Merge to 4.1.0

Conflicts:
	ChangeLog
	NEWS.asciidoc
	conf/pf-release
	lib/pf/config/cached.pm
	lib/pf/services.pm

NEWS.asciidoc

@@ -11,6 +11,76 @@ This is a list of noteworthy changes across releases.
 For more details and developer visible changes see the ChangeLog file.
 For a list of compatibility related changes see the UPGRADE.asciidoc file.
 
+Version 4.1.0 released on 2013-12-11
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+New Features
+++++++++++++
+
+* Portal profiles can be filtered by switches
+* Proxy interception
+* New pfcmd command fixpermissions
+* Added a "Null" authenication source
+* Displayed columns of nodes are now customizable
+* Create a single node or import multiple nodes from a CSV file from the Web admin
+* LDAP authentication sources can now filter by group membership using a second LDAP query
+* Extended definition of access durations
+* FreeRADIUS does not need to be restarted after adding a switch
+* New customizable ACLs for Web admin interface
+
+Enhancements
+++++++++++++
+
+* Improved error messages in RADIUS modules
+* Simple search for nodes now includes IP address
+* Search by MAC address for nodes and users now accepts any MAC format
+* Improved starting delay when using inline mode
+* Added memcached as a managed service
+* Added CoA support for Xirrus access point
+* Improved validation of VLAN management
+* Updated FontAwesome to version 3.2.1
+* Each portal profile can now have a different redirection URL
+* Initial destination URL is now respected with Firefox
+* An Htpasswd source can now define sponsors
+* Improved display of pie charts (limit of legend labels and highlight of table rows)
+* Creation of users is now performed from the users page (was on the configuration page)
+* Validate file path when saving an Htpasswd authentication source
+* Improved validation of a sponsor's email address
+* Allow actions depending on authentication source type
+* Modified logrotate so it uses copytruncate instead of restarting the services.
+* Now comes with a corosync compatible barnyard2 init script in addons.
+* Unreg the node when you come from a secure connection to an open connection
+* Allow a self-registered node by SMS to go back to the registration page
+* Sponsor email authentication source can refuse email addresses of the local domain (as the email source)
+* Updated German (de) translation
+
+Bug Fixes
++++++++++
+
+* RADIUS configuration files are no longer replaced when updating packages
+* Fixed match of Htpasswd authentication source (#1714)
+* Fixed creation of users without a role (#1721)
+* Fixed expiration date of registration to the end of the day (#1722)
+* Fixed caching issue when editing authentication sources (#1729)
+* Allow rules with dashes (#1730)
+* Fixed vconfig setting the wrong name_type
+* Fixed help text in Web admin (#1724)
+* Removed references to unavailable snort rules (#1715)
+* Fixed LDAP regexp condition not considering all attribute values (#1737)
+* Fixed sort by phone number and nodes count when performing an advanced search on users (#1738)
+* Fixed users searches not being saved in the proper namespace
+* Fixed handling of form submit when saving a user search
+* Fixed self-registration of multiple unverified devices
+* Fixed duplicate entries in advanced search of nodes
+* Fixed advanced search by node category
+* Fixed reordering of conf sections and groups (#1749)
+* Fixed pid of SMS-registered devices (was "admin" in certain circumstances)
+* Fixed saving of 'allow local domain' option when disabled in an email authentication source
+* The 'allow local domain' option of the email source will now only affect the user who registers by email
+* Fixed ifoctetshistoryuser command to use the correct query when just a user is given
+* Fixed network-detection for IE 8
+* Fixed SQL query of SSID report in Web admin
+
 Version 4.0.6-2 released on 2013-09-13
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

UPGRADE.asciidoc

@@ -5,6 +5,31 @@ http://www.packetfence.org/
 
 Notes on upgrading from an older release.
 
+Upgrading from a version prior to 4.1.0
+---------------------------------------
+
+Database schema update
+^^^^^^^^^^^^^^^^^^^^^^
+
+The category column in the temporary_password should not be mandatory.
+
+Also, the access_level of the temporary_password table is now a string instead of a bit string.
+
+Make sure you run the following to update your schema:
+
+  mysql -u root -p pf -v < db/upgrade-4.0.0-4.1.0.sql
+
+Configuration changes
+^^^^^^^^^^^^^^^^^^^^^
+
+The parameters `trapping.redirecturl` and `trapping.always_use_redirecturl` from `pf.conf` (or `pf.conf.defaults`)
+were moved to the default portal profile in `profiles.conf`.
+
+The action `set_access_level` of authentication sources in `authentication.pf` must now match one of the admin roles
+defined in `adminroles.conf`. The previous level `4294967295` must be replaced by *ALL* and the level `0` by *NONE*.
+
+Adjust your configuration files accordingly.
+
 Upgrading from a version prior to 4.0.6
 ---------------------------------------
 

addons/barnyard2.sh

@@ -0,0 +1,116 @@
+#!/bin/bash
+# lmunro@inverse.ca 20130508
+# License: GNU General Public License 2 (GPL2)
+#
+# This script is called from heartbeat (or corosync) to manage 
+# the Barnyard2 resource.
+# It is loosely based on the barnyard2 init script.
+
+# Source function library
+. /etc/rc.d/init.d/functions
+
+# program name
+BASE=barnyard2
+
+# program options
+CONF="/usr/local/$BASE/etc/barnyard2.conf"
+GEN_MAP="/usr/local/pf/conf/snort/gen-msg.map"
+SID_MAP="/usr/local/pf/conf/snort/sid-msg.map"
+LOG_DIR="/var/log/snort"
+SPOOL_DIR="/var/log/snort"
+LOG_FILE="merged.log"
+WALDO_FILE="/var/log/snort/barnyard2.waldo"
+DAEMON="-D"
+
+# Check that $BASE exists.
+[ -f /usr/local/bin/$BASE ] || exit 0
+
+# source ocf functions
+: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/resource.d/heartbeat}
+. ${OCF_FUNCTIONS_DIR}/.ocf-shellfuncs
+
+
+RETVAL=0
+
+
+_get_meta_data() {
+        cat <<END
+<?xml version="1.0"?>
+<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
+<resource-agent name="Barnyard">
+<version>1.0</version>
+        
+<longdesc lang="en"> 
+The Barnyard resource agent manages the barnyard2 service.
+</longdesc>
+                
+<shortdesc lang="en">
+Barnyard
+</shortdesc>    
+
+<parameters>
+</parameters>   
+
+<actions>
+<action name="start"   timeout="300" />
+<action name="stop"    timeout="100" />
+<action name="monitor" depth="0"  timeout="20" interval="20" />
+<action name="meta-data"  timeout="5" />
+</actions>
+</resource-agent>
+END
+
+        return $OCF_SUCCESS
+}
+
+
+
+_start () {
+    if [ -n "`/sbin/pidof $BASE`" ]; then
+      echo -n $"$BASE: already running"
+      echo ""
+      exit $OCF_SUCCESS
+    fi
+    echo -n "Starting Barnyard: "
+    /usr/local/bin/$BASE -c $CONF -G $GEN_MAP -S $SID_MAP -d $SPOOL_DIR -l $LOG_DIR -f $LOG_FILE -w $WALDO_FILE $DAEMON
+    sleep 1
+    action "" /sbin/pidof $BASE
+    RETVAL=$?
+    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/barnyard2
+}
+
+_stop () {
+    echo -n "Shutting down Barnyard: "
+    killproc /usr/local/bin/$BASE
+    RETVAL=$?
+    echo
+    [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/barnyard2
+}
+
+_monitor () {
+    status $BASE || RETVAL=7
+}
+
+_usage () {
+    echo "Usage: barnyard {start|stop|monitor|meta_data}"
+}
+
+case $__OCF_ACTION in
+	meta-data) 
+		    _get_meta_data
+		exit $OCF_SUCCESS
+		;;
+        start)      _start
+	        exit $RETVAL
+                ;;
+        stop)       _stop
+                ;;
+        monitor)    _monitor
+	        exit $RETVAL
+                ;;
+        *)          _usage
+                exit $OCF_ERR_UNIMPLEMENTED
+	        ;;
+esac
+
+exit $?

addons/dev-helpers/dump.pl

@@ -0,0 +1,103 @@
+#!/usr/bin/perl
+use lib qw(/usr/local/pf/lib);
+
+package pf::dump;
+use base qw(pf::cmd::subcmd);
+
+=head1 NAME
+
+dump add documentation
+
+=head1 SYNOPSIS
+
+dump.pl <config|floatingdevices|profiles_filters|profiles|sources>
+
+=head1 DESCRIPTION
+
+dump
+
+=cut
+
+
+package pf::dump::config;
+use base qw(pf::cmd);
+use Data::Dumper;
+
+sub _run {
+    require pf::config;
+    print Dumper(\%pf::config::Config);
+}
+
+
+package pf::dump::floatingdevices;
+use base qw(pf::cmd);
+use Data::Dumper;
+
+sub _run {
+    require pf::config;
+    print Dumper(\%pf::config::ConfigFloatingDevices);
+}
+
+package pf::dump::profiles;
+use base qw(pf::cmd);
+use Data::Dumper;
+
+sub _run {
+    require pf::config;
+    print Dumper(\%pf::config::Profiles_Config);
+}
+
+
+package pf::dump::profiles_filters;
+use base qw(pf::cmd);
+use Data::Dumper;
+
+sub _run {
+    require pf::config;
+    print Dumper(\%pf::config::Profile_Filters);
+}
+
+package pf::dump::sources;
+use base qw(pf::cmd);
+use Data::Dumper;
+
+sub _run {
+    require pf::authentication;
+    print Dumper(\@pf::authentication::authentication_sources);
+}
+
+package main;
+use strict;
+use warnings;
+use lib qw(/usr/local/pf/lib);
+
+exit pf::dump->new({args => \@ARGV})->run();
+
+
+=head1 AUTHOR
+
+Inverse inc. <info@inverse.ca>
+
+=head1 COPYRIGHT
+
+Copyright (C) 2005-2013 Inverse inc.
+
+=head1 LICENSE
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
+USA.
+
+=cut
+

addons/getlogs.sh

@@ -0,0 +1,46 @@
+#!/bin/bash
+
+#Get the log for the current day
+
+DATE=now
+
+if [ "$#" != "0"  ]; then
+    DATE="$@"
+fi
+
+PATTERN1="$(date --date="$DATE" +'%b %d').*"
+
+PATTERN2="$(date --date="$DATE" +'\[%a %b %d').*"
+
+PATTERN3=".*?$(date --date="$DATE" +'\[%d/%b/%Y').*"
+
+PATTERN4="$(date --date="$DATE" +'%a %b %d').*"
+
+LOGDIR=/usr/local/pf/logs
+
+TEMPDIR=$(mktemp -d)
+
+TEMPLOGDIRNAME="logs-$(date +'%Y%m%d%H%M%S')"
+
+TEMPLOGDIR=$TEMPDIR/$TEMPLOGDIRNAME
+mkdir $TEMPLOGDIR
+
+extract_log() {
+    PATTERN=$1
+    shift
+    while [ "$#" != "0" ];do
+        LOGNAME="$1"
+        LOG="$LOGDIR/$LOGNAME"
+        grep -P -A"$(wc -l $LOG  | cut -d' ' -f1)" "$PATTERN1" "$LOG" > "$TEMPLOGDIR/$LOGNAME"
+        shift
+    done
+}
+
+extract_log "$PATTERN1" catalyst.log packetfence.log
+extract_log "$PATTERN2" admin_error_log portal_error_log webservices_error_log
+extract_log "$PATTERN3" admin_access_log portal_access_log  webservices_access_log
+extract_log "$PATTERN4" radius.log
+
+tar -C"$TEMPDIR" -zcf $TEMPLOGDIRNAME.tar.gz $TEMPLOGDIRNAME
+
+rm -rf $TEMPDIR

addons/logrotate

@@ -1,17 +1,11 @@
 # logrotate file for packetfence
 
-/usr/local/pf/logs/access_log /usr/local/pf/logs/admin_access_log /usr/local/pf/logs/admin_error_log /usr/local/pf/logs/error_log /usr/local/pf/logs/packetfence.log /usr/local/pf/logs/pfdetect /usr/local/pf/logs/pfmon /usr/local/pf/logs/snmptrapd.log /usr/local/pf/logs/radius.log /usr/local/pf/logs/portal_access_log /usr/local/pf/logs/portal_error_log /usr/local/pf/logs/webservices_access_log /usr/local/pf/logs/webservices_error_log /usr/local/pf/logs/catalyst.log {
+/usr/local/pf/logs/access_log /usr/local/pf/logs/admin_access_log /usr/local/pf/logs/admin_error_log /usr/local/pf/logs/error_log /usr/local/pf/logs/packetfence.log /usr/local/pf/logs/pfdetect /usr/local/pf/logs/pfmon /usr/local/pf/logs/snmptrapd.log /usr/local/pf/logs/radius.log /usr/local/pf/logs/portal_access_log /usr/local/pf/logs/portal_error_log /usr/local/pf/logs/portal_error_log /usr/local/pf/logs/proxy_access_log /usr/local/pf/logs/webservices_access_log /usr/local/pf/logs/webservices_error_log /usr/local/pf/logs/catalyst.log {
     weekly
     rotate 52
     missingok
     compress
     delaycompress
-    sharedscripts
-    create 644 pf pf
-    postrotate
-        # uncomment the crm statements if you are running packetfence in a corosync cluster
-        #/usr/sbin/crm resource unmanage PacketFence
-        /etc/init.d/packetfence condrestart  >/dev/null 2>&1 || true
-        #/usr/sbin/crm resource manage PacketFence
-    endscript
+    su pf pf
+    copytruncate
 }