/lib/captiveportal/Controller/Billing.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/Billing.pm + +commit fc9c0ab4c7065b94eae4fb1ccced36af62b1bf90 +Author: James Rouzier +Date: Wed Apr 30 17:18:40 2014 -0400 + + Made all services managed by packetfence configuration + +M lib/pf/services/manager.pm +M lib/pf/services/manager/dhcpd.pm +M lib/pf/services/manager/httpd.pm +M lib/pf/services/manager/httpd_proxy.pm +M lib/pf/services/manager/memcached.pm +M lib/pf/services/manager/pfbandwidthd.pm +M lib/pf/services/manager/pfdns.pm +M lib/pf/services/manager/radiusd.pm +D lib/pf/services/manager/roles/is_managed_by_pf_conf.pm +M lib/pf/services/manager/roles/pf_conf_trapping_engine.pm + +commit 421a29b470767eafa24a9ae9058a24d334ce47fd +Author: James Rouzier +Date: Wed Apr 30 15:41:40 2014 -0400 + + Make the catalyst portal the default + +A conf/httpd.conf.d/httpd.portal +D conf/httpd.conf.d/httpd.portal.catalyst +D lib/pf/services/manager/httpd_portal_catalyst.pm + +commit 161779b5d947245bf54cd828f6b9027a11e89eca +Author: James Rouzier +Date: Wed Apr 30 15:40:37 2014 -0400 + + Renamed the conf/httpd.conf.d/httpd.portal -> conf/httpd.conf.d/httpd.portal.cgi + +D conf/httpd.conf.d/httpd.portal +A conf/httpd.conf.d/httpd.portal.cgi + +commit 1bb3f2a629dc65c72f2dcbdc803ccf2bcd7500b0 +Author: James Rouzier +Date: Wed Apr 30 15:23:17 2014 -0400 + + Fixed typo + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm + +commit fd247fa2df0fa98accee512ae1dc00f994f7f4a1 +Author: James Rouzier +Date: Wed Apr 30 15:20:37 2014 -0400 + + added user cache method + +M html/captive-portal/lib/captiveportal.pm + +commit f38bdf529fe43ec4fccde19273bf5c25f35820cd +Author: James Rouzier +Date: Wed Apr 30 15:17:59 2014 -0400 + + Fixed copy and paste error + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm + +commit b88b352f119ba73e20fd642b10aa83a0d14b5a40 +Author: James Rouzier +Date: Wed Apr 30 15:11:50 2014 -0400 + + Make return value explict + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm + +commit 532fae8cc9f46421c3c4b640a1909f323c98be67 +Author: Julien Semaan +Date: Wed Apr 30 15:01:14 2014 -0400 + + Made the wireless profile URL handled by the Catalyst portal + +M lib/pf/web/constants.pm + +commit 18f1096fb1fe2b20e69b5b79a196d912a4ed0837 +Author: Julien Semaan +Date: Wed Apr 30 15:00:24 2014 -0400 + + Fixed WirelessProfile Controller inheritance and username affectation + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/WirelessProfile.pm + +commit 49d7a5d20519ce3fc033da28516b605e797d2d21 +Author: Julien Semaan +Date: Wed Apr 30 14:59:09 2014 -0400 + + Fixed provisionning profile download not displayed on apple devices + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm + +commit 36b2e2caf7ebca8dbc7958c7ac3222e9b2a70ff0 +Author: James Rouzier +Date: Wed Apr 30 15:00:00 2014 -0400 + + Use a seperate cache id for deauth + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm + +commit aa17a8c0bdf48714494fd628731d60a80791ffd3 +Author: James Rouzier +Date: Wed Apr 30 14:19:04 2014 -0400 + + Added global cache defaults to make upgrades easier + +M conf/chi.conf.example +M lib/pf/CHI.pm + +commit 4b2cc7348ce5747914dcc8d53338221fa20703c4 +Author: James Rouzier +Date: Wed Apr 30 12:36:05 2014 -0400 + + Added sql schema for wrix + +M db/pf-schema-4.2.0.sql +M db/upgrade-4.1.0-4.2.0.sql +A db/wrix.sql + +commit 6af9528023fb94887ef4a77f1fc810d23eb6fd0a +Author: Durand Fabrice +Date: Wed Apr 30 11:48:35 2014 -0400 + + Added a domain in the passthrough to allow google play + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 40002a3d0aa4494d29163b069a2ebd8879ab8749 +Author: Francis Lachapelle +Date: Wed Apr 30 11:41:31 2014 -0400 + + Add more info to list of devices on status page + +M html/captive-portal/content/styles.css +M html/captive-portal/templates/status.html + +commit 70dd88aeff33caa0323b453c3beff2f94c978dc3 +Author: Durand Fabrice +Date: Wed Apr 30 10:57:14 2014 -0400 + + Added Cache::Memcached::GetParserXS as a dep + +M addons/packages/packetfence.spec +M debian/control + +commit 48d5b70d4176d80ce531081af4c8598cfde04dec +Author: Louis Munro +Date: Wed Apr 30 09:47:26 2014 -0400 + + Added entry regarding eduroam configuration guide to the admin guide. + +M NEWS.asciidoc + +commit 61aa5d9ded85b99d09e5492afa520a5513f9c8f5 +Author: Julien Semaan +Date: Wed Apr 30 09:01:40 2014 -0400 + + Fixed guest_authorized that was always true in the catalyst portal + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm + +commit f0bf6b1b8a438ce4386898aabd0d5412fee8db24 +Author: Derek Wuelfrath +Date: Tue Apr 29 23:52:34 2014 -0400 + + Typo + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit 785d2843ffc81cc661f8e6dcff6a32e73b58bd45 +Author: Derek Wuelfrath +Date: Tue Apr 29 23:51:52 2014 -0400 + + 802.1x => 802.1X + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit 2cad4e027b4393c214823c8087422a2c248673f8 +Author: James Rouzier +Date: Tue Apr 29 19:09:47 2014 -0400 + + Added captive-portal_libs.t to compile test + +M t/TestUtils.pm + +commit c85dbda209a91d229d9a005672b705a3a351729f +Author: James Rouzier +Date: Tue Apr 29 19:09:07 2014 -0400 + + Fixed eval dection in DIE handler + +M lib/pf/log.pm + +commit e32a3cfea599b7080038b82b03bdfecd8b40d9f8 +Author: James Rouzier +Date: Tue Apr 29 19:07:40 2014 -0400 + + Updated NEWS file + +M NEWS.asciidoc + +commit 481dcbfbaa73eb173537f0f3bff2796f914e7608 +Author: Louis Munro +Date: Tue Apr 29 17:43:42 2014 -0400 + + Added documentation for Eduroam. + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 65b7abc445a3c2b9157e9ec45b1a32c6c532090e +Author: James Rouzier +Date: Tue Apr 29 17:41:26 2014 -0400 + + Remove modules + +D html/captive-portal/lib/captiveportal/Role/Action/Hookable/After.pm +D html/captive-portal/lib/captiveportal/Role/Action/Hookable/Before.pm +D html/captive-portal/lib/captiveportal/Role/Action/Hookable/Override.pm + +commit 51d6131dd87ba3269ceb41c4983e281af40ad7dd +Author: Derek Wuelfrath +Date: Tue Apr 29 16:43:38 2014 -0400 + + Removed tables of supported network equipment. + - Must review the website and add missing information from that file and then, get rid of that file. + +M README.network-devices + +commit 500f664ac11c9606f7ea71cf5ee3ef5ef94529bd +Author: James Rouzier +Date: Tue Apr 29 16:41:26 2014 -0400 + + Disconnect all memcached connections after thread creation + +M lib/pf/CHI.pm + +commit 1b85de03f9e75eaf29b0f1b6dced69887846187b +Author: Derek Wuelfrath +Date: Tue Apr 29 16:37:35 2014 -0400 + + Removed "Supported Network Device" table + Now referring to the website page. + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit 4ca7ab9bd4d7e9348ac6c694c8458743da1a5f04 +Author: Derek Wuelfrath +Date: Tue Apr 29 16:26:14 2014 -0400 + + Adjusted Cisco configuration (Minor adjustments)) + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit 087c5191bc60ad96756e028dc5485932f69bd1e8 +Author: James Rouzier +Date: Tue Apr 29 16:17:50 2014 -0400 + + clear memoized cache objects when a new thread is created + +M lib/pf/CHI.pm + +commit ebc538d34d98d0a25b197a1de510aa861b6f1b5c +Author: Durand Fabrice +Date: Tue Apr 29 16:00:15 2014 -0400 + + Reformulate + +M docs/PacketFence_Administration_Guide.asciidoc + +commit eda3bcdd50b8be5bde7e0b2eb521a6afb4b223a3 +Author: Durand Fabrice +Date: Tue Apr 29 15:52:10 2014 -0400 + + Syntax in Doc + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 7828426e69774e06ceb9268f775ba4e8be711e22 +Author: Durand Fabrice +Date: Tue Apr 29 15:46:27 2014 -0400 + + Admin Guide modification for Web Auth + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 09b5c359828db3bb8df4005fa7b88a283e354a51 +Author: Derek Wuelfrath +Date: Tue Apr 29 15:42:22 2014 -0400 + + Fixed style error with RuckUs equipment section + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit 22b1ec3cd32fe14f8d6dfc50581073e0e541083d +Author: James Rouzier +Date: Tue Apr 29 15:18:40 2014 -0400 + + Added missing module + +M html/pfappserver/lib/pfappserver/Base/Model/DB.pm + +commit 6e46d6fbaa7aa77a0e17df83036ad9cfc08330c3 +Author: Durand Fabrice +Date: Tue Apr 29 15:00:27 2014 -0400 + + allow_vulnerable_openssl as yes in radius.conf + +M conf/radiusd/radiusd.conf.example + +commit c8053b2080dd620c899baff5ba7855658108bf0b +Author: James Rouzier +Date: Tue Apr 29 12:17:52 2014 -0400 + + Added new options for pfcmd configreload [soft|hard] + Will always do a configreload hard when restarting packetfence + +M bin/pfcmd.pl +M lib/pf/config/cached.pm +M lib/pf/pfcmd.pm +M lib/pf/pfcmd/help.pm + +commit 66ce276771da82b320c6211d5abfd0289a2811fe +Author: James Rouzier +Date: Tue Apr 29 12:16:12 2014 -0400 + + Added raddb/sites-enabled as a target to devel + +M Makefile + +commit f7b6f59c7df36119e36d6c7da5ff0e0b36c4bb7d +Author: Durand Fabrice +Date: Tue Apr 29 12:12:56 2014 -0400 + + Update Log::Log4perl version to use + +M addons/packages/packetfence.spec +M debian/control + +commit 5106bb4633e87959d91311e560691431d5fd3996 +Author: Durand Fabrice +Date: Tue Apr 29 12:06:43 2014 -0400 + + Update minimum packages for freeradius and oauth2 + +M addons/packages/packetfence.spec +M debian/control + +commit 76f162d18a0513e1336873caae8ef277d1177fc6 +Author: James Rouzier +Date: Tue Apr 29 11:41:25 2014 -0400 + + Remove switch overlay file the overlay is now in the cache + +M conf/chi.conf.example +M lib/pf/CHI.pm +D lib/pf/ConfigStore/SwitchOverlay.pm +M lib/pf/SwitchFactory.pm +M lib/pf/file_paths.pm +M t/data/chi.conf + +commit f86cf706d4113fb366646023b877d5f5a412b23b +Author: James Rouzier +Date: Tue Apr 29 11:33:50 2014 -0400 + + Renamed manager attribute to managerClassName + +M html/pfappserver/lib/pfappserver/Model/Config/Wrix.pm + +commit 4bc70c44f11c9a081aff17cbb4ad212c7325f09c +Author: James Rouzier +Date: Tue Apr 29 11:30:18 2014 -0400 + + Do not redirect stderr or stdout to the log file + +M html/pfappserver/lib/pfappserver.pm + +commit efcc6150516f37efccb077b5ebb6250b2255d7e4 +Author: Francis Lachapelle +Date: Tue Apr 29 10:10:12 2014 -0400 + + Minor CSS improvement in portal profile editor + +M html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm + +commit b73b4c785e21baaf5017966b2b8d4461351f7bbd +Author: Francis Lachapelle +Date: Tue Apr 29 10:09:43 2014 -0400 + + Update NEWS & UPGRADE files + +M NEWS.asciidoc +M UPGRADE.asciidoc +M db/upgrade-4.1.0-4.2.0.sql + +commit 7af4906d530d91e5c52ad8a89f7008f593f792de +Author: Francis Lachapelle +Date: Tue Apr 29 10:04:01 2014 -0400 + + Minor code cleanup and acronyms fixes + +M html/captive-portal/templates/status.html +M html/pfappserver/lib/pfappserver/Form/Config/Switch.pm +M lib/pf/config/cached.pm + +commit 27abc85df72deb3b5c4e7ea5fc5f12fc473180a6 +Author: James Rouzier +Date: Mon Feb 3 13:04:35 2014 -0500 + + revert back control of db_connect to pf::db + +M lib/pf/DB.pm +M lib/pf/db.pm + +commit 8bbf3177b061a788712077e41325f03d26a5953a +Author: James Rouzier +Date: Mon Apr 14 23:54:14 2014 -0400 + + Added search for wrix + +M html/pfappserver/lib/pfappserver/Controller/Configuration/Wrix.pm +M html/pfappserver/lib/pfappserver/Model/Config/Wrix.pm +M html/pfappserver/root/configuration/wrix/index.tt +M html/pfappserver/root/configuration/wrix/list.tt +A html/pfappserver/root/configuration/wrix/search.tt +A html/pfappserver/root/configuration/wrix/search_form.tt +M html/pfappserver/root/static/admin/configuration/items.js + +commit 71ce5d0265ad19712721f3d9d3b7dd183c5f5c9d +Author: James Rouzier +Date: Fri Apr 11 10:33:08 2014 -0400 + + Added count all function + +M html/pfappserver/lib/pfappserver/Base/Model/DB.pm + +commit 60df29d6e6e7136d7d95e727af9a99722b5d9529 +Author: James Rouzier +Date: Fri Apr 11 10:29:50 2014 -0400 + + Add the ability to search + +M html/pfappserver/lib/pfappserver/Controller/Configuration/Wrix.pm +M html/pfappserver/lib/pfappserver/Model/Config/Wrix.pm + +commit 6b5b13a633c7a287cb518b580fdd47e205d13362 +Author: James Rouzier +Date: Mon Apr 28 17:37:08 2014 -0400 + + Added a way to enable snat on a network interface for dns passthrough + +M conf/documentation.conf +M conf/pf.conf.defaults +M html/pfappserver/lib/pfappserver/I18N/en.po +M lib/pf/iptables.pm + +commit 3c916888ffd950fd8e54a19eaa8f1a006dff43bf +Author: James Rouzier +Date: Thu Jan 2 18:48:05 2014 -0500 + + Use csvImport from pf::DB::Wrix::Manager + +M bin/pfcmd.pl + +commit 3591af528ea4c9ef47171dd1a0ed0e24bfc7106b +Author: James Rouzier +Date: Thu Jan 2 18:47:20 2014 -0500 + + Added pagination + +M html/pfappserver/root/configuration/wrix/list.tt + +commit 0de8a2481a0e8a80a4a48e1f2d2109bb04caf59d +Author: James Rouzier +Date: Thu Jan 2 18:03:41 2014 -0500 + + Changed role to the Crud::DB + +M html/pfappserver/lib/pfappserver/Controller/Configuration/Wrix.pm + +commit 81ef812be0136fff8ab4d4e2d026c345a080132b +Author: James Rouzier +Date: Thu Jan 2 18:00:06 2014 -0500 + + Move to a DB backing + +M html/pfappserver/lib/pfappserver/Model/Config/Wrix.pm + +commit 6fb73f6bbc40fcb31cfdd043ff9eb6acaaa2f1c9 +Author: James Rouzier +Date: Thu Jan 2 17:58:57 2014 -0500 + + Moved csv import functionality to pf::DB::Wrix + +M lib/pf/ConfigStore/Wrix.pm + +commit 30a49699dd352c3115b883ff5fc8c2f13d4ff4ec +Author: James Rouzier +Date: Thu Jan 2 13:37:48 2014 -0500 + + New modules for wrix in the database + +A html/pfappserver/lib/pfappserver/Base/Controller/Crud/DB.pm +A html/pfappserver/lib/pfappserver/Base/Model/DB.pm +A lib/pf/Base/DB/Object.pm +A lib/pf/Base/DB/Object/Manager.pm +A lib/pf/Base/DB/Wrix.pm +A lib/pf/Base/DB/Wrix/Manager.pm +A lib/pf/DB/Wrix.pm +A lib/pf/DB/Wrix/Manager.pm + +commit d524987a0050162dd7304e671909703974f20fe2 +Author: James Rouzier +Date: Thu Dec 19 13:28:25 2013 -0500 + + Will use pf::DB for handling connecting to the database + +M lib/pf/db.pm + +commit 214de15cc7d45ce2ea3c2d529005ccbe6d575acf +Author: James Rouzier +Date: Thu Dec 19 13:27:41 2013 -0500 + + Add new pf::DB to use database modeling + +A lib/pf/DB.pm + +commit f0055ce44d28b2b2a87954afa7a0ded38b4affc8 +Author: James Rouzier +Date: Mon Apr 28 17:23:57 2014 -0400 + + Add pf::web::release handler + +M conf/httpd.conf.d/httpd.portal.catalyst + +commit ff4b61a05f26809f4c8db111c17390c68d46ab89 +Author: James Rouzier +Date: Mon Apr 28 17:22:16 2014 -0400 + + Remove html/captive-portal/custom-lib as a include lib + +M html/captive-portal/lib/captiveportal.pm + +commit 3bb1fdf31a935feeac7f4abc0c0d63a9c2e1113f +Author: James Rouzier +Date: Mon Apr 28 17:12:25 2014 -0400 + + add pm and pl files to the ignore list + Add pf::log to the BEGIN block + +M html/captive-portal/lib/captiveportal.pm + +commit e28b6483e77a578ab2c51c103f30c3e384a39b0f +Author: Francis Lachapelle +Date: Mon Apr 28 16:15:24 2014 -0400 + + Update NEWS file + +M NEWS.asciidoc + +commit 17f8024c36b235a0601ba53c0c9f22953e60115a +Author: Francis Lachapelle +Date: Mon Apr 28 16:12:51 2014 -0400 + + Minor improvements to the accounting code + +M docs/PacketFence_Administration_Guide.asciidoc +M lib/pf/accounting.pm +M lib/pf/config.pm +M sbin/pfmon + +commit bfef2c3d736b8cf511bfc82f9fa7144c249ab820 +Author: Durand Fabrice +Date: Mon Apr 28 16:12:36 2014 -0400 + + Added external captive portal Configuration for Cisco WLC + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc +A docs/images/ACL.png +A docs/images/SSID_1.png +A docs/images/SSID_2.png +A docs/images/SSID_3.png +A docs/images/SSID_4.png +A docs/images/SSID_5.png +A docs/images/SSID_6.png +A docs/images/SSID_7.png +A docs/images/WLC_PACKETFENCE.png +A docs/images/WLC_PACKETFENCE2.png + +commit eb3355244782dc761eb4ec5e1a4d9ff9e8f12bc0 +Author: Julien Semaan +Date: Mon Apr 28 16:09:03 2014 -0400 + + Fix admin portal create that was posting to update + +M html/pfappserver/root/portal/profile/create.tt + +commit b24a36337aa2f0015a267078695ef3bf0c6f1030 +Author: Julien Semaan +Date: Mon Apr 28 15:33:11 2014 -0400 + + Used Net::OAuth2::Client webserver object in web.pm + +M lib/pf/web.pm + +commit 431de3aeb9ea9a84e8b1741644c194f7ca42a5aa +Author: James Rouzier +Date: Mon Apr 28 14:32:39 2014 -0400 + + Import listify from util + +M lib/pf/services/manager/snort.pm + +commit 129b548be5bb2af48a8258d3844c3810f79d2f4a +Author: Francis Lachapelle +Date: Mon Apr 28 14:09:25 2014 -0400 + + Minor improvement to the WRIX management page + +M html/pfappserver/root/configuration/wrix/index.tt +M html/pfappserver/root/configuration/wrix/list.tt + +commit fefcad45355c059e9c56329407b2eae6ccca4574 +Author: Durand Fabrice +Date: Mon Apr 28 14:03:56 2014 -0400 + + Force specific CGI-session-chi version + +M addons/packages/packetfence.spec +M debian/control + +commit 04ad0545423c2f0997a9f0548286bedf412a490e +Author: James Rouzier +Date: Mon Apr 28 13:31:05 2014 -0400 + + Only build string if the log level is debug + +M lib/pf/authentication.pm + +commit ee08860047b52bd4f230f182b845fe7dad090fa5 +Author: James Rouzier +Date: Mon Apr 28 13:18:29 2014 -0400 + + Do not authenticate using exclusive sources if no sources are passed + +M lib/pf/authentication.pm + +commit 82522ee38147d5706a8c9b49fee2d3b380e9454e +Author: James Rouzier +Date: Mon Apr 28 11:40:41 2014 -0400 + + Remove prototype of listify + +M lib/pf/util.pm + +commit c0836a2fa2bca34385118840e63133d1d2ec839a +Author: Julien Semaan +Date: Mon Apr 28 11:02:00 2014 -0400 + + Used Net::OAuth2::Client webserver object in OAuth controller + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm + +commit 04ea9392cede757535ef1c22a3cb1b50493aa4fd +Author: Francis Lachapelle +Date: Mon Apr 28 10:38:24 2014 -0400 + + Rewrite WRIX in capital letters + +M html/pfappserver/root/admin/configuration.tt +M html/pfappserver/root/configuration/wrix/index.tt +M html/pfappserver/root/configuration/wrix/list.tt +M html/pfappserver/root/configuration/wrix/view.tt + +commit 3bab2184b805f459416f78c7298addf9beea31ab +Author: Julien Semaan +Date: Mon Apr 28 09:27:03 2014 -0400 + + Corrected a few bugs in Catalyst Oauth2 controller + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm + +commit 7f44e9e2f41c48041f30693a1d6ef4dc28af4f38 +Author: Durand Fabrice +Date: Mon Apr 28 09:21:28 2014 -0400 + + Remove useless warn + +M lib/pf/iptables.pm + +commit d9842b593f6b07912ee77b3580c236028fd107c2 +Author: James Rouzier +Date: Fri Apr 25 19:42:42 2014 -0400 + + Added additional documentation + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm + +commit a01eacb521879736f5b36f2edac87ef5234dc36e +Author: James Rouzier +Date: Fri Apr 25 17:33:58 2014 -0400 + + Fixed the path of oauth2 + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm + +commit c275e622c15d30b3944c27b655923638bb46686f +Author: James Rouzier +Date: Fri Apr 25 16:07:12 2014 -0400 + + Fixed port of cgi version of oauth2 + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm + +commit 6374ebece3110ffbd10b62f834a224baa52e14e3 +Author: James Rouzier +Date: Fri Apr 25 15:50:20 2014 -0400 + + Fixed deregister + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm + +commit c4dd4472269d04a49a280a9829cdd0ded9ef8ef7 +Author: James Rouzier +Date: Fri Apr 25 15:44:38 2014 -0400 + + Added missing Private attributes + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Sms.pm + +commit 24c5a88c64a973f4afe207f77fd1acf4e4f03204 +Author: James Rouzier +Date: Fri Apr 25 15:40:33 2014 -0400 + + Added missing Private attributes + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/DeviceRegistration.pm + +commit da1b78cf8038a7c97071d8374261ce2786d948e8 +Author: James Rouzier +Date: Fri Apr 25 15:39:34 2014 -0400 + + Rework error handling + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm + +commit e73b540ef3c2cd22cd9f5e09ef866748769e8d87 +Author: James Rouzier +Date: Fri Apr 25 15:38:56 2014 -0400 + + Rework error handling + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm + +commit 8b7483ab183255dbf2b4cfa4f2161fe903bb4653 +Author: James Rouzier +Date: Fri Apr 25 15:32:36 2014 -0400 + + Added method has_errors + +M html/captive-portal/lib/captiveportal.pm + +commit 539da95e5fc9895490473e5d759fcecbe39088ad +Author: Julien Semaan +Date: Fri Apr 25 15:20:32 2014 -0400 + + Added default PID to Catalyst portal for null auth + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm + +commit 8b9c11fb70c12e098c33c3535f4d62b19bfa0356 +Author: James Rouzier +Date: Fri Apr 25 13:59:43 2014 -0400 + + Added missing Private attributes + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm + +commit 8e7d66109365e47cdfe389fca9266b0e949fb74b +Author: Julien Semaan +Date: Fri Apr 25 13:09:37 2014 -0400 + + Added Telnet deauth method to EX2200 module + +M lib/pf/Switch/Juniper/EX2200.pm + +commit bc9cd3d124cc83bba826f99ba0477c7a13468f1b +Author: James Rouzier +Date: Fri Apr 25 10:53:34 2014 -0400 + + Remove provisioning tab + +M html/pfappserver/root/portal/profile/files.tt + +commit bb070096e7eaa4a3e593e1fb06b755025477532c +Author: Julien Semaan +Date: Fri Apr 25 04:47:23 2014 -0400 + + Corrected redirection of /access in Catalyst portal + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Access.pm + +commit 289ca03684c664b807b7a8c8bc76721361dad98a +Author: Julien Semaan +Date: Fri Apr 25 04:44:49 2014 -0400 + + Corrected typo in the Catalyst portal root controller + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm + +commit 7bb71c966b31233f8044f7e5e203c9dd16840343 +Author: James Rouzier +Date: Thu Apr 24 16:14:27 2014 -0400 + + Moved setupCommonStash to the root controller to the auto action + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm + +commit 68dd6ab333d7d99cbca37c4218fc0820067303af +Author: Francis Lachapelle +Date: Thu Apr 24 15:52:54 2014 -0400 + + Bump release to 4.2.0 + +M conf/pf-release + +commit 63d7d2920800fc828f0728a7e9d9b213086a843d +Author: Francis Lachapelle +Date: Thu Apr 24 15:51:59 2014 -0400 + + Don't retry on duplicate when inserting an SQL row + +M lib/pf/db.pm + +commit d826523957b9c760fc5ea8a99385bbda81714e5c +Author: Francis Lachapelle +Date: Thu Apr 24 15:50:53 2014 -0400 + + Fix args in pfappserver::Base::Action::AdminRole + +M html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm + +commit 073744cd8123e8b07fbd343afc535d05110a2aa7 +Author: James Rouzier +Date: Thu Apr 24 15:44:46 2014 -0400 + + Added global error handling + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm + +commit b13218b0a515f7183f8081d2a86b131486bc5a86 +Author: Francis Lachapelle +Date: Thu Apr 24 15:36:32 2014 -0400 + + Localization + +M html/pfappserver/lib/pfappserver/I18N/en.po + +commit 01ccc0d954e295fd218c7872cf3a1f71a6cd362a +Author: James Rouzier +Date: Thu Apr 24 15:28:40 2014 -0400 + + Added pf::log module + +M lib/pf/Portal/Session.pm + +commit 165feb55fa402b6e2129bc3d943fca8c62cf1c7f +Author: James Rouzier +Date: Thu Apr 24 15:21:32 2014 -0400 + + Added dispatcher + +M conf/httpd.conf.d/httpd.portal.catalyst + +commit df0b5f39c8d97fc13b05950b3420e19d0aabf964 +Author: Francis Lachapelle +Date: Thu Apr 24 15:11:16 2014 -0400 + + Localization + +M addons/extract_i18n_strings.pl +M conf/documentation.conf +M html/pfappserver/lib/pfappserver/I18N/en.po + +commit a388f3495dc90dedf87b6bad9ebef8013cd59c4e +Author: Francis Lachapelle +Date: Thu Apr 24 15:09:51 2014 -0400 + + Rename 'Node category' by 'Node role' in search + +M html/pfappserver/root/admin/nodes.tt + +commit 8fbe490bca915a77d100cb7e6fe2eea5e7c41681 +Author: James Rouzier +Date: Thu Apr 24 15:06:16 2014 -0400 + + Added missing modules + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm + +commit 40136b458f756920b81a353948a60fb1220d21c8 +Author: Francis Lachapelle +Date: Thu Apr 24 14:48:16 2014 -0400 + + Add new parameter type 'text_with_editable_default' + + Fixes #1776 + + Fixes also the placeholder of textarea (parameters of type 'list' in + documentation.conf). + +M conf/documentation.conf +M html/pfappserver/lib/pfappserver/Form/Config/Pf.pm +M lib/pf/ConfigStore/Pf.pm + +commit 6fe9ab075a1043c45ecb8055909fee709298e6bd +Author: James Rouzier +Date: Thu Apr 24 14:51:27 2014 -0400 + + Fixed issue with method not found + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Release.pm + +commit 8c5319f5885dbdf8fecee71cd622d506a2420546 +Author: James Rouzier +Date: Thu Apr 24 14:48:55 2014 -0400 + + Fix bug with mobile device provisioning + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm + +commit 46e6e6a455b9684c730954c445be488e73ba4a07 +Author: James Rouzier +Date: Thu Apr 24 13:46:04 2014 -0400 + + Fixed iisue where controllers were forwarding action to the Root Controller instead of the CaptivePortal Controller + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Sms.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/DeviceRegistration.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/WirelessProfile.pm + +commit 99acc5e52d13a1f45c123136cb079221ab35b1ef +Author: Francis Lachapelle +Date: Thu Apr 24 12:10:47 2014 -0400 + + Web admin: Preserve URL fragment when loging back + + Fixes #1780 + +M NEWS.asciidoc +M html/pfappserver/lib/pfappserver/Controller/Admin.pm +M html/pfappserver/root/static/admin/common.js +M html/pfappserver/root/static/admin/login.js + +commit 5419a2d2cde63fac606169e023ed46e02b7fd7c8 +Author: James Rouzier +Date: Thu Apr 24 11:45:20 2014 -0400 + + Added additional error logging when the session was not created + +M lib/pf/Portal/Session.pm + +commit a9795b806b2d2e2e7dcf33ba05211829703ceb12 +Author: James Rouzier +Date: Thu Apr 24 11:38:20 2014 -0400 + + Only lookup expires in once + +M lib/pf/Portal/Session.pm + +commit 2bc261e44c0a8b0f9a122ccb21702e41cc09feb9 +Author: Durand Fabrice +Date: Thu Apr 24 11:28:36 2014 -0400 + + Updated the minimal freeradius version to use + +M addons/packages/packetfence.spec +M debian/control + +commit 91129f2e5169b4297143d70264c94b13c655b687 +Author: Loick Pelet +Date: Thu Apr 24 11:11:59 2014 -0400 + + Removed lock tables, because we're using Innodb + +M addons/database-backup-and-maintenance.sh + +commit 6c6dc5d9d771aa4f8e62e8d93d435d2e1d7c1406 +Author: James Rouzier +Date: Thu Apr 24 10:37:58 2014 -0400 + + Added debugging statement for session id + +M lib/pf/Portal/Session.pm + +commit 5406d5b7a80f6b12b1e3023020ad10bf4d5b9604 +Author: James Rouzier +Date: Thu Apr 24 10:32:06 2014 -0400 + + Replaced direct calls to Log::Log4perl::get_logger with pf::log::get_logger + +M lib/pf/util.pm + +commit ebfe2f2b955acede9c2eea71f10b3ce6ec0c4320 +Author: James Rouzier +Date: Thu Apr 24 10:21:20 2014 -0400 + + Hide mdm configuration + +M html/pfappserver/root/admin/configuration.tt +M html/pfappserver/root/portal/profile/create.tt +M html/pfappserver/root/portal/profile/tab-content.tt +M html/pfappserver/root/portal/profile/view.tt + +commit 7f7fcfae568a7d3ba780e3d46889d02cb15b673b +Author: Loick Pelet +Date: Thu Apr 24 10:25:23 2014 -0400 + + added item NEWS for database-maintenance script + +M NEWS.asciidoc + +commit 0fe83c5b1dc596d8b4e735e7a0a6032158fdcb3e +Author: James Rouzier +Date: Wed Apr 23 16:55:28 2014 -0400 + + Move all logic from the root controller to the captive portal + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm + +commit 0266edee12bb8b0d3f8a30e4442eb66d94210f97 +Author: James Rouzier +Date: Wed Apr 23 16:41:38 2014 -0400 + + Added translation to the devel target + +M Makefile + +commit ee0df3c60b983a605fb12a523b567aa9dee44eb4 +Author: James Rouzier +Date: Wed Apr 23 16:09:36 2014 -0400 + + Remove hookable attribute + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm + +commit a1c7e4fa4e8ff8d46998dc87a70822f82fc4fc64 +Author: James Rouzier +Date: Wed Apr 23 15:39:48 2014 -0400 + + Fixed issue with use of uninitialized value + +M html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm + +commit ad646e19eee4f14ce90cafa3772972c3b1c184a6 +Author: James Rouzier +Date: Wed Apr 23 13:31:50 2014 -0400 + + Removed Hookable attribute + +M html/captive-portal/lib/captiveportal/Base/Controller.pm + +commit d600023a8da312275acff33650a3a46e347a903a +Author: Julien Semaan +Date: Thu Apr 24 09:52:28 2014 -0400 + + Improved the Juniper section in the network device config guide + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit c4ac3e6cc226eb9f8e0a534d4f774b2bd9ef72d1 +Author: Julien Semaan +Date: Thu Apr 24 09:07:12 2014 -0400 + + Corrected date in footer of EX2200 module + +M lib/pf/Switch/Juniper/EX2200.pm + +commit 41b88ae8eefba1e07f132f45cc736fcdedcac7f4 +Author: Julien Semaan +Date: Thu Apr 24 09:02:34 2014 -0400 + + Updated NEWS file for Juniper EX2200 and minor code corrections + +M NEWS.asciidoc +M lib/pf/Switch/Juniper/EX2200.pm + +commit d61c7360c4c22384020ba74a4205bcfb2d93ab9a +Author: Julien Semaan +Date: Thu Apr 24 08:36:19 2014 -0400 + + Typo in logging of EX2200 + +M lib/pf/Switch/Juniper/EX2200.pm + +commit b4fc73c8190d9dea70e5de2be3962c49dcd68f8f +Author: Julien Semaan +Date: Thu Apr 24 08:31:12 2014 -0400 + + Documentation improvement for Juniper EX2200 module + +M lib/pf/Switch/Juniper/EX2200.pm + +commit 303e9b7b26a5ccb6e67e71e7478e90aa7dec9188 +Author: Julien Semaan +Date: Thu Apr 24 07:45:00 2014 -0400 + + Corrected the package name of the EX2200 module + +M lib/pf/Switch/Juniper/EX2200.pm + +commit 8598c4c8697264979c298cb2b72b037845c3f07b +Author: Julien Semaan +Date: Thu Apr 24 06:36:23 2014 -0400 + + Rebase EX2200 on Switch directory + +M lib/pf/Switch/Juniper/EX2200.pm + +commit 5e77e46c3b0ffd3a07cd0b0acc81a5a497bdae3e +Author: Julien Semaan +Date: Thu Apr 24 04:24:04 2014 -0400 + + Added Juniper EX2200 module + +A lib/pf/Switch/Juniper/EX2200.pm + +commit 047275d930573eb5e561af1e700379c56a14a49c +Author: Julien Semaan +Date: Tue Apr 22 09:52:00 2014 -0400 + + Corrected the setAdminStatus of the Juniper module + +M lib/pf/Switch/Juniper.pm + +commit f7aee5f26f91a790e6afe0d263919e172ad5e67f +Author: Francis Lachapelle +Date: Thu Apr 24 09:44:16 2014 -0400 + + Indentation + +M addons/database-backup-and-maintenance.sh + +commit 5594687ed97c1f4fed81b7dfcbd383197216de1c +Author: Loick Pelet +Date: Thu Apr 24 09:30:18 2014 -0400 + + improved script backup + +M addons/database-backup-and-maintenance.sh + +commit 7b8d42a0393fb1527b647509c477731466846a6c +Author: Francis Lachapelle +Date: Wed Apr 23 14:29:09 2014 -0400 + + Set regexp filter in LDAP source case-insensitive + +M NEWS.asciidoc +M lib/pf/Authentication/Source/LDAPSource.pm + +commit 8fc88492698fefe9d9ff44175f964444a2ae5729 +Author: Durand Fabrice +Date: Wed Apr 23 13:53:16 2014 -0400 + + Added google play link to PacketFence Android apk + +M html/captive-portal/templates/release_with_android.html + +commit 5a0602c53053bd44526c96c6ab3a76584ca9e161 +Author: James Rouzier +Date: Wed Apr 23 11:43:43 2014 -0400 + + Added notify example + +M lib/pf/api/jsonrpcclient.pm +M lib/pf/api/msgpackclient.pm + +commit abc37107412c5c9229a78bd0b1d1588687718760 +Author: James Rouzier +Date: Wed Apr 23 11:43:01 2014 -0400 + + Removed debug statement + +M lib/pf/WebAPI.pm + +commit 165af8eda7aa50bd74427e7947f8acfbba0db799 +Author: Durand Fabrice +Date: Wed Apr 23 09:31:48 2014 -0400 + + Removed authorization for android PacketFence Agent + Updated doc for provisioning + +M docs/PacketFence_Administration_Guide.asciidoc +M lib/pf/web/provisioning.pm + +commit 675da6e020a856e1651b331f21bc0ba558321c70 +Author: Durand Fabrice +Date: Fri Apr 18 13:34:08 2014 -0400 + + Reload config before starting packetfence + +M addons/packages/packetfence.spec +M debian/packetfence.postinst + +commit 3242cb4564d21fae28603f9ca991244140fb9f09 +Author: Durand Fabrice +Date: Fri Apr 18 13:17:14 2014 -0400 + + pod fix + +M lib/pf/Switch/Aruba.pm + +commit 21f5a6938facd89a4790a41bb286e654b6000550 +Author: James Rouzier +Date: Fri Apr 18 10:46:52 2014 -0400 + + Fixed search function not using the correct field name + +M lib/pf/ConfigStore.pm + +commit be0b6d5fe079615ab0083dcc2a50f891946b5e80 +Author: James Rouzier +Date: Thu Apr 17 17:28:03 2014 -0400 + + Set cookie name to CGISESSION + +M html/captive-portal/lib/captiveportal.pm + +commit ecb5334ac234e44a57194bcd0bf1985b3093b00a +Author: James Rouzier +Date: Thu Apr 17 13:37:55 2014 -0400 + + Remove pf::pfdns::constants from exclude list + +M t/pf.t + +commit 9bda83e31ea0c5355d7a3ba8f79f976ec1e5ccaa +Author: James Rouzier +Date: Thu Apr 17 13:35:41 2014 -0400 + + Fixed syntax error + +M raddb/packetfence.pm + +commit be7fc41ae1d86d46407307ce7aa282dbf3b1ed00 +Author: Loick Pelet +Date: Thu Apr 17 14:37:52 2014 -0400 + + pfsetvlan logs in packetfence.log by default + +M conf/log.conf.d/pfsetvlan.conf.example + +commit aee878c54e47c4b66da51c22fe2b7cb449d03531 +Author: Durand Fabrice +Date: Thu Apr 17 13:26:30 2014 -0400 + + Renamed port to rpcport in raddb/packetfence.pm + +M raddb/packetfence.pm + +commit 8a235c688401be59b2a90f8c0ae05c495ac5d433 +Author: James Rouzier +Date: Thu Apr 17 13:11:46 2014 -0400 + + Moved shared content to seperate template + +M html/pfappserver/root/portal/profile/create.tt +A html/pfappserver/root/portal/profile/tab-content.tt +M html/pfappserver/root/portal/profile/view.tt + +commit 10e6428036b1200aa564c2ba842770324355ea21 +Author: Durand Fabrice +Date: Thu Apr 17 12:44:40 2014 -0400 + + Added conntrack as a dep + +M addons/packages/packetfence.spec +M debian/control + +commit 90cc0a1796a84fce5155284b49129bdc87efe3ff +Author: James Rouzier +Date: Thu Apr 17 12:04:04 2014 -0400 + + Support calling the parent object properly + +M lib/pf/Switch.pm +M lib/pf/Switch/AeroHIVE.pm +M lib/pf/Switch/Aruba.pm +M lib/pf/Switch/ArubaSwitch.pm +M lib/pf/Switch/Avaya.pm +M lib/pf/Switch/Avaya/WC.pm +M lib/pf/Switch/Belair.pm +M lib/pf/Switch/Cisco/Aironet.pm +M lib/pf/Switch/Cisco/Aironet_WDS.pm +M lib/pf/Switch/Cisco/Catalyst_2960.pm +M lib/pf/Switch/Cisco/WLC.pm +M lib/pf/Switch/Cisco/WLC_http.pm +M lib/pf/Switch/Dlink/DWS_3026.pm +M lib/pf/Switch/Enterasys/V2110.pm +M lib/pf/Switch/Extricom.pm +M lib/pf/Switch/HP/Controller_MSM710.pm +M lib/pf/Switch/HP/MSM.pm +M lib/pf/Switch/Hostapd.pm +M lib/pf/Switch/Huawei.pm +M lib/pf/Switch/Meru.pm +M lib/pf/Switch/Motorola.pm +M lib/pf/Switch/Ruckus.pm +M lib/pf/Switch/Trapeze.pm +M lib/pf/Switch/Xirrus.pm +M sbin/pfsetvlan + +commit d571404abd2a918cf026a3071b62b67c23f82dd1 +Author: James Rouzier +Date: Thu Apr 17 10:14:30 2014 -0400 + + Fixed issue where soap server host and port was not being read properly + +M raddb/packetfence-soh.pm +M raddb/packetfence.pm +M raddb/sites-available/packetfence +M raddb/sites-available/packetfence-soh +M raddb/sites-available/packetfence-tunnel + +commit ba007733d5d757851787d18c701c0dbb39f3d171 +Author: Durand Fabrice +Date: Thu Apr 17 09:03:04 2014 -0400 + + Added services.pfbandwidthd in documentation.conf + +M conf/documentation.conf + +commit becbc01934f1768608a0df184982002a36c498b1 +Author: James Rouzier +Date: Wed Apr 16 15:33:25 2014 -0400 + + Added missing modules + +M html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm + +commit 041c709850d0e3d5df67cd27cac0d9ef761fbcf9 +Author: Loick Pelet +Date: Wed Apr 16 17:19:40 2014 -0400 + + re-added url for OUI and DHCP_fingerprint + +M lib/pf/file_paths.pm + +commit f162bbb1eb6b7b5d5000e4844602d592de4321ea +Author: Durand Fabrice +Date: Wed Apr 16 14:32:23 2014 -0400 + + Fix pfbandwidthd inline detection + +M sbin/pfbandwidthd + +commit 4f25b4d63ea3849ee59a82bcb6b2c1cff7f1a2d6 +Author: James Rouzier +Date: Wed Apr 16 14:20:30 2014 -0400 + + Allow pfbandwidthd to be managed by pf.conf + +M conf/pf.conf.defaults +M lib/pf/services/manager/pfbandwidthd.pm + +commit 9fe075b087ef2ea2676fcdc0c9bf847105be9bbf +Author: James Rouzier +Date: Wed Apr 16 13:38:03 2014 -0400 + + Fix the parsing of the SNMP traps for disassociate + +M sbin/pfsetvlan + +commit b0782a0f8ec08e58e9c9aeb64c431694b849cb75 +Author: James Rouzier +Date: Wed Apr 16 12:55:24 2014 -0400 + + Added url device-registration & revert bad commit + +M conf/httpd.conf.d/captive-portal-cleanurls.conf +M conf/httpd.conf.d/captive-portal-common.conf + +commit 6ab1345b1b6a2eef9843fa9aae2a0217cab6c79e +Author: James Rouzier +Date: Wed Apr 16 12:48:46 2014 -0400 + + Added url device-registration + +M conf/httpd.conf.d/captive-portal-common.conf + +commit ecd3388b291a1f0d5a52c9031faef258f811b756 +Author: James Rouzier +Date: Wed Apr 16 12:47:16 2014 -0400 + + Take expiration from CHI config + +M lib/pf/Portal/Session.pm + +commit dddb2a04db5d8f5b755318684038d1be271bbe44 +Author: James Rouzier +Date: Wed Apr 16 12:20:35 2014 -0400 + + Changed name of parameters + +M html/captive-portal/register-gaming-device.cgi + +commit 70e60a7f0dbbf3357de6e962525234d16046a0fb +Author: James Rouzier +Date: Wed Apr 16 11:34:00 2014 -0400 + + Added new url device-registration + +M lib/pf/web/constants.pm + +commit ac400aec0cc8486378e8d85aeb7c7f6f4f76a6a5 +Author: James Rouzier +Date: Wed Apr 16 11:01:09 2014 -0400 + + Change the port to not conflict with httpd.proxy + +M conf/httpd.conf.d/httpd.portal.catalyst + +commit f2032a257b6ce4c89500e11b91ceaaaa97192eeb +Author: James Rouzier +Date: Wed Apr 16 10:48:43 2014 -0400 + + Change the default session expiration for httpd.portal to 10 minutes + +M conf/chi.conf.example + +commit dfe28d645e8149bf9a7e96adbfbb01f7c37c69e8 +Author: Durand Fabrice +Date: Wed Apr 16 10:55:07 2014 -0400 + + Fix httpd.proxy config + +M conf/httpd.conf.d/httpd.proxy + +commit 83812074ebafe14f4661a1fa47bb12459b77321a +Author: James Rouzier +Date: Tue Apr 15 17:57:43 2014 -0400 + + Made match and type fields required + +M html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm + +commit 8a84f5017bb81f57a1e5111258190042a2b0a2fc +Author: James Rouzier +Date: Tue Apr 15 14:46:25 2014 -0400 + + Remove use cpan version + +D lib/CGI/Session/Driver/chi.pm + +commit 1cdef2e472b436a20e8c5b2624fd5257b7e92343 +Author: James Rouzier +Date: Tue Apr 15 14:45:35 2014 -0400 + + Restore file + +A lib/Catalyst/Plugin/Session/Store/CHI.pm + +commit 156b534e92d7632b493621758b282302c9d4da15 +Author: James Rouzier +Date: Tue Apr 15 14:23:12 2014 -0400 + + Will return nothing if database cannot be reached + +M lib/pf/class.pm + +commit 8977687c7c41bee8d57eac13dd8b1826f3ebac31 +Author: James Rouzier +Date: Tue Apr 15 13:35:30 2014 -0400 + + Remove support for BerkeleyDB + +M lib/pf/CHI.pm +D lib/pf/Role/CHI/Driver/BerkeleyDBUmask.pm + +commit 422f773064b42de0604e826b8500612a26c5fdd5 +Author: Durand Fabrice +Date: Tue Apr 15 13:25:31 2014 -0400 + + Added /usr/local/pf/var/cache_control in packaging + +M addons/packages/packetfence.spec +M debian/packetfence.conffiles + +commit eb8fb21644178674dd6ffe30ef04b075de9f4a4d +Author: James Rouzier +Date: Tue Apr 15 13:13:23 2014 -0400 + + Use the version from cpan + +D lib/Catalyst/Plugin/Session/Store/CHI.pm + +commit e3801775558ccd890637aa80d1db7c5d13933868 +Author: James Rouzier +Date: Tue Apr 15 13:07:47 2014 -0400 + + Fix calling a undefined function + +M lib/pf/config/cached.pm + +commit 05a10d1086179edf1d040540087952e8062e2124 +Author: James Rouzier +Date: Tue Apr 15 13:07:03 2014 -0400 + + Do not trap STDERR and STDOUT + +M conf/httpd.conf.d/httpd.portal + +commit d6e420476d2eb075f897c2ec47b4809788501419 +Author: James Rouzier +Date: Tue Apr 15 13:05:42 2014 -0400 + + Added the ability to not trap stderr and stdout for logging + +M lib/pf/log.pm + +commit 531739aa70c5f35b3af6da97c79bfef4d3120c8a +Author: James Rouzier +Date: Tue Apr 15 13:04:46 2014 -0400 + + Removed the reinitilization of logging + +M lib/pf/web/captiveportal_modperl_require.pl + +commit ca259dbd81d7807e609aa95f4768a211d3ea4967 +Author: James Rouzier +Date: Tue Apr 15 12:14:38 2014 -0400 + + Add new ignore pattern + +M .gitignore + +commit 2a2f08e6423e47e9b679bc8dc47a7ba75864748a +Author: Durand Fabrice +Date: Tue Apr 15 13:01:06 2014 -0400 + + Touch cache_control and remove cachedb dir + +M addons/packages/packetfence.spec +M debian/rules + +commit f490fc9d35763411e3b834d1399b3cdde7696d5e +Author: James Rouzier +Date: Tue Apr 15 11:37:09 2014 -0400 + + Updated documentation + +M lib/Catalyst/Plugin/Session/Store/CHI.pm + +commit 337abe7a5640e40e512b3bf0253a475d700958a5 +Author: Durand Fabrice +Date: Tue Apr 15 08:42:45 2014 -0400 + + Replace CGI::Session::Driver::memcached by CGI::Session::Driver::chi + +M addons/packages/packetfence.spec +M debian/control + +commit d263596fbb1eec302c3798aa1780c1aea3b0675d +Author: Francis Lachapelle +Date: Mon Apr 14 12:01:19 2014 -0400 + + Add configuration paramters to pfbandwidthd + +M conf/documentation.conf +M conf/pf.conf.defaults +M sbin/pfbandwidthd +M sbin/pfmon + +commit 14e8ef45c41d350a5ecb6695a28615cf26b0b433 +Author: James Rouzier +Date: Mon Apr 14 11:58:00 2014 -0400 + + Changed the AcceptMutex to posixsem + +M conf/httpd.conf.d/httpd.admin +M conf/httpd.conf.d/httpd.portal +M conf/httpd.conf.d/httpd.portal.catalyst +M conf/httpd.conf.d/httpd.proxy +M conf/httpd.conf.d/httpd.webservices + +commit d856d90a4f5a25b8c9f400c1aba1fc364664104d +Author: James Rouzier +Date: Mon Apr 14 10:38:12 2014 -0400 + + Provide full path for pfcmd in error message + +M lib/pf/pfcmd/checkup.pm + +commit 5f6fd3e4cc46291093a2956f8c3ac837068a7fbb +Author: James Rouzier +Date: Fri Apr 11 18:50:58 2014 -0400 + + Added missing include + +M html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm + +commit c39bbaee2bb6381bd23d06a1bda5466d106e4359 +Author: James Rouzier +Date: Fri Apr 11 14:08:17 2014 -0400 + + Make checkForViolation Private + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm + +commit a29b58afa75f65a8a1c8096c5c4976e924c06b8d +Author: James Rouzier +Date: Fri Apr 11 11:42:36 2014 -0400 + + Rollback using berkeleydb as a cache + +M conf/chi.conf.example + +commit 82bd8ad1a1723323d8132a7713ff4d22c0aee89e +Author: Durand Fabrice +Date: Fri Apr 11 11:01:48 2014 -0400 + + Fix spec file + +M addons/packages/packetfence.spec + +commit 4162a734eb01b26263ef3db25098a113fd2d5c3c +Author: Durand Fabrice +Date: Fri Apr 11 10:08:48 2014 -0400 + + Fix overwrite autoreg by pfdhcplistener + +M lib/pf/node.pm + +commit 2ded4cbb15c96e639a479d15bb7cd77a90ad801a +Author: Durand Fabrice +Date: Fri Apr 11 09:24:17 2014 -0400 + + Fix for the nightly build + +M addons/packages/packetfence.spec +M debian/rules +M lib/pf/CHI.pm + +commit 8934dbe87b7ff45b4978add45b7211dd7f9a3da1 +Author: Durand Fabrice +Date: Fri Apr 11 08:01:43 2014 -0400 + + Added missing in the packaging + +M addons/packages/packetfence.spec +M debian/packetfence.conffiles + +commit 1a662421e1c730872d5264504fdbfb7925eb8d01 +Author: James Rouzier +Date: Thu Apr 10 16:57:19 2014 -0400 + + Mark checkIfCanRegistration and unknownState as private + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm + +commit 9a9d00099c48735f82c8f04db2f476492e6d00bf +Author: James Rouzier +Date: Thu Apr 10 16:56:44 2014 -0400 + + Added needed modules + +M html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm + +commit ab35d1dcf96e10e7605279d3087efc55353bd0df +Author: James Rouzier +Date: Thu Apr 10 15:36:07 2014 -0400 + + Fixed issue with BerkelelyDB blocking when one or more databases are being opened + +M lib/pf/CHI.pm + +commit b273d7344bec58e80aee207b76220b32697f000b +Author: James Rouzier +Date: Thu Apr 10 15:28:35 2014 -0400 + + Added new service httpd.portal.catalyst + +A conf/httpd.conf.d/httpd.portal.catalyst +M lib/pf/pfcmd.pm +A lib/pf/services/manager/httpd_portal_catalyst.pm + +commit c8144821b95a7779182e93cfba76f2f26a7dccc5 +Author: James Rouzier +Date: Thu Apr 10 13:02:23 2014 -0400 + + Rename GamingRegistration to DeviceRegistration + +A html/captive-portal/lib/captiveportal/Controller/DeviceRegistration.pm +D html/captive-portal/lib/captiveportal/Controller/GamingRegistration.pm + +commit 085f3dcda306c62e1cdc4a2ce5e6b492c4b463f7 +Author: James Rouzier +Date: Thu Apr 10 12:47:14 2014 -0400 + + Fixed typo + +M html/captive-portal/lib/captiveportal/Model/Portal/Session.pm + +commit a989aa70ed7c933ad3fbd2f2d17d515463a9b1a0 +Author: Durand Fabrice +Date: Thu Apr 10 14:14:00 2014 -0400 + + Added missing module + +M addons/packages/packetfence.spec +M debian/control + +commit d6b834555bb94654b63c9e5d03e301924b8bb6d6 +Author: Durand Fabrice +Date: Thu Apr 10 11:38:53 2014 -0400 + + Fix missing perl module + +M addons/packages/packetfence.spec +M debian/control + +commit cd0c8dc7c8454c8bef65934bf889190822cad47b +Author: Durand Fabrice +Date: Thu Apr 10 11:05:13 2014 -0400 + + Update upgrade sql + +D db/upgrade-4.1.0-4.1.1.sql +M db/upgrade-4.1.0-4.2.0.sql + +commit c7466411e4d3321cea137279a6369905273b6dd7 +Author: Durand Fabrice +Date: Tue Apr 8 16:38:45 2014 -0400 + + Added missing dep libtext-csv-xs-perl + +M debian/control + +commit c3bbcff230b6823ace01301c988882dbfa615af9 +Author: Durand Fabrice +Date: Tue Apr 8 16:29:40 2014 -0400 + + Change the regexp to match oauth passthrough and proxy passthrough + +M lib/pf/pfdns/constants.pm + +commit 6a4bd2f5fecfb267ea106b06e59b6d965a275cbc +Author: James Rouzier +Date: Tue Apr 8 14:55:22 2014 -0400 + + Added new command admin_roles updated usage to include chiconfig + +M addons/dev-helpers/dump.pl + +commit 0d50d988804cdcd697195f7af2f135190914b552 +Author: James Rouzier +Date: Tue Apr 8 13:07:16 2014 -0400 + + Moved to use Data::MessagePack::Stream to unpack data + +M lib/pf/WebAPI/MsgPack.pm + +commit f9110f6dcd5a28c5126d634402039aa491c5e53f +Author: James Rouzier +Date: Tue Apr 8 13:06:18 2014 -0400 + + Added json vs msgpack + +M t/benchmarks/webservices_client/msgpack_vs_soap.pl + +commit b839822cb1f5775d7aec852a221366b340a7da69 +Author: James Rouzier +Date: Tue Apr 8 12:46:12 2014 -0400 + + Export isenabled + +M html/captive-portal/redir.cgi + +commit 88c03d1be29f810a8733f3c56889a4457cecf091 +Author: James Rouzier +Date: Tue Apr 8 12:41:04 2014 -0400 + + Export clean_ip + +M html/captive-portal/redir.cgi + +commit 934f98c3651fc898fde1d6452732bd9c0b3586e0 +Author: James Rouzier +Date: Tue Apr 8 11:55:24 2014 -0400 + + Added Const::Fast as a dependency + +M addons/packages/packetfence.spec +M debian/control + +commit 8bd549aa5e3c2cb5a11c67d9d1f46cc9c19c4151 +Author: James Rouzier +Date: Tue Apr 8 11:43:45 2014 -0400 + + Fix error with importing into namespace + +M html/captive-portal/redir.cgi + +commit 5cbf91fafe187027489eb7b3f55aaf39f7c9004a +Author: James Rouzier +Date: Tue Apr 8 11:42:36 2014 -0400 + + To do not import into main namespace + +M lib/pf/web/captiveportal_modperl_require.pl + +commit 31ef4cb041cd3c55fe5c11309e289540950e858a +Author: James Rouzier +Date: Tue Apr 8 10:00:42 2014 -0400 + + Switch the order of regex when detecting a firewallRequest to avoid the switch not found error + +M sbin/pfsetvlan + +commit a58a91c4fe917c24d1f333b64f8af62086de098f +Author: James Rouzier +Date: Mon Apr 7 15:45:42 2014 -0400 + + Added new setting for soap_server and soap_port + +M conf/radiusd/radiusd.conf.example + +commit 802d626abbd4ce10ec539c1ee48f0830ddca3503 +Author: James Rouzier +Date: Mon Apr 7 15:19:33 2014 -0400 + + Added support for json-rpc + +M lib/pf/WebAPI.pm + +commit 3c14246ad4a12912828a9c3b1ef9d9753f609e36 +Author: James Rouzier +Date: Mon Apr 7 14:54:20 2014 -0400 + + Updated the documentation + +M NEWS.asciidoc + +commit 8b955b8aca8157c45c9aa82ec22df993fd2886b4 +Author: James Rouzier +Date: Mon Apr 7 14:52:32 2014 -0400 + + Added support for JSON-RPC + +A lib/pf/WebAPI/JSONRPC.pm +A lib/pf/api/jsonrpcclient.pm + +commit 681c2d04846c6a887e1afba9e0108edfbee2206d +Author: James Rouzier +Date: Mon Apr 7 14:31:47 2014 -0400 + + Fix issue with sending notifications + +M lib/pf/api/msgpackclient.pm + +commit 8c4adc6ccbd286392f18c582bae6bd3429a0b71d +Author: James Rouzier +Date: Mon Apr 7 14:15:16 2014 -0400 + + Updated documentation + +M lib/pf/api/msgpackclient.pm + +commit 07831d2fd3200688140f488009bfd515f9b2d617 +Author: James Rouzier +Date: Mon Apr 7 10:44:15 2014 -0400 + + Fix issue with programname not being set properly + +M sbin/pfdhcplistener + +commit e66d2b1633a54e250e169cb97a3722f0c6b5cd99 +Author: James Rouzier +Date: Mon Apr 7 10:19:09 2014 -0400 + + Set index to zero for internal messages + +M sbin/pfsetvlan + +commit a4a0b35c3ee983fd83223292dafa878fdd76a3ff +Author: James Rouzier +Date: Fri Apr 4 14:44:33 2014 -0400 + + use IO::Handle to avoid error in LWP::UserAgent + +M addons/pf-maint.pl + +commit 1ad0f662475878c879b9932317e030457e61cd83 +Author: James Rouzier +Date: Thu Apr 3 17:10:06 2014 -0400 + + Added rule for raddb/sites-enabled + +M Makefile + +commit 037eccf9f585118b5092c9d929cc83f079aed548 +Author: James Rouzier +Date: Thu Apr 3 17:09:38 2014 -0400 + + Fixed issue with umask not being set + +M lib/pf/CHI.pm +A lib/pf/Role/CHI/Driver/BerkeleyDBUmask.pm + +commit 71d865adc7f7f17a20df478fb16c4373ba6d4be3 +Author: James Rouzier +Date: Thu Apr 3 16:09:02 2014 -0400 + + Allow the host and port to be passed to send_msgpack_request + +M lib/pf/radius/msgpackclient.pm +M raddb/packetfence-soh.pm +M raddb/packetfence.pm +M raddb/sites-available/packetfence +M t/benchmarks/webservices_client/msgpack_vs_soap.pl + +commit 6a2ced5e37a3a746478fcdc51807c8ccc7b890a4 +Author: James Rouzier +Date: Thu Apr 3 15:40:00 2014 -0400 + + Added new module to call rpc + +A lib/pf/api/msgpackclient.pm + +commit 713a3848bf715ef6fc4d73562895360545a01ccd +Author: James Rouzier +Date: Thu Apr 3 12:09:35 2014 -0400 + + Updated query to match schema + +M raddb/sql/mysql/dialup.conf + +commit d43bf45ecd457a9c958cd6f4b2cfa87a20516b84 +Author: James Rouzier +Date: Thu Apr 3 11:16:57 2014 -0400 + + Fix formatting + +M raddb/sites-available/packetfence + +commit cf41f8a718d036d260143c7762bcf941d86b258b +Author: Durand Fabrice +Date: Thu Apr 3 11:41:13 2014 -0400 + + Fix module name + +M debian/control + +commit 0ef79c8a1e6619ebe4b429d059090a22895ca9fa +Author: Durand Fabrice +Date: Thu Apr 3 10:10:22 2014 -0400 + + Remove external portal from dispatcher.pm to a specific perl module + + Conflicts: + + lib/pf/web/dispatcher.pm + +M lib/pf/web/dispatcher.pm +A lib/pf/web/externalportal.pm + +commit a02b49b93950831dd15af9172281e90517e075fc +Author: James Rouzier +Date: Wed Apr 2 18:47:43 2014 -0400 + + Revert sending content as a scalar ref + +M lib/pf/WebAPI/MsgPack.pm + +commit f342eeb3443b2addd0652fae73dd770a87a49b11 +Author: Durand Fabrice +Date: Wed Apr 2 16:36:06 2014 -0400 + + Added dep modules + +M addons/packages/packetfence.spec +M debian/control + +commit 837878180c122d3cf37247ceb729e8ca9208fed7 +Author: James Rouzier +Date: Wed Apr 2 15:01:25 2014 -0400 + + Added support for notifications + +M lib/pf/WebAPI/MsgPack.pm + +commit 6494939a0218ebb77171497936f76deb47e44d04 +Author: James Rouzier +Date: Wed Apr 2 14:30:07 2014 -0400 + + Changed a more realistic data being sent + +M t/benchmarks/webservices_client/msgpack_vs_soap.pl + +commit 37b35398ac03b560cd2fa4f6d749de5c2068a450 +Author: James Rouzier +Date: Wed Apr 2 11:32:34 2014 -0400 + + Remove double declarations + +M lib/pf/db.pm + +commit d411619ea9185c656f6a0e58f4b53356d0950901 +Author: James Rouzier +Date: Wed Apr 2 11:30:52 2014 -0400 + + Remove unused method + +M lib/pf/log.pm + +commit 2af104aa1681102f81e00b1c70713ee3ec7d646f +Author: James Rouzier +Date: Wed Apr 2 11:21:31 2014 -0400 + + Rename gaming_devices_registration to device_registration + +M lib/pf/iptables.pm + +commit 73249729d6b4bf4c5d6f6fccad2fa70b09394f05 +Author: James Rouzier +Date: Wed Apr 2 11:19:24 2014 -0400 + + Added additional check to see if ::ALLOWED_RESOURCES_PROFILE_FILTER is defined + +M lib/pf/Portal/Session.pm + +commit 01cc98a2dc67048aaa2edbfc7d3f5074eff6b169 +Author: James Rouzier +Date: Wed Apr 2 11:16:36 2014 -0400 + + Lock files now start with a dot + +M lib/pf/config/cached.pm + +commit 2dabf873b4fbb9fcbe6f9c87d1b65146a1763112 +Author: James Rouzier +Date: Wed Apr 2 11:05:03 2014 -0400 + + Preload perl modules + +M conf/httpd.conf.d/httpd.webservices +A lib/pf/web/webservices_modperl_require.pl + +commit 11a2bda26f68265686660b708e886b37502aa801 +Author: James Rouzier +Date: Wed Apr 2 11:00:26 2014 -0400 + + Removed eval and duplicated check + +M lib/pf/db.pm + +commit 0206e31702b8933c25cee1e095ae9b03533d0924 +Author: James Rouzier +Date: Wed Apr 2 10:32:17 2014 -0400 + + Replace CHI::Driver::File with CHI::Driver::BerkeleyDB as the top level cache + +M addons/packages/packetfence.spec +M conf/chi.conf.example +M debian/control + +commit 1078a0f63819ff966e81ea5b12f1acf57aab826d +Author: James Rouzier +Date: Tue Apr 1 18:37:11 2014 -0400 + + Only use threads when not in apache + +M lib/pf/WebAPI.pm + +commit 4fbddb16da091d25b55c744f4839bb0ec74089e9 +Author: James Rouzier +Date: Thu Mar 27 16:50:59 2014 -0400 + + Use the msgpack client instead of the soap client + +M raddb/packetfence-soh.pm +M raddb/packetfence.pm + +commit 6b2cfb35b1d1061a676e8346da6e5e45bf591965 +Author: James Rouzier +Date: Thu Mar 27 16:47:00 2014 -0400 + + Lowered the iterations in the Benchmark script + +M t/benchmarks/webservices_client/msgpack_vs_soap.pl + +commit 69423c4cda2e09a7545664fa1c0551da348255e2 +Author: James Rouzier +Date: Thu Mar 27 16:45:53 2014 -0400 + + Set the preferred parser to XML::LibXML::SAX + +M lib/pf/radius/soapclient.pm + +commit 2deea1f27fbb68bd0a81aa82ae0c5dd20f109eaa +Author: James Rouzier +Date: Thu Mar 27 16:44:26 2014 -0400 + + If the content type is application/x-msgpack then use the msgpack serialization + +M lib/pf/WebAPI.pm + +commit 7e6578206909eb5c30976e8fc084ce2566ffe2b3 +Author: James Rouzier +Date: Thu Mar 27 16:42:01 2014 -0400 + + Create a benchmark script between the msgpack vs soap + +A t/benchmarks/webservices_client/msgpack_vs_soap.pl + +commit 51d7902429eecc30b21289519cedb33f291a04aa +Author: James Rouzier +Date: Thu Mar 27 16:41:06 2014 -0400 + + New radius client for msgpack + +A lib/pf/radius/msgpackclient.pm + +commit f8bbdfb330d1d136fea1421d81c17807de30cb4d +Author: James Rouzier +Date: Thu Mar 27 16:39:45 2014 -0400 + + Added new WebAPI handler for msgpack + +A lib/pf/WebAPI/MsgPack.pm + +commit d3d977f2a824d767f0e9e39564a22a786b907702 +Author: Francis Lachapelle +Date: Wed Apr 2 09:10:26 2014 -0400 + + Fix display of last IP address in advanced search + + We must consider iplog entries with an end_time in the future. + +M NEWS.asciidoc +M html/pfappserver/lib/pfappserver/Model/Search/Node.pm + +commit f77e3c4366c906124674d6090763869d8e87c01b +Author: Durand Fabrice +Date: Tue Apr 1 13:50:21 2014 -0400 + + use CHI 0.56 as dep in RHEL/CentOS packaging + +M addons/packages/packetfence.spec + +commit 909e161230df71bcf22bc3359ed507c36703cf1c +Author: James Rouzier +Date: Tue Apr 1 13:07:44 2014 -0400 + + Preload pfappserver + +M conf/httpd.conf.d/httpd.admin + +commit ad796bafb57f43c33d05f591ae196cd5840d17cc +Author: James Rouzier +Date: Mon Mar 31 16:57:58 2014 -0400 + + Give a default value if var/cache_control does not exists + +M lib/pf/config/cached.pm + +commit 0b7b20bd51d3f6665079dd84c14a156daf95d061 +Author: James Rouzier +Date: Mon Mar 31 15:31:15 2014 -0400 + + Only _callFileReloadOnceCallbacks if there are callbacks + +M lib/pf/config/cached.pm + +commit f0330d325750b8e909161a140776dc92c8a6fc4d +Author: James Rouzier +Date: Mon Mar 31 13:21:48 2014 -0400 + + Fixed issue with the onfilereloadonce was not being triggered + +M lib/pf/config/cached.pm + +commit 2c9c651829e590eb6b6ab88798e10d6a09d2778b +Author: James Rouzier +Date: Wed Mar 26 19:52:27 2014 -0400 + + Update cache control after writing files + +M lib/pf/config/cached.pm + +commit 86a512f1ca668e611cd7d70d5c1084f96890308c +Author: Francis Lachapelle +Date: Tue Apr 1 10:41:01 2014 -0400 + + Removed dependency on Perl module PHP::Session + +M addons/packages/packetfence.spec + +commit 560b6d561ec32cd264e1e4d4d34bb5149a82e868 +Author: James Rouzier +Date: Thu Mar 27 13:41:08 2014 -0400 + + Added back expire.locationlog + +M conf/pf.conf.defaults + +commit d9b6240ce73b11ecbd5aeec1723a05308fda6d7a +Author: Francis Lachapelle +Date: Thu Mar 27 10:51:29 2014 -0400 + + Respect destination_url when signing up + +M html/captive-portal/templates/login.html + +commit 824fd81b53230c3ae8d3e0b545cbad52d4938b10 +Author: James Rouzier +Date: Tue Mar 25 09:27:22 2014 -0400 + + Added CLONE method to deal with thread + +M lib/pf/db.pm + +commit 2c440eb2babb63b2b874dd5d88a4206e6bf3410e +Author: James Rouzier +Date: Mon Mar 24 14:39:55 2014 -0400 + + Untaint keys of File drivers + +M lib/pf/CHI.pm +A lib/pf/Role/CHI/Driver/Untaint.pm + +commit b88419f1f088bfe68565ee5bff1e60b7f115f4dd +Author: James Rouzier +Date: Mon Mar 24 14:38:08 2014 -0400 + + manually purge the cache since purge does not work for memcache + +M bin/pfcmd.pl + +commit 1fc87c52a21d751518a384e38a886ac21b359d52 +Author: James Rouzier +Date: Mon Mar 24 14:37:56 2014 -0400 + + manually purge the cache since purge does not work for memcache + +M sbin/pfmon + +commit 10b9b2661b21f73ee6c3cc98d8067065ed1fb3be +Author: James Rouzier +Date: Mon Mar 24 14:23:00 2014 -0400 + + Delete expired session + +M html/pfappserver/lib/pfappserver/Controller/Admin.pm + +commit 71c9f31571e2afb97bbfe11d689b2247d93de82e +Author: James Rouzier +Date: Mon Mar 24 13:54:29 2014 -0400 + + Set expiration time on the back end + +M conf/chi.conf.example + +commit 7cf0c3813b459acd95f507a0a0d875ae48057365 +Author: James Rouzier +Date: Mon Mar 24 12:53:47 2014 -0400 + + Pfmon will perform a cache cleanup the session cache of httpd.admin or httpd.portal + +M conf/documentation.conf +M conf/pf.conf.defaults +M sbin/pfmon + +commit 446fae903890a59a73d51f988dbcce341bc2e229 +Author: James Rouzier +Date: Mon Mar 24 12:47:02 2014 -0400 + + If expires_in is defined in chi then this would override the value in Catalyst::Session + +M lib/Catalyst/Plugin/Session/Store/CHI.pm + +commit d6330011a2420e4e063c5bd3e07153ba63cb2977 +Author: James Rouzier +Date: Mon Mar 24 12:44:27 2014 -0400 + + Removed warnings + +M addons/extract_i18n_strings.pl + +commit b043b4cadd61ff5ae706f26aa9e67045f939c77f +Author: James Rouzier +Date: Mon Mar 24 12:26:45 2014 -0400 + + Inhert from Tie::Handle and added support for printf + +M lib/pf/log/trapper.pm + +commit dfb602a9f7f98187d88aef3c0c1a41cce519a27d +Author: James Rouzier +Date: Mon Mar 24 11:55:36 2014 -0400 + + Documented chi session behavior + +M html/pfappserver/lib/pfappserver.pm + +commit 510c014e5a86c7bdcd85b2fd1ca4eb379f7b9625 +Author: James Rouzier +Date: Mon Mar 24 11:30:01 2014 -0400 + + Install logging in the die handler + +M lib/pf/log.pm + +commit 0f35d25e81b8e9b8584af6146d7c0ba8b64d67e8 +Author: Durand Fabrice +Date: Mon Mar 24 11:42:23 2014 -0400 + + Use the same typo as defined in portal profile + +M html/pfappserver/lib/pfappserver/Form/Violation.pm + +commit 415f5083bb6a509c6c280b340f2f042251931d20 +Author: Durand Fabrice +Date: Mon Mar 24 11:37:50 2014 -0400 + + Fix typo + +M html/pfappserver/lib/pfappserver/Form/Violation.pm + +commit 4093a334af64546293d021e0aac2e6b30103af2f +Author: Durand Fabrice +Date: Mon Mar 24 11:32:38 2014 -0400 + + Added missing redirect_url in the violation config + +M html/pfappserver/lib/pfappserver/Form/Violation.pm +M html/pfappserver/root/violation/view.tt + +commit 3916f845cb2808db3aeb8a7ce53eb329117784f5 +Author: James Rouzier +Date: Fri Mar 21 15:10:31 2014 -0400 + + Use expire logic in the chi driver + +M bin/pfcmd.pl +M lib/pf/CHI.pm + +commit f288b662de87a174525c561ec2a56c4e44d748ac +Author: Durand Fabrice +Date: Mon Mar 24 10:53:48 2014 -0400 + + Added conntrack in sudoers file + +M addons/packages/packetfence.spec +M debian/packetfence.postinst + +commit 2c2a0a8bafc54bc8e5dbc5541a329d5311c5fb8e +Author: James Rouzier +Date: Fri Mar 21 14:53:38 2014 -0400 + + Fixed escaping error + +M Makefile + +commit 8f774793eec5cb790958ddbeac544e4a41b353cc +Author: James Rouzier +Date: Fri Mar 21 14:52:33 2014 -0400 + + Added new command pfcmd cache expire + +M bin/pfcmd.pl + +commit 9d09b61804646af5f9af94b78e2a633100c5a858 +Author: James Rouzier +Date: Fri Mar 21 14:50:46 2014 -0400 + + Added new command pfcmd cache expire + +M lib/pf/CHI.pm +M lib/pf/pfcmd.pm + +commit 663e28b3a9eb7d77a6d18c4483d85af927bdf4e1 +Author: James Rouzier +Date: Fri Mar 21 10:25:11 2014 -0400 + + Removing tabs + +M html/pfappserver/lib/pfappserver/Model/Admin.pm + +commit d5ff4e31ea892ed7c4a55800b12b02d7a5ab399e +Author: Francis Lachapelle +Date: Thu Mar 20 16:45:03 2014 -0400 + + Fixed conversion of wildcards to regexps + + Was affecting domain passthroughs. + +M NEWS.asciidoc +M lib/pf/pfdns/constants.pm +M lib/pf/proxypassthrough/constants.pm + +commit 27bd6016b8a13638b2c6c06061f4ad4ecf9588c1 +Author: Francis Lachapelle +Date: Thu Mar 20 16:24:50 2014 -0400 + + Fix network access for users with no role + + Fixes #1778 + +M NEWS.asciidoc +M db/pf-schema-4.2.0.sql +M html/captive-portal/register.cgi + +commit 8e5a1ebe1f669fb6c9d4a43c4cfef7737cc5c851 +Author: James Rouzier +Date: Thu Mar 20 16:13:11 2014 -0400 + + Fixed issue with merging parameters + +M lib/pf/CHI.pm + +commit 3238972a20a207e0482deca9b30d594a4fe3a6e0 +Author: James Rouzier +Date: Thu Mar 20 15:36:15 2014 -0400 + + Added additional log files + +M lib/pf/file_paths.pm + +commit 0f185a0f2cbed05f855de2784351cda013369232 +Author: James Rouzier +Date: Thu Mar 20 15:31:03 2014 -0400 + + Fixed incorrect pid_file being created + +M sbin/pfdhcplistener + +commit 759104aa0571fd67f985397c9a645b175ca3f603 +Author: James Rouzier +Date: Thu Mar 20 14:36:02 2014 -0400 + + Add perl modules Log::Any Log::Any::Adapter Log::Any::Adapter::Log4perl + +M addons/packages/packetfence.spec +M debian/control + +commit b349e58a6a6cafc55de2af86cdc86e49980efd79 +Author: James Rouzier +Date: Thu Mar 20 14:29:47 2014 -0400 + + Add lib/pf/pfcmd/pfcmd_pregrammar.pm as a target + +M Makefile + +commit ac5efaf994475205d90369c99c1024f2919d0472 +Author: James Rouzier +Date: Thu Mar 20 14:12:59 2014 -0400 + + Added logging + +M lib/pf/CHI.pm + +commit 04648e1cfb07e8ba87cf70b01055a72b00b9ac81 +Author: James Rouzier +Date: Thu Mar 20 13:51:12 2014 -0400 + + Added sudo, permissions raddb/certs/dh targets and added them to sudo + +M Makefile + +commit 1ed6cccc87535bdd6e43c0434e07d25010afb676 +Author: Chris +Date: Thu Mar 20 13:42:11 2014 -0400 + + join iplog when end_time > NOW() + + When listing all nodes I added a condition to join iplog table when end_time is after the current time. + +M lib/pf/node.pm + +commit 03ee83c20c4bf5814f5a165ead295c3803d6273f +Author: James Rouzier +Date: Thu Mar 20 12:17:20 2014 -0400 + + Disable memcached instead enabling it + +M addons/packages/packetfence.spec + +commit 31a6a153086ae9c9690e5caa666cf12efdb2f4bf +Author: James Rouzier +Date: Thu Mar 20 12:11:47 2014 -0400 + + Added devel target + +M Makefile + +commit c8bc900fb6e6904994c658af4baea20081a11fea +Author: James Rouzier +Date: Thu Mar 20 12:07:17 2014 -0400 + + Fix false negative in smoke test + +M t/pfcmd.t + +commit 9112179380e3336a6f790df01c1ed41f1906aa31 +Author: James Rouzier +Date: Wed Mar 19 16:39:13 2014 -0400 + + Remove createpid from Export list + +M lib/pf/util.pm + +commit 32584671e0656727a12edcb0963b2fc23c28d2d8 +Author: James Rouzier +Date: Wed Mar 19 16:37:15 2014 -0400 + + Ignore conf/chi.conf + +M .gitignore + +commit 97e8355a3dd6c7088ac142920692186b0374cc6a +Author: James Rouzier +Date: Wed Mar 19 16:35:52 2014 -0400 + + Renamed registration.gaming_devices_registration to registration.device_registration and registration.gaming_devices_registration_role to device_registration_role + +M conf/pf.conf.defaults + +commit 531773d0daaa2123894877de3dd2aa57ca01752e +Author: James Rouzier +Date: Wed Mar 19 16:30:55 2014 -0400 + + Will calculate the amount of test that is needed to run + +M t/pfcmd.t + +commit c29d9489f05aa842337ee6fc8699b9b87254c974 +Author: James Rouzier +Date: Wed Mar 19 16:15:00 2014 -0400 + + Verify if a template is valid before checking it in + +M addons/dev-helpers/git/pre-commit.pl + +commit 6c8c8d71fabd6e611ba95c947e0ccc55f64b999d +Author: James Rouzier +Date: Wed Mar 19 15:13:11 2014 -0400 + + New test for memcache vs dbi + +A t/chi-stats/chi_stats_memcache_vs_dbi.pl +A t/chi-stats/dummy.dat + +commit bd2fa89904d6a31ba20c6222a7c898d69f9a0f52 +Author: James Rouzier +Date: Wed Mar 19 14:47:00 2014 -0400 + + Test chi_stats.pl loading the configurations in and out of chi + New test to compare using memcache and the file system + Added sql for database test + +M t/chi-stats/chi_stats.pl +A t/chi-stats/chi_stats_memcache_file.pl +A t/chi-stats/test.sql + +commit d3685f982f40dd29cf0f61ff86fff01fe02a58d1 +Author: James Rouzier +Date: Wed Mar 19 13:37:00 2014 -0400 + + Added some chi benchmarks + +A t/chi-stats/chi_stats.pl + +commit bba2594ad2f7955b274e96f08a8f70b966f1a6d6 +Author: James Rouzier +Date: Wed Mar 19 13:01:40 2014 -0400 + + Add precommit hook + +A addons/dev-helpers/git/pre-commit.pl + +commit 1f6dcb76d2b37467996dc66150bccbc4c3e5a65b +Author: James Rouzier +Date: Tue Mar 18 17:52:20 2014 -0400 + + Updated gitignore + +M .gitignore + +commit 1bf5b043df3779cb8dae1f20edd88422c852e201 +Author: James Rouzier +Date: Tue Mar 18 17:51:26 2014 -0400 + + Removed log file no longer created from rotation + +M addons/logrotate + +commit 30337ba7fd9abaf3524a49189308ef3d01217368 +Author: James Rouzier +Date: Tue Mar 18 17:49:53 2014 -0400 + + Move pf::log::trapping from pf::log to it's own module + +M lib/pf/log.pm +A lib/pf/log/trapper.pm + +commit 21a8561847a9ca2d82e513c90a22ff93b120eee1 +Author: James Rouzier +Date: Tue Mar 18 13:04:47 2014 -0400 + + Redirect STDERR and STDOUT to the services log files + +M lib/pf/log.pm +A lib/pf/services/util.pm +M lib/pf/util.pm +M sbin/pfbandwidthd +M sbin/pfdetect +M sbin/pfdhcplistener +M sbin/pfdns +M sbin/pfmon +M sbin/pfsetvlan + +commit f9efd324268c46c324f29b14160cfbba0d33d908 +Author: James Rouzier +Date: Tue Mar 18 12:17:32 2014 -0400 + + Fix syntax error + +M sbin/pfdns + +commit 892a0c888950ec71fcc4dfca024c7ea8e06c63f9 +Author: James Rouzier +Date: Tue Mar 18 11:14:06 2014 -0400 + + Update documentation to match pf param + +M conf/documentation.conf + +commit 8d90b267396e4304fdee534bf7c836bf3b5c7c66 +Author: James Rouzier +Date: Tue Mar 18 11:10:18 2014 -0400 + + Use the nasname as the id + +M raddb/sql/mysql/packetfence.conf + +commit c5aee5e71868141b2535f9917dcd5dabae8b2b11 +Author: James Rouzier +Date: Tue Mar 18 10:57:36 2014 -0400 + + Simplify the chi.conf config to better share common configurations + +M conf/chi.conf.example +M lib/pf/CHI.pm + +commit 45aadf42274e9906ddd453032a4076f1bd39c02b +Author: James Rouzier +Date: Tue Mar 18 10:27:42 2014 -0400 + + Script for running the the portal admin test server + +A addons/dev-helpers/pf-portal-test-server + +commit 54b3ca09154549ecfdd74773d4dfcd98816d2087 +Author: James Rouzier +Date: Tue Mar 18 10:26:01 2014 -0400 + + Fixed the namespace of CHI + +M html/captive-portal/lib/captiveportal.pm + +commit 7f9c458b3b54bf8bf5d1acf5b51a6f5d283551d4 +Author: James Rouzier +Date: Tue Mar 18 10:17:35 2014 -0400 + + Script for running the pf-admin-test-server + +A addons/dev-helpers/pf-admin-test-server + +commit ee5e253ec9068f6a9a985c2363255a614794ed36 +Author: lzammit +Date: Mon Mar 17 15:55:50 2014 -0400 + + Update PacketFence_Network_Devices_Configuration_Guide.asciidoc + + Correcting typo in Cisco radius configuration (aaa group server radius packtfence) to (aaa group server radius packetfence) + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit 249c84eba9f5bb4eb310b607b39667561f86fa2a +Author: James Rouzier +Date: Mon Mar 17 15:23:18 2014 -0400 + + Updated the help for pfcmd cache + +M lib/pf/pfcmd/help.pm + +commit 5309ae1318494b97e502204e7b1abd383423ba73 +Author: James Rouzier +Date: Mon Mar 17 15:22:29 2014 -0400 + + Added new action switch and switches + +M addons/dev-helpers/dump.pl + +commit 0c9060a5408ce837c8a036c12283dc821a7f6f9d +Author: James Rouzier +Date: Mon Mar 17 11:16:37 2014 -0400 + + Added new command pfcmd cache + +M bin/pfcmd.pl +M lib/pf/pfcmd.pm +M lib/pf/pfcmd/help.pm + +commit b3593327a9b9b3b9a030a855b188cd2e9a5ed3c7 +Author: James Rouzier +Date: Mon Mar 17 11:15:56 2014 -0400 + + Untaint configuration values + +M lib/pf/CHI.pm + +commit 12fffa428f9b94951b1d5dfaa7c7b1e540ef202f +Author: Loick Pelet +Date: Fri Mar 14 11:17:00 2014 -0400 + + removed delaycompress option + +M addons/logrotate + +commit cd3d92ba51643ac19beac183d9e09381a3d6de5c +Author: James Rouzier +Date: Fri Mar 14 19:42:09 2014 -0400 + + fixed XSS issue + + Conflicts: + html/pfappserver/root/configuration/adminroles/list.tt + html/pfappserver/root/configuration/adminroles/view.tt + html/pfappserver/root/configuration/floatingdevice/list.tt + html/pfappserver/root/node/advanced_search.tt + html/pfappserver/root/node/simple_search.tt + html/pfappserver/root/user/advanced_search.tt + html/pfappserver/root/user/simple_search.tt + +M html/pfappserver/root/admin/nodes.tt +M html/pfappserver/root/admin/reports.tt +M html/pfappserver/root/admin/users.tt +M html/pfappserver/root/admin/wrapper.tt +M html/pfappserver/root/authentication/source/read.tt +M html/pfappserver/root/config/networks/view.tt +M html/pfappserver/root/configuration/adminroles/list.tt +M html/pfappserver/root/configuration/adminroles/view.tt +M html/pfappserver/root/configuration/authentication.tt +M html/pfappserver/root/configuration/floatingdevice/list.tt +M html/pfappserver/root/configuration/floatingdevice/view.tt +M html/pfappserver/root/configuration/switch/list.tt +M html/pfappserver/root/configuration/switch/view.tt +M html/pfappserver/root/configurator/configuration.tt +M html/pfappserver/root/configurator/database.tt +M html/pfappserver/root/configurator/networks.tt +M html/pfappserver/root/configurator/services.tt +M html/pfappserver/root/graph/counter.tt +M html/pfappserver/root/graph/dashboard.tt +M html/pfappserver/root/graph/line.tt +M html/pfappserver/root/graph/pie.tt +M html/pfappserver/root/graph/report.tt +M html/pfappserver/root/interface/create.tt +M html/pfappserver/root/interface/list.tt +M html/pfappserver/root/interface/view.tt +M html/pfappserver/root/node/advanced_search.tt +M html/pfappserver/root/node/simple_search.tt +M html/pfappserver/root/node/view.tt +M html/pfappserver/root/node/violations.tt +M html/pfappserver/root/portal/profile/copy_file.tt +M html/pfappserver/root/portal/profile/edit.tt +M html/pfappserver/root/portal/profile/files.tt +M html/pfappserver/root/portal/profile/index.tt +M html/pfappserver/root/portal/profile/new_file.tt +M html/pfappserver/root/portal/profile/view.tt +M html/pfappserver/root/roles/index.tt +M html/pfappserver/root/roles/read.tt +M html/pfappserver/root/soh/index.tt +M html/pfappserver/root/soh/read.tt +M html/pfappserver/root/user/advanced_search.tt +M html/pfappserver/root/user/list_password.tt +M html/pfappserver/root/user/print.tt +M html/pfappserver/root/user/simple_search.tt +M html/pfappserver/root/user/view.tt +M html/pfappserver/root/user/violations.tt +M html/pfappserver/root/violation/list.tt +M html/pfappserver/root/violation/preview.tt +M html/pfappserver/root/violation/view.tt + +commit 3d1504245cf5d7b935d3f87ecda78cf3176b75cf +Author: Derek Wuelfrath +Date: Fri Mar 14 11:15:48 2014 -0400 + + Temporary fix for 1775. + This is TEMP. Need to work out a real solution. + +M lib/pf/Switch/Cisco/Catalyst_2960.pm + +commit 3dba4bdc3a50a69d6e9b988603118668c17ff26d +Author: James Rouzier +Date: Fri Mar 14 10:06:42 2014 -0400 + + Include all the conf/*.example in the packaging + +M addons/packages/packetfence.spec + +commit bc6c8baba684076114e774c4fc361a23a86e26e1 +Author: Louis Munro +Date: Thu Mar 13 19:17:01 2014 -0400 + + Made Freeradius config self-documenting. + +M raddb/sites-available/packetfence + +commit 6680e00706bb9108ef1ab844a1e34b451c922754 +Author: James Rouzier +Date: Thu Mar 13 16:22:50 2014 -0400 + + Remove chi cache table + +M db/pf-schema-4.2.0.sql + +commit 9fe52549af27f13255275c4f63ee5f338f236163 +Author: Derek Wuelfrath +Date: Thu Mar 13 15:51:22 2014 -0400 + + Adding missing empty directory + +A conf/ssl/.gitignore + +commit b15b461a7821acf656b52339a3645abe6f9e7863 +Author: James Rouzier +Date: Thu Mar 13 15:23:25 2014 -0400 + + Move back to using the namespace httpd.admin + +M html/pfappserver/lib/pfappserver.pm + +commit cb11161893a2d3a402e965649e299f6155164d68 +Author: James Rouzier +Date: Thu Mar 13 10:46:35 2014 -0400 + + Moved to use CHI for sessions + +M html/captive-portal/lib/captiveportal.pm + +commit f2c8c496386937bbffce4bf896489e279211bbe2 +Author: James Rouzier +Date: Thu Mar 13 10:42:49 2014 -0400 + + Rename to match module name + Moved chi arguments to a has called chi_args + +M html/pfappserver/lib/pfappserver.pm +D lib/Catalyst/Plugin/Session/CHI.pm +A lib/Catalyst/Plugin/Session/Store/CHI.pm + +commit 4df819fb7b96fb5da899476c7bf592f32b08b2cc +Author: James Rouzier +Date: Thu Mar 13 00:04:18 2014 -0400 + + Added conf/log.conf.d/.* to the packaging + +M addons/packages/packetfence.spec + +commit 3a4ebd5d08e9890ffb900db50a2f3917d6ca28c6 +Author: James Rouzier +Date: Wed Mar 12 20:29:46 2014 -0400 + + Moved chi.conf to chi.conf.example + +M addons/packages/packetfence.spec +D conf/chi.conf +A conf/chi.conf.example + +commit 6b3322462756c3c7b16165702257b4f569e1f221 +Author: James Rouzier +Date: Wed Mar 12 20:26:53 2014 -0400 + + Added support for a database backing for in chi.conf + +M lib/pf/CHI.pm + +commit 12d616f36dda71ecbb9de63b002cc7e6b2ad404e +Author: James Rouzier +Date: Tue Mar 11 15:44:08 2014 -0400 + + Fix use of an uninitialized variable + +M lib/pf/services/manager/submanager.pm + +commit 4f53aee1911b2a9414f12f67644f60140b2cde55 +Author: James Rouzier +Date: Tue Mar 11 15:43:08 2014 -0400 + + Fix issue where pf::services::manager::pfdhcplistener will hang for 60 seconds + +M lib/pf/services/manager/pfdhcplistener.pm + +commit 330f00ce5a0280eca81da0a00fcdb3616d636b35 +Author: James Rouzier +Date: Tue Mar 11 14:57:38 2014 -0400 + + Added new log files to logrotate + +M addons/logrotate + +commit cea0f09fbbf4d7b41d245d2ad2e44689f06bd8e6 +Author: James Rouzier +Date: Tue Mar 11 13:50:46 2014 -0400 + + Removed all other log configuration + +M conf/log.conf.example + +commit a277684a40e0f11ddc7a98a7de720fe6282211b0 +Author: James Rouzier +Date: Tue Mar 11 13:40:25 2014 -0400 + + Move logging to a seperate file + +M conf/httpd.conf.d/httpd.admin +M conf/httpd.conf.d/httpd.portal +M html/pfappserver/lib/pfappserver.pm +M lib/pf/file_paths.pm +M lib/pf/log.pm +M sbin/pfbandwidthd +M sbin/pfdetect +M sbin/pfdhcplistener +M sbin/pfdns +M sbin/pfmon +M sbin/pfsetvlan + +commit 0bdd3a706671dc0fc99706df4da8458490c6a900 +Author: James Rouzier +Date: Tue Mar 11 13:15:14 2014 -0400 + + New log configuration for pf services + +A conf/log.conf.d/httpd.admin.conf.example +A conf/log.conf.d/httpd.portal.conf.example +A conf/log.conf.d/pfbandwidthd.conf.example +A conf/log.conf.d/pfdetect.conf.example +A conf/log.conf.d/pfdhcplistener.conf.example +A conf/log.conf.d/pfdns.conf.example +A conf/log.conf.d/pfmon.conf.example +A conf/log.conf.d/pfsetvlan.conf.example + +commit 467f0d546730e5bbdfe88957ffa137930d1184da +Author: James Rouzier +Date: Tue Mar 11 12:09:45 2014 -0400 + + Move to use CHI for sessions + +A lib/CGI/Session/Driver/chi.pm +M lib/pf/Portal/Session.pm + +commit 34c6ea57787adf54a4c03838077c3c6136c9cd58 +Author: James Rouzier +Date: Tue Mar 11 11:16:06 2014 -0400 + + Updated documentation + +M lib/Catalyst/Plugin/Session/CHI.pm + +commit f681faba34113ecba4bd9ffd421bdb60ae2a7444 +Author: James Rouzier +Date: Tue Mar 11 10:56:36 2014 -0400 + + Moved to using pf::CHI for caching + +M sbin/pfdns + +commit 4199b8c67963e4d11dd45aed829b10e21cbc3d54 +Author: James Rouzier +Date: Tue Mar 11 10:21:43 2014 -0400 + + Updated test count + +M t/pfcmd.t + +commit a5dd6990b3f08448f322d860db0f7d4dff3f2e63 +Author: James Rouzier +Date: Tue Mar 11 10:19:46 2014 -0400 + + Added new cache namespaces httpd.admin httpd.portal pfdns + +M conf/chi.conf +M html/pfappserver/lib/pfappserver.pm +A lib/Catalyst/Plugin/Session/CHI.pm +M lib/pf/CHI.pm + +commit 98fcd291173133ab09ae85ced6fc4a81fa693b52 +Author: James Rouzier +Date: Mon Mar 10 17:03:16 2014 -0400 + + Delete user session after user logouts + +M html/pfappserver/lib/pfappserver/Controller/Admin.pm + +commit b517f6dd53ea85e9dbb42e33a00b05f6e860545a +Author: James Rouzier +Date: Mon Mar 10 11:33:45 2014 -0400 + + Added mod qos gui + +M addons/packages/packetfence.spec +M conf/documentation.conf +M conf/httpd.conf.d/httpd.portal +M conf/pf.conf.defaults + +commit 9ef562c44a8779637d8fa05c01074b290d925139 +Author: James Rouzier +Date: Sat Mar 8 08:58:51 2014 -0500 + + Add new command pfcmd configreload + +M bin/pfcmd.pl +M lib/pf/config/cached.pm +M lib/pf/pfcmd.pm +M lib/pf/pfcmd/help.pm + +commit cdb8695e2494d8069f139d8e3ca72d3df47d797a +Author: James Rouzier +Date: Sat Mar 8 08:53:28 2014 -0500 + + Updating the switches will no longer delete active switches + +M db/pf-schema-4.2.0.sql +M db/upgrade-4.1.0-4.2.0.sql +M lib/pf/freeradius.pm + +commit bff527c0ceab65558b2b70dc0c8d0d7250337337 +Author: James Rouzier +Date: Sat Mar 8 08:47:34 2014 -0500 + + Automatically load sources + +M lib/pf/authentication.pm + +commit 64d69846565d871618acf235341ed456f4d8e165 +Author: James Rouzier +Date: Sat Mar 8 07:30:48 2014 -0500 + + Added onfilereloadonce option + +M lib/pf/config/cached.pm + +commit 1b5a77588526b9cdbf4c0568f7f5a1b928139bb5 +Author: James Rouzier +Date: Sat Mar 8 07:29:39 2014 -0500 + + Fixed syntax error + +M lib/pf/violation_config.pm + +commit cae8a12cc3fe7bbf7372a95e562a468b0e3df24e +Author: James Rouzier +Date: Sat Mar 8 07:27:31 2014 -0500 + + Refactor calculation of the timestamp to _getFileTimestamp + +M lib/pf/IniFiles.pm + +commit 9a07df67113ed10d3806ce4f046db03f77a7e5c6 +Author: James Rouzier +Date: Fri Mar 7 15:13:50 2014 -0500 + + Added all the pfservices log files + +M lib/pf/file_paths.pm + +commit b2f9e5bdf7bf44a9bc844ed05e52f51bf03964cd +Author: James Rouzier +Date: Fri Mar 7 15:12:10 2014 -0500 + + Changed umask for log files + +M conf/log.conf.example + +commit 6a1e6c33608894127b9c5cdac1fe20e3650a3a63 +Author: Durand Fabrice +Date: Fri Mar 7 15:55:01 2014 -0500 + + Fixed locationlog_synchronize param in radius.pm + +M lib/pf/radius.pm + +commit f371c3d2885eac909a94e0532df11b4063384986 +Author: James Rouzier +Date: Fri Mar 7 11:22:49 2014 -0500 + + Removed the service pfcache + +M addons/packages/packetfence.spec +M bin/pfcmd.pl +M lib/pf/ConfigStore/Switch.pm +M lib/pf/pfcmd.pm +M lib/pf/services.pm +M lib/pf/services/manager.pm +D lib/pf/services/manager/pfcache.pm +M lib/pf/violation_config.pm +D sbin/pfcache + +commit 1d6f9e7a96f3d35a160f99721e85a943d09fd6dc +Author: James Rouzier +Date: Fri Mar 7 08:26:07 2014 -0500 + + Added callbacks that will only happen once when the file is reloaded + +M lib/pf/config/cached.pm + +commit b2013b3607d24a0aa1f92cf3d95a63d204180898 +Author: James Rouzier +Date: Fri Mar 7 08:21:05 2014 -0500 + + Removed documentation that is no longer revelent + +M lib/pf/config/cached.pm + +commit dae5a78661c80941dbf659c5e378d3b2fa654b92 +Author: James Rouzier +Date: Thu Mar 6 17:18:58 2014 -0500 + + Renaming gaming registration to device registration + +A html/captive-portal/lib/captiveportal/PacketFence/Controller/DeviceRegistration.pm +D html/captive-portal/lib/captiveportal/PacketFence/Controller/GamingRegistration.pm + +commit 45480ea9cf35a1832c3096064f6db37ba9d403c6 +Author: James Rouzier +Date: Thu Mar 6 17:17:02 2014 -0500 + + Move the inline3 fake mac to here + +M html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm + +commit e88875c5d17ef8025bd2381926c973b748eb7d1d +Author: James Rouzier +Date: Thu Mar 6 17:16:09 2014 -0500 + + Inhert from from PacketFence::Model::Portal::Session + +M html/captive-portal/lib/captiveportal/Model/Portal/Session.pm + +commit cba14f3aeb2914d443a658f27ef612f25981de8d +Author: Durand Fabrice +Date: Fri Mar 7 09:13:30 2014 -0500 + + Added uri in proxy passthrough like inverse.ca/downloads/ + +M lib/pf/proxypassthrough/constants.pm +M lib/pf/web/dispatcher.pm + +commit 03a59ec92e5f761dc506c13b267d1024218f3625 +Author: James Rouzier +Date: Thu Mar 6 16:25:58 2014 -0500 + + Increase the resolution of the timestamp to microsecond + +M lib/pf/IniFiles.pm + +commit 4a1aa6cd80e1afb93fb2c694eab62397540d3e84 +Author: James Rouzier +Date: Thu Mar 6 13:33:54 2014 -0500 + + Add additional directories to set the group sticky bit on for fixpermissions + +M bin/pfcmd.pl + +commit 68819d36e8db8fe87eed9ae65c2258e882cb4ac3 +Author: Francis Lachapelle +Date: Fri Feb 28 14:00:56 2014 -0500 + + Improve logging in node::is_max_reg_nodes_reached + +M lib/pf/node.pm + +commit d84da46ba23cf1a6b24947f7bc760cda6f23b768 +Author: James Rouzier +Date: Fri Feb 28 11:40:11 2014 -0500 + + Check if management_network is true instead of defined + +M lib/pf/pfcmd/checkup.pm + +commit df5d5c092b3667b732c2e79c3f5a88aae48d5059 +Author: James Rouzier +Date: Fri Feb 28 11:31:25 2014 -0500 + + Refactored to pf::services::manager::* + +M t/services.t + +commit 7be9b160dc6eca89a7f22ce10b98125c1385dcca +Author: James Rouzier +Date: Wed Feb 26 12:25:43 2014 -0500 + + Removed hookable attribute + +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Sms.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/GamingRegistration.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm +M html/captive-portal/lib/captiveportal/PacketFence/Controller/Status.pm + +commit d7f5e07fcc244f4d4494c06f49cb0dfd36cdf831 +Author: jrouzierinverse +Date: Wed Feb 26 11:54:01 2014 -0500 + + Updated the copyright year + +M lib/pf/services/manager/pfbandwidthd.pm + +commit 3965fde2819c4f4b68c60f67792d0f8dc994665b +Author: James Rouzier +Date: Wed Feb 26 11:15:12 2014 -0500 + + Add html/captive-portal/custom-lib to the search path of captiveportal + +M html/captive-portal/lib/captiveportal.pm + +commit 67dbb916f0b9d1b4968939e7198a02fe778d4b77 +Author: James Rouzier +Date: Wed Feb 26 11:14:21 2014 -0500 + + Moved configuration generation to pf::services::manager::snmptrapd + +M lib/pf/services/manager/snmptrapd.pm +D lib/pf/services/snmptrapd.pm + +commit 11e4fa2d7f3043d29ca9734e20c19845ba350f97 +Author: James Rouzier +Date: Wed Feb 26 11:08:31 2014 -0500 + + Moved configuration generation to pf::services::manager::dhcpd + +D lib/pf/services/dhcpd.pm +M lib/pf/services/manager/dhcpd.pm + +commit 46bc1e06ed595896174033d65e027cec40b3c1f2 +Author: James Rouzier +Date: Wed Feb 26 11:05:08 2014 -0500 + + Updated documentation with instructions on help to add a new service for pfcmd + +M lib/pf/services/manager.pm + +commit 080afb8bda9f8359addc43f6061ec7b5671380ab +Author: James Rouzier +Date: Wed Feb 26 10:37:15 2014 -0500 + + Moved configuration generation to pf::services::manager::httpd + +D lib/pf/services/apache.pm +M lib/pf/services/manager/httpd.pm + +commit 7a4c727e96afc51d60154a588089e97c47df1a4c +Author: James Rouzier +Date: Tue Feb 25 15:29:27 2014 -0500 + + Added new service pfbandwidth to managed my packetfence + +M lib/pf/pfcmd.pm +M lib/pf/pfcmd/help.pm +M lib/pf/services.pm +A lib/pf/services/manager/pfbandwidthd.pm + +commit be7b79d01797abdcc2188fc71101bb8e38e40cd1 +Author: James Rouzier +Date: Tue Feb 25 14:43:21 2014 -0500 + + Moved controllers to captiveportal::Controller captiveportal::PacketFence::Controller namespace + +M html/captive-portal/lib/captiveportal/Controller/Access.pm +M html/captive-portal/lib/captiveportal/Controller/Activate/Email.pm +M html/captive-portal/lib/captiveportal/Controller/Activate/Sms.pm +M html/captive-portal/lib/captiveportal/Controller/Aup.pm +M html/captive-portal/lib/captiveportal/Controller/Authenticate.pm +M html/captive-portal/lib/captiveportal/Controller/CaptivePortal.pm +M html/captive-portal/lib/captiveportal/Controller/Enabler.pm +M html/captive-portal/lib/captiveportal/Controller/GamingRegistration.pm +M html/captive-portal/lib/captiveportal/Controller/Node/Manager.pm +M html/captive-portal/lib/captiveportal/Controller/Oauth2.pm +M html/captive-portal/lib/captiveportal/Controller/Pay.pm +M html/captive-portal/lib/captiveportal/Controller/PreRegister.pm +M html/captive-portal/lib/captiveportal/Controller/Redirect.pm +M html/captive-portal/lib/captiveportal/Controller/Release.pm +M html/captive-portal/lib/captiveportal/Controller/Remediation.pm +M html/captive-portal/lib/captiveportal/Controller/Root.pm +M html/captive-portal/lib/captiveportal/Controller/Signup.pm +M html/captive-portal/lib/captiveportal/Controller/Status.pm +M html/captive-portal/lib/captiveportal/Controller/WirelessProfile.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/Access.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Sms.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/Aup.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/Enabler.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/GamingRegistration.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/Node/Manager.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/PreRegister.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/Redirect.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/Release.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/Remediation.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/Status.pm +A html/captive-portal/lib/captiveportal/PacketFence/Controller/WirelessProfile.pm +A html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm + +commit 0aace8bec060246fdb8bdeadab6fb2e94913a507 +Author: Durand Fabrice +Date: Tue Feb 25 13:27:41 2014 -0500 + + Updated packetfence.postinst script + +M debian/packetfence.postinst + +commit 523f80aaa35f7dcc52a241c4d6b3423907d757fd +Author: Durand Fabrice +Date: Tue Feb 25 13:21:13 2014 -0500 + + Fix variable issue in packetfence radius module + +M raddb/packetfence.pm + +commit f9bba1c856e83ff4d30a634c60c9468eb380d20b +Author: Durand Fabrice +Date: Tue Feb 25 12:10:53 2014 -0500 + + Syntax error + +M debian/rules + +commit 708e06d5c17e973dccdfec6f41d139f086a2a48e +Author: Durand Fabrice +Date: Tue Feb 25 12:09:15 2014 -0500 + + Syntax again ... debian packaging + +M debian/rules + +commit ce07477d2d31a8249cb6647f2dc1a1b13f8c21e3 +Author: Durand Fabrice +Date: Tue Feb 25 12:07:30 2014 -0500 + + Fix syntax error for packaging + +M debian/rules + +commit a6f6416968739abe8c697a0d88677c6f81f4ee2e +Author: Durand Fabrice +Date: Tue Feb 25 12:02:42 2014 -0500 + + Syntax error + +M debian/rules + +commit f4c11418af44d09f31d2f5d47963db60f0aa083e +Author: Durand Fabrice +Date: Tue Feb 25 11:59:07 2014 -0500 + + Syntax error in rules (debian packages) + +M debian/rules + +commit d27a5464377f44e3e0f41d9b29c2132463bda70e +Author: Durand Fabrice +Date: Tue Feb 25 11:32:08 2014 -0500 + + Update dep version on perl-chi and libmoo-perl + +M debian/control + +commit dd1c3130fbc530a0a7a7a1a9c11c8df2ba02015d +Author: Derek Wuelfrath +Date: Fri Feb 21 16:17:08 2014 -0500 + + Removed isManagedVlan for VLAN setting process + - We should completely remove the isManagedVlan method but it is tied to some verifications for obscur SNMP stuff... + Don't want to break weird things that we don't even understand. + +M lib/pf/Switch.pm +M lib/pf/radius.pm +M sbin/pfsetvlan + +commit 6d0eb31a64ff926e6163b0c5a9620654366efa32 +Author: Durand Fabrice +Date: Fri Feb 21 16:12:22 2014 -0500 + + Added QOS on captiv portal + +M addons/packages/packetfence.spec +M conf/httpd.conf.d/httpd.portal +M debian/control + +commit a1702f829bcc30e99929ea94fe58eb7d23d0c823 +Author: James Rouzier +Date: Fri Feb 21 15:51:16 2014 -0500 + + Seperate logging for all services + +M conf/log.conf.example + +commit 457b24adca5619704cda6671d0ee5e6a12ca73b2 +Author: James Rouzier +Date: Fri Feb 21 14:32:50 2014 -0500 + + no longer add tid automatically + +M lib/pf/log.pm + +commit 12c36bb5e8342a26d67654603d68d487f6a8dbe7 +Author: James Rouzier +Date: Fri Feb 21 11:08:42 2014 -0500 + + decode value to utf8 before xml encoding + +M lib/pf/radius/soapclient.pm + +commit c2a0f7354165923d92e49e1fb6628791b4bbe48c +Author: Durand Fabrice +Date: Fri Feb 21 10:44:37 2014 -0500 + + Remove a call to an undefined function + +M html/captive-portal/register.cgi + +commit 3add73310726e97caf0c1fa7d2c6d8dc2019ac43 +Author: Durand Fabrice +Date: Thu Feb 20 17:00:41 2014 -0500 + + Missing return in web/constants.pm + +M lib/pf/web/constants.pm + +commit e341ff03c9c24742c2d5b1e0d0f9e15946d71b8d +Author: Durand Fabrice +Date: Thu Feb 20 16:31:15 2014 -0500 + + Merge options to node_info + +M lib/pf/Portal/ProfileFactory.pm + +commit 7f8ceeb679d81920d3384ba853bb7a991f2bcb56 +Author: Durand Fabrice +Date: Thu Feb 20 15:23:43 2014 -0500 + + Updated sql schema + +D db/pf-schema-4.1.1.sql +A db/pf-schema-4.2.0.sql +A db/upgrade-4.1.0-4.2.0.sql +D db/upgrade-4.1.0-4.x.x.sql + +commit 9e4d5119bd8ed8b339e57332f63eba906be3983e +Author: Durand Fabrice +Date: Thu Feb 20 14:32:17 2014 -0500 + + Sometimes the mac address is included in User-Name + +M raddb/packetfence.pm + +commit 506f2c0faddea0acf2622b508107ba260f7204ce +Author: Durand Fabrice +Date: Thu Feb 20 10:12:12 2014 -0500 + + Added pf::lookup::person::lookup_person to fecth information when a user is create + +M lib/pf/node.pm + +commit de545002e073c29faff24162784960a69b0e2082 +Author: Durand Fabrice +Date: Thu Feb 20 10:08:29 2014 -0500 + + Raise max_requests to 20000 in radius.conf + +M conf/radiusd/radiusd.conf.example + +commit 584682ae37973f6eee21db6ae541e536ad95e044 +Author: Durand Fabrice +Date: Wed Feb 19 14:16:37 2014 -0500 + + Enable -1 as a vlan id to kicked out a device in radius answer + +M lib/pf/Switch.pm + +commit 057995788fcd3db20bb22b0a7a7cb2f273914fa8 +Author: Durand Fabrice +Date: Tue Feb 18 16:02:21 2014 -0500 + + Missing function and wrong code for external captive portal + +M lib/pf/SwitchFactory.pm +M lib/pf/web/dispatcher.pm + +commit 25b6abfd137a9486e2afbcd65a5ccdd1701f753c +Author: Durand Fabrice +Date: Tue Feb 18 15:30:57 2014 -0500 + + Fixed portal uri filter issue + +M lib/pf/web/constants.pm +M lib/pf/web/dispatcher.pm + +commit 7e6199467c824754c37292a5179bea91cb5e8f59 +Author: Durand Fabrice +Date: Tue Feb 18 13:59:15 2014 -0500 + + Removed undefined function + +M html/captive-portal/redir.cgi + +commit 833ea6a9feb0a936ce8ab57c288808c73a7b09c9 +Author: Durand Fabrice +Date: Tue Feb 18 13:40:16 2014 -0500 + + Fix dynamic-clients syntax + +M raddb/sites-available/dynamic-clients + +commit 907db03b804474e6aa0b83ec75c5d3365feac591 +Author: Durand Fabrice +Date: Tue Feb 18 09:42:57 2014 -0500 + + Fixed test + +M t/SNMP.t +M t/radius.t + +commit 9851d4a03cda02aea2f9ab33ffb0c9772655355c +Author: Durand Fabrice +Date: Tue Feb 18 09:39:44 2014 -0500 + + Fix 3 com module syntax + +M lib/pf/Switch/ThreeCom/SS4500.pm + +commit 2ce4a7b8b2c4499bd0a7e5a5d1a3f791cae363c2 +Author: Durand Fabrice +Date: Tue Feb 18 08:38:57 2014 -0500 + + Removed admin_roles.conf file + +D conf/admin_roles.conf + +commit cdbd4491bdea4ed96f2abbe97c86bc93df9bd1fe +Author: James Rouzier +Date: Mon Feb 17 11:55:23 2014 -0500 + + Check to see if switch exists before instantiate it + +M lib/pf/web/dispatcher.pm + +commit ddeb732157e9fc1b02845c02a5f7784ab3a3166c +Author: Durand Fabrice +Date: Mon Feb 17 14:21:14 2014 -0500 + + Update NEWS file + +M NEWS.asciidoc + +commit a2db10c259d998bc02bd3f5386cfd551f7182463 +Author: Durand Fabrice +Date: Mon Feb 17 13:56:24 2014 -0500 + + Moved _identifyConnectionType to switch module since it depend of the switch model + +M lib/pf/Switch.pm +M lib/pf/Switch/Enterasys/V2110.pm +M lib/pf/Switch/MockedSwitch.pm +M lib/pf/radius.pm + +commit 9ff68f3608785a0a0e0f111c602aab2c12c231d7 +Author: Durand Fabrice +Date: Mon Feb 17 13:42:51 2014 -0500 + + Missing function + +M lib/pf/Switch/Cisco/WLC_http.pm + +commit 7abb1dcebe88e7429959028ec871f918a58cc599 +Author: Durand Fabrice +Date: Mon Feb 17 12:09:22 2014 -0500 + + Fixed code + +M lib/pf/Switch/ThreeCom/SS4500.pm +M lib/pf/Switch/ThreeCom/Switch_4200G.pm + +commit 80688b69cd1a283d68ec4581be2c31557cca27d9 +Author: Loick Pelet +Date: Mon Feb 17 11:04:51 2014 -0500 + + Added leading space + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit af32f99f3f740864b43070118669dd267b2ece89 +Author: Loick Pelet +Date: Thu Feb 13 17:30:52 2014 -0500 + + fixed config for 3com mac-auth + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit db8505fa29d264f0bb09f2fbc7d5fbd85d34a5e4 +Author: Loick Pelet +Date: Thu Feb 13 17:21:32 2014 -0500 + + fixed position for 3com conf + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit ca3cfa089eb1419c3a8c8c1aef524803684340cd +Author: Loick Pelet +Date: Thu Feb 13 17:19:44 2014 -0500 + + Added configuration for MAC-AUTH and VoIP + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit e9653dae04db8d8896694461a8da7964d88dcfee +Author: Loick Pelet +Date: Thu Feb 13 17:08:14 2014 -0500 + + Added LLDP support for all 3com 4000series + +M lib/pf/Switch/ThreeCom/SS4500.pm + +commit 5563edf1aa313c6ce593ec518649dd251fa2d723 +Author: Loick Pelet +Date: Thu Feb 13 16:54:03 2014 -0500 + + Added LLDP support for 3com 4000series + +M lib/pf/Switch/ThreeCom/Switch_4200G.pm + +commit 2092afc3af263a61849decf90a69914e5d6e7e33 +Author: Durand Fabrice +Date: Mon Feb 17 11:43:51 2014 -0500 + + Removed unusefull file + +D lib/pf/web/winprofil.pm + +commit d5d9aa7601ce0d4d11a102ed284ac1179c4dffa9 +Author: Durand Fabrice +Date: Mon Feb 17 11:30:48 2014 -0500 + + Fixed spec file + +M addons/packages/packetfence.spec + +commit cc98b748126e108a48ae4b0313ee9be860127c37 +Author: Durand Fabrice +Date: Mon Feb 17 11:28:45 2014 -0500 + + Removed windows provisioning stuff + +D addons/wpa2_enterprise_configurator/WPA_Ent_Config.exe +D addons/wpa2_enterprise_configurator/WPA_Ent_Config.ico +D addons/wpa2_enterprise_configurator/WPA_Ent_Config.lpi +D addons/wpa2_enterprise_configurator/WPA_Ent_Config.lpr +D addons/wpa2_enterprise_configurator/WPA_Ent_Config.res +D addons/wpa2_enterprise_configurator/blcksock.pas +D addons/wpa2_enterprise_configurator/dll.pas +D addons/wpa2_enterprise_configurator/httpsend.pas +D addons/wpa2_enterprise_configurator/libeay32.dll +D addons/wpa2_enterprise_configurator/libssh2.dll +D addons/wpa2_enterprise_configurator/manifest.rc +D addons/wpa2_enterprise_configurator/manifest.xml +D addons/wpa2_enterprise_configurator/noname.png +D addons/wpa2_enterprise_configurator/noname2.png +D addons/wpa2_enterprise_configurator/packetfence.png +D addons/wpa2_enterprise_configurator/packetfence24.png +D addons/wpa2_enterprise_configurator/ssl_openssl.pas +D addons/wpa2_enterprise_configurator/ssl_openssl_lib.pas +D addons/wpa2_enterprise_configurator/ssleay32.dll +D addons/wpa2_enterprise_configurator/sswin32.inc +D addons/wpa2_enterprise_configurator/synacode.pas +D addons/wpa2_enterprise_configurator/synafpc.pas +D addons/wpa2_enterprise_configurator/synaip.pas +D addons/wpa2_enterprise_configurator/synautil.pas +D addons/wpa2_enterprise_configurator/synsock.pas +D addons/wpa2_enterprise_configurator/unit1.lfm +D addons/wpa2_enterprise_configurator/unit1.lrs +D addons/wpa2_enterprise_configurator/unit1.pas +D addons/wpa2_enterprise_configurator/unit2.lfm +D addons/wpa2_enterprise_configurator/unit2.pas +D addons/wpa2_enterprise_configurator/unit3.lfm +D addons/wpa2_enterprise_configurator/unit3.pas +D html/captive-portal/content/WPA_Ent_Config.exe +D html/captive-portal/templates/release_with_execonfig.html +D html/captive-portal/templates/windows-soh-profile.xml +D html/captive-portal/templates/windows-wireless-profile-cert.xml +D html/captive-portal/templates/windows-wireless-profile.xml +M lib/pf/web.pm +M lib/pf/web/constants.pm +M lib/pf/web/dispatcher.pm +M lib/pf/web/provisioning.pm + +commit 872bc9301fe1ff393d47e4da4f851650a242bd4e +Author: Durand Fabrice +Date: Thu Jan 9 13:23:55 2014 -0500 + + Added Windows 8 for provisioning + +M lib/pf/web.pm + +commit d540144e087da806481c7f5865b9424a86b9ce9c +Author: Durand Fabrice +Date: Tue Jan 7 16:37:58 2014 -0500 + + Update the windows exe + +M addons/wpa2_enterprise_configurator/WPA_Ent_Config.lpi +M addons/wpa2_enterprise_configurator/WPA_Ent_Config.res +M addons/wpa2_enterprise_configurator/unit1.lfm +M addons/wpa2_enterprise_configurator/unit3.lfm +M html/captive-portal/content/WPA_Ent_Config.exe + +commit aab90ee10620cd7933119f3b1936af7287d7af27 +Author: Durand Fabrice +Date: Mon Dec 16 13:43:25 2013 -0500 + + New exe + +M addons/wpa2_enterprise_configurator/WPA_Ent_Config.exe + +commit a8e508455125eb5eaca3057f926eb97bc95c055c +Author: Durand Fabrice +Date: Mon Dec 16 13:41:16 2013 -0500 + + Test the windows registry + +M addons/wpa2_enterprise_configurator/unit1.pas + +commit 1d2269aaa67a4a4c080b2e16c311867f40d13272 +Author: Durand Fabrice +Date: Sat Dec 14 13:44:58 2013 -0500 + + Shell execute in wpa configurator + +M addons/wpa2_enterprise_configurator/unit1.pas + +commit 053f461067dcfe457cf9f8179d34a892ea7cd216 +Author: Durand Fabrice +Date: Fri Dec 13 21:54:17 2013 -0500 + + Create the profil for the current connected user, not for all + +M addons/wpa2_enterprise_configurator/unit1.pas + +commit 61b4d6b0bb29d363eaca7ffcae750c93c03f7cdc +Author: Durand Fabrice +Date: Fri Dec 13 21:51:04 2013 -0500 + + Change fqdn where to fetch the profil + +M addons/wpa2_enterprise_configurator/unit1.pas + +commit 6d368ec99f895eae809b07e6f63d481928ab260a +Author: Durand Fabrice +Date: Fri Dec 13 21:42:37 2013 -0500 + + WPA2 configurator change (new way to exec windows command) + +M addons/wpa2_enterprise_configurator/WPA_Ent_Config.lpi +M addons/wpa2_enterprise_configurator/WPA_Ent_Config.res +M addons/wpa2_enterprise_configurator/unit1.lfm +M addons/wpa2_enterprise_configurator/unit1.pas + +commit e764715262753a6881d0267f30db5167fd848a01 +Author: Durand Fabrice +Date: Fri Dec 13 11:31:48 2013 -0500 + + Added the new apk for android + +M html/captive-portal/content/PacketFenceAgent.apk + +commit 207bf232f732e1eb40b094ad3d45e2928e24f2bc +Author: Durand Fabrice +Date: Fri Dec 13 11:26:55 2013 -0500 + + Added Crypt::OpenSSL::X509 dep + +M addons/packages/packetfence.spec + +commit 01a0d1837509c618d368008019c60c3d3e54c44b +Author: Durand Fabrice +Date: Fri Dec 13 09:36:53 2013 -0500 + + Missing lib in web.pm + +M lib/pf/web.pm + +commit 3f010cbe3cb1e0d379170af2a93ab6e44cb4021a +Author: Durand Fabrice +Date: Thu Sep 26 13:36:35 2013 -0400 + + Fix Mac wispr blank page + +M lib/pf/web/dispatcher.pm + +commit 6cf5c60c63a18b6500488381add2e656a813b61a +Author: Durand Fabrice +Date: Thu Sep 26 10:32:50 2013 -0400 + + Added module to provisioning::custom + +M lib/pf/web/provisioning/custom.pm + +commit 38e8f615b2efaf5a2d283a7cd5a97a9445240d89 +Author: Durand Fabrice +Date: Thu Sep 26 10:23:38 2013 -0400 + + Clean code + +M lib/pf/web/custom.pm + +commit ac9d6d0898af3ae58a57a46e6aae5f6a2d30d72e +Author: Durand Fabrice +Date: Thu Sep 26 10:19:11 2013 -0400 + + Change the apple_mobileconfig_provisioning_xml function + +M lib/pf/web.pm + +commit 8b99bb6d19ca4207e371bf9a33e6979071a23d98 +Author: Durand Fabrice +Date: Thu Sep 26 10:12:44 2013 -0400 + + Oriented Object for provisioning + +M lib/pf/web/dispatcher.pm +M lib/pf/web/provisioning.pm +A lib/pf/web/provisioning/custom.pm + +commit 80c8fb18dd41fbe420c41c48de6ee615e6e31ae7 +Author: Durand Fabrice +Date: Wed Sep 25 15:42:04 2013 -0400 + + Remove debug + +M lib/pf/web.pm + +commit 600a5e83de43796cff439c5fe73824590c4124d5 +Author: Durand Fabrice +Date: Wed Sep 25 15:34:07 2013 -0400 + + Change in spec file + +M addons/packages/packetfence.spec + +commit 8762b8720619d9d1691a077a61f9236e825e5397 +Author: Durand Fabrice +Date: Wed Sep 25 15:29:35 2013 -0400 + + Added apk file for provisioning + +A html/captive-portal/content/PacketFenceAgent.apk + +commit 5edbaa51dcae8486f2fd8a3724484c77216aab64 +Author: Durand Fabrice +Date: Wed Sep 25 15:11:24 2013 -0400 + + Fix syntax + +M lib/pf/web.pm + +commit d6f7b77c064abfd1d6b9350dcef85e86ce44e8fd +Author: Durand Fabrice +Date: Wed Sep 25 15:07:28 2013 -0400 + + Added Android support + +M html/captive-portal/redir.cgi +A html/captive-portal/templates/release_with_android.html +M lib/pf/web.pm +M lib/pf/web/constants.pm +M lib/pf/web/dispatcher.pm +M lib/pf/web/provisioning.pm + +commit 101fe96005be0b59c61a9d2051c62783e07c9c50 +Author: Durand Fabrice +Date: Wed Sep 25 14:03:46 2013 -0400 + + Rewrite provisioning in mod_perl + Fix Content-Type header for apple stuff + +D html/captive-portal/wireless-profile.cgi +M lib/pf/web/constants.pm +M lib/pf/web/dispatcher.pm +A lib/pf/web/provisioning.pm + +commit 9bb263ceab337f836de566506e8dbb06bfcd3add +Author: Durand Fabrice +Date: Tue Sep 24 14:46:40 2013 -0400 + + Comment custom code and add Mac provisionning + +M lib/pf/web.pm +M lib/pf/web/custom.pm + +commit 5e97fdc8fa24361b81f3a06c2044be31677b0009 +Author: Durand Fabrice +Date: Tue Sep 24 13:16:54 2013 -0400 + + Update windows executable + +M addons/wpa2_enterprise_configurator/WPA_Ent_Config.exe +M addons/wpa2_enterprise_configurator/WPA_Ent_Config.lpi +M addons/wpa2_enterprise_configurator/WPA_Ent_Config.res +M html/captive-portal/content/WPA_Ent_Config.exe + +commit d82ae3ebe04190add18315aba581840eab645832 +Author: Durand Fabrice +Date: Mon Sep 23 16:14:52 2013 -0400 + + Update code based on the new packetfence code + +M html/captive-portal/redir.cgi +M lib/pf/web.pm +M lib/pf/web/custom.pm + +commit e3f86ed0a4ecd6008c1438c5dc4a0acc842fc9db +Author: Durand Fabrice +Date: Fri Aug 30 14:22:35 2013 -0400 + + Fix syntax + +M html/captive-portal/register.cgi + +commit 7f8fa00c6dc302a6ea8095604b2d8a8694c42fff +Author: Durand Fabrice +Date: Fri Aug 30 14:09:13 2013 -0400 + + Fix syntax + +M lib/pf/web/winprofil.pm + +commit c6f63e65d8c28703baaaddeb77d5925138173912 +Author: Durand Fabrice +Date: Fri Jan 4 11:58:33 2013 -0500 + + Fix syntax + +M conf/pf.conf.defaults + +commit fc727396be6c564b3c6fc4e21e5ab53da395fcef +Author: Durand Fabrice +Date: Fri Jan 4 11:47:58 2013 -0500 + + Fix default conf + +M conf/pf.conf.defaults + +commit ce8d4564e8181c4ca890d434109733f18c653e7d +Author: Durand Fabrice +Date: Fri Jan 4 11:30:14 2013 -0500 + + Missing dep + +M debian/control + +commit a142f1d75278e4fececeaf574e1f89e94b2ccada +Author: Durand Fabrice +Date: Fri Jan 4 11:20:08 2013 -0500 + + Missing in spec file + +M addons/packages/packetfence.spec + +commit 41a8b74cef03c1060ec565183bedd7c7f4d978f1 +Author: Durand Fabrice +Date: Thu Jan 3 16:03:51 2013 -0500 + + New windows client version + +A addons/wpa2_enterprise_configurator/WPA_Ent_Config.exe +M addons/wpa2_enterprise_configurator/WPA_Ent_Config.lpi +M addons/wpa2_enterprise_configurator/WPA_Ent_Config.res +A addons/wpa2_enterprise_configurator/noname.png +A addons/wpa2_enterprise_configurator/noname2.png +A addons/wpa2_enterprise_configurator/packetfence.png +A addons/wpa2_enterprise_configurator/packetfence24.png +M html/captive-portal/content/WPA_Ent_Config.exe + +commit 856c4215a2d059c5df7eb7f3a6f55e48e19b1e18 +Author: Durand Fabrice +Date: Mon Nov 5 15:35:44 2012 -0500 + + Remove unused files + +D html/captive-portal/get-radius-certificate.cgi +D html/captive-portal/wireless-profile-win.cgi + +commit c08e4fa0c68d4e415fadb1c180f23e5852fb5501 +Author: Durand Fabrice +Date: Mon Nov 5 15:27:39 2012 -0500 + + Update windows client + +A addons/wpa2_enterprise_configurator/WPA_Ent_Config.ico +M addons/wpa2_enterprise_configurator/WPA_Ent_Config.lpi +M addons/wpa2_enterprise_configurator/WPA_Ent_Config.res +M addons/wpa2_enterprise_configurator/unit1.lfm +M addons/wpa2_enterprise_configurator/unit1.pas +M addons/wpa2_enterprise_configurator/unit3.lfm +M addons/wpa2_enterprise_configurator/unit3.pas +A html/captive-portal/content/WPA_Ent_Config.exe +D html/captive-portal/content/nastavitSit.exe + +commit bf57b8f18bbc7c8d65ac2ba87b043140ac0db0ac +Author: Durand Fabrice +Date: Mon Nov 5 11:29:24 2012 -0500 + + Use of memcached for windows profile + +M html/captive-portal/register.cgi +A html/captive-portal/templates/release_with_execonfig.html +A html/captive-portal/templates/windows-soh-profile.xml +M html/captive-portal/templates/windows-wireless-profile-cert.xml +M html/captive-portal/templates/windows-wireless-profile.xml +M lib/pf/web.pm +M lib/pf/web/constants.pm +M lib/pf/web/winprofil.pm + +commit 8324bec12d44b49ca5d17294bb1d7e375c95d796 +Author: Durand Fabrice +Date: Wed Oct 31 16:22:22 2012 -0400 + + Update windows client + return xml, soh and cert by mod_perl + +D addons/wpa2_enterprise_configurator/WPA_Ent_Config.ico +M addons/wpa2_enterprise_configurator/WPA_Ent_Config.lpi +M addons/wpa2_enterprise_configurator/WPA_Ent_Config.res +A addons/wpa2_enterprise_configurator/blcksock.pas +A addons/wpa2_enterprise_configurator/dll.pas +A addons/wpa2_enterprise_configurator/httpsend.pas +A addons/wpa2_enterprise_configurator/libeay32.dll +A addons/wpa2_enterprise_configurator/libssh2.dll +D addons/wpa2_enterprise_configurator/packetfence.png +D addons/wpa2_enterprise_configurator/packetfence24.png +A addons/wpa2_enterprise_configurator/ssl_openssl.pas +A addons/wpa2_enterprise_configurator/ssl_openssl_lib.pas +A addons/wpa2_enterprise_configurator/ssleay32.dll +A addons/wpa2_enterprise_configurator/sswin32.inc +A addons/wpa2_enterprise_configurator/synacode.pas +A addons/wpa2_enterprise_configurator/synafpc.pas +A addons/wpa2_enterprise_configurator/synaip.pas +A addons/wpa2_enterprise_configurator/synautil.pas +A addons/wpa2_enterprise_configurator/synsock.pas +M addons/wpa2_enterprise_configurator/unit1.lfm +M addons/wpa2_enterprise_configurator/unit1.pas +M addons/wpa2_enterprise_configurator/unit3.lfm +M addons/wpa2_enterprise_configurator/unit3.pas +M lib/pf/web.pm +M lib/pf/web/dispatcher.pm +A lib/pf/web/winprofil.pm + +commit 6c76ede3d803c9492f549133a4d273ec1d725cca +Author: Durand Fabrice +Date: Tue Oct 30 09:25:20 2012 -0400 + + Added the windows source client + +A addons/wpa2_enterprise_configurator/WPA_Ent_Config.ico +A addons/wpa2_enterprise_configurator/WPA_Ent_Config.lpi +A addons/wpa2_enterprise_configurator/WPA_Ent_Config.lpr +A addons/wpa2_enterprise_configurator/WPA_Ent_Config.res +A addons/wpa2_enterprise_configurator/manifest.rc +A addons/wpa2_enterprise_configurator/manifest.xml +A addons/wpa2_enterprise_configurator/packetfence.png +A addons/wpa2_enterprise_configurator/packetfence24.png +A addons/wpa2_enterprise_configurator/unit1.lfm +A addons/wpa2_enterprise_configurator/unit1.lrs +A addons/wpa2_enterprise_configurator/unit1.pas +A addons/wpa2_enterprise_configurator/unit2.lfm +A addons/wpa2_enterprise_configurator/unit2.pas +A addons/wpa2_enterprise_configurator/unit3.lfm +A addons/wpa2_enterprise_configurator/unit3.pas + +commit b6c33cae9e349313b711e0af13a3646cf898b67d +Author: Durand Fabrice +Date: Fri Sep 21 15:34:53 2012 -0400 + + Changed descriptions + +M html/captive-portal/get-radius-certificate.cgi +M html/captive-portal/wireless-profile-win.cgi + +commit 29e9ea584926170ac769514c2067fd0a5c6e310a +Author: Durand Fabrice +Date: Fri Sep 21 14:46:30 2012 -0400 + + Added new files + +A html/captive-portal/content/nastavitSit.exe +A html/captive-portal/get-radius-certificate.cgi +A html/captive-portal/templates/windows-wireless-profile-cert.xml +A html/captive-portal/templates/windows-wireless-profile.xml +A html/captive-portal/wireless-profile-win.cgi + +commit a712270884cb082bf9c4b05c4fbf1f2830ded030 +Author: Durand Fabrice +Date: Fri Sep 21 14:37:55 2012 -0400 + + Introduce windows wireless profile creation + +M conf/documentation.conf +M lib/pf/pfcmd/checkup.pm +M lib/pf/web.pm + +commit c8c5a7b8961beef44b9c8a81a4af3398891502a9 +Author: James Rouzier +Date: Tue Aug 6 10:08:53 2013 -0400 + + New configuartion controller for adminroles + +A conf/admin_roles.conf +M html/pfappserver/lib/pfappserver/Controller/User.pm + +commit 8c2cec59111f515221080389aff5656476aa1428 +Author: James Rouzier +Date: Wed Jul 31 22:49:02 2013 -0400 + + Example restriction for user role + +M html/pfappserver/lib/pfappserver/Controller/User.pm + +commit 4641da14437dbef4831889225b19141150301e86 +Author: Durand Fabrice +Date: Mon Feb 17 10:40:38 2014 -0500 + + Allow multiple dns server in network config + +M lib/pf/pfcmd/checkup.pm + +commit f34e2dcd3d80663512dfb4abac4b31feecaa4118 +Author: Durand Fabrice +Date: Fri Jan 17 11:11:24 2014 -0500 + + Allow network alias interface + +M lib/pf/config.pm + +commit 64af9434fed2320f12c2bd47987a7a51cbe9dd7c +Author: Fabrice Durand +Date: Sun Feb 16 16:27:53 2014 -0500 + + Fixed for nightly build + +D lib/pf/SNMP/Avaya/ERS2500.pm +D lib/pf/SNMP/Avaya/ERS4000.pm +D lib/pf/SNMP/Enterasys/V2110.pm +D lib/pf/SNMP/Huawei.pm +M lib/pf/Switch/Avaya.pm +A lib/pf/Switch/Avaya/ERS2500.pm +A lib/pf/Switch/Avaya/ERS4000.pm +M lib/pf/Switch/Enterasys/D2.pm +A lib/pf/Switch/Enterasys/V2110.pm +A lib/pf/Switch/Huawei.pm +M lib/pf/accounting.pm +M lib/pf/inline/accounting.pm + +commit 1593fe433f08c18d45eb062b71c725f3c12ad88d +Author: Durand Fabrice +Date: Thu Feb 13 13:01:55 2014 -0500 + + Fixed rebase issue + +M lib/pf/IniFiles.pm +M lib/pf/Portal/Session.pm +M lib/pf/Switch.pm +M lib/pf/Switch/Nortel/ERS4000.pm + +commit fa07ddd05b06fa48f1ae19d1ee05109020b4f140 +Author: Durand Fabrice +Date: Thu Feb 13 12:03:51 2014 -0500 + + Removed rebase stuff + +M lib/pf/Role/CHI/Driver/FileUmask.pm + +commit 7e02f707871b88425184bb847fc99cd00d19497a +Author: James Rouzier +Date: Wed Feb 12 14:21:09 2014 -0500 + + Check where the server is currently at to redirect to the appropriate page + +M html/pfappserver/lib/pfappserver/Controller/Root.pm + +commit 7a9053a446a4d53ed6cc62818aafcc64642d4552 +Author: James Rouzier +Date: Wed Feb 12 13:55:48 2014 -0500 + + Fix 'Use of uninitialized value in string eq' error + +M html/pfappserver/lib/pfappserver/Form/Config/Switch.pm + +commit d85b44c46f73a2cb1f1a1d56929232637c0d459c +Author: James Rouzier +Date: Mon Feb 10 09:50:16 2014 -0500 + + Added admin action NODES_READ to allow to access saved searches for nodes + +M html/pfappserver/lib/pfappserver/Controller/SavedSearch/Node.pm + +commit 03a6a1decaf4b535f89337791e08f57be768129a +Author: James Rouzier +Date: Mon Feb 10 09:48:55 2014 -0500 + + Added admin action USERS_READ to allow to access saved searches for users + +M html/pfappserver/lib/pfappserver/Controller/SavedSearch/User.pm + +commit 0d52ff916a94c50ae9f8344a19f499e1596d1236 +Author: James Rouzier +Date: Mon Feb 10 09:44:56 2014 -0500 + + Added the SET_ACCESS_LEVEL and updated match_in_subclass + +M lib/pf/Authentication/Source/NullSource.pm + +commit f7399abf22c96998df87ba847efd6c56500ef000 +Author: Louis Munro +Date: Fri Feb 7 10:42:12 2014 -0500 + + Added code to handle violations and devices in isolation VLAN. + +M lib/pf/Switch/Cisco/WLC_http.pm + +commit cd71fce6d08ab5691d3f64e827dac490b678f3f2 +Author: Durand Fabrice +Date: Wed Feb 5 15:43:29 2014 -0500 + + Included first draft for Ruckus access point + +M lib/pf/Portal/Session.pm +M lib/pf/Switch/Ruckus.pm +M lib/pf/SwitchFactory.pm +M lib/pf/web/dispatcher.pm + +commit 5e8e21d88f9c2800312e787192e7e40b55d4afcd +Author: James Rouzier +Date: Tue Feb 4 14:02:09 2014 -0500 + + Better error message when you cannot save file + +M html/pfappserver/lib/pfappserver/Base/Model/Config.pm + +commit 4af0894c3d667cdaaff2dad495264c03f22b4843 +Author: James Rouzier +Date: Tue Feb 4 13:50:11 2014 -0500 + + Check for an empty type for switch + +M lib/pf/pfcmd/checkup.pm + +commit e8de8bbc374fff5b314263c056b90adfd2fed198 +Author: James Rouzier +Date: Tue Feb 4 12:08:31 2014 -0500 + + Revert back to using ReloadConfigs instead of RefreshConfigs + +M sbin/pfdetect +M sbin/pfdhcplistener +M sbin/pfdns +M sbin/pfmon +M sbin/pfsetvlan + +commit 949416268ca32388e177bd9efec8cf5fefc4c656 +Author: James Rouzier +Date: Fri Jan 31 15:00:16 2014 -0500 + + Removed the RefreshConfig function + +M html/pfappserver/lib/pfappserver.pm +M lib/pf/WebAPI/InitHandler.pm +M lib/pf/config/cached.pm + +commit b8f196245062b2d1a295a5175856287d9d0ebeda +Author: Durand Fabrice +Date: Mon Feb 3 11:49:49 2014 -0500 + + Fix accounting maintenance + +M lib/pf/accounting.pm + +commit 0cc33eecada0df9eeb8c54f57bf83b2b4eaa2620 +Author: Durand Fabrice +Date: Fri Jan 31 16:19:05 2014 -0500 + + Remove a warning + +M lib/pf/web/dispatcher.pm + +commit 26dad0303b4927c1a2be882453f8ace09b082443 +Author: Durand Fabrice +Date: Fri Jan 31 12:32:54 2014 -0500 + + Remove a warning if the value is not define + +M lib/pf/web.pm + +commit 8cbe58a6e7be7c0586a6b693199f98a4d1b28066 +Author: Durand Fabrice +Date: Thu Jan 30 12:45:05 2014 -0500 + + Test if the locale header exist and disable accounting maintenance is the policy is disabled + +M lib/pf/Portal/Session.pm +M lib/pf/accounting.pm +M lib/pf/trigger.pm + +commit e000d4f1975897f0978a2c9f0da52c8e333acae8 +Author: Durand Fabrice +Date: Wed Jan 29 15:12:41 2014 -0500 + + Syntax error + +M lib/pf/web/dispatcher.pm + +commit 91383ceaf27213817d68743151c0a4ba402d98df +Author: Durand Fabrice +Date: Wed Jan 29 15:09:06 2014 -0500 + + Added the way to instantiate a switch by the mac address + +M lib/pf/web/constants.pm +M lib/pf/web/dispatcher.pm + +commit 27649c5e4cb4efcfb45416cf9531e7f2cf904f35 +Author: Durand Fabrice +Date: Wed Jan 29 11:56:09 2014 -0500 + + Updated spec file + +M addons/packages/packetfence.spec + +commit c6eee35ae501207c28cc75bcfb9e9bb9b5c43ece +Author: James Rouzier +Date: Tue Jan 28 16:35:43 2014 -0500 + + Add dumping of all the switches and a single switch + +M addons/dev-helpers/dump.pl + +commit 4c51c6444c24f63375d22e3f2d22d81ee5aabbe7 +Author: James Rouzier +Date: Tue Jan 28 14:11:15 2014 -0500 + + Fix pfcache file permissions + + Conflicts: + addons/packages/packetfence.spec + debian/control + +M lib/pf/Role/CHI/Driver/FileUmask.pm + +commit 9f5a0fb854ae1d6856d8d2faba567330d1e17555 +Author: Durand Fabrice +Date: Fri Jan 24 16:30:22 2014 -0500 + + Force mac on Portal Profile creation + +M lib/pf/web/dispatcher.pm + +commit 32186ff8815002c6b030bc9c21a1534ae66e23b0 +Author: Durand Fabrice +Date: Tue Jan 21 14:20:04 2014 -0500 + + Modified regexp to detect cisco external portal + +M lib/pf/web/constants.pm +M lib/pf/web/dispatcher.pm + +commit cfebb92862b0b00209c08f8b806f629d85868da3 +Author: Durand Fabrice +Date: Tue Jan 21 11:17:27 2014 -0500 + + Fixed redirect url in Cisco WLC_http module + +M lib/pf/Switch/Cisco/WLC_http.pm + +commit 43d9d9affd66b718d6e74586ac96dfa16793e5d0 +Author: Durand Fabrice +Date: Tue Jan 21 08:57:49 2014 -0500 + + Update Role in Aruba Switch Module + +M lib/pf/Switch/Aruba.pm + +commit c265f2c97448ee308cb817253ac80ce122161fc4 +Author: Durand Fabrice +Date: Tue Jan 21 08:42:46 2014 -0500 + + Syntax error in Aruba Switch Module + +M lib/pf/Switch/Aruba.pm + +commit 79ced56f42a1919d22d387a49e11f34692fb6587 +Author: Durand Fabrice +Date: Tue Jan 21 08:33:11 2014 -0500 + + Update role check in Aruba Switch Module + +M lib/pf/Switch/Aruba.pm + +commit 499aa2457ff302dccb58b1a2bf641093a3a7acf8 +Author: Durand Fabrice +Date: Mon Jan 20 16:28:30 2014 -0500 + + Fixed wrong vlan id return + +M lib/pf/vlan.pm + +commit 0c30c23f7fe3801a1fde99c10a53ff2b8c58f6e3 +Author: Durand Fabrice +Date: Mon Jan 20 15:11:12 2014 -0500 + + Fixed portal profile detection + +M lib/pf/Portal/Session.pm +M lib/pf/web/dispatcher.pm + +commit 3165759164763f5c6db62e94a00f3c22e786ec09 +Author: Durand Fabrice +Date: Mon Jan 20 12:11:39 2014 -0500 + + Fix regexp + +M lib/pf/web/constants.pm + +commit 7fee816cf756d726fb4284f39809a20dc09b0195 +Author: Durand Fabrice +Date: Mon Jan 20 10:47:19 2014 -0500 + + Added missing perl module in spec file + +M addons/packages/packetfence.spec + +commit 6595e1d233393363fd2b8d5a5fefef50cce0bf70 +Author: Durand Fabrice +Date: Mon Jan 20 09:27:08 2014 -0500 + + Spec file modification + +M addons/packages/packetfence.spec + +commit 5ab6d5664ce2f5dcb39b0fcfe62d0b5a79458209 +Author: Durand Fabrice +Date: Mon Jan 20 08:57:14 2014 -0500 + + Update a test + +M lib/pf/web/dispatcher.pm + +commit 2490843e3727a3d34e6ed98ded4ebf92e6229164 +Author: James Rouzier +Date: Thu Jan 16 18:39:37 2014 -0500 + + Removed modules that do not exists + +M sbin/pfcache + +commit d28edab1867e2fd24a56a4dda3c0fdd62eefdd29 +Author: James Rouzier +Date: Thu Jan 9 12:35:17 2014 -0500 + + Removed sorting of switches before displaying. + Added pagination Role + +M html/pfappserver/lib/pfappserver/Controller/Configuration/Switch.pm + +commit 461fb0a62906bf07faea34d7dcd5e119febf0794 +Author: James Rouzier +Date: Thu Jan 9 12:34:31 2014 -0500 + + Resort switches before saving + +M lib/pf/ConfigStore/Switch.pm + +commit ed5e0a174555261a2daaff1687e10aa5839ce690 +Author: James Rouzier +Date: Thu Jan 9 11:58:49 2014 -0500 + + readAll now accepts pageNumber and perPage + +M html/pfappserver/lib/pfappserver/Base/Model/Config.pm + +commit c5718650ca5e14940a076eaa08a5b40e56b7efd6 +Author: James Rouzier +Date: Thu Jan 9 11:52:26 2014 -0500 + + Added pagination bar + +M html/pfappserver/root/configuration/switch/list.tt + +commit 0deecd7b0f7215ea30725a8a5f9a3b43059fd7fc +Author: James Rouzier +Date: Thu Jan 9 11:40:28 2014 -0500 + + Added new role for pagination + +A html/pfappserver/lib/pfappserver/Base/Controller/Crud/Pagination.pm + +commit d2b40c5b436558dfafda2c0eeeecadddbcbc5837 +Author: James Rouzier +Date: Mon Dec 30 23:27:08 2013 -0500 + + Will only refresh from the cache not from onfile loads + + Conflicts: + html/captive-portal/lib/captiveportal.pm + +M html/pfappserver/lib/pfappserver.pm +M lib/pf/WebAPI/InitHandler.pm +M lib/pf/config/cached.pm +M sbin/pfdetect +M sbin/pfdhcplistener +M sbin/pfdns +M sbin/pfmon +M sbin/pfsetvlan + +commit 1112458eba7b36487de25c89e87aa31bd9f8899d +Author: James Rouzier +Date: Mon Dec 23 11:33:12 2013 -0500 + + Convert timestamp to a 64bit number + +M lib/pf/IniFiles.pm + +commit 483d4dd840950be903ad034802b319c4b528f568 +Author: Durand Fabrice +Date: Tue Jan 14 10:39:20 2014 -0500 + + Fix session in dispatcher + +M lib/pf/web/dispatcher.pm + +commit 5053b870967e1fc44d7602c7412a713fcb7b8eff +Author: Durand Fabrice +Date: Fri Jan 10 16:12:09 2014 -0500 + + Fix role issue + +M lib/pf/Switch/Cisco/WLC_http.pm + +commit 7870697dabb00cb86d501b2e8eba5e5637b72209 +Author: Durand Fabrice +Date: Fri Jan 10 15:38:35 2014 -0500 + + Redirect url workaround + +M lib/pf/Portal/Session.pm +M lib/pf/web/dispatcher.pm + +commit dc03841fa82b556a79ea4d571f2d7cffd4ac8766 +Author: Durand Fabrice +Date: Fri Jan 10 08:24:16 2014 -0500 + + Use the referer as the destination url + +M lib/pf/web/dispatcher.pm + +commit 94cb7e748299c340788d23ea49161d1e786792c3 +Author: Durand Fabrice +Date: Thu Jan 9 16:23:56 2014 -0500 + + Fix syntax + +M lib/pf/Switch.pm + +commit 201244364ef6b87f5343a39b41a12cd22d30dec6 +Author: Durand Fabrice +Date: Thu Jan 9 16:14:59 2014 -0500 + + Added new attribute portalURL to specify the portal url per switch + Change the CoA port to 1700 + Change the radius workflow + +M html/pfappserver/lib/pfappserver/Form/Config/Switch.pm +M lib/pf/Switch.pm +M lib/pf/Switch/Cisco/WLC_http.pm + +commit dd30da916261fb9f5464a9c3a16e19e49372e02c +Author: Durand Fabrice +Date: Wed Jan 8 17:05:22 2014 -0500 + + Added a new column in the node table to keep the radius session id (not accounting) + +A db/pf-schema-4.1.1.sql +A db/upgrade-4.1.0-4.1.1.sql +M lib/pf/Switch.pm +M lib/pf/Switch/Cisco/WLC_http.pm +M lib/pf/node.pm +M lib/pf/radius.pm + +commit 03496ea28907c92350cab5805e30cfdc63061229 +Author: Durand Fabrice +Date: Tue Jan 7 10:39:13 2014 -0500 + + Update CoA attributes and set session id length as a param + +M lib/pf/Switch/Cisco/WLC_http.pm +M lib/pf/web/util.pm + +commit 16e0af11301b0069878a1f341c5675df75dfbaaa +Author: Durand Fabrice +Date: Thu Jan 2 15:57:50 2014 -0500 + + Fix syntax in CoA attributes + +M lib/pf/Switch/Cisco/WLC_http.pm + +commit c5693848d8b1c30c8e0ea85cca0ede49a9e46c2e +Author: Durand Fabrice +Date: Thu Jan 2 15:49:56 2014 -0500 + + Provide a dynamic url-redirect url with a session id + +M lib/pf/Switch/Cisco/WLC_http.pm +M lib/pf/web/constants.pm +M lib/pf/web/dispatcher.pm + +commit ff31c69d46621852c61fea7022b105c4861dbd54 +Author: Durand Fabrice +Date: Thu Jan 2 09:53:02 2014 -0500 + + Added CoA attributes to deauth + +M lib/pf/Switch/Cisco/WLC_http.pm + +commit 0920e4aa82a3d2f0201c93a9594e3a11363150d3 +Author: Durand Fabrice +Date: Wed Dec 18 15:03:49 2013 -0500 + + Update WLC external portal code (CoA) + +M lib/pf/Switch/Cisco/WLC_http.pm + +commit cc0dfc00d9b3730fa9b1d6151c41b0f2c4091a8b +Author: Durand Fabrice +Date: Wed Dec 18 12:05:44 2013 -0500 + + Fix ref + +M raddb/packetfence.pm + +commit c9c81245ea9930bb4a5e6cc8d5bae86a3d53e456 +Author: Durand Fabrice +Date: Wed Dec 18 11:05:04 2013 -0500 + + Added param in the redirection + Fix getClientMac in Session.pm + +M lib/pf/Portal/Session.pm +M lib/pf/web/dispatcher.pm + +commit 888cfc9b7c49103a8626923047e90c8b65386a7b +Author: Durand Fabrice +Date: Wed Dec 18 09:39:53 2013 -0500 + + Update radius answer for the mutivalue attribute + +M raddb/packetfence.pm + +commit f22ba85071b44fea2e8e4efa6b69f57f89630cb0 +Author: Durand Fabrice +Date: Mon Dec 16 14:02:24 2013 -0500 + + New cisco module for web auth + +A lib/pf/Switch/Cisco/WLC_http.pm + +commit 8f3bba3ba0e6943737c17fa42287f98d35e58f9a +Author: Durand Fabrice +Date: Wed Dec 11 08:32:27 2013 -0500 + + Missing radius config + +M raddb/sites-available/packetfence + +commit 8a9cba25a41cda1653342c255e85e0a36b03a2ce +Author: Durand Fabrice +Date: Tue Dec 10 12:26:06 2013 -0500 + + Added Aruba external portal support + +M lib/pf/Switch/Aruba.pm + +commit b65b34a2befedfecc5f569ad1720e1901163c5b6 +Author: Durand Fabrice +Date: Tue Dec 10 10:59:31 2013 -0500 + + Update mysql schema + +M db/pf-schema-4.1.0.sql + +commit 6341c0b9af48f694e0e1eafb47c05559f7291268 +Author: Durand Fabrice +Date: Tue Dec 10 10:54:09 2013 -0500 + + Renamed pf/SNMP to pf/Switch + +M docs/PacketFence_Developers_Guide.asciidoc +M lib/pf/Switch/AeroHIVE.pm +M lib/pf/Switch/Extreme.pm +M lib/pf/Switch/HP/Controller_MSM710.pm +M lib/pf/Switch/HP/MSM.pm +M lib/pf/Switch/Meru.pm +M lib/pf/Switch/Trapeze.pm +M t/TestUtils.pm +M t/hardware-snmp-objects.t + +commit bb7220219631311f1ef5925ee21abb1369d2f723 +Author: Durand Fabrice +Date: Tue Dec 10 10:43:38 2013 -0500 + + Update mysql schema + +M db/pf-schema-4.1.0.sql + +commit 81fd7217713bedf945ddd6c25c1772baa016f65b +Author: Durand Fabrice +Date: Tue Dec 10 10:26:19 2013 -0500 + + Fixed SNMP lib + +D lib/pf/SNMP/ArubaSwitch.pm +D lib/pf/SNMP/Dell/Force10.pm +D lib/pf/SNMP/HP/MSM.pm +A lib/pf/Switch/ArubaSwitch.pm +A lib/pf/Switch/Dell/Force10.pm +A lib/pf/Switch/HP/MSM.pm + +commit df7f66c2dee2a8716eef09826c9ad68e3c2b232f +Author: Durand Fabrice +Date: Mon Dec 9 13:33:17 2013 -0500 + + Syntax error after rebase + +M lib/pf/Switch/MockedSwitch.pm + +commit afe359d4ca7679e14bc693629867abd08f39d3bd +Author: Durand Fabrice +Date: Mon Dec 9 11:17:00 2013 -0500 + + Fixed syntax error after rebase + +M lib/pf/Switch.pm + +commit 6e504aba5242fcd5370e83391047b6b024511cd8 +Author: Durand Fabrice +Date: Fri Nov 8 16:15:11 2013 -0500 + + HTTP Workflow for external portal + +M lib/pf/Portal/Session.pm +M lib/pf/Switch.pm +M lib/pf/Switch/Cisco/WLC.pm +M lib/pf/Switch/MockedSwitch.pm +M lib/pf/WebAPI.pm +M lib/pf/iplog.pm +M lib/pf/web.pm +M lib/pf/web/constants.pm +M lib/pf/web/dispatcher.pm + +commit 34539457d798d90b497199ee3b91d3559d42adee +Author: Durand Fabrice +Date: Wed Nov 6 09:45:11 2013 -0500 + + Added the ssid part in the called-station-id + +M raddb/sites-available/dynamic-clients + +commit 4fc2387a1db0d2da59251d6f73f638cf9518ee90 +Author: Durand Fabrice +Date: Wed Nov 6 09:42:53 2013 -0500 + + Fix Switch type in the gui + +M html/pfappserver/lib/pfappserver/Form/Config/Switch.pm + +commit e6ed84c43d2dc8ea04c24427d73b0531f32a5d59 +Author: Durand Fabrice +Date: Tue Nov 5 11:40:43 2013 -0500 + + Missing function + +M lib/pf/IniFiles.pm + +commit e9f34600351b96898cd88a801d059bf5e5417c37 +Author: Durand Fabrice +Date: Tue Nov 5 09:54:44 2013 -0500 + + Update mysql scheme + +D db/dynamic-controller.sql +M db/upgrade-4.0.0-4.1.0.sql + +commit 873d42f43f6bcf2b38918b4a7a6a5bdf0634866d +Author: Durand Fabrice +Date: Mon Nov 4 14:26:57 2013 -0500 + + Renamed pf::SNMP to pf::Switch + +M addons/extract_i18n_strings.pl +M docs/PacketFence_Administration_Guide.asciidoc +M docs/PacketFence_Developers_Guide.asciidoc +M html/pfappserver/lib/pfappserver/Controller/Violation.pm +M html/pfappserver/lib/pfappserver/Form/Config/Switch.pm +M html/pfappserver/lib/pfappserver/I18N/en.po +D lib/pf/SNMP.pm +D lib/pf/SNMP/Accton.pm +D lib/pf/SNMP/Accton/ES3526XA.pm +D lib/pf/SNMP/Accton/ES3528M.pm +D lib/pf/SNMP/AeroHIVE.pm +D lib/pf/SNMP/AeroHIVE/AP.pm +D lib/pf/SNMP/AeroHIVE/nas-pb.yml +D lib/pf/SNMP/AlliedTelesis.pm +D lib/pf/SNMP/AlliedTelesis/AT8000GS.pm +D lib/pf/SNMP/Amer.pm +D lib/pf/SNMP/Amer/SS2R24i.pm +D lib/pf/SNMP/Aruba.pm +D lib/pf/SNMP/Aruba/Controller_200.pm +D lib/pf/SNMP/Avaya.pm +D lib/pf/SNMP/Avaya/ERS5000.pm +D lib/pf/SNMP/Avaya/ERS5000_6x.pm +D lib/pf/SNMP/Avaya/WC.pm +D lib/pf/SNMP/Belair.pm +D lib/pf/SNMP/Brocade.pm +D lib/pf/SNMP/Brocade/RFS.pm +D lib/pf/SNMP/Cisco.pm +D lib/pf/SNMP/Cisco/Aironet.pm +D lib/pf/SNMP/Cisco/Aironet_1130.pm +D lib/pf/SNMP/Cisco/Aironet_1242.pm +D lib/pf/SNMP/Cisco/Aironet_1250.pm +D lib/pf/SNMP/Cisco/Aironet_WDS.pm +D lib/pf/SNMP/Cisco/Catalyst_2900XL.pm +D lib/pf/SNMP/Cisco/Catalyst_2950.pm +D lib/pf/SNMP/Cisco/Catalyst_2960.pm +D lib/pf/SNMP/Cisco/Catalyst_2960G.pm +D lib/pf/SNMP/Cisco/Catalyst_2970.pm +D lib/pf/SNMP/Cisco/Catalyst_3500XL.pm +D lib/pf/SNMP/Cisco/Catalyst_3550.pm +D lib/pf/SNMP/Cisco/Catalyst_3560.pm +D lib/pf/SNMP/Cisco/Catalyst_3560G.pm +D lib/pf/SNMP/Cisco/Catalyst_3750.pm +D lib/pf/SNMP/Cisco/Catalyst_3750G.pm +D lib/pf/SNMP/Cisco/Catalyst_4500.pm +D lib/pf/SNMP/Cisco/Catalyst_6500.pm +D lib/pf/SNMP/Cisco/ISR_1800.pm +D lib/pf/SNMP/Cisco/WLC.pm +D lib/pf/SNMP/Cisco/WLC_2100.pm +D lib/pf/SNMP/Cisco/WLC_2106.pm +D lib/pf/SNMP/Cisco/WLC_2500.pm +D lib/pf/SNMP/Cisco/WLC_4400.pm +D lib/pf/SNMP/Cisco/WLC_5500.pm +D lib/pf/SNMP/Cisco/WiSM.pm +D lib/pf/SNMP/Cisco/WiSM2.pm +D lib/pf/SNMP/Dell.pm +D lib/pf/SNMP/Dell/PowerConnect3424.pm +D lib/pf/SNMP/Dlink.pm +D lib/pf/SNMP/Dlink/DES_3526.pm +D lib/pf/SNMP/Dlink/DES_3550.pm +D lib/pf/SNMP/Dlink/DGS_3100.pm +D lib/pf/SNMP/Dlink/DGS_3200.pm +D lib/pf/SNMP/Dlink/DWL.pm +D lib/pf/SNMP/Dlink/DWS_3026.pm +D lib/pf/SNMP/Enterasys.pm +D lib/pf/SNMP/Enterasys/D2.pm +D lib/pf/SNMP/Enterasys/Matrix_N3.pm +D lib/pf/SNMP/Enterasys/SecureStack_C2.pm +D lib/pf/SNMP/Enterasys/SecureStack_C3.pm +D lib/pf/SNMP/Extreme.pm +D lib/pf/SNMP/Extreme/Summit.pm +D lib/pf/SNMP/Extreme/Summit_X250e.pm +D lib/pf/SNMP/Extreme/nas-pb.yml +D lib/pf/SNMP/Extricom.pm +D lib/pf/SNMP/Extricom/EXSW.pm +D lib/pf/SNMP/Foundry.pm +D lib/pf/SNMP/Foundry/FastIron_4802.pm +D lib/pf/SNMP/Foundry/MC.pm +D lib/pf/SNMP/H3C.pm +D lib/pf/SNMP/H3C/S5120.pm +D lib/pf/SNMP/HP.pm +D lib/pf/SNMP/HP/Controller_MSM710.pm +D lib/pf/SNMP/HP/E4800G.pm +D lib/pf/SNMP/HP/E5500G.pm +D lib/pf/SNMP/HP/Procurve_2500.pm +D lib/pf/SNMP/HP/Procurve_2600.pm +D lib/pf/SNMP/HP/Procurve_3400cl.pm +D lib/pf/SNMP/HP/Procurve_4100.pm +D lib/pf/SNMP/HP/Procurve_5300.pm +D lib/pf/SNMP/HP/Procurve_5400.pm +D lib/pf/SNMP/HP/nas-pb.yml +D lib/pf/SNMP/Hostapd.pm +D lib/pf/SNMP/Intel.pm +D lib/pf/SNMP/Intel/Express_460.pm +D lib/pf/SNMP/Intel/Express_530.pm +D lib/pf/SNMP/Juniper.pm +D lib/pf/SNMP/Juniper/EX.pm +D lib/pf/SNMP/LG.pm +D lib/pf/SNMP/LG/ES4500G.pm +D lib/pf/SNMP/Linksys.pm +D lib/pf/SNMP/Linksys/SRW224G4.pm +D lib/pf/SNMP/Meru.pm +D lib/pf/SNMP/Meru/MC.pm +D lib/pf/SNMP/Meru/nas-pb.yml +D lib/pf/SNMP/MockedSwitch.pm +D lib/pf/SNMP/Motorola.pm +D lib/pf/SNMP/Motorola/RFS.pm +D lib/pf/SNMP/Netgear.pm +D lib/pf/SNMP/Netgear/FSM726v1.pm +D lib/pf/SNMP/Netgear/GS110.pm +D lib/pf/SNMP/Nortel.pm +D lib/pf/SNMP/Nortel/BPS2000.pm +D lib/pf/SNMP/Nortel/BayStack4550.pm +D lib/pf/SNMP/Nortel/BayStack470.pm +D lib/pf/SNMP/Nortel/BayStack5500.pm +D lib/pf/SNMP/Nortel/BayStack5500_6x.pm +D lib/pf/SNMP/Nortel/ERS2500.pm +D lib/pf/SNMP/Nortel/ERS4000.pm +D lib/pf/SNMP/Nortel/ERS5000.pm +D lib/pf/SNMP/Nortel/ERS5000_6x.pm +D lib/pf/SNMP/Nortel/ES325.pm +D lib/pf/SNMP/PacketFence.pm +D lib/pf/SNMP/Ruckus.pm +D lib/pf/SNMP/SMC.pm +D lib/pf/SNMP/SMC/TS6128L2.pm +D lib/pf/SNMP/SMC/TS6224M.pm +D lib/pf/SNMP/SMC/TS8800M.pm +D lib/pf/SNMP/ThreeCom.pm +D lib/pf/SNMP/ThreeCom/E4800G.pm +D lib/pf/SNMP/ThreeCom/E5500G.pm +D lib/pf/SNMP/ThreeCom/NJ220.pm +D lib/pf/SNMP/ThreeCom/SS4200.pm +D lib/pf/SNMP/ThreeCom/SS4500.pm +D lib/pf/SNMP/ThreeCom/Switch_4200G.pm +D lib/pf/SNMP/Trapeze.pm +D lib/pf/SNMP/Trapeze/nas-pb.yml +D lib/pf/SNMP/WirelessModuleTemplate.pm +D lib/pf/SNMP/Xirrus.pm +D lib/pf/SNMP/constants.pm +A lib/pf/Switch.pm +A lib/pf/Switch/Accton.pm +A lib/pf/Switch/Accton/ES3526XA.pm +A lib/pf/Switch/Accton/ES3528M.pm +A lib/pf/Switch/AeroHIVE.pm +A lib/pf/Switch/AeroHIVE/AP.pm +A lib/pf/Switch/AeroHIVE/nas-pb.yml +A lib/pf/Switch/AlliedTelesis.pm +A lib/pf/Switch/AlliedTelesis/AT8000GS.pm +A lib/pf/Switch/Amer.pm +A lib/pf/Switch/Amer/SS2R24i.pm +A lib/pf/Switch/Aruba.pm +A lib/pf/Switch/Aruba/Controller_200.pm +A lib/pf/Switch/Avaya.pm +A lib/pf/Switch/Avaya/ERS5000.pm +A lib/pf/Switch/Avaya/ERS5000_6x.pm +A lib/pf/Switch/Avaya/WC.pm +A lib/pf/Switch/Belair.pm +A lib/pf/Switch/Brocade.pm +A lib/pf/Switch/Brocade/RFS.pm +A lib/pf/Switch/Cisco.pm +A lib/pf/Switch/Cisco/Aironet.pm +A lib/pf/Switch/Cisco/Aironet_1130.pm +A lib/pf/Switch/Cisco/Aironet_1242.pm +A lib/pf/Switch/Cisco/Aironet_1250.pm +A lib/pf/Switch/Cisco/Aironet_WDS.pm +A lib/pf/Switch/Cisco/Catalyst_2900XL.pm +A lib/pf/Switch/Cisco/Catalyst_2950.pm +A lib/pf/Switch/Cisco/Catalyst_2960.pm +A lib/pf/Switch/Cisco/Catalyst_2960G.pm +A lib/pf/Switch/Cisco/Catalyst_2970.pm +A lib/pf/Switch/Cisco/Catalyst_3500XL.pm +A lib/pf/Switch/Cisco/Catalyst_3550.pm +A lib/pf/Switch/Cisco/Catalyst_3560.pm +A lib/pf/Switch/Cisco/Catalyst_3560G.pm +A lib/pf/Switch/Cisco/Catalyst_3750.pm +A lib/pf/Switch/Cisco/Catalyst_3750G.pm +A lib/pf/Switch/Cisco/Catalyst_4500.pm +A lib/pf/Switch/Cisco/Catalyst_6500.pm +A lib/pf/Switch/Cisco/ISR_1800.pm +A lib/pf/Switch/Cisco/WLC.pm +A lib/pf/Switch/Cisco/WLC_2100.pm +A lib/pf/Switch/Cisco/WLC_2106.pm +A lib/pf/Switch/Cisco/WLC_2500.pm +A lib/pf/Switch/Cisco/WLC_4400.pm +A lib/pf/Switch/Cisco/WLC_5500.pm +A lib/pf/Switch/Cisco/WiSM.pm +A lib/pf/Switch/Cisco/WiSM2.pm +A lib/pf/Switch/Dell.pm +A lib/pf/Switch/Dell/PowerConnect3424.pm +A lib/pf/Switch/Dlink.pm +A lib/pf/Switch/Dlink/DES_3526.pm +A lib/pf/Switch/Dlink/DES_3550.pm +A lib/pf/Switch/Dlink/DGS_3100.pm +A lib/pf/Switch/Dlink/DGS_3200.pm +A lib/pf/Switch/Dlink/DWL.pm +A lib/pf/Switch/Dlink/DWS_3026.pm +A lib/pf/Switch/Enterasys.pm +A lib/pf/Switch/Enterasys/D2.pm +A lib/pf/Switch/Enterasys/Matrix_N3.pm +A lib/pf/Switch/Enterasys/SecureStack_C2.pm +A lib/pf/Switch/Enterasys/SecureStack_C3.pm +A lib/pf/Switch/Extreme.pm +A lib/pf/Switch/Extreme/Summit.pm +A lib/pf/Switch/Extreme/Summit_X250e.pm +A lib/pf/Switch/Extreme/nas-pb.yml +A lib/pf/Switch/Extricom.pm +A lib/pf/Switch/Extricom/EXSW.pm +A lib/pf/Switch/Foundry.pm +A lib/pf/Switch/Foundry/FastIron_4802.pm +A lib/pf/Switch/Foundry/MC.pm +A lib/pf/Switch/H3C.pm +A lib/pf/Switch/H3C/S5120.pm +A lib/pf/Switch/HP.pm +A lib/pf/Switch/HP/Controller_MSM710.pm +A lib/pf/Switch/HP/E4800G.pm +A lib/pf/Switch/HP/E5500G.pm +A lib/pf/Switch/HP/Procurve_2500.pm +A lib/pf/Switch/HP/Procurve_2600.pm +A lib/pf/Switch/HP/Procurve_3400cl.pm +A lib/pf/Switch/HP/Procurve_4100.pm +A lib/pf/Switch/HP/Procurve_5300.pm +A lib/pf/Switch/HP/Procurve_5400.pm +A lib/pf/Switch/HP/nas-pb.yml +A lib/pf/Switch/Hostapd.pm +A lib/pf/Switch/Intel.pm +A lib/pf/Switch/Intel/Express_460.pm +A lib/pf/Switch/Intel/Express_530.pm +A lib/pf/Switch/Juniper.pm +A lib/pf/Switch/Juniper/EX.pm +A lib/pf/Switch/LG.pm +A lib/pf/Switch/LG/ES4500G.pm +A lib/pf/Switch/Linksys.pm +A lib/pf/Switch/Linksys/SRW224G4.pm +A lib/pf/Switch/Meru.pm +A lib/pf/Switch/Meru/MC.pm +A lib/pf/Switch/Meru/nas-pb.yml +A lib/pf/Switch/MockedSwitch.pm +A lib/pf/Switch/Motorola.pm +A lib/pf/Switch/Motorola/RFS.pm +A lib/pf/Switch/Netgear.pm +A lib/pf/Switch/Netgear/FSM726v1.pm +A lib/pf/Switch/Netgear/GS110.pm +A lib/pf/Switch/Nortel.pm +A lib/pf/Switch/Nortel/BPS2000.pm +A lib/pf/Switch/Nortel/BayStack4550.pm +A lib/pf/Switch/Nortel/BayStack470.pm +A lib/pf/Switch/Nortel/BayStack5500.pm +A lib/pf/Switch/Nortel/BayStack5500_6x.pm +A lib/pf/Switch/Nortel/ERS2500.pm +A lib/pf/Switch/Nortel/ERS4000.pm +A lib/pf/Switch/Nortel/ERS5000.pm +A lib/pf/Switch/Nortel/ERS5000_6x.pm +A lib/pf/Switch/Nortel/ES325.pm +A lib/pf/Switch/PacketFence.pm +A lib/pf/Switch/Ruckus.pm +A lib/pf/Switch/SMC.pm +A lib/pf/Switch/SMC/TS6128L2.pm +A lib/pf/Switch/SMC/TS6224M.pm +A lib/pf/Switch/SMC/TS8800M.pm +A lib/pf/Switch/ThreeCom.pm +A lib/pf/Switch/ThreeCom/E4800G.pm +A lib/pf/Switch/ThreeCom/E5500G.pm +A lib/pf/Switch/ThreeCom/NJ220.pm +A lib/pf/Switch/ThreeCom/SS4200.pm +A lib/pf/Switch/ThreeCom/SS4500.pm +A lib/pf/Switch/ThreeCom/Switch_4200G.pm +A lib/pf/Switch/Trapeze.pm +A lib/pf/Switch/Trapeze/nas-pb.yml +A lib/pf/Switch/WirelessModuleTemplate.pm +A lib/pf/Switch/Xirrus.pm +A lib/pf/Switch/constants.pm +M lib/pf/SwitchFactory.pm +M lib/pf/pfcmd/checkup.pm +M lib/pf/radius.pm +M lib/pf/radius/custom.pm +M lib/pf/vlan.pm +M lib/pf/vlan/custom.pm +M lib/pf/vlan/custom_example.pm +M lib/pf/web/backend_modperl_require.pl +M sbin/pfsetvlan +M t/SNMP.t +M t/SwitchFactory.t +M t/TestUtils.pm +M t/benchmarks/trap-parsing.pl +M t/floatingdevice.t +M t/hardware-snmp-objects.t +M t/network-devices/cisco.t +M t/network-devices/roles.t +M t/network-devices/threecom.t +M t/network-devices/wired.t +M t/network-devices/wireless.t +M t/podCoverage.t +M t/vlan.t + +commit 438cce20eb903d55c55430ec3b2942bc126a9472 +Author: Durand Fabrice +Date: Mon Nov 4 13:46:10 2013 -0500 + + Moved parseRequest in the switch module + +M lib/pf/SNMP.pm +M lib/pf/SNMP/MockedSwitch.pm +M lib/pf/radius.pm + +commit c9247b9616e413d3a676ec325b4b15cc3589ea3f +Author: James Rouzier +Date: Thu Oct 24 13:36:27 2013 -0400 + + Switch overlay from dynamic controller + + Conflicts: + + lib/pf/file_paths.pm + +M lib/pf/file_paths.pm +M raddb/sites-available/dynamic-clients + +commit 8fcd42f81389b38e6ded81f6f87b998fb517e93d +Author: James Rouzier +Date: Wed Oct 23 13:20:40 2013 -0400 + + Merge from dynamic-controller + + Conflicts: + + lib/pf/radius.pm + +M lib/pf/SNMP.pm +M lib/pf/SNMP/PacketFence.pm +M lib/pf/radius.pm + +commit efd5930a7732ffde456cef46de50bc71eb5a5d51 +Author: Durand Fabrice +Date: Mon Nov 4 12:10:24 2013 -0500 + + Added custom to dispatcher.pm + +M conf/httpd.conf.d/captive-portal-common.conf +M lib/pf/web/dispatcher.pm +A lib/pf/web/dispatcher/custom.pm + +commit 26ac05649207cb2fe22b301b9f031c833dbf460e +Author: Durand Fabrice +Date: Fri Feb 14 15:48:53 2014 -0500 + + Error in syntax + +M lib/pf/SNMP/Avaya.pm + +commit a85150c3d888da18813222aac5dd980593b1e76d +Author: Durand Fabrice +Date: Fri Feb 14 15:44:53 2014 -0500 + + Create specific avaya module (based on Nortel Switch Module) + +M lib/pf/SNMP/Avaya.pm +A lib/pf/SNMP/Avaya/ERS2500.pm +A lib/pf/SNMP/Avaya/ERS4000.pm +M lib/pf/SNMP/Avaya/ERS5000.pm +M lib/pf/SNMP/Avaya/ERS5000_6x.pm +M lib/pf/SNMP/Nortel.pm + +commit 5b9c0d94c6154f66fb77bdea78a6e01a31cc2125 +Author: Durand Fabrice +Date: Fri Feb 14 14:27:47 2014 -0500 + + Enterasys Controller V2110 and D2 Mac-auth + +M lib/pf/SNMP/Enterasys/D2.pm +A lib/pf/SNMP/Enterasys/V2110.pm +M lib/pf/radius.pm +M lib/pf/util/dictionary + +commit 42ca94c8aade4a37fdfcf535c1b411befb9f279c +Author: Durand Fabrice +Date: Fri Feb 14 13:12:32 2014 -0500 + + removed space + +M lib/pf/SNMP/Huawei.pm + +commit 8fa65b636cb249d51deaca540bf39a182c28acb6 +Author: lzammit +Date: Mon Nov 4 15:40:27 2013 -0500 + + Add note VLAN REG & ISOL display corrected + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit 651611fe5f1352a78cedef8fa750cb002cd2f037 +Author: lzammit +Date: Mon Nov 4 15:38:50 2013 -0500 + + Add note VLAN REG & ISOL display corrected + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit 2ef2fff81a5e994dad5e7c61a051a14249cdd0d4 +Author: lzammit +Date: Mon Nov 4 15:37:34 2013 -0500 + + Add note VLAN REG & ISOL + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit d8eb75e89a0dcc53dd8a2d8a8929548596860aef +Author: lzammit +Date: Mon Nov 4 15:34:10 2013 -0500 + + Indentation corrected + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit e9b5c67c88c152441f833c24f6d66417f35d0bf5 +Author: lzammit +Date: Mon Nov 4 15:32:02 2013 -0500 + + Indentation corrected + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit 4ffecb2538e19749771e700c382b22230ec1be81 +Author: lzammit +Date: Mon Nov 4 15:28:54 2013 -0500 + + *NOTE* removed + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit 6c8c7b26140ce2fdacbcb6bf5439b8a4a249fcd6 +Author: lzammit +Date: Mon Nov 4 15:26:26 2013 -0500 + + Note modification + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc + +commit 208d80e184740f8b7bc69e5be67dfbb27143f7e7 +Author: lzammit +Date: Mon Nov 4 15:20:52 2013 -0500 + + Huawei AC6605 module + doc + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc +A lib/pf/SNMP/Huawei.pm + +commit 6b52fac7b38548047fcecbba682fe053bb8c171a +Author: Francis Lachapelle +Date: Fri Feb 14 11:47:29 2014 -0500 + + Improve documentation for proxy interception + +M docs/PacketFence_Administration_Guide.asciidoc + +commit e66ede107f745acbcb331abc2cef192e856bfadd +Author: Francis Lachapelle +Date: Fri Feb 14 11:29:26 2014 -0500 + + Improve coding style and logging + +M html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence.pm +M html/pfappserver/lib/pfappserver/Controller/User.pm +M html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm +M lib/pf/Portal/Profile.pm +M lib/pf/Portal/ProfileFactory.pm +M lib/pf/config.pm +M lib/pf/inline/accounting.pm +M lib/pf/os.pm + +commit 57122f4dc4bdf4d73e64335f66519a1f0a889ce2 +Author: Durand Fabrice +Date: Fri Feb 14 11:10:20 2014 -0500 + + Update documentation for proxy interception + +M docs/PacketFence_Administration_Guide.asciidoc + +commit f03eb6f9e36d897e47a6f07eec3f651458b439ee +Author: James Rouzier +Date: Fri Feb 14 09:21:45 2014 -0500 + + Removed the raw storage since it is automatically added + +M t/data/chi.conf + +commit ab1c454bfdf2e87e0238a19dadf8da13337b57b1 +Author: James Rouzier +Date: Fri Feb 14 09:19:47 2014 -0500 + + Added $allowed_gaming_oui_file,$allowed_gaming_console_types_file, $ui_config_file,$mdm_config_file,$oauth_ip_file,$log_config_file, $admin_roles_config_file,$wrix_config_file + To be the stored configs + +M lib/pf/file_paths.pm + +commit 47bd7c99fb708689587e36e1c36a37b85f04fd9e +Author: James Rouzier +Date: Fri Feb 14 09:05:33 2014 -0500 + + Remove the cache data + +M t/PfFilePaths.pm +M t/config-cached.t + +commit 80678d0995fdb5817c7de769d77cf75ef396d207 +Author: James Rouzier +Date: Thu Feb 13 17:00:25 2014 -0500 + + Applying the overlay in the SwitchFactory + +M lib/pf/SwitchFactory.pm + +commit be068fb0f02c33ab5bf0fb42661ab3b21680e932 +Author: James Rouzier +Date: Thu Feb 13 15:53:46 2014 -0500 + + Moved responsibility of saving SwitchConfig in cache to pf::ConfigStore::Switch + +M lib/pf/ConfigStore/Switch.pm +M lib/pf/ConfigStore/SwitchOverlay.pm + +commit 0c599e151318a9436935e3e03576a4b4d6b294a5 +Author: James Rouzier +Date: Thu Feb 13 13:54:27 2014 -0500 + + Only show Create link if you have access to USERS_CREATE + Only show Search link and saved searched if you have access to USERS_READ + +M html/pfappserver/root/admin/users.tt + +commit d9bbf4da2bc3d402cd141090265b3fe7d36835e5 +Author: James Rouzier +Date: Thu Feb 13 13:53:39 2014 -0500 + + Will only show the dashboard if you have access to REPORTS + +M html/pfappserver/root/admin/status.tt + +commit b05f2581c6bdf44cd7a6b3a186170e6e9b49f9b2 +Author: James Rouzier +Date: Thu Feb 13 13:52:48 2014 -0500 + + Will only allow a user to be login if one of his roles have an actions in LOGIN_GROUP + +M html/pfappserver/lib/pfappserver/Controller/Admin.pm + +commit f4f74df7473ceac6015c17c56b3b5a1c9779c1a6 +Author: James Rouzier +Date: Thu Feb 13 13:48:45 2014 -0500 + + Added new action group LOGIN_GROUP + +M lib/pf/admin_roles.pm + +commit e4b5d41f9226490b0def604a3a8f99c30e34144b +Author: James Rouzier +Date: Thu Feb 13 11:26:16 2014 -0500 + + Only show Create link if you have access to NODES_CREATE + Only show Search link and saved searched if you have access to NODES_READ + +M html/pfappserver/root/admin/nodes.tt + +commit a1003eb7396ed99d8b67b1d8ac4949a784472aa3 +Author: Durand Fabrice +Date: Thu Feb 13 13:16:27 2014 -0500 + + Fixed test + +M t/services.t + +commit fe0fa94dedad65131f386bf81e8138cb2c9bab90 +Author: James Rouzier +Date: Thu Feb 13 10:48:12 2014 -0500 + + Fixed the admin roles REPORTS and SERVICES view + +M html/pfappserver/root/admin/wrapper.tt +M html/pfappserver/root/static/admin/status.js + +commit 5640258703d016f6a818e4acd28123188e6f0f6b +Author: James Rouzier +Date: Thu Feb 13 10:47:00 2014 -0500 + + Fixed admin roles for pf_section + +M html/pfappserver/lib/pfappserver/Controller/Configuration.pm +A html/pfappserver/root/configuration/index.tt + +commit 492cc0ce9e03031f11841ffb3cb9e5be9c244643 +Author: James Rouzier +Date: Wed Feb 12 20:30:02 2014 -0500 + + Refactored to use can_access_group_any + + Conflicts: + html/pfappserver/root/admin/wrapper.tt + +M html/pfappserver/root/admin/wrapper.tt + +commit a81f83fc85e5435667f29a59638b8a5693a9e401 +Author: James Rouzier +Date: Wed Feb 12 20:29:14 2014 -0500 + + REfactored multiple calls to can_access to can_access_any + +M html/pfappserver/root/admin/configuration.tt + +commit 6f709af5f009510603727211739d5639fe165995 +Author: James Rouzier +Date: Wed Feb 12 20:28:28 2014 -0500 + + Change default redirect_action to Admin::index + + Conflicts: + html/pfappserver/root/admin/login.tt + +M html/pfappserver/root/admin/login.tt + +commit f13269c7afa33119e31202211294584da3ce05a9 +Author: James Rouzier +Date: Wed Feb 12 20:27:46 2014 -0500 + + Added AdminRole('REPORTS') to dashboard + +M html/pfappserver/lib/pfappserver/Controller/Graph.pm + +commit f7484742b612e55f7ea161fa6394ba2a09b0bdf1 +Author: James Rouzier +Date: Wed Feb 12 20:27:11 2014 -0500 + + Forward user to first action it has permission to + + Conflicts: + html/pfappserver/lib/pfappserver/Controller/Admin.pm + +M html/pfappserver/lib/pfappserver/Controller/Admin.pm + +commit 01f5e3c3f90fe1046013c03dab52097626406a87 +Author: James Rouzier +Date: Wed Feb 12 20:26:17 2014 -0500 + + Export can_access_group_any to all templates + +M html/pfappserver/lib/pfappserver/View/HTML.pm + +commit ce4c5738db3414dd87d63e6bf011ec1512a43f27 +Author: James Rouzier +Date: Wed Feb 12 20:25:18 2014 -0500 + + Added function admin_can_do_any_in_group + To all to group logically action together + +M lib/pf/admin_roles.pm + +commit 94438af0c7f66b3d9eef8063d0c6253b55f0809e +Author: Durand Fabrice +Date: Thu Feb 13 09:31:08 2014 -0500 + + Update NEWS file for uri filter + +M NEWS.asciidoc + +commit e878cd772f11c353254e9ce6b5acf79d8f74892a +Author: Fabrice Durand +Date: Wed Jan 15 20:35:35 2014 -0500 + + Fixed security issue, only enable the way to hit the portal if the filter uri:... exist + +M lib/pf/Portal/ProfileFactory.pm +M lib/pf/Portal/Session.pm +M lib/pf/web/dispatcher.pm + +commit c4125b19ee717d8fc5477650ffd24d1e1ec3d67b +Author: Durand Fabrice +Date: Wed Jan 15 16:24:03 2014 -0500 + + Removed the complete configuration from the stash. + Missing profile name in the profile + +M lib/pf/Portal/ProfileFactory.pm +M lib/pf/web/constants.pm + +commit bbc902739fe94390fb0b6a2f2a9fa41df3c284ac +Author: Durand Fabrice +Date: Wed Jan 15 15:33:23 2014 -0500 + + First draft of the portal per uri + +M html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm +M lib/pf/Portal/ProfileFactory.pm +M lib/pf/Portal/Session.pm +M lib/pf/web/constants.pm +M lib/pf/web/dispatcher.pm + +commit 38cd9a2b2cff00c5386f9e58e4fc82f3590e7ea8 +Author: James Rouzier +Date: Wed Feb 12 11:01:33 2014 -0500 + + Moved generation of the radiusd config to the service manager + +M lib/pf/services/manager/radiusd.pm +D lib/pf/services/radiusd.pm + +commit 9cef7235afc7251aabd730af90b54175137e8bed +Author: James Rouzier +Date: Wed Feb 12 10:44:45 2014 -0500 + + Moved generation of the suricata config to service the manager + +M lib/pf/services/manager/suricata.pm +D lib/pf/services/suricata.pm + +commit e8c9b6ecff3f43e52bd0a7546ed309daca3cee7d +Author: James Rouzier +Date: Wed Feb 12 10:44:02 2014 -0500 + + refactor dependsOnServices to append pfdetect to the default services + +M lib/pf/services/manager/roles/pf_conf_trapping_engine.pm + +commit cd44380fc7f687065e09606bd9dda13af18ac21e +Author: James Rouzier +Date: Wed Feb 12 10:38:18 2014 -0500 + + Moved generation of the snort config to service the manager + +M lib/pf/services/manager/snort.pm +D lib/pf/services/snort.pm + +commit a23af5aa7a404a29528847351978914db1177b83 +Author: Durand Fabrice +Date: Wed Feb 12 09:34:43 2014 -0500 + + Remove duplicate sql request + +M lib/pf/iplog.pm + +commit 8e04d556de7d7609d2215e3ced87c3503fc772e3 +Author: Durand Fabrice +Date: Wed Feb 12 08:58:49 2014 -0500 + + Added missing dep + +M addons/packages/packetfence.spec +M debian/control + +commit a6a7a93eb233eb626d2db9a4c60b522c0c57325d +Author: James Rouzier +Date: Tue Feb 11 15:39:05 2014 -0500 + + Remove dependency on MooX::Types::MooseLike::Base + +M lib/pf/Role/CHI/Driver/FileUmask.pm + +commit f9d59854ac2c64e760892e7c79e8eca6492542a6 +Author: James Rouzier +Date: Tue Feb 11 13:04:15 2014 -0500 + + Fixed issue with Use of uninitialized value in string when authenticating a user + +M html/captive-portal/lib/captiveportal/Controller/GamingRegistration.pm + +commit cd2729eacd08ae551e5a580d8268d1a47b83d383 +Author: James Rouzier +Date: Tue Feb 11 11:43:13 2014 -0500 + + Adding empty directories to git + +A var/run/.gitignore + +commit 3825e74afd6696a86a0d1d59ba74165fa3b5520c +Author: James Rouzier +Date: Tue Feb 11 11:42:07 2014 -0500 + + Adding empty directories to git + +A logs/.gitignore +A var/conf/.gitignore + +commit ffc7e25d4b7fbd7521fc30bb0fa61d7f8345945e +Author: James Rouzier +Date: Tue Feb 11 11:08:48 2014 -0500 + + Ported recent changes to gaming-registration + Added newer feature where a node that is already registered or pending will not be allowed to be added + +M html/captive-portal/lib/captiveportal/Controller/GamingRegistration.pm + +commit bf68e72c1d25f656437b23dffdf038211b7a536b +Author: James Rouzier +Date: Tue Feb 11 10:27:32 2014 -0500 + + Added new option and check if the patch binary exists and is executable + +M addons/pf-maint.pl + +commit 30be9c34588884a76a30dfe1b676679acdef0ed3 +Author: James Rouzier +Date: Mon Feb 10 11:14:26 2014 -0500 + + Moved CHI configuration that is not allowed to be overrided to pf::CHI + +M conf/chi.conf +M lib/pf/CHI.pm + +commit 24da265a6d52fab9f0d5702a40e7bea449d1a498 +Author: Durand Fabrice +Date: Mon Feb 10 08:34:11 2014 -0500 + + Removed tab + +M lib/pf/inline/accounting.pm + +commit d56ae812677d81262a8d5d708db6600fa3a9aed4 +Author: Durand Fabrice +Date: Fri Feb 7 16:02:36 2014 -0500 + + Fixed test + +M lib/pf/util.pm +M lib/pf/vlan.pm +M t/SwitchFactory.t +M t/util.t + +commit fd77c2fc9f4465aff5e892db51863eb777b56549 +Author: Durand Fabrice +Date: Fri Feb 7 15:05:49 2014 -0500 + + Fix constant + +M lib/pf/SNMP/Nortel/ERS4000.pm + +commit 9e2131a5bc85383a4f74256fb3867978bbef6874 +Author: Durand Fabrice +Date: Fri Feb 7 15:01:11 2014 -0500 + + Export $NET_TYPE_INLINE $NET_TYPE_INLINE_L2 $NET_TYPE_INLINE_L3 from config.pm + +M lib/pf/config.pm + +commit 9c6086bd2eb06e9d034c2d0cf3c06dfcf9febe16 +Author: Durand Fabrice +Date: Fri Feb 7 14:53:33 2014 -0500 + + Fix spec file + +M addons/packages/packetfence.spec + +commit 0e7f3c27684bd4bbb2477dfd7ca5c44363d661bc +Author: Durand Fabrice +Date: Fri Feb 7 14:34:06 2014 -0500 + + Missing file in spec file + +M addons/packages/packetfence.spec + +commit aea06b7fa083504e82c750664963dd0625f36480 +Author: Durand Fabrice +Date: Fri Feb 7 14:24:19 2014 -0500 + + Fix spec file + +M addons/packages/packetfence.spec + +commit 0a9ff1b0eb3a1351fce69e56fd3d37d5149ed045 +Author: James Rouzier +Date: Fri Feb 7 11:41:22 2014 -0500 + + Able to match a rule on username + +M lib/pf/Authentication/Source/NullSource.pm + +commit 961a51ccd04ef483f7ae7ba86c613e4645a5951c +Author: James Rouzier +Date: Fri Feb 7 09:50:36 2014 -0500 + + Added target that copies all example configuration files to it's proper place + +M Makefile + +commit ab79efc6653065e5885058cb5a7b841dda608574 +Author: Francis Lachapelle +Date: Thu Feb 6 15:57:49 2014 -0500 + + Fix SQL upgrade script for 4.2.0 + +M db/upgrade-4.0.0-4.1.0.sql +M db/upgrade-4.1.0-4.x.x.sql + +commit c5e6c06c8f2978b9d6a9d0f5d570056feb2d41b3 +Author: James Rouzier +Date: Thu Feb 6 15:37:18 2014 -0500 + + Refactor to not to die when signal handler is called + Fixed issue with display of help + Updated SYNOPSIS + +M sbin/pfdns + +commit 9658763753a5b45c433172fd08b64f31da3bd84f +Author: James Rouzier +Date: Thu Feb 6 14:28:11 2014 -0500 + + Updated the gitignore file to add the configuration files that were copied to .example files + +M .gitignore + +commit c0df4bb2c672a74cee95d5c23ceec65999f1f638 +Author: James Rouzier +Date: Thu Feb 6 12:21:03 2014 -0500 + + Renamed all configuration files to .example + +M addons/packages/packetfence.spec +D conf/adminroles.conf +A conf/adminroles.conf.example +D conf/authentication.conf +A conf/authentication.conf.example +D conf/floating_network_device.conf +A conf/floating_network_device.conf.example +D conf/guest-managers.conf +A conf/guest-managers.conf.example +D conf/httpd.conf.d/ssl-certificates.conf +A conf/httpd.conf.d/ssl-certificates.conf.example +D conf/iptables.conf +A conf/iptables.conf.example +D conf/listener.msg +A conf/listener.msg.example +D conf/log.conf +A conf/log.conf.example +D conf/mdm.conf +A conf/mdm.conf.example +D conf/nessus/remotescan.nessus +A conf/nessus/remotescan.nessus.example +D conf/networks.conf +A conf/networks.conf.example +D conf/popup.msg +A conf/popup.msg.example +D conf/profiles.conf +A conf/profiles.conf.example +D conf/radiusd/eap.conf +A conf/radiusd/eap.conf.example +D conf/radiusd/radiusd.conf +A conf/radiusd/radiusd.conf.example +D conf/radiusd/sql.conf +A conf/radiusd/sql.conf.example +D conf/snmptrapd.conf +A conf/snmptrapd.conf.example +D conf/snort.conf +A conf/snort.conf.example +D conf/snort.conf.pre_snort-2.8 +A conf/snort.conf.pre_snort-2.8.example +D conf/snort/classification.config +A conf/snort/classification.config.example +D conf/snort/local.rules +A conf/snort/local.rules.example +D conf/snort/reference.config +A conf/snort/reference.config.example +D conf/suricata.yaml +A conf/suricata.yaml.example +D conf/switches.conf +A conf/switches.conf.example +D conf/templates/emails-billing_confirmation.txt.tt +A conf/templates/emails-billing_confirmation.txt.tt.example +D conf/templates/emails-guest_admin_pregistration.txt.tt +A conf/templates/emails-guest_admin_pregistration.txt.tt.example +D conf/templates/emails-guest_email_activation.txt.tt +A conf/templates/emails-guest_email_activation.txt.tt.example +D conf/templates/emails-guest_email_preregistration.txt.tt +A conf/templates/emails-guest_email_preregistration.txt.tt.example +D conf/templates/emails-guest_email_preregistration_confirmed.txt.tt +A conf/templates/emails-guest_email_preregistration_confirmed.txt.tt.example +D conf/templates/emails-guest_registered.txt.tt +A conf/templates/emails-guest_registered.txt.tt.example +D conf/templates/emails-guest_sponsor_activation.txt.tt +A conf/templates/emails-guest_sponsor_activation.txt.tt.example +D conf/templates/emails-guest_sponsor_preregistration.txt.tt +A conf/templates/emails-guest_sponsor_preregistration.txt.tt.example +D conf/ui-global.conf +A conf/ui-global.conf.example +D conf/violations.conf +A conf/violations.conf.example +M debian/rules +D html/captive-portal/captive_portal.conf +A html/captive-portal/captive_portal.conf.example + +commit 8dc69ee03d39d0f6a9a3f2358c892e6a1c532a5b +Author: James Rouzier +Date: Thu Feb 6 10:28:49 2014 -0500 + + Added example allowed-gaming-oui.txt + +A conf/allowed-gaming-oui.txt.example + +commit aa00171b2c050f34b15f1ea328905a8b44ec5935 +Author: Durand Fabrice +Date: Thu Feb 6 08:53:34 2014 -0500 + + Fix warning in floating device config + +M lib/pf/config.pm + +commit 23dea781474909042636a68027ec408e867d0b57 +Author: Durand Fabrice +Date: Wed Feb 5 15:37:03 2014 -0500 + + Added new method for Nortel/Avaya switch + +M lib/pf/SNMP/Nortel.pm + +commit 2610b6d3bcac59f16777475477d1a8c9b1207034 +Author: Francis Lachapelle +Date: Thu Dec 12 11:46:35 2013 -0500 + + Time policy trigger: fix reference to violation ID + +M html/captive-portal/billing-engine.cgi + +commit 00e631cb891341cc1166cc290aeeb0fb6b382db2 +Author: Francis Lachapelle +Date: Thu Dec 12 10:37:41 2013 -0500 + + Subroutine to update a node's bandwidth balance + +M lib/pf/node.pm + +commit baa88ee0759ae7a40fc601052f5c12833964601d +Author: Francis Lachapelle +Date: Mon Dec 9 10:49:43 2013 -0500 + + Fix database transaction and improve debygging log + +M lib/pf/inline/accounting.pm + +commit 3446fbe5ff369924057413de7cab73bbb5c93112 +Author: Jean Raby +Date: Wed Dec 4 10:03:37 2013 -0500 + + Drop active connections using /usr/sbin/conntrack + +M lib/pf/ipset.pm + +commit 2ee22b54dbdbc8911b0d655e2ecc6b10f80447db +Author: Jean Raby +Date: Wed Dec 4 09:59:03 2013 -0500 + + Fix AF_INET usage and remove unused Try::Tiny + +M sbin/pfbandwidthd + +commit d273065a855f119940b14bf4c54ae28c2d1c0b4c +Author: Jean Raby +Date: Tue Dec 3 16:35:25 2013 -0500 + + Reorder privileges drop code and fix pcap stats + +M sbin/pfbandwidthd + +commit 1eec4fb187ce2f51d8f5db9aef50cd661b463c95 +Author: Francis Lachapelle +Date: Tue Dec 3 16:10:56 2013 -0500 + + Inline acct: update bw with inactive sessions + +M lib/pf/inline/accounting.pm + +commit f110283d021cd79e10177e739c618a1c11e18e8b +Author: Francis Lachapelle +Date: Tue Dec 3 15:55:33 2013 -0500 + + Inline acct: mark sessions as analyzed + +M lib/pf/inline/accounting.pm + +commit e3e69194d9353d107820f54940757dced1b0837c +Author: Francis Lachapelle +Date: Tue Dec 3 12:29:31 2013 -0500 + + Inline acct: update sessions on day change + +M lib/pf/inline/accounting.pm + +commit f8e1829ec15834431a9e76d7433f251cd45547d9 +Author: Francis Lachapelle +Date: Mon Dec 2 16:10:31 2013 -0500 + + Initial maintenance code for data of pfbandwidthd + +M lib/pf/inline/accounting.pm +M sbin/pfmon + +commit 9879dc3caca3b658c8d9b4e9d6a7a8141a296362 +Author: Francis Lachapelle +Date: Mon Dec 2 14:02:59 2013 -0500 + + Remove previous code related to ulogd + +M lib/pf/inline/accounting.pm +M sbin/pfmon + +commit 7ed3a0e3efb3e74560ebf048a6594bc396d9c477 +Author: Jean Raby +Date: Fri Nov 29 17:14:19 2013 -0500 + + implement inline_accounting_update_session_for_ip + + It is used by pfbandwidthd to update the inline_accounting table. + Reworked db schema example + +M lib/pf/inline/accounting.pm + +commit 859b08dcda232526d60f6a895a0eb065192f3139 +Author: Jean Raby +Date: Fri Nov 29 17:04:20 2013 -0500 + + Implement most of pfbandwidthd + + - Keep track of firstseen and lastmodified of each ip in ip_stats + - dynamically build pcap filters to ignore packets to/from our + interfaces (and broadcast addresses) + - Save statistics to database + - check for error and die if privileges couldn't be dropped + +M sbin/pfbandwidthd + +commit f261b87ba5347a6fb9dd20c399ec0b30c759a41c +Author: Jean Raby +Date: Fri Nov 29 09:35:25 2013 -0500 + + /die/logdie/ + +M sbin/pfbandwidthd + +commit c63bbf3efe96178594b9ece6cbab1407286a4894 +Author: Jean Raby +Date: Fri Nov 29 09:33:28 2013 -0500 + + (debug) Log pcap stats everytime stats are saved + + Simple mean to look for dropped packets + +M sbin/pfbandwidthd + +commit c09754dc8176fe5046a720d5d7628902589d2b70 +Author: Jean Raby +Date: Fri Nov 29 09:33:01 2013 -0500 + + Import first draft of pfbandwidthd + +A sbin/pfbandwidthd + +commit 5d8a2e8fc5231952dc80b11bf82ffbc39da710c9 +Author: Francis Lachapelle +Date: Wed Nov 27 15:27:51 2013 -0500 + + Inline acct: update node table in a transaction + +M lib/pf/inline/accounting.pm + +commit c607c7f72fc151100325ad18d4dcedb93d9a6a2d +Author: Francis Lachapelle +Date: Tue Nov 26 15:28:09 2013 -0500 + + Template for bandwidth expiration violation + +A html/captive-portal/templates/violations/bandwidth_expiration.html + +commit de4b5fe04228d908d09ea32a11e0c5b8ed80e6a2 +Author: Francis Lachapelle +Date: Tue Nov 26 13:36:24 2013 -0500 + + Rename column 'timeleft' to 'time_balance' + + The violations related to 'time limits' are now opened using the proper + violation trigger instead of using a hardcoded violation ID. + +M db/upgrade-4.0.0-4.1.0.sql +M html/captive-portal/billing-engine.cgi +M lib/pf/billing.pm +M lib/pf/radius.pm +M lib/pf/radius/constants.pm +M lib/pf/web.pm + +commit 1b81020624237f458256aefa93a8e58f1212e307 +Author: Francis Lachapelle +Date: Tue Nov 26 13:28:10 2013 -0500 + + Fix SQL update query for bandwidth balance + +M lib/pf/inline/accounting.pm + +commit f8a6a72fdbfa0ca11f56279ec8055f4186696619 +Author: Francis Lachapelle +Date: Tue Nov 26 11:20:46 2013 -0500 + + Fix label of bandwidth balance field in Web admin + +M html/pfappserver/root/node/view.tt + +commit 8ac5d21e9830823053bf83ff5c2060b439622805 +Author: Jean Raby +Date: Mon Nov 25 15:47:24 2013 -0500 + + Fix accounting SQL statements and misc fixups + +M lib/pf/inline/accounting.pm + +commit a7d1a548f26254f10ae9d841599376bcd7d424fc +Author: Francis Lachapelle +Date: Mon Nov 25 15:26:45 2013 -0500 + + Fix validation of new accounting triggers + +M lib/pf/accounting.pm +M lib/pf/inline/accounting.pm +M lib/pf/trigger.pm + +commit 9a7d9db65023f5a11ac051d7d13ff10632cb71b0 +Author: Francis Lachapelle +Date: Fri Nov 22 21:54:20 2013 -0500 + + Add inline accounting maintenance subroutine + +M conf/violations.conf +D html/captive-portal/templates/violations/expiration.html +A html/captive-portal/templates/violations/time_expiration.html +M lib/pf/accounting.pm +M lib/pf/inline/accounting.pm +M sbin/pfmon + +commit 6a05314a31e841d6199c7118a0fc08d60e7448d3 +Author: Francis Lachapelle +Date: Fri Nov 22 16:19:56 2013 -0500 + + Add management of new bandwidth balance for nodes + +M db/upgrade-4.0.0-4.1.0.sql +M html/pfappserver/lib/pfappserver/Form/Node.pm +M html/pfappserver/root/node/view.tt +M lib/pf/config.pm +M lib/pf/node.pm + +commit c3dbe17c63fe4081abbcd99efa8878d1e98a695c +Author: Jean Raby +Date: Fri Nov 22 14:35:56 2013 -0500 + + Update inline accounting documentation. + +M lib/pf/inline/accounting.pm + +commit 70fdd79c8688a71b6158bdfb72330cc131ada1ee +Author: Ludovic Marcotte +Date: Thu Nov 21 11:07:02 2013 -0500 + + Lowercase the MAC before adding it to the iplog + +M html/captive-portal/redir.cgi + +commit 8f9425c1b98cef6457c7bc85bc69b3f818b05139 +Author: Ludovic Marcotte +Date: Thu Nov 21 10:22:51 2013 -0500 + + Added missing include + +M html/captive-portal/redir.cgi + +commit 52cebe1fcd31699562076d76907efeffb65767b0 +Author: Jean Raby +Date: Tue Nov 19 16:06:23 2013 -0500 + + add instruction and example to filter dst hosts + +M lib/pf/inline/accounting.pm + +commit 788cfac28dcff1770046e8c280492299a3f24b9c +Author: Jean Raby +Date: Thu Nov 14 14:26:54 2013 -0500 + + pod tweaks + +M lib/pf/inline/accounting.pm + +commit c6baf9d9c9e7bc61143eee7f39fae539b9ea977e +Author: Jean Raby +Date: Thu Nov 14 13:45:52 2013 -0500 + + pasto + +M conf/pf.conf.defaults + +commit 3b3fed23f23088e3f9c3ee6cc82091d8c82b6de5 +Author: Jean Raby +Date: Thu Nov 14 13:44:34 2013 -0500 + + Inline accounting documentation update + + Probably not the best place to keep this, but at least it is now in the tree + +M lib/pf/inline/accounting.pm + +commit 81a15ad887016a92882ca28e7e2d7f4ea5d20a21 +Author: Ludovic Marcotte +Date: Tue Nov 5 16:05:22 2013 -0500 + + Fixes after some more inline layer 3 testing + +M html/captive-portal/redir.cgi +M lib/pf/locationlog.pm +M sbin/pfdns + +commit f616061cf687caee38c60d86c7c5a86729e7e367 +Author: Jean Raby +Date: Thu Oct 31 16:10:48 2013 -0400 + + import ulogd data if inline accounting is enabled + + Unfinished yet, but this will populate the real accounting table with + the mem table data + +M sbin/pfmon + +commit 00e6e058ec30572f4256111cef0cc68e36aad363 +Author: Jean Raby +Date: Thu Oct 31 16:06:49 2013 -0400 + + Rework inline accounting data management + + rename import_ulogd_data to inline_accounting_import_ulogd_data + inline_accounting_import_ulogd_data can now accept an ip as a 2nd parameter, + this will be used to import data for a single ip only. + Will be called when the clients gets new bandwidth and when a + bandwidth violation is raised for him. + +M lib/pf/inline/accounting.pm + +commit d5c838be24b8050c374bfeb0e0cfeabc82b04014 +Author: Jean Raby +Date: Thu Oct 31 16:04:10 2013 -0400 + + Add 2 parameters for inline accounting management + + inline.accounting_session_timeout + inline.accounting + +M conf/documentation.conf +M conf/pf.conf.defaults + +commit ba724e787ab0e4bdab028afe9ea4d5219133a96f +Author: Francis Lachapelle +Date: Thu Oct 31 14:29:19 2013 -0400 + + Configurator: A single inline type is required + +M html/pfappserver/lib/pfappserver/Controller/Configurator.pm + +commit 37bd7ed8f3c58e53cd8ebcce1744539ee8ec4926 +Author: James Rouzier +Date: Thu Oct 31 13:44:28 2013 -0400 + + Added additional checks for inline3 enforcement and network types + +M lib/pf/config.pm +M lib/pf/iptables.pm + +commit ad9779bd6c1948ceb1eb53f5f58e2a46556f3782 +Author: Jean Raby +Date: Thu Oct 31 13:06:29 2013 -0400 + + Add ulogd2 as a suggested package for debian + +M debian/control + +commit ea223e96b6b081612670fc22462c4d6a9e8ad53c +Author: Ludovic Marcotte +Date: Wed Oct 30 09:41:38 2013 -0400 + + Fixed strings + +M html/pfappserver/lib/pfappserver/I18N/en.po + +commit ca5150fbcc3415ad70cb16aa4709c2bb6bc1b021 +Author: Ludovic Marcotte +Date: Wed Oct 30 09:27:24 2013 -0400 + + First pass at pimping doc for inline mode. + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 7cf4447b8f46f2036f790daacceaf59de4a95db9 +Author: Ludovic Marcotte +Date: Tue Oct 29 15:11:42 2013 -0400 + + Fixed missing include + +M html/captive-portal/redir.cgi + +commit 8f348af2564e4873ba9a8803c7f55d69b3006303 +Author: James Rouzier +Date: Mon Oct 28 10:41:00 2013 -0400 + + Fixed check for no attributes + +M lib/pf/roles.pm + +commit 10d447e500d12776e5d292d772dec2dd3d826aa8 +Author: James Rouzier +Date: Fri Oct 25 12:44:16 2013 -0400 + + Removed tabs + +M lib/pf/inline/accounting.pm + +commit 962d303c0babdddee1cf664d1167b5ed4d209949 +Author: Jean Raby +Date: Fri Oct 25 12:16:16 2013 -0400 + + Add accounting.pm. SQL logic for inline accounting + +A lib/pf/inline/accounting.pm + +commit 07b4679b1b7c514805d72ec5576ebc2612b90f05 +Author: James Rouzier +Date: Fri Oct 25 11:06:55 2013 -0400 + + Fixed undef warning for valid mac + + Normalize the return of undef for clean mac + +M lib/pf/util.pm + +commit 0ceb4dcac0cb1990e7d4700f62292de61c13342d +Author: Ludovic Marcotte +Date: Fri Oct 25 10:26:35 2013 -0400 + + Fixed tabs in files + +M html/captive-portal/redir.cgi +M lib/pf/config.pm +M lib/pf/ipset.pm + +commit e9634ff695f333eb686d3807aa020fa7a126baca +Author: Louis Munro +Date: Thu Oct 24 15:51:13 2013 -0400 + + Added options for dhcpd and fake MAC to the Form Handler. + + Added JS that selectively shows and hides the options based on the type + of inline enforcement. + +M html/pfappserver/lib/pfappserver/Form/Interface.pm +M html/pfappserver/root/static/js/interface.js + +commit c8b574f9f6c38469877eb6dd84aed7bbbdd69773 +Author: Louis Munro +Date: Thu Oct 24 14:53:03 2013 -0400 + + Added checkboxes for DHCP server and Fake MAC. + +M html/pfappserver/lib/pfappserver/Form/Interface.pm +M html/pfappserver/root/interface/view.tt + +commit afd2c3e1af00d8cbf8578457f494153bc39e790a +Author: Louis Munro +Date: Wed Oct 23 17:18:33 2013 -0400 + + Added checks so that an interface marked as 'inline' in pf.conf shows up + as inlinel2. + This is to ensure backwards compatibility. + The next time that the interface is modified or saved, inline will be + replaced by inlinel2. + +M html/pfappserver/lib/pfappserver/Form/Interface.pm +M html/pfappserver/lib/pfappserver/Model/Interface.pm + +commit 63907ac1a4b4ce354979722fb805c42ae38d40de +Author: Louis Munro +Date: Wed Oct 23 15:31:47 2013 -0400 + + Added I18N strings for inlinel2 and inlinel3. + +M html/pfappserver/lib/pfappserver/I18N/en.po + +commit 68e6a154fadd0a4e83664e4a47b62c397b2517e5 +Author: Louis Munro +Date: Wed Oct 23 15:03:59 2013 -0400 + + Bugfix: unbalanced parentheses. + +M html/pfappserver/lib/pfappserver/Form/Interface.pm + +commit 9693949472f10fe601f138a15b4b4897c8ae68ba +Author: Ludovic Marcotte +Date: Wed Oct 23 15:00:57 2013 -0400 + + First pass at required inline L3 core modifications + +M html/captive-portal/redir.cgi +M lib/pf/Portal/Session.pm +M lib/pf/ipset.pm + +commit 8b8a66acc458202e9af7d5bd112c0823b28385ed +Author: Louis Munro +Date: Wed Oct 23 14:48:18 2013 -0400 + + Changed Inline L2 and inline L3 to inlinel2 and inlinel3. + + Also restored 'inline' to documentation for backwards compatibility. + +M conf/documentation.conf +M html/pfappserver/lib/pfappserver/Controller/Configurator.pm +M html/pfappserver/lib/pfappserver/Form/Interface.pm +M html/pfappserver/lib/pfappserver/Model/Enforcement.pm +M html/pfappserver/lib/pfappserver/Model/Interface.pm + +commit 024e8ba6432c01bae3a79add83276f8d3d1b3d99 +Author: Louis Munro +Date: Wed Oct 23 13:56:14 2013 -0400 + + Changed the configurator to default to inline Level 2. + +M html/pfappserver/lib/pfappserver/Controller/Configurator.pm + +commit 276bf490193381c4da744c46d017bd9972b47657 +Author: Louis Munro +Date: Wed Oct 23 13:55:08 2013 -0400 + + Updated some documentation and I8N strings. + +M conf/documentation.conf +M conf/pf.conf.defaults +M html/pfappserver/lib/pfappserver/I18N/en.po + +commit 1962619423d72c30df506de50ac52492a29ef70d +Author: Louis Munro +Date: Wed Oct 23 12:15:19 2013 -0400 + + Replaced the "Inline" interface type by two new types: + inline L2 + Inline L3 + + This is only a front end change for now. More work is required to get + this working. + +M html/pfappserver/lib/pfappserver/Form/Interface.pm +M html/pfappserver/lib/pfappserver/Model/Enforcement.pm +M html/pfappserver/lib/pfappserver/Model/Interface.pm +M html/pfappserver/root/static/js/interface.js + +commit 42ca87bda83ad252037051bc397a6cd8ad3432c2 +Author: James Rouzier +Date: Tue Feb 4 15:57:31 2014 -0500 + + Revert back to ReloadConfigs getting rid of RefreshConfigs + +M html/captive-portal/lib/captiveportal.pm +M html/pfappserver/lib/pfappserver.pm +M lib/pf/WebAPI/InitHandler.pm +M lib/pf/config/cached.pm +M sbin/pfdetect +M sbin/pfdhcplistener +M sbin/pfdns +M sbin/pfmon +M sbin/pfsetvlan + +commit e28e1cbaf9832902eb21b38961fbdc1789d1336a +Author: James Rouzier +Date: Thu Jan 30 09:48:26 2014 -0500 + + Fix issue with loading inline packages + +M addons/dev-helpers/dump.pl + +commit b3adc3b020db32d001bc24feab05f1529a955919 +Author: Francis Lachapelle +Date: Fri Jan 31 20:43:30 2014 -0500 + + Fix typo in admin guide + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 81d45542a4a10cf618b337c1920e4393b07a599f +Author: Durand Fabrice +Date: Fri Jan 31 16:21:42 2014 -0500 + + Fix ifindex calc and updated lldp support for Avaya/Nortel + +M lib/pf/SNMP/Nortel.pm +M lib/pf/SNMP/Nortel/ERS4000.pm + +commit a2df3d5ad632b6c22608af20d7c31e9ddfaafb19 +Author: Francis Lachapelle +Date: Fri Jan 31 09:17:17 2014 -0500 + + Fix button groups in dynamic tables + + When adding a new row that contains a button group, the 'disabled' class + must be removed from the generated 'a' links. + +M html/pfappserver/root/static/admin/common.js + +commit 553f81723f70dff2bf6d85bd051be9317bf9d65e +Author: James Rouzier +Date: Thu Jan 30 08:08:44 2014 -0500 + + Do not restore previous umask + +M lib/pf/Role/CHI/Driver/FileUmask.pm + +commit a946d6ac541f9dbf5f1f63af7dce6210ce578573 +Author: James Rouzier +Date: Thu Jan 30 07:29:32 2014 -0500 + + Updated translation file + +M html/pfappserver/lib/pfappserver/I18N/en.po + +commit c5c6dac1f52346fc9b9e54d1d47fab3b589d1f18 +Author: James Rouzier +Date: Wed Jan 8 18:47:21 2014 -0500 + + Added values for configuring memcached memory usage + +M conf/documentation.conf +M conf/pf.conf.defaults +M lib/pf/services/manager/memcached.pm + +commit a305585defcce7bebc2a040413f9c574f1ddaecb +Author: James Rouzier +Date: Wed Jan 29 11:44:21 2014 -0500 + + Fix version number of libmoo + +M debian/control + +commit ab996c70cf8cf89c3ccd35e80e1f0500b02f3bc4 +Author: James Rouzier +Date: Wed Jan 29 11:41:50 2014 -0500 + + If sub command cannot be found then use the unknownActionCmd + +M lib/pf/cmd/subcmd.pm + +commit 08332aa25bbe2c3b4bdc9e7d5ea28d5bad03d4e2 +Author: James Rouzier +Date: Tue Jan 28 14:11:15 2014 -0500 + + Fix pfcache file permissions + +M addons/packages/packetfence.spec +M conf/chi.conf +M debian/control +M lib/pf/CHI.pm +A lib/pf/Role/CHI/Driver/FileUmask.pm + +commit ff7f50a797b87ff4409def7c81a668993e018d25 +Author: Durand Fabrice +Date: Mon Jan 27 12:03:47 2014 -0500 + + Answer CNAME in pfdns + +M sbin/pfdns + +commit ccbfa3ef7b6b65ece35286a29c473e2df2e55f39 +Author: Francis Lachapelle +Date: Fri Jan 24 16:00:59 2014 -0500 + + pfcmd::checkup -- authorize the 'locale' parameter + +M lib/pf/pfcmd/checkup.pm + +commit 3362c6c9e7deea8af4b3ffc0f986f5ec3b72490e +Author: James Rouzier +Date: Fri Jan 24 13:33:31 2014 -0500 + + Set the dir_create_mode to 0770 + +M conf/chi.conf + +commit 0148b2f3c86c21d08ec93b1ad5fcf56b3bee73e9 +Author: James Rouzier +Date: Fri Jan 24 13:26:26 2014 -0500 + + Added var/cache to the install process + +M addons/packages/packetfence.spec +M debian/rules + +commit d09b40044ab4214e9e3b6c145de32af682568d2b +Author: James Rouzier +Date: Fri Jan 24 13:22:51 2014 -0500 + + Change the order of the caching layer + +M conf/chi.conf + +commit 1fe186caa31ad66207d6f56e78719af46fb5c751 +Author: James Rouzier +Date: Fri Jan 24 12:04:44 2014 -0500 + + Add warning to the logs + +M html/captive-portal/lib/captiveportal.pm + +commit 5ac3cb2a9d79830b58a82efd38b1283798eaff15 +Author: James Rouzier +Date: Fri Jan 24 12:00:30 2014 -0500 + + Fixed use of uninitialized value when creating a pf::Portal::Profile + +M lib/pf/Portal/ProfileFactory.pm + +commit 44d980ff636cb86b8275a8bd37f5df71f81b045c +Author: James Rouzier +Date: Thu Jan 23 17:06:10 2014 -0500 + + Fix warning + +M html/pfappserver/lib/pfappserver/Model/DB.pm + +commit feda5e4e3b0f04f8de7bffb1a5d07020827903ff +Author: James Rouzier +Date: Wed Jan 22 11:56:46 2014 -0500 + + Updated the chi.conf for test + +M t/data/chi.conf + +commit 47fe403ff0517105e2084b62184f7613dc4b8171 +Author: James Rouzier +Date: Wed Jan 22 13:32:07 2014 -0500 + + Fixed syntax error + +M debian/control + +commit 1178f2c402b2d6a796a453cc04b41122a19ba617 +Author: James Rouzier +Date: Wed Jan 22 13:17:28 2014 -0500 + + Added new dependency + +M addons/packages/packetfence.spec +M debian/control + +commit 5b9d129c1732ee2b75e70b25401ab2c90f85ce8a +Author: James Rouzier +Date: Wed Jan 22 11:46:23 2014 -0500 + + Added new package + +M addons/packages/packetfence.spec +M debian/control + +commit aa02068b82b22573b8a12115126e00c7219c64b2 +Author: James Rouzier +Date: Wed Jan 22 11:25:19 2014 -0500 + + Fixed syntax error caused by a merge + +M lib/pf/file_paths.pm + +commit 68ad9389f0c2dbe306945141c95066d90fa82167 +Author: Durand Fabrice +Date: Wed Jan 22 09:18:10 2014 -0500 + + Fix spec file for pfcache + +M addons/packages/packetfence.spec + +commit a8fadfc006e29717deb37976bfc4fecce3c15d10 +Author: James Rouzier +Date: Fri Jan 3 17:10:59 2014 -0500 + + Cleaning the mac address before registering it + +M html/captive-portal/register-gaming-device.cgi + +commit bd39bf48386b0335d1e665f7a29beda547d95c4c +Author: James Rouzier +Date: Fri Jan 3 16:45:39 2014 -0500 + + Fixed error with login page generation + +M lib/pf/web/gaming.pm + +commit 2a45b425b604004376d5079ff8fc1274eb36be6a +Author: James Rouzier +Date: Fri Jan 3 15:48:41 2014 -0500 + + Fixed syntax error and calling an undefined function + +M html/captive-portal/register-gaming-device.cgi + +commit 2604139f708c15610a698a95f48d53fd5210519e +Author: James Rouzier +Date: Fri Jan 3 15:30:59 2014 -0500 + + Added role from registration.gaming_devices_registration_role + +M html/captive-portal/register-gaming-device.cgi + +commit 5bcb3448846709321f6deb385be7a5b4deea6332 +Author: James Rouzier +Date: Tue Jan 29 07:07:30 2013 -0500 + + Added console type to be added to notes + +M html/captive-portal/templates/gaming-registration.html + +commit 8a44d31631e00d64707551fd2ef381be6cc3947d +Author: James Rouzier +Date: Tue Jan 29 07:04:40 2013 -0500 + + in function web_register_node 'mac' will override mac from session + +M lib/pf/web.pm + +commit 9d2c51a44ba591f409256bbbf56b5a044edc5646 +Author: James Rouzier +Date: Tue Jan 29 06:59:34 2013 -0500 + + Refactored code and reogranize functions + Added additional check for existance category gaming_device_registration.category + Refactored to call directly + * pf::web::web_node_register + * pf::web::web_user_authenticate + +M html/captive-portal/register-gaming-device.cgi + +commit 70cc594bf66d2a021fcbd7bac504d292d2307c46 +Author: James Rouzier +Date: Tue Jan 29 06:53:16 2013 -0500 + + Refactored duplicated code push responsibility to the script + Refactored to use function in pf::web::generate_generic_page in of render_template directly + Load OUI and gaming console type from files + Documented functions + +M lib/pf/web/gaming.pm + +commit 9f12e5ca3dc4a7984a4a27486385ff7dc842ff55 +Author: James Rouzier +Date: Tue Jan 29 06:22:54 2013 -0500 + + Added new variables for allowed gaming device data files + +M lib/pf/file_paths.pm + +commit 2242bcda4d51fb8c1c1744ec305b6fc24d9d5603 +Author: James Rouzier +Date: Tue Jan 7 11:06:01 2014 -0500 + + Moved to use configForData cache + +M lib/pf/ConfigStore/Switch.pm +M lib/pf/ConfigStore/SwitchOverlay.pm + +commit 11270ff636b54712672f8c92eea8557745801144 +Author: James Rouzier +Date: Tue Jan 7 11:05:30 2014 -0500 + + Split on reload to onfilereload oncachereload and onpostreload + +M lib/pf/config.pm + +commit 4c35cd7b7573e53b6087ffcc40d8651b8526873c +Author: James Rouzier +Date: Tue Jan 7 11:03:01 2014 -0500 + + Call the _callFileReloadCallbacks is data in not in cache + +M lib/pf/admin_roles.pm +M lib/pf/authentication.pm +M lib/pf/violation_config.pm + +commit a45a4e682e4231957e16efe1ed4377e761f014f3 +Author: James Rouzier +Date: Tue Jan 7 10:58:48 2014 -0500 + + pf::CHI is responible for caching the CHI object & pf::confog::cache in memory + Added helper functions to access the configfilesdata cache namesapce + +M lib/pf/config/cached.pm + +commit 74034d52ebcc333626bd62f15338c07ab8dca790 +Author: James Rouzier +Date: Tue Jan 7 09:53:51 2014 -0500 + + Memoize cache objects + +M lib/pf/CHI.pm + +commit 55e7c3974ba8f34f697016335a8c0103442b9feb +Author: James Rouzier +Date: Tue Jan 7 09:53:21 2014 -0500 + + Using cacheForData instead of cache + +M lib/pf/authentication.pm + +commit 1e6914b0ad688016e70dc4e697a495c87cd504a0 +Author: James Rouzier +Date: Tue Jan 7 09:52:22 2014 -0500 + + Removing command pfcmd reload violation + +M bin/pfcmd.pl +M lib/pf/pfcmd.pm +M lib/pf/pfcmd/help.pm + +commit 8362fd2233e4b7850ab12cdf55c28cc25970c3be +Author: James Rouzier +Date: Tue Jan 7 09:38:02 2014 -0500 + + Use cacheForData to save data + +M lib/pf/admin_roles.pm + +commit 7ea96d8d43255e845fc99ea7dc374489114a01ce +Author: James Rouzier +Date: Tue Jan 7 09:27:30 2014 -0500 + + Added multi layers cache and new namespace + +M conf/chi.conf + +commit a0e811e48561415b649fdee93a5f08bf935d676a +Author: James Rouzier +Date: Tue Jan 7 09:09:43 2014 -0500 + + Added DROP permission on the radius_nas table + +M html/pfappserver/lib/pfappserver/Model/DB.pm + +commit af6a9ce4a724d1d7fdf3b8d35b07b7786303517a +Author: James Rouzier +Date: Tue Jan 7 09:03:14 2014 -0500 + + Use truncate table to clear all records from a table + +M lib/pf/freeradius.pm + +commit 766cbf645dee371da1d4468ad8e8a37453ec1295 +Author: James Rouzier +Date: Tue Jan 7 08:59:40 2014 -0500 + + Added bulk insert + +M lib/pf/freeradius.pm + +commit 0a9910d54d40846b0a40c109a2deb6adf48a76d1 +Author: James Rouzier +Date: Tue Jan 7 08:58:57 2014 -0500 + + Removing readViolationConfigFile function + +M lib/pf/pfcmd/checkup.pm + +commit d056adc5e46a639e87b508470e4e5f65e3822b1b +Author: James Rouzier +Date: Tue Jan 7 08:58:15 2014 -0500 + + Reloading violation/switch data into database on startup and config change + +M sbin/pfcache + +commit 0ce0183ee6eeac143eeb530781c732c3ff23579a +Author: James Rouzier +Date: Mon Jan 6 18:27:23 2014 -0500 + + Removed readViolationConfigFile + +M lib/pf/services/snort.pm +M lib/pf/services/suricata.pm + +commit f52f112fa956abfe6d3883580329b9efe3535fd3 +Author: James Rouzier +Date: Mon Jan 6 18:26:47 2014 -0500 + + Has no dependancies + +M lib/pf/services/manager/memcached.pm + +commit 38f6f17af804d935efe702110443c4def269d328 +Author: James Rouzier +Date: Mon Jan 6 18:26:05 2014 -0500 + + It is only dependant on memcached + +M lib/pf/services/manager/pfcache.pm + +commit 52a48fda0c6e546ddc1513bd5fbee954d234f813 +Author: James Rouzier +Date: Mon Jan 6 12:32:30 2014 -0500 + + Removed readViolationConfigFile + +M lib/pf/ConfigStore/Violations.pm +M lib/pf/services.pm +M lib/pf/violation_config.pm + +commit 7542c90a561718ecb7cd7bba524cd97eb50aa2a9 +Author: James Rouzier +Date: Mon Jan 6 09:37:04 2014 -0500 + + Remove loading of the nas config + +M lib/pf/services/manager/radiusd.pm +M lib/pf/services/radiusd.pm + +commit 61db7cb28fe27903994aff9cf2c7557b180ae8be +Author: James Rouzier +Date: Mon Jan 6 09:31:59 2014 -0500 + + Change default cache update interval to 10 seconds + +M conf/pf.conf.defaults + +commit 283e8ced8d57cb14bf6c6aa1d57ef7e864fbf9b2 +Author: James Rouzier +Date: Mon Jan 6 08:56:47 2014 -0500 + + Moved to switch reload logic to pfcache + +M lib/pf/ConfigStore/Switch.pm +M sbin/pfcache + +commit 01d35da8b3e74507d4abf635f51488e11ea57177 +Author: James Rouzier +Date: Thu Jan 2 12:36:28 2014 -0500 + + Load the violation config + +M sbin/pfcache + +commit 1e097869389ce54d8830baefdab2008d1adc4f36 +Author: James Rouzier +Date: Mon Dec 30 23:27:08 2013 -0500 + + Will only refresh from the cache not from onfile loads + +M html/captive-portal/lib/captiveportal.pm +M html/pfappserver/lib/pfappserver.pm +M lib/pf/WebAPI/InitHandler.pm +M lib/pf/config/cached.pm +M sbin/pfdetect +M sbin/pfdhcplistener +M sbin/pfdns +M sbin/pfmon +M sbin/pfsetvlan + +commit 87eeb2247d42dfd9fa16ff8c2cb485fda7af0327 +Author: James Rouzier +Date: Mon Dec 30 19:59:48 2013 -0500 + + pfcache service does not require checkout + +M lib/pf/services/manager/pfcache.pm + +commit 80d8755cac58572f982e1af353a8ee71abeb1675 +Author: James Rouzier +Date: Mon Dec 30 19:54:29 2013 -0500 + + Added all the config files to be reloaded + +M sbin/pfcache + +commit ebc153c3710cd6b9ac84dbbdf277c106392a50f3 +Author: James Rouzier +Date: Mon Dec 30 18:54:02 2013 -0500 + + Move the cache reload logic from SwitchOverlay to Switch + Split the logic of recalculating SwitchConfig and sync database information + +M lib/pf/ConfigStore/Switch.pm +M lib/pf/ConfigStore/SwitchOverlay.pm + +commit e2d2e2ec1115f081d680a8815f81640e36fc4cd6 +Author: James Rouzier +Date: Mon Dec 30 18:20:15 2013 -0500 + + Added the pfcache service + +M bin/pfcmd.pl +M conf/chi.conf +M conf/documentation.conf +M conf/pf.conf.defaults +M lib/pf/pfcmd.pm +M lib/pf/services.pm +A lib/pf/services/manager/pfcache.pm +A sbin/pfcache + +commit efd7089ba91af3bfc00bd6b376a870bc459483aa +Author: James Rouzier +Date: Mon Dec 30 18:10:44 2013 -0500 + + Add pfcache to the dependsOnServices + +M lib/pf/services/manager.pm + +commit bbac7011df5c89a6f06725d044e33899874d300a +Author: James Rouzier +Date: Mon Dec 23 11:33:12 2013 -0500 + + Convert timestamp to a 64bit number + +M lib/pf/IniFiles.pm + +commit 0cdd9b318c51a9e18d3fadcf2c025b846a31cf35 +Author: Durand Fabrice +Date: Tue Jan 21 14:21:17 2014 -0500 + + Restored template_path in portal profile + +M lib/pf/Portal/ProfileFactory.pm + +commit 44202d4e6e43777a4a599843131d131392a9eccb +Author: James Rouzier +Date: Mon Jan 20 13:32:13 2014 -0500 + + Fix issue with release number and updated file mode + +M addons/pf-maint.pl + +commit 5aac5840ad338f85eff56ebcc890d21ef29a5af7 +Author: Durand Fabrice +Date: Mon Jan 20 09:42:16 2014 -0500 + + Force perl(Moose) <= 2.1005 in spec + +M addons/packages/packetfence.spec + +commit 665838065ba65751bfafa06600fb52b79475901f +Author: Francis Lachapelle +Date: Fri Jan 17 10:47:07 2014 -0500 + + Force localized msgs of captive portal to UTF-8 + +M lib/pf/Portal/Session.pm + +commit f38639dc1085251031b49e3470ed732ffe50bf91 +Author: Francis Lachapelle +Date: Fri Jan 17 10:46:01 2014 -0500 + + Locales of portal profiles must be sortable + +M html/pfappserver/lib/pfappserver/Form/Portal/Common.pm +M html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm +M html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm +M html/pfappserver/root/portal/profile/view.tt +M html/pfappserver/root/static/admin/configuration/portal_profile.js + +commit f1e234847617a17665e70670e3c7b215ad983e8c +Author: Francis Lachapelle +Date: Thu Jan 16 13:07:45 2014 -0500 + + Don't initialize hidden multiple-value selects + + Fixes #1759 + +M html/pfappserver/root/static/admin/common.js + +commit f6ed86c51c3e048fb1a37e91062fad302b69b5e0 +Author: Francis Lachapelle +Date: Thu Jan 16 13:06:18 2014 -0500 + + Web admin: fix JavaScript issues with IE + +M html/pfappserver/lib/pfappserver/Controller/Admin.pm +M html/pfappserver/lib/pfappserver/Form/Config/Pf.pm +M html/pfappserver/root/static/admin/login.js +M html/pfappserver/root/static/js/node.js + +commit 7bca3857dfab6a1684019a3721a4aa483c7fea2b +Author: Francis Lachapelle +Date: Wed Jan 15 15:14:41 2014 -0500 + + Improve UPGRADE file + +M UPGRADE.asciidoc + +commit 901570231a89fb023ee0c1fa9f32d048703932cf +Author: Francis Lachapelle +Date: Wed Jan 15 15:13:05 2014 -0500 + + Restore 'name' attribute of portal profiles + +M lib/pf/Portal/ProfileFactory.pm + +commit 48bf047ce3366f6ec17ad1e85a50926a34efac0c +Author: Francis Lachapelle +Date: Wed Jan 15 15:05:51 2014 -0500 + + Allow locales to be defined per portal profile + + Moved general.locale to profiles.conf. Also improved the way we detect + the user's prefered languages. The localized templates for violations + must now use one of the supported locales as their suffix. The supported + locales are defined in lib/pf/web/constants.pm. + +M NEWS.asciidoc +M conf/documentation.conf +M conf/pf.conf.defaults +M conf/profiles.conf +M html/pfappserver/lib/pfappserver/Form/Portal/Common.pm +M html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm +M html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm +M lib/pf/ConfigStore/Profile.pm +M lib/pf/Portal/Profile.pm +M lib/pf/Portal/Session.pm +M lib/pf/config.pm +M lib/pf/web.pm +M lib/pf/web/constants.pm + +commit 5ce8097face8c987b0b38283cb2972130516aa93 +Author: Francis Lachapelle +Date: Tue Jan 14 11:51:44 2014 -0500 + + Send contact email address when submitting data + +M html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm +M html/pfappserver/lib/pfappserver/Controller/Configuration/UserAgents.pm + +commit 5190c4a164b3d906bd447104c6229d78f8341c0d +Author: Francis Lachapelle +Date: Tue Jan 14 11:41:09 2014 -0500 + + Fix IE8 error on web admin users page + + The 'class' attribute is a reserved word that must be quoted under IE8. + +M html/pfappserver/root/static/js/node.js + +commit dff8c1fbc9ff850cd50f7d705af36eb97f3e29c9 +Author: Francis Lachapelle +Date: Tue Jan 14 10:23:47 2014 -0500 + + Reevaluate access when changing role of nodes + + This fixes changing the role from the bulk actions menu. + + Fixes #1757 + +M NEWS.asciidoc +M html/pfappserver/lib/pfappserver/Model/Node.pm + +commit 4d68050fdff9b1b54abb67611dff639f519e8774 +Author: Francis Lachapelle +Date: Tue Jan 14 10:00:22 2014 -0500 + + Fix access reevaluation when editing pending node + + The problem was only affecting pending nodes when trying to register or + unregister using the bulk actions menu. + +M NEWS.asciidoc +M html/pfappserver/lib/pfappserver/Model/Node.pm + +commit 0b7b856b29a481f4b5c6d59503733ad4ee82f4a0 +Author: James Rouzier +Date: Mon Jan 13 16:26:02 2014 -0500 + + A script for maintaining pf directories from github + +A addons/pf-maint.pl + +commit 2c36322b4c2974438e0f52d55df7d4099b0bf2be +Author: Francis Lachapelle +Date: Mon Jan 13 15:24:49 2014 -0500 + + Add access rights to MDM management + +M html/pfappserver/lib/pfappserver/Controller/ConfigStore/Mdm.pm +M html/pfappserver/root/admin/configuration.tt +M html/pfappserver/root/configstore/mdm/index.tt +M html/pfappserver/root/configstore/mdm/list.tt +M html/pfappserver/root/configstore/mdm/view.tt +M lib/pf/admin_roles.pm + +commit e050641beac80c38b4212d48e8daf5480fccba64 +Author: Francis Lachapelle +Date: Mon Jan 13 15:12:16 2014 -0500 + + Fix redirection when logging in + +M html/pfappserver/lib/pfappserver/Controller/Admin.pm +M html/pfappserver/root/admin/login.tt +M html/pfappserver/root/static/admin/login.js + +commit 677c6fe4aec62b69cfdbac47ce478d4c0d1770cd +Author: Francis Lachapelle +Date: Mon Jan 13 11:28:58 2014 -0500 + + Improve code style + +M html/pfappserver/lib/pfappserver/Form/Field/Duration.pm +M html/pfappserver/lib/pfappserver/Model/Admin.pm +M html/pfappserver/lib/pfappserver/Role/Controller/BulkActions.pm +M html/pfappserver/root/static/admin/configuration/portal_profile.js + +commit c9ce8ddcd531ef9aae49fca12d41ee0ae48c9b83 +Author: Francis Lachapelle +Date: Mon Jan 13 08:53:51 2014 -0500 + + Improve UPGRADE procedure + +M UPGRADE.asciidoc + +commit c93ffcac6775e01bf983dc968dc1b923cbfe414f +Author: Francis Lachapelle +Date: Mon Jan 13 08:41:50 2014 -0500 + + person.pm: Fix SQL bind variables of INSERT stmt + +M lib/pf/person.pm + +commit 2e74990d3117551c9288c67ec79a55c418676370 +Author: James Rouzier +Date: Fri Jan 10 14:59:47 2014 -0500 + + Ensure the interfaces that pfdhcplistener are unique + +M lib/pf/services/manager/pfdhcplistener.pm + +commit 4e980027a1c45eceb4213e3f6ad112199f6a865f +Author: Francis Lachapelle +Date: Fri Jan 10 16:13:36 2014 -0500 + + Fix display of portal profiles settings tab + +M html/pfappserver/root/portal/profile/view.tt + +commit 9c684d34456fc67555cee6bb6c070dbcbe87517b +Author: Francis Lachapelle +Date: Fri Jan 10 15:43:13 2014 -0500 + + Fix comparison of possible uninitialized values + +M html/pfappserver/lib/pfappserver/Model/Node.pm + +commit cbdcb0722c097fb23d9bed4d513070d0c2b9ce9e +Author: James Rouzier +Date: Fri Nov 22 08:16:15 2013 -0500 + + Added new bulk action for opening violations on mulitple users and node + +M html/pfappserver/lib/pfappserver/Controller/User.pm + +commit c5a95038199edcb0e7640104ce2987a8487df053 +Author: James Rouzier +Date: Thu Jan 9 15:16:03 2014 -0500 + + Fixed issue where Node Saved searches were not being saved + +M html/pfappserver/root/admin/nodes.tt +A html/pfappserver/root/admin/saved_search.inc +M html/pfappserver/root/admin/users.tt + +commit ab3969a6a36c888f147ccfe807719f71d47b9a50 +Author: James Rouzier +Date: Thu Jan 9 13:30:32 2014 -0500 + + Added new function listify + +M lib/pf/util.pm + +commit 304d6cf2019bd25629ebf2c30c54a0deec44f85a +Author: James Rouzier +Date: Thu Jan 9 13:29:34 2014 -0500 + + Accepts case where an item is a scalar + +M raddb/packetfence.pm + +commit 5d0de3e36962b4512ac4a4fd9c119b6a92108736 +Author: Loick Pelet +Date: Thu Jan 9 13:06:56 2014 -0500 + + replaced print by logger + +M html/pfappserver/lib/pfappserver/Model/Admin.pm + +commit c6c3b92a93b88ef519e88506af7afebec43c9a5b +Author: Loick Pelet +Date: Thu Jan 9 11:39:54 2014 -0500 + + fetch version from dhcp_fingerprints.conf and push in submission form + +M html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm +M html/pfappserver/lib/pfappserver/Model/Admin.pm + +commit 3b003ca8967696e8dced8e1499dcd739e24ea5d6 +Author: Durand Fabrice +Date: Thu Jan 9 08:48:42 2014 -0500 + + Fixed curl option to prevent freeradius crash + +M lib/pf/radius/soapclient.pm + +commit c9b49b3dd162b5c71b45ac8efa4d5ed0e3e8705f +Author: James Rouzier +Date: Wed Jan 8 18:21:59 2014 -0500 + + Revert "added version of fingerbank" + + This reverts commit 061e8a4498e9cb60d5d3d6b05481b154f40bce1f. + +M html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm + +commit a850f8a52432126953bc1eb708a4822946374354 +Author: James Rouzier +Date: Wed Jan 8 18:18:55 2014 -0500 + + Revert "Merge branch 'devel' into feature/fingerbank" + + This reverts commit e164c3df2ea24807d6928d10b355827e11454e98, reversing + changes made to 13b330f620cd2026533a8ba39a0997eb44c98a02. + +M NEWS.old + +commit 4287cb8d40547c8951c0a20e806fc2a9b738abed +Author: Loick Pelet +Date: Tue Jan 7 14:09:58 2014 -0500 + + corrected duplicated class 1503 + +M conf/dhcp_fingerprints.conf + +commit 061e8a4498e9cb60d5d3d6b05481b154f40bce1f +Author: Loick Pelet +Date: Mon Jan 6 17:41:04 2014 -0500 + + added version of fingerbank + +M html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm + +commit 13b330f620cd2026533a8ba39a0997eb44c98a02 +Author: Loick Pelet +Date: Mon Jan 6 14:40:34 2014 -0500 + + updated database fingerprints from Fingerbank + +M conf/dhcp_fingerprints.conf + +commit 546d5bbb7a7df37fa16866b1463c1f244a753bdb +Author: Durand Fabrice +Date: Mon Jan 6 14:36:04 2014 -0500 + + Added soap call function as the username in the webservices_access_log and unset CURLOPT_DNS_USE_GLOBAL_CACHE in curl option + +M lib/pf/WebAPI.pm +M lib/pf/radius/soapclient.pm + +commit 5f0ed5d54f23ae355a4d615706b332f2c5a63ead +Author: James Rouzier +Date: Thu Jan 2 16:58:22 2014 -0500 + + change the default of the monitor and management network interface to an empty string + +M lib/pf/config.pm + +commit 279e3f7004fc53274bb163bf16d69a31cd3a2284 +Author: James Rouzier +Date: Thu Jan 2 16:00:42 2014 -0500 + + Verify if the monitor interface is configure + +M lib/pf/services/manager/roles/pf_conf_trapping_engine.pm + +commit 759b0ae5e84ee408e3268450d8d4d0d271e6ebdb +Author: Durand Fabrice +Date: Thu Jan 2 10:12:22 2014 -0500 + + Update dep + +M debian/control + +commit 56d510d059ce4cc4945ae1e3929ee5a0d0dae6d2 +Author: Durand Fabrice +Date: Thu Jan 2 08:28:48 2014 -0500 + + Removed Dumper from Aruba switch module + +M lib/pf/SNMP/Aruba.pm + +commit af14dcbdafc535f534e9ee3c60838256203cb797 +Author: Durand Fabrice +Date: Mon Dec 30 13:32:53 2013 -0500 + + Fix for test + +M lib/pf/util.pm +M t/network-devices/wireless.t +M t/util.t + +commit f3aa50060aad82649b3aa9478bed06f5ea2b3dc2 +Author: Durand Fabrice +Date: Mon Dec 30 11:54:49 2013 -0500 + + Updated spec file (added cgi files that have been previously removed) + +M addons/packages/packetfence.spec + +commit b4a34779313f7466fdb04d8345bc71ffd34e2a94 +Author: Durand Fabrice +Date: Mon Dec 30 11:42:30 2013 -0500 + + Update spec file for missing files + +M addons/packages/packetfence.spec + +commit 8255430c40643b8f059f01c37f8acc00063c6db5 +Author: Loick Pelet +Date: Thu Dec 26 10:43:32 2013 -0500 + + fixed 2 times portal_error_logs + +M addons/logrotate + +commit a2ce9b28bb9ed7c839fca8fa8dcdb82719a453d8 +Author: Francis Lachapelle +Date: Mon Dec 23 17:23:21 2013 -0500 + + Web admin: landing page must depend on ACLs + +M NEWS.asciidoc +M html/pfappserver/lib/pfappserver/Controller/Admin.pm +M html/pfappserver/root/admin/wrapper.tt + +commit 029ffbbb380c4eeffc7576ebf77ca73cbe9e2ed3 +Author: James Rouzier +Date: Thu Dec 19 11:13:42 2013 -0500 + + Moved to a generalized items.js for floatingdevices + +M html/pfappserver/root/configuration/floatingdevice/index.tt +M html/pfappserver/root/configuration/floatingdevice/list.tt +M html/pfappserver/root/static/admin/configuration/floatingdevices.js + +commit dd472f791aaf2587b2c0fdf076a17f4c24cf5d26 +Author: James Rouzier +Date: Thu Dec 19 10:32:02 2013 -0500 + + Moved the setupItem function to the constructor + +M html/pfappserver/root/static/admin/configuration/items.js + +commit b54793c1e3ad8dc021281123689972d8d34e2078 +Author: James Rouzier +Date: Thu Dec 19 10:30:20 2013 -0500 + + Removing wrix tab + +M html/pfappserver/root/configuration/switch/view.tt + +commit e41edd22b1be5c842400deeeff637ea7abe04409 +Author: James Rouzier +Date: Thu Dec 19 01:23:17 2013 -0500 + + Fixed the double form issue + +M html/pfappserver/root/configuration/wrix/list.tt + +commit 39dee1c712563519dbec46794900987c161a6b4d +Author: James Rouzier +Date: Thu Dec 19 01:15:06 2013 -0500 + + Moved to using items.js + +M html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm +A html/pfappserver/root/configuration/adminroles/clone.tt +A html/pfappserver/root/configuration/adminroles/create.tt +M html/pfappserver/root/configuration/adminroles/index.tt +M html/pfappserver/root/configuration/adminroles/list.tt +M html/pfappserver/root/configuration/adminroles/view.tt +D html/pfappserver/root/static/admin/configuration/adminroles.js + +commit 707488d1dfec2d859d361ceae6716a9c888739ee +Author: James Rouzier +Date: Thu Dec 19 01:14:23 2013 -0500 + + Removed the extra items.js and removed adminroles.js + +M html/pfappserver/root/admin/configuration.tt + +commit b894d340a41d78d96cfc3e4313c7a7a69f61b18f +Author: James Rouzier +Date: Thu Dec 19 01:13:34 2013 -0500 + + Generalized the modalId and the formName + +M html/pfappserver/root/static/admin/configuration/items.js + +commit 523978af1c492e52ef51ae597366501b83da6251 +Author: James Rouzier +Date: Thu Dec 19 00:13:13 2013 -0500 + + Only include items.js once + +M html/pfappserver/root/admin/configuration.tt + +commit 9541b65de8fb933809ddcaeab9d31ac5a610dc47 +Author: James Rouzier +Date: Mon Dec 16 14:31:41 2013 -0500 + + Change namespace from captive::portal to captiveportal + +M html/captive-portal/Changes +M html/captive-portal/captive_portal.conf +D html/captive-portal/lib/captive/portal.pm +D html/captive-portal/lib/captive/portal/Base/Controller.pm +D html/captive-portal/lib/captive/portal/Controller/Access.pm +D html/captive-portal/lib/captive/portal/Controller/Activate/Email.pm +D html/captive-portal/lib/captive/portal/Controller/Activate/Sms.pm +D html/captive-portal/lib/captive/portal/Controller/Aup.pm +D html/captive-portal/lib/captive/portal/Controller/Authenticate.pm +D html/captive-portal/lib/captive/portal/Controller/CaptivePortal.pm +D html/captive-portal/lib/captive/portal/Controller/Enabler.pm +D html/captive-portal/lib/captive/portal/Controller/GamingRegistration.pm +D html/captive-portal/lib/captive/portal/Controller/Node/Manager.pm +D html/captive-portal/lib/captive/portal/Controller/Oauth2.pm +D html/captive-portal/lib/captive/portal/Controller/Pay.pm +D html/captive-portal/lib/captive/portal/Controller/PreRegister.pm +D html/captive-portal/lib/captive/portal/Controller/Redirect.pm +D html/captive-portal/lib/captive/portal/Controller/Release.pm +D html/captive-portal/lib/captive/portal/Controller/Remediation.pm +D html/captive-portal/lib/captive/portal/Controller/Root.pm +D html/captive-portal/lib/captive/portal/Controller/Signup.pm +D html/captive-portal/lib/captive/portal/Controller/Status.pm +D html/captive-portal/lib/captive/portal/Controller/WirelessProfile.pm +D html/captive-portal/lib/captive/portal/Model/Portal/Session.pm +D html/captive-portal/lib/captive/portal/Role/Action/Hookable.pm +D html/captive-portal/lib/captive/portal/Role/Action/Hookable/After.pm +D html/captive-portal/lib/captive/portal/Role/Action/Hookable/Before.pm +D html/captive-portal/lib/captive/portal/Role/Action/Hookable/Override.pm +D html/captive-portal/lib/captive/portal/View/HTML.pm +D html/captive-portal/lib/captive/portal/View/MobileConfig.pm +A html/captive-portal/lib/captiveportal.pm +A html/captive-portal/lib/captiveportal/Base/Controller.pm +A html/captive-portal/lib/captiveportal/Controller/Access.pm +A html/captive-portal/lib/captiveportal/Controller/Activate/Email.pm +A html/captive-portal/lib/captiveportal/Controller/Activate/Sms.pm +A html/captive-portal/lib/captiveportal/Controller/Aup.pm +A html/captive-portal/lib/captiveportal/Controller/Authenticate.pm +A html/captive-portal/lib/captiveportal/Controller/CaptivePortal.pm +A html/captive-portal/lib/captiveportal/Controller/Enabler.pm +A html/captive-portal/lib/captiveportal/Controller/GamingRegistration.pm +A html/captive-portal/lib/captiveportal/Controller/Node/Manager.pm +A html/captive-portal/lib/captiveportal/Controller/Oauth2.pm +A html/captive-portal/lib/captiveportal/Controller/Pay.pm +A html/captive-portal/lib/captiveportal/Controller/PreRegister.pm +A html/captive-portal/lib/captiveportal/Controller/Redirect.pm +A html/captive-portal/lib/captiveportal/Controller/Release.pm +A html/captive-portal/lib/captiveportal/Controller/Remediation.pm +A html/captive-portal/lib/captiveportal/Controller/Root.pm +A html/captive-portal/lib/captiveportal/Controller/Signup.pm +A html/captive-portal/lib/captiveportal/Controller/Status.pm +A html/captive-portal/lib/captiveportal/Controller/WirelessProfile.pm +A html/captive-portal/lib/captiveportal/Model/Portal/Session.pm +A html/captive-portal/lib/captiveportal/Role/Action/Hookable.pm +A html/captive-portal/lib/captiveportal/Role/Action/Hookable/After.pm +A html/captive-portal/lib/captiveportal/Role/Action/Hookable/Before.pm +A html/captive-portal/lib/captiveportal/Role/Action/Hookable/Override.pm +A html/captive-portal/lib/captiveportal/View/HTML.pm +A html/captive-portal/lib/captiveportal/View/MobileConfig.pm +M html/captive-portal/script/captive_portal_cgi.pl +M html/captive-portal/script/captive_portal_create.pl +M html/captive-portal/script/captive_portal_fastcgi.pl +M html/captive-portal/script/captive_portal_server.pl +M html/captive-portal/script/captive_portal_test.pl +M html/captive-portal/t/01app.t +M html/captive-portal/t/view_HTML.t + +commit e2849b4677d2e54b23c76105ffc8f7e59483df10 +Author: James Rouzier +Date: Mon Dec 16 13:40:13 2013 -0500 + + detach after maxRegNodesReached + +M html/captive-portal/lib/captive/portal/Controller/Root.pm + +commit 29db97e6c922a433d324591dc134ee4c05835681 +Author: James Rouzier +Date: Mon Dec 16 13:37:37 2013 -0500 + + Gaming registration ported + +M html/captive-portal/lib/captive/portal/Controller/GamingRegistration.pm + +commit a0d10efcac36136462559ac05347052a4e93d626 +Author: James Rouzier +Date: Mon Dec 16 13:34:21 2013 -0500 + + Move the display of the login page to the postAuthentication hook + +M html/captive-portal/lib/captive/portal/Controller/Authenticate.pm + +commit fca12eb3307c2667135bdf984781b940100d67bb +Author: James Rouzier +Date: Mon Nov 25 09:58:52 2013 -0500 + + Fix pod + +M html/captive-portal/lib/captive/portal/Controller/Authenticate.pm + +commit 261fb0994745040a0bb14caa086e5a7c17e3ccb3 +Author: James Rouzier +Date: Mon Nov 25 09:56:19 2013 -0500 + + Add guestModeAllowed method + +M lib/pf/Portal/Profile.pm + +commit edfa84c0f8076ee9a3d27e610ab6889a33eff4ef +Author: James Rouzier +Date: Mon Nov 25 09:55:24 2013 -0500 + + Added override for Root::maxRegNodesReached + +M html/captive-portal/captive_portal.conf + +commit b4e5fd1fabc7c9154f666f939fe386bec331de5e +Author: James Rouzier +Date: Mon Nov 25 09:52:56 2013 -0500 + + Port of cgi to catalyst + +A html/captive-portal/lib/captive/portal/Base/Controller.pm +A html/captive-portal/lib/captive/portal/Controller/Access.pm +A html/captive-portal/lib/captive/portal/Controller/Activate/Email.pm +A html/captive-portal/lib/captive/portal/Controller/Activate/Sms.pm +A html/captive-portal/lib/captive/portal/Controller/Aup.pm +A html/captive-portal/lib/captive/portal/Controller/Authenticate.pm +A html/captive-portal/lib/captive/portal/Controller/CaptivePortal.pm +A html/captive-portal/lib/captive/portal/Controller/Enabler.pm +A html/captive-portal/lib/captive/portal/Controller/GamingRegistration.pm +A html/captive-portal/lib/captive/portal/Controller/Node/Manager.pm +A html/captive-portal/lib/captive/portal/Controller/Oauth2.pm +A html/captive-portal/lib/captive/portal/Controller/Pay.pm +A html/captive-portal/lib/captive/portal/Controller/PreRegister.pm +A html/captive-portal/lib/captive/portal/Controller/Redirect.pm +A html/captive-portal/lib/captive/portal/Controller/Release.pm +A html/captive-portal/lib/captive/portal/Controller/Remediation.pm +A html/captive-portal/lib/captive/portal/Controller/Root.pm +A html/captive-portal/lib/captive/portal/Controller/Signup.pm +A html/captive-portal/lib/captive/portal/Controller/Status.pm +A html/captive-portal/lib/captive/portal/Controller/WirelessProfile.pm +A html/captive-portal/lib/captive/portal/Model/Portal/Session.pm +A html/captive-portal/lib/captive/portal/Role/Action/Hookable.pm +A html/captive-portal/lib/captive/portal/Role/Action/Hookable/After.pm +A html/captive-portal/lib/captive/portal/Role/Action/Hookable/Before.pm +A html/captive-portal/lib/captive/portal/Role/Action/Hookable/Override.pm +A html/captive-portal/lib/captive/portal/View/HTML.pm +A html/captive-portal/lib/captive/portal/View/MobileConfig.pm +M html/captive-portal/templates/status.html +A t/captive-portal_libs.t + +commit 3d6ad7255ab75e43b8787ec549abe1b62416c49e +Author: James Rouzier +Date: Mon Nov 25 09:23:07 2013 -0500 + + Init catalyst app + +A html/captive-portal/Changes +A html/captive-portal/Makefile.PL +A html/captive-portal/README +A html/captive-portal/captive_portal.conf +A html/captive-portal/lib/captive/portal.pm +A html/captive-portal/script/captive_portal_cgi.pl +A html/captive-portal/script/captive_portal_create.pl +A html/captive-portal/script/captive_portal_fastcgi.pl +A html/captive-portal/script/captive_portal_server.pl +A html/captive-portal/script/captive_portal_test.pl +A html/captive-portal/t/01app.t +A html/captive-portal/t/02pod.t +A html/captive-portal/t/03podcoverage.t +A html/captive-portal/t/view_HTML.t + +commit 6c58094bf0111b2bddba479ccac1170df79145b8 +Author: James Rouzier +Date: Tue Nov 19 20:19:21 2013 -0500 + + Added new method getDefaultOfType + +M lib/pf/Authentication/Source.pm + +commit 3643ad5962431243918aee766da928a369d74d9e +Author: James Rouzier +Date: Wed Dec 18 18:31:47 2013 -0500 + + Removed the VHO authentication source + +D html/pfappserver/lib/pfappserver/Form/Authentication/Source/VHO.pm +D html/pfappserver/root/authentication/source/type/VHO.tt +D lib/pf/Authentication/Source/VHOSource.pm +M lib/pf/authentication.pm + +commit 0aa2934b50b4d44905f3ac8b751fe474954d840d +Author: James Rouzier +Date: Wed Nov 27 16:30:25 2013 -0500 + + Extend precision of lat & long + +M html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm + +commit 67c6ce76f905bdf133bd74a0534d12fad7bafd7b +Author: James Rouzier +Date: Wed Nov 27 16:07:27 2013 -0500 + + Avoid the export being covered by success & error messages + +M html/pfappserver/root/configuration/wrix/index.tt + +commit 47d8637b6bcb407aa0a27dd73a51a74dd1fa8a4a +Author: James Rouzier +Date: Wed Nov 27 16:04:17 2013 -0500 + + Fixed incorrect name for form + +M html/pfappserver/root/configuration/wrix/view.tt + +commit a23b814e235d649cd41193b63c9b247bba048544 +Author: James Rouzier +Date: Tue Nov 19 11:07:35 2013 -0500 + + Reload nas_config when rebuilding config + +M lib/pf/services/radiusd.pm + +commit 335e32cbb97dd1c01f13ab6c7e1e0e5a59cc3060 +Author: James Rouzier +Date: Thu Nov 14 13:14:17 2013 -0500 + + Adding VHOSource to lib/pf/authentication.pm + +A lib/pf/Authentication/Source/VHOSource.pm +M lib/pf/authentication.pm + +commit fc4b9bfdb33b5a6c390d747057112de4e23fd22b +Author: James Rouzier +Date: Thu Nov 14 13:04:04 2013 -0500 + + Inherit from the correct source + +M html/pfappserver/lib/pfappserver/Form/Authentication/Source/VHO.pm + +commit 201623146c036d5d009962f5dd9c0225cdb599bb +Author: James Rouzier +Date: Wed Nov 13 16:56:16 2013 -0500 + + pfcmd service radius status will not die if the database is down + +M lib/pf/db.pm +M lib/pf/freeradius.pm + +commit c276fbea6e19a8084819e1da8e8e1bc4820622bd +Author: James Rouzier +Date: Wed Nov 6 16:45:48 2013 -0500 + + Added new Authentication Source VHO + +A html/pfappserver/lib/pfappserver/Form/Authentication/Source/VHO.pm +A html/pfappserver/root/authentication/source/type/VHO.tt + +commit 3eb1348419fd1b43ed18d44d952666548ac8f21a +Author: James Rouzier +Date: Wed Nov 6 16:18:28 2013 -0500 + + Check if nasname is a valid ipaddress before importing + +M raddb/sql/mysql/packetfence.conf + +commit 7686f27b699235b395de9e9f8ae19490dda10b75 +Author: Durand Fabrice +Date: Tue Nov 5 13:35:14 2013 -0500 + + Fix issue with sql radius + +M raddb/sql/mysql/packetfence.conf + +commit ca394174db4f642ce7f5ba636bc5eaff7994b912 +Author: James Rouzier +Date: Wed Oct 30 16:18:26 2013 -0400 + + Updated news + +M NEWS.asciidoc + +commit 58416cfea14cd9320d814ec277b9617ce2258019 +Author: James Rouzier +Date: Wed Oct 30 16:17:35 2013 -0400 + + Fixed tainting issue and refactor fileLocking + +M lib/pf/config/cached.pm + +commit 7ef5dcff90ad5ce32f99d520e6b08cec8357f958 +Author: James Rouzier +Date: Wed Oct 30 15:52:34 2013 -0400 + + Added importCsv method + +M lib/pf/ConfigStore/Wrix.pm + +commit 1411ef0274d0054adee15255a5ca4594fc1e89f5 +Author: James Rouzier +Date: Wed Oct 30 15:10:10 2013 -0400 + + Updated help for import + +M lib/pf/pfcmd/help.pm + +commit 43fbf1cf7064628314e9e14eb2c4b5540fbf542a +Author: James Rouzier +Date: Wed Oct 30 15:08:23 2013 -0400 + + Added option pfmcd import wrix command + +M lib/pf/pfcmd.pm + +commit 0de307a8705f032ff225e8df019d78dad06fe8bb +Author: James Rouzier +Date: Wed Oct 30 15:04:42 2013 -0400 + + Added the ability to import a wrix csv file into wrix.conf + +M bin/pfcmd.pl + +commit 5f19ca0896bde8649f8a482ff8a3263328f03e08 +Author: James Rouzier +Date: Wed Oct 30 15:00:19 2013 -0400 + + Add additional error log + +M lib/pf/ConfigStore.pm + +commit f5e9ede7560ae743966903ce1cf9bd3452ea6473 +Author: James Rouzier +Date: Wed Oct 30 14:41:57 2013 -0400 + + Added method has changed + +M lib/pf/IniFiles.pm + +commit 25195a082d8e066dece25aa5044781ddc3d5c487 +Author: James Rouzier +Date: Wed Oct 30 12:34:06 2013 -0400 + + Make Data::Serializer::Storable the default serializer to avoid issue with storing floating point numbers + +M lib/pf/CHI.pm + +commit 802af568dbbb5f92d735cbbf98a4f1688370caa3 +Author: James Rouzier +Date: Wed Oct 30 12:09:10 2013 -0400 + + Added perl package Data::Serializer as a dependency + +M addons/packages/packetfence.spec +M debian/control + +commit d1f6d36a6b46aacc179e965f0f30f8f1bb3d9c5c +Author: Francis Lachapelle +Date: Tue Oct 29 15:44:18 2013 -0400 + + RADIUS: Get the return code from the eval block + +M raddb/packetfence.pm + +commit 34b9d9ec3499b15b9ca552c9f5e16d696ebf19c1 +Author: James Rouzier +Date: Tue Oct 29 14:21:31 2013 -0400 + + Remove unused parameter for sendLocalFirewallRequestTrap + +M lib/pf/SNMP/PacketFence.pm + +commit 7beedb1539fefb58d2cb3c19ff01fcbf71778fe5 +Author: James Rouzier +Date: Tue Oct 29 13:40:56 2013 -0400 + + Preload switch that are identified by ip address + +M raddb/sql/mysql/packetfence.conf + +commit a0afaf93250a7ad4389ee18ecc7847609afefc43 +Author: Francis Lachapelle +Date: Tue Oct 29 14:20:18 2013 -0400 + + Add price and transaction id to confirmation msg + + When using the billing engine, the confirmation email sent when + purchasing a tier now includes the price and the transaction ID. + +M conf/templates/emails-billing_confirmation.txt.tt +M html/captive-portal/billing-engine.cgi +M lib/pf/billing.pm + +commit a42ba141ad2dfa1ff2a1a8c6271edd67f377da0e +Author: Durand Fabrice +Date: Tue Oct 29 14:20:47 2013 -0400 + + Fix accounting + +M lib/pf/radius.pm + +commit d5979d4a6a7a16c1cb7e4d6be59d18786d26219d +Author: James Rouzier +Date: Fri Oct 25 14:32:21 2013 -0400 + + Move use thread to avoid combilation issues + +M addons/accounting.pl +M addons/recovery.pl + +commit c5083ad70a31021b2eac556e94d41bcff6969148 +Author: James Rouzier +Date: Thu Oct 24 17:21:07 2013 -0400 + + Verify mac is defined + +M lib/pf/util.pm + +commit 0656cfa02cc0bc0d616018bc018ff21cf317d567 +Author: James Rouzier +Date: Thu Oct 24 17:14:58 2013 -0400 + + Drop log level from error to debug + +M lib/pf/util.pm + +commit 62d0523a842772b0a6576b35aff03490c2f66b14 +Author: James Rouzier +Date: Thu Oct 24 16:40:19 2013 -0400 + + Location log updates + +M lib/pf/locationlog.pm + +commit b8b162471086a606eebaa73764d541df7d404aeb +Author: James Rouzier +Date: Thu Oct 24 15:21:37 2013 -0400 + + Fix validation of switch + +M lib/pf/pfcmd/checkup.pm + +commit e0bdd33284220bbef8c8fb138454616cdf55e5ad +Author: James Rouzier +Date: Thu Oct 24 15:08:16 2013 -0400 + + Overlay refactor + +M lib/pf/enforcement.pm + +commit ffa9cd33e14213dcb2a6065960dc497b840afbad +Author: James Rouzier +Date: Thu Oct 24 13:36:27 2013 -0400 + + Switch overlay from dynamic controller + +M conf/radiusd/radiusd.conf +A db/dynamic-controller.sql +M lib/pf/ConfigStore/Switch.pm +A lib/pf/ConfigStore/SwitchOverlay.pm +M lib/pf/SwitchFactory.pm +M lib/pf/file_paths.pm +A raddb/modules/raw +M raddb/sites-available/dynamic-clients + +commit f2a26c2fa76cdd8d89fdf15a5204e751f4aa3199 +Author: Durand Fabrice +Date: Thu Oct 24 11:09:44 2013 -0400 + + Fix small bugs + +M conf/templates/emails-billing_confirmation.txt.tt +M lib/pf/billing.pm + +commit 306695dbf488d5afc5fa03ed045bd85520c63ea6 +Author: Francis Lachapelle +Date: Wed Oct 23 16:41:24 2013 -0400 + + Send a confirmation email when purchasing a tier + +A conf/templates/emails-billing_confirmation.txt.tt +M html/captive-portal/billing-engine.cgi +M lib/pf/billing.pm + +commit 42710c804930fb8e4d41096bf46f5aba3d03a881 +Author: Francis Lachapelle +Date: Wed Oct 23 16:40:20 2013 -0400 + + Add pf::util::send_email (mail from template) + +M lib/pf/util.pm + +commit 63342ba187b1b1e6e85ad69fda91fe8bc5da2da3 +Author: James Rouzier +Date: Wed Oct 23 16:39:40 2013 -0400 + + Merge valid_mac_or_ip + +M lib/pf/util.pm + +commit 12ed0cfab7bea5260ced816291a8b09deca59457 +Author: James Rouzier +Date: Wed Oct 23 14:05:38 2013 -0400 + + Merge valid_mac_or_ip + +M lib/pf/util.pm + +commit b49905882c8140fc622112a1e92394a7aa5a9232 +Author: James Rouzier +Date: Wed Oct 23 13:20:40 2013 -0400 + + Merge from dynamic-controller + +M bin/pfcmd_vlan +M html/pfappserver/lib/pfappserver/Form/Config/Switch.pm +A html/pfappserver/lib/pfappserver/Form/Field/SwitchID.pm +M lib/pf/SNMP.pm +M lib/pf/SNMP/Accton.pm +M lib/pf/SNMP/Amer.pm +M lib/pf/SNMP/Aruba.pm +M lib/pf/SNMP/Cisco.pm +M lib/pf/SNMP/Dlink.pm +M lib/pf/SNMP/Extricom.pm +M lib/pf/SNMP/HP.pm +M lib/pf/SNMP/Intel/Express_460.pm +M lib/pf/SNMP/Intel/Express_530.pm +M lib/pf/SNMP/MockedSwitch.pm +M lib/pf/SNMP/PacketFence.pm +M lib/pf/SNMP/ThreeCom/SS4500.pm +M lib/pf/SNMP/Trapeze.pm +M lib/pf/SwitchFactory.pm +M lib/pf/radius.pm +M lib/pf/util/radius.pm +M sbin/pfdetect +M sbin/pfdhcplistener +M sbin/pfsetvlan +M t/hardware-snmp-objects.t +M t/pfcmd.t + +commit d6e4f438e615898c2f71271da68701e60bc405b0 +Author: Francis Lachapelle +Date: Fri Oct 18 15:33:22 2013 -0400 + + Improve template of 'status' page + +M html/captive-portal/templates/status.html + +commit c313fa3fde86d9922ec8e4a873f2119da9736394 +Author: Francis Lachapelle +Date: Fri Oct 18 14:34:55 2013 -0400 + + Check mode parameter first in register.cgi + + The new Null authentication source needs to be considered only if no + 'mode' parameter is specified. + + Conflicts: + html/captive-portal/register.cgi + +M html/captive-portal/register.cgi + +commit 4fc153dd1430833e8031661e2943e62eb9ec0c26 +Author: Francis Lachapelle +Date: Fri Oct 18 13:37:24 2013 -0400 + + Don't change pid of node from accounting info + +M lib/pf/radius.pm + +commit bceb8bacd97f9adba7a28d29faac0024165c2622 +Author: James Rouzier +Date: Fri Oct 18 13:29:34 2013 -0400 + + Added billing test script + +A addons/dev-helpers/test-billing.pl + +commit d06dfe644b2246db6d48bf27aff14725794eafcd +Author: James Rouzier +Date: Fri Oct 18 12:59:50 2013 -0400 + + Remove duplicated attributes + +M lib/pf/billing/gateway/mirapay/request.pm + +commit b94e795d70e59efdb151457e4aa41cd090a3073e +Author: James Rouzier +Date: Fri Oct 18 12:41:26 2013 -0400 + + Fixed typo + +M html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm + +commit f4d386ee84d6602e5f7079ecee3936ed5b9646ff +Author: James Rouzier +Date: Fri Oct 18 10:18:13 2013 -0400 + + Fixed mirapay url query + +M lib/pf/billing/gateway/mirapay/request.pm + +commit 726cdae9bc00e87ba5fc0d4a8f76de69628f750d +Author: James Rouzier +Date: Fri Oct 18 10:17:01 2013 -0400 + + Reversing the ccexpiration from MMYY to YYMM to match mirapay's interface + +M lib/pf/billing/gateway/mirapay.pm + +commit 9f2e2621359836198dd43e77cc9fe58cc810dbf7 +Author: Durand Fabrice +Date: Wed Oct 9 11:24:56 2013 -0400 + + Fix spec file + +M addons/packages/packetfence.spec + +commit 921392ea7866c8359834e4daa6910a6270afce57 +Author: Durand Fabrice +Date: Fri Oct 4 12:01:40 2013 -0400 + + Fix perl radius + +M raddb/packetfence.pm + +commit fdfd8a957cb27e3e40d11f8f2df3c94d17c92b12 +Author: James Rouzier +Date: Thu Sep 19 15:08:03 2013 -0400 + + Added new billing gateway mirapay + +M lib/pf/billing/gateway/mirapay.pm +M lib/pf/billing/gateway/mirapay/request.pm + +commit e0d7c057bd03c97726dbf2aa77c20453b2fc211c +Author: James Rouzier +Date: Thu Sep 19 15:05:52 2013 -0400 + + Added new mirapay billing section parameters + +M conf/documentation.conf +M conf/pf.conf.defaults +M html/pfappserver/lib/pfappserver/I18N/en.po + +commit 7411034542f0b606e61d3caa6706a0083e25623b +Author: James Rouzier +Date: Thu Sep 19 13:06:39 2013 -0400 + + Removed unused files + +D lib/pf/Moo/Role/AccessorAttribute.pm +D lib/pf/Moo/Util.pm +D lib/pf/Moo/Util/Gen.pm +D lib/pf/MooX/AccessorAttribute.pm + +commit 9045f809700a028e80755e91e01dda590a6fa473 +Author: James Rouzier +Date: Fri Sep 13 14:13:18 2013 -0400 + + Removing file + +D TODO + +commit 8c240ae3f95c6a31c09e48a045f9bc7ccac1a09a +Author: Francis Lachapelle +Date: Wed Sep 11 15:51:01 2013 -0400 + + Fix Apache configuration for new /status page + +M lib/pf/services/apache.pm + +commit 6836b4da4ae742f55161ba2fd1ac933b0405d676 +Author: Francis Lachapelle +Date: Wed Sep 11 13:35:59 2013 -0400 + + Close expiration violation when buying access time + + When a user buys more network access time, we close any previous + 'expiration' violation. We also make sure to add the remaining access + time left, if any. + +M html/captive-portal/billing-engine.cgi +M lib/pf/radius.pm +M lib/pf/radius/constants.pm + +commit e0e879e35ee7eb49d78eab79fff04e656092e525 +Author: Francis Lachapelle +Date: Wed Sep 11 13:21:08 2013 -0400 + + Remove unused violation 1200003 ($portscan_sid) + +M lib/pf/config.pm +M lib/pf/violation.pm + +commit fefe12ab251d1269c7b33942f035eb79a5c1fe63 +Author: Francis Lachapelle +Date: Wed Sep 11 13:17:26 2013 -0400 + + Fix stash in generate_billing_page + +M lib/pf/web/billing.pm + +commit b9054a4768211715e8fb347dba65101da0476e23 +Author: James Rouzier +Date: Fri Aug 16 11:28:20 2013 -0400 + + Added export link on page + +M html/pfappserver/root/configuration/wrix/index.tt + +commit eba08d502ff45120a30d4ab0f15a40fa3808cc0f +Author: James Rouzier +Date: Fri Aug 16 11:28:00 2013 -0400 + + Created new action export + +M html/pfappserver/lib/pfappserver/Controller/Configuration/Wrix.pm +A html/pfappserver/root/configuration/wrix/export.tt + +commit 3052dba0bff461f4b1df4151239ba6a0c756ef78 +Author: James Rouzier +Date: Fri Aug 16 11:26:55 2013 -0400 + + Fixed the order of fields and a typo + +M html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm + +commit 63dba0ba7643b3541d3ba3b94ad7e0dcd2e662f2 +Author: James Rouzier +Date: Fri Aug 16 11:24:14 2013 -0400 + + Added new CSV View + +A html/pfappserver/lib/pfappserver/View/CSV.pm + +commit 9c5d6cbce34019812f3e11619caef65612b7e0f6 +Author: James Rouzier +Date: Thu Aug 15 16:38:47 2013 -0400 + + Fixed saving cloning and creating wrix entries + +A html/pfappserver/root/configuration/wrix/clone.tt +A html/pfappserver/root/configuration/wrix/create.tt +M html/pfappserver/root/configuration/wrix/index.tt +M html/pfappserver/root/configuration/wrix/list.tt +M html/pfappserver/root/configuration/wrix/view.tt +M html/pfappserver/root/static/admin/configuration/items.js + +commit 2ff1f3a437304653e8eb28b15b1c70928113be8f +Author: James Rouzier +Date: Thu Aug 15 16:37:06 2013 -0400 + + Added Wrix link + +M html/pfappserver/root/admin/configuration.tt + +commit c107f203eced08d666bf4c8d45dd6eb4d82380b9 +Author: James Rouzier +Date: Thu Aug 15 16:36:29 2013 -0400 + + Added the ability to clone entries + +M html/pfappserver/lib/pfappserver/Controller/Configuration/Wrix.pm + +commit e4d2db577223d67a9af6dc51252b3655590d00d8 +Author: James Rouzier +Date: Tue Jul 30 11:36:06 2013 -0400 + + Added wrix config file + +M lib/pf/file_paths.pm + +commit 452ae0fece364245667843a768bae97ed9c42976 +Author: Francis Lachapelle +Date: Tue Sep 10 15:13:15 2013 -0400 + + Add usage_duration option to billing tiers + +M html/captive-portal/billing-engine.cgi +M lib/pf/billing.pm + +commit f8601ff015b51f05bfe7c2c04e6eec3aba388030 +Author: Francis Lachapelle +Date: Tue Sep 10 14:58:57 2013 -0400 + + New captive portal /status page + + Happy Easter (@734762d) + +M conf/httpd.conf.d/captive-portal-cleanurls.conf +A html/captive-portal/content/countdown.min.js +M html/captive-portal/register.cgi +A html/captive-portal/templates/status.html +M html/captive-portal/templates/violations/expiration.html +M lib/pf/node.pm +M lib/pf/services/apache.pm +M lib/pf/web.pm +M lib/pf/web/constants.pm + +commit 0bedbc1dc8e4930ce2d29d91954a27f08fd1bdbb +Author: James Rouzier +Date: Thu Aug 29 21:13:00 2013 -0400 + + Saving work + +A TODO +A lib/pf/Moo/Role/AccessorAttribute.pm +A lib/pf/MooX/AccessorAttribute.pm +A lib/pf/billing/gateway/mirapay.pm + +commit 52d729a8d2cf7cf37ab468e10a0540cd5109381a +Author: James Rouzier +Date: Tue Jul 9 12:52:39 2013 -0400 + + Added generator + +A lib/pf/Moo/Util/Gen.pm + +commit f25180762dff3446269746d4f8506ebc34d1a5b8 +Author: James Rouzier +Date: Tue Jun 18 09:53:47 2013 -0400 + + Updated pod doc + +M lib/pf/Moo/Util.pm + +commit f3ca4cec88bd20638565d11b84d54532bfe69795 +Author: James Rouzier +Date: Mon Jun 17 21:08:26 2013 -0400 + + Added new module for Moo utils functions + +A lib/pf/Moo/Util.pm + +commit 6cbff869ae37bee228fc0d406e45c6b3937870e8 +Author: James Rouzier +Date: Tue Aug 27 10:56:14 2013 -0400 + + Created mira pay response/request objects + +A lib/pf/billing/gateway/mirapay/request.pm +A lib/pf/billing/gateway/mirapay/response.pm + +commit e149fe53336b9f5708b1dd5b9bc590b2b14dcbbd +Author: James Rouzier +Date: Mon Aug 12 13:41:19 2013 -0400 + + Will match against last switch for portal profile + +M lib/pf/Portal/ProfileFactory.pm + +commit 4cc76967ac7774c1105efe36d7c2294c0eba6403 +Author: Francis Lachapelle +Date: Thu Aug 15 14:47:03 2013 -0400 + + Node editor: add access duration + +M html/pfappserver/lib/pfappserver/Form/Node.pm +M html/pfappserver/root/node/view.tt + +commit ef55a71598ec037351fa48ed209918264024007c +Author: Francis Lachapelle +Date: Thu Aug 15 14:38:21 2013 -0400 + + Trigger violation when no more access time + +M conf/violations.conf +A html/captive-portal/templates/violations/expiration.html +M lib/pf/node.pm +M lib/pf/radius.pm +M raddb/packetfence.pm + +commit 9946de393f4e6987481ba31beaa6894606e77e0f +Author: Francis Lachapelle +Date: Tue Aug 13 14:09:04 2013 -0400 + + Fix handling of accounting stop + +M lib/pf/WebAPI.pm +M lib/pf/radius.pm +M raddb/packetfence.pm +M raddb/sites-available/packetfence + +commit 5e0da7b6ebc3181e7b9cd2ab8cb44102963d10c6 +Author: Francis Lachapelle +Date: Tue Aug 6 21:07:51 2013 -0400 + + Initial support for RADIUS accouting stop + +M lib/pf/WebAPI.pm +M lib/pf/radius.pm +M raddb/packetfence.pm + +commit 3d6837a78bd14f4eda12030f55d61e4184c393a4 +Author: James Rouzier +Date: Tue Jul 30 16:14:29 2013 -0400 + + Added wrix templates + +A html/pfappserver/root/configuration/wrix/index.tt +A html/pfappserver/root/configuration/wrix/list.tt +A html/pfappserver/root/configuration/wrix/view.tt + +commit c722bd9af6d5ea1682cacd62a0ba173b7a57d66f +Author: James Rouzier +Date: Tue Jul 30 16:12:23 2013 -0400 + + Wrix Form for displaying WRIX data + +M html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm + +commit d1f3971cc76a717fb948ff11cf0c1a980bed2955 +Author: James Rouzier +Date: Tue Jul 30 11:53:03 2013 -0400 + + Initial wrix controller modules + +A html/pfappserver/lib/pfappserver/Controller/Configuration/Wrix.pm +A html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm +A html/pfappserver/lib/pfappserver/Model/Config/Wrix.pm +A lib/pf/ConfigStore/Wrix.pm + +commit 9919232e0a896094d3cb5b50909f64145ff12051 +Author: James Rouzier +Date: Tue Jul 30 11:36:06 2013 -0400 + + Added wrix config file + +M lib/pf/file_paths.pm + +commit b9b90c10fd51b3e49804d244c31a3673eefcc012 +Author: James Rouzier +Date: Thu Jul 18 14:30:03 2013 -0400 + + Added tab and block for wrix format + +M html/pfappserver/lib/pfappserver/Form/Config/Switch.pm +M html/pfappserver/root/configuration/switch/view.tt + +commit 6d9d4aeae60db0e8e8e06ab39597f1950fb118a6 +Author: James Rouzier +Date: Wed Dec 18 18:16:54 2013 -0500 + + Verify if valid_from is defined + +M lib/pf/temporary_password.pm + +commit f7390c0d5a780cd5affdf349e29c5ecdc1d3bb91 +Author: James Rouzier +Date: Wed Dec 18 16:07:58 2013 -0500 + + SQL to expand person table + +D db/custom/pf-mandatory-fields-per-profile-upgrade.sql +A db/upgrade-4.1.0-4.x.x.sql + +commit 6877c5328ce7295e709f20ffc2704655b6de4607 +Author: James Rouzier +Date: Wed Dec 18 16:07:00 2013 -0500 + + Removed redundant field + +M lib/pf/person.pm + +commit 54947560922adba03f2e58f22a1fe95541cb8df2 +Author: James Rouzier +Date: Fri Nov 1 10:10:59 2013 -0400 + + Added the authorizer configuration to the profile + +M html/pfappserver/lib/pfappserver/Form/Portal/Common.pm +M html/pfappserver/root/static/admin/configuration/portal_profile.js +M lib/pf/ConfigStore/Profile.pm + +commit aa1fdc92e57242591da427739c7d618b3db56fd4 +Author: James Rouzier +Date: Fri Nov 1 10:08:19 2013 -0400 + + The library for loading and creating mdm authorizers + +A lib/pf/mdm.pm + +commit a0521a853d5264826f0ba9a9bb8c550613f25c09 +Author: James Rouzier +Date: Tue Oct 15 17:10:02 2013 -0400 + + Added the symantec authorizer + +A lib/pf/mdm/symantec.pm + +commit 0bee39004759990d34512aa723eefef58955c983 +Author: James Rouzier +Date: Tue Oct 15 17:06:35 2013 -0400 + + Renamed pf::mdm::tem to pf::mdm::ibm + +A lib/pf/mdm/ibm.pm +D lib/pf/mdm/tem.pm + +commit 23dee30744ceabc71e683afc6f5139bd22c42069 +Author: James Rouzier +Date: Tue Oct 15 09:52:16 2013 -0400 + + Fixed messages for MDM entries and added description for entries + +M html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm + +commit 52490fcfcd4a4dd851f0a5ce21e28ace5b672e7d +Author: James Rouzier +Date: Tue Oct 15 09:35:23 2013 -0400 + + Added description for MDM + +M html/pfappserver/root/configstore/mdm/list.tt + +commit 242926f630854e9d553899b66284f136764379eb +Author: James Rouzier +Date: Tue Oct 15 09:25:22 2013 -0400 + + Add the itemsKey to the stash + +M html/pfappserver/lib/pfappserver/Base/Controller/Crud.pm + +commit 32390135db0f9ac4a47542c1de9e297e13299352 +Author: James Rouzier +Date: Tue Oct 15 09:17:54 2013 -0400 + + Refactor removed unused variables make the the call to the create modal more generic + +M html/pfappserver/root/static/admin/configuration/items.js + +commit b5e914f4188e888386ae1d63f7775e729f9892c7 +Author: James Rouzier +Date: Fri Oct 11 13:37:19 2013 -0400 + + The mdm authorizer for tem + +A lib/pf/mdm/tem.pm + +commit bb93b7fa7174cfadecc8fe83b4623f7bce615dcb +Author: James Rouzier +Date: Thu Oct 10 14:24:39 2013 -0400 + + Updated required message and updated incorrect labels + +M html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm + +commit 749c4e40ae44feac6ea17d9d85157fce6ffe72ca +Author: James Rouzier +Date: Thu Oct 10 12:36:35 2013 -0400 + + Fixed updating the mdm table after creating a new entry + +M html/pfappserver/root/configstore/mdm/list.tt +M html/pfappserver/root/static/admin/configuration/items.js + +commit 33b4e67af33e7b0e7db6b8ca04cfe128d9f5abdf +Author: James Rouzier +Date: Wed Oct 9 10:00:14 2013 -0400 + + Added empty mdm.conf + +A conf/mdm.conf + +commit d878b4cae81429333349d8728b64eed1c2f8c1a3 +Author: James Rouzier +Date: Wed Oct 9 09:58:48 2013 -0400 + + Added provisioning tab + +M html/pfappserver/root/portal/profile/files.tt +M html/pfappserver/root/portal/profile/view.tt + +commit b6d3c3cf6eab9f941faf2d15c65afb5565575ea9 +Author: James Rouzier +Date: Wed Oct 9 00:33:45 2013 -0400 + + Added new configurtion page for MDM + +A html/pfappserver/lib/pfappserver/Controller/ConfigStore/Mdm.pm +A html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm +A html/pfappserver/lib/pfappserver/Model/ConfigStore/Mdm.pm +M html/pfappserver/root/admin/configuration.tt +A html/pfappserver/root/configstore/mdm/clone.tt +A html/pfappserver/root/configstore/mdm/create.tt +A html/pfappserver/root/configstore/mdm/index.tt +A html/pfappserver/root/configstore/mdm/list.tt +A html/pfappserver/root/configstore/mdm/view.tt +A html/pfappserver/root/static/admin/configuration/items.js + +commit ab700267a75938c5878a4c6dd8539ac0fb53a726 +Author: James Rouzier +Date: Wed Oct 9 00:29:04 2013 -0400 + + New config store for MDM + +A lib/pf/ConfigStore/Mdm.pm + +commit b13aa9df9c2ff2e6ecac1fe836500019e5916ee2 +Author: James Rouzier +Date: Wed Oct 9 00:28:12 2013 -0400 + + New config file conf/mdm.conf + +M lib/pf/file_paths.pm + +commit 8c1e58d1fe2d0975b68b5077749dc1b5a9d9defa +Author: Francis Lachapelle +Date: Thu Dec 19 09:04:39 2013 -0500 + + Fix nodes simple search by IP address + +M NEWS.asciidoc +M lib/pf/node.pm + +commit db6815407893e3a82a0fe94161e61dfaf23ec3d6 +Author: James Rouzier +Date: Wed Dec 18 15:52:01 2013 -0500 + + Authentication used advanced.pfcmd_*_colors for displaying messages + +M lib/pf/pftest/authentication.pm + +commit 958e5f6745840a80fbe36e061be08a39bf0b31a0 +Author: James Rouzier +Date: Wed Dec 18 15:46:12 2013 -0500 + + Updated new + +M NEWS.asciidoc + +commit c9f58abd6df0fcbe00e38f7cb566ead746aa06f7 +Author: James Rouzier +Date: Wed Dec 18 15:38:50 2013 -0500 + + Added custom colors for pfcmd + +M bin/pfcmd.pl +M conf/documentation.conf +M conf/pf.conf.defaults + +commit c5b336a81026af41c7877bca483161c54019789e +Author: James Rouzier +Date: Wed Dec 18 15:04:38 2013 -0500 + + Updated news + +M NEWS.asciidoc + +commit 7b9d3e83e980bcf8e3b06b8dc7af4028911a35c4 +Author: James Rouzier +Date: Wed Dec 11 10:28:07 2013 -0500 + + New translations for fields + +M conf/locale/en/LC_MESSAGES/packetfence.po + +commit 7fe3a65a21b85239efcebbccbce54df4adbc028d +Author: James Rouzier +Date: Tue Dec 10 17:10:33 2013 -0500 + + Refactored modify person to the _update_person sub + +M html/captive-portal/guest-selfregistration.cgi + +commit 0bcdb7e15b8120c2f876aaed92fca408bd1c9891 +Author: James Rouzier +Date: Tue Dec 10 17:08:47 2013 -0500 + + Added telephone to the exclude hash + +M lib/pf/web/guest.pm + +commit 6defad2a65635f8cf940adf87b962c604991afa6 +Author: James Rouzier +Date: Tue Dec 10 16:19:24 2013 -0500 + + Added field name for mandatory fields + +M html/captive-portal/templates/guest.html +M lib/pf/web/guest.pm + +commit 4c954f1f38ea5bd8264e032f357de62776b49025 +Author: James Rouzier +Date: Tue Dec 10 15:48:02 2013 -0500 + + Add mandatory to session + +M lib/pf/web/guest.pm + +commit 6ec948cc87f498000cef260143acda7e8953b0a7 +Author: James Rouzier +Date: Fri Dec 6 14:30:02 2013 -0500 + + Apply custom database sql when install db + +M html/pfappserver/lib/pfappserver/Model/DB.pm + +commit e0613bf86c65748322530bcc841d4aefd6d3eef4 +Author: James Rouzier +Date: Fri Dec 6 14:23:12 2013 -0500 + + Moved custom db stuff to db/custom + +A db/custom/pf-mandatory-fields-per-profile-upgrade.sql +D db/pf-mandatory-fields-per-profile-upgrade.sql + +commit 8f0ffd9d4dfb8e59e8e8271c052d6dd6f6d90eb1 +Author: James Rouzier +Date: Thu Dec 5 20:48:39 2013 -0500 + + Added the additional manditory fields in the admin + +M html/pfappserver/lib/pfappserver/Form/Portal/Common.pm + +commit 0bac45e23a0fa7879cede9ebc96d0fd860e44a41 +Author: James Rouzier +Date: Thu Dec 5 17:22:45 2013 -0500 + + Added admin role for node/create action + +M html/pfappserver/lib/pfappserver/Controller/Node.pm + +commit 3c9ebef3bbcd1cfdcaaebcfc5bffd7b0886847a8 +Author: James Rouzier +Date: Fri Nov 22 08:16:15 2013 -0500 + + Added new bulk action for opening violations on mulitple users and node + +M html/pfappserver/lib/pfappserver/Controller/Node.pm +M html/pfappserver/lib/pfappserver/Controller/User.pm +A html/pfappserver/root/admin/bulk_actions.inc +M html/pfappserver/root/node/advanced_search.tt +M html/pfappserver/root/node/simple_search.tt +M html/pfappserver/root/static/js/node.js +M html/pfappserver/root/static/js/user.js +M html/pfappserver/root/user/advanced_search.tt +M html/pfappserver/root/user/simple_search.tt + +commit e07a273451c3837fed894128deed76d7d7f22ba3 +Author: James Rouzier +Date: Fri Nov 22 08:14:21 2013 -0500 + + Added methods for bulk actions + +M html/pfappserver/lib/pfappserver/Model/User.pm + +commit 939aa11ff28502133855998ef33f274624d86b2e +Author: James Rouzier +Date: Fri Nov 22 08:13:52 2013 -0500 + + Added method bulkApplyViolation + +M html/pfappserver/lib/pfappserver/Model/Node.pm + +commit 241d69c318e14430d37feee155b6969d289e0e32 +Author: James Rouzier +Date: Fri Nov 22 08:12:05 2013 -0500 + + Added role for bulk actions + +A html/pfappserver/lib/pfappserver/Role/Controller/BulkActions.pm + +commit 15f5cfaf0186d48d3cbdbf188d46bad9790ea7c7 +Author: James Rouzier +Date: Mon Nov 25 14:51:16 2013 -0500 + + Added new fields + +M html/pfappserver/lib/pfappserver/Form/User.pm +M html/pfappserver/root/user/view.tt + +commit 58938ab900eb67864a294dcc7c4a43e7317c23a1 +Author: James Rouzier +Date: Mon Nov 25 14:14:41 2013 -0500 + + Added new fields + +M html/pfappserver/lib/pfappserver/Model/Search/User.pm +M html/pfappserver/root/admin/users.tt +M lib/pf/person.pm + +commit 16109b0a186b95de0627cd408552109d327aaa4a +Author: James Rouzier +Date: Mon Nov 25 14:04:36 2013 -0500 + + Add db upgrade sql + +A db/pf-mandatory-fields-per-profile-upgrade.sql + +commit 9621e7367ba730a0c79196a2cf75820101003cf3 +Author: James Rouzier +Date: Mon Nov 25 13:03:12 2013 -0500 + + Add mandatory fields to the signup page + +M lib/pf/web/guest.pm + +commit 2f533a5fc4859eec4f333f6a95605e0cf7262b3d +Author: James Rouzier +Date: Mon Nov 25 12:52:24 2013 -0500 + + Filter out mandatory fields that were already defined + +M html/captive-portal/templates/guest.html + +commit 603f1ced7ac92dcaa1be2a93b1b4e8ad322baaff +Author: James Rouzier +Date: Mon Nov 25 12:00:47 2013 -0500 + + Added mandatory_fields to allowed parameters for portal profiles + +M lib/pf/pfcmd/checkup.pm + +commit 9e07e8f9c2745efa307d6e653e545c6ad2157a13 +Author: James Rouzier +Date: Fri Nov 22 12:14:59 2013 -0500 + + Refactor to use default as the default section + +M lib/pf/Portal/ProfileFactory.pm + +commit 8a0086a3b9c6a23f91af15794204a611006cd64b +Author: James Rouzier +Date: Fri Nov 22 12:04:15 2013 -0500 + + Automatically expand mandatory_fields, refactored, and made default the default section in the configuration + +M lib/pf/config.pm + +commit b00557a2f1733f7896500e424047f9309e48f5e0 +Author: James Rouzier +Date: Fri Nov 22 11:02:41 2013 -0500 + + Added mandatory_fields to be copied from the default profile + +M lib/pf/Portal/ProfileFactory.pm + +commit ce91f7d9131df3f2f0dcfe40cbf147f15145b8a2 +Author: James Rouzier +Date: Fri Nov 22 10:54:33 2013 -0500 + + Moved mandatory fields from guests_self_registration.mandatory_fields to profiles + +M conf/documentation.conf +M conf/pf.conf.defaults +M conf/profiles.conf +M html/pfappserver/lib/pfappserver/Form/Portal/Common.pm +M html/pfappserver/root/portal/profile/view.tt +M html/pfappserver/root/static/admin/configuration/portal_profile.js +M lib/pf/ConfigStore/Profile.pm +M lib/pf/Portal/Profile.pm +M lib/pf/web/guest.pm + +commit 66139bb516f17c579ae06aadb0a4b445e90aa7e3 +Author: Francis Lachapelle +Date: Tue Dec 17 09:27:19 2013 -0500 + + Fix SQL query of connection types report + +M NEWS.asciidoc +M lib/pf/pfcmd/report.pm + +commit f1dd11654600ca3f8674a84dadd548d07755d3e5 +Author: Francis Lachapelle +Date: Mon Dec 16 13:41:23 2013 -0500 + + Cleanup calls to violation_trigger + +M lib/pf/WebAPI.pm +M lib/pf/scan.pm + +commit 67e26986f437d40a596887c71a270170160a9724 +Author: Francis Lachapelle +Date: Mon Dec 16 13:40:20 2013 -0500 + + Improve NEWS file + +M NEWS.asciidoc + +commit ee09e8abf16971e690a3f30bf12cc55987222284 +Author: James Rouzier +Date: Thu Dec 12 20:04:28 2013 -0500 + + Added the stick bit to the var/run directory + +M addons/packages/packetfence.spec +M debian/rules + +commit 0fdc21433442016512e0b9844f6ff0a091f0dfaa +Author: James Rouzier +Date: Thu Dec 12 17:44:50 2013 -0500 + + Fixed the mask of the pid file for snort so it could be read httpd.admin + +M lib/pf/services/manager/snort.pm + +commit abf41e2dfd8a545345dd4970f3c19ae83b5c70af +Author: James Rouzier +Date: Thu Dec 12 14:46:18 2013 -0500 + + Fix the configuration generation and the pid file + +M lib/pf/services/manager/snort.pm + +commit 51952f445c987fe064b1f2cc8f42e832eb6ddbd9 +Author: James Rouzier +Date: Thu Dec 12 13:52:58 2013 -0500 + + Log the command line used to launch the service + +M lib/pf/services/manager.pm + +commit 19d2ab36cd024caaa1421e2dfae16bcdddb9fd49 +Author: James Rouzier +Date: Thu Dec 12 12:26:08 2013 -0500 + + Fixed issue with snort and suricata not starting + +M lib/pf/services/manager/snort.pm +M lib/pf/services/manager/suricata.pm + +commit 7f6ca7b11a577ca8264cc2cb6ebfc82364d33170 +Author: Francis Lachapelle +Date: Thu Dec 12 12:06:39 2013 -0500 + + violation_trigger: remove argument no longer used + +M lib/pf/violation.pm + +commit 1b87e100dcb2f285d4940ab7de0f1299722a07c5 +Author: Durand Fabrice +Date: Thu Dec 12 09:39:21 2013 -0500 + + Fix bad syntax of getIfIndexByNasPortId in cisco 2950 switch module + +M lib/pf/SNMP/Cisco/Catalyst_2950.pm + +commit 852699a8ea0d60e13fea8f707b51e33d4943ae6c +Author: Francis Lachapelle +Date: Wed Dec 11 14:20:31 2013 -0500 + + Cleanup + +M debian/packetfence.init + +commit 53bd99cb11bb531d489552d3480a7ac2fda9d5d5 +Author: Francis Lachapelle +Date: Wed Dec 11 14:20:03 2013 -0500 + + Update ChangeLog + +M ChangeLog + commit a0d35eb98e6f495ea606e75e652ed9dda51bd2d8 Author: Francis Lachapelle Date: Wed Dec 11 14:03:39 2013 -0500 @@ -2571,6 +12764,15 @@ M html/pfappserver/root/portal/profile/edit.tt M html/pfappserver/root/portal/profile/files.tt M html/pfappserver/root/portal/profile/view.tt +commit 1159a3b25c3d3959a8b8f350b651d5744ca25ab4 +Author: Louis Munro +Date: Wed Oct 2 00:20:33 2013 -0400 + + Rewrote alias methods to point the typeglob to a sub reference instead; + Cleaner and more efficient. + +M lib/pf/MAC.pm + commit 4a05b223b3e4eb05e99be2a2033f72ec5d7ab6f6 Author: James Rouzier Date: Tue Oct 1 10:24:55 2013 -0400 @@ -2580,6 +12782,42 @@ Date: Tue Oct 1 10:24:55 2013 -0400 M html/captive-portal/register.cgi M lib/pf/Authentication/Source/NullSource.pm +commit 8df37dba0300181766d0dab54ed64e91fd8e76d7 +Author: Louis Munro +Date: Mon Sep 30 23:35:12 2013 -0400 + + Added an as_acct method. + +M lib/pf/MAC.pm +M t/MAC.t + +commit 9012d70cbd544bafa010c14d9dbdbbb262c688f6 +Author: Louis Munro +Date: Mon Sep 30 22:56:30 2013 -0400 + + Added copyright. + +M lib/pf/MAC.pm + +commit df4a7b431d0cb806dbc5f12a3918c9297c88ef74 +Author: Louis Munro +Date: Mon Sep 30 19:26:22 2013 -0400 + + First "complete version". + For your consideration. + +M lib/pf/MAC.pm +M t/MAC.t + +commit 6e405ab5b8c529b557fa8a7074d6293ec4005732 +Author: Louis Munro +Date: Mon Sep 30 18:48:04 2013 -0400 + + Added methods for macoui2nb and mac2nb. + +M lib/pf/MAC.pm +M t/MAC.t + commit 679fb8ff61fb1ef774bc94079c8253a2469b1881 Author: James Rouzier Date: Mon Sep 30 17:37:35 2013 -0400 @@ -2786,6 +13024,55 @@ M html/pfappserver/lib/pfappserver/Model/MacAddress.pm M html/pfappserver/root/node/violations.tt M lib/pf/temporary_password.pm +commit f013f20b43d1a90bcbd6c1c31f0995d57a6e08e4 +Author: Louis Munro +Date: Mon Sep 30 01:31:03 2013 -0400 + + Added get_dec_oui and get_oui with their tests. + +M lib/pf/MAC.pm +M t/MAC.t + +commit b57de5456c244df944c29459eb4bec38038e8232 +Author: Louis Munro +Date: Mon Sep 30 01:08:01 2013 -0400 + + Fixed get_hex_stripped so that it does not modify the object. + +M lib/pf/MAC.pm + +commit fc0c4e391c4c4e4f683955cbe010ff2e6b565508 +Author: Louis Munro +Date: Mon Sep 30 00:57:07 2013 -0400 + + Added more methods: + + get_stripped(), + get_dec_stripped(). + +M lib/pf/MAC.pm +M t/MAC.t + +commit 4759fb92ca1cdb9d8f083116e707bf4c16f88daa +Author: Louis Munro +Date: Sun Sep 29 23:59:09 2013 -0400 + + Added a number of methods and tests. + +M lib/pf/MAC.pm +M t/MAC.t + +commit cd98fb7a558767a9db30148ec2214866aff43aa6 +Author: Louis Munro +Date: Sun Sep 29 20:33:56 2013 -0400 + + Initial commit of pf::MAC as inherited form Net::MAC. + Added a few basic unit tests just to make sure it behaved the way I + expected it. + +M lib/pf/MAC.pm +A t/MAC.t + commit 0fb83052ee0a437eb144ba0756c78bb540a63164 Author: James Rouzier Date: Fri Sep 27 12:13:38 2013 -0400 @@ -3229,6 +13516,31 @@ Date: Sat Sep 14 11:26:41 2013 -0400 M conf/documentation.conf +commit 70cfdfb35f3fff8de3d0cde7a066f16521f8d86c +Author: Francis Lachapelle +Date: Fri Sep 13 15:45:53 2013 -0400 + + Bump to version 4.0.6-2 + +M ChangeLog +M conf/pf-release + +commit a3c2883387557bc63bb2d714b98e95ca53fbfab1 +Author: Francis Lachapelle +Date: Fri Sep 13 15:20:42 2013 -0400 + + Update NEWS file + +M NEWS.asciidoc + +commit cb2bb1aabe7e7fc3b5ab07cff43c55517a0f29e2 +Author: James Rouzier +Date: Wed Sep 11 15:25:57 2013 -0400 + + Clear an object internally when retreiving directly from chi + +M lib/pf/config/cached.pm + commit 242556558ab3cf81138ed8d3dd68cb44f576ad3d Author: James Rouzier Date: Fri Sep 13 13:58:42 2013 -0400 @@ -3247,6 +13559,14 @@ M docs/PacketFence_Administration_Guide.asciidoc M html/pfappserver/root/admin/configuration.tt M html/pfappserver/root/portal/profile/index.tt +commit 578d1dfd764ea5fc0929fc522e0b9c040d23ebff +Author: James Rouzier +Date: Wed Sep 11 18:22:30 2013 -0400 + + Removed the localization of lib/pf/authentication.pm in first filter + +M lib/pf/authentication.pm + commit c553cb76061263fd163085d47ab009e079c8c1c8 Author: Francis Lachapelle Date: Fri Sep 13 11:06:34 2013 -0400 @@ -3466,6 +13786,24 @@ Date: Wed Sep 11 09:42:37 2013 -0400 M lib/pf/services.pm +commit 6d1d6a8131a05e6a1b05b14978c54180af5786b8 +Author: James Rouzier +Date: Mon Sep 9 22:09:37 2013 -0400 + + Fixed issues with services not stopping + +M lib/pf/services.pm + +commit 3398a7cf1be72d14031ad1e8e0971f866eb11ff3 +Author: Jean Raby +Date: Mon Sep 9 12:51:12 2013 -0400 + + Remove dep on libterm-ansicolor-perl. + + This package doesn't exist. Term::ANSIColor is a core module. + +M debian/control + commit ad1bad3e105badbd3dc3858ea2700e8585b5f654 Author: James Rouzier Date: Mon Sep 9 22:09:37 2013 -0400 @@ -5122,6 +15460,15 @@ A lib/pf/proxypassthrough/constant.pm M lib/pf/web/dispatcher.pm M sbin/pfdns +commit a6a51220baa2fd7c41ccc57239686a94ba86b9aa +Author: Louis Munro +Date: Mon Aug 5 17:09:46 2013 -0400 + + Added a MAC class. + This is just a placeholder at the moment. + +A lib/pf/MAC.pm + commit bad814e204c5ac22df7894b5c714119cf6eea529 Author: James Rouzier Date: Tue Aug 6 15:24:03 2013 -0400 @@ -9707,14 +20054,6 @@ Date: Thu May 9 11:16:18 2013 -0400 M docs/PacketFence_Administration_Guide.asciidoc -commit 25cff5a8a588cc329b5639e94ba368fc208b0f29 -Author: James Rouzier -Date: Wed May 8 14:46:21 2013 -0400 - - Refactored the alerting functionality - -M html/pfappserver/root/static/app/application.js - commit 2e4c5e07c771a22d88bafe0c2883bf8f2f90cc36 Author: Francis Lachapelle Date: Wed May 8 15:11:35 2013 -0400 @@ -9740,6 +20079,14 @@ M lib/pf/temporary_password.pm M lib/pf/vlan.pm M lib/pf/web/guest.pm +commit 25cff5a8a588cc329b5639e94ba368fc208b0f29 +Author: James Rouzier +Date: Wed May 8 14:46:21 2013 -0400 + + Refactored the alerting functionality + +M html/pfappserver/root/static/app/application.js + commit e13611ec5084cf9132b2bbc6374c2f8e0029b0e9 Author: James Rouzier Date: Wed May 8 13:55:08 2013 -0400 @@ -22870,6 +33217,23 @@ Date: Mon Jan 21 14:30:29 2013 -0500 M NEWS M conf/pf-release +commit 11acb8b4d1728b8e09546a01ac234ecff18e0c9c +Author: Derek Wuelfrath +Date: Mon Jan 21 14:21:32 2013 -0500 + + Fixing #1624 + +M NEWS +M db/upgrade-3.5.0-3.6.1.sql + +commit 617100b7e3a122947d8dae56310f5f0f8cd7c001 +Author: Durand Fabrice +Date: Wed Jan 16 14:04:58 2013 -0500 + + Fix floating device disablePortSecurity when the port is in PortSecurity with voip + +M lib/pf/SNMP/Cisco/Catalyst_2950.pm + commit 140fa1907825099affbd2ec4e56fdfa92846df76 Author: Durand Fabrice Date: Wed Jan 16 14:01:50 2013 -0500 @@ -22878,6 +33242,23 @@ Date: Wed Jan 16 14:01:50 2013 -0500 M lib/pf/SNMP/Cisco/Catalyst_2950.pm +commit b428ad0befe689255be16a4018dec9626e453c88 +Author: Durand Fabrice +Date: Thu Jan 10 18:31:29 2013 -0500 + + Fix http://packetfence.org/bugs/view.php?id=1621 + +M lib/pf/SNMP/Cisco/WLC.pm +M lib/pf/SNMP/Cisco/WLC_2100.pm + +commit 0098181073d9daa5120d8fbb4b987e7f9ef19a3a +Author: Derek Wuelfrath +Date: Thu Jan 10 17:13:12 2013 -0500 + + Typo in debian changelog + +M debian/changelog + commit 34e78745049204c0bfca2d883a643e525e42de9e Author: Derek Wuelfrath Date: Thu Jan 10 11:49:18 2013 -0500 @@ -22987,6 +33368,14 @@ M html/admin/configuration/networks_add.php M html/admin/configuration/networks_edit.php M lib/pf/pfcmd/pfcmd.pm +commit 9898d4b1d8d774a1fe767506d03d1e2a40a32de0 +Author: unknown +Date: Fri Jan 4 13:19:42 2013 -0500 + + epel-release is now 6.8 + +M docs/PacketFence_Administration_Guide.asciidoc + commit 09ad2f0a81717b0692c6f173e04dded35c7ac221 Author: Durand Fabrice Date: Fri Jan 4 12:15:17 2013 -0500 @@ -23182,6 +33571,22 @@ M conf/httpd.conf.d/captive-portal-cleanurls.conf M lib/pf/email_activation.pm M lib/pf/web/constants.pm +commit 5ff453398b6599086053a91a719b4c8daba46739 +Author: jan-w +Date: Wed Dec 19 17:35:36 2012 +0100 + + Fixed some typos + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 2a16eee853b64294e4258ff7f410885b3f0aa9e4 +Author: Durand Fabrice +Date: Tue Dec 18 08:07:41 2012 -0500 + + Logrotate fix + +M addons/logrotate + commit 01af05f686470b0521a86f4bdc672dbe5d56b440 Author: James Rouzier Date: Mon Dec 17 17:59:34 2012 -0500 @@ -23224,6 +33629,14 @@ Date: Thu Dec 13 09:50:51 2012 -0500 M lib/pf/web.pm +commit ecee8c11fa19a3d224b3b30efd1ebfa9fff4b865 +Author: Durand Fabrice +Date: Fri Dec 7 10:39:41 2012 -0500 + + Added alernative between snort and suricata + +M debian/control + commit 3ee7bdd96a1b01d2e6089f94d57009a7d379552d Author: Derek Wuelfrath Date: Thu Dec 6 15:54:44 2012 -0500 @@ -23278,6 +33691,16 @@ M conf/httpd.conf.d/captive-portal-cleanurls.conf M lib/pf/services/apache.pm M lib/pf/web/constants.pm +commit 480663772a400fe61e79c7f007245fc09ad6a3db +Author: Derek Wuelfrath +Date: Mon Nov 12 10:54:52 2012 -0500 + + Fixing #1602 + +M conf/httpd.conf.d/captive-portal-cleanurls.conf +M lib/pf/services/apache.pm +M lib/pf/web/constants.pm + commit daefdc9b0fb441dfad2cd1ca03445b44e94799cc Author: Francois Gaudreault Date: Thu Nov 8 11:21:46 2012 -0500 @@ -23286,6 +33709,31 @@ Date: Thu Nov 8 11:21:46 2012 -0500 M debian/control +commit f49eaa6a1e6f12a4ab7c1ed699d3b660c5dc2b5f +Author: Durand Fabrice +Date: Mon Nov 5 13:57:41 2012 -0500 + + Revert from previous commit + +M lib/pf/web.pm + +commit 52bd096429fc29fa0f0658189e5cb833022993f6 +Author: Durand Fabrice +Date: Mon Nov 5 10:50:26 2012 -0500 + + Fix do_not_deauth param + +M lib/pf/web.pm + +commit 32b088e8b24e10f3d3c8205412235e638fb9cb33 +Author: Durand Fabrice +Date: Mon Nov 5 10:39:11 2012 -0500 + + Portal Profile fix (#1595) + +M NEWS +M lib/pf/Portal/ProfileFactory.pm + commit ba8b0b39bca52c5745b97b34081f02dbd1e11016 Author: Francois Gaudreault Date: Wed Oct 31 11:04:49 2012 -0400 diff --git a/Makefile b/Makefile index 0f1e54b8a495..12014e201490 100644 --- a/Makefile +++ b/Makefile @@ -16,3 +16,80 @@ doc-developers-pdf: doc-networkdevices-pdf: asciidoc -a docinfo2 -b docbook -d book -d book -o docs/docbook/PacketFence_Network_Devices_Configuration.docbook docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc; fop -c docs/fonts/fop-config.xml -xsl docs/docbook/xsl/packetfence-fo.xsl -xml docs/docbook/PacketFence_Network_Devices_Configuration.docbook -pdf docs/PacketFence_Network_Devices_Configuration.pdf + +.PHONY: configurations + +configurations: + find -type f -name '*.example' -print0 | while read -d $$'\0' file; do cp -n $$file "$$(dirname $$file)/$$(basename $$file .example)"; done + +.PHONY: ssl-certs + +conf/ssl/server.crt: + openssl req -x509 -new -nodes -days 365 -batch\ + -out /usr/local/pf/conf/ssl/server.crt\ + -keyout /usr/local/pf/conf/ssl/server.key\ + -nodes -config /usr/local/pf/conf/openssl.cnf + +bin/pfcmd: src/pfcmd + cp src/pfcmd bin/pfcmd + +.PHONY:sudo + +sudo: + if (grep "^Defaults.*requiretty" /etc/sudoers > /dev/null ) ;\ + then sed -i 's/^Defaults.*requiretty/#Defaults requiretty/g' /etc/sudoers;\ + fi + if (grep "^pf ALL=NOPASSWD:.*/sbin/iptables.*/usr/sbin/ipset" /etc/sudoers > /dev/null ) ;\ + then sed -i 's/^\(pf ALL=NOPASSWD:.*\/sbin\/iptables.*\/usr\/sbin\/ipset\)/#\1/g' /etc/sudoers;\ + fi + if ! (grep "^pf ALL=NOPASSWD:.*/sbin/iptables.*/usr/sbin/ipset.*/sbin/ip.*/sbin/vconfig.*/sbin/route.*/sbin/service.*/usr/bin/tee.*/usr/local/pf/sbin/pfdhcplistener.*/bin/kill.*/usr/sbin/dhcpd.*/usr/sbin/radiusd.*/usr/sbin/snort.*/usr/sbin/suricata" /etc/sudoers > /dev/null ) ; then\ + echo "pf ALL=NOPASSWD: /sbin/iptables, /usr/sbin/ipset, /sbin/ip, /sbin/vconfig, /sbin/route, /sbin/service, /usr/bin/tee, /usr/local/pf/sbin/pfdhcplistener, /bin/kill, /usr/sbin/dhcpd, /usr/sbin/radiusd, /usr/sbin/snort, /usr/bin/suricata" >> /etc/sudoers;\ + fi + if ! ( grep '^Defaults:pf.*!requiretty' /etc/sudoers > /dev/null ) ; then\ + echo 'Defaults:pf !requiretty' >> /etc/sudoers;\ + fi + +.PHONY:permissions + +permissions: + ./bin/pfcmd fixpermissions + +raddb/certs/dh: + cd raddb/certs; make dh + +lib/pf/pfcmd/pfcmd_pregrammar.pm: + /usr/bin/perl -Ilib -MParse::RecDescent -Mpf::pfcmd::pfcmd -w -e 'Parse::RecDescent->Precompile($$grammar, "pfcmd_pregrammar");' + mv pfcmd_pregrammar.pm lib/pf/pfcmd/ + +.PHONY: raddb-sites-enabled + +raddb/sites-enabled: + mkdir raddb/sites-enabled + cd raddb/sites-enabled;\ + for f in control-socket default inner-tunnel packetfence packetfence-soh packetfence-tunnel dynamic-clients;\ + do ln -s ../sites-available/$$f $$f;\ + done + +.PHONY: translation + +translation: + for TRANSLATION in de en es fr he_IL it nl pl_PL pt_BR; do\ + /usr/bin/msgfmt conf/locale/$$TRANSLATION/LC_MESSAGES/packetfence.po\ + --output-file conf/locale/$$TRANSLATION/LC_MESSAGES/packetfence.mo;\ + done + +.PHONY: mysql-schema + +mysql-schema: + if [ ! -f "/usr/local/pf/db/pf-schema.sql" ]; then\ + cd /usr/local/pf/db;\ + VERSIONSQL=$$(ls pf-schema-* |sort -r | head -1);\ + ln -s $$VERSIONSQL ./pf-schema.sql;\ + fi + +.PHONY: chown_pf + +chown_pf: + chown -R pf:pf * + +devel: configurations conf/ssl/server.crt bin/pfcmd raddb/certs/dh sudo lib/pf/pfcmd/pfcmd_pregrammar.pm translation mysql-schema raddb/sites-enabled chown_pf permissions diff --git a/NEWS.asciidoc b/NEWS.asciidoc index b9e94f3cf2de..8c98fd201b13 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -11,22 +11,100 @@ This is a list of noteworthy changes across releases. For more details and developer visible changes see the ChangeLog file. For a list of compatibility related changes see the UPGRADE.asciidoc file. +Version 4.2.0 released on 2014-05-06 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +New Features +++++++++++++ + +* New 'Apply violation' bulk action +* The same bulk actions for nodes are now available for users +* New WRIX data management +* Added PacketFence provisioning agent for Android +* Support Hotspot for Cisco WLC and Aruba IAP +* Support for Huawei AC6605 wireless controller +* Support for Enterasys V2110 wireless controller +* Support for Juniper EX2200 and EX4200 switches +* Inline layer 3 support +* New pfbandwidthd daemon for inline layer 3 accounting +* New violation type based on time usage from RADIUS accounting information +* New violation type based on bandwidth usage from pfbandwidthd information +* New Mirapay online payment as a billing option +* Billing tiers can now be defined with a real usage duration (instead of simply a timeout) +* Billing: A confirmation email is sent when purchasing a tier +* New status page with options to extend the network access (when billing is enabled with access duration) + and to unregister any node associated to the current user +* Integration of mod_qos in the Apache configuration of the captive portal +* New pfcmd "cache" command +* New pfcmd "configreload" command + +Enhancements +++++++++++++ + +* Mandatory fields during registration are now configured per portal profile +* Expanded fields for person field +* Allow pfcmd error/warning/success messages colors to be configurable +* Allow rules on username for null authentication sources +* Landing page of Web admin interface now depends on the user's access rights +* Reevaluate access when changing the role of multiple nodes (#1757) +* Each portal profile can now use its own set of locales +* Added a new URI filter for portal profiles +* Switches configuration page is now paginated +* LLDP support for 3Com 4000 Series +* Multiple DNS server in the network configuration +* Allow alias interface as captive portal +* MAC Authentication support for Enterasys D2 switch +* Added support for JSON-RPC and msgpack RPC over HTTP for webservices +* Made msgpack the default RPC for RADIUS +* Improved performance of webservices by preloading Perl modules +* Regexp filter for LDAP source is now case-insensitive +* Improved maintenance database script +* Preserve and restore the URL fragment when the web session expires in Web admin (#1780) +* Logging is now separated and configurable for each service +* Added missing 'redirect_url' paramater when editing a violation in the Web admin +* Complete rewrite of captive portal as a Catalyst application +* Added a section documenting eduroam support to the Admin guide +* Controller IP address can be determined dynamically +* Added a file backing for the cache to decrease cache misses +* Allow advanced search of nodes by OS type (#1790) +* The PF RPC client can be configured in the conf/radiusd/radiusd.conf +* Added PacketFence RADIUS dictionary + +Bug Fixes ++++++++++ + +* Fixed retrieval of ifIndex in Cisco Catalyst 2950 module +* Fixed Snort and Suricata services management +* Fixed issue when saving a users search in Web admin +* Fixed JavaScript error with IE8 on Web admin users page +* Fixed Web admin access restrictions for users and nodes creation +* Fixed SQL query of connection types report in Web admin +* Fixed blank page with WISPr on OS X +* Fixed nodes simple search by IP address +* Fixed access reevaluation when changing the status of a pending node +* Fixed network access for users with no "set role" action (#1778) +* Fixed conversion of wildcards to regular expressions in domains passthroughs +* Fixed display of last IP address of nodes when end_time is in the future +* Fixed XSS issues in Web admin +* Fixed extractSsid for Cisco Aironet and Cisco Aironet WDS + Version 4.1.0 released on 2013-12-11 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ New Features ++++++++++++ -* Portal profiles can be filtered by switches -* Proxy interception -* New pfcmd command fixpermissions -* Added a "Null" authenication source +* Portal profiles can now be filtered by switches +* Proxy interception support +* New pfcmd "fixpermissions" command +* Added a "Null" authentication source for simple "Click to connect" portals * Displayed columns of nodes are now customizable -* Create a single node or import multiple nodes from a CSV file from the Web admin +* Create a single node or import multiple nodes from a CSV file from the Web admin interface * LDAP authentication sources can now filter by group membership using a second LDAP query * Extended definition of access durations -* FreeRADIUS does not need to be restarted after adding a switch -* New customizable ACLs for Web admin interface +* FreeRADIUS no longer needs to be restarted after adding a switch +* New customizable ACLs for the Web admin interface +* Force10 switches support Enhancements ++++++++++++ diff --git a/NEWS.old b/NEWS.old index 089c6727dd18..6fa2b33638e6 100644 --- a/NEWS.old +++ b/NEWS.old @@ -12,12 +12,6 @@ This is a list of noteworthy changes across releases. For more details and developer visible changes see the ChangeLog file. For a list of compatibility related changes see the UPGRADE file. --------------------------------------------------------------------------------- -Version released on - -Bug Fixes - * Modified the SQL upgrade script from 3.5.0 to 3.6.1 (#1624) - -------------------------------------------------------------------------------- Version 3.6.1 released on 2013-01-10 diff --git a/README b/README index de6efda044c2..4cba23592ad2 100644 --- a/README +++ b/README @@ -1,6 +1,6 @@ PacketFence - Open Source Network Access Control (NAC) + Free and Open Source Network Access Control (NAC) Licensed under the GNU General Public License v2. What is PacketFence? @@ -35,7 +35,7 @@ More Information ---------------- - Noteworthy changes since the last release see the NEWS file. + Noteworthy changes since the last release see the NEWS.asciidoc file. Upgrading? See the UPGRADE.asciidoc file. diff --git a/README.network-devices b/README.network-devices index 14561bad3112..6a0ce2380760 100644 --- a/README.network-devices +++ b/README.network-devices @@ -1,365 +1,5 @@ -================ -Wireless support -================ +Please refer to http://www.packetfence.org/about/supported_switches_and_aps.html for +the latest list of supported equipment. -There are two approaches to wireless networks. One where a controller handles -the Access Points (AP) and one where AP act individually. PacketFence supports -both approaches. - -Wireless controllers --------------------- - -When using a controller, it does not matter to PacketFence what individual AP -are supported or not. As long as the AP itself is supported by your controller -and that your controller is supported by PacketFence it will work fine. - -Packetfence supports the following wireless controllers: -- AeroHIVE AP Series -- Aruba Networks (200, 600 Series, 800, 2400, 3000 Series, 6000) -- Avaya Wireless Controllers -- Brocade RF Switches (Controllers) -- Cisco Wireless Services Module (WiSM, WiSM2) -- Cisco WLC (2100, 2500, 4400, 5500) -- Dlink DWS 3026 -- Extricom EXSW Wireless Switches (Controllers) -- HP ProCurve MSM710 Mobility Controller -- Meru Networks Wireless controllers -- Motorola RF Switches (Controllers) -- Ruckus Wireless Controllers -- Trapeze Wireless Controllers -- Xirrus WiFi Arrays - -Access points -------------- - -Some Access Points behave the same if they are attached to a controller or not. -Because of that you might want to try a controller module if a controller from -the same vendor is supported in the list above. - -Packetfence supports the following access points: -- AeroHIVE AP Series -- Belair Networks AP -- Cisco 1130AG -- Cisco 1240AG -- Cisco 1250 -- Cisco Aironet in WDS mode -- Dlink DWL Access Points -- HP ProCurve -- Xirrus WiFi Arrays - -Wireless hardware not on the list? ----------------------------------- - -Eventhough this list is small, PacketFence may support many other access points -as long as they have the following features: -- Definition of several SSID with several VLANs inside every SSID (minimum - of 2 VLANs per SSID) -- RADIUS authentication (MAC Authentication / 802.1X) -- Dynamic VLAN assignment through RADIUS attributes -- A means to de-associate or de-authenticate a client through CLI (Telnet or - SSH), SNMP, RADIUS Dyn-Auth* or WebServices - -Most of these features work out of the box for enterprise grade Access Points -or Controllers. Where the situation starts to vary is for de-authentication -support. - -- CLI (SSH or Telnet) -An error prone interface and requires preparation for the SSH access or is -insecure for Telnet. Not recommended if you can avoid it. - -- SNMP -SNMP de-authentication works well when available. However Vendor support is -not consistent and the OID to use are not standard. - -- RADIUS Dynamic Authorization (RFC3576) -RADIUS Dynamic Authorization also known as RADIUS Change of Authorization (CoA) -or RADIUS Disconnect Messages is supported by PacketFence starting with version 3.1. -When supported it is the preferred technique to perform de-authentication. -It is standard and requires less configuration from the user. - -Wireless deauthentication support ---------------------------------- - - | SSH / | | | - | Telnet | SNMP | RADIUS* | ------------------------------|----------|----------|----------| -AeroHIVE AP | xx | -- | XX | ------------------------------|----------|----------|----------| -Aruba | xx | -- | XX | ------------------------------|----------|----------|----------| -Avaya WC | -- | XX | -- | ------------------------------|----------|----------|----------| -Belair Networks | -- | -- | XX | ------------------------------|----------|----------|----------| -Brocade RF Switches | -- | xx | XX | ------------------------------|----------|----------|----------| -Cisco Aironet | XX | -- | -- | ------------------------------|----------|----------|----------| -Cisco Aironet (WDS) | -- | -- | XX | ------------------------------|----------|----------|----------| -Cisco WiSM | -- | xx | XX | ------------------------------|----------|----------|----------| -Cisco WiSM2 | -- | xx | XX | ------------------------------|----------|----------|----------| -Cisco WLC 2100 Series | xx | -- | XX | ------------------------------|----------|----------|----------| -Cisco WLC 2500 Series | -- | xx | XX | ------------------------------|----------|----------|----------| -Cisco WLC 4400 Series | -- | xx | XX | ------------------------------|----------|----------|----------| -Cisco WLC 5500 Series | -- | xx | XX | ------------------------------|----------|----------|----------| -Dlink DWL | -- | XX | -- | ------------------------------|----------|----------|----------| -Dlink DWS | -- | XX | -- | ------------------------------|----------|----------|----------| -Extricom EXSW | -- | XX | -- | ------------------------------|----------|----------|----------| -HP ProCurve MSM | -- | XX | -- | ------------------------------|----------|----------|----------| -Meru Networks | XX | -- | -- | ------------------------------|----------|----------|----------| -Motorola RF Switches | -- | xx | XX | ------------------------------|----------|----------|----------| -Ruckus Wireless controllers | -- | -- | XX | ------------------------------|----------|----------|----------| -Trapeze Wireless controllers | XX | -- | -- | ------------------------------|----------|----------|----------| -Xirrus WiFi Arrays | -- | XX | -- | ------------------------------|----------|----------|----------| - -X: Supported and in use -x: supported, disabled by default -*: RADIUS Dynamic Authorization (RFC 3576) Change of Authorization (CoA) or - Disconnect-Messages (DM aka PoD) - - -======== -Switches -======== - -Currently, PacketFence supports the following switches: - - - | /-------- SNMP --------\ | /-- RADIUS --\ | - | Link Up | MAC | Port | | | - | Down | Notif. | Security | MAC Auth | 802.1X | ------------------------------|----------|----------|----------|----------|--------| -3COM E4800G | XX | -- | ?? | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -3COM E5500G | XX | -- | ?? | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -3COM NJ220 | XX | -- | -- | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -3COM SS4200 | XX | -- | -- | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -3COM SS4500 | XX | -- | ?? | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -3COM Switch 4200G | XX | -- | -- | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -Accton ES3526XA | XX | -- | -- | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -Accton ES3528M | XX | -- | -- | -- | ?? | ------------------------------|----------|----------|----------|----------|--------| -Allied Telesis AT8000GS | -- | -- | -- | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -Amer SS2R24i | XX | -- | -- | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -Avaya (see Nortel) | XX | -- | XX | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -Brocade 6400 Series | -- | -- | -- | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -Cisco 2900XL Series | XX | XX | -- | ?? | ?? | ------------------------------|----------|----------|----------|----------|--------| -Cisco 2950 | XX | XX | XX | -- | XX | ------------------------------|----------|----------|----------|----------|--------| -Cisco 2960/2970 | XX | XX | XX | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -Cisco 3500XL Series | XX | XX | XX | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -Cisco 3550 | XX | XX | XX | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -Cisco 3560 | XX | XX | XX | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -Cisco 3750 | XX | XX | XX | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -Cisco 4500 Series | XX | XX | XX | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -Cisco 6500 Series | ?? | ?? | XX | ?? | ?? | ------------------------------|----------|----------|----------|----------|--------| -Cisco ISR 1800 Series | XX | -- | -- | ?? | ?? | ------------------------------|----------|----------|----------|----------|--------| -Dell PowerConnect 3424 | XX | -- | -- | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -Dlink DES3526 | XX | XX | -- | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -Dlink DES3550 | XX | XX | -- | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -Dlink DGS3100 | -- | -- | -- | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -Dlink DGS3200 | -- | -- | -- | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -Enterasys D2 | XX | -- | XX | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -Enterasys Matrix N3 | XX | -- | XX | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -Enterasys SecureStack C2 | XX | -- | XX | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -Enterasys SecureStack C3 | XX | -- | XX | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -ExtremeNetworks Summit | XX | -- | XX | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -Foundry FastIron 4802 | XX | -- | XX | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -H3C S5120 | -- | -- | -- | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -HP E4800G | XX | -- | ?? | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -HP E5500G | XX | -- | ?? | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -HP ProCurve 2500 Series | XX | -- | XX | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -HP ProCurve 2600 Series | XX | -- | XX | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -HP ProCurve 3400cl Series | XX | -- | XX | ?? | ?? | ------------------------------|----------|----------|----------|----------|--------| -HP ProCurve 4100 Series | XX | -- | XX | ?? | ?? | ------------------------------|----------|----------|----------|----------|--------| -HP ProCurve 5300 Series | XX | -- | XX | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -HP ProCurve 5400 Series | XX | -- | XX | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -Intel Express 460 | XX | -- | -- | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -Intel Express 530 | XX | -- | -- | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -Juniper EX Series | -- | -- | -- | XX | -- | ------------------------------|----------|----------|----------|----------|--------| -LG-Ericsson iPECS ES-4500G | XX | -- | XX | XX | XX | ------------------------------|----------|----------|----------|----------|--------| -Linksys SRW224G4 | XX | -- | -- | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -Netgear FSM726v1 | -- | -- | XX | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -Netgear GS110 | XX | -- | -- | -- | ?? | ------------------------------|----------|----------|----------|----------|--------| -Nortel BayStack 470 | XX | -- | XX | ?? | XX | ------------------------------|----------|----------|----------|----------|--------| -Nortel BayStack 4550 | XX | -- | XX | ?? | XX | ------------------------------|----------|----------|----------|----------|--------| -Nortel BayStack 5500 Series | XX | -- | XX | ?? | XX | ------------------------------|----------|----------|----------|----------|--------| -Nortel ERS 2500 Series | XX | -- | XX | ?? | XX | ------------------------------|----------|----------|----------|----------|--------| -Nortel ERS 4000 Series | XX | -- | XX | ?? | XX | ------------------------------|----------|----------|----------|----------|--------| -Nortel ERS 5000 Series | XX | -- | XX | ?? | XX | ------------------------------|----------|----------|----------|----------|--------| -Nortel ES325 | XX | -- | XX | ?? | XX | ------------------------------|----------|----------|----------|----------|--------| -Nortel BPS2000 | XX | -- | XX | ?? | XX | ------------------------------|----------|----------|----------|----------|--------| -SMC TS6128L2 | XX | -- | XX | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -SMC TS6224M | XX | -- | ?? | -- | -- | ------------------------------|----------|----------|----------|----------|--------| -SMC SMC8824M - SMC8848M | XX | -- | XX | -- | -- | ------------------------------|----------|----------|----------|----------|--------| - -LinkUp/Down traps ------------------ - -- the switch sends a LinkUp trap when the port ifOperStatus is set to 1 -- the switch sends a LinkDown trap when the port ifOperStatus is set to 0 - -This is the most basic setup and it needs a VLAN called the MAC detection VLAN. -There should be nothing in this VLAN (no DHCP server) and it should not be -routed anywhere, it is just an empty VLAN. - -When a host connects to a switch port, the switch sends a LinkUp trap to -PacketFence. Since it takes some time before the switch learns the MAC address -of the newly connected device, PacketFence immediately puts the port in the MAC -detection VLAN in which the device will send DHCP requests (with no answer) in -order for the switch to learn its MAC address. Then pfsetvlan will send -periodical SNMP queries to the switch until the switch learns the MAC of the -device. When the MAC address is known, pfsetvlan checks its status (existing? -registered ?, any violations ?) in the database and puts the port in the -appropriate VLAN. When a device is unplugged, the switch sends a LinkDown -trap to PacketFence which puts the port into the MAC detection VLAN. - -IMPORTANT: -When a computer boots, the initialization of the NIC generates several link -status changes. And every time the switch sends a linkup and a linkdown trap to -PacketFence. Since PacketFence has to act on each of these trap, this generates -unfortunately some unnecessary load on pfsetvlan. In order to optimize the trap -treatment, PacketFence stops every thread for a LinkUp trap when it receives a -LinkDown trap on the same port. But using only LinkUp/LinkDown traps is not the -most scalable option. For example in case of power failure, if hundreds of -computers boot at the same time, PacketFence would receive a lot of traps almost -instantly and this could result in network connection latency… - - -MAC notification traps ----------------------- - -If your switches support MAC notification traps (MAC learnt, MAC removed), we -suggest that you activate them in addition to the LinkUp/LinkDown traps. This -way, pfsetvlan does not need, after a link up trap, to query the switch -continuously until the MAC has finally been learned. When it receives a LinkUp -trap for a port on which MAC notification traps are also enabled, it only needs -to put the port in the MAC detection VLAN and can than free the thread. When the -switch learns the MAC address of the device it sends a MAC learnt trap -(containing the MAC address) to PacketFence. - - -Port Security traps -------------------- - -In its most basic form, the Port Security feature remembers the MAC address -connected to the switch port and allows only that MAC address to communicate on -that port. If any other MAC address tries to communicate through the port, port -security will not allow it and send a port-security trap. - -If your switches support this feature, we strongly recommend to use it rather -than LinkUp/LinkDown and/or MAC notifications. Why ? Because as long as a MAC -address is authorized on a port and is the only one connected, the switch will -send no trap whether the device reboots, plugs in or unplugs. This drastically -reduces the SNMP interactions between the switches and PacketFence. - -NOTE: -When you enable port security traps you should not enable LinkUp/LinkDown nor -MAC notification traps. - - -802.1X ------- - -802.1X provides port-based authentication, which involves communications between -a supplicant, authenticator, and authentication server. The supplicant is often -software on a client device, such as a laptop, the authenticator is a wired -Ethernet switch or wireless access point, and an authentication server is -generally a RADIUS database. -The supplicant (i.e., client device) is not allowed access through the -authenticator to the network until the supplicant’s identity is authorized. -With 802.1X port-based authentication, the supplicant provides credentials, such -as user name / password or digital certificate, to the authenticator, and the -authenticator forwards the credentials to the authentication server for -verification. If the credentials are valid (in the authentication server -database), the supplicant (client device) is allowed to access the network. - -================================== -Hardware apparently not supported? -================================== - -Your network hardware is not on these lists? Chances are that it works with a -similar module already. Try this first and if it does work, let us know what -module you used on what hardware and your firmware version. You can -communicate that information to us by filing a ticket in our bug tracking -system under the category 'hardware modules': - -http://www.packetfence.org/bugs/bug_report_page.php - -Otherwise, we are always interested in adding new hardware support into -PacketFence. Please contact us at info@inverse.ca or via our web form: - -http://www.inverse.ca/english/about/contact.html#c1538 +For a technical introduction on how PacketFence interacts with the equipment, please +refer to http://www.packetfence.org/about/technical_introduction.html diff --git a/UPGRADE.asciidoc b/UPGRADE.asciidoc index d5a571bb3148..22607f063bc0 100644 --- a/UPGRADE.asciidoc +++ b/UPGRADE.asciidoc @@ -5,6 +5,43 @@ http://www.packetfence.org/ Notes on upgrading from an older release. +Upgrading from a version prior to 4.2.0 +--------------------------------------- + +Database schema update +^^^^^^^^^^^^^^^^^^^^^^ + +The person table has many new columns that can be used for registration. + +The node table has new columns to store the time and bandwidth balances of a node. + +The node table has also a new column to keep the audit-session-id from the RADIUS request to use with the CoA. + +Added a new column config_timestamp in radius_nas table. + +The locationlog table has new columns to store the switch IP and MAC when using dynamic controllers. + +New table for inline (layer 3) accounting. + +New table for WRIX data. + +Make sure you run the following to update your schema: + + mysql -u root -p pf -v < db/upgrade-4.1.0-4.2.0.sql + +Configuration changes +^^^^^^^^^^^^^^^^^^^^^ + +The parameter `guests_self_registration.mandatory_fields` from `pf.conf` (or `pf.conf.defaults`) was moved to the +default portal profile in `profiles.conf`. + +Adjust your configuration files accordingly. + +The captive portal has been rewritten using the Catalyst MVC framework. Any customization to the previous CGI scripts +will need to be ported to the new architecture. + +Once the configuration completed, update the file /usr/local/pf/conf/currently-at to match the new release number. + Upgrading from a version prior to 4.1.0 --------------------------------------- @@ -30,6 +67,8 @@ defined in `adminroles.conf`. The previous level `4294967295` must be replaced b Adjust your configuration files accordingly. +Once the configuration completed, update the file /usr/local/pf/conf/currently-at to match the new release number. + Upgrading from a version prior to 4.0.6 --------------------------------------- diff --git a/addons/accounting.pl b/addons/accounting.pl index 9c7004b62ee8..7fe780e63382 100755 --- a/addons/accounting.pl +++ b/addons/accounting.pl @@ -19,11 +19,6 @@ =head1 DESCRIPTION use Data::Dumper; use Net::SNMP; -use threads; -use threads::shared; -use Thread::Pool; -use Log::Log4perl; -use Log::Log4perl::Appender::File; # HACK: compile tests failed on build env. without that use constant INSTALL_DIR => '/usr/local/pf'; @@ -34,8 +29,10 @@ =head1 DESCRIPTION use pf::locationlog; use pf::node; use pf::ifoctetslog; +use threads; +use threads::shared; +use Thread::Pool; -Log::Log4perl->init( INSTALL_DIR . '/conf/log.conf' ); my $logger = Log::Log4perl->get_logger(''); my $switchFactory = new pf::SwitchFactory( diff --git a/addons/database-backup-and-maintenance.sh b/addons/database-backup-and-maintenance.sh old mode 100755 new mode 100644 index aae28edb7d23..e208b9ce6be7 --- a/addons/database-backup-and-maintenance.sh +++ b/addons/database-backup-and-maintenance.sh @@ -15,33 +15,57 @@ # # Installation: make sure you have locationlog_history (based on locationlog) and edit DB_PWD to fit your password. -NB_DAYS_TO_KEEP=70 +NB_DAYS_TO_KEEP_DB=30 +NB_DAYS_TO_KEEP_FILES=30 DB_USER='pf'; -# make sure access to this file is properly secured! (chmod a=,u=rwx) DB_PWD=''; DB_NAME='pf'; -BACKUP_DIRECTORY='/root/backup' +PF_DIRECTORY='/usr/local/pf/' +PF_DIRECTORY_EXCLUDED='/usr/local/pf/logs' +BACKUP_DIRECTORY='/root/backup/' BACKUP_DB_FILENAME='packetfence-db-dump' +BACKUP_PF_FILENAME='packetfence-files-dump' ARCHIVE_DIRECTORY=$BACKUP_DIRECTORY ARCHIVE_DB_FILENAME='packetfence-archive' + +# Create the backup directory +if [ ! -d "$BACKUP_DIRECTORY" ]; then + mkdir -p $BACKUP_DIRECTORY + echo -e "$BACKUP_DIRECTORY , created. \n" +else + echo -e "$BACKUP_DIRECTORY , folder already created. \n" +fi + +# Backup complete PacketFence installation except logs +current_tgz=$BACKUP_DIRECTORY/$BACKUP_PF_FILENAME-`date +%F_%Hh%M`.tgz +if [ ! -f $BACKUP_DIRECTORY$BACKUP_PF_FILENAME ]; then + tar -czf $current_tgz $PF_DIRECTORY --exclude=$PF_DIRECTORY_EXCLUDED + echo -e $BACKUP_PF_FILENAME "have been created in $BACKUP_DIRECTORY \n" + find $BACKUP_DIRECTORY -name "packetfence-files-dump-*.tgz" -mtime +$NB_DAYS_TO_KEEP_FILES -print0 | xargs -0r rm -f + echo -e "$BACKUP_PF_FILENAME older than $NB_DAYS_TO_KEEP_FILES days have been removed. \n" +else + echo -e $BACKUP_DIRECTORY$BACKUP_PF_FILENAME ", file already created. \n" +fi + + # is MySQL running? meaning we are the live packetfence if [ -f /var/run/mysqld/mysqld.pid ]; then - # locationlog cleanup: all the closed entries older than a month are moved to locationlog_history - # in order to keep locationlog small - mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e "INSERT INTO locationlog_history SELECT * FROM locationlog WHERE ((end_time IS NOT NULL OR end_time <> 0) AND end_time < DATE_SUB(CURDATE(), INTERVAL 1 MONTH));" - mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e "DELETE FROM locationlog WHERE ((end_time IS NOT NULL OR end_time <> 0) AND end_time < DATE_SUB(CURDATE(), INTERVAL 1 MONTH));" + # locationlog cleanup: all the closed entries older than a month are moved to locationlog_history + # in order to keep locationlog small + mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e "INSERT INTO locationlog_history SELECT * FROM locationlog WHERE ((end_time IS NOT NULL OR end_time <> 0) AND end_time < DATE_SUB(CURDATE(), INTERVAL 1 MONTH));" + mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e "DELETE FROM locationlog WHERE ((end_time IS NOT NULL OR end_time <> 0) AND end_time < DATE_SUB(CURDATE(), INTERVAL 1 MONTH));" - # lets optimize on Sunday - DOW=`date +%w` - if [ $DOW -eq 0 ] - then + # lets optimize on Sunday + DOW=`date +%w` + if [ $DOW -eq 0 ] + then TABLENAMES=`mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e "SHOW TABLES\G;"|grep 'Tables_in_'|sed -n 's/.*Tables_in_.*: \([_0-9A-Za-z]*\).*/\1/p'` # loop through the tables and optimize them for TABLENAME in $TABLENAMES - do + do mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e "OPTIMIZE TABLE $TABLENAME;" done fi @@ -49,19 +73,19 @@ if [ -f /var/run/mysqld/mysqld.pid ]; then # dump the database, gzip and remove old files current_filename=$BACKUP_DIRECTORY/$BACKUP_DB_FILENAME-`date +%F_%Hh%M`.sql mysqldump --opt -h 127.0.0.1 -u $DB_USER -p$DB_PWD $DB_NAME > $current_filename && \ - gzip $current_filename && \ - find $BACKUP_DIRECTORY -name "$BACKUP_DB_FILENAME-*.sql.gz" -mtime +$NB_DAYS_TO_KEEP -print0 | xargs -0r rm -f + gzip $current_filename && \ + find $BACKUP_DIRECTORY -name "$BACKUP_DB_FILENAME-*.sql.gz" -mtime +$NB_DAYS_TO_KEEP_DB -print0 | xargs -0r rm -f # let's archive on the first day of the month if [ `/bin/date +%d` -eq '01' ]; then # flushing old locationlog_history records into sql files for archival then removing from database current_filename=$ARCHIVE_DIRECTORY/$ARCHIVE_DB_FILENAME-`date +%Y%m%d`.sql mysqldump -u $DB_USER -p$DB_PWD $DB_NAME --tables locationlog_history --skip-opt --no-create-info --quick --where='((end_time IS NOT NULL OR end_time <> 0) AND end_time < DATE_FORMAT(DATE_SUB(CURDATE(), INTERVAL 1 YEAR),"%Y-%m-01"))' > $current_filename && \ - gzip $current_filename && \ - mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e 'LOCK TABLES locationlog_history WRITE; DELETE FROM locationlog_history WHERE ((end_time IS NOT NULL OR end_time <> 0) AND end_time < DATE_FORMAT(DATE_SUB(CURDATE(), INTERVAL 1 YEAR),"%Y-%m-01")); UNLOCK TABLES;' + gzip $current_filename && \ + mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e 'LOCK TABLES locationlog_history WRITE; DELETE FROM locationlog_history WHERE ((end_time IS NOT NULL OR end_time <> 0) AND end_time < DATE_FORMAT(DATE_SUB(CURDATE(), INTERVAL 1 YEAR),"%Y-%m-01")); UNLOCK TABLES;' #Clean Accounting for previous year... if needed - mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e 'LOCK TABLES radacct WRITE; DELETE FROM radacct WHERE YEAR(acctstarttime) < YEAR(CURRENT_DATE()); UNLOCK TABLES;' - mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e 'LOCK TABLES radacct_log WRITE; DELETE FROM radacct_log WHERE YEAR(timestamp) < YEAR(CURRENT_DATE()); UNLOCK TABLES;' + mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e 'DELETE FROM radacct WHERE YEAR(acctstarttime) < YEAR(CURRENT_DATE());' + mysql -u $DB_USER -p$DB_PWD -D $DB_NAME -e 'DELETE FROM radacct_log WHERE YEAR(timestamp) < YEAR(CURRENT_DATE());' fi fi diff --git a/addons/dev-helpers/dump.pl b/addons/dev-helpers/dump.pl index 9f3215b02a59..9f4058428196 100755 --- a/addons/dev-helpers/dump.pl +++ b/addons/dev-helpers/dump.pl @@ -1,5 +1,6 @@ #!/usr/bin/perl use lib qw(/usr/local/pf/lib); +use Data::Dumper; package pf::dump; use base qw(pf::cmd::subcmd); @@ -10,7 +11,7 @@ =head1 NAME =head1 SYNOPSIS -dump.pl +dump.pl |switches|admin_roles|chiconfig> =head1 DESCRIPTION @@ -18,52 +19,107 @@ =head1 DESCRIPTION =cut +package pf::dump::cmd; +use base qw(pf::cmd); +use Module::Loaded qw(mark_as_loaded); + package pf::dump::config; -use base qw(pf::cmd); -use Data::Dumper; +use base qw(pf::dump::cmd); +__PACKAGE__->mark_as_loaded(); + +sub _run { + require pf::config; + print Data::Dumper::Dumper(\%pf::config::Config); +} + +package pf::dump::doc_config; +use base qw(pf::dump::cmd); +__PACKAGE__->mark_as_loaded(); sub _run { require pf::config; - print Dumper(\%pf::config::Config); + print Data::Dumper::Dumper(\%pf::config::Doc_Config); } package pf::dump::floatingdevices; -use base qw(pf::cmd); -use Data::Dumper; +use base qw(pf::dump::cmd); +__PACKAGE__->mark_as_loaded(); sub _run { require pf::config; - print Dumper(\%pf::config::ConfigFloatingDevices); + print Data::Dumper::Dumper(\%pf::config::ConfigFloatingDevices); } package pf::dump::profiles; -use base qw(pf::cmd); -use Data::Dumper; +use base qw(pf::dump::cmd); +__PACKAGE__->mark_as_loaded(); sub _run { require pf::config; - print Dumper(\%pf::config::Profiles_Config); + print Data::Dumper::Dumper(\%pf::config::Profiles_Config); } package pf::dump::profiles_filters; -use base qw(pf::cmd); -use Data::Dumper; +use base qw(pf::dump::cmd); +__PACKAGE__->mark_as_loaded(); sub _run { require pf::config; - print Dumper(\%pf::config::Profile_Filters); + print Data::Dumper::Dumper(\%pf::config::Profile_Filters); } package pf::dump::sources; -use base qw(pf::cmd); -use Data::Dumper; +use base qw(pf::dump::cmd); +__PACKAGE__->mark_as_loaded(); sub _run { require pf::authentication; - print Dumper(\@pf::authentication::authentication_sources); + print Data::Dumper::Dumper(\@pf::authentication::authentication_sources); +} + +package pf::dump::switch; +use base qw(pf::dump::cmd); +__PACKAGE__->mark_as_loaded(); + +sub parseArgs { + my ($self) = @_; + return $self->args == 1; +} + +sub _run { + my ($self) = @_; + require pf::SwitchFactory; + print Data::Dumper::Dumper(pf::SwitchFactory->getInstance->instantiate($self->args)); +} + +package pf::dump::switches; +use base qw(pf::dump::cmd); +__PACKAGE__->mark_as_loaded(); + +sub _run { + require pf::ConfigStore::Switch; + print Data::Dumper::Dumper(\%pf::ConfigStore::Switch::SwitchConfig); +} + +package pf::dump::chiconfig; +use base qw(pf::dump::cmd); +__PACKAGE__->mark_as_loaded(); + +sub _run { + require pf::CHI; + print Data::Dumper::Dumper(pf::CHI::chiConfigFromIniFile()); +} + +package pf::dump::admin_roles; +use base qw(pf::dump::cmd); +__PACKAGE__->mark_as_loaded(); + +sub _run { + require pf::admin_roles; + print Data::Dumper::Dumper(\%pf::admin_roles::ADMIN_ROLES); } package main; diff --git a/addons/dev-helpers/git/pre-commit.pl b/addons/dev-helpers/git/pre-commit.pl new file mode 100755 index 000000000000..904bda2108d3 --- /dev/null +++ b/addons/dev-helpers/git/pre-commit.pl @@ -0,0 +1,208 @@ +#!/usr/bin/perl +use strict; +use Template::Parser; +use File::Slurp qw(read_file); + +our $GIT_COMMAND = q[/usr/bin/git]; +our @ERRORS; +our $STASHED; + +END { + if($STASHED) { + local $?; + git_cmd (qw(reset --hard)); + git_cmd (qw(stash apply --index)); + git_cmd (qw(stash drop --index)); + } +} + +my ($code,$output); +our $OLD_STASH; + +($code,$OLD_STASH) = git_cmd(qw(rev-parse -q --verify refs/stash)); + +($code,$output) = git_cmd(qw(stash --keep-index)); + +unless( $STASHED = $code == 0 ) { + print STDERR "Error stashing working space\n"; + print STDERR $output; + exit 1; +} + +our ($code,$NEW_STASH) = git_cmd(qw(rev-parse -q --verify refs/stash)); + +#return if there are no changes +exit 0 if $OLD_STASH eq $NEW_STASH; + +sub pod_checker { + my ($file_name) = @_; + if(does_file_match({file_match => qr/\.pm$/},$file_name)) { + $file_name = quotemeta($file_name); + my $results = qx{/usr/bin/podchecker $file_name 2>&1}; + push @ERRORS,$results if $? != 0; + } +} + +sub perl_compile { + my ($file_name) = @_; + if(does_file_match({file_match => qr/\.(pm|cgi|pl)$/},$file_name)) { + $file_name = quotemeta($file_name); + my $results = qx{/usr/bin/perl -c -Ilib -Ihtml/pfappserver/lib -Ihtml/captive-portal/lib $file_name 2>&1}; + push @ERRORS,$results if $? != 0; + } +} + +sub template_compile { + my ($file_name) = @_; + if(does_file_match({file_match => qr/\.(tt)$/},$file_name)) { + my $parser = Template::Parser->new({}); + my $file = read_file($file_name); + my $data = $parser->parse($file); + push @ERRORS,$parser->error() unless $data; + } +} + +sub git_cmd { + my @args = @_; + my $cmd = join (' ',map {quotemeta $_} @args); + my $result = qx{$GIT_COMMAND $cmd}; + return ($?,$result); +} + +#my ($ret,$result) = git_cmd(qw{stash --include-untracked}); +#$STASHED = ($ret == 0); + +my @NO_ADD_TESTS = ( + { + test_name => "No Data::Dumper", + file_match => qr/\.pm$/, + line_match => qr/^\s*use\s*Data::Dumper/ + }, + { + test_name => "No lowercase in =head1", + file_match => qr/\.pm$/, + line_match => qr/=head1 .[a-z]+./ + }, + { + test_name => "No console.log", + file_match => qr/\.js$/, + line_match => qr/(^|\s)console\s*\.log/ + } +); + +my @RUNNER_TESTS = ( + { + test_name => "Pod checker", + file_match => qr/\.pm$/, + runner => "/usr/bin/podchecker %s 2>&1", + }, +); + + +our %changed_files; + +if(has_changed_files()) { + my ($ret,$result) = git_cmd(qw{diff -z --cached --name-status}); + my %temp = reverse split /\0/,$result; + while(my ($file_name,$status) = each %temp) { + $changed_files{$file_name} = { + status => $status, + }; + } + my @changed_files = grep { $changed_files{$_}{status} ne 'D' } keys %changed_files; + for my $file_name (@changed_files) { + match_no_add ($file_name); + runner ($file_name); + perl_compile ($file_name); + template_compile($file_name); + } +} + +if (@ERRORS) { + push @ERRORS, "To bypass pre-commit hook use 'git commit --no-verify'"; + print STDERR join("\n",@ERRORS,""); + exit 1; +} + +sub match_no_add { + my ($file) = @_; + my $results; + my @tests = grep { can_do_match_no_add($_,$file) } @NO_ADD_TESTS; + foreach my $test (@tests) { + my $line_match = $test->{line_match}; + my @matched = grep {$_ =~ $line_match } added_lines($file); + if(@matched) { + my $test_name = $test->{name} || "No add"; + push @ERRORS, "Test '$test_name' failed","The following lines should not be added in $file",@matched; + } + } +} + +sub runner { + my ($file_name) = @_; + my @tests = grep { exists $_->{runner} && can_do_match_no_add($_,$file_name) } @RUNNER_TESTS; + $file_name = quotemeta($file_name); + foreach my $test (@tests) { + my $runner = sprintf($test->{runner},$file_name); + my $results = qx{$runner}; + if($? != 0) { + my $test_name = $test->{test_name}; + push @ERRORS,"Test '$test_name' failed for $file_name", $results; + } + } +} + + +sub can_do_match_no_add { + my ($test,$file) = @_; + return does_file_match($test,$file) && file_not_excluded($test,$file); +} + +sub does_file_match { + my ($test,$file) = @_; + return !exists $test->{file_match} || $file =~ $test->{file_match}; +} + +sub file_not_excluded { + my ($test,$file) = @_; + my $result = 1; + if (exists $test->{excluded}) { + + } + return $result; +} + +sub added_lines { + my ($file) = @_; + if(exists $changed_files{$file}) { + my $changed_file = $changed_files{$file}; + add_diff_data($file) unless (exists $changed_file->{added_lines}); + return @{$changed_file->{added_lines}}; + } + return (); +} + +sub add_diff_data { + my ($file) = @_; + my ($ret,$result) = git_cmd(qw{diff --cached},$file); + my @lines = split $/,$result; + my $changed_file = $changed_files{$file}; + $changed_file->{diff} = $result; + $changed_file->{diff_lines} = \@lines; + $changed_file->{added_lines} = [ map {local $_= $_;s/^\+ {4}//;$_} grep { /^\+ {4}/ } @lines ]; + $changed_file->{deleted_lines} = [ map {local $_= $_;s/^- {4}//;$_} grep { /^- {4}/ } @lines ]; +} + + +sub get_file_content { + my ($file) = @_; + my ($ret,$result) = git_cmd(qw{cat-file blob},"HEAD:$file"); + return $result; +} + +sub has_changed_files { + my ($ret,$result) = git_cmd(qw(diff-index --quiet HEAD -- )); + return $ret != 0; +} + + diff --git a/addons/dev-helpers/pf-admin-test-server b/addons/dev-helpers/pf-admin-test-server new file mode 100755 index 000000000000..29ca6bbf56ce --- /dev/null +++ b/addons/dev-helpers/pf-admin-test-server @@ -0,0 +1,12 @@ +#!/usr/bin/perl +use strict; +use POSIX qw(setuid setgid); +my $PF_ROOT="/usr/local/pf"; +my $PF_USER = 'pf'; + +`reset`; +my ($name,$passwd,$uid,$gid, + $quota,$comment,$gcos,$dir,$shell,$expire) = getpwnam($PF_USER); +exec("'$PF_ROOT/html/pfappserver/script/pfappserver_server.pl' -r -d --restart_directory '$PF_ROOT/lib/' --restart_directory '$PF_ROOT/html/pfappserver/'") + if setgid($gid) == 0 && setuid($uid) == 0; +print "error $!\n"; diff --git a/addons/dev-helpers/pf-portal-test-server b/addons/dev-helpers/pf-portal-test-server new file mode 100755 index 000000000000..9c6733b78a6b --- /dev/null +++ b/addons/dev-helpers/pf-portal-test-server @@ -0,0 +1,12 @@ +#!/usr/bin/perl +use strict; +use POSIX qw(setuid setgid); +my $PF_ROOT="/usr/local/pf"; +my $PF_USER = 'pf'; + +`reset`; +my ($name,$passwd,$uid,$gid, + $quota,$comment,$gcos,$dir,$shell,$expire) = getpwnam($PF_USER); +exec("'$PF_ROOT/html/captive-portal/script/captive_portal_server.pl' -r -d --restart_directory '$PF_ROOT/lib/' --restart_directory '$PF_ROOT/html/captive-portal/'") + if setgid($gid) == 0 && setuid($uid) == 0; +print "error $!\n"; diff --git a/addons/dev-helpers/test-billing.pl b/addons/dev-helpers/test-billing.pl new file mode 100755 index 000000000000..1882631cbfa9 --- /dev/null +++ b/addons/dev-helpers/test-billing.pl @@ -0,0 +1,123 @@ +#!/usr/bin/perl +=head1 NAME + +test add documentation + +=head1 SYNOPSIS + + test-billing.pl options + + Manditory options: + --ip IP Ip address of node + --mac MAC Mac of noe + --firstname FIRSTNAME Firstname + --lastname LASTNAME Lastname + --email EMAIL Email address + --ccnumber CC Creditcard number + --ccexpiration EXP Creditcard expiraction date MMYY + --ccverification VCODE Creditcard verification id + --item ITEM Item description + --price PRICE The price of the item + --description DESC Description of the invoice + + Optional options + --help + +=head1 DESCRIPTION + +=cut + +use strict; +use warnings; +use lib qw(/usr/local/pf/lib); +use pf::billing::custom; +use pf::billing::constants; +use pf::billing::gateway::mirapay::request; +use Getopt::Long; +use Pod::Usage; + +my %transaction_infos; +GetOptions (\%transaction_infos, + 'ip=s', + 'mac=s', + 'firstname=s', + 'lastname=s', + 'email=s', + 'ccnumber=s', + 'ccexpiration=s', + 'ccverification=s', + 'item=s', + 'price=s', + 'description=s', + 'help', +) or pod2usage(2); + +pod2usage(1) if $transaction_infos{help}; + +my @notThere = + grep {! (exists $transaction_infos{$_} && $transaction_infos{$_} ) } + qw( + ip mac firstname lastname email ccnumber + ccexpiration ccverification item price description + ) +; + +if(@notThere) { + pod2usage(-msg => join("\n","Following options not provided:",@notThere,''),-exitval => 1); +} + +my $billingObj = new pf::billing::custom(); + +# Transactions informations +my $transaction_infos_ref = { + ip => '192.168.1.1', + mac => '01:01:01:01:01:01', + firstname => 'James', + lastname => 'Rouzier', + email => 'jrouzier@inverse.ca', + ccnumber => '4601720000000891', + ccexpiration => '1213', + ccverification => '012', + item => 'Item name', + price => 100, + description => 'Test' +}; + +# Process the transaction +my $paymentStatus = $billingObj->processTransaction(\%transaction_infos); + +if($paymentStatus eq $BILLING::SUCCESS) { + print "Was successful\n"; +} else { + print "Failed\n"; +} + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + diff --git a/addons/extract_i18n_strings.pl b/addons/extract_i18n_strings.pl index 042498a7575d..0d62ee24ebfe 100644 --- a/addons/extract_i18n_strings.pl +++ b/addons/extract_i18n_strings.pl @@ -15,12 +15,13 @@ =head1 DESCRIPTION use File::Find; use lib qw(/usr/local/pf/lib /usr/local/pf/html/pfappserver/lib); -use pf::config; use pf::action; +use pf::admin_roles; use pf::Authentication::Source; use pf::Authentication::constants; -use pf::SNMP::constants; +use pf::Switch::constants; use pfappserver::Model::Node; +use pf::config; use constant { APP => 'html/pfappserver', @@ -106,12 +107,12 @@ sub parse_tt { my $dir = APP.'/root'; my @templates = (); - sub tt { + my $tt = sub { return unless -f && m/\.(tt|inc)$/; push(@templates, $File::Find::name); - } + }; - find(\&tt, $dir); + find($tt, $dir); my $line; foreach my $template (@templates) { @@ -136,12 +137,12 @@ sub parse_forms { my $dir = APP.'/lib/pfappserver/Form'; my @forms = (); - sub pm { + my $pm = sub { return unless -f && m/\.pm$/; push(@forms, $File::Find::name); - } + }; - find(\&pm, $dir); + find($pm, $dir); my $line; foreach my $form (@forms) { @@ -229,6 +230,8 @@ sub extract_modules { my @values = map { "${_}_action" } @pf::action::VIOLATION_ACTIONS; const('pf::action', 'VIOLATION_ACTIONS', \@values); + const('pf::admin_roles', 'Actions', \@ADMIN_ACTIONS); + my $attributes = pf::Authentication::Source->common_attributes(); my @common = map { $_->{value} } @$attributes; const('pf::Authentication::Source', 'common_attributes', \@common); @@ -264,7 +267,7 @@ sub extract_modules { @values = map { @$_ } values %Conditions::OPERATORS; const('pf::Authentication::constants', 'Conditions', \@values); - const('pf::SNMP::constants', 'Modes', \@SNMP::MODES); + const('pf::Switch::constants', 'Modes', \@SNMP::MODES); const('pf::pfcmd::report', 'SQL', ['dhcp_fingerprint']); const('pf::pfcmd::report', 'report_nodebandwidth', [qw/acctinput acctoutput accttotal callingstationid/]); @@ -315,9 +318,10 @@ sub print_po { foreach my $file (sort @{$strings{$string}}) { print "# $file\n"; } - if (scalar(split("\n", $string)) > 1) { + my @lines = split("\n", $string); + if (@lines > 1) { print "msgid \"\"\n"; - print join("\n", map { " \"$_\"" } split("\n", $string)), "\n"; + print join("\n", map { " \"$_\"" } @lines), "\n"; } else { print "msgid \"$string\"\n"; diff --git a/addons/logrotate b/addons/logrotate index 2ed39016329c..eb04f3ed2f2b 100644 --- a/addons/logrotate +++ b/addons/logrotate @@ -1,11 +1,10 @@ # logrotate file for packetfence -/usr/local/pf/logs/access_log /usr/local/pf/logs/admin_access_log /usr/local/pf/logs/admin_error_log /usr/local/pf/logs/error_log /usr/local/pf/logs/packetfence.log /usr/local/pf/logs/pfdetect /usr/local/pf/logs/pfmon /usr/local/pf/logs/snmptrapd.log /usr/local/pf/logs/radius.log /usr/local/pf/logs/portal_access_log /usr/local/pf/logs/portal_error_log /usr/local/pf/logs/portal_error_log /usr/local/pf/logs/proxy_access_log /usr/local/pf/logs/webservices_access_log /usr/local/pf/logs/webservices_error_log /usr/local/pf/logs/catalyst.log { +/usr/local/pf/logs/access_log /usr/local/pf/logs/admin_access_log /usr/local/pf/logs/admin_error_log /usr/local/pf/logs/catalyst.log /usr/local/pf/logs/error_log /usr/local/pf/logs/httpd.admin.log /usr/local/pf/logs/httpd.portal.log /usr/local/pf/logs/packetfence.log /usr/local/pf/logs/pfbandwidthd.log /usr/local/pf/logs/pfdetect.log /usr/local/pf/logs/pfdhcplistener.log /usr/local/pf/logs/pfdns.log /usr/local/pf/logs/pfmon.log /usr/local/pf/logs/pfsetvlan.log /usr/local/pf/logs/portal_access_log /usr/local/pf/logs/portal_error_log /usr/local/pf/logs/proxy_access_log /usr/local/pf/logs/radius.log /usr/local/pf/logs/snmptrapd.log /usr/local/pf/logs/webservices_access_log /usr/local/pf/logs/webservices_error_log { weekly rotate 52 missingok compress - delaycompress su pf pf copytruncate } diff --git a/addons/packages/packetfence-release.spec b/addons/packages/packetfence-release.spec new file mode 100644 index 000000000000..5ace23c9f180 --- /dev/null +++ b/addons/packages/packetfence-release.spec @@ -0,0 +1,84 @@ +# PacketFence RPM SPEC +# +# NEW (since git migration): +# +# Expecting a standard tarball with packetfence-/... +# +# BUILDING FOR RELEASE +# +# - Build +# - define ver +# - define dist based on target distro (for centos/rhel => .el5) +# - define rev based on package revision (must be > 0 for proprer upgrade from snapshots) +# ex: +# cd /usr/src/redhat/ +# rpmbuild -ba --define 'version 3.3.0' --define 'dist .el5' --define 'rev 1' SPECS/packetfence.spec +# +# +# BUILDING FOR A SNAPSHOT (PRE-RELEASE) +# +# - Build +# - define ver +# - define snapshot 1 +# - define dist based on target distro (for centos/rhel => .el5) +# - define rev to 0. this way one can upgrade from snapshot to release +# ex: +# cd /usr/src/redhat/ +# rpmbuild -ba --define 'version 3.3.0' --define 'snapshot 1' --define 'dist .el5' --define 'rev 0.20100506' SPECS/packetfence.spec +# +Summary: PacketFence release file and RPM repository configuration +%global real_name packetfence-release +Name: %{real_name} +Version: %{ver} +Release: %{rev}%{?dist} +License: GPL +Group: System Environment/Base +URL: http://www.packetfence.org +BuildRoot: %{_tmppath}/%{real_name}-%{version}-%{rev}-root +BuildArch: noarch +# disables the creation of the debug package for our setuid C wrapper +%define debug_package %{nil} + +Packager: Inverse inc. +Vendor: PacketFence, http://www.packetfence.org + +%description + +PacketFence release file. This package contains the yum configuration +for the PacketFence RPM repository. + +%prep + +%{__cat} </etc/yum.repos.d/packetfence.repo +## PacketFence RPM Repository for RHEL/Centos 6 +[packetfence] +name=PacketFence Repository +baseurl=http://inverse.ca/downloads/PacketFence/RHEL6/\$basearch +gpgcheck=0 +enabled=0 + +[packetfence-devel] +name=PacketFence Devel Repository +baseurl=http://inverse.ca/downloads/PacketFence/RHEL6/devel/\$basearch +gpgcheck=0 +enabled=0 +EOF + +%build +%install +rm -rf %{buildroot} +mkdir -p %{buildroot}/etc/yum.repos.d/ +cp /etc/yum.repos.d/packetfence.repo $RPM_BUILD_ROOT/etc/yum.repos.d/packetfence.repo +%clean +rm -rf $RPM_BUILD_ROOT + +%files -n %{real_name} +%defattr(0755, root, root) +%config /etc/yum.repos.d/packetfence.repo + + +%changelog +* Thu May 01 2014 Inverse inc. +- fixed variable issue +* Fri Apr 25 2014 Inverse inc. +- Release file created. diff --git a/addons/packages/packetfence.spec b/addons/packages/packetfence.spec index ccd1f42509b6..c9ac9485bf8e 100644 --- a/addons/packages/packetfence.spec +++ b/addons/packages/packetfence.spec @@ -82,27 +82,25 @@ BuildArch: noarch # TODO we might consider re-enabling this to simplify our SPEC AutoReqProv: 0 -Requires: chkconfig, coreutils, grep, iproute, openssl, sed, tar, wget, gettext +Requires: chkconfig, coreutils, grep, iproute, openssl, sed, tar, wget, gettext, conntrack-tools # for process management Requires: procps Requires: libpcap, libxml2, zlib, zlib-devel, glibc-common, Requires: httpd, mod_ssl -Requires: mod_perl +Requires: mod_perl, mod_qos requires: libapreq2 Requires: dhcp Requires: memcached -# FreeRADIUS version >= 2.1.12 and the name changed between the RHEL 5 and 6 releases -%{?el5:Requires: freeradius2 >= 2.1.12, freeradius2-mysql, freeradius2-perl, freeradius2-ldap, freeradius2-utils } -%{?el6:Requires: freeradius >= 2.1.12, freeradius-mysql, freeradius-perl, freeradius-ldap, freeradius-utils } +Requires: freeradius >= 2.2.5, freeradius-mysql, freeradius-perl, freeradius-ldap, freeradius-utils Requires: make Requires: net-tools Requires: net-snmp >= 5.3.2.2 Requires: mysql, mysql-server, perl(DBD::mysql) Requires: perl >= 5.8.8 # replaces the need for perl-suidperl which was deprecated in perl 5.12 (Fedora 14) -Requires: %{real_name}-pfcmd-suid +Requires(pre): %{real_name}-pfcmd-suid Requires: perl(Bit::Vector) -Requires: perl(CGI::Session), perl(CGI::Session::Driver::memcached), perl(JSON), perl(PHP::Session) +Requires: perl(CGI::Session), perl(CGI::Session::Driver::chi) >= 1.0.3, perl(JSON) Requires: perl(Apache2::Request) Requires: perl(Apache::Session) Requires: perl(Apache::Session::Memcached) @@ -113,6 +111,8 @@ Requires: perl(Class::Gomor) Requires: perl(Config::IniFiles) >= 2.40 Requires: perl(Data::Phrasebook), perl(Data::Phrasebook::Loader::YAML) Requires: perl(DBI) +Requires: perl(Rose::DB) +Requires: perl(Rose::DB::Object) Requires: perl(File::Tail) Requires: perl(IPC::Cmd) Requires: perl(IPTables::ChainMgr) @@ -120,6 +120,8 @@ Requires: perl(IPTables::Parse) Requires: perl(Tie::DxHash) requires: perl(Proc::ProcessTable) requires: perl(Apache::SSLLookup) +requires: perl(Crypt::OpenSSL::X509) +requires: perl(Const::Fast) # Perl core modules but still explicitly defined just in case distro's core perl get stripped Requires: perl(Time::HiRes) # Required for inline mode. Specific version matches system's iptables version. @@ -134,12 +136,15 @@ Requires: perl(Net::LDAP) Requires: perl-libwww-perl, perl(LWP::Simple), perl(LWP::Protocol::https) Requires: perl(List::MoreUtils) Requires: perl(Locale::gettext) -Requires: perl(Log::Log4perl) >= 1.11 +Requires: perl(Log::Log4perl) >= 1.43 +Requires: perl(Log::Any) +Requires: perl(Log::Any::Adapter) +Requires: perl(Log::Any::Adapter::Log4perl) # Required by switch modules # Net::Appliance::Session specific version added because newer versions broke API compatibility (#1312) # We would need to port to the new 3.x API (tracked by #1313) Requires: perl(Net::Appliance::Session) = 1.36 -Requires: perl(Net::OAuth2) +Requires: perl(Net::OAuth2) >= 0.57 # Required by configurator script, pf::config Requires: perl(Net::Interface) Requires: perl(Net::Netmask) @@ -148,7 +153,7 @@ Requires: perl(Net::Pcap) >= 0.16 # pfdhcplistener Requires: perl(NetPacket) >= 1.2.0 # pfdns -Requires: perl(Net::DNS) = 0.65-4 +Requires: perl(Net::DNS) = 0.65 Requires: perl(Net::DNS::Nameserver) = 749 # RADIUS CoA support Requires: perl(Net::Radius::Dictionary), perl(Net::Radius::Packet) @@ -167,6 +172,9 @@ Requires: perl(Regexp::Common) Requires: rrdtool, perl-rrdtool Requires: perl(SOAP::Lite) >= 1.0 Requires: perl(WWW::Curl) +Requires: perl(Data::MessagePack) +Requires: perl(Data::MessagePack::Stream) +Requires: perl(POSIX::2008) # Template::Toolkit - captive portal template system Requires: perl(Template) # Used by installer / configurator scripts @@ -204,6 +212,9 @@ Requires: perl(Catalyst::Authentication::Credential::HTTP) Requires: perl(Catalyst::Authentication::Store::Htpasswd) Requires: perl(Catalyst::Controller::HTML::FormFu) Requires: perl(Params::Validate) >= 0.97 +Requires: perl(Term::Size::Any) +Requires(pre): perl-aliased => 0.30 +Requires(pre): perl-version # for Catalyst stand-alone server Requires: perl(Catalyst::Devel) Requires: perl(Sort::Naturally) @@ -213,20 +224,26 @@ Requires: perl(File::Slurp) # I shall file upstream tickets to openfusion before we integrate Requires: perl(Plack), perl(Plack::Middleware::ReverseProxy) Requires: perl(MooseX::Types::LoadableClass) -Requires: perl(CHI) -Requires: perl(HTML::FormHandler) +Requires: perl(Moose) <= 2.1005 +Requires: perl(CHI) >= 0.56 +Requires: perl(Data::Serializer) +Requires: perl(HTML::FormHandler) = 0.40013 Requires: perl(Cache::Memcached) +Requires: perl(Cache::Memcached::GetParserXS) Requires: perl(CHI::Driver::Memcached) Requires: perl(File::Flock) Requires: perl(Perl::Version) Requires: perl(Cache::FastMmap) -Requires: perl(Moo) >= 1.0 +Requires: perl(Moo) >= 1.003000 Requires: perl(Term::ANSIColor) Requires: perl(IO::Interactive) Requires: perl(Module::Loaded) Requires: perl(Linux::FD) Requires: perl(Linux::Inotify2) Requires: perl(File::Touch) +Requires: perl(Hash::Merge) +Requires: perl(IO::Socket::INET6) +Requires: perl(IO::Interface) # configuration-wizard Requires: iproute, vconfig # @@ -238,6 +255,8 @@ Requires: perl(Test::Pod), perl(Test::Pod::Coverage), perl(Test::Exception) Requires: perl(Test::NoWarnings) # required for the fake CoA server Requires: perl(Net::UDP) +# For managing the number of connections per device +Requires: mod_qos %description -n %{real_name} @@ -255,7 +274,7 @@ as %package -n %{real_name}-remote-snort-sensor Group: System Environment/Daemons Requires: perl >= 5.8.0, perl(File::Tail), perl(Config::IniFiles), perl(IO::Socket::SSL), perl(XML::Parser), perl(Crypt::SSLeay), perl(LWP::Protocol::https) -Requires: perl(SOAP::Lite) +Requires: perl(Moo), perl(Data::MessagePack), perl(WWW::Curl) Conflicts: %{real_name} AutoReqProv: 0 Summary: Files needed for sending snort alerts to packetfence @@ -270,7 +289,7 @@ server. %package -n %{real_name}-remote-arp-sensor Group: System Environment/Daemons Requires: perl >= 5.8.0, perl(Config::IniFiles), perl(IO::Socket::SSL), perl(XML::Parser), perl(Crypt::SSLeay), perl(LWP::Protocol::https), perl(Net::Pcap) >= 0.16, memcached, perl(Cache::Memcached) -Requires: perl(SOAP::Lite) +Requires: perl(Moo), perl(Data::MessagePack), perl(WWW::Curl) Conflicts: %{real_name} AutoReqProv: 0 Summary: Files needed for sending MAC and IP addresses from ARP requests to PacketFence @@ -328,6 +347,12 @@ done # build pfcmd C wrapper gcc -g0 src/pfcmd.c -o bin/pfcmd + +find -name '*.example' -print0 | while read -d $'\0' file +do + cp $file "$(dirname $file)/$(basename $file .example)" +done + %install %{__rm} -rf $RPM_BUILD_ROOT %{__install} -D -m0755 packetfence.init $RPM_BUILD_ROOT%{_initrddir}/packetfence @@ -341,12 +366,14 @@ gcc -g0 src/pfcmd.c -o bin/pfcmd %{__install} -d -m2775 $RPM_BUILD_ROOT%logdir %{__install} -d $RPM_BUILD_ROOT/usr/local/pf/raddb/sites-enabled %{__install} -d -m2775 $RPM_BUILD_ROOT/usr/local/pf/var +%{__install} -d -m2775 $RPM_BUILD_ROOT/usr/local/pf/var/cache %{__install} -d $RPM_BUILD_ROOT/usr/local/pf/var/conf %{__install} -d $RPM_BUILD_ROOT/usr/local/pf/var/dhcpd -%{__install} -d $RPM_BUILD_ROOT/usr/local/pf/var/run +%{__install} -d -m2775 $RPM_BUILD_ROOT/usr/local/pf/var/run %{__install} -d $RPM_BUILD_ROOT/usr/local/pf/var/rrd %{__install} -d $RPM_BUILD_ROOT/usr/local/pf/var/session %{__install} -d $RPM_BUILD_ROOT/usr/local/pf/var/webadmin_cache +touch $RPM_BUILD_ROOT/usr/local/pf/var/cache_control cp Makefile $RPM_BUILD_ROOT/usr/local/pf/ cp -r bin $RPM_BUILD_ROOT/usr/local/pf/ cp -r addons/captive-portal/ $RPM_BUILD_ROOT/usr/local/pf/addons/ @@ -434,6 +461,7 @@ ln -s ../sites-available/inner-tunnel inner-tunnel ln -s ../sites-available/packetfence packetfence ln -s ../sites-available/packetfence-soh packetfence-soh ln -s ../sites-available/packetfence-tunnel packetfence-tunnel +ln -s ../sites-available/dynamic-clients dynamic-clients cd $curdir #end create symlinks @@ -503,7 +531,7 @@ if [ ! -f /usr/local/pf/conf/ssl/server.crt ]; then fi -for service in snortd httpd snmptrapd +for service in snortd httpd snmptrapd memcached do if /sbin/chkconfig --list | grep $service > /dev/null 2>&1; then echo "Disabling $service startup script" @@ -511,7 +539,7 @@ do fi done -for service in mysqld memcached +for service in mysqld do if /sbin/chkconfig --list | grep $service > /dev/null 2>&1; then echo "Enabling $service startup script" @@ -541,8 +569,8 @@ if (grep "^pf ALL=NOPASSWD:.*/sbin/iptables.*/usr/sbin/ipset" /etc/sudoers > /de # Comment out entry from a previous version of PF (< 4.0) sed -i 's/^\(pf ALL=NOPASSWD:.*\/sbin\/iptables.*\/usr\/sbin\/ipset\)/#\1/g' /etc/sudoers fi -if ! (grep "^pf ALL=NOPASSWD:.*/sbin/iptables.*/usr/sbin/ipset.*/sbin/ip.*/sbin/vconfig.*/sbin/route.*/sbin/service.*/usr/bin/tee.*/usr/local/pf/sbin/pfdhcplistener.*/bin/kill.*/usr/sbin/dhcpd.*/usr/sbin/radiusd.*/usr/sbin/snort.*/usr/sbin/suricata" /etc/sudoers > /dev/null ) ; then - echo "pf ALL=NOPASSWD: /sbin/iptables, /usr/sbin/ipset, /sbin/ip, /sbin/vconfig, /sbin/route, /sbin/service, /usr/bin/tee, /usr/local/pf/sbin/pfdhcplistener, /bin/kill, /usr/sbin/dhcpd, /usr/sbin/radiusd, /usr/sbin/snort, /usr/bin/suricata" >> /etc/sudoers +if ! (grep "^pf ALL=NOPASSWD:.*/sbin/iptables.*/usr/sbin/ipset.*/sbin/ip.*/sbin/vconfig.*/sbin/route.*/sbin/service.*/usr/bin/tee.*/usr/local/pf/sbin/pfdhcplistener.*/bin/kill.*/usr/sbin/dhcpd.*/usr/sbin/radiusd.*/usr/sbin/snort.*/usr/sbin/suricata.*/usr/sbin/conntrack" /etc/sudoers > /dev/null ) ; then + echo "pf ALL=NOPASSWD: /sbin/iptables, /usr/sbin/ipset, /sbin/ip, /sbin/vconfig, /sbin/route, /sbin/service, /usr/bin/tee, /usr/local/pf/sbin/pfdhcplistener, /bin/kill, /usr/sbin/dhcpd, /usr/sbin/radiusd, /usr/sbin/snort, /usr/bin/suricata, /usr/sbin/conntrack" >> /etc/sudoers fi if ! ( grep '^Defaults:pf.*!requiretty' /etc/sudoers > /dev/null ) ; then echo 'Defaults:pf !requiretty' >> /etc/sudoers @@ -555,6 +583,7 @@ sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config #Starting Packetfence. echo "Starting Packetfence..." +/usr/local/pf/bin/pfcmd configreload /sbin/service packetfence start echo Installation complete @@ -650,9 +679,14 @@ fi %attr(0755, pf, pf) /usr/local/pf/bin/pftest %doc /usr/local/pf/ChangeLog %dir /usr/local/pf/conf + /usr/local/pf/conf/*.example %config(noreplace) /usr/local/pf/conf/adminroles.conf +%config(noreplace) /usr/local/pf/conf/allowed-gaming-oui.txt + /usr/local/pf/conf/allowed-gaming-oui.txt.example +%config(noreplace) /usr/local/pf/conf/allowed_device_oui.txt + /usr/local/pf/conf/allowed_device_oui.txt.example %config(noreplace) /usr/local/pf/conf/authentication.conf -%config /usr/local/pf/conf/chi.conf +%config(noreplace) /usr/local/pf/conf/chi.conf %config /usr/local/pf/conf/dhcp_fingerprints.conf %config /usr/local/pf/conf/documentation.conf %config(noreplace) /usr/local/pf/conf/floating_network_device.conf @@ -695,8 +729,11 @@ fi %config(noreplace) /usr/local/pf/conf/locale/pt_BR/LC_MESSAGES/packetfence.po %config(noreplace) /usr/local/pf/conf/locale/pt_BR/LC_MESSAGES/packetfence.mo %config(noreplace) /usr/local/pf/conf/log.conf +%config(noreplace) /usr/local/pf/conf/log.conf.d/*.conf + /usr/local/pf/conf/log.conf.d/*.example %dir /usr/local/pf/conf/nessus %config(noreplace) /usr/local/pf/conf/nessus/remotescan.nessus + /usr/local/pf/conf/nessus/remotescan.nessus.example %config(noreplace) /usr/local/pf/conf/networks.conf %config /usr/local/pf/conf/openssl.cnf %config /usr/local/pf/conf/oui.txt @@ -704,12 +741,18 @@ fi /usr/local/pf/conf/pf-release %dir /usr/local/pf/conf/radiusd %config(noreplace) /usr/local/pf/conf/radiusd/eap.conf + /usr/local/pf/conf/radiusd/eap.conf.example %config(noreplace) /usr/local/pf/conf/radiusd/radiusd.conf + /usr/local/pf/conf/radiusd/radiusd.conf.example %config(noreplace) /usr/local/pf/conf/radiusd/sql.conf + /usr/local/pf/conf/radiusd/sql.conf.example %dir /usr/local/pf/conf/snort %config(noreplace) /usr/local/pf/conf/snort/classification.config + /usr/local/pf/conf/snort/classification.config.example %config(noreplace) /usr/local/pf/conf/snort/local.rules + /usr/local/pf/conf/snort/local.rules.example %config(noreplace) /usr/local/pf/conf/snort/reference.config + /usr/local/pf/conf/snort/reference.config.example %dir /usr/local/pf/conf/ssl %config(noreplace) /usr/local/pf/conf/switches.conf %config /usr/local/pf/conf/dhcpd.conf @@ -719,18 +762,25 @@ fi %config /usr/local/pf/conf/httpd.conf.d/captive-portal-common.conf %config /usr/local/pf/conf/httpd.conf.d/httpd.admin %config /usr/local/pf/conf/httpd.conf.d/httpd.portal +%config /usr/local/pf/conf/httpd.conf.d/httpd.portal.cgi %config /usr/local/pf/conf/httpd.conf.d/httpd.proxy %config /usr/local/pf/conf/httpd.conf.d/httpd.webservices %config /usr/local/pf/conf/httpd.conf.d/log.conf %config(noreplace) /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf + /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf.example %config(noreplace) /usr/local/pf/conf/iptables.conf %config(noreplace) /usr/local/pf/conf/listener.msg + /usr/local/pf/conf/listener.msg.example +%config(noreplace) /usr/local/pf/conf/mdm.conf %config(noreplace) /usr/local/pf/conf/popup.msg + /usr/local/pf/conf/popup.msg.example %config(noreplace) /usr/local/pf/conf/profiles.conf %config(noreplace) /usr/local/pf/conf/snmptrapd.conf %config(noreplace) /usr/local/pf/conf/snort.conf %config(noreplace) /usr/local/pf/conf/snort.conf.pre_snort-2.8 + /usr/local/pf/conf/snort.conf.pre_snort-2.8.example %config(noreplace) /usr/local/pf/conf/suricata.yaml + /usr/local/pf/conf/suricata.yaml.example %dir /usr/local/pf/conf/templates %config(noreplace) /usr/local/pf/conf/templates/* %config /usr/local/pf/conf/ui.conf @@ -753,13 +803,26 @@ fi %dir /usr/local/pf/html %dir /usr/local/pf/html/captive-portal %attr(0755, pf, pf) /usr/local/pf/html/captive-portal/*.cgi + /usr/local/pf/html/captive-portal/Changes + /usr/local/pf/html/captive-portal/Makefile.PL + /usr/local/pf/html/captive-portal/README +%config(noreplace) /usr/local/pf/html/captive-portal/captive_portal.conf + /usr/local/pf/html/captive-portal/captive_portal.conf.example %config(noreplace) /usr/local/pf/html/captive-portal/content/responsive.css %config(noreplace) /usr/local/pf/html/captive-portal/content/styles.css %config(noreplace) /usr/local/pf/html/captive-portal/content/print.css + /usr/local/pf/html/captive-portal/content/countdown.min.js /usr/local/pf/html/captive-portal/content/guest-management.js /usr/local/pf/html/captive-portal/content/timerbar.js %dir /usr/local/pf/html/captive-portal/content/images /usr/local/pf/html/captive-portal/content/images/* +%dir /usr/local/pf/html/captive-portal/lib + /usr/local/pf/html/captive-portal/lib/* +%dir /usr/local/pf/html/captive-portal/script + /usr/local/pf/html/captive-portal/script/* +%dir /usr/local/pf/html/captive-portal/t + /usr/local/pf/html/captive-portal/t/* + /usr/local/pf/html/captive-portal/content/PacketFenceAgent.apk %dir /usr/local/pf/html/captive-portal/templates %config(noreplace) /usr/local/pf/html/captive-portal/templates/* %dir /usr/local/pf/html/common @@ -801,6 +864,7 @@ fi %doc /usr/local/pf/README %doc /usr/local/pf/README.network-devices %dir /usr/local/pf/sbin +%attr(0755, pf, pf) /usr/local/pf/sbin/pfbandwidthd %attr(0755, pf, pf) /usr/local/pf/sbin/pfdetect %attr(0755, pf, pf) /usr/local/pf/sbin/pfdhcplistener %attr(0755, pf, pf) /usr/local/pf/sbin/pfdns @@ -843,6 +907,7 @@ fi %dir /usr/local/pf/var/rrd %dir /usr/local/pf/var/session %dir /usr/local/pf/var/webadmin_cache +%config(noreplace) /usr/local/pf/var/cache_control # Remote snort sensor file list %files -n %{real_name}-remote-snort-sensor @@ -870,6 +935,12 @@ fi %attr(6755, root, root) /usr/local/pf/bin/pfcmd %changelog +* Tue May 6 2014 Inverse - 4.2.0-1 +- New release 4.2.0 + +* Tue Apr 1 2014 Inverse +- Removed dependency on Perl module PHP::Session + * Wed Dec 11 2013 Francis Lachapelle - 4.1.0-1 - New release 4.1.0 diff --git a/addons/pf-maint.pl b/addons/pf-maint.pl new file mode 100755 index 000000000000..efbf632701ef --- /dev/null +++ b/addons/pf-maint.pl @@ -0,0 +1,200 @@ +#!/usr/bin/perl + +=head1 NAME + +pf-maint.pl + +=cut + +=head1 DESCRIPTION + +pf-maint.pl is a script that allows user to download and keep track of all patches from the maintenance version of PacketFence + +=head1 SYNOPSIS + +pf-maint.pl [options] + + Options: + -h --help This help + -c --commit The last commit to be used for the diff: default the latest commit in the maintenance branch for version + -b --base-commit The base commit to be used for the diff: default the last commit save or the tag for version + -u --github-user The github user: default inverse-inc + -r --github-repo The github repo: default packetfence + -n --no-ask Do not ask to patch + -d --pf-dir The PacketFence directory + -p --patch-bin The patch binary default /usr/bin/patch + +=cut + +use strict; +use warnings; +use JSON::XS; +use File::Spec::Functions; +use File::Slurp; +use HTTP::Request; +use Getopt::Long; +use LWP::UserAgent; +use Pod::Usage; +use IO::Handle; +our $GITHUB_USER = 'inverse-inc'; +our $GITHUB_REPO = 'packetfence'; +our $PF_DIR = $ENV{PF_DIR} || '/usr/local/pf'; +our $help; +our $COMMIT; +our $BASE_COMMIT; +our $NO_ASK; +our $PATCH_BIN = '/usr/bin/patch'; + +GetOptions( + "github-user|u=s" => \$GITHUB_USER, + "github-repo|r=s" => \$GITHUB_REPO, + "pf-dir|d=s" => \$PF_DIR, + "commit|c=s" => \$COMMIT, + "patch-bin|p=s" => \$PATCH_BIN, + "base-commit|b=s" => \$BASE_COMMIT, + "no-ask|n" => \$NO_ASK, + "help|h" => \$help +) or podusage(2); + +pod2usage(1) if $help; + +die "$PATCH_BIN does not exists or is not executable" unless patch_bin_exists(); + +our $PATCHES_DIR = catdir( $PF_DIR, '.patches' ); +mkdir $PATCHES_DIR or die "cannot create $PATCHES_DIR" unless -d $PATCHES_DIR; +our $PF_RELEASE = get_release(); +our $LAST_COMMIT = catfile( $PATCHES_DIR, "last-commit-$PF_RELEASE" ); + +our $BASE_GITHUB_URL = + "https://api.github.com/repos/$GITHUB_USER/$GITHUB_REPO"; + +my $base = $BASE_COMMIT || get_base(); +print "Currently at $base\n"; + +my $head = $COMMIT || get_head(); +die "Already up to date\n" if $base eq $head; +print "Latest maintenance version is $head\n"; + +my $patch_data = get_patch_data( $base, $head ); +show_patch($patch_data); +accept_patch() unless $NO_ASK; +print "Downloading the patch........\n"; +save_patch( $patch_data, $base, $head ); +print "Applying the patch........\n"; +apply_patch( $patch_data, $base, $head ); + +sub get_release { + chomp( my $release = read_file( catfile( $PF_DIR, 'conf/pf-release' ) ) ); + die unless $release =~ m/.*?(\d+(\.\d+){2}(-\d+)?)$/; + return $1; +} + +sub get_base { + my $base = read_file( $LAST_COMMIT, { err_mode => 'quiet' } ); + if ($base) { + chomp($base); + } else { + $base = "packetfence-$PF_RELEASE"; + } + return $base; +} + +sub get_head { + my $url = "$BASE_GITHUB_URL/branches/maintenance/$PF_RELEASE"; + my $response_body = get_url($url); + my $data = decode_json($response_body); + return $data->{commit}->{sha}; +} + +sub get_patch_data { + my ( $base, $head ) = @_; + my $url = "$BASE_GITHUB_URL/compare/${base}...${head}"; + my $response_body = get_url($url); + my $data = decode_json($response_body); + return $data; +} + +sub make_patch_filename { + my ( $base, $head ) = @_; + return catfile( $PATCHES_DIR, "${base}-${head}.diff" ); +} + +sub save_patch { + my ( $data, $base, $head ) = @_; + my $diff = get_url( $data->{diff_url} ); + write_file( make_patch_filename( $base, $head ), $diff ); +} + +sub apply_patch { + my ( $data, $base, $head ) = @_; + my $file = make_patch_filename( $base, $head ); + chdir $PF_DIR or die "cannot change directory $PF_DIR\n"; + system "$PATCH_BIN -b -p1 < $file"; + write_file( $LAST_COMMIT, $head ); +} + +sub get_url { + my ($url) = @_; + my $request = HTTP::Request->new( GET => $url ), my $response_body; + my $ua = LWP::UserAgent->new; + $ua->show_progress(1); + my $response = $ua->request($request); + if ( $response->is_success ) { + $response_body = $response->content; + } else { + die $response->status_line . "\n"; + } + return $response_body; +} + +sub patch_bin_exists { + -x $PATCH_BIN +} + +sub show_patch { + my ($data) = @_; + print "\nThe following are going to be patched\n"; + foreach my $file ( @{ $data->{files} } ) { + print " ", $file->{filename}, "\n"; + } +} + +sub accept_patch { + print "\nContinue y/n [y]: "; + chomp(my $yes_no = ); + if ($yes_no =~ /n/) { + exit; + } +} + +sub print_dot { + print "."; +} + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2014 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + diff --git a/addons/recovery.pl b/addons/recovery.pl index f74884c9a4a4..c183c58c22f1 100755 --- a/addons/recovery.pl +++ b/addons/recovery.pl @@ -61,13 +61,10 @@ =head1 LICENSE use FindBin; use DBI; -use threads; -use threads::shared; use Log::Log4perl qw(:easy); use Log::Log4perl::Appender::File; # HACK: compile tests failed on build env. without that use Getopt::Long; use Pod::Usage; -use Thread::Pool; require 5.8.8; @@ -80,12 +77,15 @@ =head1 LICENSE use lib LIB_DIR; use pf::SwitchFactory; use pf::config; -$thread = 1; use pf::db; use pf::node; use pf::violation; use pf::locationlog; use pf::vlan::custom; +use threads; +use threads::shared; +use Thread::Pool; +$thread = 1; my $logLevel = 0; my $help; diff --git a/bin/pfcmd.pl b/bin/pfcmd.pl index 6e206a0392bc..bc0b6df04d17 100755 --- a/bin/pfcmd.pl +++ b/bin/pfcmd.pl @@ -34,7 +34,7 @@ =head1 SYNOPSIS nodecategory | nodecategory manipulation nodeuseragent | View User-Agent information associated to a node person | person manipulation - reload | rebuild fingerprint or violations tables without restart + reload | rebuild fingerprints without restart report | current usage reports schedule | Nessus scan scheduling service | start/stop/restart and get PF daemon status @@ -64,11 +64,13 @@ =head1 SYNOPSIS use English qw( -no_match_vars ) ; # Avoids regex performance penalty use POSIX(); use Readonly; +use File::Spec::Functions qw(catfile); use Date::Parse; use File::Basename qw(basename); use Log::Log4perl; use Try::Tiny; -use List::MoreUtils qw(part); +use List::MoreUtils qw(part any); +use Scalar::Util qw(tainted); use constant { INSTALL_DIR => '/usr/local/pf', @@ -153,12 +155,14 @@ =head1 SYNOPSIS %cmd = %cmd_tmp; # TODO minor refactoring: call method using exit( method() ) instead of appending an exit(1) my %commands = ( + 'cache' => sub { exit (cache()) }, 'checkup' => sub { my $return = checkup(); print "Nothing to report.\n" if ($return == $FALSE); exit(1); }, 'fixpermissions' => sub { exit (fixpermissions()) }, + 'configreload' => sub { exit (configreload($cmd{command}[1])) }, 'class' => sub { class(); exit(1); }, 'config' => sub { config(); exit(0); }, 'configfiles' => sub { configfiles(); exit(1); }, @@ -832,11 +836,20 @@ sub import_data { my $type = $cmd{command}[1]; my $file = $cmd{command}[2]; $logger->info("Import requested. Type: $type, file to import: $file"); - + my $result; if (lc($type) eq 'nodes') { pf::import::nodes($file); + $result = 1; + } elsif (lc($type) eq 'wrix') { + require pf::DB::Wrix::Manager; + pf::DB::Wrix::Manager->import; + $result = pf::DB::Wrix::Manager->importCsv($file); + } + if($result) { + print "Import process complete\n"; + } else { + print "Error importing $file for $type\n"; } - print "Import process complete\n"; } sub interfaceconfig { @@ -1173,9 +1186,9 @@ sub service { $SERVICE_HEADER ="service|command\n"; $IS_INTERACTIVE = is_interactive(); $RESET_COLOR = $IS_INTERACTIVE ? color 'reset' : ''; - $WARNING_COLOR = $IS_INTERACTIVE ? color 'yellow' : ''; - $ERROR_COLOR = $IS_INTERACTIVE ? color 'red' : ''; - $SUCCESS_COLOR = $IS_INTERACTIVE ? color 'green' : ''; + $WARNING_COLOR = $IS_INTERACTIVE ? color $Config{advanced}{pfcmd_warning_color} : ''; + $ERROR_COLOR = $IS_INTERACTIVE ? color $Config{advanced}{pfcmd_error_color} : ''; + $SUCCESS_COLOR = $IS_INTERACTIVE ? color $Config{advanced}{pfcmd_success_color} : ''; my $actionHandler; $action =~ /^(.*)$/; @@ -1194,11 +1207,26 @@ sub service { return $FALSE; } +sub pfStartService { + my ($managers) = @_; + if(-e $pf_config_file) { + $logger->info("saving current iptables to var/iptables.bak"); + my $technique; + if(all { $_->status eq '0' } @$managers) { + $technique = getIptablesTechnique(); + $technique->iptables_save( $install_dir . '/var/iptables.bak' ); + } + $technique ||= getIptablesTechnique(); + $technique->iptables_generate(); + } +} + sub startService { my ($service,@services) = @_; my @managers = getManagers(\@services,INCLUDE_DEPENDS_ON | JUST_MANAGED); print $SERVICE_HEADER; my $count = 0; + pfStartService(\@managers) if $service eq 'pf'; if(isIptablesManaged($service) && -e $pf_config_file) { $logger->info("saving current iptables to var/iptables.bak"); my $technique; @@ -1210,7 +1238,7 @@ sub startService { $technique->iptables_generate(); } - my ($noCheckupManagers,$checkupManagers) = part { $_->shouldCheckup} @managers; + my ($noCheckupManagers,$checkupManagers) = part { $_->shouldCheckup } @managers; if($noCheckupManagers && @$noCheckupManagers) { foreach my $manager (@$noCheckupManagers) { @@ -1278,12 +1306,13 @@ sub stopService { my ($service,@services) = @_; my @managers = getManagers(\@services); #push memcached to back of the list - my $manager = first { $_->name eq 'memcached' } @managers; - if($manager) { - @managers = grep { $_->name ne 'memcached' } @managers; - push @managers, $manager; - } - + my %exclude = ( + memcached => undef, + ); + my ($push_managers,$infront_managers) = part { exists $exclude{ $_->name } ? 0 : 1 } @managers; + @managers = (); + @managers = @$infront_managers if $infront_managers; + push @managers, @$push_managers if $push_managers; print $SERVICE_HEADER; foreach my $manager (@managers) { my $command; @@ -1321,7 +1350,9 @@ sub isIptablesManaged { } sub restartService { + my ($service,@services) = @_; stopService(@_); + configreload('hard'); local $SERVICE_HEADER = ''; startService(@_); } @@ -1738,11 +1769,6 @@ sub reload { my $fp_total = pf::os::import_dhcp_fingerprints({ force => $TRUE }); $logger->info("$fp_total DHCP fingerprints reloaded"); print "$fp_total DHCP fingerprints reloaded\n"; - } elsif ( $option eq "violations" ) { - require pf::services; - pf::services::read_violations_conf(); - $logger->info("Violation classes reloaded"); - print "Violation classes reloaded\n"; } exit; } @@ -2441,11 +2467,12 @@ sub field_order { sub fixpermissions { my $pfcmd = "${bin_dir}/pfcmd"; - _changeFilesToOwner('pf',@log_files, @stored_config_files, $install_dir, $bin_dir, $conf_dir, $var_dir, $lib_dir, $log_dir, $generated_conf_dir, $tt_compile_cache_dir); + my @extra_var_dirs = map { catfile($var_dir,$_) } qw(run cache conf sessions); + _changeFilesToOwner('pf',@log_files, @stored_config_files, $install_dir, $bin_dir, $conf_dir, $var_dir, $lib_dir, $log_dir, $generated_conf_dir, $tt_compile_cache_dir, @extra_var_dirs); _changeFilesToOwner('root',$pfcmd); chmod(06755,$pfcmd); chmod(0664, @stored_config_files); - chmod(02775, $conf_dir, $var_dir, $log_dir); + chmod(02775, $conf_dir, $var_dir, $log_dir, $generated_conf_dir,$install_dir, @extra_var_dirs); return 0; } @@ -2455,6 +2482,62 @@ sub _changeFilesToOwner { chown $uid,$gid,@files; } +sub configreload { + my ($type) = @_; + $type = 'soft' unless defined $type; + my $force = $type eq 'hard' ? 1 : 0; + require pf::violation_config; + require pf::authentication; + require pf::admin_roles; + require pf::ConfigStore::AdminRoles; + require pf::ConfigStore::Authentication; + require pf::ConfigStore::FloatingDevice; + require pf::ConfigStore::Interface; + require pf::ConfigStore::Mdm; + require pf::ConfigStore::Network; + require pf::ConfigStore::Pf; + require pf::ConfigStore::Profile; + require pf::ConfigStore::Switch; + require pf::ConfigStore::Violations; + require pf::ConfigStore::Wrix; + pf::config::cached::updateCacheControl(); + pf::config::cached::ReloadConfigs($force); + return 0; +} + +sub cache { + require pf::CHI; + my $namespace = $cmd{command}[1]; + my $action = $cmd{command}[2]; + $namespace = $1 if $namespace =~ /^(.*+)$/; + $action = $1 if $action =~ /^(.*+)$/; + unless ( any { $namespace eq $_ } @pf::CHI::CACHE_NAMESPACES ) { + print "the namespace '$namespace' does not exist\n"; + return 1; + } + my $cache = pf::CHI->new( namespace => $namespace); + if ($action eq 'list' ) { + print join("\n",$cache->get_keys),"\n"; + } elsif ($action eq 'clear') { + $cache->remove($_) for map { /^(.*)$/;$1 } $cache->get_keys; + } elsif ($action eq 'remove') { + my $key = $cmd{command}[3]; + $key = $1 if $key =~ /^(.*)$/; + $cache->remove($key); + } elsif ($action eq 'dump') { + my $key = $cmd{command}[3]; + $key = $1 if $key =~ /^(.*)$/; + require Data::Dumper; + print Data::Dumper::Dumper($cache->get($key)); + } elsif ($action eq 'expire') { + for my $key ($cache->get_keys) { + $cache->remove($key) if $cache->exists_and_is_expired($key); + } + } + + return 0; +} + =head1 AUTHOR diff --git a/bin/pfcmd_vlan b/bin/pfcmd_vlan index e2a9c5c8e57c..35681f0e6fae 100755 --- a/bin/pfcmd_vlan +++ b/bin/pfcmd_vlan @@ -236,13 +236,9 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - if ( !exists( $switchFactory->config->{$switchDescRegExp} ) ) { - exit_wrong_args("unknown switch $switchDescRegExp"); - } - my $switch = $switchFactory->instantiate($switchDescRegExp); if (!$switch) { - print "Can't instantiate switch $switchDescRegExp! See log files for details\n"; + exit_wrong_args("unknown switch $switchDescRegExp"); } else { # grabbing parameters my ($method, @params) = @ARGV; @@ -260,12 +256,9 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - if ( !exists( $switchFactory->config->{$switchDescRegExp} ) ) { - exit_wrong_args("unknown switch $switchDescRegExp"); - } my $switch = $switchFactory->instantiate($switchDescRegExp); if (!$switch) { - print "Can not instantiate switch $switchDescRegExp ! See log files for details\n"; + exit_wrong_args("unknown switch $switchDescRegExp"); } else { $logger->debug("start handling 'getUpLinks' command"); my @upLinks = $switch->getUpLinks(); @@ -280,12 +273,9 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - if ( !exists( $switchFactory->config->{$switchDescRegExp} ) ) { - exit_wrong_args("unknown switch $switchDescRegExp"); - } my $switch = $switchFactory->instantiate($switchDescRegExp); if (!$switch) { - print "Can't instantiate switch $switchDescRegExp! See log files for details\n"; + exit_wrong_args("unknown switch $switchDescRegExp"); } else { $logger->debug("start handling 'getSwitchLocation' command"); print $switch->getSwitchLocation($ifIndex) . "\n"; @@ -297,12 +287,9 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - if ( !exists( $switchFactory->config->{$switchDescRegExp} ) ) { - exit_wrong_args("unknown switch $switchDescRegExp"); - } my $switch = $switchFactory->instantiate($switchDescRegExp); if (!$switch) { - print "Can not instantiate switch $switchDescRegExp ! See log files for details\n"; + exit_wrong_args("unknown switch $switchDescRegExp"); } else { $logger->debug("start handling 'getVersion' command"); print $switchDescRegExp . "," . $switch->getVersion() . "\n"; @@ -315,12 +302,9 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - if ( !exists( $switchFactory->config->{$switchDescRegExp} ) ) { - exit_wrong_args("unknown switch $switchDescRegExp"); - } my $switch = $switchFactory->instantiate($switchDescRegExp); if (!$switch) { - print "Can not instantiate switch $switchDescRegExp ! See log files for details\n"; + exit_wrong_args("unknown switch $switchDescRegExp"); } else { $logger->debug("start handling 'getType' command"); my $session; @@ -376,15 +360,15 @@ if ($reevaluateAccess) { } } } - if ( $type eq $switchFactory->config->{$switchDescRegExp}{'type'} ) { + if ( $type eq $switch->{'_type'} ) { $version = $switch->getVersion(); $versionOk = $switch->isNewerVersionThan( $switch->getMinOSVersion() ); } } } print "$switchDescRegExp, $type, $version, "; - if ( $type ne $switchFactory->config->{$switchDescRegExp}{'type'} ) { - print "typeProblem, configuration file tells us " . $switchFactory->config->{$switchDescRegExp}{'type'}; + if ( $type ne $switch->{'_type'} ) { + print "typeProblem, configuration file tells us " . $switch->{'_type'}; } else { if ( !$versionOk ) { print "versionProblem: minOSVersion is " . $switch->getMinOSVersion(); @@ -402,12 +386,9 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - if ( !exists( $switchFactory->config->{$switchDescRegExp} ) ) { - exit_wrong_args("unknown switch $switchDescRegExp"); - } my $switch = $switchFactory->instantiate($switchDescRegExp); if (!$switch) { - print "Can not instantiate switch $switchDescRegExp ! See log files for details\n"; + exit_wrong_args("unknown switch $switchDescRegExp"); } else { $logger->debug("start handling 'getAllMacs' command"); my $ifIndexVlanMacHashRef = $switch->getAllMacs(); @@ -426,12 +407,9 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - if ( !exists( $switchFactory->config->{$switchDescRegExp} ) ) { - exit_wrong_args("unknown switch $switchDescRegExp"); - } my $switch = $switchFactory->instantiate($switchDescRegExp); if (!$switch) { - print "Can not instantiate switch $switchDescRegExp ! See log files for details\n"; + exit_wrong_args("unknown switch $switchDescRegExp"); } else { $logger->debug("start handling 'getHubs' command"); my $hubPorts; @@ -465,12 +443,9 @@ if ($reevaluateAccess) { if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - if ( !exists( $switchFactory->config->{$switchDescRegExp} ) ) { - exit_wrong_args("unknown switch $switchDescRegExp"); - } my $switch = $switchFactory->instantiate($switchDescRegExp); if (!$switch) { - print "Can not instantiate switch $switchDescRegExp ! See log files for details\n"; + exit_wrong_args("unknown switch $switchDescRegExp"); } else { $logger->debug("start handling 'deauthenticate' command"); $switch->deauthenticateMac($mac); @@ -484,16 +459,12 @@ if ($reevaluateAccess) { if ($macUndefOrEmpty && $ifIndexUndefOrEmpty) { exit_wrong_args("Please provide a MAC for wireless 802.1x or an ifIndex for wired 802.1x"); } - if ($switchDescRegExp eq '') { + if ( $switchDescRegExp eq '' ) { exit_wrong_args("the switch argument is necessary"); } - if (!exists( $switchFactory->config->{$switchDescRegExp})) { - exit_wrong_args("unknown switch $switchDescRegExp"); - } my $switch = $switchFactory->instantiate($switchDescRegExp); if (!$switch) { - print "Can not instantiate switch $switchDescRegExp ! See log files for details\n"; - exit 1; + exit_wrong_args("unknown switch $switchDescRegExp"); } else { $logger->debug("start handling 'deauthenticateDot1x' command"); if (defined($mac) && $mac ne '') { @@ -532,14 +503,11 @@ if ($reevaluateAccess) { } } if ( $switchDescRegExp eq '' ) { - exit_wrong_args("you must specify the switch"); - } - if ( !exists( $switchFactory->config->{$switchDescRegExp} ) ) { - exit_wrong_args("unknown switch $switchDescRegExp"); + exit_wrong_args("the switch argument is necessary"); } my $switch = $switchFactory->instantiate($switchDescRegExp); if (!$switch) { - print "Can not instantiate switch $switchDescRegExp ! See log files for details\n"; + exit_wrong_args("unknown switch $switchDescRegExp"); } else { if ($getMac) { @@ -578,7 +546,7 @@ if ($reevaluateAccess) { } elsif ($reAssignVlan) { $logger->debug("start handling 'reAssignVlan' command"); - my @locationlog_entry = locationlog_view_open_switchport_no_VoIP($switch->{'_ip'}, $ifIndex); + my @locationlog_entry = locationlog_view_open_switchport_no_VoIP($switch->{'_id'}, $ifIndex); if (@locationlog_entry) { my $conn_type = str_to_connection_type($locationlog_entry[0]->{'connection_type'}); @@ -589,7 +557,7 @@ if ($reevaluateAccess) { "connection type: ".$connection_type_explained{$conn_type} ); my $trapSender = $switchFactory->instantiate('127.0.0.1'); - $trapSender->sendLocalReAssignVlanTrap($switch->{'_ip'}, $ifIndex, $conn_type); + $trapSender->sendLocalReAssignVlanTrap($switch, $ifIndex, $conn_type); } else { $logger->warn( "Unknown connection type! ". diff --git a/conf/adminroles.conf b/conf/adminroles.conf.example similarity index 100% rename from conf/adminroles.conf rename to conf/adminroles.conf.example diff --git a/conf/allowed-gaming-oui.txt.example b/conf/allowed-gaming-oui.txt.example new file mode 100644 index 000000000000..1fd4374c8a3f --- /dev/null +++ b/conf/allowed-gaming-oui.txt.example @@ -0,0 +1,25 @@ +00:12:5A # Microsoft-Xbox +00:0D:3A # Microsoft-Xbox +00:50:F2 # Microsoft-Xbox +00:01:4A # Sony-PS2-PSP +00:02:C7 # Sony-PS2-PSP +00:04:1F # Sony-PS2-PSP +00:13:15 # Sony-PS2-PSP +00:09:BF # Nintendo-Wii +00:17:AB # Nintendo-Wii +00:17:FA # Microsoft-Xbox +00:15:C1 # Sony-PS3 +00:19:C5 # Sony-PS3 +00:1D:D8 # Microsoft-Xbox +00:0B:E6 # Nintendo-Wii +00:16:56 # Nintendo-Wii +00:1A:E9 # Nintendo-Wii +00:1D:0D # Sony-PS3 +00:19:1D # Nintendo-Wii +00:19:FD # Nintendo-Wii +00:1F:32 # Nintendo-Wii +00:1C:BE # Nintendo-Wii +00:1B:EA # Nintendo-Wii +00:1E:35 # Nintendo-Wii +00:1B:7A # Ninetndo-Wii +00:22:48 # Microsoft-Xbox diff --git a/conf/allowed_device_oui.txt.example b/conf/allowed_device_oui.txt.example new file mode 100644 index 000000000000..1fd4374c8a3f --- /dev/null +++ b/conf/allowed_device_oui.txt.example @@ -0,0 +1,25 @@ +00:12:5A # Microsoft-Xbox +00:0D:3A # Microsoft-Xbox +00:50:F2 # Microsoft-Xbox +00:01:4A # Sony-PS2-PSP +00:02:C7 # Sony-PS2-PSP +00:04:1F # Sony-PS2-PSP +00:13:15 # Sony-PS2-PSP +00:09:BF # Nintendo-Wii +00:17:AB # Nintendo-Wii +00:17:FA # Microsoft-Xbox +00:15:C1 # Sony-PS3 +00:19:C5 # Sony-PS3 +00:1D:D8 # Microsoft-Xbox +00:0B:E6 # Nintendo-Wii +00:16:56 # Nintendo-Wii +00:1A:E9 # Nintendo-Wii +00:1D:0D # Sony-PS3 +00:19:1D # Nintendo-Wii +00:19:FD # Nintendo-Wii +00:1F:32 # Nintendo-Wii +00:1C:BE # Nintendo-Wii +00:1B:EA # Nintendo-Wii +00:1E:35 # Nintendo-Wii +00:1B:7A # Ninetndo-Wii +00:22:48 # Microsoft-Xbox diff --git a/conf/authentication.conf b/conf/authentication.conf.example similarity index 100% rename from conf/authentication.conf rename to conf/authentication.conf.example diff --git a/conf/chi.conf b/conf/chi.conf deleted file mode 100644 index b9bd18a73c63..000000000000 --- a/conf/chi.conf +++ /dev/null @@ -1,16 +0,0 @@ -[namespace configfiles] -storage=configfiles - -[storage configfiles] -driver=Memcached -servers=127.0.0.1:11211 -global=1 -compress_threshold=10000 - -[storage configfiles l1_cache] -storage=raw - -[storage raw] -driver=RawMemory -global=1 - diff --git a/conf/chi.conf.example b/conf/chi.conf.example new file mode 100644 index 000000000000..0a3f28d93d6f --- /dev/null +++ b/conf/chi.conf.example @@ -0,0 +1,28 @@ +[storage DEFAULT] +storage=file + +[storage DEFAULT l1_cache] +storage=memcached + +[storage httpd.admin] +expires_in=1d + +[storage httpd.admin l1_cache] +expires_on_backend=1 + +[storage httpd.portal] +expires_in=10m + +[storage httpd.portal l1_cache] +expires_on_backend=1 + +[storage memcached] +driver=Memcached +servers=127.0.0.1:11211 +global=1 +compress_threshold=10000 + +[storage file] +driver=File +root_dir=/usr/local/pf/var/cache + diff --git a/conf/dhcp_fingerprints.conf b/conf/dhcp_fingerprints.conf index f1e8d116793f..da6014564a9f 100644 --- a/conf/dhcp_fingerprints.conf +++ b/conf/dhcp_fingerprints.conf @@ -1,4 +1,4 @@ -# dhcp_fingerprints.conf: version 5.53, 2013/04/08 +# dhcp_fingerprints.conf Version 6.7.0 Date 20140506 # # FingerBank - DHCP fingerprint / signature database # Copyright (C) 2008-2013 Inverse inc. @@ -116,8 +116,13 @@ members=2300-2399 description=Point of Sale devices members=2400-2499 +[class 25] +description=Scanner +members=2500-2599 + [os 100] -description=Microsoft Windows XP +# 1,15,3,6,44,46,47,31,33,249,43,171,172 to be confirmed +description=Microsoft Windows XP (Version 5.1, 5.2) vendor_id=<.html EOT -[registration.gaming_devices_registration] +[registration.device_registration] type=toggle options=enabled|disabled description=< SetHandler modperl PerlResponseHandler pf::web::release diff --git a/conf/httpd.conf.d/httpd.admin b/conf/httpd.conf.d/httpd.admin index bc7d37bbdb51..4db8ecee1927 100644 --- a/conf/httpd.conf.d/httpd.admin +++ b/conf/httpd.conf.d/httpd.admin @@ -38,10 +38,16 @@ +AcceptMutex posixsem + PerlSwitches -I/usr/local/pf/lib PerlSwitches -I/usr/local/pf/html/pfappserver/lib +PerlLoadModule pfappserver; +BEGIN { + use pf::log 'service' => 'httpd.admin'; +} use pf::config qw(); diff --git a/conf/httpd.conf.d/httpd.portal b/conf/httpd.conf.d/httpd.portal index e4e9cbb50b2d..b8ca676f4afe 100644 --- a/conf/httpd.conf.d/httpd.portal +++ b/conf/httpd.conf.d/httpd.portal @@ -1,6 +1,3 @@ -#Captive portal configuration file - -#Debian specific LoadModule perl_module /usr/lib/apache2/modules/mod_perl.so @@ -38,6 +35,13 @@ LoadModule apreq_module /usr/lib/apache2/modules/mod_apreq2.so + # To activate this module add an entry in /etc/hosts for this server hostname. + # + # LoadModule unique_id_module /usr/lib/apache2/modules/mod_unique_id.so + # + + LoadModule qos_module /usr/lib/apache2/modules/mod_qos.so + #RHEL specific @@ -78,14 +82,32 @@ LoadModule apreq_module modules/mod_apreq2.so + # To activate this module add an entry in /etc/hosts for this server hostname. + # + # LoadModule unique_id_module modules/mod_unique_id.so + # + + LoadModule qos_module modules/mod_qos.so + PerlSwitches -I/usr/local/pf/lib -#AddHandler perl-script .cgi -#Options +ExecCGI -#PerlHandler ModPerl::PerlRun +PerlSwitches -I/usr/local/pf/html/captive-portal/lib +# mod_perl handlers are virtually assigned to /perl/ +# The TransHandler handles the 'captive-portal' core piece redirecting to the +# portal if the URL is not otherwised allowed by passthrough or part of the +# portal itself. +PerlPostConfigRequire /usr/local/pf/lib/pf/web/captiveportal_modperl_require.pl +PerlLoadModule captiveportal +PerlLoadModule pf::web::dispatcher +PerlLoadModule pf::web::release +# The TransHandler handles the 'captive-portal' core piece redirecting to the +# portal if the URL is not otherwised allowed by passthrough or part of the +# portal itself. + +AcceptMutex posixsem +SSLMutex posixsem -# Prevent Browsers (Chrome and Firefox) to cache DNS while under the captive portal Header always set X-DNS-Prefetch-Control off @@ -103,10 +125,18 @@ SetEnvIf User-Agent ".*MSIE.*" \ TypesConfig /etc/mime.types + + +BEGIN { + use pf::log 'service' => 'httpd.portal'; +} use pf::config qw(); +use pf::util qw(isenabled); +use pf::authentication(); +use pf::web::constants(); use Tie::DxHash; -use pf::services::apache; +use pf::services::manager::httpd(); use Apache::SSLLookup; sub gen_conf { @@ -123,6 +153,7 @@ my $install_dir = $pf::config::install_dir; my $var_dir = $pf::config::var_dir; my @internal_nets = @pf::config::internal_nets; my $host; +my $vhost; $PidFile = $install_dir.'/var/run/httpd.portal.pid'; @@ -146,9 +177,15 @@ $UseCanonicalName = "Off"; $Timeout = "50"; $KeepAliveTimeout = "10"; -$MaxClients = pf::services::apache::calculate_max_clients(pf::services::apache::get_total_system_memory()); -$StartServers = pf::services::apache::calculate_start_servers($MaxClients); -$MinSpareServers = pf::services::apache::calculate_min_spare_servers($MaxClients); +$MaxClients = pf::services::manager::httpd::calculate_max_clients(pf::services::manager::httpd::get_total_system_memory()); +$StartServers = pf::services::manager::httpd::calculate_start_servers($MaxClients); +$MinSpareServers = pf::services::manager::httpd::calculate_min_spare_servers($MaxClients); + +if( pf::config::isenabled ($PfConfig->{services}{httpd_mod_qos})) { + my $qos = $MaxClients * .7; + $QS_SrvMaxConnClose = $qos; + $QS_SrvMaxConnPerIP = $PfConfig->{services}{httpd_mod_qos_maximum_connections_per_device}; +} $HostnameLookups = "off"; $MaxRequestsPerChild = "1000"; @@ -165,35 +202,128 @@ $SSLCipherSuite = "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eN $ErrorLog = $install_dir.'/logs/portal_error_log'; +my $routedNets = join(" ", pf::util::get_routed_isolation_nets(), pf::util::get_routed_registration_nets() , pf::util::get_inline_nets()); +my $loadbalancersIp = join(" ", keys %{$pf::config::CAPTIVE_PORTAL{'loadbalancers_ip'}}); +my $allowed_from_all_urls = "|$WEB::URL_STATUS"; +# signup and preregister if pre-registration is allowed +my $guest_regist_allowed = scalar keys %pf::authentication::guest_self_registration; +if ($guest_regist_allowed && isenabled($pf::config::Config{'guests_self_registration'}{'preregistration'})) { + # | is for a regexp "or" as this is pulled from a 'Location ~' statement + $allowed_from_all_urls .= "|$WEB::URL_SIGNUP|$WEB::CGI_SIGNUP|$WEB::URL_PREREGISTER"; +} +# /activate/email allowed if sponsor or email mode enabled +my $email_enabled = $pf::authentication::guest_self_registration{$SELFREG_MODE_EMAIL}; +my $sponsor_enabled = $pf::authentication::guest_self_registration{$SELFREG_MODE_SPONSOR}; +if ($guest_regist_allowed && ($email_enabled || $sponsor_enabled)) { + # | is for a regexp "or" as this is pulled from a 'Location ~' statement + $allowed_from_all_urls .= "|$WEB::URL_EMAIL_ACTIVATION"; +} + foreach my $interface (@internal_nets) { push (@Listen,$interface->{'Tip'}.":80"); push (@Listen,$interface->{'Tip'}.":443"); push (@NameVirtualHost,$interface->{'Tip'}.":80"); push (@NameVirtualHost,$interface->{'Tip'}.":443"); push (@{ $VirtualHost{$interface->{'Tip'}.":80"} }, gen_conf( - ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}, - DocumentRoot => $install_dir.'/html/captive-portal', - ErrorLog => $install_dir.'/logs/portal_error_log', - CustomLog => $install_dir.'/logs/portal_access_log combined', - Include => $var_dir.'/conf/captive-portal-common.conf', - Include => $var_dir.'/conf/block-unwanted.conf', - Include => $var_dir.'/conf/captive-portal-cleanurls.conf', - ProxyPassReverse => '/proxies/tools/stinger.exe http://download.nai.com/products/mcafee-avert/stng260.exe', - ProxyPass => '/proxies/tools/stinger.exe http://download.nai.com/products/mcafee-avert/stng260.exe', + ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}, + DocumentRoot => "${install_dir}/html/captive-portal/lib", + ErrorLog => "${install_dir}/logs/portal_catalyst_error_log", + CustomLog => "${install_dir}/logs/portal_catalyst_access_log combined", + Include => "${var_dir}/conf/captive-portal-common.conf", + Include => "${var_dir}/conf/block-unwanted.conf", + Include => "${var_dir}/conf/captive-portal-cleanurls.conf", + AllowEncodedSlashes => "on", + Alias => "/static ${install_dir}/html/captive-portal/root/static", + Alias => "/common ${install_dir}/html/common", + PerlModule => 'captiveportal', + PerlTransHandler => 'pf::web::dispatcher::custom', + Location => { + "/" => { + "Order" => "deny,allow", + "Deny" => "from all", + "Allow" => "from $routedNets $loadbalancersIp 127.0.0.1 ", + SetHandler => 'modperl', + PerlResponseHandler => 'captiveportal', + }, + "/static" => { + "Order" => "deny,allow", + "Deny" => "from all", + "Allow" => "from $routedNets $loadbalancersIp 127.0.0.1 ", + SetHandler => 'default-handler', + }, + "/common" => { + "Allow" => "from all", + SetHandler => 'default-handler', + }, + "/release" => { + "Order" => "deny,allow", + "Deny" => "from all", + "Allow" => "from $routedNets $loadbalancersIp 127.0.0.1 ", + SetHandler => 'modperl', + PerlResponseHandler => 'pf::web::release', + PerlOptions => '+GlobalRequest +ParseHeaders' + }, + "/content" => { + "Allow" => "from all", + }, + "~ \"/$allowed_from_all_urls\"" => { + "Allow" => "from all", + SetHandler => 'modperl', + PerlResponseHandler => 'captiveportal', + }, + }, )); push (@{ $VirtualHost{$interface->{'Tip'}.":443"} }, gen_conf( - ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}, - DocumentRoot => $install_dir.'/html/captive-portal', - ErrorLog => $install_dir.'/logs/portal_error_log', - CustomLog => $install_dir.'/logs/portal_access_log combined', + ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}, + DocumentRoot => "${install_dir}/html/captive-portal/lib", + ErrorLog => "${install_dir}/logs/portal_catalyst_error_log", + CustomLog => "${install_dir}/logs/portal_catalyst_access_log combined", + Include => "${var_dir}/conf/captive-portal-common.conf", + Include => "${var_dir}/conf/block-unwanted.conf", + Include => "${var_dir}/conf/captive-portal-cleanurls.conf", + AllowEncodedSlashes => "on", + Alias => "/static ${install_dir}/html/captive-portal/root/static", + Alias => "/common ${install_dir}/html/common", + PerlModule => 'captiveportal', + PerlTransHandler => 'pf::web::dispatcher::custom', + Location => { + "/" => { + "Order" => "deny,allow", + "Deny" => "from all", + "Allow" => "from $routedNets $loadbalancersIp 127.0.0.1 ", + SetHandler => 'modperl', + PerlResponseHandler => 'captiveportal', + }, + "/static" => { + "Order" => "deny,allow", + "Deny" => "from all", + "Allow" => "from $routedNets $loadbalancersIp 127.0.0.1 ", + SetHandler => 'default-handler', + }, + "/common" => { + "Allow" => "from all", + SetHandler => 'default-handler', + }, + "/release" => { + "Order" => "deny,allow", + "Deny" => "from all", + "Allow" => "from $routedNets $loadbalancersIp 127.0.0.1 ", + SetHandler => 'modperl', + PerlResponseHandler => 'pf::web::release', + PerlOptions => '+GlobalRequest +ParseHeaders' + }, + "/content" => { + "Allow" => "from all", + }, + "~ \"/$allowed_from_all_urls\"" => { + "Allow" => "from all", + SetHandler => 'modperl', + PerlResponseHandler => 'captiveportal', + }, + }, SSLEngine => 'on', SSLProxyEngine => 'on', - Include => $var_dir.'/conf/ssl-certificates.conf', - Include => $var_dir.'/conf/captive-portal-common.conf', - Include => $var_dir.'/conf/block-unwanted.conf', - Include => $var_dir.'/conf/captive-portal-cleanurls.conf', - ProxyPassReverse => '/proxies/tools/stinger.exe http://download.nai.com/products/mcafee-avert/stng260.exe', - ProxyPass => '/proxies/tools/stinger.exe http://download.nai.com/products/mcafee-avert/stng260.exe', + Include => "${var_dir}/conf/ssl-certificates.conf", )); } @@ -210,32 +340,108 @@ if (defined($management_network->{'Tip'}) && $management_network->{'Tip'} ne '') push (@NameVirtualHost,$host.":443"); push @{ $VirtualHost{$host.":80"} }, gen_conf( - ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}, - DocumentRoot => $install_dir.'/html/pfappserver/lib', - ErrorLog => $install_dir.'/logs/portal_error_log', - CustomLog => $install_dir.'/logs/portal_access_log combined', - Include => $var_dir.'/conf/captive-portal-common.conf', - Include => $var_dir.'/conf/block-unwanted.conf', - Include => $var_dir.'/conf/captive-portal-cleanurls.conf', - ProxyPassReverse => '/proxies/tools/stinger.exe http://download.nai.com/products/mcafee-avert/stng260.exe', - ProxyPass => '/proxies/tools/stinger.exe http://download.nai.com/products/mcafee-avert/stng260.exe', + ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}, + DocumentRoot => "${install_dir}/html/captive-portal/lib", + ErrorLog => "${install_dir}/logs/portal_catalyst_error_log", + CustomLog => "${install_dir}/logs/portal_catalyst_access_log combined", + Include => "${var_dir}/conf/captive-portal-common.conf", + Include => "${var_dir}/conf/block-unwanted.conf", + Include => "${var_dir}/conf/captive-portal-cleanurls.conf", + AllowEncodedSlashes => "on", + Alias => "/static ${install_dir}/html/captiveportal/root/static", + Alias => "/common ${install_dir}/html/common", + PerlModule => 'captiveportal', + PerlTransHandler => 'pf::web::dispatcher::custom', + Location => { + "/" => { + "Order" => "deny,allow", + "Deny" => "from all", + "Allow" => "from $routedNets $loadbalancersIp 127.0.0.1 ", + SetHandler => 'modperl', + PerlResponseHandler => 'captiveportal', + }, + "/static" => { + "Order" => "deny,allow", + "Deny" => "from all", + "Allow" => "from $routedNets $loadbalancersIp 127.0.0.1 ", + SetHandler => 'default-handler', + }, + "/common" => { + "Allow" => "from all", + SetHandler => 'default-handler', + }, + "/release" => { + "Order" => "deny,allow", + "Deny" => "from all", + "Allow" => "from $routedNets $loadbalancersIp 127.0.0.1 ", + SetHandler => 'modperl', + PerlResponseHandler => 'pf::web::release', + PerlOptions => '+GlobalRequest +ParseHeaders' + }, + "/content" => { + "Allow" => "from all", + }, + "~ \"/$allowed_from_all_urls\"" => { + "Allow" => "from all", + SetHandler => 'modperl', + PerlResponseHandler => 'captiveportal', + }, + }, ); push @{ $VirtualHost{$host.":443"} }, gen_conf( - ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}, - DocumentRoot => $install_dir.'/html/pfappserver/lib', - ErrorLog => $install_dir.'/logs/portal_error_log', - CustomLog => $install_dir.'/logs/portal_access_log combined', - SSLEngine => 'on', - Include => $var_dir.'/conf/ssl-certificates.conf', - Include => $var_dir.'/conf/captive-portal-common.conf', - Include => $var_dir.'/conf/block-unwanted.conf', - Include => $var_dir.'/conf/captive-portal-cleanurls.conf', - ProxyPassReverse => '/proxies/tools/stinger.exe http://download.nai.com/products/mcafee-avert/stng260.exe', - ProxyPass => '/proxies/tools/stinger.exe http://download.nai.com/products/mcafee-avert/stng260.exe', + ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}, + DocumentRoot => "${install_dir}/html/captive-portal/lib", + ErrorLog => "${install_dir}/logs/portal_catalyst_error_log", + CustomLog => "${install_dir}/logs/portal_catalyst_access_log combined", + Include => "${var_dir}/conf/captive-portal-common.conf", + Include => "${var_dir}/conf/block-unwanted.conf", + Include => "${var_dir}/conf/captive-portal-cleanurls.conf", + AllowEncodedSlashes => "on", + Alias => "/static ${install_dir}/html/captiveportal/root/static", + Alias => "/common ${install_dir}/html/common", + PerlModule => 'captiveportal', + PerlTransHandler => 'pf::web::dispatcher::custom', + Location => { + "/" => { + "Order" => "deny,allow", + "Deny" => "from all", + "Allow" => "from $routedNets $loadbalancersIp 127.0.0.1 ", + SetHandler => 'modperl', + PerlResponseHandler => 'captiveportal', + }, + "/static" => { + "Order" => "deny,allow", + "Deny" => "from all", + "Allow" => "from $routedNets $loadbalancersIp 127.0.0.1 ", + SetHandler => 'default-handler', + }, + "/common" => { + "Allow" => "from all", + SetHandler => 'default-handler', + }, + "/release" => { + "Order" => "deny,allow", + "Deny" => "from all", + "Allow" => "from $routedNets $loadbalancersIp 127.0.0.1 ", + SetHandler => 'modperl', + PerlResponseHandler => 'pf::web::release', + PerlOptions => '+GlobalRequest +ParseHeaders' + }, + "/content" => { + "Allow" => "from all", + }, + "~ \"/$allowed_from_all_urls\"" => { + "Allow" => "from all", + SetHandler => 'modperl', + PerlResponseHandler => 'captiveportal', + }, + }, + SSLEngine => 'on', + SSLProxyEngine => 'on', + Include => "${var_dir}/conf/ssl-certificates.conf", ); } - diff --git a/conf/httpd.conf.d/httpd.portal.cgi b/conf/httpd.conf.d/httpd.portal.cgi new file mode 100644 index 000000000000..420096bebcb4 --- /dev/null +++ b/conf/httpd.conf.d/httpd.portal.cgi @@ -0,0 +1,255 @@ +#Captive portal configuration file + +#Debian specific + + + LoadModule perl_module /usr/lib/apache2/modules/mod_perl.so + + + LoadModule log_config_module /usr/lib/apache2/modules/mod_log_config.so + + + LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so + + + LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so + + + LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so + + + LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so + + + LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so + + + LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so + + + LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so + + + LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so + + + LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so + + + LoadModule apreq_module /usr/lib/apache2/modules/mod_apreq2.so + + + LoadModule unique_id_module /usr/lib/apache2/modules/mod_unique_id.so + + + LoadModule qos_module /usr/lib/apache2/modules/mod_qos.so + + + +#RHEL specific + + + LoadModule perl_module modules/mod_perl.so + + + LoadModule log_config_module modules/mod_log_config.so + + + LoadModule ssl_module modules/mod_ssl.so + + + LoadModule headers_module modules/mod_headers.so + + + LoadModule proxy_module modules/mod_proxy.so + + + LoadModule proxy_http_module modules/mod_proxy_http.so + + + LoadModule authz_host_module modules/mod_authz_host.so + + + LoadModule setenvif_module modules/mod_setenvif.so + + + LoadModule rewrite_module modules/mod_rewrite.so + + + LoadModule alias_module modules/mod_alias.so + + + LoadModule mime_module modules/mod_mime.so + + + LoadModule apreq_module modules/mod_apreq2.so + + + LoadModule unique_id_module modules/mod_unique_id.so + + + LoadModule qos_module modules/mod_qos.so + + + +PerlSwitches -I/usr/local/pf/lib +#AddHandler perl-script .cgi +#Options +ExecCGI +#PerlHandler ModPerl::PerlRun + +# Prevent Browsers (Chrome and Firefox) to cache DNS while under the captive portal +Header always set X-DNS-Prefetch-Control off +AcceptMutex posixsem + + + Order deny,allow + Allow from all + + + + SSLOptions +StdEnvVars + + +SetEnvIf User-Agent ".*MSIE.*" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +TypesConfig /etc/mime.types + + +BEGIN { + use pf::log 'service' => 'httpd.portal', no_stderr_trapping => 1, no_stdout_trapping => 1; +} +use pf::config qw(); +use Tie::DxHash; +use pf::services::manager::httpd(); +use Apache::SSLLookup; + +sub gen_conf { + my %conf; + tie %conf, 'Tie::DxHash'; + + %conf = @_; + return \%conf; +} + +my $PfConfig = \%pf::config::Config; +my $management_network = $pf::config::management_network; +my $install_dir = $pf::config::install_dir; +my $var_dir = $pf::config::var_dir; +my @internal_nets = @pf::config::internal_nets; +my $host; + +$PidFile = $install_dir.'/var/run/httpd.portal.pid'; + +$Include = $install_dir.'/conf/httpd.conf.d/log.conf'; + +$User = "pf"; +$Group = "pf"; + +$PerlOptions = "+GlobalRequest"; +$ProxyRequests = "Off"; + +if (defined($PfConfig->{'alerting'}{'fromaddr'}) && $PfConfig->{'alerting'}{'fromaddr'} ne '') { + $ServerAdmin = $PfConfig->{'alerting'}{'fromaddr'}; +} else { + $ServerAdmin = "root\@".$PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}; +} + +$ServerTokens = "Prod"; +$ServerSignature = "Off"; +$UseCanonicalName = "Off"; +$Timeout = "50"; +$KeepAliveTimeout = "10"; + +$MaxClients = pf::services::manager::httpd::calculate_max_clients(pf::services::manager::httpd::get_total_system_memory()); +$StartServers = pf::services::manager::httpd::calculate_start_servers($MaxClients); +$MinSpareServers = pf::services::manager::httpd::calculate_min_spare_servers($MaxClients); + +if( pf::config::isenabled ($PfConfig->{services}{httpd_mod_qos})) { + my $qos = $MaxClients * .7; + $QS_SrvMaxConnClose = $qos; + $QS_SrvMaxConnPerIP = $PfConfig->{services}{httpd_mod_qos_maximum_connections_per_device}; +} + +$HostnameLookups = "off"; +$MaxRequestsPerChild = "1000"; +$PerlInitHandler = "pf::WebAPI::InitHandler"; + + +$SSLPassPhraseDialog = "builtin"; +$SSLSessionCache = "dbm:".$install_dir."/var/ssl_scache"; +$SSLSessionCacheTimeout = "300"; +$SSLMutex = "file:".$install_dir."/var/ssl_mutex"; +$SSLRandomSeed = "startup builtin"; +$SSLRandomSeed = "connect builtin"; +$SSLCipherSuite = "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"; + +$ErrorLog = $install_dir.'/logs/portal_error_log'; + +foreach my $interface (@internal_nets) { + push (@Listen,$interface->{'Tip'}.":80"); + push (@Listen,$interface->{'Tip'}.":443"); + push (@NameVirtualHost,$interface->{'Tip'}.":80"); + push (@NameVirtualHost,$interface->{'Tip'}.":443"); + push (@{ $VirtualHost{$interface->{'Tip'}.":80"} }, gen_conf( + ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}, + DocumentRoot => $install_dir.'/html/captive-portal', + ErrorLog => $install_dir.'/logs/portal_error_log', + CustomLog => $install_dir.'/logs/portal_access_log combined', + Include => $var_dir.'/conf/captive-portal-common.conf', + Include => $var_dir.'/conf/block-unwanted.conf', + Include => $var_dir.'/conf/captive-portal-cleanurls.conf', + )); + push (@{ $VirtualHost{$interface->{'Tip'}.":443"} }, gen_conf( + ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}, + DocumentRoot => $install_dir.'/html/captive-portal', + ErrorLog => $install_dir.'/logs/portal_error_log', + CustomLog => $install_dir.'/logs/portal_access_log combined', + SSLEngine => 'on', + SSLProxyEngine => 'on', + Include => $var_dir.'/conf/ssl-certificates.conf', + Include => $var_dir.'/conf/captive-portal-common.conf', + Include => $var_dir.'/conf/block-unwanted.conf', + Include => $var_dir.'/conf/captive-portal-cleanurls.conf', + )); +} + +if (defined($management_network->{'Tip'}) && $management_network->{'Tip'} ne '') { + if (defined($management_network->{'Tvip'}) && $management_network->{'Tvip'} ne '') { + $host = $management_network->{'Tvip'}; + } else { + $host = $management_network->{'Tip'}; + } + + push (@Listen,$host.":80"); + push (@Listen,$host.":443"); + push (@NameVirtualHost,$host.":80"); + push (@NameVirtualHost,$host.":443"); + + push @{ $VirtualHost{$host.":80"} }, gen_conf( + ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}, + DocumentRoot => $install_dir.'/html/pfappserver/lib', + ErrorLog => $install_dir.'/logs/portal_error_log', + CustomLog => $install_dir.'/logs/portal_access_log combined', + Include => $var_dir.'/conf/captive-portal-common.conf', + Include => $var_dir.'/conf/block-unwanted.conf', + Include => $var_dir.'/conf/captive-portal-cleanurls.conf', + ); + push @{ $VirtualHost{$host.":443"} }, gen_conf( + ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}, + DocumentRoot => $install_dir.'/html/pfappserver/lib', + ErrorLog => $install_dir.'/logs/portal_error_log', + CustomLog => $install_dir.'/logs/portal_access_log combined', + SSLEngine => 'on', + Include => $var_dir.'/conf/ssl-certificates.conf', + Include => $var_dir.'/conf/captive-portal-common.conf', + Include => $var_dir.'/conf/block-unwanted.conf', + Include => $var_dir.'/conf/captive-portal-cleanurls.conf', + ); + +} + + + + diff --git a/conf/httpd.conf.d/httpd.proxy b/conf/httpd.conf.d/httpd.proxy index bed86d317b09..3889e61666ab 100644 --- a/conf/httpd.conf.d/httpd.proxy +++ b/conf/httpd.conf.d/httpd.proxy @@ -88,6 +88,7 @@ PerlSwitches -I/usr/local/pf/lib PerlModule APR::Table +AcceptMutex posixsem # Prevent Browsers (Chrome and Firefox) to cache DNS while under the captive portal Header always set X-DNS-Prefetch-Control off @@ -102,7 +103,7 @@ TypesConfig /etc/mime.types use pf::config qw(); use Tie::DxHash; -use pf::services::apache; +use pf::services::manager::httpd; sub gen_conf { my %conf; @@ -138,9 +139,9 @@ $UseCanonicalName = "Off"; $Timeout = "50"; $KeepAliveTimeout = "10"; -$MaxClients = pf::services::apache::calculate_max_clients(pf::services::apache::get_total_system_memory()); -$StartServers = pf::services::apache::calculate_start_servers($MaxClients); -$MinSpareServers = pf::services::apache::calculate_min_spare_servers($MaxClients); +$MaxClients = pf::services::manager::httpd::calculate_max_clients(pf::services::manager::httpd::get_total_system_memory()); +$StartServers = pf::services::manager::httpd::calculate_start_servers($MaxClients); +$MinSpareServers = pf::services::manager::httpd::calculate_min_spare_servers($MaxClients); $HostnameLookups = "off"; $MaxRequestsPerChild = "1000"; diff --git a/conf/httpd.conf.d/httpd.webservices b/conf/httpd.conf.d/httpd.webservices index 74dbec53aee2..32ecc115253f 100644 --- a/conf/httpd.conf.d/httpd.webservices +++ b/conf/httpd.conf.d/httpd.webservices @@ -59,6 +59,10 @@ PerlSwitches -I/usr/local/pf/lib PerlSwitches -I/usr/local/pf/html/pfappserver/lib +PerlPostConfigRequire /usr/local/pf/lib/pf/web/webservices_modperl_require.pl +PerlLoadModule pf::WebAPI + +AcceptMutex posixsem use pf::config qw(); diff --git a/conf/httpd.conf.d/ssl-certificates.conf b/conf/httpd.conf.d/ssl-certificates.conf.example similarity index 100% rename from conf/httpd.conf.d/ssl-certificates.conf rename to conf/httpd.conf.d/ssl-certificates.conf.example diff --git a/conf/iptables.conf b/conf/iptables.conf.example similarity index 94% rename from conf/iptables.conf rename to conf/iptables.conf.example index 3af8013fb075..7121a60b74ee 100644 --- a/conf/iptables.conf +++ b/conf/iptables.conf.example @@ -60,8 +60,9 @@ -A input-internal-inline-if --protocol udp --match udp --dport 53 --match mark --mark 0x1 --jump DROP # HTTP (captive-portal) # prevent registered users from reaching it --A input-internal-inline-if --protocol tcp --match tcp --dport 80 --match mark --mark 0x1 --jump DROP --A input-internal-inline-if --protocol tcp --match tcp --dport 443 --match mark --mark 0x1 --jump DROP +# TODO: Must work in dispatcher and Catalyst to redirect registered client out of the portal +#-A input-internal-inline-if --protocol tcp --match tcp --dport 80 --match mark --mark 0x1 --jump DROP +#-A input-internal-inline-if --protocol tcp --match tcp --dport 443 --match mark --mark 0x1 --jump DROP # allow everyone else behind inline interface (not registered, isolated, etc.) -A input-internal-inline-if --protocol tcp --match tcp --dport 80 --jump ACCEPT -A input-internal-inline-if --protocol tcp --match tcp --dport 443 --jump ACCEPT diff --git a/conf/listener.msg b/conf/listener.msg.example similarity index 100% rename from conf/listener.msg rename to conf/listener.msg.example diff --git a/conf/locale/en/LC_MESSAGES/packetfence.po b/conf/locale/en/LC_MESSAGES/packetfence.po index 6a39a500ba82..86273a23ca0b 100644 --- a/conf/locale/en/LC_MESSAGES/packetfence.po +++ b/conf/locale/en/LC_MESSAGES/packetfence.po @@ -909,3 +909,37 @@ msgstr "The MAC address %s provided is invalid please try again" msgid "This module is not enabled" msgstr "This module is not enabled" + +msgid "anniversary" +msgstr "Anniversary" + +msgid "birthday" +msgstr "Birthday" + +msgid "gender" +msgstr "Gender" + +msgid "lang" +msgstr "Language" + +msgid "nickname" +msgstr "Nickname" + +msgid "cell_phone" +msgstr "Cell Phone" + +msgid "work_phone" +msgstr "Work Phone" + +msgid "title" +msgstr "Title" + +msgid "building_number" +msgstr "Building Number" + +msgid "apartment_number" +msgstr "Apartment Number" + +msgid "room_number" +msgstr "Room Number" + diff --git a/conf/log.conf b/conf/log.conf deleted file mode 100644 index d43e0860fc6c..000000000000 --- a/conf/log.conf +++ /dev/null @@ -1,37 +0,0 @@ -### Root/Parent (PacketFence) logger ### -# Will log everything (even categories defined to log in another appender) unless -# specified using the additivity parameter -log4perl.rootLogger = INFO, LOGFILE - -### Catalyst logger ### -# Used to separate Catalyst framework logs in a different log file -log4perl.category.Catalyst = INFO, CATALYST -# Prevent the message from bubbling up to it's parents -log4perl.additivity.Catalyst = 0 - -### Categories ### -# Below, you can specify different categories (based on package names) for different logging levels -log4perl.category.pf.SNMP = WARN - - -### Global (PacketFence) log facility configuration ### -### Not meant to be modified ### -log4perl.appender.LOGFILE = Log::Log4perl::Appender::File -log4perl.appender.LOGFILE.filename = /usr/local/pf/logs/packetfence.log -log4perl.appender.LOGFILE.mode = append -log4perl.appender.LOGFILE.layout = PatternLayout -log4perl.appender.LOGFILE.layout.ConversionPattern = %d{MMM dd HH:mm:ss} %X{proc}(%X{tid}) %p: %m (%M)%n -log4perl.appender.LOGFILE.mask = 0660 -log4perl.appender.LOGFILE.user = pf -log4perl.appender.LOGFILE.group = pf - -### General Catalyst (pfappserver) log facility configuration ### -### Not meant to be modified ### -log4perl.appender.CATALYST = Log::Log4perl::Appender::File -log4perl.appender.CATALYST.filename = /usr/local/pf/logs/catalyst.log -log4perl.appender.CATALYST.mode = append -log4perl.appender.CATALYST.layout = PatternLayout -log4perl.appender.CATALYST.layout.ConversionPattern = %d{MMM dd HH:mm:ss} %X{proc}(%X{tid}) %p: %m (%M)%n -log4perl.appender.CATALYST.mask = 0660 -log4perl.appender.CATALYST.user = pf -log4perl.appender.CATALYST.group = pf diff --git a/conf/log.conf.d/httpd.admin.conf.example b/conf/log.conf.d/httpd.admin.conf.example new file mode 100644 index 000000000000..a2150caf0c11 --- /dev/null +++ b/conf/log.conf.d/httpd.admin.conf.example @@ -0,0 +1,17 @@ +### httpd.admin logger ### +log4perl.rootLogger = INFO, HTTPD_ADMIN + +### Categories ### +# Below, you can specify different categories (based on package names) for different logging levels +#log4perl.category.pf.SNMP = WARN + +### Logging for httpd.admin +log4perl.appender.HTTPD_ADMIN = Log::Log4perl::Appender::File +log4perl.appender.HTTPD_ADMIN.filename = /usr/local/pf/logs/httpd.admin.log +log4perl.appender.HTTPD_ADMIN.mode = append +log4perl.appender.HTTPD_ADMIN.layout = PatternLayout +log4perl.appender.HTTPD_ADMIN.layout.ConversionPattern = %d{MMM dd HH:mm:ss} %X{proc}(%X{tid}) %p: %m (%M)%n +log4perl.appender.HTTPD_ADMIN.umask = 0002 +log4perl.appender.HTTPD_ADMIN.user = pf +log4perl.appender.HTTPD_ADMIN.group = pf + diff --git a/conf/log.conf.d/httpd.portal.conf.example b/conf/log.conf.d/httpd.portal.conf.example new file mode 100644 index 000000000000..fbeff87273e5 --- /dev/null +++ b/conf/log.conf.d/httpd.portal.conf.example @@ -0,0 +1,17 @@ +### httpd.portal logger ### +log4perl.rootLogger = INFO, HTTPD_PORTAL + +### Categories ### +# Below, you can specify different categories (based on package names) for different logging levels +#log4perl.category.pf.SNMP = WARN + +### Logging for httpd.portal +log4perl.appender.HTTPD_PORTAL = Log::Log4perl::Appender::File +log4perl.appender.HTTPD_PORTAL.filename = /usr/local/pf/logs/httpd.portal.log +log4perl.appender.HTTPD_PORTAL.mode = append +log4perl.appender.HTTPD_PORTAL.layout = PatternLayout +log4perl.appender.HTTPD_PORTAL.layout.ConversionPattern = %d{MMM dd HH:mm:ss} %X{proc}(%X{tid}) %p: %m (%M)%n +log4perl.appender.HTTPD_PORTAL.umask = 0002 +log4perl.appender.HTTPD_PORTAL.user = pf +log4perl.appender.HTTPD_PORTAL.group = pf + diff --git a/conf/log.conf.d/pfbandwidthd.conf.example b/conf/log.conf.d/pfbandwidthd.conf.example new file mode 100644 index 000000000000..c90d9834a0d8 --- /dev/null +++ b/conf/log.conf.d/pfbandwidthd.conf.example @@ -0,0 +1,17 @@ +### pfbandwidthd logger ### +log4perl.rootLogger = INFO, PFBANDWIDTHD + +### Categories ### +# Below, you can specify different categories (based on package names) for different logging levels +#log4perl.category.pf.SNMP = WARN + +### Logging for pfbandwidthd +log4perl.appender.PFBANDWIDTHD = Log::Log4perl::Appender::File +log4perl.appender.PFBANDWIDTHD.filename = /usr/local/pf/logs/pfbandwidthd.log +log4perl.appender.PFBANDWIDTHD.mode = append +log4perl.appender.PFBANDWIDTHD.layout = PatternLayout +log4perl.appender.PFBANDWIDTHD.layout.ConversionPattern = %d{MMM dd HH:mm:ss} %X{proc}(%X{tid}) %p: %m (%M)%n +log4perl.appender.PFBANDWIDTHD.umask = 0002 +log4perl.appender.PFBANDWIDTHD.user = pf +log4perl.appender.PFBANDWIDTHD.group = pf + diff --git a/conf/log.conf.d/pfdetect.conf.example b/conf/log.conf.d/pfdetect.conf.example new file mode 100644 index 000000000000..d076bfd44e7e --- /dev/null +++ b/conf/log.conf.d/pfdetect.conf.example @@ -0,0 +1,17 @@ +### pfdetect logger ### +log4perl.rootLogger = INFO, PFDETECT + +### Categories ### +# Below, you can specify different categories (based on package names) for different logging levels +#log4perl.category.pf.SNMP = WARN + +### Logging for pfdetect +log4perl.appender.PFDETECT = Log::Log4perl::Appender::File +log4perl.appender.PFDETECT.filename = /usr/local/pf/logs/pfdetect.log +log4perl.appender.PFDETECT.mode = append +log4perl.appender.PFDETECT.layout = PatternLayout +log4perl.appender.PFDETECT.layout.ConversionPattern = %d{MMM dd HH:mm:ss} %X{proc}(%X{tid}) %p: %m (%M)%n +log4perl.appender.PFDETECT.umask = 0002 +log4perl.appender.PFDETECT.user = pf +log4perl.appender.PFDETECT.group = pf + diff --git a/conf/log.conf.d/pfdhcplistener.conf.example b/conf/log.conf.d/pfdhcplistener.conf.example new file mode 100644 index 000000000000..b3dec25b6493 --- /dev/null +++ b/conf/log.conf.d/pfdhcplistener.conf.example @@ -0,0 +1,17 @@ +### pfdhcplistener logger ### +log4perl.rootLogger = INFO, PFDHCPLISTENER + +### Categories ### +# Below, you can specify different categories (based on package names) for different logging levels +#log4perl.category.pf.SNMP = WARN + +### Logging for pfdhcplistener +log4perl.appender.PFDHCPLISTENER = Log::Log4perl::Appender::File +log4perl.appender.PFDHCPLISTENER.filename = /usr/local/pf/logs/pfdhcplistener.log +log4perl.appender.PFDHCPLISTENER.mode = append +log4perl.appender.PFDHCPLISTENER.layout = PatternLayout +log4perl.appender.PFDHCPLISTENER.layout.ConversionPattern = %d{MMM dd HH:mm:ss} %X{proc}(%X{tid}) %p: %m (%M)%n +log4perl.appender.PFDHCPLISTENER.umask = 0002 +log4perl.appender.PFDHCPLISTENER.user = pf +log4perl.appender.PFDHCPLISTENER.group = pf + diff --git a/conf/log.conf.d/pfdns.conf.example b/conf/log.conf.d/pfdns.conf.example new file mode 100644 index 000000000000..a3823ce3e1d1 --- /dev/null +++ b/conf/log.conf.d/pfdns.conf.example @@ -0,0 +1,17 @@ +### pfdns logger ### +log4perl.rootLogger = INFO, PFDNS + +### Categories ### +# Below, you can specify different categories (based on package names) for different logging levels +#log4perl.category.pf.SNMP = WARN + +### Logging for pfdns +log4perl.appender.PFDNS = Log::Log4perl::Appender::File +log4perl.appender.PFDNS.filename = /usr/local/pf/logs/pfdns.log +log4perl.appender.PFDNS.mode = append +log4perl.appender.PFDNS.layout = PatternLayout +log4perl.appender.PFDNS.layout.ConversionPattern = %d{MMM dd HH:mm:ss} %X{proc}(%X{tid}) %p: %m (%M)%n +log4perl.appender.PFDNS.umask = 0002 +log4perl.appender.PFDNS.user = pf +log4perl.appender.PFDNS.group = pf + diff --git a/conf/log.conf.d/pfmon.conf.example b/conf/log.conf.d/pfmon.conf.example new file mode 100644 index 000000000000..1cdc245c0164 --- /dev/null +++ b/conf/log.conf.d/pfmon.conf.example @@ -0,0 +1,17 @@ +### pfmon logger ### +log4perl.rootLogger = INFO, PFMON + +### Categories ### +# Below, you can specify different categories (based on package names) for different logging levels +#log4perl.category.pf.SNMP = WARN + +### Logging for pfmon +log4perl.appender.PFMON = Log::Log4perl::Appender::File +log4perl.appender.PFMON.filename = /usr/local/pf/logs/pfmon.log +log4perl.appender.PFMON.mode = append +log4perl.appender.PFMON.layout = PatternLayout +log4perl.appender.PFMON.layout.ConversionPattern = %d{MMM dd HH:mm:ss} %X{proc}(%X{tid}) %p: %m (%M)%n +log4perl.appender.PFMON.umask = 0002 +log4perl.appender.PFMON.user = pf +log4perl.appender.PFMON.group = pf + diff --git a/conf/log.conf.d/pfsetvlan.conf.example b/conf/log.conf.d/pfsetvlan.conf.example new file mode 100644 index 000000000000..0bbac9130df7 --- /dev/null +++ b/conf/log.conf.d/pfsetvlan.conf.example @@ -0,0 +1,20 @@ +### pfsetvlan logger ### +log4perl.rootLogger = INFO, PFSETVLAN + +### Categories ### +# Below, you can specify different categories (based on package names) for different logging levels +# Replace /usr/local/pf/logs/packetfence.log by /usr/local/pf/logs/pfsetvlan.log to allow +# pfsetvlan to log in its own log file. +#log4perl.category.pf.SNMP = WARN + +### Logging for pfsetvlan + +log4perl.appender.PFSETVLAN = Log::Log4perl::Appender::File +log4perl.appender.PFSETVLAN.filename = /usr/local/pf/logs/packetfence.log +log4perl.appender.PFSETVLAN.mode = append +log4perl.appender.PFSETVLAN.layout = PatternLayout +log4perl.appender.PFSETVLAN.layout.ConversionPattern = %d{MMM dd HH:mm:ss} %X{proc}(%X{tid}) %p: %m (%M)%n +log4perl.appender.PFSETVLAN.umask = 0002 +log4perl.appender.PFSETVLAN.user = pf +log4perl.appender.PFSETVLAN.group = pf + diff --git a/conf/log.conf.example b/conf/log.conf.example new file mode 100644 index 000000000000..f1d7bab07247 --- /dev/null +++ b/conf/log.conf.example @@ -0,0 +1,20 @@ +### Root/Parent (PacketFence) logger ### +# Will log everything (even categories defined to log in another appender) unless +# specified using the additivity parameter +log4perl.rootLogger = INFO, LOGFILE + +### Categories ### +# Below, you can specify different categories (based on package names) for different logging levels +#log4perl.category.pf.SNMP = WARN + + +### Global (PacketFence) log facility configuration ### +### Not meant to be modified ### +log4perl.appender.LOGFILE = Log::Log4perl::Appender::File +log4perl.appender.LOGFILE.filename = /usr/local/pf/logs/packetfence.log +log4perl.appender.LOGFILE.mode = append +log4perl.appender.LOGFILE.layout = PatternLayout +log4perl.appender.LOGFILE.layout.ConversionPattern = %d{MMM dd HH:mm:ss} %X{proc}(%X{tid}) %p: %m (%M)%n +log4perl.appender.LOGFILE.umask = 0002 +log4perl.appender.LOGFILE.user = pf +log4perl.appender.LOGFILE.group = pf diff --git a/conf/networks.conf b/conf/mdm.conf.example similarity index 100% rename from conf/networks.conf rename to conf/mdm.conf.example diff --git a/conf/nessus/remotescan.nessus b/conf/nessus/remotescan.nessus.example similarity index 100% rename from conf/nessus/remotescan.nessus rename to conf/nessus/remotescan.nessus.example diff --git a/conf/ui-global.conf b/conf/networks.conf.example similarity index 100% rename from conf/ui-global.conf rename to conf/networks.conf.example diff --git a/conf/pf-release b/conf/pf-release index 98dc8065b659..bea4ee5c1638 100644 --- a/conf/pf-release +++ b/conf/pf-release @@ -1 +1 @@ -PacketFence 4.1.0 +PacketFence 4.2.0 diff --git a/conf/pf.conf.defaults b/conf/pf.conf.defaults index abd4ad9180b5..95c5f15362de 100644 --- a/conf/pf.conf.defaults +++ b/conf/pf.conf.defaults @@ -20,12 +20,6 @@ dnsservers=127.0.0.1 # Comma-delimited list of DHCP servers. Passthroughs are created to allow DHCP transactions from even "trapped" nodes. dhcpservers=127.0.0.1 # -# general.locale -# -# Locale used for message translation -# more than 1 can be specified -locale=en_US -# # general.timezone # # System's timezone in string format. Supported list: @@ -37,6 +31,11 @@ timezone=America/Montreal # Interval at which Packetfence runs its maintenance tasks. maintenance_interval=60s # +# general.cache_update_interval +# +# Interval at which Packetfence runs its maintenance tasks. +cache_update_interval=10s +# # general.memcached # # Server list of the memcached server @@ -69,6 +68,10 @@ rogueinterval=10 # This feature is only available if the dhcpdetector is activated. dhcpoption82logger=disabled # +# network.interfaceSNAT +# Choose interface(s) where you want to enable snat for passthrough (by default it's the management interface) +interfaceSNAT= +# # # This section allows you to configure locally proxied content. We typically use this to proxy tools like Stinger rather # than having to continually download the latest version. Ex: @@ -103,7 +106,7 @@ redirtimer=20s # trapping.whitelist # # Comma-delimited list of MAC addresses that are immune to isolation. In -# inline enforcement, the firewall is opened for them as if they were +# inline level 2 enforcement, the firewall is opened for them as if they were # registered. This "feature" will probably be reworked in the future. whitelist= # @@ -177,26 +180,18 @@ button_text=Register # The number of registration pages to show to the user nbregpages=0 # -# registration.gaming_devices_registration +# registration.device_registration # # Enable or Disable the ability to register a gaming device using the specific portal page designed to do it -gaming_devices_registration=disabled +device_registration=disabled # -# registration.gaming_devices_registration_role +# registration.device_registration_role # # The role to assign to gaming devices. If none is specified, the role of the registrant is used. -gaming_devices_registration_role= +device_registration_role= [guests_self_registration] # -# guests_self_registration.mandatory_fields -# -# Fields required to be filled in the self-registration form. Valid values are: -# firstname, lastname, organization, phone, mobileprovider, email, -# sponsor_email. Basic validation of minimally required values per guest mode -# is provided by default. -mandatory_fields=firstname,lastname,phone,email -# # guests_self_registration.guest_pid # # What field should we assign to the pid of the guest? Defaults to email. @@ -419,6 +414,15 @@ traplog=0D # example: # locationlog=180D locationlog=0D +# expire.httpd_portal +# +# Time which you would like to keep logs on location information +httpd_portal=enabled +# +# expire.httpd_admin +# +# Please note that this table should not become too big since it +httpd_admin=enabled [services] # @@ -447,6 +451,51 @@ iptables=enabled # Should memcached be managed by PacketFence? memcached=enabled # +# services.pfbandwidthd +# +# Should pfbandwidthd be managed by PacketFence? +pfbandwidthd=disabled +# +# services.httpd_admin +# +# Should httpd.admin be started? +httpd_admin=enabled +# +# services.httpd_portal +# +# Should httpd.portal be started? +httpd_portal=enabled +# +# services.httpd_webservices +# +# Should httpd.webservices be started? +httpd_webservices=enabled +# +# services.httpd_proxy +# +# Should httpd.proxy be started? +httpd_proxy=enabled +# +# services.pfsetvlan +# +# Should pfsetvlan be managed by PacketFence? +pfsetvlan=enabled +# +# services.snmptrapd +# +# Should snmptrapd be managed by PacketFence? +snmptrapd=enabled +# +# services.pfmon +# +# Should pfmon be managed by PacketFence? +pfmon=enabled +# +# services.pfdhcplistener +# +# Should pfdhcplistener be started? +pfdhcplistener=enabled +# # services.snort_binary # # Location of the snort binary. Only necessary to change if you are not running the RPMed version. @@ -486,6 +535,26 @@ arp_binary=/sbin/arp # # Location of the memcached binary. Only necessary to change if you are not running the pre-packaged version. memcached_binary=/usr/bin/memcached +# +# services.memcached_memory_usage +# +# The maximum of memory that memcached will use +memcached_memory_usage=64 +# +# services.memcached_max_item_size +# +# The maximum of size of the items allowed to be stored +memcached_max_item_size=1M +# +# services.httpd_mod_qos +# +# Enable mod_qos +httpd_mod_qos=disabled +# +# services.httpd_mod_qos_maximum_users +# +# The maximum connections per device +httpd_mod_qos_maximum_connections_per_device=5 [vlan] # @@ -555,6 +624,27 @@ should_reauth_on_vlan_change = disabled # Choose the interface(s) you want to use to enable snat (by default it´s the management interface) interfaceSNAT= +# inline.accounting +# +# Should we handle accouting data for inline clients? +# This controls inline accouting tasks in pfmon. +accounting = disabled + +# inline.level3_accounting_session_timeout +# +# Accounting 'sessions' created by pfbandwidthd (level 3 traffic only) that haven't been updated for more than this +# amount of seconds will be considered inactive. +# This should be higher than the interval at which pfmon runs +# Defaults to 300 - 5 minutes +level3_accounting_session_timeout = 300 + +# inline.level3_accounting_sync_interval +# +# Interval at which pfbandwidthd (level 3 traffic only) should dump collected information into the database. +# This should be lower than the interval at which pfmon runs +# Defaults to 41 seconds +level3_accounting_sync_interval = 41 + [servicewatch] # # servicewatch.email @@ -618,6 +708,21 @@ secure_redirect=enabled # # After which calls to pfcmd do we have to re-evaluate the state of a node and re-assign VLAN or change iptables rules reevaluate_access_reasons=node_modify,manage_register,manage_deregister,manage_vclose,manage_vopen,violation_modify,violation_add,violation_delete,redir.cgi,pfcmd_vlan +# +# advanced.pfcmd_error_color +# +# Color of the error text for pfcmd +pfcmd_error_color=red +# +# advanced.pfcmd_warning_color +# +# Color of the warning text for pfcmd +pfcmd_warning_color=yellow +# +# advanced.pfcmd_success_color +# +# Color of the success text for pfcmd +pfcmd_success_color=green [provisioning] # @@ -638,6 +743,12 @@ ssid = SSID-Hidden # Accessible to node that are member of this category category = any +# +# provisioning.certificate +# +# Certificate to send to the node +certificate = + [billing] # # billing.gateway @@ -660,6 +771,16 @@ authorizenet_login = # The merchant's unique Transaction Key (Provided by Authorize.net) authorizenet_trankey = +mirapay_url = https://ms1.eigendev.com/OFT/EigenOFT_d.php + +mirapay_currency = USD + +mirapay_terminal_id = + +mirapay_terminal_id_group = + +mirapay_hash_password = + [node_import] # # node_import.pid diff --git a/conf/popup.msg b/conf/popup.msg.example similarity index 100% rename from conf/popup.msg rename to conf/popup.msg.example diff --git a/conf/profiles.conf b/conf/profiles.conf.example similarity index 73% rename from conf/profiles.conf rename to conf/profiles.conf.example index 7ec578839237..047a7bb1c5d5 100644 --- a/conf/profiles.conf +++ b/conf/profiles.conf.example @@ -4,3 +4,5 @@ logo=/common/packetfence-cp.png billing_engine=disabled redirecturl=http://www.packetfence.org/ always_use_redirecturl=disabled +mandatory_fields=firstname,lastname,phone,email +locale=en_US diff --git a/conf/radiusd/eap.conf b/conf/radiusd/eap.conf.example similarity index 100% rename from conf/radiusd/eap.conf rename to conf/radiusd/eap.conf.example diff --git a/conf/radiusd/radiusd.conf b/conf/radiusd/radiusd.conf.example similarity index 83% rename from conf/radiusd/radiusd.conf rename to conf/radiusd/radiusd.conf.example index 6936929d6d37..fdda26584c49 100644 --- a/conf/radiusd/radiusd.conf +++ b/conf/radiusd/radiusd.conf.example @@ -17,12 +17,19 @@ db_dir = ${raddbdir} libdir = /usr/lib%%arch%%/freeradius pidfile = ${run_dir}/${name}.pid +rpc_user = %%rpc_user%% +rpc_pass = %%rpc_pass%% +rpc_port = 9090 +rpc_server = 127.0.0.1 +rpc_proto = http + + user = pf group = pf max_request_time = 30 cleanup_delay = 5 -max_requests = 1024 +max_requests = 20000 listen { type = auth @@ -60,6 +67,8 @@ security { max_attributes = 200 reject_delay = 1 status_server = yes + # On Centos, even if the openssl lib has been patched, freeradius refuse to start. Make sure you update openssl. + allow_vulnerable_openssl = yes } proxy_requests = yes @@ -85,6 +94,7 @@ instantiate { expr expiration logintime + raw } $INCLUDE policy.conf diff --git a/conf/radiusd/sql.conf b/conf/radiusd/sql.conf.example similarity index 100% rename from conf/radiusd/sql.conf rename to conf/radiusd/sql.conf.example diff --git a/conf/snmptrapd.conf b/conf/snmptrapd.conf.example similarity index 100% rename from conf/snmptrapd.conf rename to conf/snmptrapd.conf.example diff --git a/conf/snort.conf b/conf/snort.conf.example similarity index 100% rename from conf/snort.conf rename to conf/snort.conf.example diff --git a/conf/snort.conf.pre_snort-2.8 b/conf/snort.conf.pre_snort-2.8.example similarity index 100% rename from conf/snort.conf.pre_snort-2.8 rename to conf/snort.conf.pre_snort-2.8.example diff --git a/conf/snort/classification.config b/conf/snort/classification.config.example similarity index 100% rename from conf/snort/classification.config rename to conf/snort/classification.config.example diff --git a/conf/snort/local.rules b/conf/snort/local.rules.example similarity index 100% rename from conf/snort/local.rules rename to conf/snort/local.rules.example diff --git a/conf/snort/reference.config b/conf/snort/reference.config.example similarity index 100% rename from conf/snort/reference.config rename to conf/snort/reference.config.example diff --git a/conf/ssl/.gitignore b/conf/ssl/.gitignore new file mode 100644 index 000000000000..5e7d2734cfc6 --- /dev/null +++ b/conf/ssl/.gitignore @@ -0,0 +1,4 @@ +# Ignore everything in this directory +* +# Except this file +!.gitignore diff --git a/conf/suricata.yaml b/conf/suricata.yaml.example similarity index 100% rename from conf/suricata.yaml rename to conf/suricata.yaml.example diff --git a/conf/switches.conf b/conf/switches.conf.example similarity index 100% rename from conf/switches.conf rename to conf/switches.conf.example diff --git a/conf/templates/emails-billing_confirmation.txt.tt.example b/conf/templates/emails-billing_confirmation.txt.tt.example new file mode 100644 index 000000000000..d22063c39496 --- /dev/null +++ b/conf/templates/emails-billing_confirmation.txt.tt.example @@ -0,0 +1,13 @@ +Hello [% firstname %] [% lastname %], + +Thank you for your purchase. + + [% tier_name %]: [% tier_description %] + Cost: $[% tier_price %] + Transaction ID: [% transaction_id %] + +-- + +To extend your network access, please visit https://[% hostname %].[% domain %][% URL_BILLING %] + +To view your current network status, please visit https://[% hostname %].[% domain %][% URL_STATUS %] diff --git a/conf/templates/emails-guest_admin_pregistration.txt.tt b/conf/templates/emails-guest_admin_pregistration.txt.tt.example similarity index 100% rename from conf/templates/emails-guest_admin_pregistration.txt.tt rename to conf/templates/emails-guest_admin_pregistration.txt.tt.example diff --git a/conf/templates/emails-guest_email_activation.txt.tt b/conf/templates/emails-guest_email_activation.txt.tt.example similarity index 100% rename from conf/templates/emails-guest_email_activation.txt.tt rename to conf/templates/emails-guest_email_activation.txt.tt.example diff --git a/conf/templates/emails-guest_email_preregistration.txt.tt b/conf/templates/emails-guest_email_preregistration.txt.tt.example similarity index 100% rename from conf/templates/emails-guest_email_preregistration.txt.tt rename to conf/templates/emails-guest_email_preregistration.txt.tt.example diff --git a/conf/templates/emails-guest_email_preregistration_confirmed.txt.tt b/conf/templates/emails-guest_email_preregistration_confirmed.txt.tt.example similarity index 100% rename from conf/templates/emails-guest_email_preregistration_confirmed.txt.tt rename to conf/templates/emails-guest_email_preregistration_confirmed.txt.tt.example diff --git a/conf/templates/emails-guest_registered.txt.tt b/conf/templates/emails-guest_registered.txt.tt.example similarity index 100% rename from conf/templates/emails-guest_registered.txt.tt rename to conf/templates/emails-guest_registered.txt.tt.example diff --git a/conf/templates/emails-guest_sponsor_activation.txt.tt b/conf/templates/emails-guest_sponsor_activation.txt.tt.example similarity index 100% rename from conf/templates/emails-guest_sponsor_activation.txt.tt rename to conf/templates/emails-guest_sponsor_activation.txt.tt.example diff --git a/conf/templates/emails-guest_sponsor_preregistration.txt.tt b/conf/templates/emails-guest_sponsor_preregistration.txt.tt.example similarity index 100% rename from conf/templates/emails-guest_sponsor_preregistration.txt.tt rename to conf/templates/emails-guest_sponsor_preregistration.txt.tt.example diff --git a/conf/ui-global.conf.example b/conf/ui-global.conf.example new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/conf/violations.conf b/conf/violations.conf.example similarity index 96% rename from conf/violations.conf rename to conf/violations.conf.example index 1f58c3448169..4225a6c0235b 100644 --- a/conf/violations.conf +++ b/conf/violations.conf.example @@ -160,6 +160,30 @@ auto_enable=Y # Scan is taking place in the registration vlan don't change this value. vlan=registration +[1200002] +priority=9 +desc=Time Expiration +max_enable=1 +grace=0 +template=time_expiration +trigger=Accounting::TimeExpired +actions=trap,log +enabled=Y +auto_enable=N +vlan=registration + +[1200003] +priority=9 +desc=Bandwidth Limit +max_enable=1 +grace=0 +template=bandwidth_expiration +trigger=Accounting::BandwidthExpired +actions=trap,log +enabled=Y +auto_enable=N +vlan=registration + # # 1300000 - 1399999 Reserved for PacketFence violations # diff --git a/db/pf-schema-4.1.0.sql b/db/pf-schema-4.1.0.sql index d7c2917ec956..b32ea78cce38 100644 --- a/db/pf-schema-4.1.0.sql +++ b/db/pf-schema-4.1.0.sql @@ -229,6 +229,8 @@ CREATE TABLE `locationlog` ( `ssid` varchar(32) NOT NULL default '', `start_time` datetime NOT NULL default '0000-00-00 00:00:00', `end_time` datetime default NULL, + `switch_ip` varchar(17) DEFAULT NULL, + `switch_mac` varchar(17) DEFAULT NULL, KEY `locationlog_view_mac` (`mac`, `end_time`), KEY `locationlog_view_switchport` (`switch`,`port`,`end_time`,`vlan`) ) ENGINE=InnoDB; diff --git a/db/pf-schema-4.2.0.sql b/db/pf-schema-4.2.0.sql new file mode 100644 index 000000000000..8ce6a130a950 --- /dev/null +++ b/db/pf-schema-4.2.0.sql @@ -0,0 +1,892 @@ +-- +-- Table structure for table `class` +-- + +CREATE TABLE class ( + vid int(11) NOT NULL, + description varchar(255) NOT NULL default "none", + auto_enable char(1) NOT NULL default "Y", + max_enables int(11) NOT NULL default 0, + grace_period int(11) NOT NULL, + window varchar(255) NOT NULL default 0, + vclose int(11), + priority int(11) NOT NULL, + template varchar(255), + max_enable_url varchar(255), + redirect_url varchar(255), + button_text varchar(255), + enabled char(1) NOT NULL default "N", + vlan varchar(255), + target_category varchar(255), + PRIMARY KEY (vid) +) ENGINE=InnoDB; + +-- +-- Table structure for table `trigger` +-- +CREATE TABLE `trigger` ( + vid int(11) default NULL, + tid_start varchar(255) NOT NULL, + tid_end varchar(255) NOT NULL, + type varchar(255) default NULL, + whitelisted_categories varchar(255) NOT NULL default '', + PRIMARY KEY (vid,tid_start,tid_end,type), + KEY `trigger` (tid_start,tid_end,type), + CONSTRAINT `0_64` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB; + +-- +-- Table structure for table `person` +-- + +CREATE TABLE person ( + pid varchar(255) NOT NULL, + `firstname` varchar(255) default NULL, + `lastname` varchar(255) default NULL, + `email` varchar(255) default NULL, + `telephone` varchar(255) default NULL, + `company` varchar(255) default NULL, + `address` varchar(255) default NULL, + `notes` varchar(255), + `sponsor` varchar(255) default NULL, + `anniversary` varchar(255) default NULL, + `birthday` varchar(255) default NULL, + `gender` char(1) default NULL, + `lang` varchar(255) default NULL, + `nickname` varchar(255) default NULL, + `cell_phone` varchar(255) default NULL, + `work_phone` varchar(255) default NULL, + `title` varchar(255) default NULL, + `building_number` varchar(255) default NULL, + `apartment_number` varchar(255) default NULL, + `room_number` varchar(255) default NULL, + `custom_field_1` varchar(255) default NULL, + `custom_field_2` varchar(255) default NULL, + `custom_field_3` varchar(255) default NULL, + `custom_field_4` varchar(255) default NULL, + `custom_field_5` varchar(255) default NULL, + `custom_field_6` varchar(255) default NULL, + `custom_field_7` varchar(255) default NULL, + `custom_field_8` varchar(255) default NULL, + `custom_field_9` varchar(255) default NULL, + PRIMARY KEY (pid) +) ENGINE=InnoDB; + + +-- +-- Table structure for table `node_category` +-- + +CREATE TABLE `node_category` ( + `category_id` int NOT NULL AUTO_INCREMENT, + `name` varchar(255) NOT NULL, + `max_nodes_per_pid` int default 0, + `notes` varchar(255) default NULL, + PRIMARY KEY (`category_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; + +-- +-- Insert 'default' category +-- + +INSERT INTO `node_category` (category_id,name,notes) VALUES ("1","default","Placeholder role/category, feel free to edit"); + +-- +-- Insert 'guest' category +-- + +INSERT INTO `node_category` (category_id,name,notes) VALUES ("2","guest","Guests"); + +-- +-- Insert 'gaming' category +-- + +INSERT INTO `node_category` (category_id,name,notes) VALUES ("3","gaming","Gaming devices"); + +-- +-- Table structure for table `node` +-- + +CREATE TABLE node ( + mac varchar(17) NOT NULL, + pid varchar(255) NOT NULL default "admin", + category_id int default NULL, + detect_date datetime NOT NULL default "0000-00-00 00:00:00", + regdate datetime NOT NULL default "0000-00-00 00:00:00", + unregdate datetime NOT NULL default "0000-00-00 00:00:00", + lastskip datetime NOT NULL default "0000-00-00 00:00:00", + time_balance int(10) unsigned DEFAULT NULL, + bandwidth_balance int(10) unsigned DEFAULT NULL, + status varchar(15) NOT NULL default "unreg", + user_agent varchar(255) default NULL, + computername varchar(255) default NULL, + notes varchar(255) default NULL, + last_arp datetime NOT NULL default "0000-00-00 00:00:00", + last_dhcp datetime NOT NULL default "0000-00-00 00:00:00", + dhcp_fingerprint varchar(255) default NULL, + bypass_vlan varchar(50) default NULL, + voip enum('no','yes') NOT NULL DEFAULT 'no', + autoreg enum('no','yes') NOT NULL DEFAULT 'no', + sessionid varchar(30) default NULL, + PRIMARY KEY (mac), + KEY pid (pid), + KEY category_id (category_id), + KEY `node_status` (`status`, `unregdate`), + KEY `node_dhcpfingerprint` (`dhcp_fingerprint`), + CONSTRAINT `0_57` FOREIGN KEY (`pid`) REFERENCES `person` (`pid`) ON DELETE CASCADE ON UPDATE CASCADE, + CONSTRAINT `node_category_key` FOREIGN KEY (`category_id`) REFERENCES `node_category` (`category_id`) +) ENGINE=InnoDB; + +-- +-- Table structure for table `node_useragent` +-- + +CREATE TABLE `node_useragent` ( + mac varchar(17) NOT NULL, + os varchar(255) DEFAULT NULL, + browser varchar(255) DEFAULT NULL, + device enum('no','yes') NOT NULL DEFAULT 'no', + device_name varchar(255) DEFAULT NULL, + mobile enum('no','yes') NOT NULL DEFAULT 'no', + PRIMARY KEY (mac) +) ENGINE=InnoDB; + +-- +-- Trigger to delete the node_useragent associated with a mac when deleting this mac from the node table +-- + +DROP TRIGGER IF EXISTS node_useragent_delete_trigger; +DELIMITER / +CREATE TRIGGER node_useragent_delete_trigger AFTER DELETE ON node +FOR EACH ROW +BEGIN + DELETE FROM node_useragent WHERE mac = OLD.mac; +END / +DELIMITER ; + +-- +-- Table structure for table `action` +-- + +CREATE TABLE action ( + vid int(11) NOT NULL, + action varchar(255) NOT NULL, + PRIMARY KEY (vid,action), + CONSTRAINT `FOREIGN` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB; + +-- +-- Table structure for table `violation` +-- + +CREATE TABLE violation ( + id int NOT NULL AUTO_INCREMENT, + mac varchar(17) NOT NULL, + vid int(11) NOT NULL, + start_date datetime NOT NULL, + release_date datetime default "0000-00-00 00:00:00", + status varchar(10) default "open", + ticket_ref varchar(255) default NULL, + notes text, + KEY mac (mac), + KEY vid (vid), + KEY status (status), + KEY ind1 (mac,status,vid), + CONSTRAINT `0_60` FOREIGN KEY (`mac`) REFERENCES `node` (`mac`) ON DELETE CASCADE ON UPDATE CASCADE, + CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE, + PRIMARY KEY (id) +) ENGINE=InnoDB; + +-- +-- Table structure for table `iplog` +-- + +CREATE TABLE iplog ( + mac varchar(17) NOT NULL, + ip varchar(15) NOT NULL, + start_time datetime NOT NULL, + end_time datetime default "0000-00-00 00:00:00", + KEY mac (mac), + KEY `ip_view_open` (`ip`, `end_time`), + KEY `mac_view_open` (`mac`, `end_time`), + CONSTRAINT `0_63` FOREIGN KEY (`mac`) REFERENCES `node` (`mac`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB; + +CREATE TABLE os_type ( + os_id int(11) NOT NULL, + description varchar(255) NOT NULL, + PRIMARY KEY os_id (os_id) +) ENGINE=InnoDB; + +CREATE TABLE dhcp_fingerprint ( + fingerprint varchar(255) NOT NULL, + os_id int(11) NOT NULL, + PRIMARY KEY fingerprint (fingerprint), + KEY os_id_key (os_id), + CONSTRAINT `0_65` FOREIGN KEY (`os_id`) REFERENCES `os_type` (`os_id`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB; + +CREATE TABLE os_class ( + class_id int(11) NOT NULL, + description varchar(255) NOT NULL, + PRIMARY KEY class_id (class_id) +) ENGINE=InnoDB; + +CREATE TABLE os_mapping ( + os_type int(11) NOT NULL, + os_class int(11) NOT NULL, + PRIMARY KEY (os_type,os_class), + KEY os_type_key (os_type), + KEY os_class_key (os_class), + CONSTRAINT `0_66` FOREIGN KEY (`os_type`) REFERENCES `os_type` (`os_id`) ON DELETE CASCADE ON UPDATE CASCADE, + CONSTRAINT `0_67` FOREIGN KEY (`os_class`) REFERENCES `os_class` (`class_id`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB; + +CREATE TABLE `locationlog` ( + `mac` varchar(17) default NULL, + `switch` varchar(17) NOT NULL default '', + `port` varchar(8) NOT NULL default '', + `vlan` varchar(50) default NULL, + `connection_type` varchar(50) NOT NULL default '', + `dot1x_username` varchar(255) NOT NULL default '', + `ssid` varchar(32) NOT NULL default '', + `start_time` datetime NOT NULL default '0000-00-00 00:00:00', + `end_time` datetime default NULL, + `switch_ip` varchar(17) DEFAULT NULL, + `switch_mac` varchar(17) DEFAULT NULL, + KEY `locationlog_view_mac` (`mac`, `end_time`), + KEY `locationlog_view_switchport` (`switch`,`port`,`end_time`,`vlan`) +) ENGINE=InnoDB; + +CREATE TABLE `locationlog_history` ( + `mac` varchar(17) default NULL, + `switch` varchar(17) NOT NULL default '', + `port` varchar(8) NOT NULL default '', + `vlan` varchar(50) default NULL, + `connection_type` varchar(50) NOT NULL default '', + `dot1x_username` varchar(255) NOT NULL default '', + `ssid` varchar(32) NOT NULL default '', + `start_time` datetime NOT NULL default '0000-00-00 00:00:00', + `end_time` datetime default NULL, + KEY `locationlog_history_view_mac` (`mac`, `end_time`) +) ENGINE=InnoDB; + +CREATE TABLE `userlog` ( + `mac` varchar(17) NOT NULL default '', + `pid` varchar(255) default NULL, + `start_time` datetime NOT NULL default '0000-00-00 00:00:00', + `end_time` datetime default NULL, + PRIMARY KEY (`mac`,`start_time`), + KEY `pid` (`pid`), + CONSTRAINT `userlog_ibfk_1` FOREIGN KEY (`mac`) REFERENCES `node` (`mac`) ON DELETE CASCADE +) ENGINE=InnoDB; + +CREATE TABLE `ifoctetslog` ( + `switch` varchar(17) NOT NULL default '', + `port` varchar(8) NOT NULL default '', + `read_time` datetime NOT NULL default '0000-00-00 00:00:00', + `mac` varchar(17) default NULL, + `ifInOctets` bigint(20) unsigned NOT NULL default '0', + `ifOutOctets` bigint(20) unsigned NOT NULL default '0', + PRIMARY KEY (`switch`,`port`,`read_time`) +) ENGINE=InnoDB; + +CREATE TABLE `switchlocation` ( + `switch` varchar(17) NOT NULL default '', + `port` varchar(8) NOT NULL default '', + `start_time` datetime NOT NULL default '0000-00-00 00:00:00', + `end_time` datetime default NULL, + `location` varchar(50) default NULL, + `description` varchar(50) default NULL, + PRIMARY KEY (`switch`,`port`,`start_time`) +) ENGINE=InnoDB; + +CREATE TABLE `traplog` ( + `switch` varchar(30) NOT NULL default '', + `ifIndex` smallint(6) NOT NULL default '0', + `parseTime` datetime NOT NULL default '0000-00-00 00:00:00', + `type` varchar(30) NOT NULL default '', + KEY `switch` (`switch`,`ifIndex`), + KEY `parseTime` (`parseTime`) +) ENGINE=InnoDB; + +CREATE TABLE `configfile` ( + `filename` varchar(255) NOT NULL, + `filecontent` text NOT NULL, + `lastmodified` datetime NOT NULL +) ENGINE=InnoDB default CHARSET=latin1; + +-- +-- Table structure for table `email_activation` +-- + +CREATE TABLE email_activation ( + `code_id` int NOT NULL AUTO_INCREMENT, + `pid` varchar(255) default NULL, + `mac` varchar(17) default NULL, + `email` varchar(255) NOT NULL, -- email were approbation request is sent + `activation_code` varchar(255) NOT NULL, + `expiration` datetime NOT NULL, + `status` varchar(60) default NULL, + `type` varchar(60) default NULL, + PRIMARY KEY (code_id), + KEY `identifier` (pid, mac), + KEY `activation` (activation_code, status) +) ENGINE=InnoDB; + +-- +-- Table structure for table `temporary_password` +-- + +CREATE TABLE temporary_password ( + `pid` varchar(255) NOT NULL, + `password` varchar(255) NOT NULL, + `valid_from` datetime default NULL, + `expiration` datetime NOT NULL, + `access_duration` varchar(255) default NULL, + `access_level` varchar(255) DEFAULT 'NONE', + `category` int DEFAULT NULL, + `sponsor` tinyint(1) NOT NULL default 0, + `unregdate` datetime NOT NULL default "0000-00-00 00:00:00", + PRIMARY KEY (pid) +) ENGINE=InnoDB; + +-- +-- Insert 'default' admin user +-- + +INSERT INTO `person` (pid,notes) VALUES ("admin","Default Admin User - do not delete"); +INSERT INTO temporary_password (pid, password, valid_from, expiration, access_duration, access_level, category) VALUES ('admin', 'admin', NOW(), '2038-01-01', NULL, 'ALL', NULL); + +-- +-- Trigger to delete the temp password from 'temporary_password' when deleting the pid associated with +-- + +DROP TRIGGER IF EXISTS temporary_password_delete_trigger; +DELIMITER / +CREATE TRIGGER temporary_password_delete_trigger AFTER DELETE ON person +FOR EACH ROW +BEGIN + DELETE FROM temporary_password WHERE pid = OLD.pid; +END / +DELIMITER ; + +-- +-- Table structure for table `sms_activation` +-- + +CREATE TABLE sms_activation ( + `code_id` int NOT NULL AUTO_INCREMENT, + `mac` varchar(17) default NULL, + `phone_number` varchar(255) NOT NULL, -- phone number where sms is sent + `carrier_id` int(11) NOT NULL, + `activation_code` varchar(255) NOT NULL, + `expiration` datetime NOT NULL, + `status` varchar(60) default NULL, + PRIMARY KEY (code_id), + KEY `identifier` (mac), + KEY `activation` (activation_code, status) +) ENGINE=InnoDB; + +-- +-- Table structure for table `sms_carrier` +-- +-- Source: StatusNet +-- Schema fetched on 2010-10-15 from: +-- http://gitorious.org/statusnet/mainline/blobs/raw/master/db/statusnet.sql +-- + +CREATE TABLE sms_carrier ( + id integer primary key comment 'primary key for SMS carrier', + name varchar(64) unique key comment 'name of the carrier', + email_pattern varchar(255) not null comment 'sprintf pattern for making an email address from a phone number', + created datetime not null comment 'date this record was created', + modified timestamp comment 'date this record was modified' +) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_bin; + +-- +-- Insert data for table `sms_carrier` +-- +-- Source: StatusNet +-- Data fetched on 2011-07-20 from: +-- http://gitorious.org/statusnet/mainline/blobs/raw/master/db/sms_carrier.sql +-- + +INSERT INTO sms_carrier + (id, name, email_pattern, created) +VALUES + (100056, '3 River Wireless', '%s@sms.3rivers.net', now()), + (100057, '7-11 Speakout', '%s@cingularme.com', now()), + (100058, 'Airtel (Karnataka, India)', '%s@airtelkk.com', now()), + (100059, 'Alaska Communications Systems', '%s@msg.acsalaska.com', now()), + (100060, 'Alltel Wireless', '%s@message.alltel.com', now()), + (100061, 'AT&T Wireless', '%s@txt.att.net', now()), + (100062, 'Bell Mobility (Canada)', '%s@txt.bell.ca', now()), + (100063, 'Boost Mobile', '%s@myboostmobile.com', now()), + (100064, 'Cellular One (Dobson)', '%s@mobile.celloneusa.com', now()), + (100065, 'Cingular (Postpaid)', '%s@cingularme.com', now()), + (100066, 'Centennial Wireless', '%s@cwemail.com', now()), + (100067, 'Cingular (GoPhone prepaid)', '%s@cingularme.com', now()), + (100068, 'Claro (Nicaragua)', '%s@ideasclaro-ca.com', now()), + (100069, 'Comcel', '%s@comcel.com.co', now()), + (100070, 'Cricket', '%s@sms.mycricket.com', now()), + (100071, 'CTI', '%s@sms.ctimovil.com.ar', now()), + (100072, 'Emtel (Mauritius)', '%s@emtelworld.net', now()), + (100073, 'Fido (Canada)', '%s@fido.ca', now()), + (100074, 'General Communications Inc.', '%s@msg.gci.net', now()), + (100075, 'Globalstar', '%s@msg.globalstarusa.com', now()), + (100076, 'Helio', '%s@myhelio.com', now()), + (100077, 'Illinois Valley Cellular', '%s@ivctext.com', now()), + (100078, 'i wireless', '%s.iws@iwspcs.net', now()), + (100079, 'Meteor (Ireland)', '%s@sms.mymeteor.ie', now()), + (100080, 'Mero Mobile (Nepal)', '%s@sms.spicenepal.com', now()), + (100081, 'MetroPCS', '%s@mymetropcs.com', now()), + (100082, 'Movicom', '%s@movimensaje.com.ar', now()), + (100083, 'Mobitel (Sri Lanka)', '%s@sms.mobitel.lk', now()), + (100084, 'Movistar (Colombia)', '%s@movistar.com.co', now()), + (100085, 'MTN (South Africa)', '%s@sms.co.za', now()), + (100086, 'MTS (Canada)', '%s@text.mtsmobility.com', now()), + (100087, 'Nextel (Argentina)', '%s@nextel.net.ar', now()), + (100088, 'Orange (Poland)', '%s@orange.pl', now()), + (100089, 'Personal (Argentina)', '%s@personal-net.com.ar', now()), + (100090, 'Plus GSM (Poland)', '%s@text.plusgsm.pl', now()), + (100091, 'President\'s Choice (Canada)', '%s@txt.bell.ca', now()), + (100092, 'Qwest', '%s@qwestmp.com', now()), + (100093, 'Rogers (Canada)', '%s@pcs.rogers.com', now()), + (100094, 'Sasktel (Canada)', '%s@sms.sasktel.com', now()), + (100095, 'Setar Mobile email (Aruba)', '%s@mas.aw', now()), + (100096, 'Solo Mobile', '%s@txt.bell.ca', now()), + (100097, 'Sprint (PCS)', '%s@messaging.sprintpcs.com', now()), + (100098, 'Sprint (Nextel)', '%s@page.nextel.com', now()), + (100099, 'Suncom', '%s@tms.suncom.com', now()), + (100100, 'T-Mobile', '%s@tmomail.net', now()), + (100101, 'T-Mobile (Austria)', '%s@sms.t-mobile.at', now()), + (100102, 'Telus Mobility (Canada)', '%s@msg.telus.com', now()), + (100103, 'Thumb Cellular', '%s@sms.thumbcellular.com', now()), + (100104, 'Tigo (Formerly Ola)', '%s@sms.tigo.com.co', now()), + (100105, 'Unicel', '%s@utext.com', now()), + (100106, 'US Cellular', '%s@email.uscc.net', now()), + (100107, 'Verizon', '%s@vtext.com', now()), + (100108, 'Virgin Mobile (Canada)', '%s@vmobile.ca', now()), + (100109, 'Virgin Mobile (USA)', '%s@vmobl.com', now()), + (100110, 'YCC', '%s@sms.ycc.ru', now()), + (100111, 'Orange (UK)', '%s@orange.net', now()), + (100112, 'Cincinnati Bell Wireless', '%s@gocbw.com', now()), + (100113, 'T-Mobile Germany', '%s@t-mobile-sms.de', now()), + (100114, 'Vodafone Germany', '%s@vodafone-sms.de', now()), + (100115, 'E-Plus', '%s@smsmail.eplus.de', now()), + (100116, 'Cellular South', '%s@csouth1.com', now()), + (100117, 'ChinaMobile (139)', '%s@139.com', now()), + (100118, 'Dialog Axiata', '%s@dialog.lk', now()); + +-- Adding RADIUS nas client table + +CREATE TABLE radius_nas ( + nasname varchar(128) NOT NULL, + shortname varchar(32), + type varchar(30) default 'other', + ports int(5), + secret varchar(60) default 'secret' NOT NULL, + community varchar(50), + description varchar(200) default 'RADIUS Client', + config_timestamp BIGINT, + PRIMARY KEY nasname (nasname) +) ENGINE=InnoDB; + +-- Adding RADIUS accounting table + +CREATE TABLE radacct ( + radacctid bigint(21) NOT NULL AUTO_INCREMENT, + acctsessionid varchar(64) NOT NULL default '', + acctuniqueid varchar(32) NOT NULL default '', + username varchar(64) NOT NULL default '', + groupname varchar(64) NOT NULL default '', + realm varchar(64) default '', + nasipaddress varchar(15) NOT NULL default '', + nasportid varchar(15) default NULL, + nasporttype varchar(32) default NULL, + acctstarttime datetime NULL default NULL, + acctstoptime datetime NULL default NULL, + acctsessiontime int(12) default NULL, + acctauthentic varchar(32) default NULL, + connectinfo_start varchar(50) default NULL, + connectinfo_stop varchar(50) default NULL, + acctinputoctets bigint(20) default NULL, + acctoutputoctets bigint(20) default NULL, + calledstationid varchar(50) NOT NULL default '', + callingstationid varchar(50) NOT NULL default '', + acctterminatecause varchar(32) NOT NULL default '', + servicetype varchar(32) default NULL, + framedprotocol varchar(32) default NULL, + framedipaddress varchar(15) NOT NULL default '', + acctstartdelay int(12) default NULL, + acctstopdelay int(12) default NULL, + xascendsessionsvrkey varchar(10) default NULL, + PRIMARY KEY (radacctid), + KEY username (username), + KEY framedipaddress (framedipaddress), + KEY acctsessionid (acctsessionid), + KEY acctsessiontime (acctsessiontime), + KEY acctuniqueid (acctuniqueid), + KEY acctstarttime (acctstarttime), + KEY acctstoptime (acctstoptime), + KEY nasipaddress (nasipaddress), + KEY callingstationid (callingstationid) +) ENGINE=InnoDB; + +-- Adding RADIUS update log table + +CREATE TABLE radacct_log ( + acctsessionid varchar(64) NOT NULL default '', + username varchar(64) NOT NULL default '', + nasipaddress varchar(15) NOT NULL default '', + acctstatustype varchar(25) NOT NULL default '', + timestamp datetime NULL default NULL, + acctinputoctets bigint(20) default NULL, + acctoutputoctets bigint(20) default NULL, + acctsessiontime int(12) default NULL, + KEY acctsessionid (acctsessionid), + KEY username (username), + KEY nasipaddress (nasipaddress), + KEY timestamp (timestamp) +) ENGINE=InnoDB; + +-- Adding RADIUS Updates Stored Procedure + +DROP PROCEDURE IF EXISTS acct_update; +DELIMITER / +CREATE PROCEDURE acct_update( + IN p_timestamp datetime, + IN p_acctsessiontime int(12), + IN p_acctinputoctets bigint(20), + IN p_acctoutputoctets bigint(20), + IN p_acctsessionid varchar(64), + IN p_username varchar(64), + IN p_nasipaddress varchar(15), + IN p_framedipaddress varchar(15), + IN p_acctstatustype varchar(25) +) +BEGIN + DECLARE Previous_Input_Octets bigint(20); + DECLARE Previous_Output_Octets bigint(20); + DECLARE Previous_Session_Time int(12); + + # Collect traffic previous values in the update table + SELECT SUM(acctinputoctets), SUM(acctoutputoctets), SUM(acctsessiontime) + INTO Previous_Input_Octets, Previous_Output_Octets, Previous_Session_Time + FROM radacct_log + WHERE acctsessionid = p_acctsessionid + AND username = p_username + AND nasipaddress = p_nasipaddress; + + # Set values to 0 when no previous records + IF (Previous_Session_Time IS NULL) THEN + SET Previous_Session_Time = 0; + SET Previous_Input_Octets = 0; + SET Previous_Output_Octets = 0; + END IF; + + # Update record with new traffic + UPDATE radacct SET + framedipaddress = p_framedipaddress, + acctsessiontime = p_acctsessiontime, + acctinputoctets = p_acctinputoctets, + acctoutputoctets = p_acctoutputoctets + WHERE acctsessionid = p_acctsessionid + AND username = p_username + AND nasipaddress = p_nasipaddress + AND (acctstoptime IS NULL OR acctstoptime = 0); + + # Create new record in the log table + INSERT INTO radacct_log + (acctsessionid, username, nasipaddress, + timestamp, acctstatustype, acctinputoctets, acctoutputoctets, acctsessiontime) + VALUES + (p_acctsessionid, p_username, p_nasipaddress, + p_timestamp, p_acctstatustype, (p_acctinputoctets - Previous_Input_Octets), (p_acctoutputoctets - Previous_Output_Octets), + (p_acctsessiontime - Previous_Session_Time)); +END / +DELIMITER ; + +-- Adding RADIUS Start Stored Procedure + +DROP PROCEDURE IF EXISTS acct_start; +DELIMITER / +CREATE PROCEDURE acct_start ( + IN p_acctsessionid varchar(64), + IN p_acctuniqueid varchar(32), + IN p_username varchar(64), + IN p_realm varchar(64), + IN p_nasipaddress varchar(15), + IN p_nasportid varchar(15), + IN p_nasporttype varchar(32), + IN p_acctstarttime datetime, + IN p_acctstoptime datetime, + IN p_acctsessiontime int(12), + IN p_acctauthentic varchar(32), + IN p_connectioninfo_start varchar(50), + IN p_connectioninfo_stop varchar(50), + IN p_acctinputoctets bigint(20), + IN p_acctoutputoctets bigint(20), + IN p_calledstationid varchar(50), + IN p_callingstationid varchar(50), + IN p_acctterminatecause varchar(32), + IN p_servicetype varchar(32), + IN p_framedprotocol varchar(32), + IN p_framedipaddress varchar(15), + IN p_acctstartdelay varchar(12), + IN p_acctstopdelay varchar(12), + IN p_xascendsessionsvrkey varchar(10), + IN p_acctstatustype varchar(25) +) +BEGIN + # Insert new record with new traffic + INSERT INTO radacct + (acctsessionid, acctuniqueid, username, + realm, nasipaddress, nasportid, + nasporttype, acctstarttime, acctstoptime, + acctsessiontime, acctauthentic, connectinfo_start, + connectinfo_stop, acctinputoctets, acctoutputoctets, + calledstationid, callingstationid, acctterminatecause, + servicetype, framedprotocol, framedipaddress, + acctstartdelay, acctstopdelay, xascendsessionsvrkey) + VALUES + (p_acctsessionid, p_acctuniqueid, p_username, + p_realm, p_nasipaddress, p_nasportid, + p_nasporttype, p_acctstarttime, p_acctstoptime, + p_acctsessiontime, p_acctauthentic, p_connectioninfo_start, + p_connectioninfo_stop, p_acctinputoctets, p_acctoutputoctets, + p_calledstationid, p_callingstationid, p_acctterminatecause, + p_servicetype, p_framedprotocol, p_framedipaddress, + p_acctstartdelay, p_acctstopdelay, p_xascendsessionsvrkey); + + # Create new record in the log table + INSERT INTO radacct_log + (acctsessionid, username, nasipaddress, + timestamp, acctstatustype, acctinputoctets, acctoutputoctets, acctsessiontime) + VALUES + (p_acctsessionid, p_username, p_nasipaddress, + p_acctstarttime, p_acctstatustype,p_acctinputoctets,p_acctoutputoctets,p_acctsessiontime); +END / +DELIMITER ; + +-- Adding RADIUS Stop Stored Procedure + +DROP PROCEDURE IF EXISTS acct_stop; +DELIMITER / +CREATE PROCEDURE acct_stop( + IN p_timestamp datetime, + IN p_acctsessiontime int(12), + IN p_acctinputoctets bigint(20), + IN p_acctoutputoctets bigint(20), + IN p_acctterminatecause varchar(12), + IN p_acctdelaystop varchar(32), + IN p_connectinfo_stop varchar(50), + IN p_acctsessionid varchar(64), + IN p_username varchar(64), + IN p_nasipaddress varchar(15), + IN p_acctstatustype varchar(25) +) +BEGIN + DECLARE Previous_Input_Octets bigint(20); + DECLARE Previous_Output_Octets bigint(20); + DECLARE Previous_Session_Time int(12); + + # Collect traffic previous values in the update table + SELECT SUM(acctinputoctets), SUM(acctoutputoctets), SUM(acctsessiontime) + INTO Previous_Input_Octets, Previous_Output_Octets, Previous_Session_Time + FROM radacct_log + WHERE acctsessionid = p_acctsessionid + AND username = p_username + AND nasipaddress = p_nasipaddress; + + # Set values to 0 when no previous records + IF (Previous_Session_Time IS NULL) THEN + SET Previous_Session_Time = 0; + SET Previous_Input_Octets = 0; + SET Previous_Output_Octets = 0; + END IF; + + # Update record with new traffic + UPDATE radacct SET + acctstoptime = p_timestamp, + acctsessiontime = p_acctsessiontime, + acctinputoctets = p_acctinputoctets, + acctoutputoctets = p_acctoutputoctets, + acctterminatecause = p_acctterminatecause, + connectinfo_stop = p_connectinfo_stop + WHERE acctsessionid = p_acctsessionid + AND username = p_username + AND nasipaddress = p_nasipaddress + AND (acctstoptime IS NULL OR acctstoptime = 0); + + # Create new record in the log table + INSERT INTO radacct_log + (acctsessionid, username, nasipaddress, + timestamp, acctstatustype, acctinputoctets, acctoutputoctets, acctsessiontime) + VALUES + (p_acctsessionid, p_username, p_nasipaddress, + p_timestamp, p_acctstatustype, (p_acctinputoctets - Previous_Input_Octets), (p_acctoutputoctets - Previous_Output_Octets), + (p_acctsessiontime - Previous_Session_Time)); +END / +DELIMITER ; + +-- +-- Statement of Health (SoH) related +-- +-- The web interface allows you to create any number of named filters, +-- which are a collection of rules. A rule is a specific condition that +-- must be satisfied by the statement of health, e.g. "anti-virus is not +-- installed". The rules in a filter are ANDed together to determine if +-- the specified action is to be executed. + +-- +-- One entry per filter. +-- + +CREATE TABLE soh_filters ( + filter_id int NOT NULL PRIMARY KEY AUTO_INCREMENT, + name varchar(32) NOT NULL UNIQUE, + + -- If action is null, this filter won't do anything. Otherwise this + -- column may have any value; "accept" and "violation" are currently + -- recognised and acted upon. + action varchar(32), + + -- If action = 'violation', then this column contains the vid of a + -- violation to trigger. (I wish I could write a constraint to + -- express this.) + vid int +) ENGINE=InnoDB; + +INSERT INTO soh_filters (name) VALUES ('Default'); + +-- +-- One entry for each rule in a filter. +-- + +CREATE TABLE soh_filter_rules ( + rule_id int NOT NULL PRIMARY KEY AUTO_INCREMENT, + + filter_id int NOT NULL, + FOREIGN KEY (filter_id) REFERENCES soh_filters (filter_id) + ON DELETE CASCADE, + + -- Any valid health class, e.g. "antivirus" + class varchar(32) NOT NULL, + + -- Must be 'is' or 'is not' + op varchar(16) NOT NULL, + + -- May be 'ok', 'installed', 'enabled', 'disabled', 'uptodate', + -- 'microsoft' for now; more values may be used in future. + status varchar(16) NOT NULL +) ENGINE=InnoDB; + +-- +-- Table structure for table `scan` +-- + +CREATE TABLE scan ( + id varchar(20) NOT NULL, + ip varchar(255) NOT NULL, + mac varchar(17) NOT NULL, + type varchar(255) NOT NULL, + start_date datetime NOT NULL, + update_date timestamp NOT NULL ON UPDATE CURRENT_TIMESTAMP, + status varchar(255) NOT NULL, + report_id varchar(255) NOT NULL, + PRIMARY KEY (id) +) ENGINE=InnoDB; + +-- +-- Table structure for table `billing` +-- + +CREATE TABLE billing ( + id varchar(20) NOT NULL, + ip varchar(255) NOT NULL, + mac varchar(17) NOT NULL, + type varchar(255) NOT NULL, + start_date datetime NOT NULL, + update_date timestamp NOT NULL ON UPDATE CURRENT_TIMESTAMP, + status varchar(255) NOT NULL, + item varchar(255) NOT NULL, + price varchar(255) NOT NULL, + person varchar(255) NOT NULL, + PRIMARY KEY (id) +) ENGINE=InnoDB; + +-- +-- Table structure for table `savedsearch` +-- + +CREATE TABLE savedsearch ( + id int NOT NULL AUTO_INCREMENT, + pid varchar(255) NOT NULL, + namespace varchar(255) NOT NULL, + name varchar(255) NOT NULL, + query text, + in_dashboard tinyint, + PRIMARY KEY (id) +) ENGINE=InnoDB; + +-- +-- Table structure for table +-- + +CREATE TABLE inline_accounting ( + outbytes bigint unsigned NOT NULL DEFAULT '0' COMMENT 'orig_raw_pktlen', + inbytes bigint unsigned NOT NULL DEFAULT '0' COMMENT 'reply_raw_pktlen', + ip varchar(16) NOT NULL, + firstseen DATETIME NOT NULL, + lastmodified DATETIME NOT NULL, + status int unsigned NOT NULL default 0, + PRIMARY KEY (ip, firstseen), + INDEX (ip) + ) ENGINE=InnoDB; + +-- +-- Table structure for wrix +-- + +CREATE TABLE wrix ( + id varchar(255) NOT NULL, + `Provider_Identifier` varchar(255) NULL DEFAULT NULL, + `Location_Identifier` varchar(255) NULL DEFAULT NULL, + `Service_Provider_Brand` varchar(255) NULL DEFAULT NULL, + `Location_Type` varchar(255) NULL DEFAULT NULL, + `Sub_Location_Type` varchar(255) NULL DEFAULT NULL, + `English_Location_Name` varchar(255) NULL DEFAULT NULL, + `Location_Address1` varchar(255) NULL DEFAULT NULL, + `Location_Address2` varchar(255) NULL DEFAULT NULL, + `English_Location_City` varchar(255) NULL DEFAULT NULL, + `Location_Zip_Postal_Code` varchar(255) NULL DEFAULT NULL, + `Location_State_Province_Name` varchar(255) NULL DEFAULT NULL, + `Location_Country_Name` varchar(255) NULL DEFAULT NULL, + `Location_Phone_Number` varchar(255) NULL DEFAULT NULL, + `SSID_Open_Auth` varchar(255) NULL DEFAULT NULL, + `SSID_Broadcasted` varchar(255) NULL DEFAULT NULL, + `WEP_Key` varchar(255) NULL DEFAULT NULL, + `WEP_Key_Entry_Method` varchar(255) NULL DEFAULT NULL, + `WEP_Key_Size` varchar(255) NULL DEFAULT NULL, + `SSID_1X` varchar(255) NULL DEFAULT NULL, + `SSID_1X_Broadcasted` varchar(255) NULL DEFAULT NULL, + `Security_Protocol_1X` varchar(255) NULL DEFAULT NULL, + `Client_Support` varchar(255) NULL DEFAULT NULL, + `Restricted_Access` varchar(255) NULL DEFAULT NULL, + `Location_URL` varchar(255) NULL DEFAULT NULL, + `Coverage_Area` varchar(255) NULL DEFAULT NULL, + `Open_Monday` varchar(255) NULL DEFAULT NULL, + `Open_Tuesday` varchar(255) NULL DEFAULT NULL, + `Open_Wednesday` varchar(255) NULL DEFAULT NULL, + `Open_Thursday` varchar(255) NULL DEFAULT NULL, + `Open_Friday` varchar(255) NULL DEFAULT NULL, + `Open_Saturday` varchar(255) NULL DEFAULT NULL, + `Open_Sunday` varchar(255) NULL DEFAULT NULL, + `Longitude` varchar(255) NULL DEFAULT NULL, + `Latitude` varchar(255) NULL DEFAULT NULL, + `UTC_Timezone` varchar(255) NULL DEFAULT NULL, + `MAC_Address` varchar(255) NULL DEFAULT NULL, + PRIMARY KEY (id) +) ENGINE=InnoDB; diff --git a/db/upgrade-4.0.0-4.1.0.sql b/db/upgrade-4.0.0-4.1.0.sql index a5f5bc04a452..9d77fb8ae5c0 100644 --- a/db/upgrade-4.0.0-4.1.0.sql +++ b/db/upgrade-4.0.0-4.1.0.sql @@ -17,3 +17,13 @@ UPDATE temporary_password SET access_level = 'NONE' WHERE access_level = '0'; -- ALTER TABLE `node` ADD `autoreg` enum('no','yes') NOT NULL DEFAULT 'no' AFTER voip; + +-- +-- Alter for dynamic controller +-- + +ALTER TABLE locationlog + ADD `switch_ip` varchar(17) DEFAULT NULL, + ADD `switch_mac` varchar(17) DEFAULT NULL; + +UPDATE locationlog SET switch_ip = switch; diff --git a/db/upgrade-4.1.0-4.2.0.sql b/db/upgrade-4.1.0-4.2.0.sql new file mode 100644 index 000000000000..06ac8ed68887 --- /dev/null +++ b/db/upgrade-4.1.0-4.2.0.sql @@ -0,0 +1,125 @@ +--- +--- Add a column to store the time balance of a node +--- + +ALTER TABLE node ADD `time_balance` int unsigned AFTER `lastskip`; + +--- +--- Add a column to store the bandwidth balance of a node +--- + +ALTER TABLE node ADD `bandwidth_balance` int unsigned AFTER `time_balance`; + +-- +-- Add a new column to keep the audit-session-id from the RADIUS request to use with the CoA +-- + +ALTER TABLE node ADD `sessionid` varchar(30) default NULL AFTER `autoreg`; + +-- +-- Add new columns to store various information related to a person +-- + +ALTER TABLE person + ADD `anniversary` varchar(255) NULL DEFAULT NULL, + ADD `birthday` varchar(255) NULL DEFAULT NULL, + ADD `gender` char(1) NULL DEFAULT NULL, + ADD `lang` varchar(255) NULL DEFAULT NULL, + ADD `nickname` varchar(255) NULL DEFAULT NULL, + ADD `cell_phone` varchar(255) NULL DEFAULT NULL, + ADD `work_phone` varchar(255) NULL DEFAULT NULL, + ADD `title` varchar(255) NULL DEFAULT NULL, + ADD `building_number` varchar(255) NULL DEFAULT NULL, + ADD `apartment_number` varchar(255) NULL DEFAULT NULL, + ADD `room_number` varchar(255) NULL DEFAULT NULL, + ADD `custom_field_1` varchar(255) NULL DEFAULT NULL, + ADD `custom_field_2` varchar(255) NULL DEFAULT NULL, + ADD `custom_field_3` varchar(255) NULL DEFAULT NULL, + ADD `custom_field_4` varchar(255) NULL DEFAULT NULL, + ADD `custom_field_5` varchar(255) NULL DEFAULT NULL, + ADD `custom_field_6` varchar(255) NULL DEFAULT NULL, + ADD `custom_field_7` varchar(255) NULL DEFAULT NULL, + ADD `custom_field_8` varchar(255) NULL DEFAULT NULL, + ADD `custom_field_9` varchar(255) NULL DEFAULT NULL +; + +-- +-- Add a new table for inline accounting +-- + +CREATE TABLE inline_accounting ( + `outbytes` bigint unsigned NOT NULL DEFAULT '0' COMMENT 'orig_raw_pktlen', + `inbytes` bigint unsigned NOT NULL DEFAULT '0' COMMENT 'reply_raw_pktlen', + `ip` varchar(16) NOT NULL, + `firstseen` DATETIME NOT NULL, + `lastmodified` DATETIME NOT NULL, + `status` int unsigned NOT NULL default 0, + PRIMARY KEY (ip, firstseen), + INDEX (ip) +) ENGINE=InnoDB; + +-- +-- Added a new column config_timestamp for RADIUS NAS +--- + +ALTER TABLE radius_nas + ADD config_timestamp BIGINT AFTER description, + DROP PRIMARY KEY, + DROP COLUMN id, + ADD PRIMARY KEY (nasname) +; + +-- +-- Add new columns to store the switch IP and MAC when using dynamic controllers +-- + +ALTER TABLE locationlog + ADD `switch_ip` varchar(17) DEFAULT NULL, + ADD `switch_mac` varchar(17) DEFAULT NULL; + +UPDATE locationlog SET switch_ip = switch; + +-- +-- Table structure for wrix +-- + +CREATE TABLE wrix ( + id varchar(255) NOT NULL, + `Provider_Identifier` varchar(255) NULL DEFAULT NULL, + `Location_Identifier` varchar(255) NULL DEFAULT NULL, + `Service_Provider_Brand` varchar(255) NULL DEFAULT NULL, + `Location_Type` varchar(255) NULL DEFAULT NULL, + `Sub_Location_Type` varchar(255) NULL DEFAULT NULL, + `English_Location_Name` varchar(255) NULL DEFAULT NULL, + `Location_Address1` varchar(255) NULL DEFAULT NULL, + `Location_Address2` varchar(255) NULL DEFAULT NULL, + `English_Location_City` varchar(255) NULL DEFAULT NULL, + `Location_Zip_Postal_Code` varchar(255) NULL DEFAULT NULL, + `Location_State_Province_Name` varchar(255) NULL DEFAULT NULL, + `Location_Country_Name` varchar(255) NULL DEFAULT NULL, + `Location_Phone_Number` varchar(255) NULL DEFAULT NULL, + `SSID_Open_Auth` varchar(255) NULL DEFAULT NULL, + `SSID_Broadcasted` varchar(255) NULL DEFAULT NULL, + `WEP_Key` varchar(255) NULL DEFAULT NULL, + `WEP_Key_Entry_Method` varchar(255) NULL DEFAULT NULL, + `WEP_Key_Size` varchar(255) NULL DEFAULT NULL, + `SSID_1X` varchar(255) NULL DEFAULT NULL, + `SSID_1X_Broadcasted` varchar(255) NULL DEFAULT NULL, + `Security_Protocol_1X` varchar(255) NULL DEFAULT NULL, + `Client_Support` varchar(255) NULL DEFAULT NULL, + `Restricted_Access` varchar(255) NULL DEFAULT NULL, + `Location_URL` varchar(255) NULL DEFAULT NULL, + `Coverage_Area` varchar(255) NULL DEFAULT NULL, + `Open_Monday` varchar(255) NULL DEFAULT NULL, + `Open_Tuesday` varchar(255) NULL DEFAULT NULL, + `Open_Wednesday` varchar(255) NULL DEFAULT NULL, + `Open_Thursday` varchar(255) NULL DEFAULT NULL, + `Open_Friday` varchar(255) NULL DEFAULT NULL, + `Open_Saturday` varchar(255) NULL DEFAULT NULL, + `Open_Sunday` varchar(255) NULL DEFAULT NULL, + `Longitude` varchar(255) NULL DEFAULT NULL, + `Latitude` varchar(255) NULL DEFAULT NULL, + `UTC_Timezone` varchar(255) NULL DEFAULT NULL, + `MAC_Address` varchar(255) NULL DEFAULT NULL, + PRIMARY KEY (id) +) ENGINE=InnoDB; diff --git a/db/wrix.sql b/db/wrix.sql new file mode 100644 index 000000000000..732a5b450f10 --- /dev/null +++ b/db/wrix.sql @@ -0,0 +1,41 @@ + +CREATE TABLE wrix ( + id varchar(255) NOT NULL, + `Provider_Identifier` varchar(255) NULL DEFAULT NULL, + `Location_Identifier` varchar(255) NULL DEFAULT NULL, + `Service_Provider_Brand` varchar(255) NULL DEFAULT NULL, + `Location_Type` varchar(255) NULL DEFAULT NULL, + `Sub_Location_Type` varchar(255) NULL DEFAULT NULL, + `English_Location_Name` varchar(255) NULL DEFAULT NULL, + `Location_Address1` varchar(255) NULL DEFAULT NULL, + `Location_Address2` varchar(255) NULL DEFAULT NULL, + `English_Location_City` varchar(255) NULL DEFAULT NULL, + `Location_Zip_Postal_Code` varchar(255) NULL DEFAULT NULL, + `Location_State_Province_Name` varchar(255) NULL DEFAULT NULL, + `Location_Country_Name` varchar(255) NULL DEFAULT NULL, + `Location_Phone_Number` varchar(255) NULL DEFAULT NULL, + `SSID_Open_Auth` varchar(255) NULL DEFAULT NULL, + `SSID_Broadcasted` varchar(255) NULL DEFAULT NULL, + `WEP_Key` varchar(255) NULL DEFAULT NULL, + `WEP_Key_Entry_Method` varchar(255) NULL DEFAULT NULL, + `WEP_Key_Size` varchar(255) NULL DEFAULT NULL, + `SSID_1X` varchar(255) NULL DEFAULT NULL, + `SSID_1X_Broadcasted` varchar(255) NULL DEFAULT NULL, + `Security_Protocol_1X` varchar(255) NULL DEFAULT NULL, + `Client_Support` varchar(255) NULL DEFAULT NULL, + `Restricted_Access` varchar(255) NULL DEFAULT NULL, + `Location_URL` varchar(255) NULL DEFAULT NULL, + `Coverage_Area` varchar(255) NULL DEFAULT NULL, + `Open_Monday` varchar(255) NULL DEFAULT NULL, + `Open_Tuesday` varchar(255) NULL DEFAULT NULL, + `Open_Wednesday` varchar(255) NULL DEFAULT NULL, + `Open_Thursday` varchar(255) NULL DEFAULT NULL, + `Open_Friday` varchar(255) NULL DEFAULT NULL, + `Open_Saturday` varchar(255) NULL DEFAULT NULL, + `Open_Sunday` varchar(255) NULL DEFAULT NULL, + `Longitude` varchar(255) NULL DEFAULT NULL, + `Latitude` varchar(255) NULL DEFAULT NULL, + `UTC_Timezone` varchar(255) NULL DEFAULT NULL, + `MAC_Address` varchar(255) NULL DEFAULT NULL, + PRIMARY KEY (id) +) ENGINE=InnoDB; diff --git a/debian/changelog b/debian/changelog index e45bd5236159..5c55e317fb0c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +packetfence (4.2.0) unstable; urgency=low + + * Version 4.2.0 + + -- Inverse Tue, 6 May 2014 12:00:00 -0400 + packetfence (4.1.0) unstable; urgency=low * Version 4.1.0 diff --git a/debian/control b/debian/control index 406ae1aa3936..fa7244b58008 100644 --- a/debian/control +++ b/debian/control @@ -11,17 +11,17 @@ Homepage: http://www.packetfence.org/ Package: packetfence Architecture: all # TODO: We can probably move these in Depends since 3.5.0 (managed RADIUS feature) -Pre-Depends: freeradius, freeradius-ldap, freeradius-postgresql, +Pre-Depends: freeradius (>= 2.2.5), freeradius-ldap, freeradius-postgresql, freeradius-mysql, freeradius-krb5, dhcp3-server Depends: ${misc:Depends}, vlan, make, openssl, openssl-blacklist, openssl-blacklist-extra, mysql-server, memcached, - snmp, snmptrapfmt, snmp-mibs-downloader, + snmp, snmptrapfmt, snmp-mibs-downloader, conntrack, # apache related apache2, apache2.2-common, apache2-utils, libapache2-mod-proxy-html, apache2-mpm-prefork, libapache2-mod-apreq2, libapache2-mod-perl2, libapache2-request-perl, libtie-dxhash-perl, libapache-session-perl, - libapache-session-memcached-perl, libapache-ssllookup-perl, + libapache-session-memcached-perl, libapache-ssllookup-perl, libapache2-mod-qos, make, iproute, ipset, @@ -31,7 +31,7 @@ Depends: ${misc:Depends}, vlan, make, # perl basic components liblist-moreutils-perl, libwww-perl, libtry-tiny-perl, # perl uncategorized modules - libapache-htpasswd-perl, libbit-vector-perl, libtext-csv-perl, + libapache-htpasswd-perl, libbit-vector-perl, libtext-csv-perl, libtext-csv-xs-perl, libcgi-session-serialize-yaml-perl, libtimedate-perl, libapache-dbi-perl, libdbd-mysql-perl, libfile-tail-perl, libnetwork-ipv4addr-perl, libiptables-parse-perl, libiptables-chainmgr-perl, iptables (>= 1.4.0), @@ -43,8 +43,8 @@ Depends: ${misc:Depends}, vlan, make, libterm-readkey-perl, libtest-perl-critic-perl, libtest-pod-perl, libtest-pod-coverage-perl, libthread-pool-simple-perl, libuniversal-require-perl, libuniversal-exports-perl, libnet-rawip-perl, - libcgi-session-perl, libcgi-session-driver-memcached-perl, libconfig-inifiles-perl (>= 2.78.0), - libdatetime-format-dateparse-perl, libdbi-perl, + libcgi-session-perl, libcgi-session-driver-chi-perl (>= 1.0.3), libconfig-inifiles-perl (>= 2.78.0), + libdatetime-format-dateparse-perl, libdbi-perl,librose-db-perl,librose-db-object-perl, libnet-telnet-perl, libregexp-common-perl, libreadonly-perl, libtemplate-perl, libterm-readkey-perl, libuniversal-require-perl, libthread-serialize-perl, @@ -53,7 +53,8 @@ Depends: ${misc:Depends}, vlan, make, libiptables-libiptc-perl, libload-perl, libmime-lite-tt-perl, libmime-lite-perl, libconfig-general-perl, libproc-processtable-perl, libfile-flock-perl, libperl-version-perl, perl-modules, - liblinux-fd-perl, liblinux-inotify2-perl, libfile-touch-perl, + liblinux-fd-perl, liblinux-inotify2-perl, libfile-touch-perl, libhash-merge-perl, + libcrypt-openssl-x509-perl,libconst-fast-perl, # hard-coded to specific version because v3 broke the API and we haven't ported to it yet # see #1313: Port our Net-Appliance-Session to the version 3 API # http://packetfence.org/bugs/view.php?id=1313 @@ -62,30 +63,33 @@ Depends: ${misc:Depends}, vlan, make, libnet-interface-perl, libnet-radius-perl, libparse-nessus-nbe-perl, libtest-mockdbi-perl, libsoap-lite-perl (>= 1.0), libnet-frame-perl, libthread-pool-perl, - libwww-curl-perl, + libwww-curl-perl, libposix-2008-perl, libdata-messagepack-stream-perl, libdata-messagepack-perl, libnet-nessus-xmlrpc-perl (>= 0.4),libfile-slurp-perl, # required for ipset libnetaddr-ip-perl, libfile-which-perl, # FIXME track what requires the conveyor stuff and identify it. If we can, get rid of it. libthread-conveyor-monitored-perl, libthread-conveyor-perl, libthread-tie-perl, - liberror-perl, + liberror-perl, libio-socket-inet6-perl, libio-interface-perl, libnet-route-perl, # required by catalyst libcatalyst-perl, libcatalyst-modules-perl, libauthen-htpasswd-perl, libcatalyst-authentication-credential-http-perl, libcatalyst-authentication-store-htpasswd-perl, libcatalyst-view-tt-perl, libhtml-formfu-perl, libjson-perl, - libsort-naturally-perl, libhtml-formhandler-perl, libchi-perl, - libchi-driver-memcached-perl,libcache-memcached-perl, - libcache-fastmmap-perl, libmoo-perl (>=1.0), + libsort-naturally-perl, libhtml-formhandler-perl (<= 0.40016), libchi-perl (>=0.56), + libchi-driver-memcached-perl,libcache-memcached-perl, libcache-memcached-getparserxs-perl, libdata-serializer-perl, + libcache-fastmmap-perl, libmoo-perl (>=1.001000), libterm-size-any-perl, # packaging workaround (we don't require it but something in catalyst seem to do) libmodule-install-perl, # i18n liblocale-gettext-perl, # logging framework - liblog-log4perl-perl, + liblog-log4perl-perl (>=1.43), + liblog-any-perl, + liblog-any-adapter-perl, + liblog-any-adapter-log4perl-perl, # oauth2 - libnet-oauth2-perl, + libnet-oauth2-perl (>=0.57), # pfdns libnet-dns-perl (=0.66-3), # used by Captive Portal authentication modules diff --git a/debian/copyright b/debian/copyright index 992a3ad429b0..355e9acd25bf 100644 --- a/debian/copyright +++ b/debian/copyright @@ -12,17 +12,13 @@ Source code is hosted at: Upstream Author(s): - Olivier Bilodeau Fabrice Durand - Francois Gaudreault Francis Lachapelle Derek Wuelfrath Copyright: - Copyright (C) 2006-2012 Inverse inc. - Copyright (C) 2005 David LaPorte - Copyright (C) 2005 Kevin Amorin + Copyright (C) 2006-2014 Inverse inc. License: @@ -46,7 +42,7 @@ see "/usr/share/common-licenses/GPL-2". The Debian packaging is: - Copyright (C) 2012 Inverse inc. + Copyright (C) 2012-2014 Inverse inc. and is licensed under the GPL version 2 or later, see "/usr/share/common-licenses/GPL-2". diff --git a/debian/packetfence.conffiles b/debian/packetfence.conffiles index 9bf2afb77b89..f1f22f2b472c 100644 --- a/debian/packetfence.conffiles +++ b/debian/packetfence.conffiles @@ -29,6 +29,7 @@ /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf /usr/local/pf/conf/httpd.conf.d/httpd.webservices /usr/local/pf/conf/httpd.conf.d/httpd.portal +/usr/local/pf/conf/httpd.conf.d/httpd.portal.cgi /usr/local/pf/conf/httpd.conf.d/httpd.admin /usr/local/pf/conf/httpd.conf.d/log.conf /usr/local/pf/conf/iptables.conf @@ -163,4 +164,4 @@ /usr/local/pf/raddb/sites-available/status /usr/local/pf/raddb/sites-available/virtual.example.com /usr/local/pf/raddb/sites-available/vmps - +/usr/local/pf/var/cache_control diff --git a/debian/packetfence.postinst b/debian/packetfence.postinst index 544dae81ffed..c12c665ec169 100644 --- a/debian/packetfence.postinst +++ b/debian/packetfence.postinst @@ -87,20 +87,19 @@ case "$1" in set -e update-rc.d mysql defaults - update-rc.d memcached defaults # add sudo entry if (grep "^pf ALL=NOPASSWD:.*/sbin/iptables.*/usr/sbin/ipset" /etc/sudoers > /dev/null ) ; then # Comment out entry from a previous version of PF (< 4.0) sed -i 's/^\(pf ALL=NOPASSWD:.*\/sbin\/iptables.*\/usr\/sbin\/ipset\)/#\1/g' /etc/sudoers fi - if ! (grep "^pf ALL=NOPASSWD:.*/sbin/iptables.*/usr/sbin/ipset.*/sbin/ip.*/sbin/vconfig.*/sbin/route.*/usr/bin/service.*/usr/bin/tee.*/usr/local/pf/sbin/pfdhcplistener.*/bin/kill.*/usr/sbin/dhcpd.*/usr/sbin/freeradius.*/usr/sbin/snort.*/usr/bin/suricata" /etc/sudoers > /dev/null ) ; then - echo "pf ALL=NOPASSWD: /sbin/iptables, /usr/sbin/ipset, /sbin/ip, /sbin/vconfig, /sbin/route, /usr/sbin/service, /usr/bin/tee, /usr/local/pf/sbin/pfdhcplistener, /bin/kill, /usr/sbin/dhcpd, /usr/sbin/freeradius, /usr/sbin/snort, /usr/bin/suricata" >> /etc/sudoers + if ! (grep "^pf ALL=NOPASSWD:.*/sbin/iptables.*/usr/sbin/ipset.*/sbin/ip.*/sbin/vconfig.*/sbin/route.*/usr/bin/service.*/usr/bin/tee.*/usr/local/pf/sbin/pfdhcplistener.*/bin/kill.*/usr/sbin/dhcpd.*/usr/sbin/freeradius.*/usr/sbin/snort.*/usr/bin/suricata.*/usr/sbin/conntrack" /etc/sudoers > /dev/null ) ; then + echo "pf ALL=NOPASSWD: /sbin/iptables, /usr/sbin/ipset, /sbin/ip, /sbin/vconfig, /sbin/route, /usr/sbin/service, /usr/bin/tee, /usr/local/pf/sbin/pfdhcplistener, /bin/kill, /usr/sbin/dhcpd, /usr/sbin/freeradius, /usr/sbin/snort, /usr/bin/suricata, /usr/sbin/conntrack" >> /etc/sudoers fi if ! ( grep '^Defaults:pf.*!requiretty' /etc/sudoers > /dev/null ) ; then echo 'Defaults:pf !requiretty' >> /etc/sudoers fi - + /usr/local/pf/bin/pfcmd configreload update-rc.d packetfence defaults 60 || exit 0 echo "* Please fire up your Web browser and go to https://@ip_packetfence:1443/configurator to complete your PacketFence configuration." echo "* Please stop your iptables service if you don't have access to configurator." diff --git a/debian/packetfence.preinst b/debian/packetfence.preinst index c532f31cd315..0d7ba25f8225 100644 --- a/debian/packetfence.preinst +++ b/debian/packetfence.preinst @@ -15,7 +15,7 @@ set -e stop_service_if_exists() { SERVICE=$1 - if [ $(set +e;invoke-rc.d --query $SERVICE stop &>/dev/null ; echo "$?") == "104" ];then + if [ $(set +e;invoke-rc.d --quiet --query $SERVICE stop &>/dev/null ; echo "$?") == "104" ];then invoke-rc.d $SERVICE stop fi } diff --git a/debian/rules b/debian/rules index cac27ad2f014..bc64b5bd0410 100755 --- a/debian/rules +++ b/debian/rules @@ -41,6 +41,12 @@ install: build dh_testroot dh_clean -k dh_installdirs + + #copying example files with the extention + for i in `find * -name "*.example"`; do \ + cp $$i "$$(dirname $$i)/$$(basename $$i .example)"; \ + done + # Install all except debian and t directory for i in `find * ! -path 'debian/*' ! -path 'debian' ! -path 't/*' ! -path 't' -type d`; do \ install -d -m0700 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/$$i; \ @@ -54,6 +60,8 @@ install: build for i in `find * -path 't*' ! -type d`; do \ $(INSTALL) $$i $(CURDIR)/debian/packetfence-test$(PREFIX)/$(NAME)/$$i; \ done + + # generate translations # TODO this is duplicated in our RPM spec, we should aim to consolidate in a 'make' style step for TRANSLATION in de en es fr he_IL it nl pl_PL pt_BR; do \ @@ -68,14 +76,16 @@ install: build install -d -m0700 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/conf/users install -d -m0700 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/conf/ssl install -d -m0700 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/raddb/sites-enabled - install -d -m2700 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/logs + install -d -m2770 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/logs install -d -m2770 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/var/conf + install -d -m2770 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/var/cache install -d -m2770 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/var/var install -d -m0700 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/var/dhcpd - install -d -m0700 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/var/run + install -d -m2770 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/var/run install -d -m0700 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/var/rrd - install -d -m0700 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/var/session + install -d -m2770 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/var/session install -d -m0700 $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/var/webadmin_cache + touch $(CURDIR)/debian/packetfence$(PREFIX)/$(NAME)/var/cache_control #Configurator integration install -d -m0700 $(CURDIR)/debian/packetfence/etc/init.d install -d -m0700 $(CURDIR)/debian/packetfence/etc/default diff --git a/docs/PacketFenceZEN_Installation_Guide.asciidoc b/docs/PacketFenceZEN_Installation_Guide.asciidoc index 5166fd4aa67b..18a8dcf7d82a 100644 --- a/docs/PacketFenceZEN_Installation_Guide.asciidoc +++ b/docs/PacketFenceZEN_Installation_Guide.asciidoc @@ -97,7 +97,7 @@ Installation Import the virtual machine ~~~~~~~~~~~~~~~~~~~~~~~~~~ -PacketFence ZEN 4.0.0 comes in a pre-built virtual disk (OVF), or a pre-configured vmx file. You can import the vmx file in many VMWare desktop products and it will automatically create your VM. However, if you are using an ESX type hypervisor, you need to import the OVF using vSphere Client (or vCenter). We are not supporting any Xen-based hypervisors yet. +PacketFence ZEN 4.2 comes in a pre-built virtual disk (OVF), or a pre-configured vmx file. You can import the vmx file in many VMWare desktop products and it will automatically create your VM. However, if you are using an ESX type hypervisor, you need to import the OVF using vSphere Client (or vCenter). We are not supporting any Xen-based hypervisors yet. Import to ESX @@ -253,7 +253,7 @@ Please refer to the http://www.packetfence.org/documentation/[Network Devices Co FreeRADIUS ~~~~~~~~~~ -PacketFence ZEN 4.0.0 comes with a pre-configured FreeRADIUS to do Wired and Wireless 802.1X with EAP as well as MAC Authentication. We created a local user for the 802.1X authentication. +PacketFence ZEN 4.2 comes with a pre-configured FreeRADIUS to do Wired and Wireless 802.1X with EAP as well as MAC Authentication. We created a local user for the 802.1X authentication. The main configuration files are : diff --git a/docs/PacketFence_Administration_Guide-docinfo.xml b/docs/PacketFence_Administration_Guide-docinfo.xml index 8fbffb0c8c32..4c556a3bd68b 100644 --- a/docs/PacketFence_Administration_Guide-docinfo.xml +++ b/docs/PacketFence_Administration_Guide-docinfo.xml @@ -1,5 +1,5 @@ - 2008-2013 + 2008-2014 Inverse inc. diff --git a/docs/PacketFence_Administration_Guide.asciidoc b/docs/PacketFence_Administration_Guide.asciidoc index 094fe00970f5..307454644ef6 100644 --- a/docs/PacketFence_Administration_Guide.asciidoc +++ b/docs/PacketFence_Administration_Guide.asciidoc @@ -57,7 +57,11 @@ In Band (Inline Enforcement):: PacketFence can also be configured to be in-band, especially when you have non-manageable network switches or access points. PacketFence can also work with both VLAN and Inline enforcement activated for maximum scalability and security while allowing older hardware to still be secured using Inline enforcement. Hybrid support (Inline Enforcement with RADIUS support):: - PacketFence can also be configured as hybrid, if you have a manageable device that supports 802.1x and/or mac-auth. This feature can be enabled using a RADIUS attribute (MAC address, SSID, port) or using full inline mode on the equipment. + PacketFence can also be configured as hybrid, if you have a manageable device that supports 802.1X and/or MAC-authentication. This feature can be enabled using a RADIUS attribute (MAC address, SSID, port) or using full inline mode on the equipment. + +Hotspot support (Web Auth Enforcement):: + PacketFence can also be configured as hotspot, if you have a manageable device that support an external captive portal (like +Cisco WLC or Aruba IAP). Voice over IP (VoIP) support:: Also called IP Telephony (IPT), VoIP is fully supported (even in heterogeneous environments) for multiple switch vendors (Cisco, Edge-Core, HP, LinkSys, Nortel Networks and many more). @@ -135,9 +139,9 @@ The following table provides recommendations for the required components, togeth |======================================== |MySQL server |MySQL 5.1 |Web server |Apache 2.2 -|DHCP server |DHCP 3 -|RADIUS server |FreeRADIUS 2.1.12 -|Snort |Snort 2.8 or 2.9 +|DHCP server |DHCP 4.1 +|RADIUS server |FreeRADIUS 2.2.0 +|Snort |Snort 2.9.1 |Suricata |Suricata 1.4.1 |======================================== @@ -216,36 +220,6 @@ RedHat-based systems NOTE: Includes CentOS and Scientific Linux. Both i386 and x86_64 architectures supported. -Several third party repositories are required to pull all the proper PacketFence dependencies: - -[options="compact"] -* http://repoforge.org/[Repoforge], also previously known as rpmforge -* http://fedoraproject.org/wiki/EPEL/FAQ[EPEL], Extra Packages for Enterprise Linux -* http://www.openfusion.net/linux/openfusion_rpm_repository[OpenFusion] - -Install the proper repositories in `yum` so it can directly lookup for packages: - -.For RHEL 6.x / CentOS 6.x - - # rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.`uname -m`.rpm - # rpm -Uvh http://download.fedoraproject.org/pub/epel/6/`uname -i`/epel-release-6-8.noarch.rpm - # rpm -Uvh http://repo.openfusion.net/centos6-`uname -i`/openfusion-release-0.6.2-1.of.el6.noarch.rpm - -Then disable these repositories by default. Under `/etc/yum.repos.d/` edit `rpmforge.repo`, `epel.repo` and `openfusion.repo` and set `enabled` to 0 under every section like this: - - enabled = 0 - -Under RHEL 6.x / Centos 6.x, you must exclude perl-Apache-Test from rpmforge and openfusion repository. - -Edit `/etc/yum.repos.d/rpmforge.repo` and add to the section [rpmforge] the line: - - exclude = perl-Apache-Test* - - -Edit `/etc/yum.repos.d/openfusion.repo` and add to the section [of] the line: - - exclude = perl-Apache-Test* - RHEL 6.x ^^^^^^^^ @@ -255,9 +229,6 @@ RedHat Enterprise Linux users need to take an additional setup step. If you are rhn-channel --add --channel=rhel-`uname -m`-server-optional-6 -RedHat doesn't seem to provide `perl-Net-Telnet perl-XML-Simple perl-SOAP-Lite` packages. PacketFence needs it so we will install it from the rpmforge-extras repository now: - - yum install perl-Net-Telnet perl-XML-Simple perl-SOAP-Lite --enablerepo=rpmforge-extras,rpmforge Debian and Ubuntu ^^^^^^^^^^^^^^^^^ @@ -284,23 +255,19 @@ Software Installation RHEL / CentOS ^^^^^^^^^^^^^ -In order to use the repository, create a file named `/etc/yum.repos.d/PacketFence.repo` with the following content: +In order to use the PacketFence repository : - [PacketFence] - name=PacketFence Repository - baseurl=http://inverse.ca/downloads/PacketFence/RHEL$releasever/$basearch - gpgcheck=0 - enabled=0 + # rpm -Uvh http://packetfence.org/downloads/PacketFence/RHEL6/`uname -i`/RPMS/packetfence-release-1-1.el6.noarch.rpm Once the repository is defined, you can install PacketFence with all its dependencies, and the required external services (Database server, DHCP server, RADIUS server) using: - yum groupinstall --enablerepo=PacketFence,epel,rpmforge,of Packetfence-complete + yum groupinstall --enablerepo=packetfence Packetfence-complete Or, if you prefer, to install only the core PacketFence without all the external services, you can use: - yum install --enablerepo=PacketFence,epel,rpmforge,of packetfence + yum install --enablerepo=packetfence packetfence Debian and Ubuntu ^^^^^^^^^^^^^^^^^ @@ -432,7 +399,7 @@ Moreover, PacketFence can also authenticate users defined in its own internal SQ Each authentication sources you define will have a set of rules, conditions and actions. -Multiple authentication sources can be defined, and will be tested in the order specified (note that they can be reordered from the GUI by dragging it around). Eeach source can have multiple rules, which will also be tested in the order specified. Rules can also be reordered, just like sources. Finally, conditions can be defined for a rule to match certain criterias. If the criterias match (one ore more), action are then applied and rules testing stop, across all sources as this is a "first match wins" operation. +Multiple authentication sources can be defined, and will be tested in the order specified (note that they can be reordered from the GUI by dragging it around). Each source can have multiple rules, which will also be tested in the order specified. Rules can also be reordered, just like sources. Finally, conditions can be defined for a rule to match certain criterias. If the criterias match (one ore more), action are then applied and rules testing stop, across all sources as this is a "first match wins" operation. When no condition is defined, the rule will be considered as a fallback. When a fallback is defined, all actions will be applied fory any users that match in the authentication source. @@ -649,27 +616,35 @@ Inline enforcement configuration This section applies only for Inline enforcement. Users planning to do VLAN enforcement only can skip this section. -The inline enforcement is a very convenient method of performing access control on older network hardware who is not capable of doing VLAN enforcement or who is not compatible with PacketFence. This technique is covered in details in the <<_technical_introduction_to_inline_enforcement,"Technical introduction to Inline enforcement" section>>. +The inline enforcement is a very convenient method of performing access control on older network hardware that is not capable of doing VLAN enforcement or that is not supported by PacketFence. This technique is covered in details in the <<_technical_introduction_to_inline_enforcement,"Technical introduction to Inline enforcement" section>>. -An important configuration parameter to have in mind when configuring inline enforcement is that the DNS reached by this users should be your actual production DNS server. The next section shows you how to configure the proper inline interface and it is there that you should refer to the proper production DNS. +An important configuration parameter to have in mind when configuring inline enforcement is that the DNS reached by these users should be your actual production DNS server - which shouldn't be in the same broadcast domain as your inline users. The next section shows you how to configure the proper inline interface and it is in this section that you should refer to the proper production DNS. Inline enforcement uses `ipset` to mark nodes as registered, unregistered and isolated. -It is also now possible to use multiple inline interfaces, a node registered on the first inline interface is mark with is couple ip:mac, so when the node try to register on an other inline interface PacketFence detect that the node is already registered on the first VLAN. -It is also possible to enable inline.should_reauth_on_vlan_change to force user to reauthenticate when they change VLAN. -ipset also provides a better reponse time under inline enforcement and now we just have to wait 10s after the registration to access to internet. +It is also now possible to use multiple inline interfaces. A node registered on the first inline interface is marked with an ip:mac tuple (for L2, only ip for L3), so when the node tries to register on an other inline interface, PacketFence detects that the node is already registered on the first VLAN. +It is also possible to enable inline.should_reauth_on_vlan_change to force users to reauthenticate when they change VLAN. -The outgoing interface should be specified by adding in pf.conf the option interfaceSNAT in inline section. It is a comma delimited list of network interfaces like eth0,eth0.100. It's also possible to specify a network that will be routed instead of using NAT by adding in `conf/networks.conf` an option nat=no under one or more network section. +The outgoing interface should be specified by adding in pf.conf the option interfaceSNAT in inline section. It is a comma delimited list of network interfaces like eth0,eth0.100. It's also possible to specify a network that will be routed instead of using NAT by adding in `conf/networks.conf` an option nat=no under one or more network sections. -Another important setting is the `gateway` statement. Since it this the only way to get the PacketFence server inline interface ip address, it is mandatory to set it to this ip (which is supposed to be the same as in the `ip` statement of the inline interface in `conf/pf.conf`) . +Another important setting is the `gateway` statement. Since it this the only way to get the PacketFence server inline interface IP address, it is mandatory to set it to this IP (which is supposed to be the same as in the `ip` statement of the inline interface in `conf/pf.conf`) . Hybrid mode ~~~~~~~~~~ -This section applies for hybrid support for the manageable devices that support 802.1x or mac-auth. +This section applies for hybrid support for the manageable devices that support 802.1X or MAC-authentication. Hybrid enforcement is a mixed method that offers the use of inline enforcement mode with VLAN enforcement mode on the same device. This technique is covered in details in the <<_technical_introduction_to_hybrid_enforcement,"Technical introduction to Hybrid enforcement" section>> +Web Auth mode +~~~~~~~~~~~~~ + +This section applies for web authentication support for manageable devices that support web authentication with an external captive portal. + +Web authentication is a method on the switch that forwards http traffic of the device to the captive portal. +With this mode, your device will never change of VLAN ID but only the ACL associated to your device will change. +Refer to the Network Devices Configuration Guide to see a sample web auth configuration on a Cisco WLC. + DHCP and DNS Server Configuration (networks.conf) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -988,7 +963,7 @@ Next, edit `/etc/samba/smb.conf`. Again, here is an example for our `DOMAIN.NET` ---- [global] workgroup = DOMAIN - server string = pf_server_name + server string = %h security = ads passdb backend = tdbsam realm = DOMAIN.NET @@ -1000,6 +975,8 @@ Next, edit `/etc/samba/smb.conf`. Again, here is an example for our `DOMAIN.NET` local master = no load printers = no log level = 1 winbind:5 auth:3 + winbind max clients = 750 + winbind max domain connections = 15 ---- For Debian and Ubuntu: @@ -1046,15 +1023,15 @@ Note that for Debian and Ubuntu you will probably have this error: # kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials # Join to domain is not valid: Invalid credentials +For Centos/RHEL: + + # usermod -a -G wbpriv pf + Finally, start `winbind`, and test the setup using `ntlm_auth` and `radtest`: # service winbind start # chkconfig --level 345 winbind on -For Centos/RHEL: - - # usermod -a -G wbpriv pf - For Debian and Ubuntu: # chgrp pf /var/run/samba/winbindd_privileged/ @@ -1167,12 +1144,11 @@ These two methods can be used together but DNS-based passthroughs have higher pr Proxy Interception ~~~~~~~~~~~~~~~~~~ -In PacketFence you are now able to intercept proxy request and forward them to the captive portal. It only work in layer 2 network because packetfence must be the default gateway of your device. +PacketFence enables you to intercept proxy requests and forward them to the captive portal. It only works in layer 2 network because PacketFence must be the default gateway. In order to use the Proxy Interception feature, you need to enable it from the GUI in *Configuration -> Trapping* and check *Proxy Interception*. -Add the port you want to intercept, like 8080 3128 and add a new entry in the /etc/hosts file to resolv the fqdn of the captive portal to 127.0.0.1. -The modification of the hosts file is really important because apache try to resolv the fqdn of the captive portal and it must be 127.0.0.1. +Add the port you want to intercept (like 8080 or 3128) and add a new entry in the `/etc/hosts` file to resolve the fully qualified domain name (fqdn) of the captive portal to the IP address of the registration interface. This modification is mandatory in order for Apache to receives the proxy requests. Configuration by example @@ -1701,7 +1677,7 @@ Scan on registration ^^^^^^^^^^^^^^^^^^^^ To perform a system scan before giving access to a host on the network you need to enable the `scan.registration` parameter in `pf.conf`. -If you want to scan a device that have been auto-registered as a 802.1x connection, you need to enable `scan.dot1x` parameter in `pf.conf`. +If you want to scan a device that have been auto-registered as a 802.1X connection, you need to enable `scan.dot1x` parameter in `pf.conf`. The default EAP-Type that will be scanned is MS-CHAP-V2 but you can configure other EAP-Type (such as MD5-Challenge) by adding them to `scan.dot1x_type` as a comma-separated list of values (look at `dictionary.freeradius.internal` file bundled with FreeRADIUS for the list of EAP-Type). It is also recommended to adjust `scan.duration` to reflect how long the scan takes. A progress bar of this duration will be shown to the user while he is waiting. By default, we set this variable to 60s. @@ -1743,7 +1719,7 @@ Let's explain each chunk properly: [options="compact"] * `DIRECTION`: You can either set a limit to inbound(IN), outbound(OUT), or total(TOT) bandwidth * `LIMIT`: You can set a number of bytes(B), kilobytes(KB), megabytes(MB), gigabytes(GB), or petabytes(PB) -* `INTERVAL`: This is actually the time window we will look for potential abuse. You can set a number of seconds(s),minutes(m),hours(h),days(D),weeks(W),months(M), or years(Y). This value is optional, if you set nothing, we will check in all the data we have since your packetfence install. +* `INTERVAL`: This is actually the time window we will look for potential abuse. You can set a number of days(D), weeks(W), months(M), or years(Y). Example triggers ++++++++++++++++ @@ -1752,13 +1728,13 @@ Example triggers Accounting::IN50GB1M -* Look for Outgoing (Upload) traffic with a 500MB/hour +* Look for Outgoing (Upload) traffic with a 500MB/day - Accounting::OUT500MB1h + Accounting::OUT500MB1D -* Look for Total (Download+Upload) traffic with a 200GB limit (we will check all the accounting data) +* Look for Total (Download + Upload) traffic with a 200GB limit in the last week - Accounting::TOT200GB + Accounting::TOT200GB1W Grace period ++++++++++++ @@ -2013,15 +1989,15 @@ Next, click on *Add a condition*, and select *Anti-virus*, *is*, and *disabled* The last step is to create a new remediation template called `noantivirus.php` on the filesystem in the `html/captive-portal/violations` folder. Edit it to include the text you want to display to the users. -Apple Wireless Profile Provisioning -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Apple and Android Wireless Profile Provisioning +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Apple devices such as iPhones, iPads, and iPods support wireless profile importation using a special XML file format (mobileconfig). In fact, installing such file on your phone will automatically configure the wireless settings for a given SSID. This feature is often used when the SSID is hidden, and you want to easy the configuration steps on the phone (because it is painful to configure manually). In PacketFence, we are going further, we generate the profile according to the administrator desire, and we pre-populate the file with the user's credentials (without the password). The user simply need to install its generated file, and he will be able to use the new SSID. +Apple devices such as iPhones, iPads, iPods and Mac OS X (10.7+) support wireless profile importation using a special XML file format (mobileconfig). Android is also able to support this feature by importing the wireless profile with the Android PacketFence Agent. In fact, installing such file on your Apple device will automatically configure the wireless settings for a given SSID. This feature is often used when the SSID is hidden, and you want to ease the configuration steps on the mobile device (because it is often painful to configure manually). In PacketFence, we are going further, we generate the profile according to the administrator's preference and we pre-populate the file with the user's credentials (without the password). The user simply needs to install its generated file and he will be able to use the new SSID. Configure the feature ^^^^^^^^^^^^^^^^^^^^^ -In order to activate this feature, you simply need to add 3 options to your `pf.conf`. +In order to enable this feature, you simply need to add 3 options to your `pf.conf` configuration file. provisioning.autoconfig:: Enable or disable the feature provisioning.ssid:: This is the SSID you want the user to connect to upon registration @@ -2036,11 +2012,16 @@ Here is an example: We have an hidden WPA2-Enterprise SSID named HiddenSecure, a Alternatively, you can configure these parameters from the PacketFence Web administrative GUI, in the *Configuration -> Provisioning* section. +For Android, you must allow passthrough in your configuration like this: + + [trapping] + passthrough=enabled + passthroughs=*.ggpht.com,*.googleusercontent.com,android.clients.google.com,*.googleapis.com,*.android.clients.google.com Profile generation ^^^^^^^^^^^^^^^^^^ -Upon registration, instead of showing the default release page, the user will be showing another version of the page saying that the wireless profile has been generated with a clickable link on it. To install the profile, the user simply need to click on that link, and follow the instructions on their device. It is that simple. +Upon registration, instead of showing the default release page, the user will be showing another version of the page saying that the wireless profile has been generated with a clickable link on it. To install the profile, Apple user owner simply need to click on that link, and follow the instructions on their device. Android user owner simply click to the link and will be forwarded to Google Play to install PacketFence agent. Simply launch the application and click to configure will create the secure SSID profile. It is that simple. SNMP Traps Limit ~~~~~~~~~~~~~~~~ @@ -2085,6 +2066,36 @@ For example, you may want to provide basic Internet access with a decent speed a To do so, some customizations is needed to the billing module. You'll need to redefined the `getAvailableTiers` method in the `lib/pf/billing/custom.pm` file. An example is already in place in the file. +To assign a role by tiers (example: slow, medium and fast), edit the file `lib/pf/billing/custom.pm` + + my %tiers = ( + tier1 => { + id => "tier1", + name => "Tier 1", + price => "1.00", + timeout => "7D", + usage_duration => '1D', + category => '', + description => "Tier 1 Internet Access", destination_url => "http://www.packetfence.org" + }, + ); + +*id* is used as the item value of the billing table. + +*name* is the name of the tier used on billing.html. + +*price* is amount charged on the credit card. + +*timeout* is used to compute the unregistration date of the node. + +*usage_duration* is the amount of non-contignuous access time for the node, set as the time_balance value of the node table. + +*category* is the role in which to put the node. + +*description will* appear on the billing.html. + +*destination_url* is the url that the device will be redirected after a successful authentication. + CAUTION: The use of different billing tiers requires different roles in PacketFence. Make sure to create these roles first otherwise you will run into problems. Portal Profiles @@ -2124,6 +2135,10 @@ Google In order to use Google as a OAuth2 provider, you need to get an API key to access their services. Sign up here : http://code.google.com/apis/console. Make sure you use this URI for the "Redirect URI" field : https://YOUR_PORTAL_HOSTNAME/oauth2/google. Of course, replace the hostname with the values from `general.hostname` and `general.domain`. +You can keep the default configuration, modify the App ID & App Secret (Given by Google on the developper plateform) and Portal URL (https://YOUR_PORTAL_HOSTNAME/oauth2/facebook). + +Also, add the following Authorized domains : *.google.com, *.google.ca, *.google.fr, *.gstatic.com,googleapis.com,accounts.youtube.com (Make sure that you have the google domain from your country like Canada => *.google.ca, France => *.google.fr, etc...) + Once you have your client id, and API key, you need to configure the OAuth2 provider. This can be done by adding a Google OAuth2 authentication source from *Configuration -> Sources*. Moreover, don't forget to add Google as a registration mode from your portal profile definition, available from *Configuration -> Portal Profiles and Pages*. @@ -2133,7 +2148,11 @@ Facebook To use Facebook, you also need an API code and a secret key. To get one, go here: https://developers.facebook.com/apps. When you create your App, make sure you input the following as the Website URL: https://YOUR_PORTAL_HOSTNAME/oauth2/facebook -Of course, replace the hostname with the values from `general.hostname` and `general.domain`. +Of course, replace the hostname with the values from `general.hostname` and `general.domain`. + +You can keep the default configuration, modify the App ID & App Secret (Given by FaceBook on the developper plateform) and Portal URL (https://YOUR_PORTAL_HOSTNAME/oauth2/facebook). + +Also, add the following Authorized domains : *.facebook.com, *.fbcdn.net, *.akamaihd.net (May change) Once you have your information, you need to configure the OAuth2 provider. This can be done by adding a Facebook OAuth2 authentication source from *Configuration -> Sources*. @@ -2171,6 +2190,192 @@ Make sure the role exists in PacketFence otherwise you will encounter registrati These parameters can also be configured from the *Configuration -> Registration* section. +Eduroam +~~~~~~~ + +[quote,eduroam, https://www.eduroam.org/] +_____________________ + +eduroam (education roaming) is the secure, world-wide roaming access service developed for the international research and education community. + +eduroam allows students, researchers and staff from participating institutions to obtain Internet connectivity across campus and when visiting other participating institutions by simply opening their laptop. +_____________________ + + +PacketFence supports integration with eduroam and allows participating institutions to authenticate both locally visiting users from other institutions as well as allowing other institutions to authenticate local users. + + +In order for PacketFence to allow eduroam authentication, the FreeRADIUS configuration of PacketFence must be modified to allow the eduroam servers to connect to it as clients as well as to proxy RADIUS authentication requests for users from outside institutions. + + +First, modify the /usr/local/pf/raddb/clients.conf file to allow the eduroam servers to connect to your PacketFence server. Add the eduroam servers as clients and make sure to add the proper RADIUS secret. Set a shortname to refer to these clients as you will later need it to exclude them from some parts of the PacketFence configuration. + +clients.conf example: +---- +client tlrs1.eduroam.us { + secret = useStrongerSecret + shortname = tlrs1 +} + +client tlrs2.eduroam.us { + secret = useStrongerSecret + shortname = tlrs2 +} +---- + + + + + +Secondly, modify the list of domains and proxy servers in /usr/local/pf/raddb/proxy.conf. You will need to define each of your domains as well as the DEFAULT domain. The DEFAULT realm will apply to any client that attempts to authenticate with a realm that is not otherwise defined in proxy.conf and will be proxied to the eduroam servers. + +Define one or more home servers (servers to which eduroam requests should be proxied). + +proxy.conf example: + + home_server tlrs1.eduroam.us { + type = auth + ipaddr = 257.128.1.1 + port = 1812 + secret = useStrongerSecret + require_message_authenticator = yes + } + +Define a pool of servers to group your eduroam home servers together. + +proxy.conf example: + + home_server_pool eduroam { + type = fail-over + home_server = tlrs1.eduroam.us + home_server = tlrs2.eduroam.us + } + +Define realms to select which requests should be proxied to the eduroam server pool. +There should be one realm for each of your domains, and possibly one more per domain if +you intend to allow usernames of the DOMAIN\user form. + +The REALM is set based on the domain found by the suffix or ntdomain modules +( see raddb/modules/realm ). +The suffix or ntdomain modules try to find a domain either with an @domain or suffix\username. + +* If none is found, the REALM is NULL. +* If a domain is found, FreeRADIUS tries to match one of the REALMS defined in this file. +* If the domain is either example.edu or EXAMPLE FreeRADIUS sets the corresponding REALM, +i.e. example.edu or EXAMPLE. +* If the REALM does not match either (and it isn't NULL), that means there was a domain +other than EXAMPLE or example.edu and we assume it is meant to be proxied to eduroam. +FreeRADIUS sets the DEFAULT realm (which is proxied to the eduroam authentication pool). + +The REALM determines where the request is sent to. If the REALM authenticates locally +the requests are processed entirely by FreeRADIUS. If the REALM sets a different +home server pool, the requests are proxied to the servers defined within that pool. + +proxy.conf example: +---- +# This realm is for requests which don't have an explicit realm +# prefix or suffix. User names like "bob" will match this one. +# No authentication server is defined, thus the authentication is +# done locally. +realm NULL { +} + +# This realm is for ntdomain users who might use the domain like +# this "EXAMPLE\username". +# No authentication server is defined, thus the authentication is +# done locally. +realm EXAMPLE { +} + +# This realm is for suffix users who use the domain like this: +# "username@example.edu". +# No authentication server is defined, thus the authentication is +# done locally. +realm example.edu { +} + +# This realm is for ALL OTHER requests. Meaning in this context, +# eduroam. The auth_pool is set to the eduroam pool and so the +# requests will be proxied. +realm DEFAULT { + auth_pool = eduroam + nostrip +} +---- + +Thirdly, you must configure the packetfence FreeRADIUS virtual servers to treat the requests properly. + +In /usr/local/pf/raddb/sites-enabled/packetfence, modify the authorize section like this: + +raddb/sites-enabled/packetfence example: +---- +authorize { + # pay attention to the order of the modules. It matters. + ntdomain + suffix + preprocess + + # uncomment this section if you want to block eduroam users from + # you other SSIDs. The attribute name ( Called-Station-Id ) may + # differ based on your controller + #if ( Called-Station-Id !~ /eduroam$/i) { + # update control { + # Proxy-To-Realm := local + # } + #} + + eap { + ok = return + } + + + files + expiration + logintime + packetfence +} +---- + +In /usr/local/pf/raddb/sites-enabled/packetfence-tunnel, modify the post-auth section like this. +If you omit this change the request will be sent to PacketFence where it will be failed since the +eduroam servers are not part of your configured switches. + +raddb/sites-enabled/packetfence-tunnel example: +---- +post-auth { + exec + + # we skip packetfence when the request is coming from the eduroam servers + if ( "%{client:shortname}" != "tlrs1" && \ + "%{client:shortname}" != "tlrs2" ) { + packetfence + } + + Post-Auth-Type REJECT { + attr_filter.access_reject + } +} +---- + + +Finally, make sure that the realms module is configured this way ( see /usr/local/pf/raddb/modules/realm ): + +raddb/modules/realm example: +---- +# 'username@realm' +realm suffix { + format = suffix + delimiter = "@" +} + +# 'domain\user' +realm ntdomain { + format = prefix + delimiter = "\\" + ignore_null = yes +} +---- + Operating System Best Practices ------------------------------- @@ -2714,7 +2919,7 @@ On wireless networks, the usual PacketFence setup dictate that you configure two More on SNMP traps VLAN isolation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -When the VLAN isolation is working through SNMP traps all switch ports (on which VLAN isolation should be done) must be configured to send SNMP traps to the PacketFence host. On PacketFence, we use snmptrapd as the SNMP trap receiver. As it receives traps, it reformats and writes them into a flat file: `/usr/local/pf/logs/snmptrapd.log`. The multithreaded `pfsetvlan` daemon reads these traps from the flat file and responds to them by setting the switch port to the correct VLAN. Currently, we support switches from Cisco, Edge-core, HP, Intel, Linksys and Nortel (adding support for switches from another vendor implies extending the `pf::SNMP` class). Depending on your switches capabilities, `pfsetvlan` will act on different types of SNMP traps. +When the VLAN isolation is working through SNMP traps all switch ports (on which VLAN isolation should be done) must be configured to send SNMP traps to the PacketFence host. On PacketFence, we use snmptrapd as the SNMP trap receiver. As it receives traps, it reformats and writes them into a flat file: `/usr/local/pf/logs/snmptrapd.log`. The multithreaded `pfsetvlan` daemon reads these traps from the flat file and responds to them by setting the switch port to the correct VLAN. Currently, we support switches from Cisco, Edge-core, HP, Intel, Linksys and Nortel (adding support for switches from another vendor implies extending the `pf::Switch` class). Depending on your switches capabilities, `pfsetvlan` will act on different types of SNMP traps. image::docs/images/diagram-trap-interaction.png[scaledwidth="50%",alt="pfsetvlan SNMP interactions diagram"] @@ -2749,7 +2954,7 @@ Technical introduction to Inline enforcement Introduction ~~~~~~~~~~~~ -Before the version 3.0 of PacketFence, it was not possible to support unmanageable devices such as entry-level consumer switches or access-points. Now, with the new inline mode, PacketFence can be use in-band for those devices. So in other words, PacketFence will become the gateway of that inline network, and NAT or route the traffic using IPTables to the Internet (or to another section of the network). Let see how it works. +Before the version 3.0 of PacketFence, it was not possible to support unmanageable devices such as entry-level consumer switches or access-points. Now, with the new inline mode, PacketFence can be use in-band for those devices. So in other words, PacketFence would become the gateway of that inline network, and NAT or route the traffic using IPTables to the Internet (or to another section of the network). Let see how it works. Device configuration ~~~~~~~~~~~~~~~~~~~~ @@ -2780,12 +2985,12 @@ Technical introduction to Hybrid enforcement Introduction ~~~~~~~~~~~ -Before version 3.6 of PacketFence, it was not possible to have RADIUS enabled for inline enforcement mode. Now with the new hybrid mode, all the devices that supports 802.1x or mac-auth can work with this mode. Let's see how it works. +Before version 3.6 of PacketFence, it was not possible to have RADIUS enabled for inline enforcement mode. Now with the new hybrid mode, all the devices that supports 802.1X or MAC-authentication can work with this mode. Let's see how it works. Device configuration ~~~~~~~~~~~~~~~~~~~~ -You need to configure inline enforcement mode in PacketFence and configure your switch(es) / access point(s) to use the VLAN assignement techniques (802.1x, mac-auth). You also need to take care of a specific parameter in the switch configuration window, "Trigger to enable inline mode". This parameter is working like a trigger and you have the possibility to define different sort of trigger: +You need to configure inline enforcement mode in PacketFence and configure your switch(es) / access point(s) to use the VLAN assignement techniques (802.1X or MAC-authentication). You also need to take care of a specific parameter in the switch configuration window, "Trigger to enable inline mode". This parameter is working like a trigger and you have the possibility to define different sort of trigger: ALWAYS:: PORT:: diff --git a/docs/PacketFence_Developers_Guide.asciidoc b/docs/PacketFence_Developers_Guide.asciidoc index 8c15b7400d78..95cd98ce879a 100644 --- a/docs/PacketFence_Developers_Guide.asciidoc +++ b/docs/PacketFence_Developers_Guide.asciidoc @@ -260,7 +260,7 @@ to determine a node's VLAN. Here's the default function: ---- sub getNormalVlan { - #$switch is the switch object (pf::SNMP) + #$switch is the switch object (pf::Switch) #$ifIndex is the ifIndex of the computer connected to #$mac is the mac connected #$node_info is the node info hashref (result of pf::node's node_view on $mac) @@ -326,7 +326,7 @@ Supporting new network hardware PacketFence is designed to ease the addition of support for new network hardware referred to as Network Devices. All supported network devices are represented through Perl objects with an extensive use of inheritance. -Adding support for a new product comes down to extending the `pf::SNMP` class (in `/usr/local/pf/lib/pf`). +Adding support for a new product comes down to extending the `pf::Switch` class (in `/usr/local/pf/lib/pf`). The starting point to adding support for a new network device should be the vendor's documentation! First of all, you'll have to figure out the exact capabilities of the switch and how these capabilities will fit into @@ -341,7 +341,7 @@ Port Security? MAC Authentication? 802.1X? Link change capabilities ^^^^^^^^^^^^^^^^^^^^^^^^ -You need to define a new class which inherits from `pf::SNMP` and defines +You need to define a new class which inherits from `pf::Switch` and defines at least the following functions: [options="compact"] @@ -410,7 +410,7 @@ MAC Authentication re-evaluation MAC Authentication re-evaluation is necessary in order to provoke a VLAN change in the PacketFence system. This happens for instance when a node is isolated based on an IDS event or when the user succesfully authenticates through the captive portal. The default implementation in -`pf::SNMP` will bounce the port if there is no Voice over IP (VoIP) devices connected to the +`pf::Switch` will bounce the port if there is no Voice over IP (VoIP) devices connected to the port. Otherwise it will do nothing and send an email. If your device has specific needs (for example it doesn't support RADIUS Dynamic VLAN Assignments) override: @@ -448,7 +448,7 @@ Force 802.1X re-authentication 802.1X re-authentication is necessary in order to provoke a VLAN change in the PacketFence system. This happens for instance when a node is isolated based on an IDS event or when the user succesfully -authenticates through the captive portal. The default implementation in `pf::SNMP` uses SNMP and the +authenticates through the captive portal. The default implementation in `pf::Switch` uses SNMP and the standard `IEEE8021-PAE-MIB` and is generally well supported. If the default implementation to force 802.1X re-authentication doesn't work override: @@ -472,7 +472,7 @@ Messages is supported by PacketFence starting with version 3.1. On wired network devices CoA can be used to change the security posture of a MAC and perform other functions like bounce a port. So far we only encountered support for CoA on the wired side on the Cisco -hardware. For an implementation example check `_radiusBounceMac` in `pf::SNMP::Cisco`. +hardware. For an implementation example check `_radiusBounceMac` in `pf::Switch::Cisco`. Floating Network Devices Support ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -495,32 +495,32 @@ You might need to implement the following: * `enablePortConfigAsTrunk($mac, $switch_port, $switch_locker, $taggedVlans)` + -Provided by `pf::SNMP` core as the glue between `setModeTrunk()`, +Provided by `pf::Switch` core as the glue between `setModeTrunk()`, `setTaggedVlans()` and `removeAllTaggedVlans()`. Override if necessary. * `disablePortConfigAsTrunk($switch_port)` + -Provided by `pf::SNMP` core as the glue between `setModeTrunk()`, +Provided by `pf::Switch` core as the glue between `setModeTrunk()`, `setTaggedVlans()` and `removeAllTaggedVlans()`. Override if necessary. * `enablePortSecurityByIfIndex($ifIndex)` + -Provided by `pf::SNMP` core as a slim accessor to +Provided by `pf::Switch` core as a slim accessor to `setPortSecurityEnableByIfIndex()`. Override if necessary. * `disablePortSecurityByIfIndex($ifIndex)` + -Provided by `pf::SNMP` core as a slim accessor to +Provided by `pf::Switch` core as a slim accessor to `setPortSecurityEnableByIfIndex()`. Override if necessary. * `enableIfLinkUpDownTraps($ifIndex)` + -Provided by `pf::SNMP` core as a slim accessor to +Provided by `pf::Switch` core as a slim accessor to `setIfLinkUpDownTrapEnable`. Override if necessary. * `disableIfLinkUpDownTraps($ifIndex)` + -Provided by `pf::SNMP` core as a slim accessor to +Provided by `pf::Switch` core as a slim accessor to `setIfLinkUpDownTrapEnable`. Override if necessary. Once all the required methods are implemented, enable the capability in the switch's code with: @@ -570,12 +570,12 @@ Disconnect Messages is supported by PacketFence starting with version 3.1. When preferred technique to perform de-authentication. It is standard and requires less configuration from the user. -An actual implementation can be found in `pf::SNMP::Aruba`. +An actual implementation can be found in `pf::Switch::Aruba`. Template module ^^^^^^^^^^^^^^^ -Start with a copy of the template module `pf/lib/pf/SNMP/WirelessModuleTemplate.pm` +Start with a copy of the template module `pf/lib/pf/Switch/WirelessModuleTemplate.pm` and fill in appropriate documentation and code. Required methods @@ -588,7 +588,7 @@ You need to implement at least: `parseTrap()`:: Parses the SNMP Traps sent by the hardware. For wireless hardware an empty method - like the one in `pf::SNMP::WirelessModuleTemplate` is ok. + like the one in `pf::Switch::WirelessModuleTemplate` is ok. `deauthenticateMac()`:: Performs deauthentication diff --git a/docs/PacketFence_Network_Devices_Configuration_Guide-docinfo.xml b/docs/PacketFence_Network_Devices_Configuration_Guide-docinfo.xml index b687d038cbf7..175c9e673412 100644 --- a/docs/PacketFence_Network_Devices_Configuration_Guide-docinfo.xml +++ b/docs/PacketFence_Network_Devices_Configuration_Guide-docinfo.xml @@ -1,5 +1,5 @@ - 2010-2013 + 2010-2014 Inverse inc. diff --git a/docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc b/docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc index e998dd6a9ee8..786c81511083 100644 --- a/docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc +++ b/docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc @@ -15,7 +15,7 @@ PacketFence Network Devices Configuration Guide include::includes/global-attributes.asciidoc[] -About this Guide +About this Guide ---------------- This guide covers the configuration of network devices in order to integrate @@ -25,7 +25,7 @@ terms. The latest version of this guide is available at http://www.packetfence.org/documentation/ -Other sources of information +Other sources of information ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Administration Guide:: @@ -43,7 +43,7 @@ Developers Guide:: These files are included in the package and release tarballs. -Note on Inline enforcement support +Note on Inline enforcement support ---------------------------------- There is no need to follow the instructions in this guide if you plan on deploying in inline @@ -54,107 +54,15 @@ Internet. This technique is usually used when your network hardware doesn't support VLAN enforcement. -List of supported Network Devices +List of supported Network Devices --------------------------------- -// TODO this list should be autogenerated at some point - -PacketFence supports the following devices: - -.Supported network devices -[options="header",cols="1,2,2",grid="rows"] -|======================================================================================= -|Vendor |Model |PacketFence Type (used in switches.conf) -|3COM |E4800G Switch series |ThreeCom::E4800G -| |E5500G Switch series |ThreeCom::E5500G -| |NJ220 |ThreeCom::NJ220 -| |SuperStack 3 Switch 4200 |ThreeCom::SS4200 -| |SuperStack 3 Switch 4500 |ThreeCom::SS4500 -| |Switch 4200G |ThreeCom::Switch_4200G -|Aerohive |All AP models |AeroHIVE::AP -|AlliedTelesis |AlliedTelesis AT8000GS |AlliedTelesis::AT8000GS -|Amer |L2 Switch SS2R24i |Amer::SS2R24i -|Aruba |All Controllers |Aruba -|Avaya |Wireless Controllers |Avaya::WC -| |See Nortel Below | -|Belair |Belair AP |Belair -|Brocade |Brocade 6400 Series |Brocade -| |Brocade RF Switches |Brocade::RFS -|Cisco |Aironet 1130 AG |Cisco::Aironet_1130 -| |Aironet 1240 AG |Cisco::Aironet_1242 -| |Aironet 1250 |Cisco::Aironet_1250 -| |Aironet (WDS) |Cisco::Aironet_WDS -| |Catalyst 2900XL Series |Cisco::Catalyst_2900XL -| |Catalyst 2950 |Cisco::Catalyst_2950 -| |Catalyst 2960 |Cisco::Catalyst_2960 -| |Catalyst 2970 |Cisco::Catalyst_2970 -| |Catalyst 3500XL Series |Cisco::Catalyst_3500XL -| |Catalyst 3550 |Cisco::Catalyst_3550 -| |Catalyst 3560 |Cisco::Catalyst_3560 -| |Catalyst 3750 |Cisco::Catalyst_3750 -| |Catalyst 4500 |Cisco::Catalyst_4500 -| |Catalyst 6500 |Cisco::Catalyst_6500 -| |Router ISR 1800 Series |Cisco::ISR_1800 -| |Wireless Services Module |Cisco::WiSM -| |Wireless Services Module 2 |Cisco::WiSM2 -| |2100 Wireless Controller |Cisco::WLC_2106 -| |4400 Wireless Controller |Cisco::WLC_4400 -| |5500 Wireless Controller |Cisco::WLC_5500 -| |Wireless Controller (WLC) |Cisco::WLC -|D-Link |DES 3526 |Dlink::DES_3526 -| |DES 3550 |Dlink::DES_3550 -| |DGS 3100 |Dlink::DGS_3100 -| |DGS 3200 |Dlink::DGS_3200 -| |DWL Access-Points |Dlink::DWL -| |DWS 3026 |Dlink::DWS_3026 -|Dell |PowerConnect 3424 |Dell::PowerConnect3424 -| |Force 10 |Dell::Force10 -|Edge-corE |3526XA |Accton::ES3536XA -| |3528M |Accton::ES3528M -|Enterasys |Matrix N3 |Enterasys::Matrix_N3 -| |SecureStack C2 |Enterasys::SecureStack_C2 -| |SecureStack C3 |Enterasys::SecureStack_C3 -| |Standalone D2 |Enterasys::D2 -|Extreme Networks |Summit Series |Extreme::Summit -|Extricom |EXSW Wireless Switches |Extricom::EXSW -|Foundry |FastIron 4802 |Foundry::FastIron_4802 -|H3C |S5120 Series |H3C::S5120 -|hostapd |hostapd daemon |Hostapd -|HP |E4800G Switch series |HP::E4800G -| |E5500G Switch series |HP::E5500G -| |MSM 710 Mobility Controller |HP::Controller_MSM710 -| |ProCurve 2500 Series |HP::Procurve_2500 -| |ProCurve 2600 Series |HP::Procurve_2600 -| |ProCurve 3400cl Series |HP::Procurve_3400cl -| |ProCurve 4100 Series |HP::Procurve_4100 -| |ProCurve 5300 Series |HP::Procurve_5300 -| |ProCurve 5400 Series |HP::Procurve_5400 -|Intel |Express 460 |Intel::Express_460 -| |Express 530 |Intel::Express_530 -|Juniper |EX Series |Juniper::EX -|LG-Ericsson |iPECS Series |LG::ES4500G -|Linksys |SRW224G4 |Linksys::SRW224G4 -|Meru |MC Series |Meru::MC -|Motorola |RF Switches |Motorola::RFS -|Netgear |FSM726v1 |Netgear::FSM726v1 -| |GS110 |Netgear::GS110 -|Nortel |BPS2000 |Nortel::BPS2000 -| |ERS 2500 Series |Nortel::ERS2500 -| |ERS 4000 Series |Nortel::ERS4000 -| |ERS 5000 Series |Nortel::ERS5000 -| |ERS 5500 with firmware 6 |Nortel::ERS5500_6x -| |ES325 |Nortel::ES325 -| |Baystack 470 |Nortel::Baystack470 -| |Baystack 4550 |Nortel::Baystack4550 -| |Baystack 5500 Series |Nortel::Baystack5500 -| |Baystack 5500 w/ 6.x |Nortel::BayStack5500_6x -|Ruckus |Ruckus ZoneDirector |Ruckus -|SMC |TigerStack 6128 L2 |SMC::TS6128L2 -| |TigerStack 6224M |SMC::TS6224M -| |TigerStack 8824-48M |SMC::TS8800M -|Trapeze |Trapeze Controllers |Trapeze -|Xirrus |Xirrus WiFi Arrays |Xirrus -|======================================================================================= +PacketFence supports a whole lot of different wireless and wired network equipments from various vendors running +different versions. Since we want to provide the most accurate information and avoid duplication of that same +information, please refer to our website http://www.packetfence.org/about/supported_switches_and_aps.html + +You'll find on this page the enforcement modes supported by each and every single piece of equipment we tested and +worked with. Switch configuration -------------------- @@ -227,6 +135,59 @@ On each interface: port-security intrusion-mode blockmac undo enable snmp trap updown +In Mac Auth ++++++++++++ + Voice vlan : 6 + Normal vlan : 1 + Registration vlan : 2 + Isolation vlan : 3 + +Global config settings: + + lldp enable + lldp timer tx-interval 5 + lldp compliance cdp + lldp compliance cdp + + port-security enable + MAC-authentication domain packetfence + + radius scheme system + radius scheme packetfence + server-type extended + primary authentication 192.168.1.5 + primary accounting 1192.168.1.5 + key authentication P@cketfence + key accounting cipher P@cketfence + user-name-format without-domain + + domain packetfence + authentication radius-scheme packetfence + accounting radius-scheme packetfence + vlan-assignment-mode string + accounting optional + domain system + + voice vlan mac-address f4ea-6700-0000 mask ffff-ff00-0000 description Cisco IP Phone + undo voice vlan security enable + voice vlan 6 enable + +On each interface with VoIP: + + + interface Ethernet1/0/1 + stp edged-port enable + lldp compliance admin-status cdp txrx + port link-type hybrid + port hybrid vlan 6 tagged + port hybrid vlan 1 2 3 untagged + undo voice vlan mode auto + voice vlan enable + port-security max-mac-count 3 + port-security port-mode mac-authentication + port-security intrusion-mode blockmac + undo enable snmp trap updown + E4800G ^^^^^^ @@ -305,7 +266,7 @@ On each interface: where `xx` stands for the interface index. -E5500G and Switch 4200G +E5500G and Switch 4200G ^^^^^^^^^^^^^^^^^^^^^^^ PacketFence supports these 3Com switches with the following techniques: @@ -318,7 +279,7 @@ it does not mean that it won't work. Don't forget to update the startup config ! -linkUp / linkDown only +linkUp / linkDown only ++++++++++++++++++++++ Global config settings: @@ -332,7 +293,7 @@ On each interface: port access vlan 4 -802.1X with MAC Authentication fallback +802.1X with MAC Authentication fallback +++++++++++++++++++++++++++++++++++++++ Global config settings: @@ -467,7 +428,7 @@ PacketFence supports Amer switches _without VoIP_ using one trap type: Don't forget to update the startup config! -L2 Switch SS2R24i +L2 Switch SS2R24i ^^^^^^^^^^^^^^^^^ Global config settings: @@ -539,7 +500,7 @@ MAC-Authentication with VoIP voice-vlan 100 cdp enable -802.1x/MAC-Auth +802.1X/MAC-Auth +++++++++++++++ * Enable 802.1X globally @@ -571,20 +532,20 @@ PacketFence supports Cisco switches with VoIP using three different trap types: On some recent models, we can also use more secure and robust features like: * MAC Authentication (Cisco's MAC Authentication Bypass or MAB) -* 802.1x (Multi-Host or Multi-Domain) +* 802.1X (Multi-Host or Multi-Domain) Depending of the switch model, we recommend the use of the most secure and reliable feature first. In other words, you should consider the following order: -. 802.1x/MAB +. 802.1X/MAB . Port-Security . linkUp/linkDown -2900XL Series and 3500XL Series -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +2900XL / 3500XL Series +^^^^^^^^^^^^^^^^^^^^^^ -linkUP/linkDown SNMP traps -++++++++++++++++++++++++++ +SNMP | linkUP/linkDown +++++++++++++++++++++++ Global config settings: @@ -612,7 +573,7 @@ On each interface _with VoIP_: snmp trap mac-notification added snmp trap mac-notification removed -2950 +2950 ^^^^ Those switches are now supported using 802.1X for networks with or without VoIP. @@ -621,17 +582,14 @@ a MAC on the data VLAN specifically so enable it if there is no VoIP, use linkUp/linkDown and MAC notification otherwise.So on setup that needs to handle VoIP with this switch, go with a 802.1X configuration. -802.1X +802.1X ++++++ -Recently, we were able to add the support for 802.1X on those switch even if -they are not supporting RADIUS dynamic VLAN assignments. - Global config settings: dot1x system-auth-control -AAA Groups and Configuration: +AAA configuration: aaa new-model aaa group server radius packetfence @@ -640,13 +598,13 @@ AAA Groups and Configuration: aaa authentication dot1x default group packetfence aaa authorization network default group packetfence -Radius server configuration: +RADIUS server configuration: radius-server host 192.168.1.5 auth-port 1812 acct-port 1813 timeout 2 key useStrongerSecret radius-server vsa send authentication -For ports _without VoIP_: +On each interface _without VoIP_: switchport access vlan 4 switchport mode access @@ -654,7 +612,7 @@ For ports _without VoIP_: dot1x host-mode multi-host dot1x reauthentication -For ports _with VoIP_: +On each interface _with VoIP_: switchport access vlan 4 switchport mode access @@ -722,7 +680,7 @@ On each interface _with VoIP_: CAUTION: For 802.1X and MAB configurations, refer to <>. -Port­Security for IOS earlier than 12.2(46)SE  +Port­Security for IOS earlier than 12.2(46)SE +++++++++++++++++++++++++++++++++++++++++++++ Global config settings: @@ -765,7 +723,7 @@ Use the following templates for interface `IfIndex` in bogus MAC addresses * Gi0/1...Gi0/48 -> 10101...10148 =========================================================================== -Port­Security for IOS 12.2(46)SE or greater +Port­Security for IOS 12.2(46)SE or greater +++++++++++++++++++++++++++++++++++++++++++ Since version PacketFence 2.2.1, the way to handle VoIP when using @@ -817,13 +775,13 @@ Use the following templates for interface `IfIndex` in bogus MAC addresses =========================================================================== [[Catalyst_2970]] -2970, 3560, 3550, 3750 +2970, 3560, 3550, 3750 ^^^^^^^^^^^^^^^^^^^^^^ -CAUTION: The Catalyst 3550 does *not* support 802.1x with Multi-Domain, it -can only support 802.1x with MAB using Multi-Host, MAB, and Port-Security. +CAUTION: The Catalyst 3550 does *not* support 802.1X with Multi-Domain, it +can only support 802.1X with MAB using Multi-Host, MAB, and Port-Security. -802.1x with MAC Authentication bypass (Multi­Domain) +802.1X with MAC Authentication bypass (Multi­Domain) ++++++++++++++++++++++++++++++++++++++++++++++++++++ Global config settings: @@ -833,7 +791,7 @@ Global config settings: On each interface: switchport mode access - switchport voice vlan 100 + switchport voice vlan 100 authentication host-mode multi-domain authentication order dot1x mab authentication priority dot1x mab @@ -850,7 +808,7 @@ On each interface: AAA Groups and Configuration: aaa new-model - aaa group server radius packtfence + aaa group server radius packetfence server 192.168.1.5 auth-port 1812 acct-port 1813 aaa authentication login default local aaa authentication dot1x default group packetfence @@ -867,7 +825,7 @@ CoA configuration client 192.168.1.5 server-key useStrongerSecret port 3799 -802.1x with MAC Authentication bypass (Multi­Host) +802.1X with MAC Authentication bypass (Multi­Host) ++++++++++++++++++++++++++++++++++++++++++++++++++ Global config settings: @@ -909,7 +867,7 @@ CoA configuration client 192.168.1.5 server-key useStrongerSecret port 3799 -MAC Authentication bypass only +MAC Authentication bypass only ++++++++++++++++++++++++++++++ Global config settings @@ -934,7 +892,7 @@ On each interface AAA Groups and Configuration aaa new-model - aaa group server radius packtfence + aaa group server radius packetfence server 192.168.1.5 auth-port 1812 acct-port 1813 aaa authentication login default local aaa authentication dot1x default group packetfence @@ -951,6 +909,27 @@ CoA configuration client 192.168.1.5 server-key useStrongerSecret port 3799 +[NOTE] +.802.1X on various models of 2960 +============================================================================ +There's a lot of different versions of the Catalyst 2960 serie. Some of them +may not accept the command stated in this guide for 802.1X. + +We have found a couple of commands that are working great or MAB: + +On each interface + + switchport mode access + authentication order mab + authentication port-control auto + mab + dot1x pae authenticator + +But, as it is difficult for us to maintain the whole list of commands to +configure each and every different model of 2960 with different IOS, +please refer to Cisco documentation for very specific cases. +============================================================================ + Port-­Security ++++++++++++++ @@ -994,7 +973,7 @@ Use the following templates for interface `IfIndex` in bogus MAC addresses * Gi0/1...Gi0/48 -> 10101...10148 =========================================================================== -Stacked 29xx, Stacked 35xx, Stacked 3750, 4500 Series, 6500 Series +Stacked 29xx, Stacked 35xx, Stacked 3750, 4500 Series, 6500 Series ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The 4500 Series and all the stacked switches work exactly the same way as if they were not stacked so the configuration is the same: they support port-security with static MAC address and allow us to secure a MAC on the data VLAN so we enable it whether there is VoIP or not. @@ -1046,7 +1025,7 @@ Use the following templates for interface `IfIndex` in bogus MAC addresses * ... =========================================================================== -Router ISR 1800 Series +Router ISR 1800 Series ++++++++++++++++++++++ PacketFence supports the 1800 series Router with linkUp / linkDown traps. It cannot do @@ -1076,7 +1055,7 @@ PacketFence supports D-Link switches without VoIP using two different trap types Don't forget to update the startup config! -DES3526 / 3550 +DES3526 / 3550 ^^^^^^^^^^^^^^ Global config settings @@ -1130,7 +1109,7 @@ Dell Force 10 ^^^^^^^^ -PacketFence supports this switch using RADIUS, MAC-Authentication and 802.1x. +PacketFence supports this switch using RADIUS, MAC-Authentication and 802.1Xx. Global config settings @@ -1146,7 +1125,7 @@ MAB interface configuration: dot1x auth-type mab-only no shutdown -802.1x interface configuration: +802.1X interface configuration: interface GigabitEthernet 0/1 no ip address @@ -1154,7 +1133,7 @@ MAB interface configuration: dot1x authentication no shutdown -PowerConnect 3424 +PowerConnect 3424 ^^^^^^^^^^^^^^^^^ PacketFence supports this switch using linkUp/linkDown traps. @@ -1174,7 +1153,7 @@ PacketFence supports Edge-corE switches without VoIP using linkUp/linkDown traps Don't forget to update the startup config! -3526XA and 3528M +3526XA and 3528M ^^^^^^^^^^^^^^^^ Global config settings @@ -1193,7 +1172,7 @@ PacketFence supports Enterasys switches _without VoIP_ using two different trap Don't forget to update the startup config! -Matrix N3 +Matrix N3 ^^^^^^^^^ linkUp/linkDown traps are enabled by default so we disable them and enable MAC locking @@ -1221,7 +1200,7 @@ On each interface: where `xx` stands for the interface index. -SecureStack C2 +SecureStack C2 ^^^^^^^^^^^^^^ linkUp/linkDown traps are enabled by default so we disable them and enable MAC locking @@ -1244,7 +1223,7 @@ On each interface: where `xx` stands for the interface index -SecureStack C3 +SecureStack C3 ^^^^^^^^^^^^^^ This switch has the particular _feature_ of allowing more than one untagged egress VLAN per @@ -1274,7 +1253,7 @@ On each interface: where `xx` stands for the interface index -Standalone D2 +Standalone D2 ^^^^^^^^^^^^^ linkUp/linkDown traps are enabled by default so we disable them and enable MAC locking @@ -1450,6 +1429,179 @@ int eth xx where `xxxxxx` stands for the interface number (filled with zeros), `` with your voice-VLAN number and `` with your mac-detection VLAN number. +Huawei +~~~~~~ + +AC6605 Controller +^^^^^^^^^^^^^^^^^ + +PacketFence supports this controller with the following technologies: + +* Wireless 802.1X +* Wireless MAC Authentication + +Controlleur configuration ++++++++++++++++++++++++++ + +Setup NTP server: + + system-view + [AC] ntp-service unicast-server 208.69.56.110 + +Setup the radius serveur (@IP of PacketFence) authentication + accounting: + +[NOTE] +=============================== +In this configuration I will use the ip address of the VIP of PacketFence: 192.168.1.2; Registration VLAN : 145, Isolation VLAN : 146 +=============================== + + system-view + [AC] radius-server template radius_packetfence + [AC-radius-radius_packetfence] radius-server authentication 192.168.1.2 1812 weight 80 + [AC-radius-radius_packetfence] radius-server accounting 192.168.1.2 1813 weight 80 + [AC-radius-radius_packetfence] radius-server shared-key cipher s3cr3t + [AC-radius-radius_packetfence] undo radius-server user-name domain-included + [AC-radius-radius_packetfence] quit + [AC] radius-server authorization 192.168.1.2 shared-key cipher s3cr3t server-group radius_packetfence + [AC] aaa + [AC-aaa] authentication-scheme radius_packetfence + [AC-aaa-authen-radius_packetfence] authentication-mode radius + [AC-aaa-authen-radius_packetfence] quit + [AC-aaa] accounting-scheme radius_packetfence + [AC-aaa-accounting-radius_packetfence] accounting-mode radius + [AC-aaa-accounting-radius_packetfence] quit + + [AC-aaa] domain your.domain.com + [AC-aaa-domain-your.domain.com] authentication-scheme radius_packetfence + [AC-aaa-domain-your.domain.com] accounting-scheme radius_packetfence + [AC-aaa-domain-your.domain.com] radius-server radius_packetfence + [AC-aaa-domain-your.domain.com] quit + [AC-aaa] quit + +Create an Secure dot1x SSID ++++++++++++++++++++++++++++ + +Activate the dotx globaly: + + system-view + [AC] dot1x enable + +Create your secure dot1x ssid: + +Configure WLAN-ESS 0 interfaces: + + [AC] interface Wlan-Ess 0 + [AC-Wlan-Ess0] port hybrid untagged vlan 145 to 146 + [AC-Wlan-Ess0] dot1x enable + [AC-Wlan-Ess0] dot1x authentication-method eap + [AC-Wlan-Ess0] permit-domain name your.domain.com + [AC-Wlan-Ess0] force-domain name your.domain.com + [AC-Wlan-Ess0] default-domain your.domain.com + [AC-Wlan-Ess0] quit + +Configure AP parameters: ++++++++++++++++++++++++ + +Configure radios for APs: + + [AC] wlan + [AC-wlan-view] wmm-profile name huawei-ap + [AC-wlan-wmm-prof-huawei-ap] quit + [AC-wlan-view] radio-profile name huawei-ap + [AC-wlan-radio-prof-huawei-ap] radio-type 80211gn + [AC-wlan-radio-prof-huawei-ap] wmm-profile name huawei-ap + [AC-wlan-radio-prof-huawei-ap] quit + [AC-wlan-view] ap 1 radio 0 + [AC-wlan-radio-1/0] radio-profile name huawei-ap + Warning: Modify the Radio type may cause some parameters of Radio resume defaul + t value, are you sure to continue?[Y/N]: y + [AC-wlan-radio-1/0] quit + +Configure a security profile named huawei-ap. Set the security policy to WPA authentication, authentication method to 802.1X+PEAP, and encryption mode to CCMP: + + [AC-wlan-view] security-profile name huawei-ap-wpa2 + [AC-wlan-sec-prof-huawei-ap-wpa2] security-policy wpa2 + [AC-wlan-sec-prof-huawei-ap-wpa2] wpa-wpa2 authentication-method dot1x encryption-method ccmp + [AC-wlan-sec-prof-huawei-ap-wpa2] quit + +Configure a traffic profile: + + [AC-wlan-view] traffic-profile name huawei-ap + [AC-wlan-wmm-traffic-huawei-ap] quit + +Configure service sets for APs, and set the data forwarding mode to direct forwarding: + +The direct forwarding mode is used by default. + + [AC-wlan-view] service-set name PacketFence-dot1x + [AC-wlan-service-set-PacketFence-dot1x] ssid PacketFence-Secure + [AC-wlan-service-set-PacketFence-dot1x] wlan-ess 0 + [AC-wlan-service-set-PacketFence-dot1x] service-vlan 1 + [AC-wlan-service-set-PacketFence-dot1x] security-profile name huawei-ap-wpa2 + [AC-wlan-service-set-PacketFence-dot1x] traffic-profile name huawei-ap + [AC-wlan-service-set-PacketFence-dot1x] forward-mode tunnel + [AC-wlan-service-set-PacketFence-dot1x] quit + +Configure VAPs and deliver configurations to the APs: + + [AC-wlan-view] ap 1 radio 0 + [AC-wlan-radio-1/0] service-set name PacketFence-dot1x + [AC-wlan-radio-1/0] quit + [AC-wlan-view] commit ap 1 + +Create your Open ssid ++++++++++++++++++++++ + +Activate the mac-auth globaly: + + system-view + [AC] mac-authen + [AC] mac-authen username macaddress format with-hyphen + [AC] mac-authen domain your.domain.com + +Create your Open ssid: + +Configure WLAN-ESS 1 interfaces: + + [AC] interface Wlan-Ess 1 + [AC-Wlan-Ess1] port hybrid untagged vlan 145 to 146 + [AC-Wlan-Ess1] mac-authen + [AC-Wlan-Ess1] mac-authen username macaddress format without-hyphen + [AC-Wlan-Ess1] permit-domain name your.domain.com + [AC-Wlan-Ess1] force-domain name your.domain.com + [AC-Wlan-Ess1] default-domain your.domain.com + [AC-Wlan-Ess1] quit + +Configure AP parameters: + +Configure a security profile named huawei-ap-wep. Set the security policy to WEP authentication. + + [AC]wlan + [AC-wlan-view] security-profile name huawei-ap-wep + [AC-wlan-sec-prof-huawei-ap-wep] security-policy wep + [AC-wlan-sec-prof-huawei-ap-wep] quit + +Configure service sets for APs, and set the data forwarding mode to direct forwarding: + +The direct forwarding mode is used by default. + + [AC-wlan-view] service-set name PacketFence-WEP + [AC-wlan-service-set-PacketFence-WEP] ssid PacketFence-Open + [AC-wlan-service-set-PacketFence-WEP] wlan-ess 1 + [AC-wlan-service-set-PacketFence-WEP] service-vlan 1 + [AC-wlan-service-set-PacketFence-WEP] security-profile name huawei-ap-wep + [AC-wlan-service-set-PacketFence-WEP] traffic-profile name huawei-ap (already created before) + [AC-wlan-service-set-PacketFence-WEP] forward-mode tunnel + [AC-wlan-service-set-PacketFence-WEP] quit + +Configure VAPs and deliver configurations to the APs: + + [AC-wlan-view] ap 1 radio 0 + [AC-wlan-radio-1/0] service-set name PacketFence-WEP + [AC-wlan-radio-1/0] quit + [AC-wlan-view] commit ap 1 + + H3C ~~~ @@ -1776,7 +1928,8 @@ Exact command-line configuration to be contributed... Juniper ~~~~~~~ -PacketFence supports Juniper switches without VoIP in MAC Authentication (Juniper's MAC RADIUS) mode. +PacketFence supports Juniper switches in MAC Authentication (Juniper's MAC RADIUS) mode. +PacketFence supports VoIP on the EX2200 (JUNOS 12.6) and EX4200 (JUNOS 13.2) ---- # load replace terminal @@ -1830,12 +1983,69 @@ access { } } +snmp { + name "EX 4200"; + description juniper; + location EX; + contact "email@example.com"; + client-list list0 { + 192.168.1.5/32; + } + community public { + authorization read-only; + client-list-name list0; + } + community private { + authorization read-write; + client-list-name list0; + } +} + Ctrl-D # commit comment "packetfenced" ---- Change the `interface-range` statement to reflect the ports you want to secure with PacketFence. +VoIP configuration +++++++++++++++++++ + +---- +# load replace terminal +[Type ^D at a new line to end input] +protocols{ + lldp { + advertisement-interval 5; + transmit-delay 1; + ptopo-configuration-trap-interval 1; + lldp-configuration-notification-interval 1; + interface all; + } + lldp-med { + interface all; + } +} + +ethernet-switching-options { + voip { + interface access-ports { + vlan voice; + forwarding-class voice; + } + } + } +} + +vlans { + voice { + vlan-id 3; + } +} + +Ctrl-D +# commit comment "packetfenced VoIP" +---- + LG-Ericsson ~~~~~~~~~~~ @@ -1847,7 +2057,7 @@ PacketFence supports iPECS series switches _without VoIP_ using two different tr On some recent models, we can also use more secure and robust features, like: * MAC Authentication -* 802.1x +* 802.1X ES-4500G Series ^^^^^^^^^^^^^^^ @@ -2642,6 +2852,52 @@ image::docs/images/cisco-wlc-interface-ssid.png[scaledwidth="100%",alt="SSID Int You are good to go! +Wireless LAN Controller (WLC) Web Auth +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In this section, we cover the basic configuration of the WLC Web Auth for PacketFence using the web interface. +The idea is to forward the device to the captive portal with an ACL if the device is in an unreg state and +allow the device to reach Internet (or the normal network) by changing the ACL once registered. +In the unreg state, the WLC will intercept the HTTP traffic and forward the device to the captive portal. + +In this sample configuration, the captive portal uses the IP address 172.16.0.250, the administration interface +uses the IP address 172.16.0.249 and the WLC uses the IP address 172.16.0.248. +The DHCP and DNS servers are not managed by PacketFence (WLC DHCP Server, Production DHCP Server) + +* First, globally define the FreeRADIUS server running on PacketFence + (PacketFence's Administration Interface) and make sure _Support for RFC 3576_ is enabled (if not present it is enabled by default) + +* Then we create a SSID: +[options="compact"] +** OPEN SSID: non-secure with MAC authentication only + +image::docs/images/SSID_1.png[scaledwidth="100%",alt="SSID step 1"] + +image::docs/images/SSID_2.png[scaledwidth="100%",alt="SSID step 2"] + +image::docs/images/SSID_3.png[scaledwidth="100%",alt="SSID step 3"] + +image::docs/images/SSID_4.png[scaledwidth="100%",alt="SSID step 4"] + +image::docs/images/SSID_5.png[scaledwidth="100%",alt="SSID step 5"] + +image::docs/images/SSID_6.png[scaledwidth="100%",alt="SSID step 6"] + +image::docs/images/SSID_7.png[scaledwidth="100%",alt="SSID step 7"] + +* Then you have to create two ACLs - one to deny all traffic except the required one to hit the portal (Pre-Auth-For-WebRedirect ) and the other +one to allow anything (Authorize_any) . + +image::docs/images/ACL.png[scaledwidth="100%",alt="ACL"] + +* Then the last step is to configure the WLC in PacketFence. +Portal URL definition + +image::docs/images/WLC_PACKETFENCE.png[scaledwidth="100%",alt="ACL"] + +Role definition + +image::docs/images/WLC_PACKETFENCE2.png[scaledwidth="100%",alt="ACL"] D-Link ~~~~~~ @@ -3143,6 +3399,7 @@ NOTE: The Open SSID does *NOT* support dynamic VLAN assignments (Firmware 9.3.0. * Select the proper RADIUS server as the accounting server * Check the *Enable Dynamic VLAN* checkbox +[float] WIPS ++++ diff --git a/docs/docbook/fop-centos6.patch b/docs/docbook/fop-centos6.patch index db4f676e316d..630628898c3f 100644 --- a/docs/docbook/fop-centos6.patch +++ b/docs/docbook/fop-centos6.patch @@ -1,7 +1,7 @@ # # fop fix to build our documentation on CentOS 6 # -# Olivier Bilodeau +# Inverse inc. # --- /usr/bin/fop.orig 2012-01-17 21:25:50.000000000 -0500 +++ /usr/bin/fop 2012-01-17 21:26:04.000000000 -0500 diff --git a/docs/docbook/xmlgraphics-fop-centos5.patch b/docs/docbook/xmlgraphics-fop-centos5.patch index 2a6f7dbf75be..932c494cf0f5 100644 --- a/docs/docbook/xmlgraphics-fop-centos5.patch +++ b/docs/docbook/xmlgraphics-fop-centos5.patch @@ -2,7 +2,7 @@ # xmlgraphics-fop fix to build our documentation on CentOS 5 # taken from https://build.opensuse.org/request/show/68994 # -# Olivier Bilodeau +# Inverse inc. # --- /usr/bin/xmlgraphics-fop.orig 2012-01-17 18:42:08.000000000 -0500 +++ /usr/bin/xmlgraphics-fop 2012-01-17 18:42:18.000000000 -0500 diff --git a/docs/docbook/xsl/headerfooter-fo.xsl b/docs/docbook/xsl/headerfooter-fo.xsl index 180d4650c762..f2300579d2b1 100644 --- a/docs/docbook/xsl/headerfooter-fo.xsl +++ b/docs/docbook/xsl/headerfooter-fo.xsl @@ -10,9 +10,9 @@ This file is part of the PacketFence project. Authors: - - Olivier Bilodeau + - Inverse inc. - Copyright (C) 2011 Inverse inc. + Copyright (C) 2011-2014 Inverse inc. License: GFDL 1.2 or later. http://www.gnu.org/licenses/fdl.html ******************************************************************** --> diff --git a/docs/docbook/xsl/packetfence-fo-article.xsl b/docs/docbook/xsl/packetfence-fo-article.xsl index e7577015b0ac..2ad667ecdbf0 100644 --- a/docs/docbook/xsl/packetfence-fo-article.xsl +++ b/docs/docbook/xsl/packetfence-fo-article.xsl @@ -10,9 +10,9 @@ This file is part of the PacketFence project. Authors: - - Olivier Bilodeau + - Inverse inc. - Copyright (C) 2011 Inverse inc. + Copyright (C) 2011-2014 Inverse inc. License: GFDL 1.2 or later. http://www.gnu.org/licenses/fdl.html ******************************************************************** --> diff --git a/docs/docbook/xsl/packetfence-fo.xsl b/docs/docbook/xsl/packetfence-fo.xsl index 0424cfc85bde..8416d97365b3 100644 --- a/docs/docbook/xsl/packetfence-fo.xsl +++ b/docs/docbook/xsl/packetfence-fo.xsl @@ -10,9 +10,9 @@ This file is part of the PacketFence project. Authors: - - Olivier Bilodeau + - Inverse inc. - Copyright (C) 2011 Inverse inc. + Copyright (C) 2011-2014 Inverse inc. License: GFDL 1.2 or later. http://www.gnu.org/licenses/fdl.html ******************************************************************** --> diff --git a/docs/docbook/xsl/titlepage-fo.xml b/docs/docbook/xsl/titlepage-fo.xml index ec28953cc49e..c82c3c7461c6 100644 --- a/docs/docbook/xsl/titlepage-fo.xml +++ b/docs/docbook/xsl/titlepage-fo.xml @@ -25,7 +25,7 @@ Authors: - Inverse inc. - Copyright (C) 2011-2013 Inverse inc. + Copyright (C) 2011-2014 Inverse inc. License: GFDL 1.2 or later. http://www.gnu.org/licenses/fdl.html ******************************************************************** --> diff --git a/docs/docinfo.xml b/docs/docinfo.xml index 7ef185ee3153..6614f929a5c8 100644 --- a/docs/docinfo.xml +++ b/docs/docinfo.xml @@ -1,7 +1,7 @@ -Version 4.1.0 - December 2013 -for version 4.1.0 -2013-12-11 +Version 4.2.0 - May 2014 +for version 4.2.0 +2014-05-06 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". diff --git a/docs/images/ACL.png b/docs/images/ACL.png new file mode 100644 index 000000000000..3543b4a9f2c7 Binary files /dev/null and b/docs/images/ACL.png differ diff --git a/docs/images/SSID_1.png b/docs/images/SSID_1.png new file mode 100644 index 000000000000..ba2b489b0f72 Binary files /dev/null and b/docs/images/SSID_1.png differ diff --git a/docs/images/SSID_2.png b/docs/images/SSID_2.png new file mode 100644 index 000000000000..647dd72d717e Binary files /dev/null and b/docs/images/SSID_2.png differ diff --git a/docs/images/SSID_3.png b/docs/images/SSID_3.png new file mode 100644 index 000000000000..f3f581982405 Binary files /dev/null and b/docs/images/SSID_3.png differ diff --git a/docs/images/SSID_4.png b/docs/images/SSID_4.png new file mode 100644 index 000000000000..b5dcbb020970 Binary files /dev/null and b/docs/images/SSID_4.png differ diff --git a/docs/images/SSID_5.png b/docs/images/SSID_5.png new file mode 100644 index 000000000000..ed665070496e Binary files /dev/null and b/docs/images/SSID_5.png differ diff --git a/docs/images/SSID_6.png b/docs/images/SSID_6.png new file mode 100644 index 000000000000..a9b55ade971d Binary files /dev/null and b/docs/images/SSID_6.png differ diff --git a/docs/images/SSID_7.png b/docs/images/SSID_7.png new file mode 100644 index 000000000000..dfde2446a607 Binary files /dev/null and b/docs/images/SSID_7.png differ diff --git a/docs/images/WLC_PACKETFENCE.png b/docs/images/WLC_PACKETFENCE.png new file mode 100644 index 000000000000..c270143b8235 Binary files /dev/null and b/docs/images/WLC_PACKETFENCE.png differ diff --git a/docs/images/WLC_PACKETFENCE2.png b/docs/images/WLC_PACKETFENCE2.png new file mode 100644 index 000000000000..98493e69ad67 Binary files /dev/null and b/docs/images/WLC_PACKETFENCE2.png differ diff --git a/docs/includes/global-attributes.asciidoc b/docs/includes/global-attributes.asciidoc index ba7e8ff6c068..1858635924aa 100644 --- a/docs/includes/global-attributes.asciidoc +++ b/docs/includes/global-attributes.asciidoc @@ -6,13 +6,13 @@ Authors: - Inverse inc. - Copyright (C) 2012-2013 Inverse inc. + Copyright (C) 2012-2014 Inverse inc. License: GFDL 1.2 or later. http://www.gnu.org/licenses/fdl.html //// // TODO have the build system take care of this -:release_version: 4.1.0 +:release_version: 4.2.0 // vim: set syntax=asciidoc tabstop=2 shiftwidth=2 expandtab: diff --git a/html/captive-portal/Changes b/html/captive-portal/Changes new file mode 100644 index 000000000000..3755e1259469 --- /dev/null +++ b/html/captive-portal/Changes @@ -0,0 +1,4 @@ +This file documents the revision history for Perl extension captiveportal. + +0.01 2013-11-04 08:31:12 + - initial revision, generated by Catalyst diff --git a/html/captive-portal/Makefile.PL b/html/captive-portal/Makefile.PL new file mode 100644 index 000000000000..a20aa02baf6b --- /dev/null +++ b/html/captive-portal/Makefile.PL @@ -0,0 +1,25 @@ +#!/usr/bin/env perl +# IMPORTANT: if you delete this file your app will not work as +# expected. You have been warned. +use inc::Module::Install; +use Module::Install::Catalyst; # Complain loudly if you don't have + # Catalyst::Devel installed or haven't said + # 'make dist' to create a standalone tarball. + +name 'captive-portal'; +all_from 'lib/captive/portal.pm'; + +requires 'Catalyst::Runtime' => '5.90011'; +requires 'Catalyst::Plugin::ConfigLoader'; +requires 'Catalyst::Plugin::Static::Simple'; +requires 'Catalyst::Action::RenderView'; +requires 'Moose'; +requires 'namespace::autoclean'; +requires 'Config::General'; # This should reflect the config file format you've chosen + # See Catalyst::Plugin::ConfigLoader for supported formats +test_requires 'Test::More' => '0.88'; +catalyst; + +install_script glob('script/*.pl'); +auto_install; +WriteAll; diff --git a/html/captive-portal/README b/html/captive-portal/README new file mode 100644 index 000000000000..34e221aa9dd6 --- /dev/null +++ b/html/captive-portal/README @@ -0,0 +1 @@ +Run script/captive_portal_server.pl to test the application. diff --git a/html/captive-portal/billing-engine.cgi b/html/captive-portal/billing-engine.cgi index 93ff141f8aed..7b6f5a15b4b2 100755 --- a/html/captive-portal/billing-engine.cgi +++ b/html/captive-portal/billing-engine.cgi @@ -37,13 +37,14 @@ Log::Log4perl::MDC->put('tid', 0); my $portalSession = pf::Portal::Session->new(); my $cgi = $portalSession->getCgi(); +my $mac = $portalSession->getClientMac(); # If the billing engine isn't enabled (you shouldn't be here), redirect to portal entrance print $cgi->redirect("/captive-portal?destination_url=".uri_escape($portalSession->getDestinationUrl())) if ( isdisabled($Config{'registration'}{'billing_engine'}) ); # we need a valid MAC to identify a node -if ( !valid_mac($portalSession->getClientMac()) ) { +if ( !valid_mac($mac) ) { $logger->info($portalSession->getClientIp() . " not resolvable, generating error page"); pf::web::generate_error_page($portalSession, i18n("error: not found in the database")); exit(0); @@ -64,7 +65,7 @@ if ( defined($cgi->param('submit')) ) { my %tiers_infos = $billingObj->getAvailableTiers(); my $transaction_infos_ref = { ip => $portalSession->getClientIp(), - mac => $portalSession->getClientMac(), + mac => $mac, firstname => $cgi->param('firstname'), lastname => $cgi->param('lastname'), email => lc($cgi->param('email')), @@ -77,7 +78,7 @@ if ( defined($cgi->param('submit')) ) { }; # Process the transaction - my $paymentStatus = $billingObj->processTransaction($transaction_infos_ref); + my $paymentStatus = $billingObj->processTransaction($transaction_infos_ref); if ( $paymentStatus eq $BILLING::SUCCESS ) { # Adding person (using modify in case person already exists) @@ -95,9 +96,42 @@ if ( defined($cgi->param('submit')) ) { $info{'category'} = $tiers_infos{$tier}{'category'}; $info{'unregdate'} = POSIX::strftime("%Y-%m-%d %H:%M:%S", localtime( time + $timeout )); + if ($tiers_infos{$tier}{'usage_duration'}) { + $info{'time_balance'} = normalize_time($tiers_infos{$tier}{'usage_duration'}); + + # Check if node has some access time left; if so, add it to the new duration + my $node = node_view($mac); + if ($node && $node->{'time_balance'} > 0) { + if ($node->{'last_start_timestamp'} > 0) { + # Node is active; compute the actual access time left + my $expiration = $node->{'last_start_timestamp'} + $node->{'time_balance'}; + my $now = time; + if ($expiration > $now) { + $info{'time_balance'} += ($expiration - $now); + } + } + else { + # Node is inactive; add the remaining access time to the purchased access time + $info{'time_balance'} += $node->{'time_balance'}; + } + } + $logger->info("Usage duration for $mac is now " . $info{'time_balance'}); + } + + # Close violations that use the 'Accounting::BandwidthExpired' trigger + my @tid = trigger_view_tid($ACCOUNTING_POLICY_TIME); + foreach my $violation (@tid) { + # Close any existing violation + violation_force_close($mac, $violation->{'vid'}); + } + # Register the node pf::web::web_node_register($portalSession, $info{'pid'}, %info); + # Send confirmation email + my %data = $billingObj->prepareConfirmationInfo($transaction_infos_ref, $portalSession); + pf::util::send_email('billing_confirmation', $data{'email'}, $data{'subject'}, \%data); + # Generate the release page # XXX Should be part of the portal profile $portalSession->setDestinationUrl(decode_entities(uri_unescape($tiers_infos{$tier}{'destination_url'}))) diff --git a/html/captive-portal/captive_portal.conf.example b/html/captive-portal/captive_portal.conf.example new file mode 100644 index 000000000000..7696002db7e8 --- /dev/null +++ b/html/captive-portal/captive_portal.conf.example @@ -0,0 +1,10 @@ +# rename this file to captiveportal.yml and put a ':' after 'name' if +# you want to use YAML like in old versions of Catalyst +name captiveportal + + + + override Status index + + + diff --git a/html/captive-portal/content/PacketFenceAgent.apk b/html/captive-portal/content/PacketFenceAgent.apk new file mode 100644 index 000000000000..6bd4fc204a2b Binary files /dev/null and b/html/captive-portal/content/PacketFenceAgent.apk differ diff --git a/html/captive-portal/content/countdown.min.js b/html/captive-portal/content/countdown.min.js new file mode 100644 index 000000000000..f639eac6abbe --- /dev/null +++ b/html/captive-portal/content/countdown.min.js @@ -0,0 +1,17 @@ +/* + countdown.js v2.3.3 http://countdownjs.org + Copyright (c)2006-2012 Stephen M. McKamey. + Licensed under The MIT License. +*/ +var module,countdown=function(r){function v(a,b){var c=a.getTime();a.setUTCMonth(a.getUTCMonth()+b);return Math.round((a.getTime()-c)/864E5)}function t(a){var b=a.getTime(),c=new Date(b);c.setUTCMonth(a.getUTCMonth()+1);return Math.round((c.getTime()-b)/864E5)}function h(a,b){return a+" "+(1===a?p[b]:q[b])}function n(){}function l(a,b,c,g,f,d){0<=a[c]&&(b+=a[c],delete a[c]);b/=f;if(1>=b+1)return 0;if(0<=a[g]){a[g]=+(a[g]+b).toFixed(d);switch(g){case "seconds":if(60!==a.seconds||isNaN(a.minutes))break; +a.minutes++;a.seconds=0;case "minutes":if(60!==a.minutes||isNaN(a.hours))break;a.hours++;a.minutes=0;case "hours":if(24!==a.hours||isNaN(a.days))break;a.days++;a.hours=0;case "days":if(7!==a.days||isNaN(a.weeks))break;a.weeks++;a.days=0;case "weeks":if(a.weeks!==t(a.refMonth)/7||isNaN(a.months))break;a.months++;a.weeks=0;case "months":if(12!==a.months||isNaN(a.years))break;a.years++;a.months=0;case "years":if(10!==a.years||isNaN(a.decades))break;a.decades++;a.years=0;case "decades":if(10!==a.decades|| +isNaN(a.centuries))break;a.centuries++;a.decades=0;case "centuries":if(10!==a.centuries||isNaN(a.millennia))break;a.millennia++;a.centuries=0}return 0}return b}function w(a,b,c,g,f,d){a.start=b;a.end=c;a.units=g;a.value=c.getTime()-b.getTime();if(0>a.value){var h=c;c=b;b=h}a.refMonth=new Date(b.getFullYear(),b.getMonth(),15);try{a.millennia=0;a.centuries=0;a.decades=0;a.years=c.getUTCFullYear()-b.getUTCFullYear();a.months=c.getUTCMonth()-b.getUTCMonth();a.weeks=0;a.days=c.getUTCDate()-b.getUTCDate(); +a.hours=c.getUTCHours()-b.getUTCHours();a.minutes=c.getUTCMinutes()-b.getUTCMinutes();a.seconds=c.getUTCSeconds()-b.getUTCSeconds();a.milliseconds=c.getUTCMilliseconds()-b.getUTCMilliseconds();var k;0>a.milliseconds?(k=s(-a.milliseconds/1E3),a.seconds-=k,a.milliseconds+=1E3*k):1E3<=a.milliseconds&&(a.seconds+=m(a.milliseconds/1E3),a.milliseconds%=1E3);0>a.seconds?(k=s(-a.seconds/60),a.minutes-=k,a.seconds+=60*k):60<=a.seconds&&(a.minutes+=m(a.seconds/60),a.seconds%=60);0>a.minutes?(k=s(-a.minutes/ +60),a.hours-=k,a.minutes+=60*k):60<=a.minutes&&(a.hours+=m(a.minutes/60),a.minutes%=60);0>a.hours?(k=s(-a.hours/24),a.days-=k,a.hours+=24*k):24<=a.hours&&(a.days+=m(a.hours/24),a.hours%=24);for(;0>a.days;)a.months--,a.days+=v(a.refMonth,1);7<=a.days&&(a.weeks+=m(a.days/7),a.days%=7);0>a.months?(k=s(-a.months/12),a.years-=k,a.months+=12*k):12<=a.months&&(a.years+=m(a.months/12),a.months%=12);10<=a.years&&(a.decades+=m(a.years/10),a.years%=10,10<=a.decades&&(a.centuries+=m(a.decades/10),a.decades%= +10,10<=a.centuries&&(a.millennia+=m(a.centuries/10),a.centuries%=10)));b=0;!(g&1024)||b>=f?(a.centuries+=10*a.millennia,delete a.millennia):a.millennia&&b++;!(g&512)||b>=f?(a.decades+=10*a.centuries,delete a.centuries):a.centuries&&b++;!(g&256)||b>=f?(a.years+=10*a.decades,delete a.decades):a.decades&&b++;!(g&128)||b>=f?(a.months+=12*a.years,delete a.years):a.years&&b++;!(g&64)||b>=f?(a.months&&(a.days+=v(a.refMonth,a.months)),delete a.months,7<=a.days&&(a.weeks+=m(a.days/7),a.days%=7)):a.months&& +b++;!(g&32)||b>=f?(a.days+=7*a.weeks,delete a.weeks):a.weeks&&b++;!(g&16)||b>=f?(a.hours+=24*a.days,delete a.days):a.days&&b++;!(g&8)||b>=f?(a.minutes+=60*a.hours,delete a.hours):a.hours&&b++;!(g&4)||b>=f?(a.seconds+=60*a.minutes,delete a.minutes):a.minutes&&b++;!(g&2)||b>=f?(a.milliseconds+=1E3*a.seconds,delete a.seconds):a.seconds&&b++;if(!(g&1)||b>=f){var e=l(a,0,"milliseconds","seconds",1E3,d);if(e&&(e=l(a,e,"seconds","minutes",60,d))&&(e=l(a,e,"minutes","hours",60,d))&&(e=l(a,e,"hours","days", +24,d))&&(e=l(a,e,"days","weeks",7,d))&&(e=l(a,e,"weeks","months",t(a.refMonth)/7,d))){g=e;var n,p=a.refMonth,q=p.getTime(),r=new Date(q);r.setUTCFullYear(p.getUTCFullYear()+1);n=Math.round((r.getTime()-q)/864E5);if(e=l(a,g,"months","years",n/t(a.refMonth),d))if(e=l(a,e,"years","decades",10,d))if(e=l(a,e,"decades","centuries",10,d))if(e=l(a,e,"centuries","millennia",10,d))throw Error("Fractional unit overflow");}}}finally{delete a.refMonth}return a}function d(a,b,c,d,f){var h;c=+c||222;d=0f?Math.round(f):20:0;"function"===typeof a?(h=a,a=null):a instanceof Date||(a=null!==a&&isFinite(a)?new Date(a):null);"function"===typeof b?(h=b,b=null):b instanceof Date||(b=null!==b&&isFinite(b)?new Date(b):null);if(!a&&!b)return new n;if(!h)return w(new n,a||new Date,b||new Date,c,d,f);var l=c&1?1E3/30:c&2?1E3:c&4?6E4:c&8?36E5:c&16?864E5:6048E5,k,e=function(){h(w(new n,a||new Date,b||new Date,c,d,f),k)};e();return k=setInterval(e,l)}var s=Math.ceil,m=Math.floor,p,q,u;n.prototype.toString= +function(){var a=u(this),b=a.length;if(!b)return"";1=c;c++)p[c]=a[c]||p[c],q[c]=b[c]||q[c]};(d.resetLabels=function(){p="millisecond second minute hour day week month year decade century millennium".split(" "); +q="milliseconds seconds minutes hours days weeks months years decades centuries millennia".split(" ")})();r&&r.exports&&(r.exports=d);return d}(module); \ No newline at end of file diff --git a/html/captive-portal/content/styles.css b/html/captive-portal/content/styles.css index 52a808756376..826df0cb35a8 100644 --- a/html/captive-portal/content/styles.css +++ b/html/captive-portal/content/styles.css @@ -293,6 +293,38 @@ div.input div.separator { right: 48%; } +table { + border-spacing: 0; + width: 100%; +} + +table caption { + font-weight: bold; + text-align: left; + padding: 8px 0px; +} + +table th { + font-size: 12px; + text-transform: uppercase; +} + +table td { + font-size: 14px; + text-align: left; +} + +table thead th { + color: #999; + border-bottom: 1px solid #ddd; + font-weight: normal; + text-align: left; +} + +table tbody tr:hover td { + color: #000; +} + a.btn img { border: 0px; vertical-align: bottom; diff --git a/html/captive-portal/guest-selfregistration.cgi b/html/captive-portal/guest-selfregistration.cgi index bc209b613241..1fb554704ad0 100755 --- a/html/captive-portal/guest-selfregistration.cgi +++ b/html/captive-portal/guest-selfregistration.cgi @@ -43,6 +43,8 @@ my $portalSession = pf::Portal::Session->new(); my $cgi = $portalSession->getCgi(); my $session = $portalSession->getSession(); +our @PERSON_FIELDS = grep { $_ ne 'pid' && $_ ne 'notes' } @pf::person::FIELDS; + # if self registration is not enabled, redirect to portal entrance print $cgi->redirect("/captive-portal?destination_url=".uri_escape($portalSession->getDestinationUrl())) if ( @{$portalSession->getProfile->getGuestModes} == 0 ); @@ -106,14 +108,8 @@ if (defined($cgi->url_param('mode')) && $cgi->url_param('mode') eq $pf::web::gue $info{'category'} = &pf::authentication::match($source->{id}, $auth_params, $Actions::SET_ROLE); # form valid, adding person (using modify in case person already exists) - person_modify($pid, ( - 'firstname' => $session->param("firstname"), - 'lastname' => $session->param("lastname"), - 'company' => $session->param('company'), - 'email' => $email, - 'telephone' => $session->param("phone"), - 'notes' => 'email activation. Date of arrival: ' . time2str("%Y-%m-%d %H:%M:%S", time), - )); + my $note = 'email activation. Date of arrival: ' . time2str("%Y-%m-%d %H:%M:%S", time); + _update_person($pid,$session,$note); # if we are on-site: register the node if (!$session->param("preregistration")) { @@ -176,14 +172,8 @@ if (defined($cgi->url_param('mode')) && $cgi->url_param('mode') eq $pf::web::gue # form valid, adding person (using modify in case person already exists) $logger->info("Adding guest person " . $session->param('guest_pid') . "(" . $session->param("phone") . ")"); - person_modify($pid, ( - 'firstname' => $session->param("firstname"), - 'lastname' => $session->param("lastname"), - 'company' => $session->param('company'), - 'email' => $session->param("email"), - 'telephone' => $phone, - 'notes' => 'sms confirmation. Date of arrival: ' . time2str("%Y-%m-%d %H:%M:%S", time), - )); + my $note = 'sms confirmation Date of arrival: ' . time2str("%Y-%m-%d %H:%M:%S", time); + _update_person($pid,$session,$note); $logger->info("redirecting to mobile confirmation page"); @@ -220,15 +210,8 @@ if (defined($cgi->url_param('mode')) && $cgi->url_param('mode') eq $pf::web::gue $info{'pid'} = $pid; # form valid, adding person (using modify in case person already exists) - person_modify($pid, ( - 'firstname' => $session->param("firstname"), - 'lastname' => $session->param("lastname"), - 'company' => $session->param('company'), - 'email' => $email, - 'telephone' => $session->param("phone"), - 'sponsor' => $session->param("sponsor"), - 'notes' => 'sponsored guest. Date of arrival: ' . time2str("%Y-%m-%d %H:%M:%S", time) - )); + my $note = 'sponsored guest. Date of arrival: ' . time2str("%Y-%m-%d %H:%M:%S", time); + _update_person($pid,$session,$note); $logger->info("Adding guest person " . $session->param('guest_pid')); my $sponsor_type = pf::Authentication::Source::SponsorEmailSource->meta->get_attribute('type')->default; @@ -301,6 +284,16 @@ else { pf::web::guest::generate_selfregistration_page($portalSession); } +sub _update_person { + my ($pid,$session,$note) = @_; + my @info = ( + (map { my $v = $session->param($_); defined $v ? ($_ => $session->param($_)) :() } @PERSON_FIELDS), + 'telephone' => $session->param("phone"), + 'notes' => $note, + ); + person_modify($pid, @info); +} + =head1 AUTHOR Inverse inc. diff --git a/html/captive-portal/lib/captiveportal.pm b/html/captive-portal/lib/captiveportal.pm new file mode 100644 index 000000000000..783ed1ebbfc6 --- /dev/null +++ b/html/captive-portal/lib/captiveportal.pm @@ -0,0 +1,196 @@ +package captiveportal; +use Moose; +use namespace::autoclean; +use Log::Log4perl::Catalyst; + +use Catalyst::Runtime 5.80; +use POSIX qw(setlocale); +use Locale::gettext qw(bindtextdomain textdomain); + +# Set flags and add plugins for the application. +# +# Note that ORDERING IS IMPORTANT here as plugins are initialized in order, +# therefore you almost certainly want to keep ConfigLoader at the head of the +# list if you're using it. +# +# -Debug: activates the debug mode for very useful log messages +# ConfigLoader: will load the configuration from a Config::General file in the +# application's home directory +# Static::Simple: will serve static files from the application's root +# directory + +use Catalyst qw/ + -Debug + ConfigLoader + Static::Simple + I18N + Authentication + Session + Session::Store::CHI + Session::State::Cookie + StackTrace + /; + +use Try::Tiny; + +use constant INSTALL_DIR => '/usr/local/pf'; +use lib INSTALL_DIR . "/lib"; + +BEGIN { + use pf::log service => 'httpd.portal',no_stderr_trapping => 1,no_stdout_trapping => 1; +} + +use pf::config::cached; +use pf::file_paths; +use pf::CHI; + +extends 'Catalyst'; + +our $VERSION = '0.01'; +bindtextdomain( "packetfence", "$conf_dir/locale" ); +textdomain("packetfence"); + +# Configure the application. +# +# Note that settings in captive_portal.conf (or other external +# configuration file that you set up manually) take precedence +# over this when using ConfigLoader. Thus configuration +# details given here can function as a default configuration, +# with an external configuration file acting as an override for +# local deployment. + +__PACKAGE__->config( + name => 'captiveportal', + # Disable deprecated behavior needed by old applications + disable_component_resolution_regex_fallback => 1, + 'static' => { + mime_types => { woff => 'font/woff' }, + + # Include static content from captive portal in order to render previews of + # remediation pages (see pfappserver::Controller::Violation) + include_path => [ + \&loadCustomStatic, + INSTALL_DIR . '/html/captive-portal', + INSTALL_DIR . '/html/common', + INSTALL_DIR . '/html', + ], + ignore_dirs => [ + qw( + pfappserver templates + t profile-templates lib script + ) + ], + ignore_extensions => [qw/cgi php inc tt html xml pl pm/], + }, + 'Plugin::Session' => { + chi_class => 'pf::CHI', + chi_args => { + namespace => 'httpd.portal', + }, + cookie_name => 'CGISESSION', + }, + default_view => 'HTML', +); + +before handle_request => sub { + pf::config::cached::ReloadConfigs(); +}; + +sub loadCustomStatic { + my ($c) = @_; + my $dirs = []; + my $portalSession = $c->portalSession; + if ($portalSession) { + $dirs = $portalSession->templateIncludePath; + } + return $dirs; +} + +sub user_cache { + return pf::CHI->new( namespace => 'httpd.portal'); +} + +has portalSession => ( + is => 'rw', + lazy => 1, + builder => '_build_portalSession', +); + +sub _build_portalSession { + my ($c) = @_; + return $c->model('Portal::Session'); +} + +has profile => ( + is => 'rw', + lazy => 1, + builder => '_build_profile', +); + +sub _build_profile { + my ($c) = @_; + return $c->portalSession->profile; +} + +after finalize => sub { + my ($c) = @_; + if ( ref($c) ) { + my $deferred_actions = delete $c->stash->{_deferred_actions} || []; + foreach my $action (@$deferred_actions) { + eval { $action->(); }; + if ($@) { + $c->log->error("Error with a deferred action: $@"); + } + } + } +}; + +sub add_deferred_actions { + my ( $c, @args ) = @_; + if ( ref($c) ) { + my $deferred_actions = $c->stash->{_deferred_actions} ||= []; + push @$deferred_actions, @args; + } +} + +sub has_errors { + my ($c) = @_; + return scalar @{$c->error}; +} + +__PACKAGE__->log(Log::Log4perl::Catalyst->new(INSTALL_DIR . '/conf/log.conf.d/httpd.portal.conf',watch_delay => 5 * 60)); + +# Handle warnings from Perl as error log messages +$SIG{__WARN__} = sub { __PACKAGE__->log->error(@_); }; + +# Start the application +__PACKAGE__->setup(); + +=head1 NAME + +captiveportal - Catalyst based application + +=head1 SYNOPSIS + + script/captive_portal_server.pl + +=head1 DESCRIPTION + +[enter your description here] + +=head1 SEE ALSO + +L, L + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +1; diff --git a/html/captive-portal/lib/captiveportal/Base/Controller.pm b/html/captive-portal/lib/captiveportal/Base/Controller.pm new file mode 100644 index 000000000000..8af51af66b88 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Base/Controller.pm @@ -0,0 +1,74 @@ +package captiveportal::Base::Controller; + +=head1 NAME + +captiveportal::Base::Controller add documentation + +=cut + +=head1 DESCRIPTION + +captiveportal::Base::Controller + +=cut + +use Moose; +use Moose::Util qw(apply_all_roles); +use namespace::autoclean; +use pf::authentication; +use pf::config; +use pf::enforcement qw(reevaluate_access); +use pf::iplog qw(ip2mac); +use pf::node + qw(node_attributes node_modify node_register node_view is_max_reg_nodes_reached); +use pf::os qw(dhcp_fingerprint_view); +use pf::useragent; +use pf::util; +use pf::violation qw(violation_count); +use pf::web::constants; +use pf::web; +BEGIN { extends 'Catalyst::Controller'; } + +sub showError { + my ( $self, $c, $error ) = @_; + my $text_message; + if ( ref($error) ) { + $text_message = i18n_format(@$error); + } else { + $text_message = i18n($error); + } + $c->stash( + template => 'error.html', + txt_message => $text_message, + ); + $c->detach; +} + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/Access.pm b/html/captive-portal/lib/captiveportal/Controller/Access.pm new file mode 100644 index 000000000000..60c62c23f2fe --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/Access.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::Access; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::Access'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/Activate/Email.pm b/html/captive-portal/lib/captiveportal/Controller/Activate/Email.pm new file mode 100644 index 000000000000..bfb3ded47447 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/Activate/Email.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::Activate::Email; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::Activate::Email'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/Activate/Sms.pm b/html/captive-portal/lib/captiveportal/Controller/Activate/Sms.pm new file mode 100644 index 000000000000..a41e51d1889b --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/Activate/Sms.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::Activate::Sms; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::Activate::Sms'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/Aup.pm b/html/captive-portal/lib/captiveportal/Controller/Aup.pm new file mode 100644 index 000000000000..c7a8b9149e4e --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/Aup.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::Aup; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::Aup'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/Authenticate.pm b/html/captive-portal/lib/captiveportal/Controller/Authenticate.pm new file mode 100644 index 000000000000..6370eb52f092 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/Authenticate.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::Authenticate; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::Authenticate'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/CaptivePortal.pm b/html/captive-portal/lib/captiveportal/Controller/CaptivePortal.pm new file mode 100644 index 000000000000..4112afaa18be --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/CaptivePortal.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::CaptivePortal; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::CaptivePortal'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/DeviceRegistration.pm b/html/captive-portal/lib/captiveportal/Controller/DeviceRegistration.pm new file mode 100644 index 000000000000..9b681f830511 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/DeviceRegistration.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::DeviceRegistration; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::DeviceRegistration'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/Enabler.pm b/html/captive-portal/lib/captiveportal/Controller/Enabler.pm new file mode 100644 index 000000000000..809fce40c961 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/Enabler.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::Enabler; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::Enabler'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/Node/Manager.pm b/html/captive-portal/lib/captiveportal/Controller/Node/Manager.pm new file mode 100644 index 000000000000..1b5aa9579aa6 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/Node/Manager.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::Node::Manager; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::Node::Manager'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/Oauth2.pm b/html/captive-portal/lib/captiveportal/Controller/Oauth2.pm new file mode 100644 index 000000000000..8db2608034d8 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/Oauth2.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::Oauth2; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::Oauth2'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/Pay.pm b/html/captive-portal/lib/captiveportal/Controller/Pay.pm new file mode 100644 index 000000000000..25c4d8dbc7e9 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/Pay.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::Pay; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::Pay'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/PreRegister.pm b/html/captive-portal/lib/captiveportal/Controller/PreRegister.pm new file mode 100644 index 000000000000..455eb9f99e99 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/PreRegister.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::PreRegister; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::PreRegister'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/Redirect.pm b/html/captive-portal/lib/captiveportal/Controller/Redirect.pm new file mode 100644 index 000000000000..d0efd9b637a1 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/Redirect.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::Redirect; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::Redirect'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/Release.pm b/html/captive-portal/lib/captiveportal/Controller/Release.pm new file mode 100644 index 000000000000..ebd9e4029577 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/Release.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::Release; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::Release'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/Remediation.pm b/html/captive-portal/lib/captiveportal/Controller/Remediation.pm new file mode 100644 index 000000000000..f0d314a416bc --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/Remediation.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::Remediation; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::Remediation'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/Root.pm b/html/captive-portal/lib/captiveportal/Controller/Root.pm new file mode 100644 index 000000000000..22eae9f5b2e4 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/Root.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::Root; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::Root'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/Signup.pm b/html/captive-portal/lib/captiveportal/Controller/Signup.pm new file mode 100644 index 000000000000..a15686b524e6 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/Signup.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::Signup; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::Signup'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/Status.pm b/html/captive-portal/lib/captiveportal/Controller/Status.pm new file mode 100644 index 000000000000..74e25527afbc --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/Status.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::Status; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::Status'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Controller/WirelessProfile.pm b/html/captive-portal/lib/captiveportal/Controller/WirelessProfile.pm new file mode 100644 index 000000000000..0b4dbddb22bc --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Controller/WirelessProfile.pm @@ -0,0 +1,29 @@ +package captiveportal::Controller::WirelessProfile; +use Moose; + +BEGIN { extends 'captiveportal::PacketFence::Controller::WirelessProfile'; } + +=head1 NAME + +captiveportal::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=cut + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Model/Portal/Session.pm b/html/captive-portal/lib/captiveportal/Model/Portal/Session.pm new file mode 100644 index 000000000000..1e04a11ec5ee --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Model/Portal/Session.pm @@ -0,0 +1,28 @@ +package captiveportal::Model::Portal::Session; +use Moose; + +extends 'captiveportal::PacketFence::Model::Portal::Session'; + +=head1 NAME + +captiveportal::Model::Portal::Session - Catalyst Model + +=head1 DESCRIPTION + +Catalyst Model. + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Access.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Access.pm new file mode 100644 index 000000000000..3b980776f1c7 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Access.pm @@ -0,0 +1,41 @@ +package captiveportal::PacketFence::Controller::Access; +use Moose; +use namespace::autoclean; + +BEGIN { extends 'Catalyst::Controller'; } + +=head1 NAME + +captiveportal::PacketFence::Controller::Access - Catalyst Controller + +=head1 DESCRIPTION + +Catalyst Controller. + +=head1 METHODS + +=cut + +=head2 index + +=cut + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + $c->detach('Release', 'index'); +} + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm new file mode 100644 index 000000000000..a126ceb0e84a --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Email.pm @@ -0,0 +1,395 @@ +package captiveportal::PacketFence::Controller::Activate::Email; +use Moose; +use namespace::autoclean; + +BEGIN { extends 'captiveportal::Base::Controller'; } + +use Log::Log4perl; +use POSIX; + +use pf::config; +use pf::email_activation qw($GUEST_ACTIVATION $SPONSOR_ACTIVATION); +use pf::node; +use pf::Portal::Session; +use pf::util qw(valid_mac); +use pf::web; +use pf::log; +use pf::web::guest 1.30; +use HTML::Entities; + +# called last to allow redefinitions +use pf::web::custom; + +use pf::authentication; +use pf::Authentication::constants; + +=head1 NAME + +captiveportal::PacketFence::Controller::Activate::Email - Catalyst Controller + +=head1 DESCRIPTION + +Catalyst Controller. + +=head1 METHODS + +=cut + +=head2 index + +=cut + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + my $request = $c->request; + my $code = $request->param('code'); + my $logger = $c->log; + if ( defined $code ) { + $c->forward( 'code', [$code] ); + } +} + +sub code : Path : Args(1) { + my ( $self, $c, $code ) = @_; + my $portalSession = $c->portalSession; + my $profile = $c->profile; + my $node_mac; + my $request = $c->request; + my $logger = get_logger; + + # validate code + my $activation_record = pf::email_activation::validate_code($code); + if ( !defined($activation_record) + || ref($activation_record) ne 'HASH' + || !defined( $activation_record->{'type'} ) ) { + + $c->error( + "The activation code provided is invalid." + . " Reasons could be: it never existed, it was already used or has expired." + ); + } + + # if we have a MAC, guest was on-site and we set that MAC in the session + $node_mac = $activation_record->{'mac'}; + if ( defined($node_mac) ) { + $portalSession->guestNodeMac($node_mac); + } + $c->stash( activation_record => $activation_record ); + + # Email activated guests only need to prove their email was valid by clicking on the link. + if ( $activation_record->{'type'} eq $GUEST_ACTIVATION ) { + $c->forward('doEmailRegistration', [$code]); + } + + # + # Sponsor activated guests. We need the sponsor to authenticate before allowing access + # + elsif ( $activation_record->{'type'} eq $SPONSOR_ACTIVATION ) { + $c->forward('doSponsorRegistration', [$code]); + + } else { + + $logger->info( "User has nothing to do here, redirecting to " + . $Config{'trapping'}{'redirecturl'} ); + $c->response->redirect( $Config{'trapping'}{'redirecturl'} ); + } +} + +=head2 login + +TODO: documention + +=cut + +sub login : Private { + my ( $self, $c ) = @_; + $c->stash( + template => $pf::web::guest::SPONSOR_LOGIN_TEMPLATE, + username => encode_entities( $c->request->param("username") ) + ); +} + +=head2 doEmailRegistration + +TODO: documention + +=cut + +sub doEmailRegistration : Private { + my ( $self, $c, $code ) = @_; + my $request = $c->request; + my $logger = get_logger; + my $activation_record = $c->stash->{activation_record}; + my $profile = $c->profile; + my $node_mac = $c->portalSession->guestNodeMac; + my ( $pid, $email ) = @{$activation_record}{ 'pid', 'email' }; + my $auth_params = { + 'username' => $pid, + 'user_email' => $email + }; + + my $email_type = + pf::Authentication::Source::EmailSource->getDefaultOfType; + my $source = $profile->getSourceByType($email_type); + + if ($source) { + + # if we have a MAC, guest was on-site and we need to proceed with registration + if ( defined($node_mac) && valid_mac($node_mac) ) { + + # Setting access timeout and role (category) dynamically + my $expiration = + &pf::authentication::match( $source->{id}, + $auth_params, $Actions::SET_ACCESS_DURATION ); + + if ( defined $expiration ) { + $expiration = POSIX::strftime( "%Y-%m-%d %H:%M:%S", + localtime( time + normalize_time($expiration) ) ); + } else { + $expiration = + &pf::authentication::match( $source->{id}, + $auth_params, $Actions::SET_UNREG_DATE ); + } + + my $category = + &pf::authentication::match( $source->{id}, + $auth_params, $Actions::SET_ROLE ); + + $logger->debug( + "Determined unregdate $expiration and category $category for email $email" + ); + + # change the unregdate of the node associated with the submitted code + # FIXME + node_modify( + $node_mac, + ( 'unregdate' => $expiration, + 'status' => 'reg', + 'category' => $category, + ) + ); + $c->stash( + template => $pf::web::guest::EMAIL_CONFIRMED_TEMPLATE, + expiration => $expiration + ); + $c->detach(); + } else { + + # if we don't have the MAC it means it's a preregister + # guest generate a password and send an email with an + # access code + my %info = ( + 'pid' => $pid, + 'email' => $email, + 'subject' => i18n_format( + "%s: Guest access confirmed!", + $Config{'general'}{'domain'} + ), + 'currentdate' => + POSIX::strftime( "%m/%d/%y %H:%M:%S", localtime ) + ); + + # we create a temporary password using the actions from + # the email authentication source; + my $actions = + &pf::authentication::match( $source->{id}, $auth_params ); + $info{'password'} = + pf::temporary_password::generate( $pid, $actions ); + + # send on-site guest credentials by email + pf::web::guest::send_template_email( + $pf::web::guest::TEMPLATE_EMAIL_EMAIL_PREREGISTRATION_CONFIRMED, + $info{'subject'}, \%info + ); + + $c->stash( + template => $pf::web::guest::EMAIL_PREREG_CONFIRMED_TEMPLATE, + %info + ); + $c->detach; + } + + # code has been consumed, deactivate + pf::email_activation::set_status_verified($code); + } else { + $logger->warn( "No active email source for profile " + . $profile->getName + . ", redirecting to " + . $Config{'trapping'}{'redirecturl'} ); + $c->response->redirect( $Config{'trapping'}{'redirecturl'} ); + } +} + +=head2 doSponsorRegistration + +TODO: documention + +=cut + +sub doSponsorRegistration : Private { + my ( $self, $c, $code ) = @_; + my $logger = get_logger; + my $request = $c->request; + my $activation_record = $c->stash->{activation_record}; + my $portalSession = $c->portalSession; + my $node_mac = $portalSession->guestNodeMac; + my ( $pid, $email ) = @{$activation_record}{ 'pid', 'email' }; + my $auth_params = { + 'username' => $pid, + 'user_email' => $email + }; + + my $profile = $c->profile; + my $sponsor_type = + pf::Authentication::Source::SponsorEmailSource->getDefaultOfType; + my $source = $profile->getSourceByType($sponsor_type); + + if ($source) { + + # if we have a username in session it means user has already authenticated + # so we go ahead and allow the guest in + if ( !defined( $c->session->{"username"} ) ) { + + # User is not logged and didn't provide username or password: show login form + if (!( $request->param("username") && $request->param("password") + ) + ) { + $logger->info( + "Sponsor needs to authenticate in order to activate guest. Guest token: $code" + ); + $c->detach('login'); + } + + # User provided username and password: authenticate + my ( $auth_return, $error ) = + $c->forward( CaptivePortal => 'web_user_authenticate' ); + + if ( $auth_return != $TRUE ) { + $logger->info( "authentication failed for user " + . $request->param("username") ); + $c->stash( txt_auth_error => i18n($error) ) + if defined $error; + $c->detach('login'); + } + } + + # handling log out (not exposed to the UI at this point) + # TODO: if we ever expose it, we'll need to alter the form action to make sure to trim it + # otherwise we'll submit our authentication but with ?action=logout so it'll delete the session right away + if ( defined( $request->param("action") ) + && $request->param("action") eq "logout" ) { + $c->session->{username} = undef; + $c->detach('login'); + } + + # User is authenticated (session username exists OR auth_return == $TRUE above) + $logger->debug( $c->session->{username} + . " successfully authenticated. Activating sponsored guest" ); + + my ( %info, $template ); + + if ( defined($node_mac) ) { + + # If MAC is defined, it's a guest already here that we need to register + my $node_info = node_attributes($node_mac); + $pid = $node_info->{'pid'}; + if ( !defined($node_info) || ref($node_info) ne 'HASH' ) { + + $logger->warn( + "Problem finding more information about a MAC address ($node_mac) to enable guest access" + ); + $self->showError( + "There was a problem trying to find the computer to register. The problem has been logged." + ); + + if ( $node_info->{'status'} eq $pf::node::STATUS_REGISTERED ) + { + + $logger->warn( + "node mac: $node_mac has already been registered."); + $self->showError( + "The device with MAC address %s has already been authorized to your network.", + $node_mac + ); + } + + # register the node + %info = %{$node_info}; + $c->forward( 'CaptivePortal' => 'webNodeRegister', [ $pid, %info ] ); + + # populating variables used to send email + $template = + $pf::web::guest::TEMPLATE_EMAIL_GUEST_ON_REGISTRATION; + $info{'subject'} = i18n_format( + "%s: Guest network access enabled", + $Config{'general'}{'domain'} + ); + } + + elsif ( defined( $activation_record->{'pid'} ) ) { + + # If pid is set in activation record then we are activating a guest who pre-registered + + $pid = $activation_record->{'pid'}; + + # populating variables used to send email + $template = + $pf::web::guest::TEMPLATE_EMAIL_SPONSOR_PREREGISTRATION; + $info{'subject'} = i18n_format( + "%s: Guest access request accepted", + $Config{'general'}{'domain'} + ); + } + + # TO: + $info{'email'} = $pid; + + # username + $info{'pid'} = $pid; + $info{'cc'} = + $Config{'guests_self_registration'}{'sponsorship_cc'}; + + # we create a temporary password using the actions from the sponsor authentication source; + # NOTE: When sponsoring a network access, the new user will be created (in the temporary_password table) using + # the actions of the sponsor authentication source of the portal profile on which the *sponsor* has landed. + my $actions = &pf::authentication::match( $source->{id}, + { username => $pid, user_email => $pid } ); + $info{'password'} = + pf::temporary_password::generate( $pid, $actions ); + + # prepare welcome email for a guest who registered locally + $info{'currentdate'} = + POSIX::strftime( "%m/%d/%y %H:%M:%S", localtime ); + + pf::web::guest::send_template_email( $template, $info{'subject'}, + \%info ); + pf::email_activation::set_status_verified($code); + + # send to a success page + $c->stash( + template => $pf::web::guest::SPONSOR_CONFIRMED_TEMPLATE ); + $c->detach; + } else { + $logger->warn( "No active sponsor source for profile " + . $profile->getName + . ", redirecting to " + . $Config{'trapping'}{'redirecturl'} ); + $c->response->redirect( $Config{'trapping'}{'redirecturl'} ); + } + } +} + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Sms.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Sms.pm new file mode 100644 index 000000000000..d2315dbf2910 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Activate/Sms.pm @@ -0,0 +1,151 @@ +package captiveportal::PacketFence::Controller::Activate::Sms; +use Moose; +use namespace::autoclean; +use Log::Log4perl; +use POSIX; +use URI::Escape qw(uri_escape); + +use pf::config; +use pf::iplog; +use pf::node; +use pf::Portal::Session; +use pf::util; +use pf::violation; +use pf::web; +use pf::web::guest; +use pf::sms_activation; + +# called last to allow redefinitions +use pf::web::custom; + +use pf::authentication; +use pf::Authentication::constants; + +BEGIN { extends 'captiveportal::Base::Controller' } + +=head1 NAME + +captiveportal::PacketFence::Controller::Activate::Sms - Catalyst Controller + +=head1 DESCRIPTION + +Catalyst Controller. + +=head1 METHODS + +=cut + +=head2 index + +=cut + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + my $logger = $c->log; + my $request = $c->request; + my $portalSession = $c->portalSession; + if ( $request->param("pin") ) { + $logger->info("Entering guest authentication by SMS"); + my ( $auth_return, $err ) = $self->sms_validation($c); + if ( $auth_return != 1 ) { + $c->stash( + txt_auth_error => i18n_format( $GUEST::ERRORS{$err} ) ); + $c->detach('showSmsConfirmation'); + } + my $profile = $c->profile; + my %info; + $logger->info("Valid PIN -- Registering user"); + my $pid = $c->session->{"guest_pid"} || "admin"; + my $sms_type = + pf::Authentication::Source::SMSSource->getDefaultOfType(); + my $source = $profile->getSourceByType($sms_type); + my $auth_params = { 'username' => $pid }; + + if ($source) { + + # Setting access timeout and role (category) dynamically + $info{'unregdate'} = + &pf::authentication::match( $source->{id}, $auth_params, + $Actions::SET_ACCESS_DURATION ); + if ( defined $info{'unregdate'} ) { + $info{'unregdate'} = POSIX::strftime( + "%Y-%m-%d %H:%M:%S", + localtime( time + normalize_time( $info{'unregdate'} ) ) + ); + } else { + $info{'unregdate'} = + &pf::authentication::match( $source->{id}, $auth_params, + $Actions::SET_UNREG_DATE ); + } + $info{'category'} = + &pf::authentication::match( $source->{id}, $auth_params, + $Actions::SET_ROLE ); + + $c->forward( 'CaptivePortal' => 'webNodeRegister', [ $pid, %info ] ); + + # clear state that redirects to the Enter PIN page + $c->session->{guest_pid} = undef; + $c->detach( 'CaptivePortal', 'endPortalSession' ); + } else { + $logger->warn( "No active sms source for profile " + . $profile->getName + . ", redirecting to " + . $Config{'trapping'}{'redirecturl'} ); + $c->response->redirect( $Config{'trapping'}{'redirecturl'} ); + } + } elsif ( $request->param("action_confirm") ) { + $c->forward('showSmsConfirmation'); + } else { + $c->detach( 'Authenticate' => 'next_page' ); + } +} + +=head2 showSmsConfirmation + +TODO: documention + +=cut + +sub showSmsConfirmation : Private { + my ( $self, $c ) = @_; + $c->stash( + template => 'guest/sms_confirmation.html', + post_uri => '/activate/sms', + ); + $c->detach; +} + +sub sms_validation { + my ( $self, $c ) = @_; + my $logger = Log::Log4perl::get_logger(__PACKAGE__); + + # no form was submitted, assume first time + my $pin = $c->request->param("pin"); + if ($pin) { + $c->log->info("Mobile phone number validation attempt"); + if ( validate_code($pin) ) { + return ( $TRUE, 0 ); + } else { + return ( $FALSE, $GUEST::ERROR_INVALID_PIN ); + } + } else { + + # this won't display an error + return ( $FALSE, 0 ); + } +} + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Aup.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Aup.pm new file mode 100644 index 000000000000..4039a11466af --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Aup.pm @@ -0,0 +1,41 @@ +package captiveportal::PacketFence::Controller::Aup; +use Moose; +use namespace::autoclean; + +BEGIN { extends 'Catalyst::Controller'; } + +=head1 NAME + +captiveportal::PacketFence::Controller::Aup - Catalyst Controller + +=head1 DESCRIPTION + +Catalyst Controller. + +=head1 METHODS + +=cut + +=head2 index + +=cut + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + $c->stash->{template} = 'aup.html'; +} + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm new file mode 100644 index 000000000000..9241099b9ef3 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Authenticate.pm @@ -0,0 +1,328 @@ +package captiveportal::PacketFence::Controller::Authenticate; + +use Moose; +use namespace::autoclean; +use pf::config; +use pf::web qw(i18n); +use pf::node; +use pf::util; +use pf::locationlog; +use pf::authentication; +use HTML::Entities; +use List::MoreUtils qw(any); +use pf::config; + +BEGIN { extends 'captiveportal::Base::Controller'; } + +=head1 NAME + +captiveportal::PacketFence::Controller::Authenticate - Catalyst Controller + +=head1 DESCRIPTION + +Catalyst Controller. + +=cut + +__PACKAGE__->config( + { action_args => { + index => { + valid_modes => { + aup => 'aup', + status => 'status', + release => 'release', + next_page => 'next_page', + deregister => 'deregister', + } + } + } + } +); + +=head1 METHODS + +=head2 begin + +=cut + +sub begin : Private { + my ( $self, $c ) = @_; + $c->forward(CaptivePortal => 'validateMac'); +} + +=head2 index + +=cut + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + my $mode = $c->request->param('mode'); + if ( defined $mode ) { + my $path = $self->modeToPath( $c, $mode ); + $c->go($path); + } else { + $c->detach('login'); + } +} + +sub modeToPath { + my ( $self, $c, $mode ) = @_; + my $action = $c->action; + my $path = 'default'; + if ( exists $action->{valid_modes}{$mode} ) { + $path = $action->{valid_modes}{$mode}; + } + return $path; +} + +sub default : Path { + my ( $self, $c ) = @_; + $c->error("error: incorrect mode"); +} + +sub next_page : Local : Args(0) { + my ( $self, $c ) = @_; + my $pagenumber = $c->request->param('page'); + + $pagenumber = 1 if ( !defined($pagenumber) ); + + if ( ( $pagenumber >= 1 ) + && ( $pagenumber <= $Config{'registration'}{'nbregpages'} ) ) { + + $c->stash( reg_page_content_file => "register_$pagenumber.html", ); + + # generate list of locales + my $authorized_locale_txt = $Config{'general'}{'locale'}; + my @authorized_locale_array = split( /,/, $authorized_locale_txt ); + my @locales; + if ( scalar(@authorized_locale_array) == 1 ) { + push @locales, + { name => 'locale', value => $authorized_locale_array[0] }; + } else { + foreach my $authorized_locale (@authorized_locale_array) { + push @locales, + { name => 'locale', value => $authorized_locale }; + } + } + $c->stash->{'list_locales'} = \@locales; + + if ( $pagenumber == $Config{'registration'}{'nbregpages'} ) { + $c->stash->{'button_text'} = + $Config{'registration'}{'button_text'}; + $c->stash->{'form_action'} = '/authenticate'; + } else { + $c->stash->{'button_text'} = "Next page"; + $c->stash->{'form_action'} = + '/authenticate?mode=next_page&page=' . ( int($pagenumber) + 1 ); + } + + $c->stash->{template} = 'register.html'; + } else { + $c->error( "error: invalid page number" ); + } +} + +sub deregister : Local : Args(0) { + my ( $self, $c ) = @_; + $c->forward('authenticationLogin'); + unless ( $c->has_errors ) { + my $portalSession = $c->portalSession; + my $mac = $portalSession->clientMac; + my $node_info = node_view($mac); + my $pid = $node_info->{'pid'}; + if ( $c->session->{username} eq $pid ) { + pf::node::node_deregister($mac); + } else { + $c->error( "error: access denied not owner" ); + } + } else { + $c->forward('login'); + } +} + +sub authenticateUser { + my ( $self, $portalSession ) = @_; +} + +sub aup : Local : Args(0) { + my ( $self, $c ) = @_; + $c->detach( 'Aup', 'index' ); +} + +sub status : Local : Args(0) { + my ( $self, $c ) = @_; + $c->detach( 'Status', 'index' ); +} + +sub login : Local : Args(0) { + my ( $self, $c ) = @_; + if ( $c->request->method eq 'POST' ) { + + # External authentication + $c->forward('validateLogin'); + $c->forward('authenticationLogin'); + $c->forward('postAuthentication'); + $c->forward( 'CaptivePortal' => 'webNodeRegister', [$c->stash->{info}->{pid}, %{$c->stash->{info}}] ); + $c->forward( 'CaptivePortal' => 'endPortalSession' ); + } + + # Return login + $c->forward('showLogin'); + +} + +=head2 postAuthentication + +TODO: documention + +=cut + +sub postAuthentication : Private { + my ( $self, $c ) = @_; + my $logger = $c->log; + $c->detach('showLogin') if $c->has_errors; + my $portalSession = $c->portalSession; + my $session = $c->session; + my $info = $c->stash->{info} || {}; + my $source_id = $session->{source_id}; + my $pid = $session->{"username"}; + $pid = $default_pid if _no_username($c->profile); + $info->{pid} = $pid; + my $params = { username => $pid }; + my $mac = $portalSession->clientMac; + + # TODO : add current_time and computer_name + my $locationlog_entry = locationlog_view_open_mac($mac); + if ($locationlog_entry) { + $params->{connection_type} = $locationlog_entry->{'connection_type'}; + $params->{SSID} = $locationlog_entry->{'ssid'}; + } + + # obtain node information provided by authentication module. We need to get the role (category here) + # as web_node_register() might not work if we've reached the limit + my $value = + &pf::authentication::match( $source_id, $params, $Actions::SET_ROLE ); + + $logger->trace("Got role '$value' for username $pid"); + + # This appends the hashes to one another. values returned by authenticator wins on key collision + if ( defined $value ) { + $info->{category} = $value; + } + + # If an access duration is defined, use it to compute the unregistration date; + # otherwise, use the unregdate when defined. + $value = + &pf::authentication::match( $source_id, $params, + $Actions::SET_ACCESS_DURATION ); + if ( defined $value ) { + $value = POSIX::strftime( "%Y-%m-%d %H:%M:%S", + localtime( time + normalize_time($value) ) ); + $logger->trace("Computed unrege date from access duration: $value"); + } else { + $value = + &pf::authentication::match( $source_id, $params, + $Actions::SET_UNREG_DATE ); + } + if ( defined $value ) { + $logger->trace("Got unregdate $value for username $pid"); + $info->{unregdate} = $value; + } + $c->stash->{info} = $info; +} + +sub validateLogin : Private { + my ( $self, $c ) = @_; + my $logger = $c->log; + my $profile = $c->profile; + $logger->debug("form validation attempt"); + + my $request = $c->request; + my $no_password_needed = + any { $_ eq 'null' } @{ $profile->getGuestModes }; + my $no_username_needed = _no_username($profile); + + if ( ( $request->param("username") || $no_username_needed ) + && ( $request->param("password") || $no_password_needed ) ) { + + # acceptable use pocliy accepted? + my $aup_signed = $request->param("aup_signed"); + if ( !defined($aup_signed) + || !$aup_signed ) { + $c->error('You need to accept the terms before proceeding any further.'); + $c->detach('showLogin'); + } + } else { + $c->detach('showLogin'); + } +} + +sub authenticationLogin : Private { + my ( $self, $c ) = @_; + my $logger = $c->log; + my $session = $c->session; + my $request = $c->request; + my $profile = $c->profile; + $logger->trace("authentication attempt"); + + my @sources = + ( $profile->getInternalSources, $profile->getExclusiveSources ); + my $username = $request->param("username"); + my $password = $request->param("password"); + + # validate login and password + my ( $return, $message, $source_id ) = + pf::authentication::authenticate( $username, $password, @sources ); + + if ( defined($return) && $return == 1 ) { + # save login into session + $c->session->{"username"} = $request->param("username"); + $c->session->{source_id} = $source_id; + } else { + $c->error($message); + } +} + +sub _no_username { + my ($profile) = @_; + return any { $_->type eq 'Null' && isdisabled( $_->email_required ) } $profile->getSourcesAsObjects; +} + +sub showLogin : Private { + my ( $self, $c ) = @_; + my $profile = $c->profile; + my $guestModes = $profile->getGuestModes; + my $guest_allowed = + any { is_in_list( $_, $guestModes ) } $SELFREG_MODE_EMAIL, + $SELFREG_MODE_SMS, $SELFREG_MODE_SPONSOR; + my $request = $c->request; + if ( $c->has_errors ) { + $c->stash->{txt_auth_error} = join(' ', grep { ref ($_) eq '' } @{$c->error}); + $c->clear_errors; + } + $c->stash( + template => 'login.html', + username => encode_entities( $request->param("username") ), + null_source => is_in_list( $SELFREG_MODE_NULL, $guestModes ), + oauth2_github => is_in_list( $SELFREG_MODE_GITHUB, $guestModes ), + oauth2_google => is_in_list( $SELFREG_MODE_GOOGLE, $guestModes ), + no_username => _no_username($profile), + oauth2_facebook => is_in_list( $SELFREG_MODE_FACEBOOK, $guestModes ), + guest_allowed => $guest_allowed, + ); +} + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm new file mode 100644 index 000000000000..f912cdd97a8b --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/CaptivePortal.pm @@ -0,0 +1,561 @@ +package captiveportal::PacketFence::Controller::CaptivePortal; +use Moose; +use namespace::autoclean; +use pf::web::constants; +use URI::Escape qw(uri_escape uri_unescape); +use HTML::Entities; +use pf::enforcement qw(reevaluate_access); +use pf::config; +use pf::log; +use pf::util; +use pf::Portal::Session; +use Apache2::Const -compile => qw(OK DECLINED HTTP_MOVED_TEMPORARILY); +use pf::web; +use pf::node; +use pf::useragent; +use pf::violation; +use pf::class; +use Cache::FileCache; +use pf::sms_activation; +use pf::os; +use List::MoreUtils qw(any); + +BEGIN { extends 'captiveportal::Base::Controller'; } + +# +# Sets the actions in this controller to be registered with no prefix +# so they function identically to actions created in MyApp.pm +# +__PACKAGE__->config( namespace => 'captive-portal' ); + +our $USERAGENT_CACHE = + new Cache::FileCache( { 'namespace' => 'CaptivePortal_UserAgents' } ); + +our $LOST_DEVICES_CACHE = + new Cache::FileCache( { 'namespace' => 'CaptivePortal_LostDevices' } ); + +=head1 NAME + +captiveportal::PacketFence::Controller::CaptivePortal - CaptivePortal Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=head1 METHODS + +=head2 index + +index + +=cut + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + $c->forward('validateMac'); + $c->forward('nodeRecordUserAgent'); + $c->forward('checkForProvisioningSupport'); + $c->forward('checkForViolation'); + $c->forward('checkIfNeedsToRegister'); + $c->forward('checkIfPending'); + $c->forward('unknownState'); +} + +=head2 validateMac + +Validate the mac address of the current portal user + +=cut + +sub validateMac : Private { + my ( $self, $c ) = @_; + my $portalSession = $c->portalSession; + my $mac = $portalSession->clientMac; + $c->log->info("mac : $mac"); + if ( !valid_mac($mac) ) { + $self->showError( $c, "error: not found in the database" ); + $c->detach; + } +} + +=head2 nodeRecordUserAgent + +Records the user agent information + +=cut + +sub nodeRecordUserAgent : Private { + my ( $self, $c ) = @_; + my $user_agent = $c->request->user_agent; + my $logger = get_logger; + my $portalSession = $c->portalSession; + my $mac = $portalSession->clientMac; + unless ($user_agent) { + $logger->warn("$mac has no user agent"); + return; + } + + # caching useragents, if it's the same don't bother triggering violations + my $cached_useragent = $USERAGENT_CACHE->get($mac); + + # Cache hit + return + if ( defined($cached_useragent) && $user_agent eq $cached_useragent ); + + # Caching and updating node's info + $logger->trace("adding $mac user-agent to cache"); + $USERAGENT_CACHE->set( $mac, $user_agent, "5 minutes" ); + + # Recording useragent + $logger->info( + "Updating node $mac user_agent with useragent: '$user_agent'"); + node_modify( $mac, ( 'user_agent' => $user_agent ) ); + + # updates the node_useragent information and fires relevant violations triggers + return pf::useragent::process_useragent( $mac, $user_agent ); +} + +=head2 checkForProvisioningSupport + +checks if provisioning is supported support + +=cut + +sub checkForProvisioningSupport : Private { + my ( $self, $c ) = @_; + if (isenabled($Config{'provisioning'}{'autoconfig'})) { + return ( $c->forward('supportsMobileConfigProvisioning') || + $c->forward('supportsAndroidConfigProvisioning') ); + } + return 0; +} + +=head2 supportsMobileConfigProvisioning + +TODO: documention + +=cut + +sub supportsMobileConfigProvisioning : Private { + my ( $self, $c ) = @_; + if($self->matchAnyOses($c,'Apple iPod, iPhone or iPad')) { + $c->user_cache->set("mac:" . $c->portalSession->clientMac . ":do_not_deauth" ,1); + return 1; + } + return 0; +} + +=head2 supportsAndroidConfigProvisioning + +TODO: documention + +=cut + +sub supportsAndroidConfigProvisioning : Private { + my ( $self, $c ) = @_; + if($self->matchAnyOses($c,'Android')) { + $c->user_cache->set("mac:" . $c->portalSession->clientMac . ":do_not_deauth" ,1); + return 1; + } + return 0; +} + +sub matchAnyOses { + my ($self, $c, @toMatch) = @_; + my $node_attributes = node_attributes( $c->portalSession->clientMac ); + my @fingerprint = + dhcp_fingerprint_view( $node_attributes->{'dhcp_fingerprint'} ); + my $os = $fingerprint[0]->{'os'}; + return $FALSE unless defined $os; + return $FALSE unless any { $os =~ $_ } @toMatch; + my $config_category = $Config{'provisioning'}{'category'}; + my $node_cat = $node_attributes->{'category'}; + + # validating that the node is under the proper category for mobile config provioning + return $TRUE if ( $config_category eq 'any' || (defined($node_cat) && $node_cat eq $config_category)); + return $FALSE; +} + + +=head2 checkForViolation + +TODO: documention + +=cut + +sub checkForViolation : Private { + my ( $self, $c ) = @_; + my $portalSession = $c->portalSession; + my $mac = $portalSession->clientMac; + my $logger = $c->log; + my $violation = violation_view_top($mac); + if ($violation) { + + $c->stash->{'user_agent'} = $c->request->user_agent; + my $request = $c->req; + + # There is a violation, redirect the user + # FIXME: there is not enough validation below + my $vid = $violation->{'vid'}; + my $SCAN_VID = 12003; + + # detect if a system scan is in progress, if so redirect to scan in progress page + if ( $vid == $SCAN_VID + && $violation->{'ticket_ref'} + =~ /^Scan in progress, started at: (.*)$/ ) { + $logger->info( + "captive portal redirect to the scan in progress page"); + $c->detach( 'scan_status', [$1] ); + } + my $class = class_view($vid); + my $template = $class->{'template'}; + $logger->info( + "captive portal redirect on violation vid: $vid, redirect template: $template" + ); + + # The little redirect dance here is controlled by frames which are inherently alterable by the user + # TODO: We need to validate that a user cannot request a frame with the enable button activated + + # enable button + if ( $request->param("enable_menu") ) { + $logger->debug( + "violation redirect: generating enable button frame (enable_menu = 1)" + ); + $c->detach( 'Enabler', 'index' ); + } elsif ( $class->{'auto_enable'} eq 'Y' ) { + $logger->debug( + "violation redirect: showing violation remediation page inside a frame" + ); + $c->detach( 'Redirect', 'index' ); + } + $logger->debug( + "violation redirect: showing violation remediation page directly since there is no enable button" + ); + + # Retrieve violation template name + + my $subTemplate = $self->getSubTemplate( $c, $class->{'template'} ); + $logger->info("Showing the $subTemplate remediation page."); + my $node_info = node_view($mac); + $c->stash( + 'template' => 'remediation.html', + 'sub_template' => $subTemplate, + map { $_ => $node_info->{$_} } + qw(dhcp_fingerprint last_switch last_port + last_vlan last_connection_type last_ssid username) + ); + $c->detach; + } +} + + +=head2 checkIfNeedsToRegister + +TODO: documention + +=cut + +sub checkIfNeedsToRegister : Private { + my ($self, $c) = @_; + my $request = $c->request; + my $unreg; + my $portalSession = $c->portalSession; + my $mac = $portalSession->clientMac; + my $logger = $c->log; + if ($request->param('unreg')) { + $c->log->info("Unregister node $mac"); + $unreg = node_deregister($mac); # set node status to 'unreg' + } else { + $unreg = node_unregistered($mac); # check if node status is 'unreg' + } + $c->stash(unreg => $unreg,); + if ($unreg && isenabled($Config{'trapping'}{'registration'})) { + + # Redirect to the billing engine if enabled + if (isenabled($portalSession->profile->getBillingEngine)) { + $logger->info("$mac redirected to billing page"); + $c->detach('Pay' => 'index'); + } elsif ($portalSession->profile->guestRegistrationOnly) { + + # Redirect to the guests self registration page if configured to do so + $logger->info("$mac redirected to guests self registration page"); + $c->detach('Signup' => 'index'); + } elsif ($Config{'registration'}{'nbregpages'} == 0) { + $logger->info("$mac redirected to authentication page"); + $c->detach('Authenticate', 'index'); + } else { + $logger->info( + "$mac redirected to multi-page registration process"); + $c->detach('Authenticate', 'next_page'); + } + } + return; +} + +=head2 checkIfPending + +Check if node is the pending state + +=cut + +sub checkIfPending : Private { + my ( $self, $c ) = @_; + my $portalSession = $c->portalSession; + my $profile = $c->profile; + my $mac = $portalSession->clientMac; + my $node_info = node_view($mac); + my $request = $c->request; + if ( $node_info && $node_info->{'status'} eq $pf::node::STATUS_PENDING ) { + if ( pf::sms_activation::sms_activation_has_entry($mac) ) { + node_deregister($mac); + $c->stash( + template => 'guest/sms_confirmation.html', + post_uri => '/activate/sms' + ); + } elsif ( $request->secure ) { + + # we drop HTTPS for pending so we can perform our Internet detection and avoid all sort of certificate errors + print $c->response->redirect( "http://" + . $Config{'general'}{'hostname'} . "." + . $Config{'general'}{'domain'} + . '/captive-portal?destination_url=' + . uri_escape( $portalSession->getDestinationUrl ) ); + } else { + $c->stash( + template => 'pending.html', + retry_delay => + $CAPTIVE_PORTAL{'NET_DETECT_PENDING_RETRY_DELAY'}, + external_ip => + $Config{'captive_portal'}{'network_detection_ip'}, + redirect_url => $Config{'trapping'}{'redirecturl'}, + initial_delay => + $CAPTIVE_PORTAL{'NET_DETECT_PENDING_INITIAL_DELAY'}, + ); + + # override destination_url if we enabled the always_use_redirecturl option + if ( isenabled( $Config{'trapping'}{'always_use_redirecturl'} ) ) + { + $c->stash->{'destination_url'} = + $Config{'trapping'}{'redirecturl'}; + } + + } + $c->detach; + } +} + +=head2 unknownState + +NODES IN AN UKNOWN STATE +aka you shouldn't be here but if you are we need to handle you. + +Here we are using a cache to prevent malicious or accidental DoS of the captive portal +through too many access reevaluation requests (since this is rather expensive especially in VLAN mode) + +=cut + +sub unknownState : Private { + my ( $self, $c ) = @_; + my $mac = $c->portalSession->clientMac; + my $cached_lost_device = $LOST_DEVICES_CACHE->get($mac); + + # After 5 requests we won't perform re-eval for 5 minutes + if ( !defined($cached_lost_device) || $cached_lost_device <= 5 ) { + + # set the cache, incrementing before on purpose (otherwise it's not hitting the cache) + $LOST_DEVICES_CACHE->set( $mac, ++$cached_lost_device, "5 minutes"); + + $c->log->info( + "MAC $mac shouldn't reach here. Calling access re-evaluation. " . + "Make sure your network device configuration is correct." + ); + pf::enforcement::reevaluate_access( $mac, 'redir.cgi', (force => $TRUE) ); + } + $self->showError( $c, "Your network should be enabled within a minute or two. If it is not reboot your computer."); +} + + +sub endPortalSession : Private { + my ( $self, $c ) = @_; + my $logger = get_logger; + my $portalSession = $c->portalSession; + + # First blast at handling portalSession object + my $mac = $portalSession->clientMac(); + my $destination_url = $c->stash->{destination_url}; + + # violation handling + my $count = violation_count($mac); + if ( $count != 0 ) { + print $c->response->redirect( '/captive-portal?destination_url=' + . uri_escape($destination_url) ); + $logger->info("more violations yet to come for $mac"); + } + + # handle mobile provisioning if relevant + $c->forward('provisioning') if ( $c->forward('checkForProvisioningSupport') ); + + # we drop HTTPS so we can perform our Internet detection and avoid all sort of certificate errors + if ( $c->request->secure ) { + $c->response->redirect( "http://" + . $Config{'general'}{'hostname'} . "." + . $Config{'general'}{'domain'} + . '/access?destination_url=' + . uri_escape($destination_url) ); + } + + $c->forward( 'Release' => 'index' ); +} + +=head2 provisioning + +=cut + +sub provisioning : Private { + my ( $self, $c ) = @_; + if($c->forward('supportsMobileConfigProvisioning') ) { + $c->detach('release_with_xmlconfig'); + } elsif( $c->forward('supportsAndroidConfigProvisioning') ) { + $c->detach('release_with_android'); + } +} + +sub release_with_xmlconfig : Private { + my ( $self, $c ) = @_; + $c->stash( template => 'release_with_xmlconfig.html'); +} + +sub release_with_android : Private { + my ( $self, $c ) = @_; + $c->stash( template => 'release_with_android.html'); +} + +=head2 proxy_redirect + +Mod_proxy redirect + +=cut + +sub proxy_redirect { + my ( $r, $url ) = @_; + my $logger = get_logger; + $r->set_handlers( PerlResponseHandler => [] ); + $r->filename( "proxy:" . $url ); + $r->proxyreq(2); + $r->handler('proxy-server'); + return Apache2::Const::OK; +} + +sub getSubTemplate { + my ( $self, $c, $template ) = @_; + my $portalSession = $c->portalSession; + return "violations/$template.html"; +# my $langs = $portalSession->getRequestLanguages(); + my $langs = []; + my $paths = $portalSession->templateIncludePath(); + my @subTemplates = + map { "violations/$template" . ( $_ ? ".$_" : "" ) . ".html" } @$langs, + ''; + return first { -f $_ } map { + my $path = $_; + map {"$path/$_"} @subTemplates + } @$paths; +} + +=head2 webNodeRegister + +This sub is meant to be redefined by pf::web::custom to fit your specific needs. +See F for examples. + +=cut + +sub webNodeRegister : Private { + my ($self, $c, $pid, %info ) = @_; + my $logger = Log::Log4perl::get_logger(__PACKAGE__); + my $portalSession = $c->portalSession; + + # FIXME quick and hackish fix for #1505. A proper, more intrusive, API changing, fix should hit devel. + my $mac; + if ( defined( $portalSession->guestNodeMac ) ) { + $mac = $portalSession->guestNodeMac; + } else { + $mac = $portalSession->clientMac; + } + + if ( is_max_reg_nodes_reached( $mac, $pid, $info{'category'} ) ) { + $c->detach('maxRegNodesReached'); + } + node_register( $mac, $pid, %info ); + + unless ( $c->user_cache->get("mac:$mac:do_not_deauth") ) { + reevaluate_access( $mac, 'manage_register' ); + } + + # we are good, push the registration +} + + + +=head2 maxRegNodesReached + +TODO: documention + +=cut + +sub maxRegNodesReached : Private { + my ( $self, $c ) = @_; + $self->showError($c, "You have reached the maximum number of devices you are able to register with this username."); +} + + + +sub web_user_authenticate : Private { + my ( $self, $c ) = @_; + my $profile = $c->profile; + my $request = $c->request; + my $logger = get_logger; + $logger->trace("authentication attempt"); + + my @sources = ($profile->getInternalSources, $profile->getExclusiveSources); + my $username = $request->param("username"); + my $password = $request->param("password"); + + # validate login and password + my ($return, $message, $source_id) = pf::authentication::authenticate($username, $password, @sources); + + if (defined($return) && $return == 1) { + # save login into session + $c->session->{"username"} = $username; + } + return ($return, $message, $source_id); +} + + +=head2 default + +Standard 404 error page + +=cut + +sub default : Path { + my ( $self, $c ) = @_; + $c->response->body('Page not found'); + $c->response->status(404); +} + +sub error : Private { } + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/DeviceRegistration.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/DeviceRegistration.pm new file mode 100644 index 000000000000..8236e4efead7 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/DeviceRegistration.pm @@ -0,0 +1,176 @@ +package captiveportal::PacketFence::Controller::DeviceRegistration;; +use Moose; +use namespace::autoclean; +use pf::config; +use pf::log; +use pf::node; +use pf::util; +use pf::web; +use pf::web::device_registration; + +BEGIN { extends 'captiveportal::Base::Controller'; } + +__PACKAGE__->config( namespace => 'device-registration' ); + +=head1 NAME + +captiveportal::PacketFence::Controller::DeviceRegistration - Catalyst Controller + +=head1 DESCRIPTION + +Catalyst Controller. + +=head1 METHODS + +=cut + +sub begin : Private { + my ( $self, $c ) = @_; + if (isdisabled( $Config{'registration'}{'device_registration'} ) ) + { + $c->error( "Device registration module is not enabled" ); + $c->detach; + } + $c->stash->{console_types} = @pf::web::device_registration::DEVICE_TYPES; +} + +=head2 index + +=cut + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + my $logger = get_logger; + my $pid = $c->session->{"username"}; + my $request = $c->request; + + # See if user is trying to login and if is not already authenticated + if ( ( !$pid ) ) { + # Verify if user is authenticated + $c->forward('userNotLoggedIn'); + } elsif ( $request->param('cancel') ) { + $c->error('Registration canceled. Please try again.'); + $c->delete_session; + $c->detach('login'); + } elsif ( $request->param('device_mac') ) { + # User is authenticated and requesting to register a device + my $device_mac = clean_mac($request->param('device_mac')); + if(valid_mac($device_mac)) { + # Register device + $c->forward('registerNode', [ $pid, $device_mac ]); + unless ($c->has_errors) { + $c->stash(status_msg => i18n_format("The MAC address %s has been successfully registered.", $device_mac)); + $c->detach('landing'); + } + } else { + $c->stash(txt_auth_error => "Please verify the provided MAC address."); + } + } + # User is authenticated so display registration page + $c->stash(template => 'device-registration.html'); +} + +=head2 gaming_registration + +Backwards compatability + +/gaming-registration + +=cut + +sub gaming_registration: Local('gaming-registration') { + my ( $self, $c ) = @_; + $c->forward('index'); +} + + +=head2 userNotLoggedIn + +TODO: documention + +=cut + +sub userNotLoggedIn : Private { + my ($self, $c) = @_; + my $request = $c->request; + my $username = $request->param('username'); + my $password = $request->param('password'); + if ( all_defined( $username, $password ) ) { + $c->forward(Authenticate => 'authenticationLogin'); + if ($c->has_errors) { + $c->detach('login'); + } + } else { + $c->detach('login'); + } +} + +=head2 login + +Display the device registration login + +=cut + +sub login : Local : Args(0) { + my ( $self, $c ) = @_; + if ( $c->has_errors ) { + $c->stash->{txt_auth_error} = join(' ', grep { ref ($_) eq '' } @{$c->error}); + $c->clear_errors; + } + $c->stash( template => 'device-registration-login.html' ); +} + +sub landing : Local : Args(0) { + my ( $self, $c ) = @_; + $c->stash( template => 'device-registration-landing.html' ); +} + +sub registerNode : Private { + my ( $self, $c, $pid, $mac ) = @_; + my $logger = $c->log; + if ( pf::web::device_registration::is_allowed($mac) ) { + my ($node) = node_view($mac); + if( $node && $node->{status} ne $pf::node::STATUS_UNREGISTERED ) { + $c->error("$mac is already registered or pending to be registered. Please verify MAC address if correct contact your network administrator"); + } else { + my %info; + $c->stash->{device_mac} = $mac; + # Get role for device registration + my $role = + $Config{'registration'}{'device_registration_role'}; + if ($role) { + $logger->trace("Device registration role is $role (from pf.conf)"); + } else { + # Use role of user + $role = &pf::authentication::match( + &pf::authentication::getInternalAuthenticationSources(), + { username => $pid }, + $Actions::SET_ROLE + ); + $logger->trace( + "Gaming devices role is $role (from username $pid)"); + } + $info{'category'} = $role if ( defined $role ); + $info{'auto_registered'} = 1; + $info{'mac'} = $mac; + $c->forward( 'CaptivePortal' => 'webNodeRegister', [ $pid, %info ] ); + } + } else { + $c->error("Please verify the provided MAC address."); + } +} + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Enabler.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Enabler.pm new file mode 100644 index 000000000000..cbb4da50acc4 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Enabler.pm @@ -0,0 +1,64 @@ +package captiveportal::PacketFence::Controller::Enabler; +use Moose; +use namespace::autoclean; +use pf::violation; +use pf::class; + +BEGIN { extends 'captiveportal::Base::Controller'; } + +=head1 NAME + +captiveportal::PacketFence::Controller::Enabler - Catalyst Controller + +=head1 DESCRIPTION + +Catalyst Controller. + +=head1 METHODS + +=cut + +=head2 index + +=cut + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + my $portalSession = $c->portalSession; + my $mac = $portalSession->clientMac; + + $c->stash->{'user_agent'} = $c->request->user_agent; + + # check for open violations + my $violation = violation_view_top($mac); + + if ($violation) { + + # There is a violation, redirect the user + # FIXME: there is not enough validation below + my $vid = $violation->{'vid'}; + my $class = class_view($vid); + $c->stash( + violation_id => $vid, + enable_text => $class->{button_text}, + template => 'enabler.html', + ); + } else { + $self->showError( $c, "error: not found in the database" ); + } +} + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Node/Manager.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Node/Manager.pm new file mode 100644 index 000000000000..b7338b7c1cfe --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Node/Manager.pm @@ -0,0 +1,57 @@ +package captiveportal::PacketFence::Controller::Node::Manager; +use Moose; +use namespace::autoclean; +use pf::node; + +BEGIN {extends 'captiveportal::Base::Controller'; } + +=head1 NAME + +captiveportal::PacketFence::Controller::Node::Manager - Catalyst Controller + +=head1 DESCRIPTION + +Catalyst Controller. + +=head1 METHODS + +=cut + + +=head2 index + +=cut + +sub unreg :Local :Args(1) { + my ( $self, $c, $mac ) = @_; + my $username = $c->session->{username}; + my $node = node_view($mac); + if($username && $mac) { + if($username eq $node->{pid}) { + node_unregistered($c); + $c->response->redirect("/status"); + $c->detach; + } else { + $self->showError($c,"Not allowed to deregister $mac"); + } + + } else { + $self->showError($c,"Not logged in or node ID $mac is not known"); + } +} + + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm new file mode 100644 index 000000000000..5400f778e0f8 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Oauth2.pm @@ -0,0 +1,232 @@ +package captiveportal::PacketFence::Controller::Oauth2; +use Moose; +use namespace::autoclean; +use pf::config; +use Net::OAuth2::Client; + +BEGIN { extends 'captiveportal::Base::Controller'; } + +=head1 NAME + +captiveportal::PacketFence::Controller::Oauth2 - Catalyst Controller + +=head1 DESCRIPTION + +Catalyst Controller. + + + +=head1 METHODS + +=cut + +our %VALID_OAUTH_PROVIDERS = ( + google => undef, + facebook => undef, + github => undef, +); + +=head2 auth_provider + +/oauth2/auth/:provider + +=cut + +sub auth_provider : Local('auth'): Args(1) { + my ( $self, $c, $provider ) = @_; + $c->response->redirect($self->oauth2_client($c,$provider)->authorize); +} + +=head2 auth + +/oauth2/auth + +=cut + +sub auth : Local: Args(0) { + my ( $self, $c ) = @_; + my $provider = $c->request->query_params->{'provider'}; + $c->forward('auth_provider',[$provider]); +} + +=head2 index + +/oauth2/auth + +=cut + +sub index :Path : Args(0) { + my ( $self, $c ) = @_; + my $provider = $c->request->query_params->{'request'}; + $c->forward('oauth2Result',[$provider]); +} + +=head2 oauth2_client + +=cut + +sub oauth2_client { + my ($self,$c,$provider) = @_; + my $logger = $c->log; + my $portalSession = $c->portalSession; + my $type; + if (lc($provider) eq 'facebook') { + $type = pf::Authentication::Source::FacebookSource->meta->get_attribute('type')->default; + } elsif (lc($provider) eq 'github') { + $type = pf::Authentication::Source::GithubSource->meta->get_attribute('type')->default; + } elsif (lc($provider) eq 'google') { + $type = pf::Authentication::Source::GoogleSource->meta->get_attribute('type')->default; + } + if ($type) { + my $source = $portalSession->profile->getSourceByType($type); + if ($source) { + return Net::OAuth2::Profile::WebServer->new( + client_id => $source->{'client_id'}, + client_secret => $source->{'client_secret'}, + site => $source->{'site'}, + authorize_path => $source->{'authorize_path'}, + access_token_path => $source->{'access_token_path'}, + access_token_method => $source->{'access_token_method'}, + #access_token_param => $source->{'access_token_param'}, + scope => $source->{'scope'}, + redirect_uri => $source->{'redirect_url'} + ); + } + else { + $logger->error(sprintf("No source of type '%s' defined for profile '%s'", $type, $portalSession->profile->getName)); + } + } + $self->showError($c,"OAuth2 Error: Error loading provider"); +} + +=head2 oauth2Result + +/oauth2/:provider + +Handles the oauth request coming from the providers + +=cut + +sub oauth2Result : Path : Args(1) { + my ($self, $c, $provider) = @_; + my $logger = $c->log; + my $portalSession = $c->portalSession; + my $profile = $portalSession->profile; + my $request = $c->request; + my %info; + my $pid; + + # Pull username + $info{'pid'} = "admin"; + + # Pull browser user-agent string + $info{'user_agent'} = $request->user_agent; + + my $code = $request->query_params->{'code'}; + + $logger->debug("API CODE: $code"); + + #Get the token + my $token; + + eval { + $token = $self->oauth2_client($c,$provider)->get_access_token($code); + }; + + if ($@) { + $logger->warn( + "OAuth2: failed to receive the token from the provider: $@"); + $c->stash->{txt_auth_error} = "OAuth2 Error: Failed to get the token"; + $c->detach(Authenticate => 'showLogin'); + } + + my $response; + + my $type; + + # Validate the token + if (lc($provider) eq 'facebook') { + $type = + pf::Authentication::Source::FacebookSource->meta->get_attribute( + 'type')->default; + } elsif (lc($provider) eq 'github') { + $type = pf::Authentication::Source::GithubSource->meta->get_attribute( + 'type')->default; + } elsif (lc($provider) eq 'google') { + $type = pf::Authentication::Source::GoogleSource->meta->get_attribute( + 'type')->default; + } + my $source = $profile->getSourceByType($type); + if ($source) { + $response = $token->get($source->{'protected_resource_url'}); + if ($response->is_success) { + + # Grab JSON content + my $json = new JSON; + my $json_text = $json->decode($response->content()); + if ($provider eq 'google' || $provider eq 'github') { + $logger->info( + "OAuth2 successfull, register and release for email $json_text->{email}" + ); + $pid = $json_text->{email}; + } elsif ($provider eq 'facebook') { + $logger->info( + "OAuth2 successfull, register and release for username $json_text->{username}" + ); + $pid = $json_text->{username} . '@facebook.com'; + } + } else { + $logger->info( + "OAuth2: failed to validate the token, redireting to login page" + ); + $c->stash->{txt_auth_error} = i18n("OAuth2 Error: Failed to validate the token, please retry"); + $c->detach(Authentication => 'showLogin'); + } + + # Setting access timeout and role (category) dynamically + $info{'unregdate'} = + &pf::authentication::match( $source->{id}, { username => $pid }, + $Actions::SET_ACCESS_DURATION ); + + if ( defined $info{'unregdate'} ) { + $info{'unregdate'} = POSIX::strftime( + "%Y-%m-%d %H:%M:%S", + localtime( time + normalize_time( $info{'unregdate'} ) ) + ); + } else { + $info{'unregdate'} = + &pf::authentication::match( $source->{id}, + { username => $pid }, + $Actions::SET_UNREG_DATE ); + } + + $info{'category'} = + &pf::authentication::match( $source->{id}, { username => $pid }, + $Actions::SET_ROLE ); + $c->forward('CaptivePortal' => 'webNodeRegister', [$pid, %info]); + $c->forward('CaptivePortal' => 'endPortalSession'); + } else { + $logger->error( + sprintf( + "No source of type '%s' defined for profile '%s'", + $type, $profile->getName + ) + ); + $c->response->redirect( $Config{'trapping'}{'redirecturl'} ); + } +} + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm new file mode 100755 index 000000000000..7df426e64acc --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Pay.pm @@ -0,0 +1,293 @@ +package captiveportal::PacketFence::Controller::Pay; +use Moose; +use namespace::autoclean; +use pf::config; +use URI::Escape qw(uri_escape uri_unescape); +use pf::billing::constants; +use pf::billing::custom; +use pf::config; +use pf::iplog; +use pf::node; +use pf::trigger; +use pf::person qw(person_modify); +use pf::Portal::Session; +use pf::util; +use pf::violation; +use pf::web; +use pf::web::billing 1.00; + +BEGIN { extends 'captiveportal::Base::Controller'; } + +=head1 NAME + +captiveportal::PacketFence::Controller::Pay - Catalyst Controller + +=head1 DESCRIPTION + +Catalyst Controller. + +=head1 METHODS + +=cut + +=head2 begin + +=cut + +sub begin : Private { + my ( $self, $c ) = @_; + if( isdisabled($Config{'registration'}{'billing_engine'}) ) { + $c->response->redirect("/captive-portal?destination_url=".uri_escape($c->portalSession->profile->getRedirectURL)); + $c->detach; + } + $c->forward(CaptivePortal => 'validateMac'); +} + +=head2 index + +=cut + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + my $request = $c->request; + if ( defined($request->param('submit')) ) { + $c->detach('processBilling'); + } + for my $p ('firstname', 'lastname', 'email', 'ccnumber', 'ccexpiration', 'ccvalidation') { + $c->request->param($p => undef); + } + $c->forward('showBilling'); +} + +sub processBilling : Private { + my ( $self, $c ) = @_; + $c->forward('validateBilling'); + $c->forward('processTransaction'); +} + +sub validateBilling : Private { + my ( $self, $c ) = @_; + my $portalSession = $c->portalSession; + my $logger = $c->log; + + # First blast for portalSession object consumption + my $request = $c->request(); + + # Fetch available tiers hash to check if the tier in param is ok + my $billingObj = new pf::billing::custom(); + my %available_tiers = $billingObj->getAvailableTiers(); + + # Check if every field are correctly filled + if ( $request->param("firstname") && $request->param("lastname") && $request->param("email") && + $request->param("ccnumber") && $request->param("ccexpiration") && $request->param("ccverification") && + $request->param("tier") && $request->param("aup_signed") ) { + + my $valid_name = ( pf::web::util::is_name_valid($request->param('firstname')) + && pf::web::util::is_name_valid($request->param('lastname')) ); + my $valid_email = pf::web::util::is_email_valid($request->param('email')); + my $valid_tier = exists $available_tiers{$request->param("tier")}; + + my $valid_ccnumber = pf::web::util::is_creditcardnumber_valid($request->param('ccnumber')); + my $valid_ccexpiration = pf::web::util::is_creditcardexpiration_valid($request->param('ccexpiration')); + my $valid_ccverification = pf::web::util::is_creditcardverification_valid($request->param('ccverification')); + + # Provided credit card informations are invalid + unless ( $valid_ccnumber && $valid_ccexpiration && $valid_ccverification ) { + # Return non-successful validation with credit card informations error + $c->stash->{'txt_validation_error'} = $BILLING::ERRORS{$BILLING::ERROR_CC_VALIDATION}; + $c->detach('showBilling'); + } + + # Provided personnal informations are valid + if ( $valid_name && $valid_email && $valid_tier ) { + # save personnal informations (no credit card infos) in session + # so that we will use them to create a guest user and an entry in the database + $c->session( + "firstname" => $request->param("firstname"), + "lastname" => $request->param("lastname"), + "email" => $request->param("email"), + "login" => $request->param("email"), + "tier" => $request->param("tier"), + ); + } + } + else{ + $c->stash->{'txt_validation_error'} = $BILLING::ERRORS{$BILLING::ERROR_INVALID_FORM}; + $c->detach('showBilling'); + } +} + +sub processTransaction : Private { + my ($self, $c) = @_; + my $billingObj = new pf::billing::custom(); + my $request = $c->request; + my $logger = $c->log; + my $portalSession = $c->portalSession; + my $mac = $portalSession->clientMac; + + # Transactions informations + my $tier = $request->param('tier'); + my %tiers_infos = $billingObj->getAvailableTiers(); + my $transaction_infos_ref = { + ip => $portalSession->clientIp(), + mac => $mac, + firstname => $request->param('firstname'), + lastname => $request->param('lastname'), + email => lc($request->param('email')), + ccnumber => $request->param('ccnumber'), + ccexpiration => $request->param('ccexpiration'), + ccverification => $request->param('ccverification'), + item => $tier, + price => $tiers_infos{$tier}{'price'}, + description => $tiers_infos{$tier}{'description'}, + }; + + # Process the transaction + my $paymentStatus = + $billingObj->processTransaction($transaction_infos_ref); + my $pid = $c->session->{'login'}; + + if ($paymentStatus eq $BILLING::SUCCESS) { + + # Adding person (using modify in case person already exists) + person_modify( + $pid, + ( 'firstname' => $request->param('firstname'), + 'lastname' => $request->param('lastname'), + 'email' => lc($request->param('email')), + 'notes' => 'billing engine activation - ' . $tier, + ) + ); + + # Grab additional infos about the node + my %info; + my $timeout = normalize_time($tiers_infos{$tier}{'timeout'}); + $info{'pid'} = $pid; + $info{'category'} = $tiers_infos{$tier}{'category'}; + $info{'unregdate'} = + POSIX::strftime("%Y-%m-%d %H:%M:%S", localtime(time + $timeout)); + + if ($tiers_infos{$tier}{'usage_duration'}) { + $info{'time_balance'} = + normalize_time($tiers_infos{$tier}{'usage_duration'}); + + # Check if node has some access time left; if so, add it to the new duration + my $node = node_view($mac); + if ($node && $node->{'time_balance'} > 0) { + if ($node->{'last_start_timestamp'} > 0) { + + # Node is active; compute the actual access time left + my $expiration = $node->{'last_start_timestamp'} + + $node->{'time_balance'}; + my $now = time; + if ($expiration > $now) { + $info{'time_balance'} += ($expiration - $now); + } + } else { + + # Node is inactive; add the remaining access time to the purchased access time + $info{'time_balance'} += $node->{'time_balance'}; + } + } + $logger->info( + "Usage duration for $mac is now " . $info{'time_balance'}); + } + + # Close violations that use the 'Accounting::BandwidthExpired' trigger + my @tid = trigger_view_tid($ACCOUNTING_POLICY_TIME); + foreach my $violation (@tid) { + + # Close any existing violation + violation_force_close($mac, $violation->{'vid'}); + } + + # Register the node + $c->forward( 'CaptivePortal' => 'webNodeRegister', [$info{pid}, %info] ); + + my $confirmationInfo = { + tier => $request->param('tier'), + firstname => $request->param('firstname'), + lastname => $request->param('lastname'), + email => $request->param('email'), + }; + # Send confirmation email + my %data = + $billingObj->prepareConfirmationInfo($transaction_infos_ref, $confirmationInfo); + pf::util::send_email('billing_confirmation', $data{'email'}, + $data{'subject'}, \%data); + + # Generate the release page + # XXX Should be part of the portal profile + + $c->forward( 'CaptivePortal' => 'endPortalSession' ); + } else { # There was an error with the payment processing + $logger->warn( + "There was an error with the payment processing for email $transaction_infos_ref->{email} " + . "(MAC: $transaction_infos_ref->{mac})"); + $c->stash->{'txt_validation_error'} = $BILLING::ERRORS{$BILLING::ERROR_PAYMENT_GATEWAY_FAILURE}; + $c->detach('showBilling'); + } +} + +sub showBilling : Private { + my ( $self, $c) = @_; + my ( $portalSession, $error_code ) = @_; + my $logger = $c->log; + my $request = $c->request; + + my $billingObj = new pf::billing::custom(); + my %tiers = $billingObj->getAvailableTiers(); + + $c->stash({ + 'tiers' => \%tiers, + 'selected_tier' => $request->param("tier") || '', + 'firstname' => $request->param("firstname") || '', + 'lastname' => $request->param("lastname") || '', + 'email' => $request->param("email") || '', + 'ccnumber' => $request->param("ccnumber") || '', + 'ccexpiration' => $request->param("ccexpiration") || '', + 'ccverification' => $request->param("ccverification") || '', + 'template' => 'billing/billing.html', + }); + +} + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2014 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/PreRegister.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/PreRegister.pm new file mode 100644 index 000000000000..70c9199fe759 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/PreRegister.pm @@ -0,0 +1,42 @@ +package captiveportal::PacketFence::Controller::PreRegister; +use Moose; +use namespace::autoclean; + +BEGIN { extends 'Catalyst::Controller'; } + +=head1 NAME + +captiveportal::PacketFence::Controller::PreRegister - Catalyst Controller + +=head1 DESCRIPTION + +Catalyst Controller. + +=head1 METHODS + +=cut + +=head2 index + +=cut + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + $c->request->param('preregistration','forced'); + $c->detach('Signup' => 'index'); +} + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Redirect.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Redirect.pm new file mode 100644 index 000000000000..e0476350ea89 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Redirect.pm @@ -0,0 +1,43 @@ +package captiveportal::PacketFence::Controller::Redirect; +use Moose; +use namespace::autoclean; + +BEGIN { extends 'Catalyst::Controller'; } + +=head1 NAME + +captiveportal::PacketFence::Controller::Redirect - Catalyst Controller + +=head1 DESCRIPTION + +Catalyst Controller. + +=head1 METHODS + +=cut + +=head2 index + +=cut + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + $c->stash( + template => 'redirect.html' + ); +} + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Release.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Release.pm new file mode 100644 index 000000000000..aeb5782741bd --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Release.pm @@ -0,0 +1,68 @@ +package captiveportal::PacketFence::Controller::Release; +use Moose; +use namespace::autoclean; +use pf::config; +use URI::Escape qw(uri_escape uri_unescape); +use pf::util; + +BEGIN { extends 'captiveportal::Base::Controller'; } + +=head1 NAME + +captiveportal::PacketFence::Controller::Release - Catalyst Controller + +=head1 DESCRIPTION + +Catalyst Controller. + +=head1 METHODS + +=cut + +=head2 index + +=cut + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + my $request = $c->request; + if ( $request->secure ) { + $c->response->redirect( "http://" + . $Config{'general'}{'hostname'} . "." + . $Config{'general'}{'domain'} + . '/access?destination_url=' + . uri_escape( $c->stash->{destination_url} ) ); + } else { + $c->stash( + timer => $Config{'trapping'}{'redirtimer'}, + redirect_url => $Config{'trapping'}{'redirecturl'}, + initial_delay => $CAPTIVE_PORTAL{'NET_DETECT_INITIAL_DELAY'}, + retry_delay => $CAPTIVE_PORTAL{'NET_DETECT_RETRY_DELAY'}, + external_ip => $Config{'captive_portal'}{'network_detection_ip'}, + auto_redirect => $Config{'captive_portal'}{'network_detection'}, + ); + + # override destination_url if we enabled the always_use_redirecturl option + if ( isenabled( $Config{'trapping'}{'always_use_redirecturl'} ) ) { + $c->stash->{'destination_url'} = + $Config{'trapping'}{'redirecturl'}; + } + $c->stash->{template} = 'release.html'; + $c->detach; + } +} + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Remediation.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Remediation.pm new file mode 100644 index 000000000000..98369fb5255d --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Remediation.pm @@ -0,0 +1,141 @@ +package captiveportal::PacketFence::Controller::Remediation; +use Moose; +use namespace::autoclean; +use pf::web; +use pf::violation; +use pf::class; +use pf::node; +use List::Util qw(first); +use pf::config; +use pf::util; +use File::Spec::Functions; + +BEGIN { extends 'captiveportal::Base::Controller'; } + +=head1 NAME + +captiveportal::PacketFence::Controller::Remediation - Catalyst Controller + +=head1 DESCRIPTION + +Catalyst Controller. + +=head1 METHODS + +=cut + +=head2 index + +=cut + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + my $portalSession = $c->portalSession; + my $mac = $portalSession->clientMac; + my $logger = $c->log; + + $c->stash->{'user_agent'} = $c->request->user_agent; + my $request = $c->req; + + # check for open violations + my $violation = $self->getViolation($c); + + if ($violation) { + + # There is a violation, redirect the user + # FIXME: there is not enough validation below + my $vid = $violation->{'vid'}; + my $class = class_view($vid); + + # Retrieve violation template name + my $template = $class->{'template'}; + + my $node_info = node_view($mac); + $c->stash( + 'template' => 'remediation.html', + map { $_ => $node_info->{$_} } + qw(dhcp_fingerprint last_switch last_port + last_vlan last_connection_type last_ssid username) + ); + + # Find the subtemplate + my $langs = $c->forward(Root => 'getLanguages'); + my $paths = $c->forward('getTemplateIncludePath'); + push(@$langs, ''); # default template + foreach my $lang (@$langs) { + my $file = "violations/$template" . ($lang?".$lang":"") . ".html"; + foreach my $dir (@$paths) { + if ( -f "$dir/$file" ) { + # We found our sub template. Stop here. + $logger->info("Showing the $file remediation page."); + $c->stash->{'sub_template'} = $file; + return; + } + } + } + + } else { + $logger->info( "No open violation for " . $mac ); + + # TODO - rework to not show "Your computer was not found in the PacketFence database. Please reboot to solve this issue." + $self->showError( $c, "error: not found in the database" ); + } +} + + +sub scan_status : Private { + my ( $self, $c, $scan_start_time ) = @_; + my $portalSession = $c->portalSession; + + my $refresh_timer = 10; # page will refresh each 10 seconds + + $c->stash( + template => 'scan-in-progress.html', + txt_message => i18n_format( + 'scan in progress contact support if too long', + $scan_start_time + ), + txt_auto_refresh => + i18n_format( 'automatically refresh', $refresh_timer ), + refresh_timer => $refresh_timer, + ); +} + +sub getViolation { + my ( $self, $c ) = @_; + my $violation = $c->stash->{violation}; + unless($violation) { + my $mac = $c->portalSession->clientMac; + $c->stash->{violation} = $violation = violation_view_top($mac); + } + return $violation; +} + +=head2 getTemplateIncludePath + +=cut + +sub getTemplateIncludePath : Private { + my ($self, $c) = @_; + my $profile = $c->profile; + my @paths = ($CAPTIVE_PORTAL{'TEMPLATE_DIR'}); + if ($profile->getName ne 'default') { + unshift @paths,catdir($CAPTIVE_PORTAL{'PROFILE_TEMPLATE_DIR'},trim_path($profile->getTemplatePath)); + } + return \@paths; +} + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm new file mode 100644 index 000000000000..6d2a8e90cfe5 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Root.pm @@ -0,0 +1,252 @@ +package captiveportal::PacketFence::Controller::Root; +use Moose; +use namespace::autoclean; +use pf::web::constants; +use URI::Escape qw(uri_escape uri_unescape); +use HTML::Entities; +use pf::enforcement qw(reevaluate_access); +use pf::config; +use pf::log; +use pf::util; +use pf::Portal::Session; +use Apache2::Const -compile => qw(OK DECLINED HTTP_MOVED_TEMPORARILY); +use pf::web; +use pf::node; +use pf::useragent; +use pf::violation; +use pf::class; +use Cache::FileCache; +use pf::sms_activation; +use List::Util qw(first); +use POSIX; + +BEGIN { extends 'captiveportal::Base::Controller'; } + +# +# Sets the actions in this controller to be registered with no prefix +# so they function identically to actions created in MyApp.pm +# +__PACKAGE__->config( namespace => '' ); + +=head1 NAME + +captiveportal::PacketFence::Controller::Root - Root Controller for captiveportal + +=head1 DESCRIPTION + +[enter your description here] + +=head1 METHODS + +=head2 auto + +=cut + +sub auto : Private { + my ( $self, $c ) = @_; + $c->forward('setupCommonStash'); + $c->forward('setupLanguage'); + return 1; +} + +=head2 index + +index + +=cut + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + $c->response->redirect('captive-portal'); +} + + +sub default : Path { + my ( $self, $c ) = @_; + $c->response->body('Page not found'); + $c->response->status(404); +} + +=head2 setupCommonStash + +Add all the common variables in the stash + +=cut + +sub setupCommonStash : Private { + my ( $self, $c ) = @_; + my $portalSession = $c->portalSession; + my $destination_url = $c->request->param('destination_url'); + if ( defined $destination_url ) { + $destination_url = decode_entities( uri_unescape($destination_url) ); + } else { + $destination_url = $Config{'trapping'}{'redirecturl'}; + } + my @list_help_info; + push @list_help_info, + { name => i18n('IP'), value => $portalSession->clientIp } + if ( defined( $portalSession->clientIp ) ); + push @list_help_info, + { name => i18n('MAC'), value => $portalSession->clientMac } + if ( defined( $portalSession->clientMac ) ); + $c->stash( + pf::web::constants::to_hash(), + destination_url => $destination_url, + logo => $c->profile->getLogo, + list_help_info => \@list_help_info, + ); +} + +=head2 setupLanguage + +Define the locale + +=cut + +sub setupLanguage : Private { + my ($self, $c) = @_; + my $logger = get_logger; + my ($locales) = $c->forward('getLanguages'); + + my $locale = shift @$locales; + $logger->debug("Setting locale to ".$locale); + setlocale(POSIX::LC_MESSAGES, "$locale.utf8"); +} + +=head2 getLanguages + +Retrieve the user preferred languages from the following ordered sources: + +=over + +=item 1. the 'lang' URL parameter + +=item 2. the 'lang' parameter of the Web session + +=item 3. the browser accepted languages + +=back + +If no language matches the authorized locales from the configuration, the first locale +of the configuration is returned. + +=cut + +sub getLanguages :Private { + my ($self, $c) = @_; + my $logger = get_logger; + my $portalSession = $c->portalSession; + + my ($lang, @languages); + + my @authorized_locales = $c->profile->getLocales(); + unless (scalar @authorized_locales > 0) { + @authorized_locales = @WEB::LOCALES; + } + + $logger->debug("Authorized locale(s) are " . join(', ', @authorized_locales)); + + # 1. Check if a language is specified in the URL + if ( defined($c->request->param('lang')) ) { + my $user_chosen_language = $c->request->param('lang'); + $user_chosen_language =~ s/^(\w{2})(_\w{2})?/lc($1) . uc($2)/e; + if (grep(/^$user_chosen_language$/, @authorized_locales)) { + $lang = $user_chosen_language; + # Store the language in the session + $c->session->{lang} = $lang; + $logger->debug("locale from the URL is $lang"); + } + else { + $logger->warn("locale from the URL $user_chosen_language is not supported"); + } + } + + # 2. Check if the language is set in the session + if ( defined($c->session->{lang}) ) { + $lang = $c->session->{lang}; + push(@languages, $lang) unless (grep/^$lang$/, @languages); + $logger->debug("locale from the session is $lang"); + } + + # 3. Check the accepted languages of the browser + my $browser_languages = $c->forward('getRequestLanguages'); + foreach my $browser_language (@$browser_languages) { + $browser_language =~ s/^(\w{2})(_\w{2})?/lc($1) . uc($2)/e; + if (grep(/^$browser_language$/, @authorized_locales)) { + $lang = $browser_language; + push(@languages, $lang) unless (grep/^$lang$/, @languages); + $logger->debug("locale from the browser is $lang"); + } + else { + $logger->trace("locale from the browser $browser_language is not supported"); + } + } + + if (scalar @languages > 0) { + $logger->trace("prefered user languages are " . join(", ", @languages)); + } + else { + push(@languages, $authorized_locales[0]); + } + + return \@languages; +} + +=head2 getRequestLanguages + +Extract the preferred languages from the HTTP request. +Ex: Accept-Language: en-US,en;q=0.8,fr;q=0.6,fr-CA;q=0.4,no;q=0.2,es;q=0.2 +will return qw(en_US en fr fr_CA no es) + +=cut + +sub getRequestLanguages : Private{ + my ($self, $c) = @_; + my $s = $c->request->header('Accept-language') || 'en_US'; + my @l = split(/,/, $s); + map { s/;.+// } @l; + map { s/-/_/g } @l; + #@l = map { m/^en(_US)?/? ():$_ } @l; + + return \@l; +} + + + +=head2 end + +Attempt to render a view, if needed. + +=cut + +sub end : ActionClass('RenderView') { + my ( $self, $c ) = @_; + if (scalar $c->has_errors) { + my $errors = $c->error; + for my $error ( @$errors ) { + $c->log->error($error); + } + my $txt_message = join(' ',grep { ref($_) eq '' } @$errors); + $c->stash( + template => 'error.html', + txt_message => $txt_message, + ); + $c->response->status(500); + $c->clear_errors; + } +} + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm new file mode 100644 index 000000000000..045d19854424 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Signup.pm @@ -0,0 +1,663 @@ +package captiveportal::PacketFence::Controller::Signup; +use Moose; +use namespace::autoclean; +use Date::Format qw(time2str); +use pf::log; +use pf::config; +use pf::temporary_password 1.11; +use pf::util; +use pf::web qw(i18n ni18n i18n_format render_template); +use pf::web::constants; +use pf::web::util; +use pf::web::guest; +use pf::email_activation; +use pf::sms_activation; +use pf::Authentication::constants; +use pf::Authentication::Action; +use pf::authentication; +use List::MoreUtils qw(uniq any); +use Readonly; +use POSIX; +use URI::Escape qw(uri_escape); +use pf::iplog; +use pf::node; +use pf::person qw(person_modify); +use pf::violation; +use pf::web; + +# called last to allow redefinitions +use pf::web::custom; + +BEGIN { extends 'captiveportal::Base::Controller'; } + +=head1 NAME + +captiveportal::PacketFence::Controller::Signup - Catalyst Controller + +=head1 DESCRIPTION + +Catalyst Controller. + +=head1 METHODS + +=cut + +=head2 index + +=cut + +sub begin : Private { + my ( $self, $c ) = @_; + + # if we can resolve the MAC we are in on-site self-registration + # if we can't resolve it and preregistration is disabled, generate an error +} + +=head2 checkPreregistration + +TODO: documention + +=cut + +sub checkPreregistration : Private { + my ( $self, $c ) = @_; + my $request = $c->request; + + # forced pre-registration overrides anything previously set (or not set) + if ( defined( $request->param("preregistration") ) + && $request->param("preregistration") eq 'forced' ) { + $c->session->{"preregistration"} = $TRUE; + } + +} + + +=head2 setupGuestMac + +TODO: documention + +=cut + +sub setupGuestMac : Private { + my ( $self, $c ) = @_; + my $portalSession = $c->portalSession; + # Clearing the MAC if in pre-registration + # Warning: this assumption is important for preregistration + if ( $c->session->{"preregistration"} ) { + $portalSession->guestNodeMac(undef); + } + + # Assigning MAC as guest MAC + # FIXME quick and hackish fix for #1505. A proper, more intrusive, API changing, fix should hit devel. + else { + $portalSession->guestNodeMac( $portalSession->clientMac() ); + } +} + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + $c->forward( CaptivePortal => 'validateMac'); + $c->forward('checkGuestModes'); + $c->forward('checkPreregistration'); + $c->forward('setupGuestMac'); + my $mode = $c->request->param("mode"); + if ( $mode && $mode eq $pf::web::guest::GUEST_REGISTRATION ) { + $c->forward('validateSelfRegistration'); + $c->forward('doSelfRegistration'); + } + $c->forward('showSelfRegistrationPage'); +} + +=head2 doSelfRegistration + +TODO: documention + +=cut + +sub doSelfRegistration : Private { + my ( $self, $c ) = @_; + my $request = $c->request; + my $profile = $c->profile; + if ( $request->param('by_email') + && $profile->guestModeAllowed($SELFREG_MODE_EMAIL) ) { + $c->detach('doEmailSelfRegistration'); + } elsif ( $request->param('by_sponsor') + && $profile->guestModeAllowed($SELFREG_MODE_SPONSOR) ) { + $c->detach('doSponsorSelfRegistration'); + } elsif ( $request->param('by_sms') + && $profile->guestModeAllowed($SELFREG_MODE_SMS) ) { + $c->detach('doSmsSelfRegistration'); + } + $self->validationError( $c, $GUEST::ERROR_INVALID_FORM ); + return; +} + +=head2 doEmailSelfRegistration + +TODO: documention + +=cut + +sub doEmailSelfRegistration : Private { + my ( $self, $c ) = @_; + my $logger = get_logger; + my $portalSession = $c->portalSession; + my $session = $c->session; + my $profile = $c->profile; + my %info; + $logger->info( + "registering " + . ( + $session->{preregistration} + ? 'a remote' + : $portalSession->clientMac() + ) + . " guest by email" + ); + + my $pid = $session->{guest_pid}; + my $email = $session->{email}; + $info{'pid'} = $pid; + + # fetch role for this user + my $email_type = + pf::Authentication::Source::EmailSource->getDefaultOfType; + my $source = $profile->getSourceByType($email_type); + my $auth_params = { + 'username' => $pid, + 'user_email' => $email + }; + $info{'category'} = + &pf::authentication::match( $source->{id}, $auth_params, + $Actions::SET_ROLE ); + + # form valid, adding person (using modify in case person already exists) + person_modify( + $pid, + ( 'firstname' => $session->{firstname}, + 'lastname' => $session->{lastname}, + 'company' => $session->{company}, + 'email' => $email, + 'telephone' => $session->{phone}, + 'notes' => 'email activation. Date of arrival: ' + . time2str( "%Y-%m-%d %H:%M:%S", time ), + ) + ); + + # if we are on-site: register the node + if ( !$session->{preregistration} ) { + + # Use the activation timeout to set the unregistration date + my $timeout = normalize_time( $source->{email_activation_timeout} ); + $info{'unregdate'} = POSIX::strftime( "%Y-%m-%d %H:%M:%S", + localtime( time + $timeout ) ); + $logger->debug( "Registration for guest " + . $pid + . " is valid until " + . $info{'unregdate'} ); + $c->forward('CaptivePortal' => 'webNodeRegister',[$pid, %info]); + + } + + # add more info for the activation email + %info = prepareEmailGuestActivationInfo( $c->session, %info ); + + # TODO this portion of the code should be throttled to prevent malicious intents (spamming) + my ( $auth_return, $err, $errargs_ref ) = + pf::email_activation::create_and_email_activation_code( + $portalSession->guestNodeMac(), + $pid, $email, + ( $session->{preregistration} + ? $pf::web::guest::TEMPLATE_EMAIL_EMAIL_PREREGISTRATION + : $pf::web::guest::TEMPLATE_EMAIL_GUEST_ACTIVATION + ), + $pf::email_activation::GUEST_ACTIVATION, + %info + ); + + if ( !$session->{preregistration} ) { + + # does the necessary captive portal escape sequence (violations, provisionning, etc.) + $c->detach( CaptivePortal => 'endPortalSession') if $auth_return; + } + + # pregistration: we show a confirmation page + $c->stash( + template => $pf::web::guest::PREREGISTRATION_CONFIRMED_TEMPLATE, + 'mode' => $SELFREG_MODE_EMAIL + ); + $c->detach; +} + + +sub prepareEmailGuestActivationInfo : Private { + my ( $session, %info ) = @_; + + $info{'firstname'} = $session->{"firstname"}; + $info{'lastname'} = $session->{"lastname"}; + $info{'telephone'} = $session->{"phone"}; + $info{'company'} = $session->{"company"}; + $info{'subject'} = i18n_format("%s: Email activation required", $Config{'general'}{'domain'}); + + return %info; +} + +=head2 doSponsorSelfRegistration + +TODO: documention + +=cut + +sub doSponsorSelfRegistration : Private { + my ( $self, $c ) = @_; + my $logger = get_logger; + my $profile = $c->profile; + my $request = $c->request; + my $portalSession = $c->portalSession; + my %info; + $logger->info( + "registering " + . ( + $c->session->{preregistration} + ? 'a remote' + : $portalSession->clientMac() + ) + . " guest through a sponsor" + ); + + my $pid = $c->session->{'guest_pid'}; + my $email = $c->session->{"email"}; + $info{'pid'} = $pid; + + # form valid, adding person (using modify in case person already exists) + person_modify( + $pid, + ( 'firstname' => $c->session->{"firstname"}, + 'lastname' => $c->session->{"lastname"}, + 'company' => $c->session->{'company'}, + 'email' => $email, + 'telephone' => $c->session->{"phone"}, + 'sponsor' => $c->session->{"sponsor"}, + 'notes' => 'sponsored guest. Date of arrival: ' + . time2str( "%Y-%m-%d %H:%M:%S", time ) + ) + ); + $logger->info( "Adding guest person " . $c->session->{'guest_pid'} ); + + my $sponsor_type = + pf::Authentication::Source::SponsorEmailSource->getDefaultOfType; + my $source = $profile->getSourceByType($sponsor_type); + my $auth_params = { + 'username' => $pid, + 'user_email' => $email + }; + + # fetch role for this user + $info{'category'} = + &pf::authentication::match( $source->{id}, $auth_params, + $Actions::SET_ROLE ); + + # Setting access timeout and role (category) dynamically + $info{'unregdate'} = + &pf::authentication::match( $source->{id}, $auth_params, + $Actions::SET_ACCESS_DURATION ); + + if ( defined $info{'unregdate'} ) { + $info{'unregdate'} = POSIX::strftime( "%Y-%m-%d %H:%M:%S", + localtime( time + normalize_time( $info{'unregdate'} ) ) ); + } else { + $info{'unregdate'} = + &pf::authentication::match( $source->{id}, $auth_params, + $Actions::SET_UNREG_DATE ); + } + + # set node in pending mode + $info{'status'} = $pf::node::STATUS_PENDING; + + if ( !$c->session->{"preregistration"} ) { + + # modify the node + node_modify( $portalSession->clientMac(), %info ); + } + + $info{'cc'} = $Config{'guests_self_registration'}{'sponsorship_cc'}; + + # fetch more info for the activation email + # this is meant to be overridden in pf::web::custom with customer specific needs + foreach my $key (qw(firstname lastname telephone company sponsor)) { + $info{$key} = $c->session->{$key}; + } + $info{is_preregistration} = $c->session->{preregistration}; + $info{'subject'} = + i18n_format( "%s: Guest access request", $Config{'general'}{'domain'} ); + + # TODO this portion of the code should be throttled to prevent malicious intents (spamming) + my ( $auth_return, $err, $errargs_ref ) = + pf::email_activation::create_and_email_activation_code( + $portalSession->guestNodeMac(), + $pid, + $info{'sponsor'}, + $pf::web::guest::TEMPLATE_EMAIL_SPONSOR_ACTIVATION, + $pf::email_activation::SPONSOR_ACTIVATION, + %info + ); + + # on-site: redirection will show pending page (unless there's a violation for the node) + if ( !$c->session->{"preregistration"} ) { + $c->response->redirect( '/captive-portal?destination_url=' + . uri_escape( $c->stash->{destination_url} ) ); + + } + + # pregistration: we show a confirmation page + else { + $c->stash( + template => $pf::web::guest::PREREGISTRATION_CONFIRMED_TEMPLATE, + 'mode' => $SELFREG_MODE_SPONSOR + ); + } + $c->detach; +} # SPONSOR + +=head2 doSmsSelfRegistration + +TODO: documention + +=cut + +sub doSmsSelfRegistration : Private { + my ( $self, $c ) = @_; + my $portalSession = $c->portalSession; + if ( $c->session->{"preregistration"} ) { + $self->showError($c, i18n("Registration in advance by SMS is not supported.") ); + } + my %info; + my $profile = $c->profile; + my $request = $c->request; + my $logger = get_logger; + my $mac = $portalSession->clientMac; + my $phone = $request->param("phone"); + my $mobileprovider = $request->param("mobileprovider"); + + # User chose to register by SMS + $logger->info("registering $mac guest by SMS $phone @ $mobileprovider"); + my ( $auth_return, $err, $errargs_ref ) = + sms_activation_create_send( $portalSession->guestNodeMac(), + $phone, $mobileprovider ); + if ($auth_return) { + + my $pid = $c->session->{'guest_pid'}; + my $phone = $c->session->{"phone"}; + $info{'pid'} = $pid; + + # form valid, adding person (using modify in case person already exists) + $logger->info("Adding guest person $pid ($phone)"); + person_modify( + $pid, + ( map { $_ => $c->session->{$_} } + qw(firstname lastname company email) + ), + ( 'telephone' => $phone, + 'notes' => 'sms confirmation. Date of arrival: ' + . time2str( "%Y-%m-%d %H:%M:%S", time ), + ) + ); + + $logger->info("redirecting to mobile confirmation page"); + + # fetch role for this user + my $sms_type = + pf::Authentication::Source::SMSSource->getDefaultOfType; + my $source = $profile->getSourceByType($sms_type); + my $auth_params = { + 'username' => $pid, + 'phonenumber' => $phone + }; + $info{'category'} = + &pf::authentication::match( $source->{id}, $auth_params, + $Actions::SET_ROLE ); + + # set node in pending mode with the appropriate role + $info{'status'} = $pf::node::STATUS_PENDING; + node_modify( $portalSession->clientMac(), %info ); + $c->detach( 'Activate::Sms' => 'showSmsConfirmation' ); + + } else { + $self->validationError( $c, $err ); + } +} # SMS + +sub checkGuestModes : Private { + my ( $self, $c ) = @_; + if ( @{ $c->profile->getGuestModes } == 0 ) { + $c->response->redirect( "/captive-portal?destination_url=" + . uri_escape( $c->stash->{destination_url} ) ); + $c->detach; + } +} + +=head2 validateSelfRegistration + +TODO: documention + +=cut + +sub validateSelfRegistration : Private { + my ( $self, $c ) = @_; + $c->forward('validatePreregistration'); + $c->forward('validateMandatoryFields'); + $c->forward('validateByEmailSource'); + $c->forward('validateBySponsorSource'); + $c->forward('setupSelfRegistrationSession'); +} + + +=head2 setupSelfRegistrationSession + +TODO: documention + +=cut + +sub setupSelfRegistrationSession : Private { + my ( $self, $c ) = @_; + my $request = $c->request; + $c->session->{firstname} = $request->param("firstname"); + $c->session->{lastname} = $request->param("lastname"); + $c->session->{company} = $request->param("organization"); + $c->session->{phone} = + pf::web::util::validate_phone_number( $request->param("phone") ); + $c->session->{email} = lc( $request->param("email") ); + $c->session->{sponsor} = lc( $request->param("sponsor_email") ); + + # guest pid is configurable (defaults to email) + $c->session->{guest_pid} = + $c->session->{ $Config{'guests_self_registration'}{'guest_pid'} }; +} + + +=head2 validatePreregistration + +TODO: documention + +=cut + +sub validatePreregistration : Private { + my ( $self, $c ) = @_; + if ( $c->session->{preregistration} + && isdisabled( + $Config{'guests_self_registration'}{'preregistration'} ) ) { + $self->validationError( $c, $GUEST::ERROR_PREREG_NOT_ALLOWED ); + } +} + +=head2 validateBySponsorSource + +TODO: documention + +=cut + +sub validateBySponsorSource : Private { + my ( $self, $c ) = @_; + my $profile = $c->profile; + my $request = $c->request; + if ( $request->param('by_sponsor') ) { + my $sponsor_email = lc( $request->param('sponsor_email') ); + my ( $username, $source_id ) = + &pf::authentication::username_from_email($sponsor_email); + unless ( + defined $username + && defined &pf::authentication::match( + $source_id, { username => $username }, + $Actions::MARK_AS_SPONSOR + ) + ) { + $self->validationError( $c, + $GUEST::ERROR_EMAIL_UNAUTHORIZED_AS_GUEST, + $sponsor_email ); + } + } +} + +=head2 validateByEmailSource + +TODO: documention + +=cut + +sub validateByEmailSource : Private { + my ( $self, $c ) = @_; + my $profile = $c->profile; + my $request = $c->request; + my $email_type = + pf::Authentication::Source::EmailSource->getDefaultOfType; + my $source = $profile->getSourceByType($email_type); + my $localdomain = $Config{'general'}{'domain'}; + if ( $source + && isdisabled( $source->{allow_localdomain} ) + && $request->param('email') =~ /[@.]$localdomain$/i ) { + $self->validationError( $c, + $GUEST::ERROR_EMAIL_UNAUTHORIZED_AS_GUEST, $localdomain ); + } +} + +sub validationError { + my ( $self, $c, $error_code, @error_args ) = @_; + $c->stash->{'txt_validation_error'} = + i18n_format( $GUEST::ERRORS{$error_code}, @error_args ); + $c->detach('showSelfRegistrationPage'); +} + +=head2 validateMandatoryFields + +TODO: documention + +=cut + +sub validateMandatoryFields : Private { + my ( $self, $c ) = @_; + my $request = $c->request; + my ( $error_code, @error_args ); + my @mandatory_fields = split( /\s*,\s*/, + $Config{'guests_self_registration'}{'mandatory_fields'} ); + my $by_email = $request->param('by_email'); + my $by_sms = $request->param('by_sms'); + my $by_sponsor = $request->param('by_sponsor'); + push @mandatory_fields, qw(email) if ( defined $by_email ); + push @mandatory_fields, qw(sponsor_email) if ( defined $by_sponsor ); + push @mandatory_fields, qw(phone mobileprovider) + if ( defined $by_sms ); + @mandatory_fields = uniq @mandatory_fields; + my %mandatory_fields = map { $_ => undef } @mandatory_fields; + my @missing_fields = grep { !$request->param($_) } @mandatory_fields; + + if (@missing_fields) { + $error_code = $GUEST::ERROR_MISSING_MANDATORY_FIELDS; + @error_args = ( join( ", ", map { i18n($_) } @missing_fields ) ); + } elsif ( exists $mandatory_fields{email} + && !pf::web::util::is_email_valid( $request->param('email') ) ) { + $error_code = $GUEST::ERROR_ILLEGAL_EMAIL; + } elsif ( exists $mandatory_fields{phone} + && !pf::web::util::validate_phone_number( $request->param('phone') ) ) + { + $error_code = $GUEST::ERROR_ILLEGAL_PHONE; + } elsif ( !length( $request->param("aup_signed") ) ) { + $error_code = $GUEST::ERROR_AUP_NOT_ACCEPTED; + } + if ( defined $error_code && $error_code != 0 ) { + $self->validationError( $c, $error_code, @error_args ); + } +} + +=head2 authenticateSelfRegistration + +TODO: documention + +=cut + +sub authenticateSelfRegistration : Private { + my ( $self, $c ) = @_; + return; +} + +sub showSelfRegistrationPage : Private { + my ( $self, $c ) = @_; + my $logger = get_logger; + my $profile = $c->profile; + my $request = $c->request; + + my $sms_type = + pf::Authentication::Source::SMSSource->meta->get_attribute('type') + ->default; + my $source = $profile->getSourceByType($sms_type); + my $guestModes = $profile->getGuestModes; + + $c->stash( + post_uri => "$WEB::URL_SIGNUP?mode=guest-register", + firstname => $request->param("firstname") || '', + lastname => $request->param("lastname") || '', + organization => $request->param("organization") || '', + phone => $request->param("phone") || '', + mobileprovider => $request->param("mobileprovider") || '', + email => lc( $request->param("email") || '' ), + sponsor_email => lc( $request->param("sponsor_email") || '' ), + sms_carriers => sms_carrier_view_all($source), + is_preregistration => $c->session->{'preregistration'}, + sms_guest_allowed => is_in_list( $SELFREG_MODE_SMS, $guestModes ), + email_guest_allowed => is_in_list( $SELFREG_MODE_EMAIL, $guestModes ), + sponsored_guest_allowed => + is_in_list( $SELFREG_MODE_SPONSOR, $guestModes ), + ); + + $c->stash( template => 'guest.html' ); +} + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/Status.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Status.pm new file mode 100644 index 000000000000..3f83f662c48c --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/Status.pm @@ -0,0 +1,67 @@ +package captiveportal::PacketFence::Controller::Status; +use Moose; +use namespace::autoclean; +use pf::util; +use pf::node; +use pf::person; + +BEGIN { extends 'captiveportal::Base::Controller'; } + +=head1 NAME + +captiveportal::PacketFence::Controller::Status - Catalyst Controller + +=head1 DESCRIPTION + +Catalyst Controller. + +=head1 METHODS + +=cut + +=head2 index + +=cut + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + my $portalSession = $c->portalSession; + my $node_info = node_view( $portalSession->clientMac() ); + my @nodes = person_nodes($node_info->{pid}); + if ( defined $node_info->{'last_start_timestamp'} + && $node_info->{'last_start_timestamp'} > 0 ) { + if ( $node_info->{'timeleft'} > 0 ) { + + # Node has a usage duration + $node_info->{'expiration'} = + $node_info->{'last_start_timestamp'} + $node_info->{'timeleft'}; + if ( $node_info->{'expiration'} < time ) { + + # No more access time; RADIUS accounting should have triggered a violation + delete $node_info->{'expiration'}; + $node_info->{'timeleft'} = 0; + } + } + } + $c->stash( + template => 'status.html', + node => $node_info, + nodes => \@nodes, + billing => isenabled( $c->profile->getBillingEngine ), + ); +} + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Controller/WirelessProfile.pm b/html/captive-portal/lib/captiveportal/PacketFence/Controller/WirelessProfile.pm new file mode 100644 index 000000000000..835a76843080 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Controller/WirelessProfile.pm @@ -0,0 +1,50 @@ +package captiveportal::PacketFence::Controller::WirelessProfile; +use Moose; +use namespace::autoclean; + +BEGIN { extends 'captiveportal::Base::Controller'; } +use pf::config; + +__PACKAGE__->config( namespace => 'wireless-profile.mobileconfig', ); + +=head1 NAME + +captiveportal::PacketFence::Controller::WirelessProfile - Catalyst Controller + +=head1 DESCRIPTION + +Catalyst Controller. + +=head1 METHODS + +=cut + +=head2 index + +=cut + +sub index : Path : Args(0) { + my ( $self, $c ) = @_; + my $username = $c->session->{username} || ''; + $c->stash( + template => 'wireless-profile.xml', + current_view => 'MobileConfig', + ssid => $Config{'provisioning'}{'ssid'}, + username => $username + ); +} + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm b/html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm new file mode 100644 index 000000000000..daba33e75e52 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/PacketFence/Model/Portal/Session.pm @@ -0,0 +1,176 @@ +package captiveportal::PacketFence::Model::Portal::Session; +use Moose; + +use pf::iplog qw(ip2mac); +use pf::config; +use constant LOOPBACK_IPV4 => '127.0.0.1'; +use pf::log; +use pf::util; +use pf::locationlog qw(locationlog_synchronize); +use NetAddr::IP; +use pf::iplog qw(iplog_open); +use pf::Portal::ProfileFactory; +use File::Spec::Functions qw(catdir); + +=head1 NAME + +captiveportal::PacketFence::Model::Portal::Session - Catalyst Model + +=head1 DESCRIPTION + +Catalyst Model. + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +has clientIp => ( + is => 'rw', + builder => '_build_clientIp', + lazy => 1, +); + +has clientMac => ( + is => 'rw', + builder => '_build_clientMac', + lazy => 1, +); + +has profile => ( + is => 'rw', + builder => '_build_profile', + lazy => 1, +); + +has remoteAddress => ( + is => 'rw', + required => 1, +); + +has redirectURL => ( + is => 'rw', +); + +has [qw(forwardedFor guestNodeMac)] => ( is => 'rw', ); + +sub ACCEPT_CONTEXT { + my ( $self, $c, @args ) = @_; + my $class = ref $self || $self; + return $c->stash->{current_model_instances}{$class} + if exists $c->stash->{current_model_instances}{$class} && $c->stash->{current_model_instances}{$class}->isa($class); + my $request = $c->request; + my $remoteAddress = $request->address; + my $forwardedFor = $request->header('HTTP_X_FORWARDED_FOR'); + my $redirectURL; + my $model = $self->new( + remoteAddress => $remoteAddress, + forwardedFor => $forwardedFor, + @args, + ); + $c->stash->{current_model_instances}{$class} = $model; + return $model; +} + +sub _build_destinationUrl { + my ($self) = @_; + + # Return portal profile's redirection URL if destination_url is not set or if redirection URL is forced + if (!defined($self->cgi->param("destination_url")) || $self->profile->forceRedirectURL) { + return $self->getProfile->getRedirectURL; + } + + # Respect the user's initial destination URL + return $self->{'_destination_url'} || decode_entities(uri_unescape($self->cgi->param("destination_url"))); +} + +sub _build_clientIp { + my ($self) = @_; + my $logger = get_logger; + + # we fetch CGI's remote address + # if user is behind a proxy it's not sufficient since we'll get the proxy's IP + my $directly_connected_ip = $self->remoteAddress; + + # every source IP in this table are considered to be from a proxied source + my %proxied_lookup = + %{ $CAPTIVE_PORTAL{'loadbalancers_ip'} }; #load balancers first + $proxied_lookup{LOOPBACK_IPV4} = 1; # loopback (proxy-bypass) + # adding virtual IP if one is present (proxy-bypass w/ high-avail.) + $proxied_lookup{ $management_network->tag('vip') } = 1 + if ( $management_network && $management_network->tag('vip') ); + + # if this is NOT from one of the expected proxy IPs return the IP + if ( ( !$proxied_lookup{$directly_connected_ip} ) + && !( $directly_connected_ip ne '127.0.0.1' ) ) { + return $directly_connected_ip; + } + + my $forwarded_for = $self->forwardedFor; + + # behind a proxy? + if ( defined($forwarded_for) ) { + my @proxied_ip = split( ',', $forwarded_for ); + $logger->debug( + "Remote Address is $directly_connected_ip. Client is behind proxy? " + . "Returning: $proxied_ip[0] according to HTTP Headers" ); + return $proxied_ip[0]; + } + + $logger->debug( + "Remote Address is $directly_connected_ip but no further hints of client IP in HTTP Headers" + ); + return $directly_connected_ip; +} + +sub _build_clientMac { + my ($self) = @_; + my $clientIp = $self->clientIp; + if (defined $clientIp) { + $clientIp = clean_ip($clientIp); + while ( my ($network,$network_config) = each %ConfigNetworks ) { + next unless defined $network_config->{'fake_mac_enabled'} && enabled($network_config->{'fake_mac_enabled'}); + next if !pf::config::is_network_type_inline($network); + my $net_addr = NetAddr::IP->new($network,$network_config->{'netmask'}); + my $ip = new NetAddr::IP::Lite $clientIp; + if ($net_addr->contains($ip)) { + my $fake_mac = '00:00:' . join(':', map { sprintf("%02x", $_) } split /\./, $ip->addr()); + my $gateway = $network_config->{'gateway'}; + locationlog_synchronize($gateway, $gateway, undef, $NO_PORT, $NO_VLAN, $fake_mac, $NO_VOIP, $INLINE); + iplog_open($fake_mac, $ip->addr()); + return $fake_mac; + } + } + return ip2mac( $clientIp ); + } + return undef; +} + +sub _build_profile { + my ($self) = @_; + return pf::Portal::ProfileFactory->instantiate( $self->clientMac ); +} + +sub templateIncludePath { + my ($self) = @_; + my $profile = $self->profile; + my @paths = ( $CAPTIVE_PORTAL{'TEMPLATE_DIR'} ); + if ( $profile->getName ne 'default' ) { + unshift @paths, + catdir( + $CAPTIVE_PORTAL{'PROFILE_TEMPLATE_DIR'}, + trim_path( $profile->getTemplatePath ) + ); + } + return \@paths; +} + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/captive-portal/lib/captiveportal/Role/Action/Hookable.pm b/html/captive-portal/lib/captiveportal/Role/Action/Hookable.pm new file mode 100644 index 000000000000..3cbe8741c286 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/Role/Action/Hookable.pm @@ -0,0 +1,78 @@ +package captiveportal::Role::Action::Hookable; + +=head1 NAME + +captiveportal::Role::Action::Hookable add documentation + +=cut + +=head1 DESCRIPTION + +captiveportal::Role::Action::Hookable + +=cut + +use strict; +use warnings; +use HTTP::Status qw(:constants); +use Moose::Role; +use namespace::autoclean; + +=head1 METHODS + +=head2 before execute + +See if action has a config hook one of the configured + +before +after +override + +=cut + +sub wasSeen { + my ( $self, $c ) = @_; + my $seenKey = $self->seenKey; + my $seenHash = $c->stash->{$seenKey} || {}; + $c->stash( $seenKey => $seenHash ); + my $seen = $seenHash->{ $self->private_path }++; + return $seen; +} + +sub resetSeenCount { + my ( $self, $c ) = @_; + my $seenKey = $self->seenKey; + my $seenHash = $c->stash->{$seenKey} || {}; + $seenHash->{ $self->private_path } = 0; + $c->stash( $seenKey => $seenHash ); +} + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/html/captive-portal/lib/captiveportal/View/HTML.pm b/html/captive-portal/lib/captiveportal/View/HTML.pm new file mode 100644 index 000000000000..08650b71dd7c --- /dev/null +++ b/html/captive-portal/lib/captiveportal/View/HTML.pm @@ -0,0 +1,68 @@ +package captiveportal::View::HTML; + +use strict; +use warnings; +use Locale::gettext qw(gettext ngettext); +use Moose; +extends 'Catalyst::View::TT'; + +__PACKAGE__->config( + TEMPLATE_EXTENSION => '.html', + render_die => 1, + expose_methods => [qw(i18n ni18n i18n_format)], +); + +before process => sub { + my ( $self, $c ) = @_; + my $include_path = $c->portalSession->templateIncludePath; + @{ $self->include_path } = @$include_path; +}; + +sub i18n { + my ( $self, $c, $msgid ) = @_; + return gettext($msgid); +} + +sub ni18n { + my ( $self, $c, $singular, $plural, $category ) = @_; + + return ngettext( $singular, $plural, $category ); +} + +=head2 i18n_format + +Pass message id through gettext then sprintf it. + +Meant to be called from the TT templates. + +=cut + +sub i18n_format { + my ( $self, $c, $msgid, @args ) = @_; + return sprintf( gettext($msgid), @args ); +} + +=head1 NAME + +captiveportal::View::HTML - TT View for captiveportal + +=head1 DESCRIPTION + +TT View for captiveportal. + +=head1 SEE ALSO + +L + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +1; diff --git a/html/captive-portal/lib/captiveportal/View/MobileConfig.pm b/html/captive-portal/lib/captiveportal/View/MobileConfig.pm new file mode 100644 index 000000000000..66d8c7258431 --- /dev/null +++ b/html/captive-portal/lib/captiveportal/View/MobileConfig.pm @@ -0,0 +1,46 @@ +package captiveportal::View::MobileConfig; + +use strict; +use warnings; +use Moose; +extends 'captiveportal::View::HTML'; +use pf::file_paths; + +__PACKAGE__->config( + TEMPLATE_EXTENSION => '.xml', + render_die => 1, + INCLUDE_PATH => ["$install_dir/html/captive-portal/templates"] +); + +after process => sub { + my ( $self, $c ) = @_; + my $headers = $c->response->headers; + $headers->content_type('application/x-apple-aspen-config; chatset=utf-8'); + $headers->header( 'Content-Disposition', + 'attachment; filename="wireless-profile.mobileconfig"' ); +}; + +=head1 NAME + +captiveportal::View::MobileConfig - TT View for captiveportal + +=head1 DESCRIPTION + +TT View for captiveportal. + +=head1 SEE ALSO + +L + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +1; diff --git a/html/captive-portal/redir.cgi b/html/captive-portal/redir.cgi index 73e3c986a7cb..a285dce0aba1 100755 --- a/html/captive-portal/redir.cgi +++ b/html/captive-portal/redir.cgi @@ -16,15 +16,17 @@ use CGI::Carp qw( fatalsToBrowser ); use CGI::Session; use Log::Log4perl; use URI::Escape qw(uri_escape); +use NetAddr::IP; use pf::class; use pf::config; use pf::enforcement; use pf::iplog; +use pf::locationlog; use pf::node; use pf::Portal::Session; use pf::scan qw($SCAN_VID); -use pf::util; +use pf::util qw(valid_mac clean_ip isenabled); use pf::violation; use pf::web; use pf::web::guest; @@ -40,6 +42,24 @@ Log::Log4perl::MDC->put('tid', 0); my $portalSession = pf::Portal::Session->new(); +# We check if we're connected in an inlinel3 (Inline Layer 3) network and if we must +# generate a fake MAC address. +foreach my $network ( keys %ConfigNetworks ) { + next if ( !pf::config::is_network_type_inline($network) ); + my $net_addr = NetAddr::IP->new($network,$ConfigNetworks{$network}{'netmask'}); + if (defined $portalSession->getClientIp()) { + my $ip = new NetAddr::IP::Lite clean_ip($portalSession->getClientIp()); + if ($net_addr->contains($ip) && isenabled($ConfigNetworks{$network}{'generate_fake_mac'})) { + my $fake_mac = '00:00:' . join(':', map { sprintf("%02X", $_) } split /\./, $ip->addr()); + + $portalSession->setClientMac( $fake_mac ); + locationlog_synchronize($ConfigNetworks{$network}{'gateway'},$ConfigNetworks{$network}{'gateway'},undef, $NO_PORT, $NO_VLAN, $fake_mac, $NO_VOIP, $INLINE); + iplog_open(lc($fake_mac), $ip->addr()); + last; + } + } +} + # we need a valid MAC to identify a node if (!valid_mac($portalSession->getClientMac())) { $logger->info($portalSession->getClientIp() . " not resolvable, generating error page"); @@ -59,7 +79,7 @@ if (defined($portalSession->getCgi->user_agent)) { } # if we are going to provide a provisionned wi-fi profile then we should not deauth the user -if (pf::web::supports_mobileconfig_provisioning($portalSession)) { +if (pf::web::supports_mobileconfig_provisioning($portalSession) || pf::web::supports_androidconfig_provisioning($portalSession)) { $portalSession->getSession->param("do_not_deauth", $TRUE); } diff --git a/html/captive-portal/register-gaming-device.cgi b/html/captive-portal/register-gaming-device.cgi index 35ecfe39cf0d..1da0cca310a9 100755 --- a/html/captive-portal/register-gaming-device.cgi +++ b/html/captive-portal/register-gaming-device.cgi @@ -24,7 +24,7 @@ use pf::Portal::Session; use pf::util; use pf::web; use pf::web::gaming; -use pf::web::custom; # called last to allow redefinitions +use pf::nodecategory qw(nodecategory_exist); Log::Log4perl->init("$conf_dir/log.conf"); my $logger = Log::Log4perl->get_logger('register-gaming-device.cgi'); @@ -36,78 +36,110 @@ my $portalSession = new pf::Portal::Session(); my $cgi = $portalSession->cgi; my $session = $portalSession->session; -my %info; - # This module is not enabled so return an error accordingly -if ( isdisabled($Config{'registration'}{'gaming_devices_registration'}) ) { +if ( isdisabled($Config{'registration'}{'device_registration'}) ) { pf::web::generate_error_page($portalSession, i18n("This module is not enabled")); exit(0); } # Pull parameters from query string -foreach my $param($cgi->url_param()) { +foreach my $param (grep {$_} $cgi->url_param()) { $params{$param} = $cgi->url_param($param); } foreach my $param($cgi->param()) { $params{$param} = $cgi->param($param); } -my $pid = $session->param("username"); - -# See if user is trying to login and if is not already authenticated -if ( (!$pid) && ($cgi->param('username') ne '') && ($cgi->param('password') ne '') ) { - my ($auth_return, $error) = pf::web::web_user_authenticate($portalSession); - if ($auth_return != 1) { - $logger->trace("authentication failed for " . $portalSession->getClientMac()); - pf::web::gaming::generate_login_page($portalSession, $error); - } - else { - pf::web::gaming::generate_registration_page($portalSession); - } -} +#Using session param login to determine if user is logged in +my $pid = $session->param("login"); -# Verify if user is authenticated -elsif (!$pid) { - pf::web::gaming::generate_login_page($portalSession); -} elsif (exists $params{cancel} ) { - $session->delete(); - pf::web::gaming::generate_login_page($portalSession, 'Registration canceled. Please try again.'); +if(!$pid) { #User has not logged in yet + user_not_logged_in($portalSession,$session,\%params); +} else { #User is Logged + user_is_logged_in($portalSession,$session,\%params,$pid); } -# User is authenticated and requesting to register gaming device -elsif (exists $params{'device_mac'}) { - my $device_mac = $params{'device_mac'}; - $portalSession->stash->{device_mac} = $device_mac; +exit(0); + - # Get role for gaming device - my $role = $Config{'registration'}{'gaming_devices_registration_role'}; - if ($role) { - $logger->trace("Gaming devices role is $role (from pf.conf)"); +=item user_not_logged_in +When user is not logged in +=cut + +sub user_not_logged_in { + my ($portalSession,$session,$params) = @_; + my $authenticated; + my $msg; + if(( $params->{'username'} && $params->{'password'} )) { + ($authenticated, $msg) = pf::web::web_user_authenticate($portalSession, $params->{"auth"}); } - else { - # Use role of user - $role = &pf::authentication::match(&pf::authentication::getInternalAuthenticationSources(), {username => $pid}, $Actions::SET_ROLE); - $logger->trace("Gaming devices role is $role (from username $pid)") if ($role); + if ($authenticated == $TRUE) { + $session->param(login => $params->{'username'}); + pf::web::gaming::generate_registration_page($portalSession); + } else { + pf::web::gaming::generate_login_page($portalSession,$msg); } - $info{'category'} = $role if (defined $role); +} + +=item user_is_logged_in +When user is logged in +=cut - # Register gaming device - my ($result, $msg) = pf::web::gaming::register_node($portalSession, $pid, $device_mac, %info); - if ($result) { - pf::web::gaming::generate_landing_page($portalSession, $msg); - $portalSession->session->delete(); +sub user_is_logged_in { + my ($portalSession,$session,$params,$pid) = @_; + if(exists $params->{cancel} ) { + user_cancel($portalSession,$session); } else { - pf::web::gaming::generate_registration_page($portalSession, $msg); + register_device($portalSession,$session,$params,$pid); } } -# User is authenticated so display registration page -else { - pf::web::gaming::generate_registration_page($portalSession); +=item register_device + Registration of device +=cut + +sub register_device { + my ($portalSession,$session,$params,$pid) = @_; + my (%info,$result); + my $logger = Log::Log4perl->get_logger('register-gaming-device.cgi'); + $info{'pid'} = $pid; + my $device_mac = clean_mac($params->{'device_mac'}); + if(pf::web::gaming::is_allowed_gaming_mac($device_mac)) { + $portalSession->stash->{device_mac} = $device_mac; + my $role = $Config{'registration'}{'device_registration_role'}; + if ($role) { + $logger->trace("Gaming devices role is $role (from pf.conf)"); + } else { + # Use role of user + $role = &pf::authentication::match(&pf::authentication::getInternalAuthenticationSources(), {username => $pid}, $Actions::SET_ROLE); + $logger->trace("Gaming devices role is $role (from username $pid)") if ($role); + } + # register gaming device + $info{'category'} = $role if (defined $role); + $info{'notes'} = $params->{'console_type'}; + $info{'mac'} = $device_mac; + $info{'auto_registered'} = 1; + $result = pf::web::web_node_register($portalSession, $pid, %info); + } + if($result) { + $session->delete(); + my $msg = i18n_format("The MAC address %s has been successfully registered.",$device_mac); + pf::web::gaming::generate_landing_page($portalSession,$msg); + } else { + my $msg = i18n_format("The MAC address %s provided is invalid please try again",$device_mac); + pf::web::gaming::generate_registration_page($portalSession,$msg); + } } -exit(0); +=item user_cancel +Action done when the user cancels +=cut +sub user_cancel { + my ($portalSession,$session) = @_; + $session->delete(); + pf::web::gaming::generate_login_page($portalSession, 'Registration canceled please try again'); +} =head1 AUTHOR diff --git a/html/captive-portal/register.cgi b/html/captive-portal/register.cgi index eefae325ca0d..f0417cba1776 100755 --- a/html/captive-portal/register.cgi +++ b/html/captive-portal/register.cgi @@ -117,11 +117,15 @@ elsif (defined($cgi->url_param('mode')) && $cgi->url_param('mode') eq "aup") { exit(0); } +elsif (defined($cgi->url_param('mode')) && $cgi->url_param('mode') eq "status") { + pf::web::generate_status_page($portalSession); +} + elsif (defined($cgi->url_param('mode'))) { pf::web::generate_error_page($portalSession, i18n("error: incorrect mode")); } -elsif ( (defined($cgi->param('username') ) || $no_username_needed ) && ($cgi->param('username') ne '' || $no_password_needed )) { +elsif ( (defined($cgi->param('username') ) || $no_username_needed ) && ($cgi->param('password') ne '' || $no_password_needed )) { my ($form_return, $err) = pf::web::validate_form($portalSession); if ($form_return != 1) { $logger->trace("form validation failed or first time for " . $portalSession->getClientMac()); @@ -154,6 +158,12 @@ elsif ( (defined($cgi->param('username') ) || $no_username_needed ) && ($cgi->pa if (defined $value) { %info = (%info, (category => $value)); } + else { + $error = 'Wrong username or password.'; + $logger->info("No role associated to $pid for " . $portalSession->getClientMac()); + pf::web::generate_login_page($portalSession, $error); + exit(0); + } # If an access duration is defined, use it to compute the unregistration date; # otherwise, use the unregdate when defined. @@ -168,6 +178,7 @@ elsif ( (defined($cgi->param('username') ) || $no_username_needed ) && ($cgi->pa if (defined $value) { %info = (%info, (unregdate => $value)); } + my $nodeattributes = node_attributes($portalSession->getClientMac); pf::web::web_node_register($portalSession, $pid, %info); pf::web::end_portal_session($portalSession); @@ -178,6 +189,7 @@ else { pf::web::generate_login_page($portalSession); } + =head1 AUTHOR Inverse inc. diff --git a/html/captive-portal/script/captive_portal_cgi.pl b/html/captive-portal/script/captive_portal_cgi.pl new file mode 100755 index 000000000000..06fecf57edbe --- /dev/null +++ b/html/captive-portal/script/captive_portal_cgi.pl @@ -0,0 +1,30 @@ +#!/usr/bin/env perl + +use Catalyst::ScriptRunner; +Catalyst::ScriptRunner->run('captiveportal', 'CGI'); + +1; + +=head1 NAME + +captive_portal_cgi.pl - Catalyst CGI + +=head1 SYNOPSIS + +See L + +=head1 DESCRIPTION + +Run a Catalyst application as a cgi script. + +=head1 AUTHORS + +Catalyst Contributors, see Catalyst.pm + +=head1 COPYRIGHT + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + diff --git a/html/captive-portal/script/captive_portal_create.pl b/html/captive-portal/script/captive_portal_create.pl new file mode 100755 index 000000000000..86cfb0a4690a --- /dev/null +++ b/html/captive-portal/script/captive_portal_create.pl @@ -0,0 +1,60 @@ +#!/usr/bin/env perl + +use strict; +use warnings; + +use Catalyst::ScriptRunner; +Catalyst::ScriptRunner->run('captiveportal', 'Create'); + +1; + +=head1 NAME + +captive_portal_create.pl - Create a new Catalyst Component + +=head1 SYNOPSIS + +captive_portal_create.pl [options] model|view|controller name [helper] [options] + + Options: + --force don't create a .new file where a file to be created exists + --mechanize use Test::WWW::Mechanize::Catalyst for tests if available + --help display this help and exits + + Examples: + captive_portal_create.pl controller My::Controller + captive_portal_create.pl -mechanize controller My::Controller + captive_portal_create.pl view My::View + captive_portal_create.pl view HTML TT + captive_portal_create.pl model My::Model + captive_portal_create.pl model SomeDB DBIC::Schema MyApp::Schema create=dynamic\ + dbi:SQLite:/tmp/my.db + captive_portal_create.pl model AnotherDB DBIC::Schema MyApp::Schema create=static\ + [Loader opts like db_schema, naming] dbi:Pg:dbname=foo root 4321 + [connect_info opts like quote_char, name_sep] + + See also: + perldoc Catalyst::Manual + perldoc Catalyst::Manual::Intro + perldoc Catalyst::Helper::Model::DBIC::Schema + perldoc Catalyst::Model::DBIC::Schema + perldoc Catalyst::View::TT + +=head1 DESCRIPTION + +Create a new Catalyst Component. + +Existing component files are not overwritten. If any of the component files +to be created already exist the file will be written with a '.new' suffix. +This behavior can be suppressed with the C<-force> option. + +=head1 AUTHORS + +Catalyst Contributors, see Catalyst.pm + +=head1 COPYRIGHT + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut diff --git a/html/captive-portal/script/captive_portal_fastcgi.pl b/html/captive-portal/script/captive_portal_fastcgi.pl new file mode 100755 index 000000000000..10d2c7fb1ea4 --- /dev/null +++ b/html/captive-portal/script/captive_portal_fastcgi.pl @@ -0,0 +1,48 @@ +#!/usr/bin/env perl + +use Catalyst::ScriptRunner; +Catalyst::ScriptRunner->run('captiveportal', 'FastCGI'); + +1; + +=head1 NAME + +captive_portal_fastcgi.pl - Catalyst FastCGI + +=head1 SYNOPSIS + +captive_portal_fastcgi.pl [options] + + Options: + -? -help display this help and exits + -l --listen Socket path to listen on + (defaults to standard input) + can be HOST:PORT, :PORT or a + filesystem path + -n --nproc specify number of processes to keep + to serve requests (defaults to 1, + requires -listen) + -p --pidfile specify filename for pid file + (requires -listen) + -d --daemon daemonize (requires -listen) + -M --manager specify alternate process manager + (FCGI::ProcManager sub-class) + or empty string to disable + -e --keeperr send error messages to STDOUT, not + to the webserver + --proc_title Set the process title (is possible) + +=head1 DESCRIPTION + +Run a Catalyst application as fastcgi. + +=head1 AUTHORS + +Catalyst Contributors, see Catalyst.pm + +=head1 COPYRIGHT + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut diff --git a/html/captive-portal/script/captive_portal_server.pl b/html/captive-portal/script/captive_portal_server.pl new file mode 100755 index 000000000000..6277b9edd3ec --- /dev/null +++ b/html/captive-portal/script/captive_portal_server.pl @@ -0,0 +1,60 @@ +#!/usr/bin/env perl + +BEGIN { + $ENV{CATALYST_SCRIPT_GEN} = 40; +} + +use Catalyst::ScriptRunner; +Catalyst::ScriptRunner->run('captiveportal', 'Server'); + +1; + +=head1 NAME + +captive_portal_server.pl - Catalyst Test Server + +=head1 SYNOPSIS + +captive_portal_server.pl [options] + + -d --debug force debug mode + -f --fork handle each request in a new process + (defaults to false) + -? --help display this help and exits + -h --host host (defaults to all) + -p --port port (defaults to 3000) + -k --keepalive enable keep-alive connections + -r --restart restart when files get modified + (defaults to false) + -rd --restart_delay delay between file checks + (ignored if you have Linux::Inotify2 installed) + -rr --restart_regex regex match files that trigger + a restart when modified + (defaults to '\.yml$|\.yaml$|\.conf|\.pm$') + --restart_directory the directory to search for + modified files, can be set multiple times + (defaults to '[SCRIPT_DIR]/..') + --follow_symlinks follow symlinks in search directories + (defaults to false. this is a no-op on Win32) + --background run the process in the background + --pidfile specify filename for pid file + + See also: + perldoc Catalyst::Manual + perldoc Catalyst::Manual::Intro + +=head1 DESCRIPTION + +Run a Catalyst Testserver for this application. + +=head1 AUTHORS + +Catalyst Contributors, see Catalyst.pm + +=head1 COPYRIGHT + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + diff --git a/html/captive-portal/script/captive_portal_test.pl b/html/captive-portal/script/captive_portal_test.pl new file mode 100755 index 000000000000..dbc06fc71939 --- /dev/null +++ b/html/captive-portal/script/captive_portal_test.pl @@ -0,0 +1,40 @@ +#!/usr/bin/env perl + +use Catalyst::ScriptRunner; +Catalyst::ScriptRunner->run('captiveportal', 'Test'); + +1; + +=head1 NAME + +captive_portal_test.pl - Catalyst Test + +=head1 SYNOPSIS + +captive_portal_test.pl [options] uri + + Options: + --help display this help and exits + + Examples: + captive_portal_test.pl http://localhost/some_action + captive_portal_test.pl /some_action + + See also: + perldoc Catalyst::Manual + perldoc Catalyst::Manual::Intro + +=head1 DESCRIPTION + +Run a Catalyst action from the command line. + +=head1 AUTHORS + +Catalyst Contributors, see Catalyst.pm + +=head1 COPYRIGHT + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut diff --git a/html/captive-portal/t/01app.t b/html/captive-portal/t/01app.t new file mode 100644 index 000000000000..823c0237af03 --- /dev/null +++ b/html/captive-portal/t/01app.t @@ -0,0 +1,10 @@ +#!/usr/bin/env perl +use strict; +use warnings; +use Test::More; + +use Catalyst::Test 'captiveportal'; + +ok( request('/')->is_success, 'Request should succeed' ); + +done_testing(); diff --git a/html/captive-portal/t/02pod.t b/html/captive-portal/t/02pod.t new file mode 100644 index 000000000000..ababc2eaa2e1 --- /dev/null +++ b/html/captive-portal/t/02pod.t @@ -0,0 +1,10 @@ +#!/usr/bin/env perl +use strict; +use warnings; +use Test::More; + +plan skip_all => 'set TEST_POD to enable this test' unless $ENV{TEST_POD}; +eval "use Test::Pod 1.14"; +plan skip_all => 'Test::Pod 1.14 required' if $@; + +all_pod_files_ok(); diff --git a/html/captive-portal/t/03podcoverage.t b/html/captive-portal/t/03podcoverage.t new file mode 100644 index 000000000000..6ddc5c6b6c76 --- /dev/null +++ b/html/captive-portal/t/03podcoverage.t @@ -0,0 +1,14 @@ +#!/usr/bin/env perl +use strict; +use warnings; +use Test::More; + +plan skip_all => 'set TEST_POD to enable this test' unless $ENV{TEST_POD}; + +eval "use Test::Pod::Coverage 1.04"; +plan skip_all => 'Test::Pod::Coverage 1.04 required' if $@; + +eval "use Pod::Coverage 0.20"; +plan skip_all => 'Pod::Coverage 0.20 required' if $@; + +all_pod_coverage_ok(); diff --git a/html/captive-portal/t/view_HTML.t b/html/captive-portal/t/view_HTML.t new file mode 100644 index 000000000000..ae1bf2dce7fd --- /dev/null +++ b/html/captive-portal/t/view_HTML.t @@ -0,0 +1,8 @@ +use strict; +use warnings; +use Test::More; +use Test::More; + +BEGIN { use_ok 'captiveportal::View::HTML' } + +done_testing(); diff --git a/html/captive-portal/templates/device-landing.html b/html/captive-portal/templates/device-landing.html new file mode 100644 index 000000000000..bbd4757c9a1b --- /dev/null +++ b/html/captive-portal/templates/device-landing.html @@ -0,0 +1,5 @@ +[% title = i18n("Device Registration Landing") %] +[% INCLUDE header.html %] + [% IF status_msg.defined %]

[% status_msg %]

[% END %] + +[% INCLUDE footer.html %] diff --git a/html/captive-portal/templates/device-login.html b/html/captive-portal/templates/device-login.html new file mode 100644 index 000000000000..156deb24d62d --- /dev/null +++ b/html/captive-portal/templates/device-login.html @@ -0,0 +1,94 @@ +[% title = i18n("Login") %] +[% INCLUDE header.html + body_attributes = 'onload="$(\'username\').focus();"'; +%] + + + + [%# Welcome text %] +
+ You are not authorized +

[% i18n("register: all systems must be registered") %]

+

[% i18n("register: to complete") %]

+
+
+ + [%# Error %] + [% IF txt_auth_error.defined %]

[% txt_auth_error %]

[% END %] + +
+ + [%# AUP %] +
+
[% i18n("Acceptable Use Policy") %]
+
+ [% INCLUDE aup_text.html %] +
+ [%# The space below is intententionnal %] +
+
[% i18n("I have read and accept the terms") %]
+
+ + [%# User / Pass %] +
+ [% i18n("Username") %] + +
+
+ [% i18n("Password") %] +
+ + [%# submit %] +
+ +
+ + [% IF oauth2_google || oauth2_facebook || oauth2_github %] +
+ [% IF oauth2_google -%] +
[% i18n("or") %]
+ [% i18n('Login with Google account') %] + [% END -%] + [% IF oauth2_facebook -%] +
[% i18n("or") %]
+ [% i18n('Login with Facebook account') %] + [% END %] + [% IF oauth2_github -%] +
[% i18n("or") %]
+ [% i18n('Login with GitHub account') %] + [% END %] +
+ [% END %] + +
+ +[% INCLUDE footer.html %] diff --git a/html/captive-portal/templates/device-registration.html b/html/captive-portal/templates/device-registration.html new file mode 100644 index 000000000000..af0b731fbb5a --- /dev/null +++ b/html/captive-portal/templates/device-registration.html @@ -0,0 +1,28 @@ +[% title = i18n("Registration") %] +[% INCLUDE header.html %] + [% IF txt_auth_error.defined %]

[% txt_auth_error %]

[% END %] + +
+
+ [% i18n("Device MAC address") %] + +
+ [% IF console_types.size > 1 %] +
+ [% i18n("Device Type") %] + +
+ [% END %] + [%# submit %] +
+ + +
+
+[% INCLUDE footer.html %] diff --git a/html/captive-portal/templates/gaming-registration.html b/html/captive-portal/templates/gaming-registration.html index e8eabc54a80e..72bf70f8705a 100644 --- a/html/captive-portal/templates/gaming-registration.html +++ b/html/captive-portal/templates/gaming-registration.html @@ -1,19 +1,28 @@ [% title = i18n("Registration") %] [% INCLUDE header.html %] - - [% IF txt_auth_error.defined %]

[% txt_auth_error %]

[% END %]
- [% i18n("Gaming Device MAC address") %] + [% i18n("Device MAC address") %]
+ [% IF console_types.size > 1 %] +
+ [% i18n("Gaming Device Type") %] + +
+ [% END %] [%# submit %]
- [% INCLUDE footer.html %] diff --git a/html/captive-portal/templates/guest.html b/html/captive-portal/templates/guest.html index 48465d58b60c..a84261815bc0 100644 --- a/html/captive-portal/templates/guest.html +++ b/html/captive-portal/templates/guest.html @@ -12,7 +12,6 @@

[% i18n("Guest Registration") %]

[%# Error %] [% IF txt_validation_error.defined %]

[% txt_validation_error %]

[% END %] -
@@ -56,6 +55,16 @@

[% i18n("Guest Registration") %]

[% END %] [% END %] + [% skipFields = {firstname => undef, lastname => undef, organization => undef, phone => undef, email => undef} %] + [% FOREACH field IN mandatory_fields %] + [%- NEXT IF skipFields.exists(field) -%] + [%- NEXT IF field == "mobileprovider" && sms_guest_allowed -%] + [%- NEXT IF field == "sponsor_email" && sponsored_guest_allowed -%] +
+ [% i18n(field_names.$field) %] +
+
+ [% END %] [%# AUP %]
diff --git a/html/captive-portal/templates/login.html b/html/captive-portal/templates/login.html index 35c4e3ceacb9..23156105d6f7 100644 --- a/html/captive-portal/templates/login.html +++ b/html/captive-portal/templates/login.html @@ -97,7 +97,7 @@ [% IF guest_allowed && !null_source -%]
or
- [% i18n("Sign up") %] + [% i18n("Sign up") %]
[% END -%] diff --git a/html/captive-portal/templates/release_with_android.html b/html/captive-portal/templates/release_with_android.html new file mode 100644 index 000000000000..3f888d1cc6b7 --- /dev/null +++ b/html/captive-portal/templates/release_with_android.html @@ -0,0 +1,12 @@ +[% title = i18n("release: enabling network") %] +[% INCLUDE header.html %] + +
+ Access granted +

[% i18n("Your XML configuration have been generated and is now ready to download. Follow the link below in order to get access to the secure SSID.") %]

+

+ [% i18n("Click to install your generated wireless profile.") %] +

+
+ +[% INCLUDE footer.html %] diff --git a/html/captive-portal/templates/status.html b/html/captive-portal/templates/status.html new file mode 100644 index 000000000000..8b8f5095021d --- /dev/null +++ b/html/captive-portal/templates/status.html @@ -0,0 +1,140 @@ +[% title = i18n("State - Network Access") %] +[% INCLUDE header.html %] + + + + + + + [%# Welcome text %] +
+ User +

[% i18n("Your Network Access Status") %]

+
+
+
+ [%- IF node.status == 'reg' %] +
[% i18n_format("You are registered as %s", node.pid) %]
+ [%- ELSE %] +
[% i18n("You are not connected to our network.") %]
+ [%- END %] + [%- IF node.expiration %] +
[% i18n('Your network access ends in ') %]
+ + [%- ELSIF node.timeleft %] +
[% i18n_format("You're not connected to the network, but have a timebank of %s", node.timeleft ) %]
+ [%- ELSIF node.timeleft == 0 %] +
[% i18n("Your network access has expired.") %]
+ [%- END %] + [%- IF node.last_start_time AND billing %] + + [%- END %] +
+ + + + + + + + + + + + [%- FOREACH n IN nodes %] + + + + + + + [%- END %] + +
[% i18n("Your registered devices") %]
[% i18n("MAC Address") %][% i18n("OS Type") %][% i18n("Registration Date") %]
[% n.mac %][% n.dhcp_fingerprint %][% n.regdate IF n.regdate != '0000-00-00 00:00:00' %][% i18n("Unregister") %]
+
+ +
+ +[% INCLUDE footer.html %] diff --git a/html/captive-portal/templates/violations/bandwidth_expiration.html b/html/captive-portal/templates/violations/bandwidth_expiration.html new file mode 100644 index 000000000000..81c80ed62490 --- /dev/null +++ b/html/captive-portal/templates/violations/bandwidth_expiration.html @@ -0,0 +1,7 @@ +
+ [% i18n('Quarantine') %] +

[% i18n("Expiration") %]

+

+ You have consumed all your bandwidth. +

+
diff --git a/html/captive-portal/templates/violations/time_expiration.html b/html/captive-portal/templates/violations/time_expiration.html new file mode 100644 index 000000000000..c6e34e30a2db --- /dev/null +++ b/html/captive-portal/templates/violations/time_expiration.html @@ -0,0 +1,7 @@ +
+ [% i18n('Quarantine') %] +

[% i18n("Expiration") %]

+

+ You have consumed all your access time: You need to buy more time if you want a network access. +

+
diff --git a/html/pfappserver/lib/pfappserver.pm b/html/pfappserver/lib/pfappserver.pm index a67f4569f728..fcd5c86db7be 100644 --- a/html/pfappserver/lib/pfappserver.pm +++ b/html/pfappserver/lib/pfappserver.pm @@ -26,16 +26,20 @@ use Catalyst qw/ Authentication +pfappserver::Authentication::Store::PacketFence Session - Session::Store::File + Session::Store::CHI Session::State::Cookie StackTrace /; use Try::Tiny; -use constant INSTALL_DIR => '/usr/local/pf'; -use lib INSTALL_DIR . "/lib"; +BEGIN { + use constant INSTALL_DIR => '/usr/local/pf'; + use lib INSTALL_DIR . "/lib"; + use pf::log 'service' => 'httpd.admin', no_stderr_trapping => 1, no_stdout_trapping => 1; +} use pf::config::cached; +use pf::CHI; extends 'Catalyst'; @@ -80,7 +84,11 @@ __PACKAGE__->config( }, 'Plugin::Session' => { - storage => '/usr/local/pf/var/session' + #chi will set the expire time + chi_class => 'pf::CHI', + chi_args => { + namespace => 'httpd.admin', + } }, 'View::JSON' => { @@ -263,7 +271,7 @@ sub pf_localize { } # Logging -__PACKAGE__->log(Log::Log4perl::Catalyst->new(INSTALL_DIR . '/conf/log.conf')); +__PACKAGE__->log(Log::Log4perl::Catalyst->new(INSTALL_DIR . '/conf/log.conf.d/httpd.admin.conf',watch_delay => 5 * 60)); # Handle warnings from Perl as error log messages $SIG{__WARN__} = sub { __PACKAGE__->log->error(@_); }; diff --git a/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence.pm b/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence.pm index 1f384780f0ee..c7b6ad9ddbf1 100644 --- a/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence.pm +++ b/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence.pm @@ -26,7 +26,7 @@ sub find_user { my ($self, $authinfo, $c) = @_; my $username = $authinfo->{$self->user_field}; my $roles = $c->session->{user_roles}; - $self->user_class->new( $self, $username,$roles ); + $self->user_class->new($self, $username, $roles); } sub user_supports { @@ -35,8 +35,8 @@ sub user_supports { } sub from_session { - my ( $self, $c, $username) = @_; - $self->find_user( { username => $username },$c); + my ($self, $c, $username) = @_; + $self->find_user({ username => $username }, $c); } =head1 COPYRIGHT diff --git a/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm b/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm index 2f9cb503a6c3..d9e289f406d3 100644 --- a/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm +++ b/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm @@ -27,7 +27,7 @@ Verify that the user has the rights to execute the controller's action. =cut before execute => sub { - my ( $self, $controller, $c, %args ) = @_; + my ( $self, $controller, $c, @args ) = @_; my $action = $self->attributes->{AdminRole}[0]; my $roles = []; diff --git a/html/pfappserver/lib/pfappserver/Base/Controller/Crud.pm b/html/pfappserver/lib/pfappserver/Base/Controller/Crud.pm index bbfe7bfb263b..99b974bd1cac 100644 --- a/html/pfappserver/lib/pfappserver/Base/Controller/Crud.pm +++ b/html/pfappserver/lib/pfappserver/Base/Controller/Crud.pm @@ -209,6 +209,7 @@ sub list :Local :Args(0) { my $itemsKey = $model->itemsKey; $c->stash( $itemsKey => $result, + itemsKey => $itemsKey, ) } } diff --git a/html/pfappserver/lib/pfappserver/Base/Controller/Crud/DB.pm b/html/pfappserver/lib/pfappserver/Base/Controller/Crud/DB.pm new file mode 100644 index 000000000000..e25d85bd7989 --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Base/Controller/Crud/DB.pm @@ -0,0 +1,82 @@ +package pfappserver::Base::Controller::Crud::DB; + +=head1 NAME + +pfappserver::Base::Controller::Crud::Config add documentation + +=cut + +=head1 DESCRIPTION + +PortalProfile + +=cut + +use strict; +use warnings; +use HTTP::Status qw(:constants is_error is_success); +use MooseX::MethodAttributes::Role; +use namespace::autoclean; +use Log::Log4perl qw(get_logger); +use HTML::FormHandler::Params; +BEGIN { + with 'pfappserver::Base::Controller::Crud' => { + -excludes => [qw(list)], + }; +} + +=head2 Methods + +=head2 list + +=cut + +sub list :Local :Args { + my ( $self, $c , $pageNum, $perPage) = @_; + $pageNum = 1 unless $pageNum; + $perPage = 25 unless $perPage; + my $model = $self->getModel($c); + my ($status,$result) = $model->readAll($pageNum, $perPage); + my $count = $model->countAll; + my $pageCount = int($count / $perPage) + ( $count % $perPage ? 1 : 0 ); + if (is_error($status)) { + $c->res->status($status); + $c->error($c->loc($result)); + } else { + my $itemsKey = $model->itemsKey; + $c->stash( + $itemsKey => $result, + itemsKey => $itemsKey, + pageNum => $pageNum, + perPage => $perPage, + pageCount => $pageCount, + ) + } +} + + +=head1 COPYRIGHT + +Copyright (C) 2012-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/html/pfappserver/lib/pfappserver/Base/Controller/Crud/Pagination.pm b/html/pfappserver/lib/pfappserver/Base/Controller/Crud/Pagination.pm new file mode 100644 index 000000000000..dffdcc1cd08d --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Base/Controller/Crud/Pagination.pm @@ -0,0 +1,56 @@ +package pfappserver::Base::Controller::Crud::Pagination; + +=head1 NAME + +pfappserver::Base::Controller::Crud::Config::Pagination add documentation + +=cut + +=head1 DESCRIPTION + +PortalProfile + +=cut + +use strict; +use warnings; +use HTTP::Status qw(:constants is_error is_success); +use MooseX::MethodAttributes::Role; +use namespace::autoclean; +use Log::Log4perl qw(get_logger); +use HTML::FormHandler::Params; + +=head2 Methods + +=head2 list + +=cut + +sub list :Local :Args { + my ( $self, $c , $pageNum, $perPage) = @_; + $pageNum = 1 unless $pageNum; + $perPage = 25 unless $perPage; + my $model = $self->getModel($c); + my ($status,$items,$result); + ($status,$result) = $model->readAll($pageNum, $perPage); + if(is_success($status) ) { + $items = $result; + ($status,$result) = $model->countAll; + } + if (is_error($status)) { + $c->res->status($status); + $c->error($c->loc($result)); + } else { + my $itemsKey = $model->itemsKey; + my $pageCount = int( $result / $perPage) + 1; + $c->stash( + $itemsKey => $items, + itemsKey => $itemsKey, + pageNum => $pageNum, + perPage => $perPage, + pageCount => $pageCount, + ) + } +} + +1; diff --git a/html/pfappserver/lib/pfappserver/Base/Model/Config.pm b/html/pfappserver/lib/pfappserver/Base/Model/Config.pm index 1ae1b00a5b18..fd12b85ebe8d 100644 --- a/html/pfappserver/lib/pfappserver/Base/Model/Config.pm +++ b/html/pfappserver/lib/pfappserver/Base/Model/Config.pm @@ -104,10 +104,20 @@ Get all the sections as an array of hash refs =cut sub readAll { - my ($self) = @_; + my ($self,$pageNumber,$perPage) = @_; my ($status, $status_msg); my $config = $self->configStore; - return (HTTP_OK, $config->readAll($self->idKey)); + my $entries = $config->readAll($self->idKey); + if(defined $pageNumber || defined $perPage) { + my $count = @$entries; + $pageNumber = 1 unless defined $pageNumber; + $perPage = 25 unless defined $perPage; + my $start = ($pageNumber - 1) * 25; + my $end = $start + $perPage - 1; + $end = $count - 1 if $end >= $count; + $entries = [@$entries[$start..$end]]; + } + return (HTTP_OK, $entries); } =head2 hasId @@ -297,7 +307,7 @@ sub commit { } else { $status = HTTP_INTERNAL_SERVER_ERROR; - $status_msg = $@; + $status_msg = "Unable to commit changes to file please run pfcmd fixpermissions and try again"; } return ($status,$status_msg); } @@ -312,6 +322,20 @@ sub _buildConfigStore { return $self->configStoreClass->new; } +=head2 countAll + +Counts all the items + +=cut + +sub countAll { + my ($self) = @_; + my ($status, $status_msg); + my $config = $self->configStore; + my $entries = $config->readAllIds(); + return (HTTP_OK, scalar @$entries); +} + __PACKAGE__->meta->make_immutable; diff --git a/html/pfappserver/lib/pfappserver/Base/Model/DB.pm b/html/pfappserver/lib/pfappserver/Base/Model/DB.pm new file mode 100644 index 000000000000..d335db809394 --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Base/Model/DB.pm @@ -0,0 +1,345 @@ +package pfappserver::Base::Model::DB; + +=head1 NAME + +pfappserver::Base::Model::DB + +=cut + +=head1 DESCRIPTION + +pfappserver::Base::Model::DB +Is the Base class for Rose DB catalyst models + +=cut + +use Moose; +use namespace::autoclean; +use pf::config::cached; +use pf::log; +use Module::Load; +use HTTP::Status qw(:constants :is); + +BEGIN { extends 'Catalyst::Model'; } + +=head1 FIELDS + +=head2 configStore + +=cut + +=head2 manager + +The Rose::DB manager object + +=cut + +has manager => ( is => 'ro', lazy => 1, builder => '_build_manager' ); + +=head2 managerClassName + +The name of the class of the Rose::DB + +=cut + +has managerClassName => ( is => 'ro' ); + +=head2 idKey + +The key of the id attribute + +=cut + +has idKey => ( is => 'ro', default => 'id' ); + +=head2 itemKey + +The key of a single item + +=cut + +has itemKey => ( is => 'ro', default => 'item' ); + +=head2 itemsKey + +The key of the list of items + +=cut + +has itemsKey => ( is => 'ro', default => 'items' ); + +=head1 METHODS + +=head2 _build_manager + +=cut + +sub _build_manager { + my ($self) = @_; + load $self->managerClassName; + return $self->managerClassName; +} + +=head2 readAllIds + +Get all the sections names + +=cut + +sub readAllIds { + my ($self) = @_; + my ( $status, $status_msg ); + my $primaryKey = $self->primaryKey; + return ( HTTP_OK, + [ map { $_->$primaryKey } $self->manager->get_objects ] ); +} + +sub primaryKey { + my ($self) = @_; + return ( $self->manager->object_class->meta->primary_key_column_names() ) + [0]; +} + +=head2 readAll + +Get all the sections as an array of hash refs + +=cut + +sub readAll { + my ( $self, $pageNum, $perPage ) = @_; + get_logger->debug("$pageNum, $perPage"); + my $objects = $self->manager->get_objects( + page => $pageNum, + per_page => $perPage, + ); + return ( HTTP_OK, $objects ); +} + +sub countAll { + my ( $self ) = @_; + $self->manager->get_objects_count(); +} + +=head2 hasId + +If config has a section + +=cut + +sub hasId { + my ( $self, $id ) = @_; + my ( $status, $status_msg ); + my $primaryKey = $self->primaryKey; + if ($self->manager->get_objects_count( query => [ $primaryKey => $id ] ) ) + { + $status = HTTP_OK; + $status_msg = [ "[_1] exists", $id ]; + } else { + $status = HTTP_NOT_FOUND; + $status_msg = [ "[_1] does not exists", $id ]; + } + return ( $status, $status_msg ); +} + +=head2 read + +reads a section + +=cut + +sub read { + my ( $self, $id ) = @_; + my $status = HTTP_OK; + my $primaryKey = $self->primaryKey; + my ($result) = + $self->manager->get_objects( query => [ $primaryKey => $id ] ); + if (@$result) { + $result = pop @$result; + } else { + $result = [ "error reading [_1]", $id ]; + $status = HTTP_PRECONDITION_FAILED; + } + + return ( $status, $result ); +} + +=head2 update + +Update/edit/modify an existing section + +=cut + +sub update { + my ( $self, $id, $assignments ) = @_; + my $primaryKey = $self->primaryKey; + my $object = $self->manager->object_class->new( $primaryKey => $id ); + my ( $status, $status_msg ); + if ( $object->load( speculative => 1 ) ) { + delete $assignments->{ $self->idKey }; + delete $assignments->{$primaryKey}; + $object->init(%$assignments); + if ( $object->save ) { + $status = HTTP_OK; + $status_msg = [ "[_1] successfully modified", $id ]; + } else { + $status = HTTP_INTERNAL_SERVER_ERROR; + $status_msg = [ "error modifying [_1]", $id ]; + } + } else { + $status = HTTP_NOT_FOUND; + $status_msg = [ "error modifying [_1]", $id ]; + } + return ( $status, $status_msg ); +} + +=head2 create + +To create + +=cut + +sub create { + my ( $self, $id, $assignments ) = @_; + my ( $status, $status_msg ); + my $primaryKey = $self->primaryKey; + delete $assignments->{ $self->idKey }; + my $object = + $self->manager->object_class->new( %$assignments, $primaryKey => $id ); + $assignments->{$primaryKey} = $assignments; + if ( $object->save( insert => 1 ) ) { + $status = HTTP_OK; + $status_msg = [ "[_1] successfully created", $id ]; + } else { + $status = HTTP_PRECONDITION_FAILED; + $status_msg = [ "[_1] already exists", $id ]; + } + return ( $status, $status_msg ); +} + +=head2 update_or_create + +=cut + +sub update_or_create { + my ( $self, $id, $assignments ) = @_; + my $primaryKey = $self->primaryKey; + if ($self->manager->get_objects_count( query => [ $primaryKey => $id ] ) ) + { + return $self->update( $id, $assignments ); + } else { + return $self->create( $id, $assignments ); + } +} + +=head2 remove + +Removes an existing item + +=cut + +sub remove { + my ( $self, $id ) = @_; + my ( $status, $status_msg ); + my $primaryKey = $self->primaryKey; + my $object = $self->manager->object_class->new( $primaryKey => $id ); + if ( $object->delete ) { + $status = HTTP_OK; + $status_msg = [ "removed [_1]", $id ]; + } else { + $status = HTTP_PRECONDITION_FAILED; + $status_msg = [ "error removing [_1]", $id ]; + } + return ( $status, $status_msg ); +} + +=head2 Copy + +Copies a section + +=cut + +sub copy { + my ( $self, $from, $to ) = @_; + my ( $status, $status_msg ); + my $config = $self->configStore; + if ( $config->copy( $from, $to ) ) { + $status = HTTP_OK; + $status_msg = [ '"[_1]" successfully copied to [_2]', $from, $to ]; + } else { + $status_msg = [ '"[_]" already exists', $to ]; + $status = HTTP_PRECONDITION_FAILED; + } + return ( $status, $status_msg ); +} + +=head2 renameItem + +=cut + +sub renameItem { + my ( $self, $old, $new ) = @_; + my ( $status, $status_msg ); + $status = HTTP_BAD_REQUEST; + $status_msg = "Items cannot be renamed"; + return ( $status, $status_msg ); +} + +=head2 sortItems + +Sorting the items + +=cut + +sub sortItems { + my ( $self, $items ) = @_; + my ( $status, $status_msg ); + $status = HTTP_BAD_REQUEST; + $status_msg = "Items cannot be resorted"; + return ( $status, $status_msg ); +} + +=head2 commit + +=cut + +sub commit { + my ($self) = @_; + my ( $status, $status_msg ); + $status = HTTP_OK; + $status_msg = "Changes successfully commited"; + return ( $status, $status_msg ); +} + +sub ACCEPT_CONTEXT { + my ( $self, $c, %args ) = @_; + return $self->new( \%args ); +} + +__PACKAGE__->meta->make_immutable; + +=head1 COPYRIGHT + +Copyright (C) 2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/html/pfappserver/lib/pfappserver/Controller/Admin.pm b/html/pfappserver/lib/pfappserver/Controller/Admin.pm index 7fe2ae8140cc..9187b9c8d3bd 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Admin.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Admin.pm @@ -17,6 +17,8 @@ use HTTP::Status qw(:constants is_error is_success); use namespace::autoclean; use Moose; use pfappserver::Form::SavedSearch; +use pf::admin_roles; +use List::MoreUtils qw(none); BEGIN { extends 'pfappserver::Base::Controller'; } @@ -40,6 +42,7 @@ sub auto :Private { $c->stash->{status_msg} = 'Your session has expired.'; $c->stash->{'redirect_action'} = $c->uri_for($c->action, @args); } + $c->delete_session(); $c->detach(); return 0; } @@ -70,14 +73,34 @@ sub login :Local :Args(0) { my ( $self, $c ) = @_; if (exists($c->req->params->{'username'}) && exists($c->req->params->{'password'})) { + $c->stash->{current_view} = 'JSON'; eval { - if ($c->authenticate( {username => $c->req->params->{'username'}, - password => $c->req->params->{'password'}} )) { - $c->session->{user_roles} = [$c->user->roles]; # Save the roles to the session - $c->persist_user(); # Save the updated roles data - $c->response->redirect($c->uri_for($c->controller('Admin')->action_for('status'))); - } - else { + if ($c->authenticate( { username => $c->req->params->{'username'}, password => $c->req->params->{'password'} } )) { + my $roles = [$c->user->roles]; + if (admin_can_do_any_in_group($roles, 'LOGIN_GROUP')) { + + # Save the roles to the session + $c->session->{user_roles} = $roles; + + # Save the updated roles data + $c->persist_user(); + + # Don't send a standard 302 redirect code; return the redirection URL in the JSON payload + # and perform the redirection on the client side + $c->response->status(HTTP_ACCEPTED); + if ($c->req->params->{'redirect_url'}) { + $c->stash->{success} = $c->req->params->{'redirect_url'}; + } else { + $c->stash->{success} = $c->uri_for($c->controller()->action_for('index')); + } + } else { + $c->response->status(HTTP_UNAUTHORIZED); + $c->stash->{status_msg} = $c->loc("You don't have the rights to perform this action."); + if (@$roles && none {$_ eq 'NONE'}) { + $c->log->error( "One of the following roles are not defined properly " . join(",", map { "'$_'" } @$roles)); + } + } + } else { $c->response->status(HTTP_UNAUTHORIZED); $c->stash->{status_msg} = $c->loc("Wrong username or password."); } @@ -86,13 +109,10 @@ sub login :Local :Args(0) { $c->response->status(HTTP_INTERNAL_SERVER_ERROR); $c->stash->{status_msg} = $c->loc("Unexpected error. See server-side logs for details."); } - $c->stash->{current_view} = 'JSON'; - } - elsif ($c->user_in_realm( 'admin' )) { - $c->response->redirect($c->uri_for($c->controller('Admin')->action_for('status'))); + } elsif ($c->user_in_realm( 'admin' )) { + $c->response->redirect($c->uri_for($c->controller->action_for('index'))); $c->detach(); - } - elsif ($c->req->params->{'redirect_action'}) { + } elsif ($c->req->params->{'redirect_action'}) { $c->stash->{redirect_action} = $c->req->params->{'redirect_action'}; } } @@ -105,20 +125,32 @@ sub logout :Local :Args(0) { my ( $self, $c ) = @_; $c->logout(); + $c->delete_session(); $c->stash->{'template'} = 'admin/login.tt'; $c->stash->{'status_msg'} = $c->loc("You have been logged out."); } =head2 index -Status - =cut sub index :Path :Args(0) { my ( $self, $c ) = @_; - - $c->response->redirect($c->uri_for($c->controller('Admin')->action_for('status'))); + my @roles = $c->user->roles(); + my $action; + if (admin_can_do_any(\@roles,qw(SERVICES REPORTS))) { + $action = 'status'; + } elsif( admin_can_do_any(\@roles,qw(USERS_READ))) { + $action = 'users'; + } elsif( admin_can_do_any(\@roles,qw(NODES_READ))) { + $action = 'nodes'; + } elsif( admin_can_do_any_in_group(\@roles, 'CONFIGURATION_GROUP_READ' ) ) { + $action = 'configuration'; + } else { + $action = 'logout'; + $c->log->error("A role action is not properly defined"); + } + $c->response->redirect($c->uri_for($c->controller->action_for($action))); } =head2 object diff --git a/html/pfappserver/lib/pfappserver/Controller/ConfigStore/Mdm.pm b/html/pfappserver/lib/pfappserver/Controller/ConfigStore/Mdm.pm new file mode 100644 index 000000000000..39a5e05be1a5 --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Controller/ConfigStore/Mdm.pm @@ -0,0 +1,82 @@ + +package pfappserver::Controller::ConfigStore::Mdm; + +=head1 NAME + +pfappserver::Controller::ConfigStore::Mdm - Catalyst Controller + +=head1 DESCRIPTION + +Controller for ConfigStore::Mdm management + +=cut + +use HTTP::Status qw(:constants is_error is_success); +use Moose; # automatically turns on strict and warnings +use namespace::autoclean; + +BEGIN { + extends 'pfappserver::Base::Controller'; + with 'pfappserver::Base::Controller::Crud::Config'; + with 'pfappserver::Base::Controller::Crud::Config::Clone'; +} + +__PACKAGE__->config( + action => { + # Reconfigure the object dispatcher from pfappserver::Base::Controller::Crud + object => { Chained => '/', PathPart => 'configstore/mdm', CaptureArgs => 1 }, + # Configure access rights + view => { AdminRole => 'MDM_READ' }, + list => { AdminRole => 'MDM_READ' }, + create => { AdminRole => 'MDM_CREATE' }, + clone => { AdminRole => 'MDM_CREATE' }, + update => { AdminRole => 'MDM_UPDATE' }, + remove => { AdminRole => 'MDM_DELETE' }, + }, + action_args => { + # Setting the global model and form for all actions + '*' => { model => "ConfigStore::Mdm",form => "ConfigStore::Mdm" }, + }, +); + +=head1 METHODS + + +=head2 index + +Usage: /configstore/mdm + +=cut + +sub index :Path :Args(0) { + my ($self, $c) = @_; + $c->forward('list'); +} + +=head1 COPYRIGHT + +Copyright (C) 2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; + diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration.pm index d42adcaf323b..52bac10303c7 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configuration.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration.pm @@ -26,6 +26,7 @@ use pf::util qw(load_oui download_oui); # imported only for the $TIME_MODIFIER_RE regex. Ideally shouldn't be # imported but it's better than duplicating regex all over the place. use pf::config; +use pf::admin_roles; use pfappserver::Form::Config::Pf; BEGIN {extends 'pfappserver::Base::Controller'; } @@ -64,11 +65,7 @@ our %ALLOWED_SECTIONS = ( =cut -sub index :Path :Args(0) { - my ( $self, $c ) = @_; - $c->response->redirect($c->uri_for($self->action_for('pf_section'),'general')); - $c->detach(); -} +sub index :Path :Args(0) { } =head2 pf_section @@ -77,7 +74,7 @@ The generic handler for all pf sections =cut -sub pf_section :Path :Args(1) { +sub pf_section :Path :Args(1) :AdminRole('CONFIGURATION_MAIN_READ') { my ($self, $c, $section) = @_; my $logger = get_logger(); if (exists $ALLOWED_SECTIONS{$section} ) { @@ -90,16 +87,23 @@ sub pf_section :Path :Args(1) { my $model = $c->model('Config::Pf'); $form = $c->form("Config::Pf", section => $section); if ($c->request->method eq 'POST') { - $form->process(params => $c->req->params); - $logger->info("Processed form"); - if ($form->has_errors) { - $status = HTTP_PRECONDITION_FAILED; - $status_msg = $form->field_errors; - } else { - ($status,$status_msg) = $model->update($section, $form->value); - if (is_success($status)) { - ($status,$status_msg) = $model->commit(); + if(admin_can([$c->user->roles], 'CONFIGURATION_MAIN_UPDATE')) { + $form->process(params => $c->req->params); + $logger->info("Processed form"); + if ($form->has_errors) { + $status = HTTP_PRECONDITION_FAILED; + $status_msg = $form->field_errors; + } else { + ($status,$status_msg) = $model->update($section, $form->value); + if (is_success($status)) { + ($status,$status_msg) = $model->commit(); + } } + } else { + $c->response->status(HTTP_UNAUTHORIZED); + $c->stash->{status_msg} = "You don't have the rights to perform this action."; + $c->stash->{current_view} = 'JSON'; + $c->detach(); } } else { ($status,$results) = $model->read($section); diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm index 72acc4f733cd..2fee26db1be6 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm @@ -43,52 +43,6 @@ __PACKAGE__->config( =head1 METHODS -=head2 after create/clone - -Show the 'view' template when creating or cloning an admin role. - -=cut - -after [qw(create clone)] => sub { - my ($self, $c) = @_; - if (!(is_success($c->response->status) && $c->request->method eq 'POST')) { - $c->stash->{template} = 'configuration/adminroles/view.tt'; - } -}; - -=head2 after create/clone/update - -List admin roles after creating or updating a role. - -=cut - -after [qw(create clone update)] => sub { - my ($self, $c) = @_; - if (is_success($c->response->status) && $c->request->method eq 'POST') { - $c->stash->{current_view} = 'HTML'; - $c->stash->{template} = 'configuration/adminroles/list.tt'; - $c->forward('list'); - } -}; - -=head2 after view - -Set the action URL to either "create" or "update". - -=cut - -after view => sub { - my ($self, $c) = @_; - if (!$c->stash->{action_uri}) { - my $id = $c->stash->{id}; - if ($id) { - $c->stash->{action_uri} = $c->uri_for($self->action_for('update'), [$c->stash->{id}]); - } else { - $c->stash->{action_uri} = $c->uri_for($self->action_for('create')); - } - } -}; - =head2 after _setup_object Sort the actions of the admin role. diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm index c5d627ca153f..292d825e66cf 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm @@ -45,7 +45,6 @@ sub index :Path :Args(0) { sub simple_search :Local :Args() :SimpleSearch('OS') :AdminRole('FINGERPRINTS_READ') { } - =head2 update =cut @@ -87,8 +86,11 @@ sub upload :Local :Args(0) :AdminRole('FINGERPRINTS_READ') { ); if ($content) { my $release = $c->model('Admin')->pf_release(); + my $fingerbank_version = "Fingerbank version " . $c->model('Admin')->fingerbank_version(); $content .= '&ref=' . uri_escape($c->uri_for($c->action->name)) . + '&email=' . uri_escape($Config{'alerting'}{'emailaddr'}) . '&pf_release=' . uri_escape($release) . + '&fingerbank_version=' . uri_escape($fingerbank_version) . '&submit=Submit%20Fingerprints'; require LWP::UserAgent; my $browser = LWP::UserAgent->new; diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration/Switch.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration/Switch.pm index 72cc5f40c94a..167876a2e8e7 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configuration/Switch.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration/Switch.pm @@ -18,7 +18,8 @@ use pf::util qw(sort_ip); BEGIN { extends 'pfappserver::Base::Controller'; - with 'pfappserver::Base::Controller::Crud::Config'; + with 'pfappserver::Base::Controller::Crud::Config' => { -excludes => [qw(list)] }; + with 'pfappserver::Base::Controller::Crud::Pagination'; with 'pfappserver::Base::Controller::Crud::Config::Clone'; } @@ -74,16 +75,12 @@ after list => sub { foreach my $switch (@{$c->stash->{items}}) { my $id = $switch->{id}; if ($id) { - push(@ips, $id) if $id ne 'default'; - $switches{$id} = $switch; ($status, $floatingdevice) = $floatingDeviceModel->search('ip', $id); if (is_success($status)) { $switch->{floatingdevice} = pop @$floatingdevice; } } } - - $c->stash->{items} = [@switches{'default',sort_ip(@ips)}]; }; =head2 after create diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration/UserAgents.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration/UserAgents.pm index d2df1daacbd7..f85b6237efa8 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configuration/UserAgents.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration/UserAgents.pm @@ -18,6 +18,8 @@ use Moose; use namespace::autoclean; use URI::Escape; +use pf::config; + BEGIN { extends 'pfappserver::Base::Controller'; } =head2 index @@ -70,6 +72,7 @@ sub upload :Local :Args(0) :AdminRole('USERAGENTS_READ') { { useragent_fingerprints => encode_base64($gziped), 'ref' => $c->uri_for($c->action), + email => $Config{'alerting'}{'emailaddr'}, pf_release => $release } ); diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration/Wrix.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration/Wrix.pm new file mode 100644 index 000000000000..a658ad91511e --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration/Wrix.pm @@ -0,0 +1,125 @@ +package pfappserver::Controller::Configuration::Wrix; + +=head1 NAME + +pfappserver::Controller::Configuration::Wrix - Catalyst Controller + +=head1 DESCRIPTION + + +=cut + +use HTTP::Status qw(:constants is_error is_success); +use Moose; # automatically turns on strict and warnings +use namespace::autoclean; +use DateTime; +use File::Temp qw/tempfile :seekable/; + +use pf::util qw(sort_ip); + +BEGIN { + extends 'pfappserver::Base::Controller'; + with 'pfappserver::Base::Controller::Crud::DB'; + with 'pfappserver::Base::Controller::Crud::Clone'; +} + +__PACKAGE__->config( + action => { + # Reconfigure the object dispatcher from pfappserver::Base::Controller::Crud + object => { Chained => '/', PathPart => 'configuration/wrix', CaptureArgs => 1 } + }, + action_args => { + # Setting the global model and form for all actions + '*' => { model => "Config::Wrix",form => "Config::Wrix" }, + search => { model => "Config::Wrix", form => 'AdvancedSearch'} + }, +); + +=head1 METHODS + +=head2 index + +Usage: /configuration/wrix/ + +=cut + +sub index :Path :Args(0) { + my ($self, $c) = @_; + $c->forward('list'); +} + +sub export :Local { + my ($self, $c) = @_; + my $model = $self->getModel($c); + my $fh = File::Temp->new(UNLINK => 1); + $c->log->debug( sub { "tempfile for exporting is " . $fh->filename } ); + $model->manager->exportCsv($fh); + # Flushing all the changes + $fh->flush(); + # Moving the file handle position to the begining of the file + $fh->seek(0,SEEK_SET); + $c->response->header('Content-Type' => "text/csv"); + $c->response->header('Content-Disposition' => "attachment; filename=export.csv"); + $c->response->body($fh); +} + +sub search :Local :Args() { + my ($self, $c, $pageNum, $perPage) = @_; + $pageNum = 1 unless $pageNum; + $perPage = 25 unless $perPage; + my ($status, $status_msg, $result); + my $form = $self->getForm($c); + if ($c->request->method eq 'POST') { + $form->process(params => $c->request->params); + if ($form->has_errors) { + $status = HTTP_BAD_REQUEST; + $status_msg = $form->field_errors; + $c->stash(current_view => 'JSON'); + } else { + my $model = $self->getModel($c); + my $query = $form->value; + if (grep { defined $_->{'value'} } @{$query->{'searches'}}) { + # At least one search criteria has a value + ($status, $result) = $model->search($pageNum, $perPage, $query); + if (is_success($status)) { + $c->stash(form => $form); + $c->stash($result); + } + } + else { + $c->forward('list'); + } + } + $c->stash(status_msg => $status_msg); + $c->response->status($status); + } else { + $c->forward('list'); + } +} + +=head1 COPYRIGHT + +Copyright (C) 2013-2014 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/pfappserver/lib/pfappserver/Controller/Configurator.pm b/html/pfappserver/lib/pfappserver/Controller/Configurator.pm index afa517be0fe6..27517ac21db0 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configurator.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configurator.pm @@ -15,6 +15,8 @@ use HTTP::Status qw(:constants is_error is_success); use Moose; use pf::config; +use pf::os; +use List::MoreUtils qw(all); #use namespace::autoclean; BEGIN { extends 'Catalyst::Controller'; } @@ -90,8 +92,8 @@ sub object :Chained('/') :PathPart('configurator') :CaptureArgs(0) { if ($c->action->name() ne $self->action_for('enforcement')->name && (!exists($c->session->{enforcements}) || scalar($c->session->{enforcements}) == 0)) { - # Defaults to inline mode if no mechanism has been chosen so far - $c->session->{enforcements}->{inline} = 1; + # Defaults to inlinel2 mode if no mechanism has been chosen so far + $c->session->{enforcements}->{'inlinel2'} = 1; } } @@ -169,7 +171,7 @@ sub enforcement :Chained('object') :PathPart('enforcement') :Args(0) { } else { # Defaults to inline mode if no mechanism has been detected - $c->session->{enforcements}->{inline} = 1; + $c->session->{enforcements}->{inlinel2} = 1; } } @@ -208,15 +210,17 @@ sub networks :Chained('object') :PathPart('networks') :Args(0) { foreach my $type (@{$types_ref}) { unless (exists $selected_types{$type} || $type eq 'other' || - grep {$_ eq $c->loc($type)} @missing) { - push(@missing, $c->loc($type)); + $type =~ m/^inline/ && grep(/^inline/, keys %selected_types) || + grep {$_ eq $type || /^inline/ && $type =~ m/^inline/} @missing) { + push(@missing, $type); } } } if (scalar @missing > 0) { $c->response->status(HTTP_PRECONDITION_FAILED); - $c->stash->{status_msg} = $c->loc("You must assign an interface to the following types: [_1]", join(", ", @missing)); + $c->stash->{status_msg} = $c->loc("You must assign an interface to the following types: [_1]", + join(", ", map { $c->loc($_) } @missing)); delete $c->session->{completed}->{$c->action->name}; } else { @@ -407,6 +411,7 @@ sub services :Chained('object') :PathPart('services') :Args(0) { if ($c->request->method eq 'GET') { + $c->session->{started} = 0; my $completed = $c->session->{completed}; $c->stash->{completed} = 1; foreach my $step (@steps) { @@ -438,42 +443,20 @@ sub services :Chained('object') :PathPart('services') :Args(0) { $c->response->status($status); $c->stash->{'error'} = $services_status; } - } - - # Start the services - elsif ($c->request->method eq 'POST') { - - # actually try to start the services - my ($status, $service_start_output) = $c->model('Services')->start(); - # if we detect an error later, we will be able to display the output - # this will be done on the client side - $c->stash->{'error'} = encode_entities($service_start_output); - if ( is_error($status) ) { - $c->response->status($status); - $c->stash->{status_msg} = $service_start_output; - } - # success: list the services - else { - my ($status, $services_status) = $c->model('Services')->status(); - if ( is_success($status) ) { - $c->log->info("successfully listed services"); - $c->stash->{'services'} = $services_status; - # a service has failed to start if its status is 0 - my $start_failed = scalar(grep {int $_ == 0} values %{$services_status}) > 0; - if ($start_failed) { - $c->log->warn("some services were not started"); - } - else { - $c->model('Configurator')->update_currently_at(); - } - } - else { - $c->response->status($status); - $c->log->info('problem trying to list the services'); - $c->stash->{status_msg} = $services_status; + } elsif ($c->request->method eq 'POST') { + # Start the services + if (!$c->session->{started}) { + $c->session->{started} = 1; + #Loading the fingerprints into the database + read_dhcp_fingerprints_conf(); + $c->detach(Service => 'pf_start'); + } else { + my ($HTTP_CODE, $services) = $c->model('Services')->status; + if( all { $_ ne '0' } values %{ $services->{services} } ) { + $c->model('Configurator')->update_currently_at(); } + $c->controller('Service')->_process_model_results_as_json($c, $HTTP_CODE, $services); } - $c->stash->{current_view} = 'JSON'; } } diff --git a/html/pfappserver/lib/pfappserver/Controller/Graph.pm b/html/pfappserver/lib/pfappserver/Controller/Graph.pm index c3c187ab9d60..0b9a356121fe 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Graph.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Graph.pm @@ -237,7 +237,7 @@ sub index :Path : Args(0) { =cut -sub dashboard :Local { +sub dashboard :Local :AdminRole('REPORTS') { my ($self, $c, $start, $end) = @_; $self->_saveRange($c, $DASHBOARD, $start, $end); diff --git a/html/pfappserver/lib/pfappserver/Controller/Node.pm b/html/pfappserver/lib/pfappserver/Controller/Node.pm index 214dbcdc37c0..b1215505a619 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Node.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Node.pm @@ -22,9 +22,11 @@ use pfappserver::Form::Node; use pfappserver::Form::Node::Create::Import; BEGIN { extends 'pfappserver::Base::Controller'; } +with 'pfappserver::Role::Controller::BulkActions'; __PACKAGE__->config( action_args => { + '*' => { model => 'Node' }, advanced_search => { model => 'Search::Node', form => 'AdvancedSearch' }, } ); @@ -56,8 +58,11 @@ The method _list_items comes from pfappserver::Base::Controller and is called fr after _list_items => sub { my ($self, $c) = @_; - my ($status,$roles) = $c->model('Roles')->list(); + my ( $status, $roles, $violations ); + ($status,$roles) = $c->model('Roles')->list(); $c->stash(roles => $roles); + ( $status, $violations ) = $c->model('Config::Violations')->readAll(); + $c->stash( violations => $violations ); unless ($c->session->{'nodecolumns'}) { # Set default visible columns @@ -75,7 +80,7 @@ Perform an advanced search using the Search::Node model sub advanced_search :Local :Args() :AdminRole('NODES_READ') { my ($self, $c, @args) = @_; - my ($status, $status_msg, $result); + my ($status, $status_msg, $result, $violations); my %search_results; my $model = $self->getModel($c); my $form = $self->getForm($c); @@ -107,9 +112,11 @@ sub advanced_search :Local :Args() :AdminRole('NODES_READ') { } (undef, $result) = $c->model('Roles')->list(); + (undef, $violations ) = $c->model('Config::Violations')->readAll(); $c->stash( status_msg => $status_msg, - roles => $result + roles => $result, + violations => $violations, ); $c->response->status($status); } @@ -120,7 +127,7 @@ Create one node or import a CSV file. =cut -sub create :Local { +sub create :Local : AdminRole('NODES_CREATE') { my ($self, $c) = @_; my ($roles, $node_status, $form_single, $form_import, $params, $type); @@ -350,98 +357,6 @@ sub closeViolation :Path('close') :Args(1) :AdminRole('NODES_UPDATE') { $c->stash->{current_view} = 'JSON'; } -=head2 bulk_close - -=cut - -sub bulk_close: Local :AdminRole('NODES_UPDATE') { - my ($self, $c) = @_; - $c->stash->{current_view} = 'JSON'; - my ($status, $status_msg); - my $request = $c->request; - if ($request->method eq 'POST') { - my @ids = $request->param('items'); - ($status, $status_msg) = $c->model('Node')->bulkCloseViolations(@ids); - } - else { - $status = HTTP_BAD_REQUEST; - $status_msg = ""; - } - $c->response->status($status); - $c->stash( - status_msg => $status_msg, - ); -} - -=head2 bulk_register - -=cut - -sub bulk_register: Local :AdminRole('NODES_UPDATE') { - my ($self, $c) = @_; - $c->stash->{current_view} = 'JSON'; - my ($status, $status_msg); - my $request = $c->request; - if ($request->method eq 'POST') { - my @ids = $request->param('items'); - ($status, $status_msg) = $c->model('Node')->bulkRegister(@ids); - } - else { - $status = HTTP_BAD_REQUEST; - $status_msg = ""; - } - $c->response->status($status); - $c->stash( - status_msg => $status_msg, - ); -} - -=head2 bulk_deregister - -=cut - -sub bulk_deregister: Local :AdminRole('NODES_UPDATE') { - my ($self, $c) = @_; - $c->stash->{current_view} = 'JSON'; - my ($status, $status_msg); - my $request = $c->request; - if ($request->method eq 'POST') { - my @ids = $request->param('items'); - ($status, $status_msg) = $c->model('Node')->bulkDeregister(@ids); - } - else { - $status = HTTP_BAD_REQUEST; - $status_msg = ""; - } - $c->response->status($status); - $c->stash( - status_msg => $status_msg, - ); -} - -=head2 bulk_apply_role - -=cut - -sub bulk_apply_role: Local : Args(1) :AdminRole('NODES_UPDATE') { - my ($self, $c, $role) = @_; - $c->stash->{current_view} = 'JSON'; - my ($status, $status_msg); - my $request = $c->request; - if ($request->method eq 'POST') { - my @ids = $request->param('items'); - ($status, $status_msg) = $c->model('Node')->bulkApplyRole($role,@ids); - } - else { - $status = HTTP_BAD_REQUEST; - $status_msg = ""; - } - $c->response->status($status); - $c->stash( - status_msg => $status_msg, - ); -} - =head1 AUTHOR Inverse inc. diff --git a/html/pfappserver/lib/pfappserver/Controller/Root.pm b/html/pfappserver/lib/pfappserver/Controller/Root.pm index 0ef52eb90a31..11f5499092ce 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Root.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Root.pm @@ -37,14 +37,13 @@ The root page (/) sub index :Path :Args(0) { my ( $self, $c ) = @_; - - if ($c->stash->{installation_type} eq $pfappserver::Model::Configurator::CONFIGURATION) { + my $installation_type = $c->model('Configurator')->checkForUpgrade(); + if ($installation_type ne $pfappserver::Model::Configurator::INSTALLATION) { # Redirect to the admin interface my $admin_url = $c->uri_for($c->controller('Admin')->action_for('index')); $c->log->info("Redirecting to admin interface $admin_url"); $c->response->redirect($admin_url); - } - else { + } else { # Redirect to the configurator $c->response->redirect($c->uri_for($c->controller('Configurator')->action_for('index'))); } diff --git a/html/pfappserver/lib/pfappserver/Controller/SavedSearch/Node.pm b/html/pfappserver/lib/pfappserver/Controller/SavedSearch/Node.pm index 79d50a8f9b94..493a4fc5f31e 100644 --- a/html/pfappserver/lib/pfappserver/Controller/SavedSearch/Node.pm +++ b/html/pfappserver/lib/pfappserver/Controller/SavedSearch/Node.pm @@ -25,7 +25,12 @@ BEGIN { __PACKAGE__->config( action => { # Reconfigure the object dispatcher from pfappserver::Base::Controller::Crud - object => { Chained => '/', PathPart => 'savedsearch/node', CaptureArgs => 1 } + object => { Chained => '/', PathPart => 'savedsearch/node', CaptureArgs => 1 }, + view => { AdminRole => 'NODES_READ' }, + list => { AdminRole => 'NODES_READ' }, + create => { AdminRole => 'NODES_READ' }, + update => { AdminRole => 'NODES_READ' }, + remove => { AdminRole => 'NODES_READ' }, }, action_args => { '*' => { model => 'SavedSearch::Node', form => 'SavedSearch'} @@ -34,8 +39,6 @@ __PACKAGE__->config( =head1 METHODS -=over - =head2 before create =cut @@ -48,8 +51,6 @@ before 'create' => sub { __PACKAGE__->meta->make_immutable; -=back - =head1 COPYRIGHT Copyright (C) 2013 Inverse inc. diff --git a/html/pfappserver/lib/pfappserver/Controller/SavedSearch/User.pm b/html/pfappserver/lib/pfappserver/Controller/SavedSearch/User.pm index 51be284cfe3b..9ecd339599c5 100644 --- a/html/pfappserver/lib/pfappserver/Controller/SavedSearch/User.pm +++ b/html/pfappserver/lib/pfappserver/Controller/SavedSearch/User.pm @@ -25,7 +25,12 @@ BEGIN { __PACKAGE__->config( action => { # Reconfigure the object dispatcher from pfappserver::Base::Controller::Crud - object => { Chained => '/', PathPart => 'savedsearch/user', CaptureArgs => 1 } + object => { Chained => '/', PathPart => 'savedsearch/user', CaptureArgs => 1 }, + view => { AdminRole => 'USERS_READ' }, + list => { AdminRole => 'USERS_READ' }, + create => { AdminRole => 'USERS_READ' }, + update => { AdminRole => 'USERS_READ' }, + remove => { AdminRole => 'USERS_READ' }, }, action_args => { '*' => { model => 'SavedSearch::User', form => 'SavedSearch'} @@ -34,8 +39,6 @@ __PACKAGE__->config( =head1 METHODS -=over - =head2 before create =cut @@ -48,8 +51,6 @@ before 'create' => sub { __PACKAGE__->meta->make_immutable; -=back - =head1 COPYRIGHT Copyright (C) 2013 Inverse inc. diff --git a/html/pfappserver/lib/pfappserver/Controller/User.pm b/html/pfappserver/lib/pfappserver/Controller/User.pm index 1230ab0def22..fd120bc8fb3d 100644 --- a/html/pfappserver/lib/pfappserver/Controller/User.pm +++ b/html/pfappserver/lib/pfappserver/Controller/User.pm @@ -25,9 +25,11 @@ use pfappserver::Form::User::Create::Multiple; use pfappserver::Form::User::Create::Import; BEGIN { extends 'pfappserver::Base::Controller'; } +with 'pfappserver::Role::Controller::BulkActions'; __PACKAGE__->config( action_args => { + '*' => { model => 'User'}, advanced_search => { model => 'Search::User', form => 'AdvancedSearch' }, }, ); @@ -50,6 +52,38 @@ sub index :Path :Args(0) :AdminRole('USERS_READ') { sub simple_search :SimpleSearch('User') :Local :Args() :AdminRole('USERS_READ') { } +=head2 after _list_items + +The method _list_items comes from pfappserver::Base::Controller and is called from Base::Action::SimpleSearch. + +=cut + +after _list_items => sub { + my ( $self, $c ) = @_; + my ( $status, $roles, $violations ); + ( $status, $roles ) = $c->model('Roles')->list(); + $c->stash( roles => $roles ); + ( $status, $violations ) = $c->model('Config::Violations')->readAll(); + $c->stash( violations => $violations ); + +}; + +=head2 after _list_items + +The method _list_items comes from pfappserver::Base::Controller and is called from Base::Action::SimpleSearch. + +=cut + +after _list_items => sub { + my ( $self, $c ) = @_; + my ( $status, $roles, $violations ); + ( $status, $roles ) = $c->model('Roles')->list(); + $c->stash( roles => $roles ); + ( $status, $violations ) = $c->model('Config::Violations')->readAll(); + $c->stash( violations => $violations ); + +}; + =head2 object User controller dispatcher @@ -61,11 +95,11 @@ sub object :Chained('/') :PathPart('user') :CaptureArgs(1) { my ($status, $result); - ($status, $result) = $c->model('User')->read($c, [$pid]); + ($status, $result) = $self->getModel($c)->read($c, [$pid]); if (is_success($status)) { $c->stash->{user} = pop @{$result}; # Fetch associated nodes - ($status, $result) = $c->model('User')->nodes($pid); + ($status, $result) = $self->getModel($c)->nodes($pid); if (is_success($status)) { $c->stash->{nodes} = $result; } @@ -100,7 +134,7 @@ sub view :Chained('object') :PathPart('read') :Args(0) :AdminRole('USERS_READ') sub delete :Chained('object') :PathPart('delete') :Args(0) :AdminRole('USERS_DELETE') { my ($self, $c) = @_; - my ($status, $result) = $c->model('User')->delete($c->stash->{user}->{pid}); + my ($status, $result) = $self->getModel($c)->delete($c->stash->{user}->{pid}); if (is_error($status)) { $c->response->status($status); $c->stash->{status_msg} = $result; @@ -125,7 +159,7 @@ sub update :Chained('object') :PathPart('update') :Args(0) :AdminRole('USERS_UPD $message = $form->field_errors; } else { - ($status, $message) = $c->model('User')->update($c->stash->{user}->{pid}, $form->value); + ($status, $message) = $self->getModel($c)->update($c->stash->{user}->{pid}, $form->value); } if (is_error($status)) { $c->response->status($status); @@ -140,7 +174,7 @@ sub update :Chained('object') :PathPart('update') :Args(0) :AdminRole('USERS_UPD sub violations :Chained('object') :PathPart :Args(0) :AdminRole('NODES_READ') { my ($self, $c) = @_; - my ($status, $result) = $c->model('User')->violations($c->stash->{user}->{pid}); + my ($status, $result) = $self->getModel($c)->violations($c->stash->{user}->{pid}); if (is_success($status)) { $c->stash->{items} = $result; } else { @@ -219,7 +253,7 @@ sub create :Local :AdminRole('USERS_CREATE') { } else { %data = (%{$form->value}, %{$form_single->value}); - ($status, $message) = $c->model('User')->createSingle(\%data, $c->user); + ($status, $message) = $self->getModel($c)->createSingle(\%data, $c->user); @options = ('mail'); } } @@ -230,7 +264,7 @@ sub create :Local :AdminRole('USERS_CREATE') { } else { %data = (%{$form->value}, %{$form_multiple->value}); - ($status, $message) = $c->model('User')->createMultiple(\%data, $c->user); + ($status, $message) = $self->getModel($c)->createMultiple(\%data, $c->user); } } elsif ($type eq 'import') { @@ -243,7 +277,7 @@ sub create :Local :AdminRole('USERS_CREATE') { } else { %data = (%{$form->value}, %{$form_import->value}); - ($status, $message) = $c->model('User')->importCSV(\%data, $c->user); + ($status, $message) = $self->getModel($c)->importCSV(\%data, $c->user); @options = ('mail'); } } @@ -288,7 +322,7 @@ Perform advanced search for user sub advanced_search :Local :Args() :AdminRole('USERS_READ') { my ($self, $c, @args) = @_; - my ($status,$status_msg,$result); + my ($status, $status_msg, $result); my %search_results; my $model = $self->getModel($c); my $form = $self->getForm($c); @@ -296,20 +330,24 @@ sub advanced_search :Local :Args() :AdminRole('USERS_READ') { if ($form->has_errors) { $status = HTTP_BAD_REQUEST; $status_msg = $form->field_errors; - $c->stash( - current_view => 'JSON', - ); - } else { + $c->stash(current_view => 'JSON'); + } + else { my $query = $form->value; - ($status,$result) = $model->search($query); - if(is_success($status)) { - $c->stash( form => $form); - $c->stash( $result); + ($status, $result) = $model->search($query); + if (is_success($status)) { + $c->stash(form => $form); + $c->stash($result); } $c->stash(current_view => 'JSON') if ($c->request->params->{'json'}); } + my ( $roles, $violations ); + (undef, $roles) = $c->model('Roles')->list(); + (undef, $violations) = $c->model('Config::Violations')->readAll(); $c->stash( status_msg => $status_msg, + roles => $roles, + violations => $violations, ); $c->response->status($status); } @@ -328,7 +366,7 @@ sub print :Local :AdminRole('USERS_UPDATE') { my ($status, $result); my @pids = split(/,/, $c->request->params->{pids}); - ($status, $result) = $c->model('User')->read($c, \@pids); + ($status, $result) = $self->getModel($c)->read($c, \@pids); if (is_success($status)) { $c->stash->{users} = $result; } @@ -351,7 +389,7 @@ sub mail :Local :AdminRole('USERS_UPDATE') { my ($status, $result); my @pids = split(/,/, $c->request->params->{pids}); - ($status, $result) = $c->model('User')->mail($c, \@pids); + ($status, $result) = $self->getModel($c)->mail($c, \@pids); if (is_success($status)) { $c->stash->{status_msg} = $c->loc('An email was sent to [_1] out of [_2] users.', scalar @pids, scalar @$result); @@ -364,6 +402,17 @@ sub mail :Local :AdminRole('USERS_UPDATE') { $c->stash->{current_view} = 'JSON'; } +before [qw(delete)] => sub { + my ($self,$c,$role) = @_; + unless(admin_can($c->user,"USERS_REMOVE")) { + $c->log->info("Here"); + $c->response->status(HTTP_UNAUTHORIZED); + $c->stash->{status_msg} = "You shall not pass"; + $c->stash->{current_view} = 'JSON'; + $c->detach(); + } +}; + =head1 COPYRIGHT Copyright (C) 2012 Inverse inc. diff --git a/html/pfappserver/lib/pfappserver/Controller/Violation.pm b/html/pfappserver/lib/pfappserver/Controller/Violation.pm index fef841f81047..b434c49b1368 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Violation.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Violation.pm @@ -19,7 +19,7 @@ use namespace::autoclean; use POSIX; use pf::config; -use pf::SNMP::constants; +use pf::Switch::constants; use pfappserver::Form::Violation; BEGIN { diff --git a/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm b/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm index cb59bed168bc..dc60baab6cc5 100644 --- a/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm +++ b/html/pfappserver/lib/pfappserver/Form/Config/Pf.pm @@ -56,9 +56,18 @@ sub field_list { $field->{element_class} = ['input-xxlarge']; last; }; + $type eq 'text_with_editable_default' && do { + $field->{type} = 'Text'; + $field->{default} = $defaults->{$name}; + last; + }; $type eq 'list' && do { $field->{type} = 'TextArea'; $field->{element_class} = ['input-xxlarge']; + # NOTE: line feeds in placeholder attribute are ignored, so we keep the commas and set + # the value to the default value when no value is defined (see pf::ConfigStore::Pf::cleanupAfterRead) + # $field->{element_attr}->{placeholder} = join("\n",split( /\s*,\s*/, $field->{element_attr}->{placeholder} )) + # if $field->{element_attr}->{placeholder}; last; }; $type eq 'numeric' && do { @@ -122,7 +131,7 @@ sub field_list { no_value => 1, element_attr => {'foo' => 'bar'}, wrapper_class => ['compound-input-btn-group', 'extended-duration', 'well'], - tags => { after_element => '
' . $self->_localize("Add to Duration Choices") . '
' } + tags => { after_element => '
' . $self->_localize("Add to Duration Choices") . '' } }; last; }; diff --git a/html/pfappserver/lib/pfappserver/Form/Config/Switch.pm b/html/pfappserver/lib/pfappserver/Form/Config/Switch.pm index f90f15007eb3..fda792f661b3 100644 --- a/html/pfappserver/lib/pfappserver/Form/Config/Switch.pm +++ b/html/pfappserver/lib/pfappserver/Form/Config/Switch.pm @@ -18,7 +18,7 @@ use File::Find qw(find); use File::Spec::Functions; use pf::config; -use pf::SNMP::constants; +use pf::Switch::constants; use pf::util; use List::MoreUtils qw(any); @@ -28,11 +28,11 @@ has 'placeholders' => ( is => 'ro' ); ## Definition has_field 'id' => ( - type => 'IPAddress', - label => 'IP Address', + type => 'SwitchID', + label => 'IP Address/MAC Address', accept => ['default'], required => 1, - messages => { required => 'Please specify the IP address of the switch.' }, + messages => { required => 'Please specify the IP address/MAC address of the switch.' }, ); has_field 'description' => ( @@ -211,7 +211,7 @@ has_field macSearchesSleepInterval => has_block definition => ( - render_list => [ qw(description type mode deauthMethod VoIPEnabled uplink_dynamic uplink controllerIp) ], + render_list => [ qw(description type mode deauthMethod VoIPEnabled uplink_dynamic uplink controllerIp controllerPort portalURL) ], ); has_field 'SNMPVersion' => ( @@ -389,7 +389,27 @@ has_field controllerIp => label => 'Controller IP Address', tags => { after_element => \&help, - help => 'Use instead this IP address for de-authentication requests. Normally used for WiFi only' + help => 'Use instead this IP address for de-authentication requests. Normally used for Wi-Fi only' + }, + ); + +has_field controllerPort => + ( + type => 'PosInteger', + label => 'Controller Port', + tags => { + after_element => \&help_list, + help => 'Only for Wi-Fi , if the deauth request must be send to another device than the access point then set the ip of the controller' + }, + ); + +has_field 'portalURL' => + ( + type => 'Text', + label => 'Portal URL', + tags => { + after_element => \&help_list, + help => 'Only for external captive portal, specify the URL of the captive portal that will be send back as a RADIUS attribute' }, ); @@ -464,31 +484,29 @@ For other switches, add placeholders with values from default switch. sub update_fields { my $self = shift; - - if ($self->{init_object} && $self->init_object->{id} eq 'default') { + my $init_object = $self->init_object; + my $id = $init_object->{id} if $init_object; + if (defined $id && $id eq 'default') { foreach my $role (@SNMP::ROLES) { $self->field($role.'Vlan')->required(1); } - } - elsif ($self->placeholders) { + } elsif ($self->placeholders) { foreach my $field ($self->fields) { - if ($self->placeholders->{$field->name} && length $self->placeholders->{$field->name}) { + my $placeholder = $self->placeholders->{$field->name}; + if (defined $placeholder && length $placeholder) { if ($field->type eq 'Select') { if ($field->name eq 'type') { - $field->default($self->placeholders->{$field->name}); - } - else { - my $val = sprintf "%s (%s)", $self->_localize('Default'), $self->placeholders->{$field->name}; + $field->default($placeholder); + } else { + my $val = sprintf "%s (%s)", $self->_localize('Default'), $placeholder; $field->element_attr({ 'data-placeholder' => $val }); } - } - elsif ($field->name ne 'id') { - $field->element_attr({ placeholder => $self->placeholders->{$field->name} }); + } elsif ($field->name ne 'id') { + $field->element_attr({ placeholder => $placeholder }); } } } } - $self->SUPER::update_fields(); } @@ -529,7 +547,7 @@ sub options_type { my %paths = (); my $wanted = sub { - if ((my ($module, $pack, $switch) = $_ =~ m/$lib_dir\/((pf\/SNMP\/([A-Z0-9][\w\/]+))\.pm)\z/)) { + if ((my ($module, $pack, $switch) = $_ =~ m/$lib_dir\/((pf\/Switch\/([A-Z0-9][\w\/]+))\.pm)\z/)) { $pack =~ s/\//::/g; $switch =~ s/\//::/g; # Parent folder is the vendor name @@ -544,7 +562,7 @@ sub options_type { } } }; - find({ wanted => $wanted, no_chdir => 1 }, ("$lib_dir/pf/SNMP")); + find({ wanted => $wanted, no_chdir => 1 }, ("$lib_dir/pf/Switch")); # Sort vendors and switches for display my @modules; @@ -636,7 +654,7 @@ sub validate { my $always = any { $_->{type} eq $ALWAYS } @{$self->value->{inlineTrigger}}; if ($self->value->{type}) { - my $type = 'pf::SNMP::'. $self->value->{type}; + my $type = 'pf::Switch::'. $self->value->{type}; if ($type->require()) { @triggers = map { $_->{type} } @{$self->value->{inlineTrigger}}; if ( @triggers && !$always) { diff --git a/html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm b/html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm new file mode 100644 index 000000000000..f4b942da671f --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm @@ -0,0 +1,255 @@ +package pfappserver::Form::Config::Wrix; + +=head1 NAME + +pfappserver::Form::Config::Wrix - Web form for a switch + +=head1 DESCRIPTION + +Form definition to create or update a network switch. + +=cut + +use HTML::FormHandler::Moose; +use DateTime::TimeZone; +extends 'pfappserver::Base::Form'; +with 'pfappserver::Base::Form::Role::Help'; + +## Definition +has_field 'id' => + ( + type => 'Text', + required => 1, + messages => { required => 'The ID of the Switch'} + ); +has_field 'Provider_Identifier' => + ( + type => 'Text', + required => 1, + ); +has_field 'Location_Identifier' => + ( + type => 'Text', + required => 1, + ); +has_field 'Service_Provider_Brand' => + ( + type => 'Text', + required => 1, + ); +has_block 'identification' => + ( + render_list => [qw(Provider_Identifier Location_Identifier Service_Provider_Brand)] + ); +has_field 'Location_Type' => + ( + type => 'Text', + required => 1, + ); +has_field 'Sub_Location_Type' => + ( + type => 'Text', + required => 1, + ); +has_field 'English_Location_Name' => + ( + type => 'Text', + required => 1, + ); +has_field 'Location_Address1' => + ( + type => 'Text', + required => 1, + label => 'Location Address 1' + ); + +has_field 'Location_Address2' => + ( + type => 'Text', + label => 'Location Address 2' + ); +has_field 'English_Location_City' => + ( + type => 'Text', + required => 1, + ); +has_field 'Location_Zip_Postal_Code' => + ( + type => 'Text', + required => 1, + ); +has_field 'Location_State_Province_Name' => + ( + type => 'Text', + required => 1, + ); +has_field 'Location_Country_Name' => + ( + type => 'Text', + required => 1, + ); +has_field 'Location_Phone_Number' => + ( + type => 'Text', + required => 1, + ); +has_block 'location' => + ( + render_list => [qw( + Location_Type Sub_Location_Type English_Location_Name Location_Address1 + Location_Address2 English_Location_City Location_Zip_Postal_Code + Location_State_Province_Name Location_Country_Name Location_Phone_Number Location_URL Coverage_Area + )] + ); + +has_field 'SSID_Open_Auth' => + ( + type => 'Text', + ); +has_field 'SSID_Broadcasted' => + ( + type => 'Toggle', + ); +has_field 'WEP_Key' => + ( + type => 'Text', + ); +has_field 'WEP_Key_Entry_Method' => + ( + type => 'Text', + ); +has_field 'WEP_Key_Size' => + ( + type => 'Text', + ); +has_field 'SSID_1X' => + ( + type => 'Text', + ); +has_field 'SSID_1X_Broadcasted' => + ( + type => 'Toggle', + ); +has_field 'Security_Protocol_1X' => + ( + type => 'Select', + default => 'NONE', + options => [ + { value => 'NONE', label => 'None' }, + { value => 'WPA-Enterprise', label => 'WPA Enterprise' }, + { value => 'WPA2', label => 'WPA2' }, + { value => 'EAP-PEAP', label => 'EAP PEAP' }, + { value => 'EAP-TTLS', label => 'EAP TTLS' }, + { value => 'EAP_SIM', label => 'EAP SIM' }, + { value => 'EAP-AKA', label => 'EAP AKA' }, + ], + ); + has_field 'Client_Support' => + ( + type => 'Text', + ); + has_field 'Restricted_Access' => + ( + type => 'Toggle', + ); + + has_block 'ssid' => + ( + render_list => [qw( + SSID_Open_Auth SSID_Broadcasted WEP_Key WEP_Key_Entry_Method + WEP_Key_Size SSID_1X SSID_1X_Broadcasted Security_Protocol_1X + Restricted_Access Client_Support MAC_Address + )], + ); + + has_field 'Location_URL' => + ( + type => 'Text', + ); + has_field 'Coverage_Area' => + ( + type => 'Text', + ); + our @HOURS = qw(Open_Monday Open_Tuesday Open_Wednesday Open_Thursday Open_Friday Open_Saturday Open_Sunday); + has_field \@HOURS => + ( + type => 'Text', + maxlength => 13, + ); + has_block hours => + ( + render_list => ['UTC_Timezone', @HOURS] + ); + has_field 'Longitude' => + ( + type => 'Float', + size => 11, + precision => 9, + range_start => -180, + range_end => 180, + ); + has_field 'Latitude' => + ( + type => 'Float', + size => 11, + precision => 9, + range_start => -90, + range_end => 90, + ); + has_block lat_long => + ( + render_list => [qw( Longitude Latitude )] + ); + has_field 'UTC_Timezone' => + ( + type => 'Select', + options_method => \&options_UTC_Timezone, + ); + has_field 'MAC_Address' => + ( + type => 'Text', + ); + +sub options_UTC_Timezone { + my ($self) = @_; + local $_; + my @options = map { + { group => $self->_localize($_), + options => options_UTC_Timezone_group($self, $_) + } + } DateTime::TimeZone->categories; + unshift @options, { value => '', label => '' }; + return \@options; +} + +sub options_UTC_Timezone_group { + my ($self,$category) = @_; + local $_; + return [ (map { { value => "$category/$_", label => $_ } } DateTime::TimeZone->names_in_category($category)) ]; +} + +=head1 COPYRIGHT + +Copyright (C) 2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +__PACKAGE__->meta->make_immutable; +1; diff --git a/html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm b/html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm new file mode 100644 index 000000000000..374f0ec270b6 --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm @@ -0,0 +1,94 @@ +package pfappserver::Form::ConfigStore::Mdm; + +=head1 NAME + +pfappserver::Form::ConfigStore::Mdm - Web form for a switch + +=head1 DESCRIPTION + +=cut + +use HTML::FormHandler::Moose; +extends 'pfappserver::Base::Form'; +#with 'pfappserver::Base::Form::Role::Help'; + +## Definition +has_field 'id' => + ( + type => 'Text', + label => 'MDM ID', + required => 1, + messages => { required => 'Please specify the ID of the Mdm entry.' }, + ); +has_field 'description' => + ( + type => 'Text', + required => 1, + messages => { required => 'Please specify the Description Mdm entry.' }, + ); +has_field 'type' => + ( + type => 'Select', + label => 'MDM type', + required => 1, + messages => { required => 'Please select MDM type' }, + ); + +has_field 'username' => + ( + type => 'Text', + label => 'User name', + required => 1, + messages => { required => 'Username Required' }, + ); + +has_field 'password' => + ( + type => 'Password', + label => 'Password', + required => 1, + messages => { required => 'Password required' }, + ); + +has_field 'uri' => + ( + type => 'Text', + label => 'Uri', + required => 1, + messages => { required => 'Uri required' }, + ); + +has_block definition => + ( + render_list => [ qw(id description type username password uri) ], + ); + +sub options_type { + return ({ label => 'Tem', value => 'tem' } , { label => 'Symantec', value => 'symantec'}); +} + +=head1 COPYRIGHT + +Copyright (C) 2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +__PACKAGE__->meta->make_immutable; +1; diff --git a/html/pfappserver/lib/pfappserver/Form/Field/Duration.pm b/html/pfappserver/lib/pfappserver/Form/Field/Duration.pm index e2f41fa9d5cf..d05281484fdd 100644 --- a/html/pfappserver/lib/pfappserver/Form/Field/Duration.pm +++ b/html/pfappserver/lib/pfappserver/Form/Field/Duration.pm @@ -44,7 +44,7 @@ has '+inflate_default_method'=> ( default => sub { \&duration_inflate } ); has '+deflate_value_method'=> ( default => sub { \&duration_deflate } ); has '+wrapper_class' => (builder => '_wrapper_class'); -sub _wrapper_class {[qw(compound-input-btn-group)] } +sub _wrapper_class { [qw(compound-input-btn-group)] } has_field 'interval' => ( diff --git a/html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm b/html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm index 3b3dfb1d554a..7c5d7c2fe68e 100644 --- a/html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm +++ b/html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm @@ -32,20 +32,23 @@ has_field 'match' => type => 'Text', do_label => 0, widget_wrapper => 'None', + element_class => ['input-medium'], + required => 1, ); has_field 'type' => ( type => 'Select', widget => 'ButtonGroup', do_label => 0, - tags => { no_errors => 1 }, + required => 1, wrapper_class => ['btn-group'], wrapper_attr => {'data-toggle' => 'buttons-radio'}, default => 'ssid', options => [ - {value => 'ssid', label => 'SSID'}, - {value => 'vlan', label => 'VLAN'}, - {value => 'switch', label => 'SWITCH'}, + { value => 'ssid', label => 'SSID' }, + { value => 'vlan', label => 'VLAN' }, + { value => 'switch', label => 'SWITCH' }, + { value => 'uri', label => 'URI' }, ], ); @@ -53,11 +56,11 @@ sub filter_inflate { my ($self, $value) = @_; my $hash = {}; if (defined $value) { - if($value =~ m/^([^:]+):(.+)$/) { - @{$hash}{'type','match'} = ($1, $2); + if ($value =~ m/^([^:]+):(.+)$/) { + @{$hash}{'type', 'match'} = ($1, $2); } else { - @{$hash}{'type','match'} = ('ssid', $value); + @{$hash}{'type', 'match'} = ('ssid', $value); } } return $hash; diff --git a/html/pfappserver/lib/pfappserver/Form/Field/SwitchID.pm b/html/pfappserver/lib/pfappserver/Form/Field/SwitchID.pm new file mode 100644 index 000000000000..ae47a76485e4 --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Form/Field/SwitchID.pm @@ -0,0 +1,84 @@ +package pfappserver::Form::Field::SwitchID; + +=head1 NAME + +pfappserver::Form::Field::IPAddress - IP address input field + +=head1 DESCRIPTION + +This field extends the default Text field and checks if the input +value is an IP address. + +=cut + +use HTML::FormHandler::Moose; +extends 'HTML::FormHandler::Field::Text'; + +use pf::util; +use namespace::autoclean; + +# If the field value matches one of the values defined in "accept", the field will pass validation. +# Otherwise, the field value must be a valid IPv4 address. +has 'accept' => ( is => 'rw', isa => 'ArrayRef' ); + +our $class_messages = { + 'switch_id' => 'Value must be an IPv4 address or a mac address', +}; + +sub get_class_messages { + my $self = shift; + return { + %{ $self->next::method }, + %$class_messages, + } +} + +apply +[ + { + check => sub { + my ( $value, $field ) = @_; + return 1 if ($field->accept && grep { $_ eq $value } @{$field->accept}); + return valid_mac_or_ip( $value ); + } + }, + { + message => sub { + my ( $value, $field ) = @_; + return $field->get_message('switch_id'); + }, + }, + { + transform => sub { + my ($val) = @_; + return clean_mac( $val ) if valid_mac($val); + return $val; + } + } +]; + +=head1 COPYRIGHT + +Copyright (C) 2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +__PACKAGE__->meta->make_immutable; +1; diff --git a/html/pfappserver/lib/pfappserver/Form/Interface.pm b/html/pfappserver/lib/pfappserver/Form/Interface.pm index 8ba948219bee..518930e7b523 100644 --- a/html/pfappserver/lib/pfappserver/Form/Interface.pm +++ b/html/pfappserver/lib/pfappserver/Form/Interface.pm @@ -49,6 +49,23 @@ has_field 'dns' => help => 'The primary DNS server of your network.' }, ); +has_field 'fake_mac_enabled' => + ( + type => 'Toggle', + checkbox_value => 1, + default => 1, + label => 'Fake MAC Address', + ); + +has_field 'dhcpd_enabled' => + ( + type => 'Toggle', + checkbox_value => 1, + default => 1, + label => 'Enable DHCP Server', + ); + + =head2 options_type =cut @@ -57,7 +74,15 @@ sub options_type { my $self = shift; # $self->types comes from pfappserver::Model::Enforcement->getAvailableTypes - my @types = map { $_ => $self->_localize($_) } @{$self->types} if ($self->types); + my @types; + if ( defined $self->types ) { + for my $type ( @{$self->types} ) { + # we remove inline, even though it may still be in pf.conf for backwards compatibility reasons. + next if $type eq 'inline'; + push @types, ( $type => $self->_localize($type) ); + } + } + return ('' => '', @types); } @@ -71,7 +96,10 @@ Force DNS to be defined when the 'inline' type is selected sub validate { my $self = shift; - if (defined $self->value->{type} && $self->value->{type} eq 'inline') { + if (defined $self->value->{type} && + ( $self->value->{type} eq 'inlinel2' or + $self->value->{type} eq 'inline' ) + ) { unless ($self->value->{dns}) { $self->field('dns')->add_error('Please specify your DNS server.'); } diff --git a/html/pfappserver/lib/pfappserver/Form/Node.pm b/html/pfappserver/lib/pfappserver/Form/Node.pm index 7a06f433f4dc..75b06b59121a 100644 --- a/html/pfappserver/lib/pfappserver/Form/Node.pm +++ b/html/pfappserver/lib/pfappserver/Form/Node.pm @@ -57,6 +57,16 @@ has_field 'unregdate' => type => '+DateTimePicker', label => 'Unregistration', ); +has_field 'time_balance' => + ( + type => 'PosInteger', + label => 'Remaining Access Time', + ); +has_field 'bandwidth_balance' => + ( + type => 'PosInteger', + label => 'Remaining Bandwidth', + ); has_field 'notes' => ( type => 'TextArea', diff --git a/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm b/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm index e10affd7caa5..486283a4768a 100644 --- a/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm +++ b/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm @@ -14,9 +14,13 @@ pfappserver::Form::Portal::Common use strict; use warnings; + use HTML::FormHandler::Moose::Role; use List::MoreUtils qw(uniq); + use pf::authentication; +use pf::ConfigStore::Mdm; +use pf::web::constants; with 'pfappserver::Base::Form::Role::Help'; =head1 Fields @@ -47,6 +51,26 @@ has_field 'description' => label => 'Profile Description', ); +=head2 locale + +Accepted languages for the profile + +=cut + +has_field 'locale' => +( + 'type' => 'DynamicTable', + 'sortable' => 1, + 'do_label' => 0, +); + +has_field 'locale.contains' => +( + type => 'Select', + options_method => \&options_locale, + widget_wrapper => 'DynamicTableRow', +); + =head2 redirecturl Redirection URL @@ -119,7 +143,74 @@ has_field 'sources.contains' => widget_wrapper => 'DynamicTableRow', ); -=head1 Methods +has_field 'mandatory_fields' => +( + 'type' => 'DynamicTable', + 'sortable' => 1, + 'do_label' => 0, +); + +has_field 'mandatory_fields.contains' => +( + type => 'Select', + options_method => \&options_mandatory_fields, + widget_wrapper => 'DynamicTableRow', +); + +=head2 authorizer + +=cut + +has_field 'authorizer' => + ( + type => 'Select', + ); + +=head2 allow_ios_devices + +=cut + +has_field 'allowed_devices' => + ( + type => 'Select', + multiple => 1, + element_class => ['chzn-select', 'input-xxlarge'], + ); + +=head2 allow_android_devices + +=cut + +has_field 'allow_android_devices' => + ( + type => 'Checkbox', + ); + +has_block provisioning => ( + render_list => [qw(authorizer allowed_devices)] +); + +=head1 METHODS + +=head2 options_locale + +=cut + +sub options_locale { + return map { { value => $_, label => $_ } } @WEB::LOCALES; +} + +=head2 options_authorizer + +=cut + +sub options_authorizer { + return { value => '', label => '' }, map { { value => $_, label => $_ } } @{pf::ConfigStore::Mdm->new->readAllIds}; +} + +sub options_allowed_devices { + return map { { value => $_, label => $_ } } qw(ios android windows); +} =head2 options_sources @@ -131,6 +222,22 @@ sub options_sources { return map { { value => $_->id, label => $_->id, attributes => { 'data-source-class' => $_->class } } } @{getAllAuthenticationSources()}; } +=head2 options_mandatory_fields + +Returns the list of sources to be displayed + +=cut + +sub options_mandatory_fields { + return + map { { value => $_, label => $_ } } + qw(firstname lastname organization phone mobileprovider email sponsor_email + anniversary birthday gender lang nickname organization cell_phone + work_phone title building_number apartment_number room_number + custom_field_1 custom_field_2 custom_field_3 custom_field_4 custom_field_5 + custom_field_6 custom_field_7 custom_field_8 custom_field_9); +} + =head2 validate Remove duplicates and make sure only one external authentication source is selected for each type. @@ -140,10 +247,14 @@ Remove duplicates and make sure only one external authentication source is selec sub validate { my $self = shift; - my @all = uniq @{$self->value->{'sources'}}; - $self->field('sources')->value(\@all); + my @uniq_locales = uniq @{$self->value->{'locale'}}; + $self->field('locale')->value(\@uniq_locales); + + my @uniq_sources = uniq @{$self->value->{'sources'}}; + $self->field('sources')->value(\@uniq_sources); + my %external; - foreach my $source_id (@all) { + foreach my $source_id (@uniq_sources) { my $source = &pf::authentication::getAuthenticationSource($source_id); next unless $source && $source->class eq 'external'; $external{$source->{'type'}} = 0 unless (defined $external{$source->{'type'}}); @@ -162,7 +273,7 @@ Inverse inc. =head1 COPYRIGHT -Copyright (C) 2005-2013 Inverse inc. +Copyright (C) 2005-2014 Inverse inc. =head1 LICENSE diff --git a/html/pfappserver/lib/pfappserver/Form/User.pm b/html/pfappserver/lib/pfappserver/Form/User.pm index f76eae1a111e..1248de276fa7 100644 --- a/html/pfappserver/lib/pfappserver/Form/User.pm +++ b/html/pfappserver/lib/pfappserver/Form/User.pm @@ -131,6 +131,18 @@ has_field 'expiration' => messages => { required => 'Please specify the end date of the registration window.' }, ); +has_field [qw( anniversary birthday gender lang nickname organization cell_phone + work_phone title building_number apartment_number room_number)] => + ( + type => 'Text', + ); + + +has_field [qw(custom_field_1 custom_field_2 custom_field_3 custom_field_4 custom_field_5 custom_field_6 custom_field_7 custom_field_8 custom_field_9)] => + ( + type => 'Text', + ); + =head2 Blocks =over @@ -146,6 +158,16 @@ has_block 'user' => render_list => [qw(pid firstname lastname company telephone email sponsor address notes)], ); +has_block 'miscellaneous' => + ( + render_list => [qw(anniversary birthday gender lang nickname organization cell_phone work_phone title building_number apartment_number room_number)] + ); + +has_block 'custom_fields' => + ( + render_list => [qw(custom_field_1 custom_field_2 custom_field_3 custom_field_4 custom_field_5 custom_field_6 custom_field_7 custom_field_8 custom_field_9)] + ); + =item templates block The templates block contains the dynamic fields of the rule definition. diff --git a/html/pfappserver/lib/pfappserver/Form/Violation.pm b/html/pfappserver/lib/pfappserver/Form/Violation.pm index e1c714e273d0..be17fffe0994 100644 --- a/html/pfappserver/lib/pfappserver/Form/Violation.pm +++ b/html/pfappserver/lib/pfappserver/Form/Violation.pm @@ -172,7 +172,13 @@ has_field 'vlan' => tags => { after_element => \&help, help => 'Destination VLAN where PacketFence should put the client when a violation of this type is open.' } ); - +has_field 'redirect_url' => + ( + type => 'Text', + label => 'Redirection URL', + tags => { after_element => \&help, + help => 'Destination URL where PacketFence will forward the device. By default it will use the Redirection URL from the portal profile configuration.' } + ); =head2 around has_errors Ignore validation errors for the trigger select field. An error would occur if a new trigger is added from the Web diff --git a/html/pfappserver/lib/pfappserver/I18N/en.po b/html/pfappserver/lib/pfappserver/I18N/en.po index 58b11d759a76..fe5312c1eff8 100644 --- a/html/pfappserver/lib/pfappserver/I18N/en.po +++ b/html/pfappserver/lib/pfappserver/I18N/en.po @@ -4,9 +4,9 @@ # msgid "" msgstr "" -"Project-Id-Version: 4.0.7\n" +"Project-Id-Version: 4.2.0\n" "POT-Creation-Date: YEAR-MO-DA HO:MI+ZONE\n" -"PO-Revision-Date: 2013-11-13 15:40-0400\n" +"PO-Revision-Date: 2014-05-02 13:47-0400\n" "Last-Translator: Inverse inc. \n" "Language-Team: English\n" "Language: en\n" @@ -48,10 +48,6 @@ msgstr "" msgid "A manual start from the command line will be required. Are you sure you want to continue?" msgstr "" -# pf::admin_roles (Groups) -msgid "ADMIN_ROLES" -msgstr "Admin Roles" - # pf::admin_roles (Actions) msgid "ADMIN_ROLES_CREATE" msgstr "Admin Roles - Create" @@ -103,6 +99,10 @@ msgstr "" msgid "Access Code" msgstr "" +# html/pfappserver/root/node/view.tt +msgid "Access Time Balance" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Authentication/Source/Facebook.pm # html/pfappserver/lib/pfappserver/Form/Authentication/Source/Github.pm # html/pfappserver/lib/pfappserver/Form/Authentication/Source/Google.pm @@ -113,9 +113,17 @@ msgstr "" msgid "Accounting" msgstr "" +# conf/documentation.conf (inline.level3_accounting_session_timeout) +msgid "" + "Accounting sessions created by pfbandwidthd (level 3 traffic only) that haven't" + "been updated for more than this amount of seconds will be considered" + "inactive." + "This should be higher than the interval at which pfmon runs" + "Defaults to 300 - 5 minutes" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/SoH.pm -# html/pfappserver/root/node/advanced_search.tt -# html/pfappserver/root/node/simple_search.tt +# html/pfappserver/root/admin/bulk_actions.inc # html/pfappserver/root/soh/index.tt # html/pfappserver/root/soh/read.tt # html/pfappserver/root/violation/list.tt @@ -132,9 +140,8 @@ msgstr "" # html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm # html/pfappserver/lib/pfappserver/Form/Violation.pm -# html/pfappserver/root/user/create.tt # html/pfappserver/root/configuration/adminroles/view.tt -# html/pfappserver/root/configuration/users.tt +# html/pfappserver/root/user/create.tt # html/pfappserver/root/user/view.tt # html/pfappserver/root/violation/list.tt msgid "Actions" @@ -148,17 +155,36 @@ msgstr "" msgid "Add" msgstr "" +# html/pfappserver/root/configstore/mdm/index.tt +msgid "Add Mdm Entry" +msgstr "" + # html/pfappserver/root/interface/list.tt msgid "Add VLAN" msgstr "" +# html/pfappserver/root/configuration/wrix/index.tt +msgid "Add Wrix Entry" +msgstr "" + # html/pfappserver/root/authentication/source/rule_read.tt # html/pfappserver/root/configuration/switch/view.tt msgid "Add a condition." msgstr "" -# html/pfappserver/root/portal/profile/create.tt -# html/pfappserver/root/portal/profile/view.tt +# html/pfappserver/root/portal/profile/tab-content.tt +msgid "Add a language." +msgstr "" + +# html/pfappserver/root/portal/profile/tab-content.tt +msgid "Add a mandatory field." +msgstr "" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Add a search condition." +msgstr "" + +# html/pfappserver/root/portal/profile/tab-content.tt msgid "Add a source." msgstr "" @@ -213,7 +239,7 @@ msgid "" "Address ranges/CIDR blocks that PF will force registration on." "Gateway, network, and broadcast addresses are ignored. If this is not" "defined the trapping.range will be used as the registration range." - "Comma-delimiter entries should be of the form:" + "Comma-delimited entries should be of the form:" " * a.b.c.0/24" " * a.b.c.0-255" " * a.b.c.0-a.b.c.255" @@ -267,13 +293,22 @@ msgid "All imported nodes will be registered. If a MAC matches an existing node, msgstr "" # html/pfappserver/lib/pfappserver/Form/Authentication/Source/Email.pm +# html/pfappserver/lib/pfappserver/Form/Authentication/Source/SponsorEmail.pm msgid "Allow Local Domain" msgstr "" +# html/pfappserver/root/admin/users.tt +msgid "Anniversary" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/AdvancedSearch.pm msgid "Any" msgstr "" +# html/pfappserver/root/admin/users.tt +msgid "Apartment Number" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Authentication/Source/Facebook.pm # html/pfappserver/lib/pfappserver/Form/Authentication/Source/Github.pm msgid "App ID" @@ -288,11 +323,14 @@ msgstr "" msgid "App URL" msgstr "" -# html/pfappserver/root/node/advanced_search.tt -# html/pfappserver/root/node/simple_search.tt +# html/pfappserver/root/admin/bulk_actions.inc msgid "Apply Role" msgstr "" +# html/pfappserver/root/admin/bulk_actions.inc +msgid "Apply Violation" +msgstr "" + # conf/documentation.conf (provisioning.category) msgid "Apply to node that are members of the following category" msgstr "" @@ -348,10 +386,22 @@ msgstr "" msgid "Auto Enable" msgstr "" +# conf/documentation.conf (expire.httpd_admin) +msgid "Automatically expire httpd admin sessions" +msgstr "" + +# conf/documentation.conf (expire.httpd_portal) +msgid "Automatically expire httpd portal sessions" +msgstr "" + # html/pfappserver/root/portal/profile/edit.tt msgid "Available Variables" msgstr "" +# html/pfappserver/root/node/view.tt +msgid "Bandwidth Balance" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Authentication/Source/LDAP.pm msgid "Base DN" msgstr "" @@ -364,10 +414,18 @@ msgstr "" msgid "Bind DN" msgstr "" +# html/pfappserver/root/admin/users.tt +msgid "Birthday" +msgstr "" + # html/pfappserver/root/node/view.tt msgid "Browser" msgstr "" +# html/pfappserver/root/admin/users.tt +msgid "Building Number" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Violation.pm msgid "Button Text" msgstr "" @@ -376,15 +434,14 @@ msgstr "" msgid "By default is an imported node a Voice over IP device or not?" msgstr "" +# conf/documentation.conf (billing.mirapay_currency options) +msgid "CAD" +msgstr "" + # html/pfappserver/root/configuration/switch/view.tt msgid "CLI" msgstr "" -# html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm -# pf::admin_roles (Groups) -msgid "CONFIGURATION_MAIN" -msgstr "Main Configuration" - # pf::admin_roles (Actions) msgid "CONFIGURATION_MAIN_READ" msgstr "Main Configuration - Read" @@ -393,16 +450,18 @@ msgstr "Main Configuration - Read" msgid "CONFIGURATION_MAIN_UPDATE" msgstr "Main Configuration - Update" +# html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm # html/pfappserver/lib/pfappserver/Form/User/Create/Import.pm msgid "CSV File" msgstr "" +# html/pfappserver/root/configstore/mdm/index.tt # html/pfappserver/root/configuration/adminroles/index.tt # html/pfappserver/root/configuration/authentication.tt # html/pfappserver/root/configuration/floatingdevice/index.tt # html/pfappserver/root/configuration/switch/index.tt +# html/pfappserver/root/configuration/wrix/index.tt # html/pfappserver/root/interface/create.tt -# html/pfappserver/root/portal/profile/create.tt # html/pfappserver/root/portal/profile/files.tt # html/pfappserver/root/portal/profile/index.tt # html/pfappserver/root/roles/index.tt @@ -421,6 +480,10 @@ msgstr "" msgid "Cannot Load Content" msgstr "An error occured while contacting the server. Please try again later." +# html/pfappserver/root/admin/users.tt +msgid "Cellphone" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Authentication/Source/LDAP.pm msgid "Children" msgstr "" @@ -429,25 +492,35 @@ msgstr "" msgid "Choose between our supported IDS engine." msgstr "" -# html/pfappserver/root/node/advanced_search.tt -# html/pfappserver/root/node/simple_search.tt +# conf/documentation.conf (network.interfaceSNAT) +msgid "Choose interface(s) where you want to enable snat for passthrough (by default it's the management interface)" +msgstr "" + +# html/pfappserver/root/admin/bulk_actions.inc msgid "Clear Violation" msgstr "" +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Client_Support" +msgstr "Client Support" + +# html/pfappserver/root/configstore/mdm/list.tt # html/pfappserver/root/configuration/adminroles/list.tt # html/pfappserver/root/configuration/floatingdevice/list.tt # html/pfappserver/root/configuration/switch/list.tt +# html/pfappserver/root/configuration/wrix/list.tt # html/pfappserver/root/violation/list.tt msgid "Clone" msgstr "" -# html/pfappserver/root/admin/nodes.tt -# html/pfappserver/root/admin/users.tt +# html/pfappserver/root/admin/saved_search.inc # html/pfappserver/root/authentication/source/rule_read.tt # html/pfappserver/root/config/networks/view.tt +# html/pfappserver/root/configstore/mdm/view.tt # html/pfappserver/root/configuration/adminroles/view.tt # html/pfappserver/root/configuration/floatingdevice/view.tt # html/pfappserver/root/configuration/switch/view.tt +# html/pfappserver/root/configuration/wrix/view.tt # html/pfappserver/root/interface/view.tt # html/pfappserver/root/node/view.tt # html/pfappserver/root/roles/read.tt @@ -458,6 +531,18 @@ msgstr "" msgid "Close" msgstr "" +# conf/documentation.conf (advanced.pfcmd_error_color) +msgid "Color of the error text for pfcmd" +msgstr "" + +# conf/documentation.conf (advanced.pfcmd_success_color) +msgid "Color of the success text for pfcmd" +msgstr "" + +# conf/documentation.conf (advanced.pfcmd_warning_color) +msgid "Color of the warning text for pfcmd" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm # html/pfappserver/lib/pfappserver/Form/User/Create/Import.pm msgid "Column Delimiter" @@ -493,7 +578,7 @@ msgstr "" # conf/documentation.conf (trapping.whitelist) msgid "" "Comma-delimited list of MAC addresses that are immune to isolation. In " - "inline enforcement, the firewall is opened for them as if they were " + "inline Level 2 enforcement, the firewall is opened for them as if they were " "registered. This \"feature\" will probably be reworked in the future." msgstr "" @@ -512,6 +597,10 @@ msgid "" "to be effective." msgstr "" +# conf/documentation.conf (inline.interfaceSNAT) +msgid "Comma-delimited list of interfaces used to SNAT inline level 2 traffic" +msgstr "" + # conf/documentation.conf (general.memcached) msgid "Comma-delimited list of memcached servers." msgstr "" @@ -575,6 +664,10 @@ msgstr "" msgid "Controller IP Address" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Config/Switch.pm +msgid "Controller Port" +msgstr "" + # conf/documentation.conf (vlan.trap_limit) msgid "" "Controls whether or not the trap_limit feature is enabled. Trap limiting is" @@ -592,6 +685,10 @@ msgstr "" msgid "Copy File" msgstr "" +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Coverage_Area" +msgstr "Coverage Area" + # html/pfappserver/root/admin/nodes.tt # html/pfappserver/root/admin/users.tt # html/pfappserver/root/interface/create.tt @@ -643,6 +740,46 @@ msgstr "" msgid "Creating Users .." msgstr "" +# html/pfappserver/root/admin/users.tt +msgid "Custom Field 1" +msgstr "" + +# html/pfappserver/root/admin/users.tt +msgid "Custom Field 2" +msgstr "" + +# html/pfappserver/root/admin/users.tt +msgid "Custom Field 3" +msgstr "" + +# html/pfappserver/root/admin/users.tt +msgid "Custom Field 4" +msgstr "" + +# html/pfappserver/root/admin/users.tt +msgid "Custom Field 5" +msgstr "" + +# html/pfappserver/root/admin/users.tt +msgid "Custom Field 6" +msgstr "" + +# html/pfappserver/root/admin/users.tt +msgid "Custom Field 7" +msgstr "" + +# html/pfappserver/root/admin/users.tt +msgid "Custom Field 8" +msgstr "" + +# html/pfappserver/root/admin/users.tt +msgid "Custom Field 9" +msgstr "" + +# html/pfappserver/root/user/view.tt +msgid "Custom Fields" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Interface.pm msgid "DNS" msgstr "" @@ -697,7 +834,7 @@ msgid "Default pid value to assign to imported nodes." msgstr "" # html/pfappserver/root/configuration/adminroles/index.tt -msgid "Define roles with specific access rights to the Web administration interface." +msgid "Define roles with specific access rights to the Web administration interface. Roles are assigned to users depending on their authentication source." msgstr "" # html/pfappserver/root/configuration/authentication.tt @@ -724,6 +861,8 @@ msgid "" msgstr "" # html/pfappserver/root/config/networks/view.tt +# html/pfappserver/root/configstore/mdm/index.tt +# html/pfappserver/root/configstore/mdm/list.tt # html/pfappserver/root/configuration/adminroles/index.tt # html/pfappserver/root/configuration/adminroles/list.tt # html/pfappserver/root/configuration/authentication.tt @@ -731,6 +870,8 @@ msgstr "" # html/pfappserver/root/configuration/floatingdevice/list.tt # html/pfappserver/root/configuration/switch/index.tt # html/pfappserver/root/configuration/switch/list.tt +# html/pfappserver/root/configuration/wrix/index.tt +# html/pfappserver/root/configuration/wrix/list.tt # html/pfappserver/root/interface/list.tt # html/pfappserver/root/node/view.tt # html/pfappserver/root/portal/profile/files.tt @@ -758,6 +899,10 @@ msgstr "" msgid "Delete Floating Device" msgstr "" +# html/pfappserver/root/configstore/mdm/index.tt +msgid "Delete Mdm Entry" +msgstr "" + # html/pfappserver/root/portal/profile/index.tt msgid "Delete Profile" msgstr "" @@ -778,14 +923,17 @@ msgstr "" msgid "Delete Violation" msgstr "" +# html/pfappserver/root/configuration/wrix/index.tt +msgid "Delete WRIX Entry" +msgstr "" + # html/pfappserver/root/config/networks/view.tt # html/pfappserver/root/soh/index.tt # html/pfappserver/root/violation/list.tt msgid "Deleting" msgstr "" -# html/pfappserver/root/node/advanced_search.tt -# html/pfappserver/root/node/simple_search.tt +# html/pfappserver/root/admin/bulk_actions.inc msgid "Deregister" msgstr "" @@ -845,6 +993,10 @@ msgstr "" msgid "Drop" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Config/Pf.pm +msgid "Duration" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Config/Switch.pm msgid "Dynamic Uplinks" msgstr "" @@ -853,6 +1005,22 @@ msgstr "" msgid "Dynamic Window" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm +msgid "EAP AKA" +msgstr "" + +# html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm +msgid "EAP PEAP" +msgstr "" + +# html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm +msgid "EAP SIM" +msgstr "" + +# html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm +msgid "EAP TTLS" +msgstr "" + # html/pfappserver/root/user/print.tt msgid "Each account will be printed on a single page with the acceptable user policy." msgstr "" @@ -903,11 +1071,15 @@ msgstr "" msgid "Enable Billing Engine" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Interface.pm +msgid "Enable DHCP Server" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Config/Switch.pm msgid "Enable Password" msgstr "" -# conf/documentation.conf (registration.gaming_devices_registration) +# conf/documentation.conf (registration.device_registration) msgid "Enable or Disable the ability to register a gaming device using the specific portal page designed to do it" msgstr "" @@ -923,6 +1095,10 @@ msgstr "" msgid "Enabled" msgstr "" +# conf/documentation.conf (services.httpd_mod_qos) +msgid "Enables mod_qos for the portal " +msgstr "" + # conf/documentation.conf (trapping.detection) msgid "" "Enables snort-based worm detection. If you don't have a span" @@ -954,6 +1130,14 @@ msgstr "" msgid "Engine ID" msgstr "" +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "English_Location_City" +msgstr "English Location City" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "English_Location_Name" +msgstr "English Location Name" + # html/pfappserver/root/violation/view.tt msgid "Enter the trigger ID" msgstr "" @@ -968,6 +1152,10 @@ msgstr "" msgid "Error!" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Field/ExtendedDuration.pm +msgid "Example" +msgstr "" + # html/pfappserver/root/configuration/authentication.tt msgid "Exclusive" msgstr "" @@ -980,6 +1168,10 @@ msgstr "" msgid "Expiration" msgstr "" +# html/pfappserver/root/configuration/wrix/index.tt +msgid "Export All" +msgstr "" + # html/pfappserver/root/configuration/authentication.tt msgid "External" msgstr "" @@ -988,10 +1180,6 @@ msgstr "" msgid "External Sources" msgstr "" -# pf::admin_roles (Groups) -msgid "FINGERPRINTS" -msgstr "Fingerprints" - # pf::admin_roles (Actions) msgid "FINGERPRINTS_READ" msgstr "Fingerprints - Read" @@ -1000,10 +1188,6 @@ msgstr "Fingerprints - Read" msgid "FINGERPRINTS_UPDATE" msgstr "Fingerprints - Update" -# pf::admin_roles (Groups) -msgid "FLOATING_DEVICES" -msgstr "Floating Devices" - # pf::admin_roles (Actions) msgid "FLOATING_DEVICES_CREATE" msgstr "Floating Devices - Create" @@ -1020,12 +1204,8 @@ msgstr "Floating Devices - Read" msgid "FLOATING_DEVICES_UPDATE" msgstr "Floating Devices - Update" -# conf/documentation.conf (guests_self_registration.mandatory_fields) -msgid "" - "Fields required to be filled in the self-registration form. Valid values are:" - "firstname, lastname, organization, phone, mobileprovider, email, " - "sponsor_email. Basic validation of minimally required values per guest mode " - "is provided by default." +# html/pfappserver/lib/pfappserver/Form/Interface.pm +msgid "Fake MAC Address" msgstr "" # html/pfappserver/root/portal/profile/files.tt @@ -1042,8 +1222,7 @@ msgid "Files" msgstr "" # html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm -# html/pfappserver/root/portal/profile/create.tt -# html/pfappserver/root/portal/profile/view.tt +# html/pfappserver/root/portal/profile/tab-content.tt # html/pfappserver/root/soh/read.tt msgid "Filter" msgstr "" @@ -1079,6 +1258,10 @@ msgstr "" msgid "Gateway" msgstr "" +# html/pfappserver/root/admin/users.tt +msgid "Gender" +msgstr "" + # html/pfappserver/root/configurator/configuration.tt msgid "General" msgstr "" @@ -1121,6 +1304,10 @@ msgid "" "in Apache rewriting rules and therefore must be resolvable by clients." msgstr "" +# html/pfappserver/root/configuration/wrix/view.tt +msgid "Hours" +msgstr "" + # conf/documentation.conf (trapping.redirtimer) msgid "" "How long to display the progress bar during trap release. Default value is " @@ -1136,10 +1323,6 @@ msgstr "" msgid "ID of the scanning configuration on the OpenVAS server" msgstr "" -# pf::admin_roles (Groups) -msgid "INTERFACES" -msgstr "Interfaces" - # pf::admin_roles (Actions) msgid "INTERFACES_CREATE" msgstr "Interfaces - Create" @@ -1161,7 +1344,6 @@ msgid "IP" msgstr "" # html/pfappserver/lib/pfappserver/Form/Config/FloatingDevice.pm -# html/pfappserver/lib/pfappserver/Form/Config/Switch.pm # html/pfappserver/lib/pfappserver/Form/Interface.pm # html/pfappserver/root/configuration/floatingdevice/list.tt # html/pfappserver/root/configuration/switch/list.tt @@ -1170,6 +1352,10 @@ msgstr "" msgid "IP Address" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Config/Switch.pm +msgid "IP Address/MAC Address" +msgstr "" + # html/pfappserver/root/admin/users.tt msgid "IP address" msgstr "" @@ -1180,6 +1366,8 @@ msgid "" "OS-level configuration but it does not make any OS-level changes." msgstr "" +# html/pfappserver/root/configstore/mdm/list.tt +# html/pfappserver/root/configuration/wrix/search_form.tt # html/pfappserver/root/roles/index.tt # html/pfappserver/root/soh/index.tt # html/pfappserver/root/violation/list.tt @@ -1187,6 +1375,7 @@ msgid "Id" msgstr "" # html/pfappserver/root/admin/configuration.tt +# html/pfappserver/root/configuration/wrix/view.tt msgid "Identification" msgstr "" @@ -1270,12 +1459,6 @@ msgstr "" msgid "Inline" msgstr "" -# conf/documentation.conf (inline.interfaceSNAT) -msgid "" - "Interface used to SNAT inline traffic. Multiple interfaces can be comma" - "separated." -msgstr "" - # html/pfappserver/root/interface/index.tt msgid "Interfaces & Networks" msgstr "" @@ -1292,6 +1475,17 @@ msgstr "" msgid "Interval at which Packetfence runs its maintenance tasks." msgstr "" +# conf/documentation.conf (general.cache_update_interval) +msgid "Interval at which Packetfence update the config cache" +msgstr "" + +# conf/documentation.conf (inline.level3_accounting_sync_interval) +msgid "" + "Interval at which pfbandwidthd (level 3 traffic only) should dump collected information into the database." + "This should be lower than the interval at which pfmon runs" + "Defaults to 41 seconds" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Node.pm msgid "Is a device" msgstr "" @@ -1314,6 +1508,14 @@ msgstr "" msgid "Keep The Same" msgstr "" +# html/pfappserver/root/admin/users.tt +msgid "Lang" +msgstr "" + +# html/pfappserver/root/portal/profile/tab-content.tt +msgid "Languages" +msgstr "" + # html/pfappserver/root/admin/users.tt msgid "Last Name" msgstr "" @@ -1325,18 +1527,33 @@ msgstr "" msgid "Lastname" msgstr "" +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Latitude" +msgstr "" + # html/pfappserver/root/admin/users.tt msgid "Legend" msgstr "" -# conf/documentation.conf (general.locale) -msgid "Locale used for message translation. More than one can be specified." +# conf/documentation.conf (guests_admin_registration.access_duration_choices) +msgid "" + "List of all the choices offered in the access duration action of an" + "authentication source." msgstr "" +# html/pfappserver/root/configuration/wrix/view.tt # html/pfappserver/root/node/view.tt msgid "Location" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm +msgid "Location Address 1" +msgstr "" + +# html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm +msgid "Location Address 2" +msgstr "" + # conf/documentation.conf (services.radiusd_binary) msgid "" "Location of the RADIUS binary. Only necessary to change if you are not" @@ -1383,6 +1600,42 @@ msgstr "" msgid "Location of the suricata binary." msgstr "" +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Location_Address1" +msgstr "Location Address1" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Location_Address2" +msgstr "Location Address2" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Location_Country_Name" +msgstr "Location Country Name" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Location_Identifier" +msgstr "Location Identifier" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Location_Phone_Number" +msgstr "Location Phone Number" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Location_State_Province_Name" +msgstr "Location State Province Name" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Location_Type" +msgstr "Location Type" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Location_URL" +msgstr "Location URL" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Location_Zip_Postal_Code" +msgstr "Location Zip Postal Code" + # conf/documentation.conf (alerting.log) msgid "Log file where \"log\" actions are sent." msgstr "" @@ -1411,11 +1664,18 @@ msgstr "" msgid "Logs" msgstr "" +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Longitude" +msgstr "" + +# html/pfappserver/root/configuration/wrix/view.tt +msgid "Longitude/Latitude" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Node.pm # html/pfappserver/root/configuration/floatingdevice/list.tt # html/pfappserver/root/user/view.tt # html/pfappserver/root/user/violations.tt -# pf::admin_roles (Groups) msgid "MAC" msgstr "" @@ -1436,6 +1696,10 @@ msgstr "" msgid "MAC address" msgstr "" +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "MAC_Address" +msgstr "MAC Address" + # pf::admin_roles (Actions) msgid "MAC_READ" msgstr "MAC Addresses - Read" @@ -1444,10 +1708,38 @@ msgstr "MAC Addresses - Read" msgid "MAC_UPDATE" msgstr "MAC Addresses - Update" +# html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm +msgid "MDM ID" +msgstr "" + +# html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm +msgid "MDM type" +msgstr "" + +# pf::admin_roles (Actions) +msgid "MDM_CREATE" +msgstr "MDM - Create" + +# pf::admin_roles (Actions) +msgid "MDM_DELETE" +msgstr "MDM - Delete" + +# pf::admin_roles (Actions) +msgid "MDM_READ" +msgstr "MDM - Read" + +# pf::admin_roles (Actions) +msgid "MDM_UPDATE" +msgstr "MDM - Update" + # html/pfappserver/root/admin/configuration.tt msgid "Main" msgstr "" +# html/pfappserver/root/portal/profile/tab-content.tt +msgid "Mandatory Fields" +msgstr "" + # html/pfappserver/root/node/create.tt msgid "Manually add nodes to the system." msgstr "" @@ -1475,6 +1767,14 @@ msgid "" "a minute without being flagged as DoS. Defaults to 100" msgstr "" +# html/pfappserver/root/configstore/mdm/view.tt +msgid "Mdm Entry" +msgstr "" + +# html/pfappserver/root/user/view.tt +msgid "Miscellaneous" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Config/Switch.pm # html/pfappserver/root/configuration/switch/list.tt msgid "Mode" @@ -1484,10 +1784,6 @@ msgstr "" msgid "Multiple" msgstr "" -# pf::admin_roles (Groups) -msgid "NODES" -msgstr "Nodes" - # pf::admin_roles (Actions) msgid "NODES_CREATE" msgstr "Nodes - Create" @@ -1583,6 +1879,10 @@ msgstr "" msgid "New Floating Device" msgstr "" +# html/pfappserver/root/configstore/mdm/view.tt +msgid "New Mdm Entry" +msgstr "" + # html/pfappserver/root/config/networks/view.tt msgid "New Network" msgstr "" @@ -1611,6 +1911,14 @@ msgstr "" msgid "New Violation" msgstr "" +# html/pfappserver/root/configuration/wrix/view.tt +msgid "New WRIX Information" +msgstr "" + +# html/pfappserver/root/admin/users.tt +msgid "Nickname" +msgstr "" + # html/pfappserver/root/node/view.tt msgid "No IP history" msgstr "" @@ -1631,6 +1939,10 @@ msgstr "" msgid "No location history" msgstr "" +# html/pfappserver/root/portal/profile/tab-content.tt +msgid "No mandatory fields specified." +msgstr "" + # html/pfappserver/root/configuration/macaddress/simple_search.tt msgid "No matching mac addresses" msgstr "" @@ -1680,7 +1992,7 @@ msgid "Node MAC" msgstr "" # html/pfappserver/root/admin/nodes.tt -msgid "Node category" +msgid "Node role" msgstr "" # html/pfappserver/root/admin/nodes.tt @@ -1690,6 +2002,7 @@ msgid "Nodes" msgstr "" # html/pfappserver/lib/pfappserver/Form/Authentication/Source/LDAP.pm +# html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm msgid "None" msgstr "" @@ -1719,6 +2032,7 @@ msgstr "" msgid "OS" msgstr "" +# html/pfappserver/root/admin/nodes.tt # html/pfappserver/root/user/view.tt msgid "OS (DHCP)" msgstr "" @@ -1727,6 +2041,38 @@ msgstr "" msgid "One-level" msgstr "" +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Open_Friday" +msgstr "Open Friday" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Open_Monday" +msgstr "Open Monday" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Open_Saturday" +msgstr "Open Saturday" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Open_Sunday" +msgstr "Open Sunday" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Open_Thursday" +msgstr "Open Thursday" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Open_Tuesday" +msgstr "Open Tuesday" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Open_Wednesday" +msgstr "Open Wednesday" + +# html/pfappserver/root/admin/users.tt +msgid "Organization" +msgstr "" + # html/pfappserver/root/admin/status.tt msgid "Overview" msgstr "" @@ -1736,10 +2082,6 @@ msgstr "" msgid "Owner" msgstr "" -# pf::admin_roles (Groups) -msgid "PORTAL_PROFILES" -msgstr "Portal Profiles" - # pf::admin_roles (Actions) msgid "PORTAL_PROFILES_CREATE" msgstr "Portal Profiles - Create" @@ -1758,6 +2100,7 @@ msgstr "Portal Profiles - Update" # html/pfappserver/lib/pfappserver/Form/Authentication/Source/LDAP.pm # html/pfappserver/lib/pfappserver/Form/Config/Switch.pm +# html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm # html/pfappserver/lib/pfappserver/Form/User/Create/Import.pm # html/pfappserver/lib/pfappserver/Form/User/Create/Single.pm # html/pfappserver/root/admin/login.tt @@ -1779,10 +2122,18 @@ msgstr "" msgid "Password for the mysql database used by PacketFence." msgstr "" +# html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm +msgid "Password required" +msgstr "" + # conf/documentation.conf (scan.pass) msgid "Password to log into scanning engine with." msgstr "" +# conf/documentation.conf (provisioning.certificate) +msgid "Path of the ca certificate" +msgstr "" + # conf/documentation.conf (trapping.wireless_ips_threshold) msgid "Percentage of matching you want to alert the admin on a wirelessIPS trap." msgstr "" @@ -1799,6 +2150,10 @@ msgstr "" msgid "Phone" msgstr "" +# html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm +msgid "Please select MDM type" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Config/Switch.pm msgid "Please select the type of the switch." msgstr "" @@ -1831,8 +2186,16 @@ msgstr "Please specify an identifier for the violation." msgid "Please specify the DNS server" msgstr "" +# html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm +msgid "Please specify the Description Mdm entry." +msgstr "" + +# html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm +msgid "Please specify the ID of the Mdm entry." +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Config/Switch.pm -msgid "Please specify the IP address of the switch." +msgid "Please specify the IP address/MAC address of the switch." msgstr "" # html/pfappserver/lib/pfappserver/Form/Config/FloatingDevice.pm @@ -1917,6 +2280,7 @@ msgstr "" # html/pfappserver/lib/pfappserver/Form/Authentication/Source/Facebook.pm # html/pfappserver/lib/pfappserver/Form/Authentication/Source/Github.pm # html/pfappserver/lib/pfappserver/Form/Authentication/Source/Google.pm +# html/pfappserver/lib/pfappserver/Form/Config/Switch.pm msgid "Portal URL" msgstr "" @@ -1995,6 +2359,10 @@ msgstr "" msgid "Profile Name" msgstr "" +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Provider_Identifier" +msgstr "Provider Identifier" + # html/pfappserver/lib/pfappserver/Form/User/Create/Multiple.pm msgid "Quantity" msgstr "" @@ -2004,10 +2372,13 @@ msgid "RADIUS" msgstr "" # pf::admin_roles (Actions) -# pf::admin_roles (Groups) msgid "REPORTS" msgstr "Reports" +# html/pfappserver/root/configstore/mdm/index.tt +msgid "Really delete this Mdm entry?" +msgstr "" + # html/pfappserver/root/configuration/adminroles/index.tt msgid "Really delete this admin role?" msgstr "" @@ -2044,6 +2415,10 @@ msgstr "" msgid "Really delete this violation?" msgstr "" +# html/pfappserver/root/configuration/wrix/index.tt +msgid "Really delete this wrix entry?" +msgstr "" + # html/pfappserver/root/portal/profile/edit.tt msgid "Really dismiss changes?" msgstr "" @@ -2069,11 +2444,11 @@ msgid "Reconnecting to the Admin Service in " msgstr "" # html/pfappserver/lib/pfappserver/Form/Portal/Common.pm +# html/pfappserver/lib/pfappserver/Form/Violation.pm msgid "Redirection URL" msgstr "" -# html/pfappserver/root/node/advanced_search.tt -# html/pfappserver/root/node/simple_search.tt +# html/pfappserver/root/admin/bulk_actions.inc msgid "Register" msgstr "" @@ -2087,6 +2462,14 @@ msgstr "" msgid "Registration Window" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Field/ExtendedDuration.pm +msgid "Relative to the beginning of the day" +msgstr "" + +# html/pfappserver/lib/pfappserver/Form/Field/ExtendedDuration.pm +msgid "Relative to the beginning of the period" +msgstr "" + # html/pfappserver/root/node/violations.tt msgid "Release" msgstr "" @@ -2096,6 +2479,14 @@ msgstr "" msgid "Release Date" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Node.pm +msgid "Remaining Access Time" +msgstr "" + +# html/pfappserver/lib/pfappserver/Form/Node.pm +msgid "Remaining Bandwidth" +msgstr "" + # conf/documentation.conf (scan.nessus_port) msgid "" "Remote port of the Nessus scanning engine. Default value should be fine in " @@ -2122,8 +2513,7 @@ msgstr "" # html/pfappserver/root/authentication/source/read.tt # html/pfappserver/root/configuration/section.tt -# html/pfappserver/root/portal/profile/create.tt -# html/pfappserver/root/portal/profile/view.tt +# html/pfappserver/root/portal/profile/tab-content.tt msgid "Reset" msgstr "" @@ -2139,6 +2529,10 @@ msgstr "" msgid "Restart All" msgstr "" +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Restricted_Access" +msgstr "Restricted Access" + # html/pfappserver/root/node/advanced_search.tt # html/pfappserver/root/node/simple_search.tt # html/pfappserver/root/user/advanced_search.tt @@ -2198,6 +2592,10 @@ msgstr "" msgid "Roles" msgstr "" +# html/pfappserver/root/admin/users.tt +msgid "Room Number" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Config/Network/Routed.pm msgid "Routed Network" msgstr "" @@ -2219,7 +2617,6 @@ msgid "Rules" msgstr "" # pf::admin_roles (Actions) -# pf::admin_roles (Groups) msgid "SERVICES" msgstr "Services" @@ -2231,10 +2628,6 @@ msgstr "" msgid "SNMP" msgstr "" -# pf::admin_roles (Groups) -msgid "SOH" -msgstr "SoH Filters" - # pf::admin_roles (Actions) msgid "SOH_CREATE" msgstr "SoH Filters - Create" @@ -2252,10 +2645,27 @@ msgid "SOH_UPDATE" msgstr "SoH Filters - Update" # html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm +# html/pfappserver/root/configuration/wrix/view.tt # pf::Authentication::Source (common_attributes) msgid "SSID" msgstr "SSID" +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "SSID_1X" +msgstr "SSID 1X" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "SSID_1X_Broadcasted" +msgstr "SSID 1X Broadcasted" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "SSID_Broadcasted" +msgstr "SSID Broadcasted" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "SSID_Open_Auth" +msgstr "SSID Open Auth" + # html/pfappserver/lib/pfappserver/Form/Authentication/Source/LDAP.pm msgid "SSL" msgstr "" @@ -2264,10 +2674,6 @@ msgstr "" msgid "SWITCH" msgstr "" -# pf::admin_roles (Groups) -msgid "SWITCHES" -msgstr "Switches" - # pf::admin_roles (Actions) msgid "SWITCHES_CREATE" msgstr "Switches - Create" @@ -2284,21 +2690,21 @@ msgstr "Switches - Read" msgid "SWITCHES_UPDATE" msgstr "Switches - Update" -# html/pfappserver/root/admin/nodes.tt -# html/pfappserver/root/admin/users.tt +# html/pfappserver/root/admin/saved_search.inc # html/pfappserver/root/authentication/source/read.tt # html/pfappserver/root/authentication/source/rule_read.tt # html/pfappserver/root/config/networks/view.tt +# html/pfappserver/root/configstore/mdm/view.tt # html/pfappserver/root/configuration/adminroles/view.tt # html/pfappserver/root/configuration/floatingdevice/view.tt # html/pfappserver/root/configuration/section.tt # html/pfappserver/root/configuration/switch/view.tt +# html/pfappserver/root/configuration/wrix/view.tt # html/pfappserver/root/configurator/database.tt # html/pfappserver/root/interface/view.tt # html/pfappserver/root/node/view.tt -# html/pfappserver/root/portal/profile/create.tt # html/pfappserver/root/portal/profile/edit.tt -# html/pfappserver/root/portal/profile/view.tt +# html/pfappserver/root/portal/profile/tab-content.tt # html/pfappserver/root/roles/read.tt # html/pfappserver/root/soh/read.tt # html/pfappserver/root/user/view.tt @@ -2311,8 +2717,7 @@ msgstr "" msgid "Save Profile" msgstr "" -# html/pfappserver/root/admin/nodes.tt -# html/pfappserver/root/admin/users.tt +# html/pfappserver/root/admin/saved_search.inc msgid "Save Search" msgstr "" @@ -2333,9 +2738,11 @@ msgstr "" # html/pfappserver/root/authentication/source/read.tt # html/pfappserver/root/authentication/source/rule_read.tt # html/pfappserver/root/config/networks/view.tt +# html/pfappserver/root/configstore/mdm/view.tt # html/pfappserver/root/configuration/adminroles/view.tt # html/pfappserver/root/configuration/floatingdevice/view.tt # html/pfappserver/root/configuration/switch/view.tt +# html/pfappserver/root/configuration/wrix/view.tt # html/pfappserver/root/interface/view.tt # html/pfappserver/root/node/view.tt # html/pfappserver/root/roles/read.tt @@ -2362,6 +2769,7 @@ msgstr "" # html/pfappserver/root/admin/nodes.tt # html/pfappserver/root/admin/users.tt +# html/pfappserver/root/configuration/wrix/search_form.tt msgid "Search" msgstr "" @@ -2377,6 +2785,10 @@ msgstr "" msgid "Secret Passphrase" msgstr "" +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Security_Protocol_1X" +msgstr "Security Protocol 1X" + # html/pfappserver/root/node/violations.tt msgid "Select a violation" msgstr "" @@ -2401,6 +2813,10 @@ msgid "" "you don't change it!" msgstr "" +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Service_Provider_Brand" +msgstr "Service Provider Brand" + # html/pfappserver/root/admin/status.tt # html/pfappserver/root/service/status.tt msgid "Services" @@ -2436,6 +2852,22 @@ msgstr "" msgid "Should have to reauthenticate the node if vlan change" msgstr "" +# conf/documentation.conf (services.httpd_admin) +msgid "Should httpd.admin be started ? Keep enabled unless you know what you're doing." +msgstr "" + +# conf/documentation.conf (services.httpd_portal) +msgid "Should httpd.portal be started ? Keep enabled unless you know what you're doing." +msgstr "" + +# conf/documentation.conf (services.httpd_proxy) +msgid "Should httpd.proxy be started ? Keep enabled unless you know what you're doing." +msgstr "" + +# conf/documentation.conf (services.httpd_webservices) +msgid "Should httpd.webservices be started ? Keep enabled unless you know what you're doing." +msgstr "" + # conf/documentation.conf (services.iptables) msgid "Should iptables be managed by PacketFence? Keep enabled unless you know what you're doing." msgstr "" @@ -2450,6 +2882,10 @@ msgid "" "stopped" msgstr "" +# conf/documentation.conf (services.pfbandwidthd) +msgid "Should pfbandwidthd be managed by PacketFence?" +msgstr "" + # conf/documentation.conf (servicewatch.restart) msgid "" "Should pfcmd service pf watch restart PF when services are not running?" @@ -2466,14 +2902,36 @@ msgid "" "*/5 * * * * /usr/local/pf/bin/pfcmd service pf watch" msgstr "" +# conf/documentation.conf (services.pfdhcplistener) +msgid "Should pfdhcplistener be started ? Keep enabled unless you know what you're doing." +msgstr "" + # conf/documentation.conf (services.pfdns) msgid "Should pfdns be managed by PacketFence?" msgstr "" +# conf/documentation.conf (services.pfmon) +msgid "Should pfmon be started ? Keep enabled unless you know what you're doing." +msgstr "" + +# conf/documentation.conf (services.pfsetvlan) +msgid "Should pfsetvlan be started ? Keep enabled unless you know what you're doing." +msgstr "" + # conf/documentation.conf (services.radiusd) msgid "Should radiusd be managed by PacketFence?" msgstr "" +# conf/documentation.conf (services.snmptrapd) +msgid "Should snmptrapd be started ? Keep enabled unless you know what you're doing." +msgstr "" + +# conf/documentation.conf (inline.accounting) +msgid "" + "Should we handle accouting data for inline clients?" + "This controls inline accouting tasks in pfmon." +msgstr "" + # html/pfappserver/root/portal/profile/edit.tt msgid "Show line numbers" msgstr "" @@ -2500,8 +2958,7 @@ msgstr "" msgid "Source switch IP" msgstr "" -# html/pfappserver/root/portal/profile/create.tt -# html/pfappserver/root/portal/profile/view.tt +# html/pfappserver/root/portal/profile/tab-content.tt msgid "Sources" msgstr "" @@ -2512,8 +2969,8 @@ msgstr "" # conf/documentation.conf (guests_self_registration.sponsorship_cc) msgid "" - "Sponsors requesting access and access confirmation emails are CC'ed to this" - "address. Multiple destinations can be comma separated." + "Sponsors requesting access and access confirmation emails are CC'ed to those" + "addresses. Multiple destinations can be comma separated." msgstr "" # html/pfappserver/root/node/view.tt @@ -2571,6 +3028,10 @@ msgstr "" msgid "Stop Anyway" msgstr "" +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "Sub_Location_Type" +msgstr "Sub Location Type" + # conf/documentation.conf (alerting.subjectprefix) msgid "" "Subject prefix for email notifications of rogue DHCP servers," @@ -2627,6 +3088,10 @@ msgstr "" msgid "Telephone" msgstr "" +# html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm +msgid "Tem" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Violation.pm msgid "Template" msgstr "" @@ -2637,10 +3102,18 @@ msgstr "" msgid "Test" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm +msgid "The ID of the Switch" +msgstr "" + # conf/documentation.conf (registration.button_text) msgid "The button text will appear on the registration page submit button" msgstr "" +# conf/documentation.conf (billing.mirapay_currency) +msgid "The currency of the mirapay transactions" +msgstr "" + # html/pfappserver/root/user/list_password.tt msgid "The following user have been created" msgstr "" @@ -2649,10 +3122,28 @@ msgstr "" msgid "The following users have been created" msgstr "" +# conf/documentation.conf (billing.mirapay_hash_password) +msgid "The hash password for mirapay" +msgstr "" + # conf/documentation.conf (provisioning.ssid) msgid "The hidden SSID where the user should connect to after registration" msgstr "" +# conf/documentation.conf (services.httpd_mod_qos_maximum_connections_per_device) +msgid "The maximum connections per device " +msgstr "" + +# conf/documentation.conf (services.memcached_memory_usage) +msgid "The maximum of memory that memcached will use" +msgstr "" + +# conf/documentation.conf (services.memcached_max_item_size) +msgid "" + "The maximum of size of the items allowed to be stored" + "Must between 1k and 128m" +msgstr "" + # conf/documentation.conf (billing.authorizenet_login) msgid "The merchant's unique API Login ID (Provided by Authorize.net)" msgstr "" @@ -2678,14 +3169,26 @@ msgstr "" msgid "The payment gateway processing URL (Provided by Authorize.net)" msgstr "" +# conf/documentation.conf (billing.mirapay_url) +msgid "The payment gateway processing URL for mirapay" +msgstr "" + # conf/documentation.conf (billing.gateway) msgid "The payment gateway to process the payments" msgstr "" -# conf/documentation.conf (registration.gaming_devices_registration_role) +# conf/documentation.conf (registration.device_registration_role) msgid "The role to assign to gaming devices. If none is selected, the role of the registrant is used." msgstr "" +# conf/documentation.conf (billing.mirapay_terminal_id) +msgid "The terminal id for mirapay" +msgstr "" + +# conf/documentation.conf (billing.mirapay_terminal_id_group) +msgid "The terminal id group for mirapay" +msgstr "" + # html/pfappserver/root/user/create.tt msgid "The usernames are constructed from the prefix and the quantity. For example, setting the prefix to guest and the quantity to 3 creates usernames guest1, guest2 and guest3. Random passwords will be created." msgstr "" @@ -2702,12 +3205,6 @@ msgstr "" msgid "The webservices user name" msgstr "" -# conf/documentation.conf (guests_admin_registration.access_duration_choices) -msgid "" - "These are all the choices offered in the access duration action of an" - "authentication source." -msgstr "" - # conf/documentation.conf (captive_portal.network_detection_ip) msgid "" "This IP is used as the webserver who hosts the " @@ -2766,6 +3263,10 @@ msgid "" "traplog=180d" msgstr "" +# html/pfappserver/root/admin/users.tt +msgid "Title" +msgstr "" + # html/pfappserver/root/admin/nodes.tt # html/pfappserver/root/graph/dashboard.tt # html/pfappserver/root/graph/report.tt @@ -2804,18 +3305,18 @@ msgstr "" msgid "Type" msgstr "" -# pf::admin_roles (Groups) -msgid "USERAGENTS" -msgstr "Useragents" +# html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm +msgid "URI" +msgstr "" + +# conf/documentation.conf (billing.mirapay_currency options) +msgid "USD" +msgstr "" # pf::admin_roles (Actions) msgid "USERAGENTS_READ" msgstr "Useragents - Read" -# pf::admin_roles (Groups) -msgid "USERS" -msgstr "Users" - # pf::admin_roles (Actions) msgid "USERS_CREATE" msgstr "Users - Create" @@ -2828,10 +3329,6 @@ msgstr "Users - Delete" msgid "USERS_READ" msgstr "Users - Read" -# pf::admin_roles (Groups) -msgid "USERS_ROLES" -msgstr "Users Roles" - # pf::admin_roles (Actions) msgid "USERS_ROLES_CREATE" msgstr "Users Roles - Create" @@ -2848,10 +3345,6 @@ msgstr "Users Roles - Read" msgid "USERS_ROLES_UPDATE" msgstr "Users Roles - Update" -# pf::admin_roles (Groups) -msgid "USERS_SOURCES" -msgstr "Users Sources" - # pf::admin_roles (Actions) msgid "USERS_SOURCES_CREATE" msgstr "Users Sources - Create" @@ -2872,12 +3365,9 @@ msgstr "Users Sources - Update" msgid "USERS_UPDATE" msgstr "Users - Update" -# conf/documentation.conf (trapping.always_use_redirecturl) -msgid "" - "Under most circumstances we can redirect the user to the URL he originally " - "intended to visit. When enabled, always_use_redirecturl forces the captive " - "portal to redirect the user to the URL defined in trapping.redirecturl instead." -msgstr "" +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "UTC_Timezone" +msgstr "UTC Timezone" # html/pfappserver/lib/pfappserver/Form/Node.pm msgid "Unregistration" @@ -2907,6 +3397,14 @@ msgstr "" msgid "Upload failed" msgstr "" +# html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm +msgid "Uri" +msgstr "" + +# html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm +msgid "Uri required" +msgstr "" + # html/pfappserver/root/user/view.tt msgid "User" msgstr "" @@ -2943,6 +3441,10 @@ msgstr "" msgid "User agent" msgstr "" +# html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm +msgid "User name" +msgstr "" + # html/pfappserver/root/node/view.tt msgid "User-Agent Information" msgstr "" @@ -2967,6 +3469,10 @@ msgstr "" msgid "Username Prefix" msgstr "" +# html/pfappserver/lib/pfappserver/Form/ConfigStore/Mdm.pm +msgid "Username Required" +msgstr "" + # conf/documentation.conf (database.user) msgid "" "Username of the account with access to the mysql database used by" @@ -2983,10 +3489,6 @@ msgstr "" msgid "Users" msgstr "" -# pf::admin_roles (Groups) -msgid "VIOLATIONS" -msgstr "Violations" - # pf::admin_roles (Actions) msgid "VIOLATIONS_CREATE" msgstr "Violations - Create" @@ -3050,12 +3552,44 @@ msgstr "" msgid "Voice Over IP (yes/no)" msgstr "" +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "WEP_Key" +msgstr "WEP Key" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "WEP_Key_Entry_Method" +msgstr "WEP Key Entry Method" + +# html/pfappserver/root/configuration/wrix/search_form.tt +msgid "WEP_Key_Size" +msgstr "WEP Key Size" + # conf/documentation.conf (alerting.wins_server) msgid "" "WINS server to resolve NetBIOS name of administrative workstation to" "IP address." msgstr "" +# html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm +msgid "WPA Enterprise" +msgstr "" + +# html/pfappserver/lib/pfappserver/Form/Config/Wrix.pm +msgid "WPA2" +msgstr "" + +# html/pfappserver/root/configuration/wrix/index.tt +msgid "WRIX" +msgstr "" + +# html/pfappserver/root/configuration/wrix/list.tt +msgid "WRIX Identifer" +msgstr "" + +# html/pfappserver/root/configuration/wrix/view.tt +msgid "WRIX Information" +msgstr "" + # html/pfappserver/root/service/status.tt msgid "Warning" msgstr "" @@ -3109,12 +3643,19 @@ msgstr "" msgid "With no condition, the inline mode will never be activated." msgstr "" -# html/pfappserver/root/portal/profile/view.tt -msgid "With no source specified, all internal sources will be used." +# html/pfappserver/root/portal/profile/tab-content.tt +msgid "With no language specified, all supported locales will be available." msgstr "" -# html/pfappserver/root/portal/profile/create.tt -# html/pfappserver/root/portal/profile/view.tt +# html/pfappserver/root/portal/profile/tab-content.tt +msgid "With no mandatory fields specified, the mandatory fields of the default profile will be used." +msgstr "" + +# html/pfappserver/root/portal/profile/tab-content.tt +msgid "With no source specified, all internal and external sources will be used." +msgstr "" + +# html/pfappserver/root/portal/profile/tab-content.tt msgid "With no source specified, the sources of the default profile will be used." msgstr "" @@ -3122,6 +3663,10 @@ msgstr "" msgid "Without condition, this rule will act as a catch-all." msgstr "" +# html/pfappserver/root/admin/users.tt +msgid "Work phone" +msgstr "" + # html/pfappserver/root/configurator/networks.tt msgid "Your gateway IP address to access Internet." msgstr "" @@ -3146,10 +3691,26 @@ msgstr "Output" msgid "accttotal" msgstr "Total" +# html/pfappserver/lib/pfappserver/Form/Field/Duration.pm +msgid "add" +msgstr "" + # conf/documentation.conf msgid "advanced" msgstr "Advanced" +# conf/documentation.conf +msgid "advanced.pfcmd_error_color" +msgstr "Error color" + +# conf/documentation.conf +msgid "advanced.pfcmd_success_color" +msgstr "Warning color" + +# conf/documentation.conf +msgid "advanced.pfcmd_warning_color" +msgstr "Success color" + # conf/documentation.conf msgid "advanced.reevaluate_access_reasons" msgstr "Reevaluate access reasons" @@ -3188,6 +3749,7 @@ msgstr "WINS server" # html/pfappserver/lib/pfappserver/Form/Authentication/Rule.pm # html/pfappserver/root/admin/nodes.tt +# html/pfappserver/root/configuration/wrix/search_form.tt msgid "all" msgstr "" @@ -3195,8 +3757,13 @@ msgstr "" msgid "always" msgstr "Always" +# html/pfappserver/lib/pfappserver/Form/Field/ExtendedDuration.pm +msgid "and" +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Authentication/Rule.pm # html/pfappserver/root/admin/nodes.tt +# html/pfappserver/root/configuration/wrix/search_form.tt msgid "any" msgstr "" @@ -3214,7 +3781,7 @@ msgstr "Billing" # conf/documentation.conf msgid "billing.authorizenet_login" -msgstr "Authorize.net login" +msgstr "Authorize.net API Login ID" # conf/documentation.conf msgid "billing.authorizenet_posturl" @@ -3222,12 +3789,42 @@ msgstr "Authorize.net URL" # conf/documentation.conf msgid "billing.authorizenet_trankey" -msgstr "Authorize.net key" +msgstr "Authorize.net Transaction Key" # conf/documentation.conf msgid "billing.gateway" msgstr "Gateway" +# conf/documentation.conf +msgid "billing.mirapay_currency" +msgstr "Mirapay currency" + +# conf/documentation.conf +msgid "billing.mirapay_hash_password" +msgstr "Mirapay password" + +# conf/documentation.conf +msgid "billing.mirapay_terminal_id" +msgstr "Mirapay terminal id" + +# conf/documentation.conf +msgid "billing.mirapay_terminal_id_group" +msgstr "Mirapay terminal group id" + +# conf/documentation.conf +msgid "billing.mirapay_url" +msgstr "Mirapay URL" + +# conf/documentation.conf (advanced.pfcmd_error_color options) +# conf/documentation.conf (advanced.pfcmd_success_color options) +# conf/documentation.conf (advanced.pfcmd_warning_color options) +msgid "blue" +msgstr "" + +# html/pfappserver/root/node/view.tt +msgid "bytes" +msgstr "" + # pf::pfcmd::report (report_nodebandwidth) msgid "callingstationid" msgstr "MAC Address" @@ -3277,6 +3874,12 @@ msgstr "" msgid "current_time" msgstr "Current time" +# conf/documentation.conf (advanced.pfcmd_error_color options) +# conf/documentation.conf (advanced.pfcmd_success_color options) +# conf/documentation.conf (advanced.pfcmd_warning_color options) +msgid "cyan" +msgstr "" + # conf/documentation.conf msgid "database" msgstr "Database" @@ -3305,10 +3908,6 @@ msgstr "User" msgid "days" msgstr "" -# conf/documentation.conf (general.locale options) -msgid "de_DE" -msgstr "" - # html/pfappserver/root/portal/profile/index.tt msgid "default" msgstr "" @@ -3340,20 +3939,34 @@ msgstr "" # conf/documentation.conf (captive_portal.network_detection options) # conf/documentation.conf (captive_portal.secure_redirect options) +# conf/documentation.conf (expire.httpd_admin options) +# conf/documentation.conf (expire.httpd_portal options) # conf/documentation.conf (guests_self_registration.preregistration options) +# conf/documentation.conf (inline.accounting options) # conf/documentation.conf (inline.should_reauth_on_vlan_change options) # conf/documentation.conf (network.dhcpdetector options) # conf/documentation.conf (network.dhcpoption82logger options) # conf/documentation.conf (network.rogue_dhcp_detection options) # conf/documentation.conf (provisioning.autoconfig options) -# conf/documentation.conf (registration.gaming_devices_registration options) +# conf/documentation.conf (registration.device_registration options) # conf/documentation.conf (scan.dot1x options) # conf/documentation.conf (scan.registration options) # conf/documentation.conf (services.dhcpd options) +# conf/documentation.conf (services.httpd_admin options) +# conf/documentation.conf (services.httpd_mod_qos options) +# conf/documentation.conf (services.httpd_mod_qos_maximum_connections_per_device options) +# conf/documentation.conf (services.httpd_portal options) +# conf/documentation.conf (services.httpd_proxy options) +# conf/documentation.conf (services.httpd_webservices options) # conf/documentation.conf (services.iptables options) # conf/documentation.conf (services.memcached options) +# conf/documentation.conf (services.pfbandwidthd options) +# conf/documentation.conf (services.pfdhcplistener options) # conf/documentation.conf (services.pfdns options) +# conf/documentation.conf (services.pfmon options) +# conf/documentation.conf (services.pfsetvlan options) # conf/documentation.conf (services.radiusd options) +# conf/documentation.conf (services.snmptrapd options) # conf/documentation.conf (servicewatch.email options) # conf/documentation.conf (servicewatch.restart options) # conf/documentation.conf (trapping.detection options) @@ -3382,7 +3995,6 @@ msgid "eduPersonPrimaryAffiliation" msgstr "" # conf/documentation.conf (guests_self_registration.guest_pid options) -# conf/documentation.conf (guests_self_registration.mandatory_fields options) # conf/documentation.conf (vlan.trap_limit_action options) msgid "email" msgstr "" @@ -3391,26 +4003,36 @@ msgstr "" msgid "email_action" msgstr "Send email" -# conf/documentation.conf (general.locale options) -msgid "en_US" -msgstr "" - # conf/documentation.conf (captive_portal.network_detection options) # conf/documentation.conf (captive_portal.secure_redirect options) +# conf/documentation.conf (expire.httpd_admin options) +# conf/documentation.conf (expire.httpd_portal options) # conf/documentation.conf (guests_self_registration.preregistration options) +# conf/documentation.conf (inline.accounting options) # conf/documentation.conf (inline.should_reauth_on_vlan_change options) # conf/documentation.conf (network.dhcpdetector options) # conf/documentation.conf (network.dhcpoption82logger options) # conf/documentation.conf (network.rogue_dhcp_detection options) # conf/documentation.conf (provisioning.autoconfig options) -# conf/documentation.conf (registration.gaming_devices_registration options) +# conf/documentation.conf (registration.device_registration options) # conf/documentation.conf (scan.dot1x options) # conf/documentation.conf (scan.registration options) # conf/documentation.conf (services.dhcpd options) +# conf/documentation.conf (services.httpd_admin options) +# conf/documentation.conf (services.httpd_mod_qos options) +# conf/documentation.conf (services.httpd_mod_qos_maximum_connections_per_device options) +# conf/documentation.conf (services.httpd_portal options) +# conf/documentation.conf (services.httpd_proxy options) +# conf/documentation.conf (services.httpd_webservices options) # conf/documentation.conf (services.iptables options) # conf/documentation.conf (services.memcached options) +# conf/documentation.conf (services.pfbandwidthd options) +# conf/documentation.conf (services.pfdhcplistener options) # conf/documentation.conf (services.pfdns options) +# conf/documentation.conf (services.pfmon options) +# conf/documentation.conf (services.pfsetvlan options) # conf/documentation.conf (services.radiusd options) +# conf/documentation.conf (services.snmptrapd options) # conf/documentation.conf (servicewatch.email options) # conf/documentation.conf (servicewatch.restart options) # conf/documentation.conf (trapping.detection options) @@ -3429,6 +4051,7 @@ msgstr "" # html/pfappserver/root/admin/nodes.tt # html/pfappserver/root/admin/users.tt +# html/pfappserver/root/configuration/wrix/search_form.tt msgid "ends with" msgstr "" @@ -3436,14 +4059,18 @@ msgstr "" msgid "equals" msgstr "" -# conf/documentation.conf (general.locale options) -msgid "es_ES" -msgstr "" - # conf/documentation.conf msgid "expire" msgstr "Expiration" +# conf/documentation.conf +msgid "expire.httpd_admin" +msgstr "Admin sessions expiration" + +# conf/documentation.conf +msgid "expire.httpd_portal" +msgstr "Portal sessions expiration" + # conf/documentation.conf msgid "expire.iplog" msgstr "IP/MAC logs" @@ -3464,18 +4091,14 @@ msgstr "Trap logs" msgid "external_action" msgstr "External command" -# conf/documentation.conf (guests_self_registration.mandatory_fields options) -msgid "firstname" -msgstr "" - -# conf/documentation.conf (general.locale options) -msgid "fr_FR" -msgstr "" - # conf/documentation.conf msgid "general" msgstr "General" +# conf/documentation.conf +msgid "general.cache_update_interval" +msgstr "Cache update interval" + # conf/documentation.conf msgid "general.dhcpservers" msgstr "DHCP servers" @@ -3492,10 +4115,6 @@ msgstr "Domain" msgid "general.hostname" msgstr "Hostname" -# conf/documentation.conf -msgid "general.locale" -msgstr "Locale" - # conf/documentation.conf msgid "general.maintenance_interval" msgstr "Maintenance interval" @@ -3513,6 +4132,12 @@ msgstr "Timezone" msgid "givenName" msgstr "" +# conf/documentation.conf (advanced.pfcmd_error_color options) +# conf/documentation.conf (advanced.pfcmd_success_color options) +# conf/documentation.conf (advanced.pfcmd_warning_color options) +msgid "green" +msgstr "" + # conf/documentation.conf msgid "guests_admin_registration" msgstr "Admin Registration" @@ -3533,10 +4158,6 @@ msgstr "Self registration" msgid "guests_self_registration.guest_pid" msgstr "PID" -# conf/documentation.conf -msgid "guests_self_registration.mandatory_fields" -msgstr "Mandatory fields" - # conf/documentation.conf msgid "guests_self_registration.preregistration" msgstr "Preregistration" @@ -3545,10 +4166,6 @@ msgstr "Preregistration" msgid "guests_self_registration.sponsorship_cc" msgstr "Sponsorship CC" -# conf/documentation.conf (general.locale options) -msgid "he_IL" -msgstr "" - # conf/documentation.conf (interface.type options) msgid "high-availability" msgstr "" @@ -3568,12 +4185,24 @@ msgstr "" # conf/documentation.conf (interface.enforcement options) # pf::config (Network types) msgid "inline" -msgstr "Inline" +msgstr "inline" + +# conf/documentation.conf +msgid "inline.accounting" +msgstr "Accounting" # conf/documentation.conf msgid "inline.interfaceSNAT" msgstr "SNAT Interface" +# conf/documentation.conf +msgid "inline.level3_accounting_session_timeout" +msgstr "Accounting session timeout" + +# conf/documentation.conf +msgid "inline.level3_accounting_sync_interval" +msgstr "Accounting sync interval" + # conf/documentation.conf msgid "inline.ports_redirect" msgstr "Ports redirect" @@ -3582,6 +4211,14 @@ msgstr "Ports redirect" msgid "inline.should_reauth_on_vlan_change" msgstr "Reauthenticate node" +# conf/documentation.conf (interface.enforcement options) +msgid "inlinel2" +msgstr "Inline Level 2" + +# conf/documentation.conf (interface.enforcement options) +msgid "inlinel3" +msgstr "Inline Level 3" + # conf/documentation.conf msgid "interface" msgstr "" @@ -3609,6 +4246,7 @@ msgstr "Internal" # html/pfappserver/root/admin/nodes.tt # html/pfappserver/root/admin/users.tt +# html/pfappserver/root/configuration/wrix/search_form.tt # pf::Authentication::constants (Conditions) msgid "is" msgstr "" @@ -3627,18 +4265,11 @@ msgstr "" # html/pfappserver/root/admin/nodes.tt # html/pfappserver/root/admin/users.tt +# html/pfappserver/root/configuration/wrix/search_form.tt # pf::Authentication::constants (Conditions) msgid "is not" msgstr "" -# conf/documentation.conf (general.locale options) -msgid "it_IT" -msgstr "" - -# conf/documentation.conf (guests_self_registration.mandatory_fields options) -msgid "lastname" -msgstr "" - # pf::action (VIOLATION_ACTIONS) msgid "log_action" msgstr "Log message" @@ -3656,6 +4287,12 @@ msgstr "" msgid "mac" msgstr "MAC Address" +# conf/documentation.conf (advanced.pfcmd_error_color options) +# conf/documentation.conf (advanced.pfcmd_success_color options) +# conf/documentation.conf (advanced.pfcmd_warning_color options) +msgid "magenta" +msgstr "" + # pf::Authentication::Source::ADSource (available_attributes) # pf::Authentication::Source::LDAPSource (available_attributes) msgid "mail" @@ -3701,6 +4338,7 @@ msgstr "Mark as sponsor" # html/pfappserver/root/admin/nodes.tt # html/pfappserver/root/admin/users.tt +# html/pfappserver/root/configuration/wrix/search_form.tt msgid "matches" msgstr "" @@ -3717,9 +4355,9 @@ msgstr "" msgid "minutes" msgstr "" -# conf/documentation.conf (guests_self_registration.mandatory_fields options) -msgid "mobileprovider" -msgstr "" +# conf/documentation.conf (billing.gateway options) +msgid "mirapay" +msgstr "Mirapay" # conf/documentation.conf (interface.type options) msgid "monitor" @@ -3746,6 +4384,10 @@ msgstr "DHCP detector" msgid "network.dhcpoption82logger" msgstr "DHCP option82" +# conf/documentation.conf +msgid "network.interfaceSNAT" +msgstr "SNAT Interface" + # conf/documentation.conf msgid "network.rogue_dhcp_detection" msgstr "Rogue DHCP detection" @@ -3754,10 +4396,6 @@ msgstr "Rogue DHCP detection" msgid "network.rogueinterval" msgstr "Rogue interval" -# conf/documentation.conf (general.locale options) -msgid "nl_NL" -msgstr "" - # conf/documentation.conf (node_import.voip options) msgid "no" msgstr "" @@ -3792,10 +4430,6 @@ msgstr "(None)" msgid "openvas" msgstr "OpenVAS" -# conf/documentation.conf (guests_self_registration.mandatory_fields options) -msgid "organization" -msgstr "" - # pf::config (VALID_TRIGGER_TYPES) msgid "os" msgstr "OS" @@ -3813,7 +4447,6 @@ msgid "pfcmd_vlan" msgstr "" # conf/documentation.conf (guests_self_registration.guest_pid options) -# conf/documentation.conf (guests_self_registration.mandatory_fields options) msgid "phone" msgstr "" @@ -3821,10 +4454,6 @@ msgstr "" msgid "phonenumber" msgstr "" -# conf/documentation.conf (general.locale options) -msgid "pl_PL" -msgstr "" - # html/pfappserver/root/node/view.tt # pf::config (Inline triggers) msgid "port" @@ -3842,7 +4471,7 @@ msgstr "Admin" msgid "ports.soap" msgstr "" -# pf::SNMP::constants (Modes) +# pf::Switch::constants (Modes) msgid "production" msgstr "Production" @@ -3858,6 +4487,10 @@ msgstr "Auto-configure" msgid "provisioning.category" msgstr "Category" +# conf/documentation.conf +msgid "provisioning.certificate" +msgstr "Certificate" + # conf/documentation.conf msgid "provisioning.ssid" msgstr "SSID" @@ -3866,8 +4499,10 @@ msgstr "SSID" msgid "proxies" msgstr "Proxies" -# conf/documentation.conf (general.locale options) -msgid "pt_BR" +# conf/documentation.conf (advanced.pfcmd_error_color options) +# conf/documentation.conf (advanced.pfcmd_success_color options) +# conf/documentation.conf (advanced.pfcmd_warning_color options) +msgid "red" msgstr "" # conf/documentation.conf (advanced.reevaluate_access_reasons options) @@ -3879,7 +4514,7 @@ msgid "reg" msgstr "registered" # conf/documentation.conf -# pf::SNMP::constants (Modes) +# pf::Switch::constants (Modes) msgid "registration" msgstr "Registration" @@ -3888,12 +4523,12 @@ msgid "registration.button_text" msgstr "Button text" # conf/documentation.conf -msgid "registration.gaming_devices_registration" -msgstr "Gaming devices" +msgid "registration.device_registration" +msgstr "Device registration" # conf/documentation.conf -msgid "registration.gaming_devices_registration_role" -msgstr "Gaming devices role" +msgid "registration.device_registration_role" +msgstr "Device registration role" # conf/documentation.conf msgid "registration.nbregpages" @@ -3976,6 +4611,7 @@ msgid "scan.user" msgstr "User" # html/pfappserver/lib/pfappserver/Form/Field/Duration.pm +# html/pfappserver/root/node/view.tt msgid "seconds" msgstr "" @@ -3995,26 +4631,74 @@ msgstr "dhcpd" msgid "services.dhcpd_binary" msgstr "dhcpd path" +# conf/documentation.conf +msgid "services.httpd_admin" +msgstr "httpd.admin" + # conf/documentation.conf msgid "services.httpd_binary" msgstr "httpd path" +# conf/documentation.conf +msgid "services.httpd_mod_qos" +msgstr "QoS" + +# conf/documentation.conf +msgid "services.httpd_mod_qos_maximum_connections_per_device" +msgstr "QoS max connections" + +# conf/documentation.conf +msgid "services.httpd_portal" +msgstr "httpd.portal" + +# conf/documentation.conf +msgid "services.httpd_proxy" +msgstr "httpd.proxy" + +# conf/documentation.conf +msgid "services.httpd_webservices" +msgstr "httpd.webservices" + # conf/documentation.conf msgid "services.iptables" msgstr "iptables" # conf/documentation.conf msgid "services.memcached" -msgstr "" +msgstr "memcached" # conf/documentation.conf msgid "services.memcached_binary" -msgstr "" +msgstr "memcached path" + +# conf/documentation.conf +msgid "services.memcached_max_item_size" +msgstr "memcached item size" + +# conf/documentation.conf +msgid "services.memcached_memory_usage" +msgstr "memcached memory" + +# conf/documentation.conf +msgid "services.pfbandwidthd" +msgstr "pfbandwidthd" + +# conf/documentation.conf +msgid "services.pfdhcplistener" +msgstr "pfdhcplistener" # conf/documentation.conf msgid "services.pfdns" msgstr "pfdns" +# conf/documentation.conf +msgid "services.pfmon" +msgstr "pfmon" + +# conf/documentation.conf +msgid "services.pfsetvlan" +msgstr "pfsetvlan" + # conf/documentation.conf msgid "services.radiusd" msgstr "radiusd" @@ -4023,6 +4707,10 @@ msgstr "radiusd" msgid "services.radiusd_binary" msgstr "radiusd path" +# conf/documentation.conf +msgid "services.snmptrapd" +msgstr "snmptrapd" + # conf/documentation.conf msgid "services.snmptrapd_binary" msgstr "snmptrapd path" @@ -4080,13 +4768,9 @@ msgstr "" msgid "soh" msgstr "SoH Filters" -# conf/documentation.conf (guests_self_registration.mandatory_fields options) -msgid "sponsor_email" -msgstr "" - # pf::config (Inline triggers) msgid "ssid" -msgstr "Wifi Network SSID" +msgstr "Wi-Fi Network SSID" # pf::Authentication::constants (Conditions) msgid "starts" @@ -4094,14 +4778,19 @@ msgstr "" # html/pfappserver/root/admin/nodes.tt # html/pfappserver/root/admin/users.tt +# html/pfappserver/root/configuration/wrix/search_form.tt msgid "starts with" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Field/Duration.pm +msgid "subtract" +msgstr "" + # conf/documentation.conf (trapping.detection_engine options) msgid "suricata" msgstr "" -# pf::SNMP::constants (Modes) +# pf::Switch::constants (Modes) msgid "testing" msgstr "Testing" @@ -4193,6 +4882,7 @@ msgstr "UserAgent" # pf::Authentication::Source::HtpasswdSource (available_attributes) # pf::Authentication::Source::KerberosSource (available_attributes) +# pf::Authentication::Source::NullSource (available_attributes) # pf::Authentication::Source::RADIUSSource (available_attributes) msgid "username" msgstr "" @@ -4277,6 +4967,12 @@ msgstr "Windows popup message" msgid "years" msgstr "" +# conf/documentation.conf (advanced.pfcmd_error_color options) +# conf/documentation.conf (advanced.pfcmd_success_color options) +# conf/documentation.conf (advanced.pfcmd_warning_color options) +msgid "yellow" +msgstr "" + # conf/documentation.conf (node_import.voip options) msgid "yes" msgstr "" diff --git a/html/pfappserver/lib/pfappserver/Model/Admin.pm b/html/pfappserver/lib/pfappserver/Model/Admin.pm index f45dec3369ef..115cedf6fb38 100644 --- a/html/pfappserver/lib/pfappserver/Model/Admin.pm +++ b/html/pfappserver/lib/pfappserver/Model/Admin.pm @@ -17,6 +17,7 @@ use Moose; use namespace::autoclean; use pf::file_paths; +use pf::log; =head1 METHODS @@ -30,7 +31,7 @@ Returns the content of conf/pf-release sub pf_release { my ($self) = @_; - my $cache = pf::CHI->new(namespace => 'configfiles' ); + my $cache = pf::CHI->new(namespace => 'configfiles'); my $filename = "$conf_dir/pf-release"; my $release = $cache->compute($filename, undef, sub { my $filehandler; @@ -43,6 +44,23 @@ sub pf_release { return $release; } +=head2 fingerbank_version + +Returns the version of Fingerbank from conf/dhcp_fingerprins.conf + +=cut + +sub fingerbank_version { + my $logger = Log::Log4perl::get_logger(__PACKAGE__); + my ($filehandler, $line, $version); + open( $filehandler, '<', "$conf_dir/dhcp_fingerprints.conf" ) + || $logger->error("Unable to open $conf_dir/dhcp_fingerprints.conf: $!"); + $line = <$filehandler>; # read the first line + close $filehandler; + ($version) = $line =~ m/version ([0-9\.]+)/i; + return $version; +} + =head1 AUTHOR Inverse inc. diff --git a/html/pfappserver/lib/pfappserver/Model/Config/System.pm b/html/pfappserver/lib/pfappserver/Model/Config/System.pm index 7efeb92fbbd0..0a926b38936d 100644 --- a/html/pfappserver/lib/pfappserver/Model/Config/System.pm +++ b/html/pfappserver/lib/pfappserver/Model/Config/System.pm @@ -128,7 +128,7 @@ sub start_mysqld_service { } # please keep LANG=C in case we need to fetch the output of the command - my $cmd = "LANG=C sudo service mysqld start 2>&1"; + my $cmd = "LANG=C setsid sudo service mysqld start 2>&1"; $logger->debug("Starting mysqld service: $cmd"); $status = pf_run($cmd); @@ -187,7 +187,6 @@ sub write_network_persistent { package pfappserver::Model::Config::SystemFactory; -=back =head2 NAME @@ -201,9 +200,7 @@ Moose class. use Moose; -=head2 METHODS - -=over +=head1 METHODS =head2 _checkOs @@ -255,7 +252,6 @@ sub getSystem { package pfappserver::Model::Config::System::Role; -=back =head2 NAME @@ -296,9 +292,7 @@ our $_network_conf_file = "network"; our $_interface_conf_file = "ifcfg-"; our $var_dir = "/usr/local/pf/var/"; -=head3 METHODS - -=over +=head1 METHODS =head2 writeNetworkConfigs @@ -378,7 +372,6 @@ sub writeNetworkConfigs { package pfappserver::Model::Config::System::Debian; -=back =head3 NAME @@ -400,9 +393,7 @@ our $_network_conf_dir = "/etc/network/"; our $_network_conf_file = "interfaces"; our $var_dir ="/usr/local/pf/var/"; -=head3 METHODS - -=over +=head1 METHODS =head2 writeNetworkConfigs diff --git a/html/pfappserver/lib/pfappserver/Model/Config/Wrix.pm b/html/pfappserver/lib/pfappserver/Model/Config/Wrix.pm new file mode 100644 index 000000000000..0e7042b6d1d6 --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Model/Config/Wrix.pm @@ -0,0 +1,126 @@ +package pfappserver::Model::Config::Wrix; + +=head1 NAME + +pfappserver::Model::Config::Wrix add documentation + +=cut + +=head1 DESCRIPTION + +pfappserver::Model::Config::Wrix; + +=cut + +use Moose; +use namespace::autoclean; +use pf::RoseDB::Wrix::Manager; +use HTTP::Status qw(:constants is_error is_success); +use pf::log; +our %OP_MAP = ( + equal => '=', + not_equal => '<>', + not_like => 'NOT LIKE', + like => 'LIKE', + ends_with => 'LIKE', + starts_with => 'LIKE', + in => 'IN', + not_in => 'NOT IN', +); + + +extends 'pfappserver::Base::Model::DB'; + +has '+managerClassName' => (default => 'pf::RoseDB::Wrix::Manager'); + +=head1 METHODS + +=head2 remove + +Delete an existing item + +=cut + +sub remove { + my ($self,$id) = @_; + if($id eq 'all') { + return ($STATUS::INTERNAL_SERVER_ERROR, "Cannot delete this item"); + } + return $self->SUPER::remove($id); +} + +sub search { + my ($self,$pageNum,$perPage,$parameters) = @_; + my $manager = $self->manager; + my $logger = get_logger(); + my $all_or_any = $parameters->{all_or_any} || 'and'; + $all_or_any = 'or' if $all_or_any eq 'any'; + $all_or_any = 'and' if $all_or_any eq 'all'; + my @queries = map { $self->build_query($_) } @{$parameters->{searches}}; + my $count = $manager->get_objects_count( + query => [$all_or_any => \@queries] + ); + my $items = $manager->get_objects( + page => $pageNum, + per_page => $perPage, + query => [$all_or_any => \@queries] + ); + my $pageCount = int ($count / $perPage) + ($count % $perPage ? 1 : 0); + return (HTTP_OK, { + %$parameters, + pageNum => $pageNum, + perPage => $perPage, + items => $items, + pageCount => $pageCount, + }); + +} +sub build_query { + my ($self,$search) = @_; + my $query; + my ($name,$op,$value) = @{$search}{qw(name op value)}; + my $sql_op = $OP_MAP{$op}; + if($sql_op eq 'LIKE' || $sql_op eq 'NOT LIKE') { + #escaping the % and _ charcaters + $value =~ s/([%_])/\\$1/g; + if($op eq 'like' || $op eq 'not_like') { + $value = "\%$value\%"; + } elsif ($op eq 'starts_with') { + $value = "$value\%"; + } elsif ($op eq 'ends_with') { + $value = "\%$value"; + } + } + return ($name => {$sql_op => $value}); +} + + + +__PACKAGE__->meta->make_immutable; + + +=head1 COPYRIGHT + +Copyright (C) 2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/html/pfappserver/lib/pfappserver/Model/ConfigStore/Mdm.pm b/html/pfappserver/lib/pfappserver/Model/ConfigStore/Mdm.pm new file mode 100644 index 000000000000..1a79a7359bdb --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Model/ConfigStore/Mdm.pm @@ -0,0 +1,65 @@ + +package pfappserver::Model::ConfigStore::Mdm; + +=head1 NAME + +pfappserver::Model::ConfigStore::Mdm add documentation + +=cut + +=head1 DESCRIPTION + +pfappserver::Model::ConfigStore::Mdm + +=cut + +use HTTP::Status qw(:constants is_error is_success); +use Moose; +use namespace::autoclean; +use pf::ConfigStore::Mdm; + +extends 'pfappserver::Base::Model::Config'; + +=head2 Methods + +=over + +=item _buildConfigStore + +buld the config store + +=cut + +sub _buildConfigStore { pf::ConfigStore::Mdm->new } + + +__PACKAGE__->meta->make_immutable; + +=back + +=head1 COPYRIGHT + +Copyright (C) 2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + + diff --git a/html/pfappserver/lib/pfappserver/Model/DB.pm b/html/pfappserver/lib/pfappserver/Model/DB.pm index f3d53afa1769..a2d4d489396a 100644 --- a/html/pfappserver/lib/pfappserver/Model/DB.pm +++ b/html/pfappserver/lib/pfappserver/Model/DB.pm @@ -20,6 +20,7 @@ use namespace::autoclean; use pf::config; use pf::error; use pf::util; +use File::Slurp qw(read_dir); extends 'Catalyst::Model'; @@ -41,21 +42,21 @@ sub assign { $db = $dbHandler->quote_identifier($db); # Create global PF user - my $sql_query = "GRANT SELECT,INSERT,UPDATE,DELETE,EXECUTE,LOCK TABLES ON $db.* TO ?\@'%' IDENTIFIED BY ?"; - $dbHandler->do($sql_query, undef, $user, $password); - if ( $DBI::errstr ) { - $status_msg = "Error creating the user $user on database $db"; - $logger->warn("$DBI::errstr"); - return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg ); - } - - # Create localhost PF user - $sql_query = "GRANT SELECT,INSERT,UPDATE,DELETE,EXECUTE,LOCK TABLES ON $db.* TO ?\@localhost IDENTIFIED BY ?"; - $dbHandler->do($sql_query, undef, $user, $password); - if ( $DBI::errstr ) { - $status_msg = ["Error creating the user [_1] on database [_2]",$user,$db]; - $logger->warn("$DBI::errstr"); - return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg ); + foreach my $host ("'%'","localhost") { + my $sql_query = "GRANT SELECT,INSERT,UPDATE,DELETE,EXECUTE,LOCK TABLES ON $db.* TO ?\@${host} IDENTIFIED BY ?"; + $dbHandler->do($sql_query, undef, $user, $password); + if ( $DBI::errstr ) { + $status_msg = "Error creating the user $user on database $db"; + $logger->warn("$DBI::errstr"); + return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg ); + } + $sql_query = "GRANT DROP ON $db.radius_nas TO ?\@${host} IDENTIFIED BY ?"; + $dbHandler->do($sql_query, undef, $user, $password); + if ( $DBI::errstr ) { + $status_msg = "Error creating the user $user on database $db"; + $logger->warn("$DBI::errstr"); + return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg ); + } } # Apply the new privileges @@ -175,15 +176,28 @@ sub schema { my $logger = Log::Log4perl::get_logger(__PACKAGE__); my ( $status_msg, $result ); - - my $cmd = "/usr/bin/mysql -u $root_user -p'$root_password' $db < $install_dir/db/pf-schema.sql"; + $root_user = quotemeta ($root_user); + $root_password = quotemeta ($root_password); + $db = quotemeta ($db); + my $mysql_cmd = "/usr/bin/mysql -u $root_user -p$root_password $db"; + my $cmd = "$mysql_cmd < $install_dir/db/pf-schema.sql"; eval { $result = pf_run($cmd, (accepted_exit_status => [ 0 ])) }; if ( $@ || !defined($result) ) { $status_msg = ["Error applying the schema to the database [_1]",$db ]; $logger->warn("$@: $result"); return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg ); } - + my @custom_schemas = read_dir( "$install_dir/db/custom", prefix => 1, err_mode => 'quiet' ) ; + @custom_schemas = sort @custom_schemas; + foreach my $custom_schema (@custom_schemas) { + my $cmd = "$mysql_cmd < $custom_schema"; + eval { $result = pf_run($cmd, (accepted_exit_status => [ 0 ])) }; + if ( $@ || !defined($result) ) { + $status_msg = ["Error applying the custom schema $custom_schema to the database [_1]",$db ]; + $logger->warn("$@: $result"); + return ( $STATUS::INTERNAL_SERVER_ERROR, $status_msg ); + } + } $status_msg = ["Successfully applied the schema to the database [_1]",$db ]; return ( $STATUS::OK, $status_msg ); } diff --git a/html/pfappserver/lib/pfappserver/Model/Enforcement.pm b/html/pfappserver/lib/pfappserver/Model/Enforcement.pm index 9c4ba082e932..c0d5135f2c39 100644 --- a/html/pfappserver/lib/pfappserver/Model/Enforcement.pm +++ b/html/pfappserver/lib/pfappserver/Model/Enforcement.pm @@ -23,7 +23,7 @@ my @mechanisms = qw/vlan inline option/; # TODO once we display option we should move 'other' over to there my %types = ( vlan => [ 'management', 'vlan-registration', 'vlan-isolation' ], - inline => [ 'management', 'inline' ], + inline => [ 'management', 'inline', 'inlinel2', 'inlinel3' ], # inline is kept for backwards compat. # option => [ 'high-availability', 'dhcp-listener', 'monitor' ], ); diff --git a/html/pfappserver/lib/pfappserver/Model/Interface.pm b/html/pfappserver/lib/pfappserver/Model/Interface.pm index bff773a9efc9..8c83384cca7a 100644 --- a/html/pfappserver/lib/pfappserver/Model/Interface.pm +++ b/html/pfappserver/lib/pfappserver/Model/Interface.pm @@ -248,6 +248,8 @@ sub get { ($status, $network) = $networks_model->read($result->{"$interface"}->{'network'}); if (is_success($status)) { $result->{"$interface"}->{'dns'} = $network->{dns}; + $result->{"$interface"}->{'dhcpd_enabled'} = $network->{dhcpd}; + $result->{"$interface"}->{'fake_mac_enabled'} = $network->{fake_mac_enabled}; } #($status, undef) = $networks_model->hasId($result->{"$interface"}->{'network'}); $result->{"$interface"}->{'network_iseditable'} = is_success($status); @@ -399,7 +401,9 @@ sub getType { $type = ($type =~ /management|managed/i) ? 'management' : 'other'; } } - + + # we rewrite inline to inlinel2 for backwwards compatibility + $type =~ s/inline$/inlinel2/; return $type; } @@ -462,6 +466,8 @@ sub setType { } else { $network_ref->{dns} = $interface_ref->{'dns'}; } + $network_ref->{dhcpd} = isenabled($interface_ref->{'dhcpd_enabled'}) ? 'enabled' : 'disabled'; + $network_ref->{fake_mac_enabled} = isenabled($interface_ref->{'fake_mac_enabled'}) ? 'enabled' : 'disabled'; $network_ref->{dhcp_start} = Net::Netmask->new(@{$interface_ref}{qw(ipaddress netmask)})->nth(10); $network_ref->{dhcp_end} = Net::Netmask->new(@{$interface_ref}{qw(ipaddress netmask)})->nth(-10); $models->{network}->update_or_create($interface_ref->{network}, $network_ref); @@ -613,9 +619,13 @@ sub _prepare_interface_for_pfconf { $int_config_ref->{'type'} = 'internal'; $int_config_ref->{'enforcement'} = 'vlan'; } - elsif ($type =~ /^inline$/i) { + elsif ($type eq "inline") { + $int_config_ref->{'type'} = 'internal'; + $int_config_ref->{'enforcement'} = "inlinel2"; + } + elsif ($type =~ /^inlinel\d/i) { $int_config_ref->{'type'} = 'internal'; - $int_config_ref->{'enforcement'} = 'inline'; + $int_config_ref->{'enforcement'} = $type; } else { # here we oversimplify a bit, type supports multivalues but it's diff --git a/html/pfappserver/lib/pfappserver/Model/Node.pm b/html/pfappserver/lib/pfappserver/Model/Node.pm index 11992f492574..0bd8e9d6cf89 100644 --- a/html/pfappserver/lib/pfappserver/Model/Node.pm +++ b/html/pfappserver/lib/pfappserver/Model/Node.pm @@ -281,8 +281,10 @@ sub update { } if ($result) { my $isDot1x = defined($previous_node_ref->{last_dot1x_username}) && length($previous_node_ref->{last_dot1x_username}) > 0; + my $category_id = $node_ref->{category_id} || ''; + my $previous_category_id = $previous_node_ref->{category_id} || ''; if ($previous_node_ref->{status} ne $node_ref->{status} || - $previous_node_ref->{category_id} ne $node_ref->{category_id} && !$isDot1x) { + $previous_category_id ne $category_id && !$isDot1x) { # Node has been registered or deregistered # or the role has changed and is not currently using 802.1X reevaluate_access($mac, "node_modify"); @@ -523,6 +525,21 @@ sub _closeViolation{ return $result; } +=head2 bulkApplyViolation + +=cut + +sub bulkApplyViolation { + my ($self, $violation_id, @macs) = @_; + my $count = 0; + foreach my $mac (@macs) { + my ($last_id) = violation_add( $mac, $violation_id); + $count++ if $last_id > 0;; + } + return ($STATUS::OK, ["[_1] violation(s) were opened.",$count]); +} + + =head2 _graphIplogHistory The associated HTML template to show the graph could look like this: @@ -678,13 +695,13 @@ sub _graphIplogHistory { =cut sub bulkRegister { - my ($self,@macs) = @_; + my ($self, @macs) = @_; my $count = 0; - my ($status,$status_msg); + my ($status, $status_msg); foreach my $mac (@macs) { my $node = node_attributes($mac); - if($node->{status} eq $pf::node::STATUS_UNREGISTERED) { - if(node_register($mac, $node->{pid}, %{$node})) { + if ($node->{status} ne $pf::node::STATUS_REGISTERED) { + if (node_register($mac, $node->{pid}, %{$node})) { reevaluate_access($mac, "node_modify"); $count++; } @@ -698,18 +715,18 @@ sub bulkRegister { =cut sub bulkDeregister { - my ($self,@macs) = @_; + my ($self, @macs) = @_; my $count = 0; foreach my $mac (@macs) { my $node = node_attributes($mac); - if($node->{status} eq $pf::node::STATUS_REGISTERED) { - if(node_deregister($mac, $node->{pid}, %{$node})) { + if ($node->{status} ne $pf::node::STATUS_UNREGISTERED) { + if (node_deregister($mac, $node->{pid}, %{$node})) { reevaluate_access($mac, "node_modify"); $count++; } } } - return ($STATUS::OK, ["[_1] node(s) were deregistered.",$count]); + return ($STATUS::OK, ["[_1] node(s) were deregistered.", $count]); } =head2 bulkApplyRole @@ -717,14 +734,23 @@ sub bulkDeregister { =cut sub bulkApplyRole { - my ($self,$role,@macs) = @_; + my ($self, $role, @macs) = @_; my $count = 0; foreach my $mac (@macs) { - my $node = node_attributes($mac); - $node->{category_id} = $role; - $count++ if node_modify($mac, %{$node}); + my $node = node_view($mac); + if ($node->{category_id} != $role) { + # Role has changed + $node->{category_id} = $role; + if (node_modify($mac, %{$node})) { + $count++; + if (!defined($node->{last_dot1x_username}) || length($node->{last_dot1x_username}) == 0) { + # The role has changed and is not currently using 802.1X + reevaluate_access($mac, "node_modify"); + } + } + } } - return ($STATUS::OK, ["Role was changed for [_1] node(s)",$count]); + return ($STATUS::OK, ["Role was changed for [_1] node(s)", $count]); } =head1 AUTHOR @@ -733,7 +759,7 @@ Inverse inc. =head1 COPYRIGHT -Copyright (C) 2013 Inverse inc. +Copyright (C) 2013-2014 Inverse inc. =head1 LICENSE diff --git a/html/pfappserver/lib/pfappserver/Model/Search/Node.pm b/html/pfappserver/lib/pfappserver/Model/Search/Node.pm index 01e71b308419..75e348cde106 100644 --- a/html/pfappserver/lib/pfappserver/Model/Search/Node.pm +++ b/html/pfappserver/lib/pfappserver/Model/Search/Node.pm @@ -147,6 +147,7 @@ sub make_builder { } ], [ 'AND' ], + [ '(' ], [ { 'table' => 'iplog', @@ -155,6 +156,16 @@ sub make_builder { '=', '0000-00-00 00:00:00', ], + [ 'OR' ], + [ + { + 'table' => 'iplog', + 'name' => 'end_time', + }, + '>', + 'NOW()', + ], + [ ')' ], ], }, { @@ -306,7 +317,7 @@ __PACKAGE__->meta->make_immutable; =head1 COPYRIGHT -Copyright (C) 2013 Inverse inc. +Copyright (C) 2013-2014 Inverse inc. =head1 LICENSE diff --git a/html/pfappserver/lib/pfappserver/Model/Search/User.pm b/html/pfappserver/lib/pfappserver/Model/Search/User.pm index 9a5a9505686b..c39f7c0bba87 100644 --- a/html/pfappserver/lib/pfappserver/Model/Search/User.pm +++ b/html/pfappserver/lib/pfappserver/Model/Search/User.pm @@ -26,7 +26,7 @@ sub make_builder { new pf::SearchBuilder; my $builder = new pf::SearchBuilder; return $builder - ->select(qw(pid firstname lastname email telephone company address notes sponsor), + ->select(@pf::person::FIELDS, (map { { table => 'temporary_password', name => $_ } } qw(valid_from expiration access_duration category password)), L_("count(node.mac)", "nodes"), L_("concat(firstname,' ', lastname)", "person_name"), diff --git a/html/pfappserver/lib/pfappserver/Model/User.pm b/html/pfappserver/lib/pfappserver/Model/User.pm index 5891153c34be..be560e2c1ad5 100644 --- a/html/pfappserver/lib/pfappserver/Model/User.pm +++ b/html/pfappserver/lib/pfappserver/Model/User.pm @@ -24,6 +24,10 @@ use pf::Authentication::constants; use pf::temporary_password; use pf::error qw(is_error is_success); use pf::person; +use pf::log; +use pf::node; +use pf::violation; +use pf::enforcement qw(reevaluate_access); use pf::util qw(get_translatable_time); @@ -348,8 +352,7 @@ sub createSingle { # Add the registration window to the actions push(@{$data->{actions}}, { type => 'valid_from', value => $data->{valid_from} }); push(@{$data->{actions}}, { type => 'expiration', value => $data->{expiration} }); - $result = pf::temporary_password::generate($pid, - $data->{valid_from}, + $result = pf::temporary_password::generate($pid, $data->{actions}, $data->{password}); if ($result) { @@ -400,8 +403,7 @@ sub createMultiple { # Add the registration window to the actions push(@{$data->{actions}}, { type => 'valid_from', value => $data->{valid_from} }); push(@{$data->{actions}}, { type => 'expiration', value => $data->{expiration} }); - $result = pf::temporary_password::generate($pid, - $data->{valid_from}, + $result = pf::temporary_password::generate($pid, $data->{actions}); if ($result) { push(@users, { pid => $pid, email => $data->{email}, password => $result }); @@ -491,8 +493,7 @@ sub importCSV { # The registration window is add to the actions push(@{$data->{actions}}, { type => 'valid_from', value => $data->{valid_from} }); push(@{$data->{actions}}, { type => 'expiration', value => $data->{expiration} }); - $result = pf::temporary_password::generate($pid, - $data->{valid_from}, + $result = pf::temporary_password::generate($pid, $data->{actions}, $row->[$index{'c_password'}]); push(@users, { pid => $pid, email => $person{email}, password => $result }); @@ -519,6 +520,92 @@ sub importCSV { return ($status, $message); } +=head2 bulkRegister + +=cut + +sub bulkRegister { + my ($self,@ids) = @_; + my $count = 0; + my ($status,$status_msg); + foreach my $node (map {person_nodes($_)} @ids ) { + if($node->{status} eq $pf::node::STATUS_UNREGISTERED) { + my $mac = $node->{mac}; + if(node_register($mac, $node->{pid}, %{$node})) { + reevaluate_access($mac, "node_modify"); + $count++; + } + } + } + return ($STATUS::OK, ["[_1] node(s) were registered.",$count]); +} + +=head2 bulkDeregister + +=cut + +sub bulkDeregister { + my ($self,@ids) = @_; + my $count = 0; + foreach my $node (map {person_nodes($_)} @ids ) { + if($node->{status} eq $pf::node::STATUS_REGISTERED) { + my $mac = $node->{mac}; + if(node_deregister($mac, $node->{pid}, %{$node})) { + reevaluate_access($mac, "node_modify"); + $count++; + } + } + } + return ($STATUS::OK, ["[_1] node(s) were deregistered.",$count]); +} + +=head2 bulkApplyRole + +=cut + +sub bulkApplyRole { + my ($self,$role,@ids) = @_; + my $count = 0; + foreach my $node (map {person_nodes($_)} @ids ) { + $node->{category_id} = $role; + $count++ if node_modify($node->{mac}, %{$node}); + } + return ($STATUS::OK, ["Role was changed for [_1] node(s)",$count]); +} + +=head2 bulkApplyViolation + +=cut + +sub bulkApplyViolation { + my ($self, $violation_id, @ids) = @_; + my $count = 0; + my $logger = get_logger; + foreach my $mac (map {$_->{mac}} map {person_nodes($_)} @ids ) { + my ($last_id) = violation_add( $mac, $violation_id); + $count++ if $last_id > 0;; + } + return ($STATUS::OK, ["[_1] violation(s) were opened.",$count]); +} + +=head2 closeViolations + +=cut + +sub bulkCloseViolations { + my ($self, @ids) = @_; + my $count = 0; + foreach my $mac (map {$_->{mac}} map {person_nodes($_)} @ids ) { + foreach my $violation (violation_view_open_desc($mac)) { + if (violation_force_close( $mac, $violation->{vid})) { + pf::enforcement::reevaluate_access($mac, 'manage_vclose'); + $count++; + } + } + } + return ($STATUS::OK, ["[_1] violation(s) were closed.",$count]); +} + =over =back diff --git a/html/pfappserver/lib/pfappserver/Role/Controller/BulkActions.pm b/html/pfappserver/lib/pfappserver/Role/Controller/BulkActions.pm new file mode 100644 index 000000000000..f39958b3d75f --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Role/Controller/BulkActions.pm @@ -0,0 +1,152 @@ +package pfappserver::Role::Controller::BulkActions; + +=head1 NAME + +pfappserver::Role::Controller::BulkActions add documentation + +=cut + +=head1 DESCRIPTION + +pfappserver::Role::Controller::BulkActions + +=cut + +use strict; +use warnings; +use MooseX::MethodAttributes::Role; +use HTTP::Status qw(:constants is_error is_success); + +=head2 bulk_close + +=cut + +sub bulk_close : Local { + my ( $self, $c ) = @_; + $c->stash->{current_view} = 'JSON'; + my ( $status, $status_msg ); + my $request = $c->request; + if ( $request->method eq 'POST' ) { + my @ids = $request->param('items'); + ( $status, $status_msg ) = + $self->getModel($c)->bulkCloseViolations(@ids); + } else { + $status = HTTP_BAD_REQUEST; + $status_msg = ""; + } + $c->response->status($status); + $c->stash( status_msg => $status_msg, ); +} + +=head2 bulk_register + +=cut + +sub bulk_register : Local { + my ( $self, $c ) = @_; + $c->stash->{current_view} = 'JSON'; + my ( $status, $status_msg ); + my $request = $c->request; + if ( $request->method eq 'POST' ) { + my @ids = $request->param('items'); + ( $status, $status_msg ) = $self->getModel($c)->bulkRegister(@ids); + } else { + $status = HTTP_BAD_REQUEST; + $status_msg = ""; + } + $c->response->status($status); + $c->stash( status_msg => $status_msg, ); +} + +=head2 bulk_deregister + +=cut + +sub bulk_deregister : Local { + my ( $self, $c ) = @_; + $c->stash->{current_view} = 'JSON'; + my ( $status, $status_msg ); + my $request = $c->request; + if ( $request->method eq 'POST' ) { + my @ids = $request->param('items'); + ( $status, $status_msg ) = $self->getModel($c)->bulkDeregister(@ids); + } else { + $status = HTTP_BAD_REQUEST; + $status_msg = ""; + } + $c->response->status($status); + $c->stash( status_msg => $status_msg, ); +} + +=head2 bulk_apply_role + +=cut + +sub bulk_apply_role : Local : Args(1) { + my ( $self, $c, $role ) = @_; + $c->stash->{current_view} = 'JSON'; + my ( $status, $status_msg ); + my $request = $c->request; + if ( $request->method eq 'POST' ) { + my @ids = $request->param('items'); + ( $status, $status_msg ) = + $self->getModel($c)->bulkApplyRole( $role, @ids ); + } else { + $status = HTTP_BAD_REQUEST; + $status_msg = ""; + } + $c->response->status($status); + $c->stash( status_msg => $status_msg, ); +} + +=head2 bulk_apply_violation + +=cut + +sub bulk_apply_violation : Local : Args(1) { + my ( $self, $c, $violation ) = @_; + $c->stash->{current_view} = 'JSON'; + my ( $status, $status_msg ); + my $request = $c->request; + if ( $request->method eq 'POST' ) { + my @ids = $request->param('items'); + ( $status, $status_msg ) = + $self->getModel($c)->bulkApplyViolation( $violation, @ids ); + } else { + $status = HTTP_BAD_REQUEST; + $status_msg = ""; + } + $c->response->status($status); + $c->stash( status_msg => $status_msg, ); +} + + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/html/pfappserver/lib/pfappserver/View/CSV.pm b/html/pfappserver/lib/pfappserver/View/CSV.pm new file mode 100644 index 000000000000..6cfdf05de6ef --- /dev/null +++ b/html/pfappserver/lib/pfappserver/View/CSV.pm @@ -0,0 +1,62 @@ +package pfappserver::View::CSV; + +use strict; +use warnings; + +use base 'Catalyst::View::TT'; +use Text::CSV; + +__PACKAGE__->config( + TEMPLATE_EXTENSION => '.tt', + render_die => 1, + expose_methods => [qw(combine combine_row)] +); + + +sub process { + my ($self,$c) = @_; + my $name = $c->action->name; + $c->response->header( 'Content-Type' => "text/csv"); + $c->response->header( 'Content-Disposition' => "attachment; filename=${name}.csv"); + return $self->SUPER::process($c); +} + +sub combine_row { + my ($self,$c,$col_names,$row) = @_; + my $csv = Text::CSV->new( {always_quote => 1 }); + my @columns = map { $row->{$_} } @$col_names; + my $status = $csv->combine(@columns); # combine columns into a string + return $csv->string(); # get the combined string +} + +sub combine { + my ($self,$c,$cols) = @_; + my $csv = Text::CSV->new(); + my $status = $csv->combine(@$cols); # combine columns into a string + return $csv->string(); # get the combined string +} + +=head1 NAME + +pfappserver::View::CSV - TT View for pfappserver + +=head1 DESCRIPTION + +TT View for pfappserver. + +=head1 SEE ALSO + +L + +=head1 AUTHOR + +root + +=head1 LICENSE + +This library is free software. You can redistribute it and/or modify +it under the same terms as Perl itself. + +=cut + +1; diff --git a/html/pfappserver/lib/pfappserver/View/HTML.pm b/html/pfappserver/lib/pfappserver/View/HTML.pm index 54b4f089ae4d..7e32c4c1b861 100644 --- a/html/pfappserver/lib/pfappserver/View/HTML.pm +++ b/html/pfappserver/lib/pfappserver/View/HTML.pm @@ -15,7 +15,7 @@ __PACKAGE__->config( js => \&js_filter, }, render_die => 1, - expose_methods => [qw(can_access can_access_any)], + expose_methods => [qw(can_access can_access_any can_access_group_any)], COMPILE_DIR => $tt_compile_cache_dir ); @@ -77,6 +77,17 @@ sub can_access_any { return admin_can_do_any($roles,@actions); } +=head2 can_access_group_any + +=cut + +sub can_access_group_any { + my ($self, $c, $group) = @_; + my $roles = []; + $roles = [$c->user->roles] if $c->user_exists; + return admin_can_do_any_in_group($roles,$group); +} + =head1 COPYRIGHT Copyright (C) 2012-2013 Inverse inc. diff --git a/html/pfappserver/root/admin/bulk_actions.inc b/html/pfappserver/root/admin/bulk_actions.inc new file mode 100644 index 000000000000..e47948ffd22c --- /dev/null +++ b/html/pfappserver/root/admin/bulk_actions.inc @@ -0,0 +1,30 @@ +
+ + [% l('Action') %] + + + +
diff --git a/html/pfappserver/root/admin/configuration.tt b/html/pfappserver/root/admin/configuration.tt index fb1e5f991e01..155efdbb1d26 100644 --- a/html/pfappserver/root/admin/configuration.tt +++ b/html/pfappserver/root/admin/configuration.tt @@ -10,10 +10,10 @@ 'app/pf-bootstrap-swap-class', 'admin/configuration', 'admin/searches', + 'admin/configuration/items', 'admin/configuration/interfaces', 'admin/configuration/switches', 'admin/configuration/floatingdevices', - 'admin/configuration/adminroles', 'admin/configuration/authentication', 'admin/configuration/portal_profile', 'admin/configuration/violations', @@ -52,13 +52,13 @@ table.sources { table-layout: fixed; } -[% MACRO list_entry(controller_name,action,description) BLOCK %] +[% MACRO list_entry(controller_name, action, description) BLOCK %]
  • [% l(description || action || controller_name) %]
    • [% END -%] -[% MACRO pf_section_entry(section,description) BLOCK %] +[% MACRO pf_section_entry(section, description) BLOCK %]
  • [% l(description || section) %]
    • @@ -69,7 +69,7 @@ table.sources {
      - [%- IF can_access("CONFIGURATION_MAIN_READ") || can_access("PORTAL_PROFILES_READ") || can_access("ADMIN_ROLES_READ") %] + [%- IF can_access_any("CONFIGURATION_MAIN_READ","PORTAL_PROFILES_READ","ADMIN_ROLES_READ") -%]
    • [% l('Main') %]
      • [%- END %] [%- IF can_access("CONFIGURATION_MAIN_READ") %] @@ -98,7 +98,7 @@ table.sources { [%- IF can_access("ADMIN_ROLES_READ") %] [% pf_section_entry('adminroles', 'Admin Access') %] [%- END %] - [%- IF can_access("INTERFACES_READ") || can_access("SWITCHES_READ") || can_access("FLOATING_DEVICES_READ") %] + [%- IF can_access_any("INTERFACES_READ","SWITCHES_READ","FLOATING_DEVICES_READ") %]
    • [% l('Network') %]
    • [%- IF can_access("INTERFACES_READ") %] [% pf_section_entry( 'interfaces', 'Interfaces') %] @@ -106,11 +106,12 @@ table.sources { [%- IF can_access("SWITCHES_READ") %] [% pf_section_entry( 'switches', 'Switches') %] [%- END %] + [% list_entry('Configuration::Wrix', 'index', 'WRIX') %] [%- IF can_access("FLOATING_DEVICES_READ") %] [% pf_section_entry( 'floating_devices', 'Floating devices') %] [%- END %] [%- END %] - [%- IF can_access("USERS_ROLES_READ") || can_access("USERS_SOURCES_READ") %] + [%- IF can_access("USERS_ROLES_READ","USERS_SOURCES_READ") %]
    • [% l('Users') %]
      • [%- IF can_access("USERS_ROLES_READ") %] [% pf_section_entry( 'roles', 'Roles') %] @@ -119,7 +120,7 @@ table.sources { [% list_entry('Authentication', 'index', 'Sources') %] [%- END %] [%- END %] - [%- IF can_access("VIOLATIONS_READ") || can_access("SOH_READ") %] + [%- IF can_access_any("VIOLATIONS_READ","SOH_READ") %]
    • [% l('Compliance') %]
      • [%- IF can_access("VIOLATIONS_READ") %] [% list_entry('Violation', 'index', 'Violations') %] @@ -128,7 +129,7 @@ table.sources { [% pf_section_entry( 'soh', 'Statement of Health') %] [%- END %] [%- END %] - [%- IF can_access("FINGERPRINTS_READ") || can_access("USERAGENTS_READ") || can_access("MAC_READ") %] + [%- IF can_access_any("FINGERPRINTS_READ","USERAGENTS_READ","MAC_READ") %]
    • [% l('Identification') %]
      • [%- IF can_access("FINGERPRINTS_READ") %] [% list_entry('Configuration::FingerPrints', 'index', 'Fingerprints') %] diff --git a/html/pfappserver/root/admin/login.tt b/html/pfappserver/root/admin/login.tt index 85b13714f39d..30c220c5980a 100644 --- a/html/pfappserver/root/admin/login.tt +++ b/html/pfappserver/root/admin/login.tt @@ -1,4 +1,4 @@ -[% jsFiles = ['app/application', 'admin/login'] %] +[% jsFiles = ['admin/login'] %]
      @@ -11,8 +11,8 @@ Warning! [% status_msg %]
      [% END %] -
      - + +
      diff --git a/html/pfappserver/root/admin/nodes.tt b/html/pfappserver/root/admin/nodes.tt index b3e8690f817c..2534d3a7a9f4 100644 --- a/html/pfappserver/root/admin/nodes.tt +++ b/html/pfappserver/root/admin/nodes.tt @@ -15,7 +15,6 @@ 'admin/nodes', 'admin/searches', 'js/bootstrapSwitch', - 'js/moment.min', 'js/node', 'js/user', ] @@ -33,34 +32,24 @@ form { width: 160px; } .table-dynamic .action { - width: 32px; + width: 36px; } - - + [% INCLUDE admin/saved_search.inc savedSearchController="SavedSearch::Node" method="POST" %]
      • [% l('Nodes') %]
        • + [%- IF can_access("NODES_READ") -%]
      • [% l('Search') %]
        • + [%- END -%] + [%- IF can_access("NODES_CREATE") -%]
      • [% l('Create') %]
        • + [%- END -%] + [%- IF can_access("NODES_READ") -%]
      • [% l('Saved Searches') %]
        • [%FOR ss IN saved_searches%] [% form = ss.form %] @@ -71,14 +60,15 @@ form { tab ='simple'; END%]
      • - [% ss.name %] + [% ss.name %]
        [%FOREACH input IN form.keys.sort%] - + [%END%]
        • [%END%] + [%- END -%]
      @@ -126,24 +116,28 @@ form { - - + + - - + + [% END -%] + [% PROCESS search_options disabled=1 %] @@ -152,24 +146,7 @@ form { - - - + [% PROCESS search_options disabled=0 %] diff --git a/html/pfappserver/root/admin/reports.tt b/html/pfappserver/root/admin/reports.tt index 87f8502a6383..c791724fd391 100644 --- a/html/pfappserver/root/admin/reports.tt +++ b/html/pfappserver/root/admin/reports.tt @@ -46,9 +46,9 @@
      - + - +
      diff --git a/html/pfappserver/root/admin/saved_search.inc b/html/pfappserver/root/admin/saved_search.inc new file mode 100644 index 000000000000..2be291b030d5 --- /dev/null +++ b/html/pfappserver/root/admin/saved_search.inc @@ -0,0 +1,20 @@ + + diff --git a/html/pfappserver/root/admin/status.tt b/html/pfappserver/root/admin/status.tt index fe10ab73b78d..917d8f048517 100644 --- a/html/pfappserver/root/admin/status.tt +++ b/html/pfappserver/root/admin/status.tt @@ -21,7 +21,9 @@
      • [% l('Overview') %]
        • + [%- IF can_access("REPORTS") %]
      • [% l('Dashboard') %]
        • + [%- END %] [%- IF can_access("SERVICES") %]
      • [% l('Services') %]
        • [%- END %] diff --git a/html/pfappserver/root/admin/users.tt b/html/pfappserver/root/admin/users.tt index b8134e092530..20b65b65f452 100644 --- a/html/pfappserver/root/admin/users.tt +++ b/html/pfappserver/root/admin/users.tt @@ -37,25 +37,7 @@ form { - + [% INCLUDE admin/saved_search.inc method="" savedSearchController="SavedSearch::User"%]
        @@ -65,8 +47,13 @@ form {
        • [% l('Users') %]
          • + [%- IF can_access('USERS_READ') -%]
        • [% l('Search') %]
          • + [%- END -%] + [%- IF can_access('USERS_CREATE') -%]
        • [% l('Create') %]
          • + [%- END -%] + [%- IF can_access('USERS_READ') -%]
        • [% l('Saved Searches') %]
          • [% FOR ss IN saved_searches %] [% form = ss.form %] @@ -80,11 +67,12 @@ form { [% ss.name %]
          [%FOREACH input IN form.keys.sort%] - + [%END%]
          [%END%] + [%- END -%]
        @@ -153,6 +141,27 @@ form { + + + + + + + + + + + + + + + + + + + + + [% END %] +[% IF c.action.name == "view" %] +[% SET action_url = c.uri_for(c.controller.action_for('update'), [ item.id ]) %] +[%ELSE%] +[% SET action_url = c.req.uri %] +[% END %] +
        + [%- IF item.id %][% END %]
        × -

        [% IF item %][% l('Admin Role') %] [% item.id %][% ELSE %][% l('New Admin Role') %][% END %]

        +

        [% IF item %][% l('Admin Role') %] [% item.id | html %][% ELSE %][% l('New Admin Role') %][% END %]

        diff --git a/html/pfappserver/root/configuration/authentication.tt b/html/pfappserver/root/configuration/authentication.tt index ee9119995dd8..0b807d96dc5a 100644 --- a/html/pfappserver/root/configuration/authentication.tt +++ b/html/pfappserver/root/configuration/authentication.tt @@ -45,8 +45,8 @@ [% is_sql = (source.field('type').value == 'SQL') %] [% i = i + 1 ; i %] - [% source.field('id').render_element %][% IF is_sql %][% source.field('id').value %][% ELSE %][% source.field('id').value %][% END %] - [% source.field('description').value %] + [% source.field('id').render_element %][% IF is_sql %][% source.field('id').value %][% ELSE %][% source.field('id').value | html %][% END %] + [% source.field('description').value | html %] [% l(source.field('type').value) %] [% IF NOT is_sql AND can_access("USERS_SOURCES_DELETE") %][% l('Delete') %][% END %] @@ -73,8 +73,8 @@ [% IF source.field('class').value == 'external' %] - [% source.field('id').render_element %][% source.field('id').value %] - [% source.field('description').value %] + [% source.field('id').render_element %][% source.field('id').value | html %] + [% source.field('description').value | html %] [% l(source.field('type').value) %] [%- IF can_access("USERS_SOURCES_DELETE") %] @@ -103,8 +103,8 @@ [% IF source.field('class').value == 'exclusive' %] - [% source.field('id').render_element %][% source.field('id').value %] - [% source.field('description').value %] + [% source.field('id').render_element %][% source.field('id').value | html %] + [% source.field('description').value | html %] [% l(source.field('type').value) %] [% l('Delete') %] diff --git a/html/pfappserver/root/configuration/floatingdevice/index.tt b/html/pfappserver/root/configuration/floatingdevice/index.tt index 03498a2c12ee..1c31ea69c201 100644 --- a/html/pfappserver/root/configuration/floatingdevice/index.tt +++ b/html/pfappserver/root/configuration/floatingdevice/index.tt @@ -21,6 +21,6 @@ [%- IF can_access("FLOATING_DEVICES_CREATE") %]
        - [% l('Add floating device') %] + [% l('Add floating device') %]
        [%- END %] diff --git a/html/pfappserver/root/configuration/floatingdevice/list.tt b/html/pfappserver/root/configuration/floatingdevice/list.tt index 6758f08c9744..3face1cfa2f0 100644 --- a/html/pfappserver/root/configuration/floatingdevice/list.tt +++ b/html/pfappserver/root/configuration/floatingdevice/list.tt @@ -1,4 +1,4 @@ - +
        @@ -9,18 +9,18 @@ - [% FOREACH floatingdevice IN items %] + [% FOREACH item IN items %] - - - - + + + + diff --git a/html/pfappserver/root/configuration/floatingdevice/view.tt b/html/pfappserver/root/configuration/floatingdevice/view.tt index 7d3800e4014a..98e836fab794 100644 --- a/html/pfappserver/root/configuration/floatingdevice/view.tt +++ b/html/pfappserver/root/configuration/floatingdevice/view.tt @@ -2,10 +2,10 @@ [% SET action_uri = c.req.uri %] [%END %] - [%- IF item.id %][% END %] + [%- IF item.id %][% END %]
        × -

        [% IF item %][% l('Floating Device') %] [% item.id %][% ELSE %][% l('New Floating Device') %][% END %]

        +

        [% IF item %][% l('Floating Device') %] [% item.id | html %][% ELSE %][% l('New Floating Device') %][% END %]

        diff --git a/html/pfappserver/root/configuration/index.tt b/html/pfappserver/root/configuration/index.tt new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/html/pfappserver/root/configuration/switch/list.tt b/html/pfappserver/root/configuration/switch/list.tt index 8f355b51a522..218c72a76be7 100644 --- a/html/pfappserver/root/configuration/switch/list.tt +++ b/html/pfappserver/root/configuration/switch/list.tt @@ -1,3 +1,40 @@ +[%- MACRO pagination(pageNumber, perPage, pageCount) BLOCK -%] +[% + firstPage = pageNumber - 3; + IF firstPage < 1; firstPage = 1; END; + lastPage = firstPage + 6; + IF lastPage > pageCount; + lastPage = pageCount; + firstPage = lastPage - 6; + IF firstPage < 1; firstPage = 1; END; + END; +%] + +[%- END -%] + + [% pagination(pageNum, perPage, pageCount) %]
        [% l('MAC') %]
        [% floatingdevice.id %][% floatingdevice.ip %][% IF floatingdevice.switch %] [% l('Edit switch') %][% END %][% floatingdevice.pvid %][% IF floatingdevice.trunkPort == 'yes' %][% END %][% item.id | html %][% item.ip %][% IF item.switch %] [% l('Edit switch') %][% END %][% item.pvid | html %][% IF item.trunkPort == 'yes' %][% END %] [%- IF can_access("FLOATING_DEVICES_CREATE") %] - [% l('Clone') %] + [% l('Clone') %] [%- END %] [%- IF can_access("FLOATING_DEVICES_DELETE") %] - [% l('Delete') %] + [% l('Delete') %] [%- END %]
        @@ -11,7 +48,7 @@ [% FOREACH switch IN items %] - @@ -26,3 +63,4 @@ [% END -%]
        [% switch.id %] + [% switch.id | html %] [% IF switch.floatingdevice && switch.floatingdevice.id %] [% l('Edit floating device') %][% END %] [% switch.description %] [% switch.type %]
        + [% pagination(pageNum, perPage, pageCount) %] diff --git a/html/pfappserver/root/configuration/switch/view.tt b/html/pfappserver/root/configuration/switch/view.tt index b247096fb3f0..1e5f6db38017 100644 --- a/html/pfappserver/root/configuration/switch/view.tt +++ b/html/pfappserver/root/configuration/switch/view.tt @@ -1,10 +1,10 @@ [% form.block('triggers').render %] - [%- IF item.id.defined %][% END %] + [%- IF item.id.defined %][% END %]
        × -

        [% IF item.id.defined %][% l('Switch') %] [% item.id %][% ELSE %][% l('New Switch') %][% END %]

        +

        [% IF item.id.defined %][% l('Switch') %] [% item.id | html %][% ELSE %][% l('New Switch') %][% END %]

        diff --git a/html/pfappserver/root/configuration/wrix/clone.tt b/html/pfappserver/root/configuration/wrix/clone.tt new file mode 100644 index 000000000000..4dc78f013068 --- /dev/null +++ b/html/pfappserver/root/configuration/wrix/clone.tt @@ -0,0 +1 @@ +[% INCLUDE configuration/wrix/view.tt %] diff --git a/html/pfappserver/root/configuration/wrix/create.tt b/html/pfappserver/root/configuration/wrix/create.tt new file mode 100644 index 000000000000..4dc78f013068 --- /dev/null +++ b/html/pfappserver/root/configuration/wrix/create.tt @@ -0,0 +1 @@ +[% INCLUDE configuration/wrix/view.tt %] diff --git a/html/pfappserver/root/configuration/wrix/export.tt b/html/pfappserver/root/configuration/wrix/export.tt new file mode 100644 index 000000000000..6ce698890fa3 --- /dev/null +++ b/html/pfappserver/root/configuration/wrix/export.tt @@ -0,0 +1,5 @@ +Version 1.1 [% now.strftime("%B %d %Y") %] +[%combine(columns)%] +[%- FOREACH item IN items %] +[%combine_row(columns,item)%] +[%-END %] diff --git a/html/pfappserver/root/configuration/wrix/index.tt b/html/pfappserver/root/configuration/wrix/index.tt new file mode 100644 index 000000000000..990ca2905d08 --- /dev/null +++ b/html/pfappserver/root/configuration/wrix/index.tt @@ -0,0 +1,27 @@ +

        + + + + +

        [% l('WRIX') %]

        +
        + [% INCLUDE configuration/wrix/search_form.tt %] +
        + [% INCLUDE configuration/wrix/list.tt %] +
        + [% l('Add Wrix Entry') %] + [% l('Export All') %] +
        diff --git a/html/pfappserver/root/configuration/wrix/list.tt b/html/pfappserver/root/configuration/wrix/list.tt new file mode 100644 index 000000000000..dbd3b9c202f4 --- /dev/null +++ b/html/pfappserver/root/configuration/wrix/list.tt @@ -0,0 +1,76 @@ +[% DEFAULT + list_action = 'list'; +%] +[% pagination = BLOCK %] + +[% END %] + + + + + + + + + + + + [% FOREACH item IN items %] + + + + [% END -%] + + + + + + +
        + [% pagination %] +
        [% l('WRIX Identifer') %]
        [% item.id %] + + [% l('Clone') %] + [% l('Delete') %] +
        + [% pagination %] +
        diff --git a/html/pfappserver/root/configuration/wrix/search.tt b/html/pfappserver/root/configuration/wrix/search.tt new file mode 100644 index 000000000000..a179d5cc2bbf --- /dev/null +++ b/html/pfappserver/root/configuration/wrix/search.tt @@ -0,0 +1 @@ +[% INCLUDE 'configuration/wrix/list.tt' list_action = 'search' %] diff --git a/html/pfappserver/root/configuration/wrix/search_form.tt b/html/pfappserver/root/configuration/wrix/search_form.tt new file mode 100644 index 000000000000..f3a5a7883af2 --- /dev/null +++ b/html/pfappserver/root/configuration/wrix/search_form.tt @@ -0,0 +1,154 @@ + + + + + +
        + [% match_options = BLOCK %] + + [% END %] + [% l('Match [_1] of the following conditions:', [match_options]) %] +
        + + + + + + + + + + + + + + + + +
        + + + + + + +
        +
        + +
        +
        + + diff --git a/html/pfappserver/root/configuration/wrix/view.tt b/html/pfappserver/root/configuration/wrix/view.tt new file mode 100644 index 000000000000..12e24fca7a8d --- /dev/null +++ b/html/pfappserver/root/configuration/wrix/view.tt @@ -0,0 +1,54 @@ +[% IF c.action.name == "view" %] +[% SET action_url = c.uri_for(c.controller.action_for('update'), [ item.id ]) %] +[%ELSE%] +[% SET action_url = c.req.uri %] +[%END%] +
        + [%- IF item.id.defined %][% END %] +
        + × +

        [% IF item.id.defined %][% l('WRIX Information') %] [% item.id %][% ELSE %][% l('New WRIX Information') %][% END %]

        +
        + +
        + + + +
        + +
        + [% form.field('id').render UNLESS item && item.id.defined %] + [% form.block('identification').render %] +
        + +
        + [% form.block('location').render %] +
        + +
        + [% form.block('ssid').render %] +
        + +
        + [% form.block('hours').render %] +
        + +
        + [% form.block('lat_long').render %] +
        + +
        +
        + +
        + [% l('Close') %] + +
        + +
        diff --git a/html/pfappserver/root/configurator/admin.tt b/html/pfappserver/root/configurator/admin.tt index 4a40d3fe6248..0480cdccd59e 100644 --- a/html/pfappserver/root/configurator/admin.tt +++ b/html/pfappserver/root/configurator/admin.tt @@ -59,6 +59,6 @@
        -

        © Inverse 2013

        +

        © Inverse 2014

        diff --git a/html/pfappserver/root/configurator/configuration.tt b/html/pfappserver/root/configurator/configuration.tt index 0cec47410e80..d60048318a92 100644 --- a/html/pfappserver/root/configurator/configuration.tt +++ b/html/pfappserver/root/configurator/configuration.tt @@ -27,21 +27,21 @@
        - +

        Domain name of the PacketFence server.

        - +

        Hostname of this PacketFence server. This value is concatenated with the above domain name and therefore must be resolvable by devices on your network.

        - +

        Comma-delimited list of DHCP servers in your production environment.

        @@ -49,7 +49,7 @@
        - +

        Email address to which notifications for rogue DHCP servers, violations with an action of email, or any other PacketFence-related messages goes to.

        @@ -62,6 +62,6 @@
      -

      © Inverse 2013

      +

      © Inverse 2014

      diff --git a/html/pfappserver/root/configurator/database.tt b/html/pfappserver/root/configurator/database.tt index 2c100f3718cf..cabd6c741603 100644 --- a/html/pfappserver/root/configurator/database.tt +++ b/html/pfappserver/root/configurator/database.tt @@ -62,7 +62,7 @@
      - +
      @@ -118,6 +118,6 @@
      -

      © Inverse 2013

      +

      © Inverse 2014

      diff --git a/html/pfappserver/root/configurator/enforcement.tt b/html/pfappserver/root/configurator/enforcement.tt index 51f6f55f5eaf..6402dbed2cd6 100644 --- a/html/pfappserver/root/configurator/enforcement.tt +++ b/html/pfappserver/root/configurator/enforcement.tt @@ -66,6 +66,6 @@
    -

    © Inverse 2013

    +

    © Inverse 2014

    diff --git a/html/pfappserver/root/configurator/networks.tt b/html/pfappserver/root/configurator/networks.tt index 294e7131f12e..631694ca79fe 100644 --- a/html/pfappserver/root/configurator/networks.tt +++ b/html/pfappserver/root/configurator/networks.tt @@ -40,7 +40,7 @@

    [% l('Default Gateway') %]

    - +

    [% l('Your gateway IP address to access Internet.') %]

    @@ -53,6 +53,6 @@
    -

    © Inverse 2013

    +

    © Inverse 2014

    diff --git a/html/pfappserver/root/configurator/services.tt b/html/pfappserver/root/configurator/services.tt index 851b4e6e82a8..f65c44afb6e0 100644 --- a/html/pfappserver/root/configurator/services.tt +++ b/html/pfappserver/root/configurator/services.tt @@ -8,7 +8,7 @@

    You have successfully configured and launched PacketFence.

    You will now be redirected to the administration interface where you can configure violations and monitor your new NAC.

    - Visit Administration Interface Now! + Visit Administration Interface Now!
    @@ -74,6 +74,6 @@
    -

    © Inverse 2013

    +

    © Inverse 2014

    diff --git a/html/pfappserver/root/graph/counter.tt b/html/pfappserver/root/graph/counter.tt index 009b48c87f8e..aaf2263c27fb 100644 --- a/html/pfappserver/root/graph/counter.tt +++ b/html/pfappserver/root/graph/counter.tt @@ -1,4 +1,4 @@ - -

    [% count.nb %]

    + +

    [% count.nb | html %]

    [% l(title) %]
     diff --git a/html/pfappserver/root/graph/dashboard.tt b/html/pfappserver/root/graph/dashboard.tt index ec47db128b01..3e8da083f672 100644 --- a/html/pfappserver/root/graph/dashboard.tt +++ b/html/pfappserver/root/graph/dashboard.tt @@ -6,9 +6,9 @@
    - + - +
    diff --git a/html/pfappserver/root/graph/line.tt b/html/pfappserver/root/graph/line.tt index 2ee2621bbfcb..833795e64a30 100644 --- a/html/pfappserver/root/graph/line.tt +++ b/html/pfappserver/root/graph/line.tt @@ -1,23 +1,23 @@
    [% FOREACH counter IN counters %] -
    -

    [% counter.count.nb %]

    +
    +

    [% counter.count.nb | html %]

    [% l(counter.title) %]
    [% END %] [% IF section == 'reports' -%] -

    [% title %]

    -
    [% range.start %] [% range.end %]
    +

    [% title | html %]

    +
    [% range.start | html %] [% range.end | html %]
    [%- END %] [%- IF labels.size > 0 %] -
    +