From b9720b333236286f14da8663e8e6a334a27f65a5 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 6 Sep 2013 08:54:19 -0400 Subject: [PATCH 001/369] Close tag in advanced search of nodes --- html/pfappserver/root/node/advanced_search.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/pfappserver/root/node/advanced_search.tt b/html/pfappserver/root/node/advanced_search.tt index d249918fdb19..d150462a8e06 100644 --- a/html/pfappserver/root/node/advanced_search.tt +++ b/html/pfappserver/root/node/advanced_search.tt @@ -53,7 +53,7 @@ [% l(node.status) %] [% node.mac %] [% node.computername %] - [% node.pid %] + [% node.pid %] [% IF node.last_ssid %] [% END %][% node.last_ip %] [% node.dhcp_fingerprint %] [% node.category %] From f9a2c2c5075b2a154f69b70a96ecc7b343786601 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 6 Sep 2013 12:27:03 -0400 Subject: [PATCH 002/369] Improve error messages in RADIUS modules --- NEWS.asciidoc | 18 ++++++++++++ lib/pf/radius/soapclient.pm | 57 +++++++++++++++++++++---------------- raddb/packetfence-soh.pm | 8 ++++-- raddb/packetfence.pm | 5 +++- 4 files changed, 61 insertions(+), 27 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index a5f5b1341ec3..b5779c2e6b20 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -11,6 +11,24 @@ This is a list of noteworthy changes across releases. For more details and developer visible changes see the ChangeLog file. For a list of compatibility related changes see the UPGRADE.asciidoc file. +Version 4.x.y released on 2013-MM-DD +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +New Features +++++++++++++ + +* + +Enhancements +++++++++++++ + +* Improved error messages in RADIUS modules + +Bug Fixes ++++++++++ + +* + Version 4.0.6 released on 2013-09-05 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/lib/pf/radius/soapclient.pm b/lib/pf/radius/soapclient.pm index e4ca1d3002dd..8516767041c9 100644 --- a/lib/pf/radius/soapclient.pm +++ b/lib/pf/radius/soapclient.pm @@ -1,4 +1,5 @@ package pf::radius::soapclient; + =head1 NAME pf::radius::soapclient add documentation @@ -13,38 +14,46 @@ pf::radius::soapclient use strict; use warnings; -# Configuration parameter -use constant SOAP_PORT => '9090'; #TODO: See note1 -use constant API_URI => 'https://www.packetfence.org/PFAPI'; # don't change this unless you know what you are doing + +use HTML::Entities; +use Log::Log4perl; use WWW::Curl::Easy; use XML::Simple; -use HTML::Entities; + use base qw(Exporter); our @EXPORT = qw(send_soap_request build_soap_request); +# Configuration parameter +use constant SOAP_PORT => '9090'; #TODO: See note1 +use constant API_URI => 'https://www.packetfence.org/PFAPI'; # don't change this unless you know what you are doing + sub send_soap_request { my ($function,$data) = @_; my $response; - eval { - my $request = build_soap_request($function,$data); - my $curl = WWW::Curl::Easy->new; - my $response_body; - $curl->setopt(CURLOPT_HEADER, 0); - $curl->setopt(CURLOPT_URL, 'http://127.0.0.1:' . SOAP_PORT); # TODO: See note1 - # $curl->setopt(CURLOPT_URL, 'http://127.0.0.1:' . $Config{'ports'}{'soap'}); # TODO: See note1 - $curl->setopt(CURLOPT_HTTPHEADER, ['Content-Type: text/xml; charset=UTF-8']); - $curl->setopt(CURLOPT_POSTFIELDS, $request); - $curl->setopt(CURLOPT_WRITEDATA, \$response_body); - - # Starts the actual request - my $curl_return_code = $curl->perform; - - # Looking at the results... - if ( $curl_return_code == 0 ) { - my $xml = new XML::Simple; - $response = $xml->XMLin($response_body, NoAttr => 1); - } - }; + + my $request = build_soap_request($function,$data); + my $curl = WWW::Curl::Easy->new; + my $response_body; + $curl->setopt(CURLOPT_HEADER, 0); + $curl->setopt(CURLOPT_URL, 'http://127.0.0.1:' . SOAP_PORT); # TODO: See note1 +# $curl->setopt(CURLOPT_URL, 'http://127.0.0.1:' . $Config{'ports'}{'soap'}); # TODO: See note1 + $curl->setopt(CURLOPT_HTTPHEADER, ['Content-Type: text/xml; charset=UTF-8']); + $curl->setopt(CURLOPT_POSTFIELDS, $request); + $curl->setopt(CURLOPT_WRITEDATA, \$response_body); + + # Starts the actual request + my $curl_return_code = $curl->perform; + + # Looking at the results... + if ( $curl_return_code == 0 ) { + my $xml = new XML::Simple; + $response = $xml->XMLin($response_body, NoAttr => 1); + } + else { + my $msg = "An error occured while sending a SOAP request: $curl_return_code ".$curl->strerror($curl_return_code)." ".$curl->errbuf; + die $msg; + } + return $response; } diff --git a/raddb/packetfence-soh.pm b/raddb/packetfence-soh.pm index 3ad4ddbbc6fa..e78bf19c53fc 100644 --- a/raddb/packetfence-soh.pm +++ b/raddb/packetfence-soh.pm @@ -61,8 +61,8 @@ the only callback available inside an SoH virtual server. sub authorize { my $radius_return_code = $RADIUS::RLM_MODULE_REJECT; eval { - my $data = send_soap_request("soh_authorize",\%RAD_REQUEST); - if ( $data) { + my $data = send_soap_request("soh_authorize", \%RAD_REQUEST); + if ($data) { my $elements = $data->{'soap:Body'}->{'soh_authorizeResponse'}->{'soapenc:Array'}->{'item'}; @@ -85,6 +85,10 @@ sub authorize { # $Data::Dumper::Terse = 1; $Data::Dumper::Indent = 0; # pretty output for rad logs # &radiusd::radlog($RADIUS::L_DBG, "StatementOfHealth COMPLETE REPLY: ". Dumper(\%RAD_REPLY)); }; + if ($@) { + &radiusd::radlog($RADIUS::L_ERR, "An error occurred while processing the SoH authorize SOAP request: $@"); + } + return $radius_return_code; } diff --git a/raddb/packetfence.pm b/raddb/packetfence.pm index 2623a5791895..0e5c60bc6d57 100644 --- a/raddb/packetfence.pm +++ b/raddb/packetfence.pm @@ -97,7 +97,7 @@ sub post_auth { } my $data = send_soap_request("radius_authorize",\%RAD_REQUEST); - if($data) { + if ($data) { my $elements = $data->{'soap:Body'}->{'radius_authorizeResponse'}->{'soapenc:Array'}->{'item'}; @@ -139,6 +139,9 @@ sub post_auth { # $Data::Dumper::Terse = 1; $Data::Dumper::Indent = 0; # pretty output for rad logs # &radiusd::radlog($RADIUS::L_DBG, "PacketFence COMPLETE REPLY: ". Dumper(\%RAD_REPLY)); }; + if ($@) { + &radiusd::radlog($RADIUS::L_ERR, "An error occurred while processing the authorize SOAP request: $@"); + } return $radius_return_code; } From 52aec6646d380c4c032b27c9bfd2289bf6363415 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 6 Sep 2013 13:18:07 -0400 Subject: [PATCH 003/369] Syntax cleanup --- conf/log.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/log.conf b/conf/log.conf index ede8d557e4ba..d43e0860fc6c 100644 --- a/conf/log.conf +++ b/conf/log.conf @@ -1,7 +1,7 @@ ### Root/Parent (PacketFence) logger ### # Will log everything (even categories defined to log in another appender) unless # specified using the additivity parameter -log4perl.rootLogger=INFO, LOGFILE +log4perl.rootLogger = INFO, LOGFILE ### Catalyst logger ### # Used to separate Catalyst framework logs in a different log file From c0e8d4efe86c7699b3242cf53474dc98c5f3ad49 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 6 Sep 2013 15:37:36 -0400 Subject: [PATCH 004/369] Will clean the mac before try to validate it --- lib/pf/web/gaming.pm | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/lib/pf/web/gaming.pm b/lib/pf/web/gaming.pm index d8cf30d627da..fb25cc340bf2 100644 --- a/lib/pf/web/gaming.pm +++ b/lib/pf/web/gaming.pm @@ -26,6 +26,7 @@ use pf::web; use pf::authentication; use pf::Authentication::constants; +use List::MoreUtils qw(any); Readonly our $GAMING_LOGIN_TEMPLATE => 'gaming-login.html'; Readonly our $GAMING_LANDING_TEMPLATE => 'gaming-landing.html'; @@ -117,10 +118,8 @@ sub register_node { sub is_gaming_mac { my ($mac) = @_; $mac =~ s/O/0/i; - foreach my $oui (@GAMING_OUI) { - return 1 if $mac =~ /^\Q$oui\E/i; - } - return 0; + $mac = clean_mac($mac); + return any { $mac =~ /^\Q$_\E/i } @GAMING_OUI; } sub _sanitize_and_register { From 31fbf9feff2d4fdfb3948ce646655f64b7282fd0 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 9 Sep 2013 11:19:34 -0400 Subject: [PATCH 005/369] Avoid an undefined compare --- lib/pf/IniFiles.pm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/pf/IniFiles.pm b/lib/pf/IniFiles.pm index 4678d866d253..39894c6a7247 100644 --- a/lib/pf/IniFiles.pm +++ b/lib/pf/IniFiles.pm @@ -158,7 +158,8 @@ sub IsExpired { my $imported = $self->{imported}; $imported_expired = $imported->IsExpired() if defined $imported; } - return ($imported_expired || ($self->GetLastModTimestamp != $self->GetCurrentModTimestamp )); + my $last_mod_timestamp = $self->GetLastModTimestamp; + return ($imported_expired || (defined $last_mod_timestamp && $last_mod_timestamp != $self->GetCurrentModTimestamp )); } =head2 SetLastModTimestamp From 1d6967dda0b68ef5f531024e08f4e93c554baa3a Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 9 Sep 2013 11:41:02 -0400 Subject: [PATCH 006/369] iptables will only stop/start/restart for pf service not all of them --- bin/pfcmd.pl | 6 +++--- lib/pf/services.pm | 24 ++++++++++++++---------- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/bin/pfcmd.pl b/bin/pfcmd.pl index 38c1d22d89ce..8782d9d8e164 100755 --- a/bin/pfcmd.pl +++ b/bin/pfcmd.pl @@ -1269,7 +1269,7 @@ sub service { } } if ( $nb_running_services == 0 ) { - if(isenabled($Config{services}{iptables})) { + if(isenabled($Config{services}{iptables}) && $service eq 'pf') { $logger->info("saving current iptables to var/iptables.bak"); require pf::inline::custom; my $iptables = pf::inline::custom->new(); @@ -1285,7 +1285,7 @@ sub service { require pf::os; pf::os::import_dhcp_fingerprints(); pf::services::read_violations_conf(); - if(isenabled($Config{services}{iptables})) { + if(isenabled($Config{services}{iptables}) && $service eq 'pf') { print "iptables|$command\n"; require pf::inline::custom; my $iptables = pf::inline::custom->new(); @@ -1314,7 +1314,7 @@ sub service { } } if ( $nb_running_services == 0 ) { - if(isenabled($Config{services}{iptables})) { + if(isenabled($Config{services}{iptables}) && $service eq 'pf') { require pf::inline::custom; my $iptables = pf::inline::custom->new(); my $technique = $iptables->{_technique}; diff --git a/lib/pf/services.pm b/lib/pf/services.pm index d01796418c7f..ee5daf00036f 100644 --- a/lib/pf/services.pm +++ b/lib/pf/services.pm @@ -259,11 +259,13 @@ sub service_ctl { $pid = 0; if (-e "$install_dir/var/run/$daemon.pid") { chomp( $pid = `cat $install_dir/var/run/$daemon.pid`); - my $ppt = new Proc::ProcessTable; - my $proc = first { defined($_) } grep { $_->pid == $pid } @{ $ppt->table }; - if (!defined($proc)) { - unlink( $install_dir . "/var/run/$binary.pid" ); - return(0); + if($pid ne '' ) { + my $ppt = new Proc::ProcessTable; + my $proc = first { defined($_) } grep { $_->pid == $pid } @{ $ppt->table }; + if (!defined($proc)) { + unlink( $install_dir . "/var/run/$binary.pid" ); + return(0); + } } } return ($pid); @@ -273,11 +275,13 @@ sub service_ctl { if (defined $monitor_int) { if (-e "$install_dir/var/run/${daemon}_${monitor_int}.pid") { chomp( $pid = `cat $install_dir/var/run/${daemon}_${monitor_int}.pid`); - my $ppt = new Proc::ProcessTable; - my $proc = first { defined($_) } grep { $_->pid == $pid } @{ $ppt->table }; - if (!defined($proc)) { - unlink( $install_dir . "/var/run/${daemon}_${monitor_int}.pid" ); - return(0); + if($pid ne '' ) { + my $ppt = new Proc::ProcessTable; + my $proc = first { defined($_) } grep { $_->pid == $pid } @{ $ppt->table }; + if (!defined($proc)) { + unlink( $install_dir . "/var/run/${daemon}_${monitor_int}.pid" ); + return(0); + } } } } From e77455bf546ca22476a7e5eeb7f29a72e6249561 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 9 Sep 2013 12:03:48 -0400 Subject: [PATCH 007/369] Added help command for pftest --- lib/pf/cmd/roles/show_help.pm | 6 +++- lib/pf/pftest.pm | 5 +++ lib/pf/pftest/help.pm | 65 +++++++++++++++++++++++++++++++++++ 3 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 lib/pf/pftest/help.pm diff --git a/lib/pf/cmd/roles/show_help.pm b/lib/pf/cmd/roles/show_help.pm index 2bf3eb5f6a33..8c115d4e426c 100644 --- a/lib/pf/cmd/roles/show_help.pm +++ b/lib/pf/cmd/roles/show_help.pm @@ -22,7 +22,11 @@ use Role::Tiny; sub showHelp { my ($self,$package) = @_; $package ||= ref($self) || $self; - pod2usage( { -message => $self->{help_msg} , -input => pod_where({-inc => 1}, $package) } ); + my $location = pod_where({-inc => 1}, $package); + pod2usage({ + -message => $self->{help_msg} , + -input => $location + }); } diff --git a/lib/pf/pftest.pm b/lib/pf/pftest.pm index 94a1bf40517d..b8b76ce4da65 100644 --- a/lib/pf/pftest.pm +++ b/lib/pf/pftest.pm @@ -12,6 +12,8 @@ pftest [options] authentication | checks authentication sources mysql | runs the mysql tuner +Please view "pftest.pl help " for details on each option + =head1 DESCRIPTION pf::pftest @@ -21,6 +23,9 @@ pf::pftest use strict; use warnings; use base qw(pf::cmd::subcmd); +use pf::pftest::help; #Preload help + +sub helpActionCmd { "pf::pftest::help" } =head1 AUTHOR diff --git a/lib/pf/pftest/help.pm b/lib/pf/pftest/help.pm new file mode 100644 index 000000000000..bf69251b4073 --- /dev/null +++ b/lib/pf/pftest/help.pm @@ -0,0 +1,65 @@ +package pf::pftest::help; +=head1 NAME + +pf::pftest::help add documentation + +=cut + +=head1 DESCRIPTION + +pf::pftest::help + +=cut + +use strict; +use warnings; +use Pod::Find qw(pod_where); + +use base qw(pf::cmd::help); + +sub run { + my ($self) = @_; + my ($cmd) = $self->args; + if(!defined $cmd || $cmd eq 'help') { + return $self->SUPER::run; + } + my $package = "pf::pftest::${cmd}"; + my $location = pod_where( { -inc => 1 }, $package); + if ($location) { + return $self->showHelp("pf::pftest::${cmd}"); + } + $self->{parentCmd}->{help_msg} = "unknown command \"$cmd\""; + return $self->SUPER::run; +} + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + From ac425315a83b8734c1d6b2c6514979c0573cb0e0 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 9 Sep 2013 12:39:32 -0400 Subject: [PATCH 008/369] Refactored pf::pftest::help to pf::cmd::help --- lib/pf/pftest/help.pm | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/lib/pf/pftest/help.pm b/lib/pf/pftest/help.pm index bf69251b4073..05ed96887a09 100644 --- a/lib/pf/pftest/help.pm +++ b/lib/pf/pftest/help.pm @@ -13,25 +13,8 @@ pf::pftest::help use strict; use warnings; -use Pod::Find qw(pod_where); - use base qw(pf::cmd::help); -sub run { - my ($self) = @_; - my ($cmd) = $self->args; - if(!defined $cmd || $cmd eq 'help') { - return $self->SUPER::run; - } - my $package = "pf::pftest::${cmd}"; - my $location = pod_where( { -inc => 1 }, $package); - if ($location) { - return $self->showHelp("pf::pftest::${cmd}"); - } - $self->{parentCmd}->{help_msg} = "unknown command \"$cmd\""; - return $self->SUPER::run; -} - =head1 AUTHOR Inverse inc. From 936ca3fa40cca964e9c2b3a1d690b08fcb12c8c0 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 9 Sep 2013 12:42:24 -0400 Subject: [PATCH 009/369] Refactored pf::pftest::help to pf::cmd::help --- lib/pf/cmd/help.pm | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/lib/pf/cmd/help.pm b/lib/pf/cmd/help.pm index 29ce37e6786b..c1aca46501db 100644 --- a/lib/pf/cmd/help.pm +++ b/lib/pf/cmd/help.pm @@ -16,10 +16,23 @@ A pf::cmd class that extracts the usage from the parentCmd use strict; use warnings; use base qw(pf::cmd); +use Pod::Find qw(pod_where); sub run { my ($self) = @_; - $self->{parentCmd}->showHelp; + my ($cmd) = $self->args; + my $parentCmd = $self->{parentCmd}; + if(!defined $cmd || $cmd eq 'help') { + return $parentCmd->showHelp; + } + my $base = ref($parentCmd) || $parentCmd; + my $package = "${base}::${cmd}"; + my $location = pod_where( { -inc => 1 }, $package); + if ($location) { + return $self->showHelp($package); + } + $parentCmd->{help_msg} = "unknown command \"$cmd\""; + return $parentCmd->showHelp; } =head1 AUTHOR From e88eb947b98323287dbec750d65b5ee062354314 Mon Sep 17 00:00:00 2001 From: Jean Raby Date: Mon, 9 Sep 2013 12:51:12 -0400 Subject: [PATCH 010/369] Remove dep on libterm-ansicolor-perl. This package doesn't exist. Term::ANSIColor is a core module. --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 98204b35ab83..30fccefda8a5 100644 --- a/debian/control +++ b/debian/control @@ -88,7 +88,7 @@ Depends: ${misc:Depends}, vlan, make, # used by Captive Portal authentication modules libauthen-radius-perl, libauthen-krb5-simple-perl, # used by bin/pftest - libterm-ansicolor-perl, libio-interactive-perl, + libio-interactive-perl, # required for perl 5.12+ (made perl setuid optional) and most distros went without it packetfence-pfcmd-suid Description: PacketFence network registration / worm mitigation system From ad1bad3e105badbd3dc3858ea2700e8585b5f654 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 9 Sep 2013 22:09:37 -0400 Subject: [PATCH 011/369] Fixed issues with services not stopping --- lib/pf/services.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/services.pm b/lib/pf/services.pm index ee5daf00036f..f151c582637d 100644 --- a/lib/pf/services.pm +++ b/lib/pf/services.pm @@ -210,7 +210,7 @@ sub service_ctl { stopService($serv,$binary); } } else { - stopService($service,$binary); + stopService($daemon,$binary); } last CASE; }; From 91189ab48447085107be319ace23adc000d29a26 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 11 Sep 2013 09:42:37 -0400 Subject: [PATCH 012/369] Stop httpd services first to provide more time for them to shutdown --- lib/pf/services.pm | 79 +++++++++++++++++----------------------------- 1 file changed, 29 insertions(+), 50 deletions(-) diff --git a/lib/pf/services.pm b/lib/pf/services.pm index f151c582637d..95c7ffbca7ec 100644 --- a/lib/pf/services.pm +++ b/lib/pf/services.pm @@ -48,14 +48,13 @@ use pf::SwitchFactory; use pf::violation_config; use File::Slurp qw(read_file); -Readonly our @ALL_SERVICES => ( - 'pfdns', 'dhcpd', 'pfdetect', 'snort', 'suricata', 'radiusd', - 'httpd.webservices', 'httpd.admin', 'httpd.portal', 'snmptrapd', - 'pfsetvlan', 'pfdhcplistener', 'pfmon' +Readonly our @APACHE_SERVICES => ( + 'httpd.admin', 'httpd.webservices', 'httpd.portal' ); -Readonly our @APACHE_SERVICES => ( - 'httpd.webservices', 'httpd.admin', 'httpd.portal' +Readonly our @ALL_SERVICES => ( + @APACHE_SERVICES, 'pfdns', 'dhcpd', 'pfdetect', 'snort', 'suricata', 'radiusd', + 'snmptrapd', 'pfsetvlan', 'pfdhcplistener', 'pfmon' ); my $services = join("|", @ALL_SERVICES); @@ -225,7 +224,7 @@ sub service_ctl { $action eq "status" && do { my $pid; # -x: this causes the program to also return process id's of shells running the named scripts. - if (!( ($binary eq "pfdhcplistener") || ($daemon eq "httpd") || ($daemon eq "httpd.webservices") || ($daemon eq "httpd.admin") || ($daemon eq "httpd.portal") || ($daemon eq "snort") ) ) { + if (!( ($binary eq "pfdhcplistener") || ($daemon eq "httpd") || ($daemon eq "snort") ) ) { return getPidFromFile($daemon,$binary); } # Handle the pfdhcplistener case. Grab exact interfaces where pfdhcplistner should run, @@ -255,35 +254,10 @@ sub service_ctl { return (0); } } - elsif ($daemon =~ "httpd(.*)") { - $pid = 0; - if (-e "$install_dir/var/run/$daemon.pid") { - chomp( $pid = `cat $install_dir/var/run/$daemon.pid`); - if($pid ne '' ) { - my $ppt = new Proc::ProcessTable; - my $proc = first { defined($_) } grep { $_->pid == $pid } @{ $ppt->table }; - if (!defined($proc)) { - unlink( $install_dir . "/var/run/$binary.pid" ); - return(0); - } - } - } - return ($pid); - } elsif ($daemon =~ "snort") { $pid = 0; if (defined $monitor_int) { - if (-e "$install_dir/var/run/${daemon}_${monitor_int}.pid") { - chomp( $pid = `cat $install_dir/var/run/${daemon}_${monitor_int}.pid`); - if($pid ne '' ) { - my $ppt = new Proc::ProcessTable; - my $proc = first { defined($_) } grep { $_->pid == $pid } @{ $ppt->table }; - if (!defined($proc)) { - unlink( $install_dir . "/var/run/${daemon}_${monitor_int}.pid" ); - return(0); - } - } - } + $pid = getPidFromFile("${daemon}_${monitor_int}.pid",$binary); } return ($pid); } @@ -375,12 +349,12 @@ sub read_violations_conf { sub getPidFromFile { my ($daemon,$binary) = @_; my $logger = Log::Log4perl::get_logger('pf::services'); - my $pid; + my $pid = 0; my $pid_file = "$install_dir/var/run/$daemon.pid"; if (-e $pid_file) { chomp( $pid = read_file($pid_file) ); } - $pid = 0 if ( !$pid ); + $pid = 0 unless $pid; $logger->info("pidof -x $binary returned $pid"); if($pid && $pid =~ /^(.*)$/) { $pid = $1; @@ -433,21 +407,7 @@ sub stopService { if ( $service =~ /(dhcpd)/) { manage_Static_Route(); } - - my $maxWait = 10; - my $curWait = 0; - my $ppt; - my $proc = 0; - while ( ( ( $curWait < $maxWait ) - && ( service_ctl( $service, "status" ) ne "0" ) ) && defined($proc) ) - { - $ppt = new Proc::ProcessTable; - $proc = first { defined($_) } grep { $_->pid == $pid } @{ $ppt->table }; - $logger->info("Waiting for $binary to stop "); - sleep(2); - $curWait++; - } - if ( -e $install_dir . "/var/run/$binary.pid" ) { + if ( waitToShutdown($service, $pid) && -e $install_dir . "/var/run/$binary.pid" ) { $logger->info("Removing $install_dir/var/run/$binary.pid"); unlink( $install_dir . "/var/run/$binary.pid" ); } @@ -456,6 +416,25 @@ sub stopService { } +sub waitToShutdown { + my ($service, $pid) = @_; + my $logger = Log::Log4perl::get_logger('pf::services'); + my $maxWait = 10; + my $curWait = 0; + my $ppt; + my $proc = 0; + while ( ( ( $curWait < $maxWait ) + && ( service_ctl( $service, "status" ) ne "0" ) ) && defined($proc) ) + { + $ppt = new Proc::ProcessTable; + $proc = first { $_->pid == $pid } @{ $ppt->table }; + $logger->info("Waiting for $service to stop "); + sleep(2); + $curWait++; + } + return defined $proc; +} + =back From 3b2538793cd9a348c546bb35c361168e431bd457 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 11 Sep 2013 10:00:06 -0400 Subject: [PATCH 013/369] Display when iptables is stopping --- bin/pfcmd.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/pfcmd.pl b/bin/pfcmd.pl index 8782d9d8e164..13d052598a50 100755 --- a/bin/pfcmd.pl +++ b/bin/pfcmd.pl @@ -1315,6 +1315,7 @@ sub service { } if ( $nb_running_services == 0 ) { if(isenabled($Config{services}{iptables}) && $service eq 'pf') { + print "iptables|$command\n"; require pf::inline::custom; my $iptables = pf::inline::custom->new(); my $technique = $iptables->{_technique}; From f3c2ef95761d0f6ad9d087aa0c73854b50407629 Mon Sep 17 00:00:00 2001 From: lzammit Date: Wed, 11 Sep 2013 11:04:15 -0400 Subject: [PATCH 014/369] Update PacketFence_Administration_Guide.asciidoc update rpm forge package version --- docs/PacketFence_Administration_Guide.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/PacketFence_Administration_Guide.asciidoc b/docs/PacketFence_Administration_Guide.asciidoc index 989622605c70..cb6b7cdbc9e9 100644 --- a/docs/PacketFence_Administration_Guide.asciidoc +++ b/docs/PacketFence_Administration_Guide.asciidoc @@ -226,7 +226,7 @@ Install the proper repositories in `yum` so it can directly lookup for packages: .For RHEL 6.x / CentOS 6.x - # rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.`uname -m`.rpm + # rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.`uname -m`.rpm # rpm -Uvh http://download.fedoraproject.org/pub/epel/6/`uname -i`/epel-release-6-8.noarch.rpm # rpm -Uvh http://repo.openfusion.net/centos6-`uname -i`/openfusion-release-0.6.2-1.of.el6.noarch.rpm From 389b8db32e8a56906ddbfa3778f5376317af6189 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 22 Jul 2013 09:26:12 -0400 Subject: [PATCH 015/369] Added the ability save filter type switch --- html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm b/html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm index 3219c27174ae..3b3dfb1d554a 100644 --- a/html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm +++ b/html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm @@ -45,6 +45,7 @@ has_field 'type' => options => [ {value => 'ssid', label => 'SSID'}, {value => 'vlan', label => 'VLAN'}, + {value => 'switch', label => 'SWITCH'}, ], ); From 51a62a16f994e54ebb03642a41a1412971a33fbb Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 22 Jul 2013 09:27:38 -0400 Subject: [PATCH 016/369] Added the ability to filter based off on last switch --- lib/pf/Portal/ProfileFactory.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/Portal/ProfileFactory.pm b/lib/pf/Portal/ProfileFactory.pm index eeda1db19bcf..dda980d22c2e 100644 --- a/lib/pf/Portal/ProfileFactory.pm +++ b/lib/pf/Portal/ProfileFactory.pm @@ -40,7 +40,7 @@ sub instantiate { # We apply portal profiles based on the SSID and VLAN, we check the last_ssid for the given MAC and try to match # a portal profile using the previously fetched filters. If no match, we instantiate the default portal profile. my $node_info = node_view($mac); - my @filter_ids = ((map { "$_:" . $node_info->{"last_$_"} } qw(ssid vlan)), @{$node_info}{'last_ssid','last_vlan'}); + my @filter_ids = ((map { "$_:" . $node_info->{"last_$_"} } qw(ssid vlan switch)), @{$node_info}{'last_ssid','last_vlan','last_switch'}); my $filtered_profile = first {exists $Profiles_Config{$_}} map { $Profile_Filters{$_} } From cf4ac4c3aad3ff4d33b8ada212b331a3c3eec9ad Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 11 Sep 2013 13:11:01 -0400 Subject: [PATCH 017/369] Updated NEWS file --- NEWS.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index b5779c2e6b20..d3c8f89c7d27 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -17,7 +17,7 @@ Version 4.x.y released on 2013-MM-DD New Features ++++++++++++ -* +* Profiles can be filter by switches Enhancements ++++++++++++ From a761ec4998b2f34ea86e30a99a6b7a230e33ee4d Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 11 Sep 2013 15:25:57 -0400 Subject: [PATCH 018/369] Clear an object internally when retreiving directly from chi --- lib/pf/config/cached.pm | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/pf/config/cached.pm b/lib/pf/config/cached.pm index 764a77954066..b95703662aca 100644 --- a/lib/pf/config/cached.pm +++ b/lib/pf/config/cached.pm @@ -529,12 +529,12 @@ sub _callPostReloadCallbacks { sub doCallbacks { my ($self,$file_reloaded,$cache_reloaded) = @_; - my $was_reloaded; - if($was_reloaded = $file_reloaded || $cache_reloaded) { - $self->_callReloadCallbacks if $was_reloaded; + if($file_reloaded || $cache_reloaded) { + get_logger()->trace("doing callbacks file_reloaded = " . ($file_reloaded ? 1 : 0) . " cache_reloaded = " . ($cache_reloaded ? 1 : 0)); + $self->_callReloadCallbacks; $self->_callFileReloadCallbacks if $file_reloaded; $self->_callCacheReloadCallbacks if $cache_reloaded; - $self->_callPostReloadCallbacks if $was_reloaded; + $self->_callPostReloadCallbacks; } } @@ -915,6 +915,8 @@ sub toHash { sub fromCacheUntainted { my ($self,$key) = @_; + my $cache = $self->cache; + $cache->l1_cache->remove($key); return untaint($self->cache->get($key)); } From 9c2dda37de33752eb2132b656974fd4ce31b8fd8 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 11 Sep 2013 15:27:07 -0400 Subject: [PATCH 019/369] move updating the profiles guest modes to the post reload callback --- lib/pf/authentication.pm | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/lib/pf/authentication.pm b/lib/pf/authentication.pm index 5b952ace6036..a82c1562e5d3 100644 --- a/lib/pf/authentication.pm +++ b/lib/pf/authentication.pm @@ -209,21 +209,24 @@ sub readAuthenticationConfigFile { } $config->cache->set("authentication_lookup",\%authentication_lookup); $config->cache->set("authentication_sources",\@authentication_sources); - update_profiles_guest_modes($cached_profiles_config,"update_profiles_guest_modes"); }], -oncachereload => [ - on_cache_authentication_reload => sub { + on_cache_authentication_reload => sub { my ($config, $name) = @_; %authentication_lookup = %{$config->fromCacheUntainted("authentication_lookup")}; @authentication_sources = @{$config->fromCacheUntainted("authentication_sources")}; }, - ] + ], + -onpostreload => [ + on_post_authentication_reload => sub { + update_profiles_guest_modes($cached_profiles_config,"update_profiles_guest_modes"); + } + ], ); $cached_profiles_config->addPostReloadCallbacks(update_profiles_guest_modes => \&update_profiles_guest_modes); } else { $cached_authentication_config->ReadConfig(); - update_profiles_guest_modes($cached_profiles_config,"update_profiles_guest_modes"); } } @@ -321,7 +324,10 @@ sub writeAuthenticationConfigFile { } } $cached_authentication_config->ReorderByGroup(); - my $result = $cached_authentication_config->RewriteConfig(); + my $result; + eval { + $result = $cached_authentication_config->RewriteConfig(); + }; unless($result) { $cached_authentication_config->Rollback(); die "Error writing authentication configuration\n"; From 3b282102bfdb6d6841e28edf032f2714e7cb21a8 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 11 Sep 2013 16:12:52 -0400 Subject: [PATCH 020/369] Don't replace RADIUS configuration files --- addons/packages/packetfence.spec | 31 +++++++++++----- debian/packetfence.conffiles | 64 ++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+), 9 deletions(-) diff --git a/addons/packages/packetfence.spec b/addons/packages/packetfence.spec index a25486e49eee..84f80130084a 100644 --- a/addons/packages/packetfence.spec +++ b/addons/packages/packetfence.spec @@ -807,17 +807,30 @@ fi /usr/local/pf/raddb/* %config /usr/local/pf/raddb/clients.conf %attr(0755, pf, pf) %config /usr/local/pf/raddb/packetfence.pm -%attr(0755, pf, pf) %config /usr/local/pf/raddb/packetfence-soh.pm +%attr(0755, pf, pf) %config /usr/local/pf/raddb/packetfence-soh.pm %config /usr/local/pf/raddb/proxy.conf %config /usr/local/pf/raddb/users -%config /usr/local/pf/raddb/modules/mschap -%config /usr/local/pf/raddb/modules/perl -%attr(0755, pf, pf) %config /usr/local/pf/raddb/sites-available/packetfence -%attr(0755, pf, pf) %config /usr/local/pf/raddb/sites-available/packetfence-soh -%attr(0755, pf, pf) %config /usr/local/pf/raddb/sites-available/packetfence-tunnel -%attr(0755, pf, pf) %config /usr/local/pf/raddb/sites-enabled/packetfence -%attr(0755, pf, pf) %config /usr/local/pf/raddb/sites-enabled/packetfence-soh -%attr(0755, pf, pf) %config /usr/local/pf/raddb/sites-enabled/packetfence-tunnel +%config(noreplace) /usr/local/pf/raddb/modules/* +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/buffered-sql +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/coa +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/control-socket +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/copy-acct-to-home-server +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/decoupled-accounting +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/default +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/dhcp +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/dynamic-clients +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/example +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/inner-tunnel +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/originate-coa +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/packetfence +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/packetfence-soh +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/packetfence-tunnel +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/proxy-inner-tunnel +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/robust-proxy-accounting +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/soh +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/status +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/virtual.example.com +%attr(0755, pf, pf) %config(noreplace) /usr/local/pf/raddb/sites-available/vmps %dir /usr/local/pf/var/run %dir /usr/local/pf/var/rrd %dir /usr/local/pf/var/session diff --git a/debian/packetfence.conffiles b/debian/packetfence.conffiles index 82929e123d48..80d2db84f20e 100644 --- a/debian/packetfence.conffiles +++ b/debian/packetfence.conffiles @@ -93,8 +93,72 @@ /usr/local/pf/raddb/packetfence-soh.pm /usr/local/pf/raddb/proxy.conf /usr/local/pf/raddb/users +/usr/local/pf/raddb/modules/acct_unique +/usr/local/pf/raddb/modules/always +/usr/local/pf/raddb/modules/attr_filter +/usr/local/pf/raddb/modules/attr_rewrite +/usr/local/pf/raddb/modules/chap +/usr/local/pf/raddb/modules/checkval +/usr/local/pf/raddb/modules/counter +/usr/local/pf/raddb/modules/cui +/usr/local/pf/raddb/modules/detail +/usr/local/pf/raddb/modules/detail.example.com +/usr/local/pf/raddb/modules/detail.log +/usr/local/pf/raddb/modules/digest +/usr/local/pf/raddb/modules/dynamic_clients +/usr/local/pf/raddb/modules/echo +/usr/local/pf/raddb/modules/etc_group +/usr/local/pf/raddb/modules/exec +/usr/local/pf/raddb/modules/expiration +/usr/local/pf/raddb/modules/expr +/usr/local/pf/raddb/modules/files +/usr/local/pf/raddb/modules/inner-eap +/usr/local/pf/raddb/modules/ippool +/usr/local/pf/raddb/modules/ldap +/usr/local/pf/raddb/modules/linelog +/usr/local/pf/raddb/modules/logintime +/usr/local/pf/raddb/modules/mac2ip +/usr/local/pf/raddb/modules/mac2vlan /usr/local/pf/raddb/modules/mschap +/usr/local/pf/raddb/modules/ntlm_auth +/usr/local/pf/raddb/modules/opendirectory +/usr/local/pf/raddb/modules/otp +/usr/local/pf/raddb/modules/pam +/usr/local/pf/raddb/modules/pap +/usr/local/pf/raddb/modules/passwd /usr/local/pf/raddb/modules/perl +/usr/local/pf/raddb/modules/policy +/usr/local/pf/raddb/modules/preprocess +/usr/local/pf/raddb/modules/radutmp +/usr/local/pf/raddb/modules/realm +/usr/local/pf/raddb/modules/redis +/usr/local/pf/raddb/modules/rediswho +/usr/local/pf/raddb/modules/replicate +/usr/local/pf/raddb/modules/smbpasswd +/usr/local/pf/raddb/modules/smsotp +/usr/local/pf/raddb/modules/soh +/usr/local/pf/raddb/modules/sqlcounter_expire_on_login +/usr/local/pf/raddb/modules/sql_log +/usr/local/pf/raddb/modules/sradutmp +/usr/local/pf/raddb/modules/unix +/usr/local/pf/raddb/modules/wimax +/usr/local/pf/raddb/sites-available/buffered-sql +/usr/local/pf/raddb/sites-available/coa +/usr/local/pf/raddb/sites-available/control-socket +/usr/local/pf/raddb/sites-available/copy-acct-to-home-server +/usr/local/pf/raddb/sites-available/decoupled-accounting +/usr/local/pf/raddb/sites-available/default +/usr/local/pf/raddb/sites-available/dhcp +/usr/local/pf/raddb/sites-available/dynamic-clients +/usr/local/pf/raddb/sites-available/example +/usr/local/pf/raddb/sites-available/inner-tunnel +/usr/local/pf/raddb/sites-available/originate-coa /usr/local/pf/raddb/sites-available/packetfence /usr/local/pf/raddb/sites-available/packetfence-soh /usr/local/pf/raddb/sites-available/packetfence-tunnel +/usr/local/pf/raddb/sites-available/proxy-inner-tunnel +/usr/local/pf/raddb/sites-available/robust-proxy-accounting +/usr/local/pf/raddb/sites-available/soh +/usr/local/pf/raddb/sites-available/status +/usr/local/pf/raddb/sites-available/virtual.example.com +/usr/local/pf/raddb/sites-available/vmps \ No newline at end of file From 067d5bd826c5591f5a4b4ff6544a0a17739caa0c Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 11 Sep 2013 16:20:56 -0400 Subject: [PATCH 021/369] Rotate log files as user pf --- addons/logrotate | 1 + 1 file changed, 1 insertion(+) diff --git a/addons/logrotate b/addons/logrotate index 8f1d5c317a95..43e3e1e202be 100644 --- a/addons/logrotate +++ b/addons/logrotate @@ -8,6 +8,7 @@ delaycompress sharedscripts create 644 pf pf + su pf pf postrotate # uncomment the crm statements if you are running packetfence in a corosync cluster #/usr/sbin/crm resource unmanage PacketFence From 92e9339121f16d7b6d328f149fcb4b4c07944d73 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 11 Sep 2013 18:22:30 -0400 Subject: [PATCH 022/369] Removed the localization of lib/pf/authentication.pm in first filter --- lib/pf/authentication.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/authentication.pm b/lib/pf/authentication.pm index a82c1562e5d3..ed5a0e109d7c 100644 --- a/lib/pf/authentication.pm +++ b/lib/pf/authentication.pm @@ -501,7 +501,7 @@ sub match { @sources = ($source); } } - my $source = first { local $_ = $_; defined ($actions = $_->match($params)) } @sources; + my $source = first { defined ($actions = $_->match($params)) } @sources; if (defined $action && defined $actions) { my $found_action = first { $_->type eq $action } @{$actions}; From 8de4bd2e654c0a31f2b3b36497fe00786ce44227 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 12 Sep 2013 11:36:34 -0400 Subject: [PATCH 023/369] Remove item from all subcaches of type l1_cache --- lib/pf/config/cached.pm | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/pf/config/cached.pm b/lib/pf/config/cached.pm index b95703662aca..9f4c95e2b86a 100644 --- a/lib/pf/config/cached.pm +++ b/lib/pf/config/cached.pm @@ -916,7 +916,11 @@ sub toHash { sub fromCacheUntainted { my ($self,$key) = @_; my $cache = $self->cache; - $cache->l1_cache->remove($key); + if($cache->has_subcaches( )) { + foreach my $subcache (@{$cache->subcaches}) { + $subcache->remove($key) if $subcache->subcache_type eq 'l1_cache'; + } + } return untaint($self->cache->get($key)); } From 5527837c980db1c91e756ad237eedb0eac5c38fd Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 12 Sep 2013 11:47:55 -0400 Subject: [PATCH 024/369] Consistent return values in clean_mac/mac2ip Also, an invalid MAC will not trigger an error log, but only a debugging log. --- lib/pf/iplog.pm | 2 +- lib/pf/util.pm | 11 ++++++----- t/util.t | 22 ++++++++++++++-------- 3 files changed, 21 insertions(+), 14 deletions(-) diff --git a/lib/pf/iplog.pm b/lib/pf/iplog.pm index bbf4a72691c9..5a00736e802a 100644 --- a/lib/pf/iplog.pm +++ b/lib/pf/iplog.pm @@ -352,7 +352,7 @@ sub mac2ip { my ( $mac, $date ) = @_; my $logger = Log::Log4perl::get_logger('pf::iplog'); my $ip; - return (0) if ( !valid_mac($mac) ); + return () if ( !valid_mac($mac) ); if ($date) { return if ( !valid_date($date) ); diff --git a/lib/pf/util.pm b/lib/pf/util.pm index da3fbf0abf65..1c6365d45dbd 100644 --- a/lib/pf/util.pm +++ b/lib/pf/util.pm @@ -143,7 +143,7 @@ Returns an untainted string with MAC in format: xx:xx:xx:xx:xx:xx sub clean_mac { my ($mac) = @_; - return (0) if ( !$mac ); + return if ( !$mac ); # trim garbage $mac =~ s/[\s\-\.:]//g; @@ -209,16 +209,17 @@ Accepting xx-xx-xx-xx-xx-xx, xx:xx:xx:xx:xx:xx, xxxx-xxxx-xxxx and xxxx.xxxx.xxx sub valid_mac { my ($mac) = @_; my $logger = Log::Log4perl::get_logger('pf::util'); - if (! ($mac =~ /^[0-9a-f:\.-]+$/i)) { - $logger->error("invalid MAC: $mac"); + if (! ($mac && $mac =~ /^[0-9a-f:\.-]+$/i)) { + $logger->debug("invalid MAC: " . ($mac?$mac:"empty")); return (0); } $mac = clean_mac($mac); - if ( $mac =~ /^ff:ff:ff:ff:ff:ff$/ + if ( !$mac + || $mac =~ /^ff:ff:ff:ff:ff:ff$/ || $mac =~ /^00:00:00:00:00:00$/ || $mac !~ /^([0-9a-f]{2}(:|$)){6}$/i ) { - $logger->error("invalid MAC: $mac"); + $logger->debug("invalid MAC: " . ($mac?$mac:"empty")); return (0); } else { return (1); diff --git a/t/util.t b/t/util.t index fd212c5bab71..7472b2e07fc5 100755 --- a/t/util.t +++ b/t/util.t @@ -4,7 +4,7 @@ use strict; use warnings; use lib '/usr/local/pf/lib'; -use Test::More tests => 23; +use Test::More tests => 29; use Test::NoWarnings; BEGIN { @@ -12,13 +12,6 @@ BEGIN { use_ok('pf::util::apache'); } -# valid_mac -ok(valid_mac("aa:bb:cc:dd:ee:ff"), "validate MAC address of the form xx:xx:xx:xx:xx:xx"); -ok(valid_mac("aa-bb-cc-dd-ee-ff"), "validate MAC address of the form xx-xx-xx-xx-xx-xx"); -ok(valid_mac("aabb-ccdd-eeff"), "validate MAC address of the form xxxx-xxxx-xxxx"); -ok(valid_mac("aabb.ccdd.eeff"), "validate MAC address of the form xxxx.xxxx.xxxx"); -ok(valid_mac("aabbccddeeff"), "validate MAC address of the form xxxxxxxxxxxx"); - # clean_mac is(clean_mac("aabbccddeeff"), "aa:bb:cc:dd:ee:ff", "clean MAC address of the form xxxxxxxxxxxx"); is(clean_mac("aa:bb:cc:dd:ee:ff"), "aa:bb:cc:dd:ee:ff", "clean MAC address of the form xx:xx:xx:xx:xx:xx"); @@ -26,6 +19,19 @@ is(clean_mac("aa-bb-cc-dd-ee-ff"), "aa:bb:cc:dd:ee:ff", "clean MAC address of th is(clean_mac("aabb-ccdd-eeff"), "aa:bb:cc:dd:ee:ff", "clean MAC address of the form xxxx-xxxx-xxxx"); is(clean_mac("aabb.ccdd.eeff"), "aa:bb:cc:dd:ee:ff", "clean MAC address of the form xxxx.xxxx.xxxx"); is(clean_mac("aabbccddeeff"), "aa:bb:cc:dd:ee:ff", "clean MAC address of the form xxxxxxxxxxxx"); +is(clean_mac("abc"), undef, "clean invalid MAC address of the form xxx"); +is(clean_mac(""), undef, "clean empty MAC address"); +is(clean_mac(undef), undef, "clean undefined MAC address"); + +# valid_mac +ok(valid_mac("aa:bb:cc:dd:ee:ff"), "validate MAC address of the form xx:xx:xx:xx:xx:xx"); +ok(valid_mac("aa-bb-cc-dd-ee-ff"), "validate MAC address of the form xx-xx-xx-xx-xx-xx"); +ok(valid_mac("aabb-ccdd-eeff"), "validate MAC address of the form xxxx-xxxx-xxxx"); +ok(valid_mac("aabb.ccdd.eeff"), "validate MAC address of the form xxxx.xxxx.xxxx"); +ok(valid_mac("aabbccddeeff"), "validate MAC address of the form xxxxxxxxxxxx"); +ok(!valid_mac("abc"), "invalidate MAC address of the form xxx"); +ok(!valid_mac(""), "invalidate empty MAC address"); +ok(!valid_mac(undef), "invalidate undefined MAC address"); # oid2mac / mac2oid is( oid2mac('240.77.162.203.217.197'), 'f0:4d:a2:cb:d9:c5', "oid2mac legit conversion" ); From 8fb7a20904bc41227ae60c90446744b7cf1aef3f Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 12 Sep 2013 12:15:41 -0400 Subject: [PATCH 025/369] remove calling cat to read a file --- lib/pf/pfcmd/checkup.pm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/pf/pfcmd/checkup.pm b/lib/pf/pfcmd/checkup.pm index 3b2f5de21320..af895da0e63d 100644 --- a/lib/pf/pfcmd/checkup.pm +++ b/lib/pf/pfcmd/checkup.pm @@ -24,6 +24,7 @@ use pf::util; use pf::services; use pf::trigger; use NetAddr::IP; +use File::Slurp qw(read_file); use lib $conf_dir; @@ -469,7 +470,7 @@ If some interfaces are configured to run in inline enforcement then these tests sub inline { - my $result = pf_run("cat /proc/sys/net/ipv4/ip_forward"); + my $result = read_file("/proc/sys/net/ipv4/ip_forward"); if ($result ne "1\n") { add_problem( $WARN, "inline mode needs ip_forward enabled to work properly. " . From c9645e1136b173941170afa30dc2f228088605ed Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 12 Sep 2013 13:51:44 -0400 Subject: [PATCH 026/369] Allow mac formats to be searched --- .../lib/pfappserver/Base/Model/Search.pm | 14 ++++++++++++++ lib/pf/node.pm | 9 ++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Base/Model/Search.pm b/html/pfappserver/lib/pfappserver/Base/Model/Search.pm index 39b2bd150a11..5b892016bbcb 100644 --- a/html/pfappserver/lib/pfappserver/Base/Model/Search.pm +++ b/html/pfappserver/lib/pfappserver/Base/Model/Search.pm @@ -15,6 +15,7 @@ use strict; use warnings; use Moose; use namespace::autoclean; +use pf::util; extends 'pfappserver::Base::Model'; my %OP_MAP = ( @@ -41,6 +42,7 @@ To create where arguements for the sql builder sub process_query { my ($self,$query) = (@_); + $self->_pre_process_query($query); my $op = $query->{op}; die "$op is not a supported search operation" unless exists $OP_MAP{$op}; @@ -65,6 +67,18 @@ sub process_query { return \@where_args; } +sub _pre_process_query { + my ($self,$query) = @_; + if( $query->{name} eq 'mac' && $query->{op} eq 'equal' ) { + my $value = $query->{value}; + $value =~ s/^ *//; + $value =~ s/ *$//; + if(valid_mac($value)) { + $query->{value} = clean_mac($value); + } + } +} + =item add_limit add limits to the sql builder diff --git a/lib/pf/node.pm b/lib/pf/node.pm index faebd1940429..d539c9e353a5 100644 --- a/lib/pf/node.pm +++ b/lib/pf/node.pm @@ -646,12 +646,15 @@ sub node_view_all { $node_view_all_sql .= " HAVING category='" . $params{'where'}{'value'} . "'"; } elsif ( $params{'where'}{'type'} eq 'any' ) { - if (valid_mac($params{'where'}{'like'})) { - my $mac = get_db_handle->quote($params{'where'}{'like'}); + my $like = $params{'where'}{'like'}; + $like =~ s/^ *//; + $like =~ s/ *$//; + if (valid_mac($like)) { + my $mac = get_db_handle->quote(clean_mac($like)); $node_view_all_sql .= " HAVING node.mac = $mac"; } else { - my $like = get_db_handle->quote('%' . $params{'where'}{'like'} . '%'); + my $like = get_db_handle->quote("\%$like\%"); $node_view_all_sql .= " HAVING node.mac LIKE $like" . " OR node.computername LIKE $like" . " OR node.pid LIKE $like"; From ee737151d1b1e7f466e116c9a3258c8c09475bce Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 12 Sep 2013 14:02:05 -0400 Subject: [PATCH 027/369] Refactored removing items from your subcache --- lib/pf/config/cached.pm | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/pf/config/cached.pm b/lib/pf/config/cached.pm index 9f4c95e2b86a..68166568d238 100644 --- a/lib/pf/config/cached.pm +++ b/lib/pf/config/cached.pm @@ -463,7 +463,7 @@ sub Rollback { my $cache = $self->cache; my $config = $self->config; my $file = $config->GetFileName; - $cache->l1_cache->remove($file); + $self->removeFromSubcaches($file); my $old_config = $cache->get($file); $$self = $old_config; $self->doCallbacks(0,1); @@ -914,6 +914,12 @@ sub toHash { } sub fromCacheUntainted { + my ($self,$key) = @_; + $self->removeFromSubcaches($key); + return untaint($self->cache->get($key)); +} + +sub removeFromSubcaches { my ($self,$key) = @_; my $cache = $self->cache; if($cache->has_subcaches( )) { @@ -921,7 +927,6 @@ sub fromCacheUntainted { $subcache->remove($key) if $subcache->subcache_type eq 'l1_cache'; } } - return untaint($self->cache->get($key)); } sub untaint { From 26510ff7a1f4019a99cd8ff1d3112130a700d5ea Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 12 Sep 2013 14:11:40 -0400 Subject: [PATCH 028/369] Allow ip address to searched in the simple search of nodes --- lib/pf/node.pm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/pf/node.pm b/lib/pf/node.pm index d539c9e353a5..d85590ebf93e 100644 --- a/lib/pf/node.pm +++ b/lib/pf/node.pm @@ -657,7 +657,8 @@ sub node_view_all { my $like = get_db_handle->quote("\%$like\%"); $node_view_all_sql .= " HAVING node.mac LIKE $like" . " OR node.computername LIKE $like" - . " OR node.pid LIKE $like"; + . " OR node.pid LIKE $like" + . " OR iplog.ip LIKE $like"; } } } From 8f849c0fcb08f7ba31c017b5551360ebf539827b Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 12 Sep 2013 14:26:33 -0400 Subject: [PATCH 029/369] Updated News file --- NEWS.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index d3c8f89c7d27..c6d0a306dc3e 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -23,6 +23,8 @@ Enhancements ++++++++++++ * Improved error messages in RADIUS modules +* Simple search for Nodes now include ip address +* Search by mac address for Node and User in multiple mac format Bug Fixes +++++++++ From f4060c3948f80aaa44c530cc8fc69d8310cd83bc Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 12 Sep 2013 15:27:06 -0400 Subject: [PATCH 030/369] pf::iplog::mac2ip now accepts a lookup table In order to avoid performing many SQL queries in pf::ipset::generate_mangle_rules, we now fetch all open entries from the iplog table to build a lookup table that we pass to pf::util::mac2ip. --- NEWS.asciidoc | 5 +++-- lib/pf/iplog.pm | 8 +++----- lib/pf/ipset.pm | 8 ++++++-- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index c6d0a306dc3e..a7bd09f0ec5e 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -23,8 +23,9 @@ Enhancements ++++++++++++ * Improved error messages in RADIUS modules -* Simple search for Nodes now include ip address -* Search by mac address for Node and User in multiple mac format +* Simple search for nodes now includes IP address +* Search by MAC address for nodes and users now accepts any MAC format +* Improved starting delay when using inline mode Bug Fixes +++++++++ diff --git a/lib/pf/iplog.pm b/lib/pf/iplog.pm index 5a00736e802a..1b89d6667091 100644 --- a/lib/pf/iplog.pm +++ b/lib/pf/iplog.pm @@ -349,15 +349,13 @@ sub ip2macinarp { } sub mac2ip { - my ( $mac, $date ) = @_; + my ( $mac, $cache ) = @_; my $logger = Log::Log4perl::get_logger('pf::iplog'); my $ip; return () if ( !valid_mac($mac) ); - if ($date) { - return if ( !valid_date($date) ); - my @iplog = iplog_history_mac( $mac, ( 'date' => str2time($date) ) ); - $ip = $iplog[0]->{'ip'}; + if ($cache) { + $ip = $cache->{clean_mac($mac)}; } else { my $iplog = iplog_view_open_mac($mac); $ip = $iplog->{'ip'} || 0; diff --git a/lib/pf/ipset.pm b/lib/pf/ipset.pm index 9f79e6a0410b..8a0ff0c87919 100644 --- a/lib/pf/ipset.pm +++ b/lib/pf/ipset.pm @@ -113,6 +113,10 @@ sub generate_mangle_rules { } } + # Build lookup table for MAC/IP mapping + my @iplog_open = iplog_view_open(); + my %iplog_lookup = map { $_->{'mac'} => $_->{'ip'} } @iplog_open; + # mark registered nodes that should not be isolated # TODO performance: mark all *inline* registered users only my @registered = nodes_registered_not_violators(); @@ -121,7 +125,7 @@ sub generate_mangle_rules { next if ( !pf::config::is_network_type_inline($network) ); my $net_addr = NetAddr::IP->new($network,$ConfigNetworks{$network}{'netmask'}); my $mac = $row->{'mac'}; - my $iplog = mac2ip($mac); + my $iplog = mac2ip($mac, \%iplog_lookup); if (defined $iplog) { my $ip = new NetAddr::IP::Lite clean_ip($iplog); if ($net_addr->contains($ip)) { @@ -141,7 +145,7 @@ sub generate_mangle_rules { next if ( !pf::config::is_network_type_inline($network) ); my $net_addr = NetAddr::IP->new($network,$ConfigNetworks{$network}{'netmask'}); my $mac = $row->{'mac'}; - my $iplog = mac2ip($mac); + my $iplog = mac2ip($mac, \%iplog_lookup); if (defined $iplog) { my $ip = new NetAddr::IP::Lite clean_ip($iplog); if ($net_addr->contains($ip)) { From 871dd52373ce20f0603d087c07d221c019bfccd9 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 12 Sep 2013 15:42:21 -0400 Subject: [PATCH 031/369] Group ipset add commands into a "restore" command --- lib/pf/ipset.pm | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/lib/pf/ipset.pm b/lib/pf/ipset.pm index 8a0ff0c87919..ad7e409b02dc 100644 --- a/lib/pf/ipset.pm +++ b/lib/pf/ipset.pm @@ -98,6 +98,7 @@ sub generate_mangle_rules { my ($self) =@_; my $logger = Log::Log4perl::get_logger(__PACKAGE__); my $mangle_rules = ''; + my @ops = (); # pfdhcplistener in most cases will be enforcing access # however we insert these marks on startup in case PacketFence is restarted @@ -129,8 +130,7 @@ sub generate_mangle_rules { if (defined $iplog) { my $ip = new NetAddr::IP::Lite clean_ip($iplog); if ($net_addr->contains($ip)) { - my $cmd = "LANG=C sudo ipset --add pfsession_$mark_type_to_str{$IPTABLES_MARK_REG}\_$network $iplog,$mac 2>&1"; - my @lines = pf_run($cmd); + push(@ops, "add pfsession_$mark_type_to_str{$IPTABLES_MARK_REG}\_$network $iplog,$mac"); } } } @@ -149,8 +149,7 @@ sub generate_mangle_rules { if (defined $iplog) { my $ip = new NetAddr::IP::Lite clean_ip($iplog); if ($net_addr->contains($ip)) { - my $cmd = "LANG=C sudo ipset --add pfsession_$mark_type_to_str{$IPTABLES_MARK_ISOLATION}\_$network $iplog,$mac 2>&1"; - my @lines = pf_run($cmd); + push(@ops, "add pfsession_$mark_type_to_str{$IPTABLES_MARK_ISOLATION}\_$network $iplog,$mac"); } } } @@ -165,6 +164,13 @@ sub generate_mangle_rules { ; } + if (@ops) { + my $cmd = "LANG=C sudo ipset restore 2>&1"; + open(IPSET, "| $cmd") || die "$cmd failed: $!\n"; + print IPSET join("\n", @ops); + close IPSET; + } + return $mangle_rules; } From 933be6a1d8dbafaac681d2260125ef6c0537b89a Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 12 Sep 2013 16:11:22 -0400 Subject: [PATCH 032/369] added memcached as a managed service --- conf/documentation.conf | 14 ++++++++ conf/pf.conf.defaults | 10 ++++++ lib/pf/pfcmd.pm | 73 +++++++++++++++++++++-------------------- lib/pf/services.pm | 5 +-- 4 files changed, 64 insertions(+), 38 deletions(-) diff --git a/conf/documentation.conf b/conf/documentation.conf index 858ef96790d3..98eff920e373 100644 --- a/conf/documentation.conf +++ b/conf/documentation.conf @@ -126,6 +126,13 @@ description=< to parse the options. =cut + use strict; use warnings; @@ -30,7 +31,7 @@ Readonly our $ERROR_CONFIG_NO_HELP => 11; # - update the appropriate regexp in lib/pfcmd/pfcmd.pm grammar too # - update the generic pid regex in pf::person (not meant for shell safety) # TODO try to consolidate what we should accept as a pid -my $pid_re = qr{(?: +my $pid_re = qr{(?: ( [a-zA-Z0-9\-\_\.\@\/\:\+\!,]+ ) # unquoted allowed | # OR \" ( [&=?\(\)\/,0-9a-zA-Z_\*\.\-\:\;\@\ \+\!\^\[\]\|\#\\]+ ) \" # quoted allowed @@ -54,9 +55,9 @@ sub parseCommandLine { ( [ a-zA-Z0-9_@\.\:=/\-,?]+) $ }xms, 'configfiles' => qr{ ^ ( push | pull ) $ }xms, - 'fingerprint' => qr{ ^ (view) - \s+ - ( all | \d+ (?: ,\d+)* ) + 'fingerprint' => qr{ ^ (view) + \s+ + ( all | \d+ (?: ,\d+)* ) $ }xms, 'floatingnetworkdeviceconfig' => qr/ ^ ( get | delete ) @@ -66,7 +67,7 @@ sub parseCommandLine { 'graph' => qr/ ^ (?: ( nodes | registered | unregistered - | violations ) + | violations ) (?: \s+ ( day | month | year ) @@ -154,7 +155,7 @@ sub parseCommandLine { ( [^,=]+ ) )? $ }xms, - 'import' => qr{ ^ + 'import' => qr{ ^ ( nodes ) # import nodes \s+ ( [a-zA-Z0-9_\-\.\/]+ ) # strict filename with path regexp @@ -192,12 +193,12 @@ sub parseCommandLine { ( [^,=]+ ) )? $ /xms, - 'lookup' => qr{ ^(?: + 'lookup' => qr{ ^(?: ( person ) \s+ $pid_re - | + | ( node ) \s+ ( $RE{net}{MAC} ) )$ }xms, - 'manage' => qr/ ^ + 'manage' => qr/ ^ (?: ( deregister ) \s+ @@ -217,9 +218,9 @@ sub parseCommandLine { 'node' => qr/ ^ (?: ( view ) \s+ - (?: - ( all ) - | ( $RE{net}{MAC} ) + (?: + ( all ) + | ( $RE{net}{MAC} ) # TODO be more strict on category names (but no time now) | (?: ( category | pid ) \s* [=] \s* $pid_re ) ) @@ -237,9 +238,9 @@ sub parseCommandLine { | ( count ) \s+ - (?: - ( all ) - | ( $RE{net}{MAC} ) + (?: + ( all ) + | ( $RE{net}{MAC} ) # TODO be more strict on category names (but no time now) | (?: ( category | pid ) \s* [=] \s* $pid_re ) ) @@ -251,7 +252,7 @@ sub parseCommandLine { 'nodeaccounting' => qr/ ^ ( view ) \s+ (?: - ( all ) + ( all ) | ( $RE{net}{MAC} ) ) $ /xms, @@ -263,19 +264,19 @@ sub parseCommandLine { (delete) \s+ (\s+) ) $ }xms, - 'nodeuseragent' => qr{ ^ (view) - \s+ - ( all | \d+ (?: ,\d+)* ) + 'nodeuseragent' => qr{ ^ (view) + \s+ + ( all | \d+ (?: ,\d+)* ) $ }xms, 'person' => qr{ ^ (view) \s+ - (?: + (?: ( all ) | $pid_re ) $ }xms, 'reload' => qr{ ^ ( fingerprints | violations ) $ }xms, 'report' => qr{ ^ (?: #for grouping only - ( active | inactive | openviolations + ( active | inactive | openviolations | os | osclass | registered | statics | ssid | unknownprints | unknownuseragents | unregistered | connectiontype | connectiontypereg | osclassbandwidth @@ -283,9 +284,9 @@ sub parseCommandLine { ) | (?: #for grouping only - ( openviolations | os | osclass + ( openviolations | os | osclass | registered | statics | ssid - | unknownprints | unknownuseragents | unregistered + | unknownprints | unknownuseragents | unregistered | connectiontype | connectiontypereg ) \s+ @@ -307,15 +308,15 @@ sub parseCommandLine { ( \d+ ) ) $ }xms, - 'service' => qr{ ^ ( dhcpd | httpd | pfdns | pfdetect - | pf | pfdhcplistener | pfmon - | pfsetvlan | radiusd | snmptrapd - | snort | suricata | httpd\.webservices | httpd\.admin | httpd\.portal) + 'service' => qr{ ^ ( dhcpd | httpd | pfdns | pfdetect + | pf | pfdhcplistener | pfmon + | pfsetvlan | radiusd | snmptrapd + | snort | suricata | httpd\.webservices | httpd\.admin | httpd\.portal | memcached) \s+ ( restart | start | status | stop | watch ) $ }xms, - 'switchconfig' => qr/ ^ ( get | delete ) + 'switchconfig' => qr/ ^ ( get | delete ) \s+ ( all | default | $RE{net}{IPv4} ) $ /xms, @@ -335,7 +336,7 @@ sub parseCommandLine { ) ) $ }xms, - 'trigger' => qr{ ^ ( view ) + 'trigger' => qr{ ^ ( view ) \s+ ( all | \d+ ) (?: @@ -343,12 +344,12 @@ sub parseCommandLine { ( scan | detect ) )? $ }xms, - 'ui' => qr{ ^ + 'ui' => qr{ ^ (?: (?: ( dashboard ) \s+ - ( current_grace | current_activity + ( current_grace | current_activity | current_node_status ) ) | @@ -367,16 +368,16 @@ sub parseCommandLine { (?: ( menus ) (?: - \s+ file \s* [=] \s* + \s+ file \s* [=] \s* ( [a-zA-Z\-_.]+ ) )? ) ) $ }xms, 'update' => qr{ ^ ( fingerprints | oui ) $ }xms, - 'useragent' => qr{ ^ (view) - \s+ - ( all | \d+ ) + 'useragent' => qr{ ^ (view) + \s+ + ( all | \d+ ) $ }xms, 'version' => qr{ ^ $ }xms, 'violation' => qr{ ^ ( view ) @@ -470,7 +471,7 @@ sub parseCommandLine { } return %cmd; } - + return parseWithGrammar($commandLine); } diff --git a/lib/pf/services.pm b/lib/pf/services.pm index 95c7ffbca7ec..3864d355fff4 100644 --- a/lib/pf/services.pm +++ b/lib/pf/services.pm @@ -53,7 +53,7 @@ Readonly our @APACHE_SERVICES => ( ); Readonly our @ALL_SERVICES => ( - @APACHE_SERVICES, 'pfdns', 'dhcpd', 'pfdetect', 'snort', 'suricata', 'radiusd', + 'memcached', @APACHE_SERVICES, 'pfdns', 'dhcpd', 'pfdetect', 'snort', 'suricata', 'radiusd', 'snmptrapd', 'pfsetvlan', 'pfdhcplistener', 'pfmon' ); @@ -92,6 +92,7 @@ $service_launchers{'dhcpd'} = "sudo %1\$s -lf $var_dir/dhcpd/dhcpd.leases -cf $g $service_launchers{'pfdns'} = '%1$s -d &'; $service_launchers{'snmptrapd'} = "%1\$s -n -c $generated_conf_dir/snmptrapd.conf -C -A -Lf $install_dir/logs/snmptrapd.log -p $install_dir/var/run/snmptrapd.pid -On"; $service_launchers{'radiusd'} = "sudo %1\$s -d $install_dir/raddb/"; +$service_launchers{'memcached'} = "%1\$s -d -p 11211 -u memcached -m 64 -c 1024 -P $install_dir/var/run/memcached.pid"; # TODO $monitor_int will cause problems with dynamic config reloading if ( isenabled( $Config{'trapping'}{'detection'} ) && $monitor_int && $Config{'trapping'}{'detection_engine'} eq 'snort' ) { @@ -352,7 +353,7 @@ sub getPidFromFile { my $pid = 0; my $pid_file = "$install_dir/var/run/$daemon.pid"; if (-e $pid_file) { - chomp( $pid = read_file($pid_file) ); + eval {chomp( $pid = read_file($pid_file) );}; } $pid = 0 unless $pid; $logger->info("pidof -x $binary returned $pid"); From 90a5565c610fbf538b8315ead87d222979b7e1d6 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 12 Sep 2013 16:12:39 -0400 Subject: [PATCH 033/369] Updated news file --- NEWS.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index a7bd09f0ec5e..6e2f839571f6 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -26,6 +26,7 @@ Enhancements * Simple search for nodes now includes IP address * Search by MAC address for nodes and users now accepts any MAC format * Improved starting delay when using inline mode +* Added memcached as a managed service Bug Fixes +++++++++ From a9f5dae20a8ad74aeafc07039c07f060707741bb Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 13 Sep 2013 11:04:28 -0400 Subject: [PATCH 034/369] Add notice regarding billing engine activation --- html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm | 3 +++ .../pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm | 3 +++ 2 files changed, 6 insertions(+) diff --git a/html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm b/html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm index da0418b9075d..d0bc55e61d48 100644 --- a/html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm +++ b/html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm @@ -16,6 +16,7 @@ use HTML::FormHandler::Moose; use pfappserver::Form::Field::ProfileFilter; extends 'pfappserver::Base::Form'; with 'pfappserver::Form::Portal::Common'; +with 'pfappserver::Base::Form::Role::Help'; use pf::config; use List::MoreUtils qw(uniq); @@ -41,6 +42,8 @@ has_field 'billing_engine' => label => 'Enable Billing Engine', checkbox_value => 'enabled', unchecked_value => 'disabled', + tags => { after_element => \&help, + help => 'When enabling the billing engine, all authentication sources bellow are ignored.' }, ); has_block 'definition' => ( diff --git a/html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm b/html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm index 5ff9acb2f760..0486b4cfc5d0 100644 --- a/html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm +++ b/html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm @@ -15,6 +15,7 @@ use pf::authentication; use HTML::FormHandler::Moose; extends 'pfappserver::Base::Form'; with 'pfappserver::Form::Portal::Common'; +with 'pfappserver::Base::Form::Role::Help'; # Form fields has_field 'id' => @@ -44,6 +45,8 @@ has_field 'billing_engine' => label => 'Enable Billing Engine', checkbox_value => 'enabled', unchecked_value => 'disabled', + tags => { after_element => \&help, + help => 'When enabling the billing engine, all authentication sources bellow are ignored.' }, ); has_block 'definition' => ( From 8ddeb201ee2fe353c1ea8703b40c9e38203bc57e Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 13 Sep 2013 11:05:59 -0400 Subject: [PATCH 035/369] Improve logging in pf::email_activation --- lib/pf/email_activation.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/email_activation.pm b/lib/pf/email_activation.pm index ad82b10352cb..cc93f7b7a442 100644 --- a/lib/pf/email_activation.pm +++ b/lib/pf/email_activation.pm @@ -396,6 +396,7 @@ sub send_email { try { $msg->send('smtp', $smtpserver, Timeout => 20); $result = $msg->last_send_successful(); + $logger->info("Email sent to ".$info{'email'}." (".$info{'subject'}.")"); } catch { $logger->error("Can't send email to ".$info{'email'}); @@ -406,7 +407,6 @@ sub send_email { sub create_and_email_activation_code { my ($mac, $pid, $email_addr, $template, $activation_type, %info) = @_; - my $logger = Log::Log4perl::get_logger('pf::email_activation'); my ($success, $err) = ($TRUE, 0); my $activation_code = create($mac, $pid, $email_addr, $activation_type); From c553cb76061263fd163085d47ab009e079c8c1c8 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 13 Sep 2013 11:06:34 -0400 Subject: [PATCH 036/369] Fix template when creating portal profile --- .../pfappserver/root/portal/profile/create.tt | 30 ++++++++++++++----- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/html/pfappserver/root/portal/profile/create.tt b/html/pfappserver/root/portal/profile/create.tt index be43d3d2d7b8..ab1d523416de 100644 --- a/html/pfappserver/root/portal/profile/create.tt +++ b/html/pfappserver/root/portal/profile/create.tt @@ -33,14 +33,28 @@
- [% FOREACH field IN form.fields %] - [% field.render %] - [% END %] -
-

- [% l('With no source selected, the sources of the default profile will be used.') %]
- [% l('Add a source.') %] -

+ [% form.block('definition').render %] + [% IF form.field('filter') %] +
+ +
+ [% form.field('filter').render %] +
+
+ [% END -%] +
+ +
+ [% form.field('sources').render %] +
+

+ + [% l('With no source specified, the sources of the default profile will be used.') %] +
+ [% l('Add a source.') %] +

+
+
[% l('Save') %] From 35b156a3a19824bdc7a2c19270dd4ef520551ced Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 13 Sep 2013 12:06:19 -0400 Subject: [PATCH 037/369] Add introduction on portal profiles config page --- docs/PacketFence_Administration_Guide.asciidoc | 2 +- html/pfappserver/root/admin/configuration.tt | 2 +- html/pfappserver/root/portal/profile/index.tt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/PacketFence_Administration_Guide.asciidoc b/docs/PacketFence_Administration_Guide.asciidoc index cb6b7cdbc9e9..82e5f99e0aa4 100644 --- a/docs/PacketFence_Administration_Guide.asciidoc +++ b/docs/PacketFence_Administration_Guide.asciidoc @@ -2050,7 +2050,7 @@ CAUTION: The use of different billing tiers requires different roles in PacketFe Portal Profiles ~~~~~~~~~~~~~~~ -In some cases, you may want to present a different captive portal (see below for the available customizations) according to the SSID clients connects to. To do so, PacketFence has the concept of portal profiles which gives you this possibility. +In some cases, you may want to present a different captive portal (see below for the available customizations) according to the SSID, the VLAN, or the switch IP the client connects to. To do so, PacketFence has the concept of portal profiles which gives you this possibility. When configured, portal profiles will override default values for which it is configured. When no values are configured in the profile, PacketFence will take its default ones (according to the "default" portal profile). diff --git a/html/pfappserver/root/admin/configuration.tt b/html/pfappserver/root/admin/configuration.tt index 1634fe3192bd..909312b5ae0b 100644 --- a/html/pfappserver/root/admin/configuration.tt +++ b/html/pfappserver/root/admin/configuration.tt @@ -87,7 +87,7 @@ table.sources { [% pf_section_entry( 'captive_portal', 'Captive portal') %] [% pf_section_entry( 'advanced', 'Advanced') %] [% pf_section_entry( 'provisioning', 'Provisioning') %] - [% list_entry('Portal::Profile', 'index', 'Portal Profiles and Pages') %] + [% list_entry('Portal::Profile', 'index', 'Portal Profiles') %] [% pf_section_entry( 'webservices', 'Web Services') %]
  • [% l('Network') %]
  • [% pf_section_entry( 'interfaces', 'Interfaces') %] diff --git a/html/pfappserver/root/portal/profile/index.tt b/html/pfappserver/root/portal/profile/index.tt index 8f559c41377b..f8e78a5a9521 100644 --- a/html/pfappserver/root/portal/profile/index.tt +++ b/html/pfappserver/root/portal/profile/index.tt @@ -18,7 +18,7 @@ [% l('Error!') %] [% error %]
    • [% END %] -

    [% l('Describe portal profiles') %]

    +

    [% l('Present a different captive portal according to the SSID, the VLAN, or the switch IP the client connects to.') %]

    [% IF message %]
    From 242556558ab3cf81138ed8d3dd68cb44f576ad3d Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 13 Sep 2013 13:58:42 -0400 Subject: [PATCH 038/369] Refactored to check if there is only a subcache exists --- lib/pf/config/cached.pm | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/lib/pf/config/cached.pm b/lib/pf/config/cached.pm index 68166568d238..e743163973fd 100644 --- a/lib/pf/config/cached.pm +++ b/lib/pf/config/cached.pm @@ -922,11 +922,7 @@ sub fromCacheUntainted { sub removeFromSubcaches { my ($self,$key) = @_; my $cache = $self->cache; - if($cache->has_subcaches( )) { - foreach my $subcache (@{$cache->subcaches}) { - $subcache->remove($key) if $subcache->subcache_type eq 'l1_cache'; - } - } + $cache->l1_cache->remove($key) if $cache->has_subcaches; } sub untaint { From 560e23944a32ee823a5083d1cb49266143af5897 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Sat, 14 Sep 2013 11:26:41 -0400 Subject: [PATCH 039/369] fixed documentation for memcached_binary --- conf/documentation.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/documentation.conf b/conf/documentation.conf index 98eff920e373..af3bf151646a 100644 --- a/conf/documentation.conf +++ b/conf/documentation.conf @@ -181,7 +181,7 @@ Location of the arp binary. Only necessary to change if you are not running the RPMed version. EOT -[services.memcached] +[services.memcached_binary] type=text description=< Date: Sat, 14 Sep 2013 12:09:08 -0400 Subject: [PATCH 040/369] fixed the user of the memcached service --- lib/pf/services.pm | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/pf/services.pm b/lib/pf/services.pm index 3864d355fff4..6a355ac25c02 100644 --- a/lib/pf/services.pm +++ b/lib/pf/services.pm @@ -92,7 +92,7 @@ $service_launchers{'dhcpd'} = "sudo %1\$s -lf $var_dir/dhcpd/dhcpd.leases -cf $g $service_launchers{'pfdns'} = '%1$s -d &'; $service_launchers{'snmptrapd'} = "%1\$s -n -c $generated_conf_dir/snmptrapd.conf -C -A -Lf $install_dir/logs/snmptrapd.log -p $install_dir/var/run/snmptrapd.pid -On"; $service_launchers{'radiusd'} = "sudo %1\$s -d $install_dir/raddb/"; -$service_launchers{'memcached'} = "%1\$s -d -p 11211 -u memcached -m 64 -c 1024 -P $install_dir/var/run/memcached.pid"; +$service_launchers{'memcached'} = "%1\$s -d -p 11211 -u pf -m 64 -c 1024 -P $install_dir/var/run/memcached.pid"; # TODO $monitor_int will cause problems with dynamic config reloading if ( isenabled( $Config{'trapping'}{'detection'} ) && $monitor_int && $Config{'trapping'}{'detection_engine'} eq 'snort' ) { @@ -408,9 +408,10 @@ sub stopService { if ( $service =~ /(dhcpd)/) { manage_Static_Route(); } - if ( waitToShutdown($service, $pid) && -e $install_dir . "/var/run/$binary.pid" ) { - $logger->info("Removing $install_dir/var/run/$binary.pid"); - unlink( $install_dir . "/var/run/$binary.pid" ); + my $pid_file = "$install_dir/var/run/$binary.pid"; + if ( waitToShutdown($service, $pid) && -e $pid_file) { + $logger->info("Removing $pid_file"); + unlink($pid_file); } } } From 36eef96f00c299f041dd1051eeae94b0093399b4 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 16 Sep 2013 10:34:37 -0400 Subject: [PATCH 041/369] Updated patch to reflect position file change --- debian/patches/debianize.patch | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/debian/patches/debianize.patch b/debian/patches/debianize.patch index 70fd957d35cb..b1db0571c00e 100644 --- a/debian/patches/debianize.patch +++ b/debian/patches/debianize.patch @@ -3,7 +3,7 @@ Author: Fabrice Durand --- a/conf/pf.conf.defaults +++ b/conf/pf.conf.defaults -@@ -573,7 +573,7 @@ snort_binary=/usr/sbin/snort +@@ -463,7 +463,7 @@ suricata_binary=/usr/bin/suricata # services.httpd_binary # # Location of the apache binary. Only necessary to change if you are not running the RPMed version. @@ -12,7 +12,7 @@ Author: Fabrice Durand # # services.dhcpd_binary # -@@ -593,12 +593,12 @@ snmptrapd_binary=/usr/sbin/snmptrapd +@@ -478,12 +478,12 @@ snmptrapd_binary=/usr/sbin/snmptrapd # services.radiusd_binary # # Location of the named binary. Only necessary to change if you are not running the RPMed version. @@ -24,6 +24,6 @@ Author: Fabrice Durand # Location of the arp binary. Only necessary to change if you are not running the RPMed version. -arp_binary=/sbin/arp +arp_binary=/usr/sbin/arp - - [vlan] - # + # + # services.memcached_binary + # From f5cfd3344bd1fd9f70c50ecb3f66230fb2bd1be5 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 16 Sep 2013 11:16:44 -0400 Subject: [PATCH 042/369] Added additional arguement checks --- lib/pf/SNMP.pm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/pf/SNMP.pm b/lib/pf/SNMP.pm index 0edf1990584a..49e239b75c46 100644 --- a/lib/pf/SNMP.pm +++ b/lib/pf/SNMP.pm @@ -33,7 +33,8 @@ use pf::roles::custom $ROLE_API_LEVEL; use pf::SNMP::constants; use pf::util; use pf::util::radius qw(perform_disconnect); -use List::MoreUtils qw(any); +use List::MoreUtils qw(any all); +use Scalar::Util qw(looks_like_number); =head1 SUBROUTINES @@ -982,7 +983,7 @@ sub getManagedIfIndexes { sub isManagedVlan { my ($this, $vlan) = @_; my $vlans = $this->{_vlans}; - return (defined $vlans && any {$_ == $vlan} values %$vlans) ? $TRUE : $FALSE; + return ( (all {defined $_ } $vlan,$vlans) && looks_like_number($vlan) && any {$_ == $vlan} values %$vlans) ? $TRUE : $FALSE; } =item getMode - get the mode From 201cefefd7837b1b4758286ffb84a9c259a0d32f Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 16 Sep 2013 14:28:05 -0400 Subject: [PATCH 043/369] Improve condition in pf::is_max_reg_nodes_reached $category or $category_id must not only be defined, but must also not be 0 or an empty string. --- lib/pf/node.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/node.pm b/lib/pf/node.pm index d85590ebf93e..97a1b8bfbbc6 100644 --- a/lib/pf/node.pm +++ b/lib/pf/node.pm @@ -1087,7 +1087,7 @@ sub is_max_reg_nodes_reached { return $FALSE if ($pid eq $default_pid); # per-category max node per pid limit - if ( defined($category) || defined($category_id) ) { + if ( $category || $category_id ) { my $category_info; my $nb_nodes; my $max_for_category; From caea89b2838ca1d09ff2ebb77494195ca11583b3 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 16 Sep 2013 14:32:37 -0400 Subject: [PATCH 044/369] Base::Controller::_list_items: respect order by We now perform the SQL query with the default order that we show in the Web interface. --- .../lib/pfappserver/Base/Controller.pm | 25 ++++++++++--------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Base/Controller.pm b/html/pfappserver/lib/pfappserver/Base/Controller.pm index 4b5121e89337..b89d69270736 100644 --- a/html/pfappserver/lib/pfappserver/Base/Controller.pm +++ b/html/pfappserver/lib/pfappserver/Base/Controller.pm @@ -125,18 +125,19 @@ sub _list_items { $params{'where'} = { type => 'any', like => $filter }; $c->stash->{filter} = $filter; } - if ( exists( $c->stash->{'by'} ) ) { - $orderby = $c->stash->{'by'}; - if ( grep { $_ eq $orderby } (@$field_names) ) { - $orderdirection = $c->stash->{'direction'}; - unless ( defined $orderdirection && grep { $_ eq $orderdirection } ( 'asc', 'desc' ) ) { - $orderdirection = 'asc'; - } - $params{'orderby'} = "ORDER BY $orderby $orderdirection"; - $c->stash->{by} = $orderby; - $c->stash->{direction} = $orderdirection; - } + + $orderby = $c->stash->{'by'}; + unless ( $orderby && grep { $_ eq $orderby } (@$field_names) ) { + $orderby = $field_names->[0]; } + $orderdirection = $c->stash->{'direction'}; + unless ( $orderdirection && grep { $_ eq $orderdirection } ( 'asc', 'desc' ) ) { + $orderdirection = 'asc'; + } + $params{'orderby'} = "ORDER BY $orderby $orderdirection"; + $c->stash->{by} = $orderby; + $c->stash->{direction} = $orderdirection; + my $count; ( $status, $result ) = $model->search(%params); if ( is_success($status) ) { @@ -148,7 +149,7 @@ sub _list_items { $c->stash->{count} = $count; $c->stash->{page_num} = $page_num; $c->stash->{per_page} = $per_page; - $c->stash->{by} = $orderby || $field_names->[0]; + $c->stash->{by} = $orderby; $c->stash->{direction} = $orderdirection || 'asc'; $c->stash->{items} = $items_ref; $c->stash->{field_names} = $field_names; From 59d4734f5bf044c8bb260a0edd31e7b20f6ff115 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 16 Sep 2013 14:59:30 -0400 Subject: [PATCH 045/369] Add the possibility to show nodes regdate --- html/pfappserver/lib/pfappserver/Model/Node.pm | 4 +++- html/pfappserver/lib/pfappserver/Model/Search/Node.pm | 3 ++- lib/pf/node.pm | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Model/Node.pm b/html/pfappserver/lib/pfappserver/Model/Node.pm index ed869fde3467..92149aadc15e 100644 --- a/html/pfappserver/lib/pfappserver/Model/Node.pm +++ b/html/pfappserver/lib/pfappserver/Model/Node.pm @@ -67,10 +67,12 @@ sub exists { =head2 field_names +Field names to be displayed. The first one is the default sort field. + =cut sub field_names { - return [qw(mac computername pid last_ip status dhcp_fingerprint)]; + return [qw(mac regdate computername pid last_ip status dhcp_fingerprint)]; } =head2 countAll diff --git a/html/pfappserver/lib/pfappserver/Model/Search/Node.pm b/html/pfappserver/lib/pfappserver/Model/Search/Node.pm index 5e81d87b251b..926b17c306f3 100644 --- a/html/pfappserver/lib/pfappserver/Model/Search/Node.pm +++ b/html/pfappserver/lib/pfappserver/Model/Search/Node.pm @@ -86,9 +86,10 @@ sub make_builder { return pf::SearchBuilder->new ->select(qw( mac pid voip bypass_vlan status category_id - detect_date regdate unregdate lastskip + detect_date unregdate lastskip user_agent computername last_arp last_dhcp notes), + L_("IF(regdate = '0000-00-00 00:00:00', '', regdate)", 'regdate'), L_('iplog.ip', 'last_ip'), L_("IF(ISNULL(node_category.name), '', node_category.name)", 'category'), L_("IFNULL(os_type.description, ' ')", 'dhcp_fingerprint') diff --git a/lib/pf/node.pm b/lib/pf/node.pm index 97a1b8bfbbc6..138eaa537417 100644 --- a/lib/pf/node.pm +++ b/lib/pf/node.pm @@ -228,7 +228,7 @@ sub node_db_prepare { $node_statements->{'node_view_all_sql'} = qq[ SELECT node.mac, node.pid, node.voip, node.bypass_vlan, node.status, IF(ISNULL(node_category.name), '', node_category.name) as category, - node.detect_date, node.regdate, node.unregdate, node.lastskip, + node.detect_date, IF(node.regdate = '0000-00-00 00:00:00', '', node.regdate) as regdate, node.unregdate, node.lastskip, node.user_agent, node.computername, IFNULL(os_type.description, ' ') as dhcp_fingerprint, node.last_arp, node.last_dhcp, locationlog.switch as last_switch, locationlog.port as last_port, locationlog.vlan as last_vlan, From a16f0b072a094885dcbe0519d421dbc4f532549c Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 16 Sep 2013 15:09:08 -0400 Subject: [PATCH 046/369] Cleanup of Search models --- html/pfappserver/lib/pfappserver/Model/Search/Node.pm | 11 +++++------ html/pfappserver/lib/pfappserver/Model/Search/User.pm | 9 ++++----- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Model/Search/Node.pm b/html/pfappserver/lib/pfappserver/Model/Search/Node.pm index 926b17c306f3..baf1cb817cab 100644 --- a/html/pfappserver/lib/pfappserver/Model/Search/Node.pm +++ b/html/pfappserver/lib/pfappserver/Model/Search/Node.pm @@ -49,10 +49,9 @@ sub do_query { my ($self, $builder, $params) = @_; my %results = %$params; my $sql = $builder->sql; - my ($per_page, $page_num, $by, $direction) = @{$params}{qw(per_page page_num by direction)}; + my ($per_page, $page_num) = @{$params}{qw(per_page page_num)}; $per_page ||= 25; $page_num ||= 1; - $direction ||= 'ASC'; my $itemsKey = $self->itemsKey; $results{$itemsKey} = [node_custom_search($sql)]; my $sql_count = $builder->sql_count; @@ -166,10 +165,10 @@ sub make_builder { } sub add_order_by { - my ($self,$builder,$params) = @_; - my ($by,$direction) = @$params{qw(by direction)}; - if($by && $direction) { - $builder->order_by($by,$direction); + my ($self, $builder, $params) = @_; + my ($by, $direction) = @$params{qw(by direction)}; + if ($by && $direction) { + $builder->order_by($by, $direction); } } diff --git a/html/pfappserver/lib/pfappserver/Model/Search/User.pm b/html/pfappserver/lib/pfappserver/Model/Search/User.pm index ec2c8cf0d7c2..d2e4238273cf 100644 --- a/html/pfappserver/lib/pfappserver/Model/Search/User.pm +++ b/html/pfappserver/lib/pfappserver/Model/Search/User.pm @@ -124,10 +124,9 @@ sub do_query { my $logger = Log::Log4perl::get_logger(__PACKAGE__); my %results = %$params; my $sql = $builder->sql; - my ($per_page,$page_num,$by,$direction) = @{$params}{qw(per_page page_num by direction)}; + my ($per_page, $page_num) = @{$params}{qw(per_page page_num)}; $per_page ||= 25; $page_num ||= 1; - $direction ||= 'asc'; my $itemsKey = $self->itemsKey; $results{$itemsKey} = [person_custom_search($sql)]; my $sql_count = $builder->sql_count; @@ -158,10 +157,10 @@ sub add_searches { } sub add_order_by { - my ($self,$builder,$params) = @_; - my ($by,$direction) = @$params{qw(by direction)}; + my ($self, $builder, $params) = @_; + my ($by, $direction) = @$params{qw(by direction)}; if($by && $direction) { - $builder->order_by($by,$direction); + $builder->order_by($by, $direction); } } From e73126df6ce5322c8fe9b9131ac54b5caeb3d099 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Tue, 17 Sep 2013 09:44:30 -0400 Subject: [PATCH 047/369] Fix debian packaging --- debian/packetfence.conffiles | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/packetfence.conffiles b/debian/packetfence.conffiles index 80d2db84f20e..080f3f0acbd4 100644 --- a/debian/packetfence.conffiles +++ b/debian/packetfence.conffiles @@ -161,4 +161,5 @@ /usr/local/pf/raddb/sites-available/soh /usr/local/pf/raddb/sites-available/status /usr/local/pf/raddb/sites-available/virtual.example.com -/usr/local/pf/raddb/sites-available/vmps \ No newline at end of file +/usr/local/pf/raddb/sites-available/vmps + From 35ec662c9ad7bab7ae1c7450feff35eca66b6956 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 17 Sep 2013 10:49:06 -0400 Subject: [PATCH 048/369] Improve success msg in test method of LDAPSource --- .../lib/pfappserver/Controller/Authentication/Source.pm | 2 +- lib/pf/Authentication/Source/LDAPSource.pm | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Authentication/Source.pm b/html/pfappserver/lib/pfappserver/Controller/Authentication/Source.pm index c8e104913178..79023e5534c6 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Authentication/Source.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Authentication/Source.pm @@ -218,7 +218,7 @@ sub test :Local :Args(1) { } $c->response->status($status); - $c->stash->{status_msg} = $c->loc($message); + $c->stash->{status_msg} = $message; # TODO: localize status message $c->stash->{current_view} = 'JSON'; } diff --git a/lib/pf/Authentication/Source/LDAPSource.pm b/lib/pf/Authentication/Source/LDAPSource.pm index f8bab5ed5a4d..15ec1fefc2fc 100644 --- a/lib/pf/Authentication/Source/LDAPSource.pm +++ b/lib/pf/Authentication/Source/LDAPSource.pm @@ -274,7 +274,7 @@ sub test { my $result = $self->bind_with_credentials($connection); if ($result->is_error) { $logger->warn("Unable to bind with $self->{'binddn'} on $LDAPServer:$LDAPServerPort"); - return ($FALSE, "Unable to bind to $LDAPServer with these settings"); + return ($FALSE, ["Unable to bind to [_1] with these settings", $LDAPServer]); } # Search @@ -292,7 +292,7 @@ sub test { return ($FALSE, 'Wrong base DN or username attribute'); } - return ($TRUE, 'Success'); + return ($TRUE, 'LDAP connect, bind and search successful'); } =head2 ldap_filter_for_conditions From ff1f1cf69a5cee7b2b582a459b24370b8bb10c11 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 17 Sep 2013 11:00:29 -0400 Subject: [PATCH 049/369] Fix match in HtpasswdSource Fixes #1714 --- lib/pf/Authentication/Source/HtpasswdSource.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/Authentication/Source/HtpasswdSource.pm b/lib/pf/Authentication/Source/HtpasswdSource.pm index f11264bdec23..c6a576bbf6e5 100644 --- a/lib/pf/Authentication/Source/HtpasswdSource.pm +++ b/lib/pf/Authentication/Source/HtpasswdSource.pm @@ -72,7 +72,7 @@ sub match_in_subclass { my $password_file = $self->{'path'}; if (-r $password_file) { my $htpasswd = new Apache::Htpasswd({ passwdFile => $password_file, ReadOnly => 1}); - if ( defined($htpasswd->fetchPass($params->{'username'})) ) { + if ( $htpasswd->fetchPass($params->{'username'}) ) { # Username is defined in the htpasswd file # Let's match the htpasswd conditions alltogether. # We should only have conditions based on the username attribute. From 42d6440ab76de384f73ef39a60a036afb55d5223 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Tue, 17 Sep 2013 11:49:30 -0400 Subject: [PATCH 050/369] Added CoA for Xirrus --- lib/pf/SNMP/Xirrus.pm | 106 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 106 insertions(+) diff --git a/lib/pf/SNMP/Xirrus.pm b/lib/pf/SNMP/Xirrus.pm index 44f167821283..8e648fd914c2 100644 --- a/lib/pf/SNMP/Xirrus.pm +++ b/lib/pf/SNMP/Xirrus.pm @@ -31,6 +31,8 @@ use base ('pf::SNMP'); use pf::config; use pf::SNMP::constants; use pf::util; +use pf::util::radius qw(perform_disconnect); +use Try::Tiny; sub description { 'Xirrus WiFi Arrays' } @@ -128,6 +130,108 @@ sub deauthenticateMacDefault { } +=item deauthenticateMacDefault + +De-authenticate a MAC address from wireless network (including 802.1x). + +New implementation using RADIUS Disconnect-Request. + +=cut +sub deauthenticateMacRadius { + my ( $self, $mac, $is_dot1x ) = @_; + my $logger = Log::Log4perl::get_logger( ref($self) ); + + if ( !$self->isProductionMode() ) { + $logger->info("not in production mode... we won't perform deauthentication"); + return 1; + } + + $logger->debug("deauthenticate $mac using RADIUS Disconnect-Request deauth method"); + # TODO push Login-User => 1 (RFC2865) in pf::radius::constants if someone ever reads this + # (not done because it doesn't exist in current branch) + return $self->radiusDisconnect( $mac ); +} + +=item radiusDisconnect + +Sends a RADIUS Disconnect-Request to the NAS with the MAC as the Calling-Station-Id to disconnect. + +Optionally you can provide other attributes as an hashref. + +Uses L for the low-level RADIUS stuff. + +=cut +# TODO consider whether we should handle retries or not? + +sub radiusDisconnect { + my ($self, $mac, $add_attributes_ref) = @_; + my $logger = Log::Log4perl::get_logger( ref($self) ); + + # initialize + $add_attributes_ref = {} if (!defined($add_attributes_ref)); + + if (!defined($self->{'_radiusSecret'})) { + $logger->warn( + "Unable to perform RADIUS CoA-Request on $self->{'_ip'}: RADIUS Shared Secret not configured" + ); + return; + } + + $logger->info("deauthenticating $mac"); + + # Where should we send the RADIUS CoA-Request? + # to network device by default + my $send_disconnect_to = $self->{'_ip'}; + # but if controllerIp is set, we send there + if (defined($self->{'_controllerIp'}) && $self->{'_controllerIp'} ne '') { + $logger->info("controllerIp is set, we will use controller $self->{_controllerIp} to perform deauth"); + $send_disconnect_to = $self->{'_controllerIp'}; + } + # allowing client code to override where we connect with NAS-IP-Address + $send_disconnect_to = $add_attributes_ref->{'NAS-IP-Address'} + if (defined($add_attributes_ref->{'NAS-IP-Address'})); + + my $response; + try { + my $connection_info = { + nas_ip => $send_disconnect_to, + secret => $self->{'_radiusSecret'}, + LocalAddr => $management_network->tag('vip'), + }; + + # transforming MAC to the expected format 00-11-22-33-CA-FE + $mac = uc($mac); + $mac =~ s/:/-/g; + + # Standard Attributes + my $attributes_ref = { + }; + + # merging additional attributes provided by caller to the standard attributes + $attributes_ref = { %$attributes_ref, %$add_attributes_ref }; + + $response = perform_disconnect( $connection_info, + { + 'Calling-Station-Id' => $mac, + }, + ); + } catch { + chomp; + $logger->warn("Unable to perform RADIUS CoA-Request: $_"); + $logger->error("Wrong RADIUS secret or unreachable network device...") if ($_ =~ /^Timeout/); + }; + return if (!defined($response)); + + return $TRUE if ($response->{'Code'} eq 'CoA-ACK'); + + $logger->warn( + "Unable to perform RADIUS Disconnect-Request." + . ( defined($response->{'Code'}) ? " $response->{'Code'}" : 'no RADIUS code' ) . ' received' + . ( defined($response->{'Error-Cause'}) ? " with Error-Cause: $response->{'Error-Cause'}." : '' ) + ); + return; +} + =item deauthTechniques Return the reference to the deauth technique or the default deauth technique. @@ -140,6 +244,7 @@ sub deauthTechniques { my $default = $SNMP::SNMP; my %tech = ( $SNMP::SNMP => \&deauthenticateMacDefault, + $SNMP::RADIUS => \&deauthenticateMacRadius, ); if (!defined($method) || !defined($tech{$method})) { @@ -183,3 +288,4 @@ USA. # vim: set shiftwidth=4: # vim: set expandtab: # vim: set backspace=indent,eol,start: + From 481fb1c6492f5592d7c585a2f0f9af8c42779875 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 18 Sep 2013 13:33:44 -0400 Subject: [PATCH 051/369] Untaint parameters to sprintf --- lib/pf/services.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/pf/services.pm b/lib/pf/services.pm index 6a355ac25c02..f34675e783f6 100644 --- a/lib/pf/services.pm +++ b/lib/pf/services.pm @@ -372,6 +372,7 @@ sub getPidFromFile { sub launchService { my ($daemon,@launcher_args) = @_; my $launcher = $service_launchers{$daemon}; + @launcher_args = map { /^(.+)$/;$1 } @launcher_args; if ($launcher) { my $logger = Log::Log4perl::get_logger('pf::services'); my $cmd_line = sprintf($launcher, @launcher_args); From 96555613480842d106544d5cc1669d52d8a96772 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 18 Sep 2013 14:03:19 -0400 Subject: [PATCH 052/369] Created a script to extract logs from a date to now --- addons/getlogs.sh | 70 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100755 addons/getlogs.sh diff --git a/addons/getlogs.sh b/addons/getlogs.sh new file mode 100755 index 000000000000..88e9a78b6fe6 --- /dev/null +++ b/addons/getlogs.sh @@ -0,0 +1,70 @@ +#!/bin/bash + +#Get the log for the current day + +DATE=now + +if [ -n "$1" ]; then + DATE=$1 +fi + +PATTERN1="$(date --date="$DATE" +'%b %d').*" + +PATTERN2="$(date --date="$DATE" +'\[%a %b %d').*" + +PATTERN3=".*?$(date --date="$DATE" +'\[%d/%b/%Y').*" + +PATTERN4="$(date --date="$DATE" +'%a %b %d').*" + +LOGDIR=/usr/local/pf/logs + +TEMPDIR=$(mktemp -d) + +TEMPLOGDIRNAME="logs-$(date +'%Y%m%d%H%M%S')" + +TEMPLOGDIR=$TEMPDIR/$TEMPLOGDIRNAME +mkdir $TEMPLOGDIR + +extract_log() { + PATTERN=$1 + shift + while [ "$#" != "0" ];do + LOGNAME="$1" + LOG="$LOGDIR/$LOGNAME" + grep -P -A"$(wc -l $LOG | cut -d' ' -f1)" "$PATTERN1" "$LOG" > "$TEMPLOGDIR/$LOGNAME" + shift + done +} + + +extract_log "$PATTERN1" catalyst.log packetfence.log +extract_log "$PATTERN2" admin_error_log portal_error_log webservices_error_log +extract_log "$PATTERN3" admin_access_log portal_access_log webservices_access_log +extract_log "$PATTERN4" radius.log + +#for log in catalyst.log packetfence.log;do +# LOG="$LOGDIR/$log" +# grep -P -A"$(wc -l $LOG | cut -d' ' -f1)" "$PATTERN1" "$LOG" > "$TEMPLOGDIR/$log" +#done + +#for log in admin_error_log portal_error_log webservices_error_log +#do +# LOG="$LOGDIR/$log" +# grep -P -A"$(wc -l $LOG | cut -d' ' -f1)" "$PATTERN2" "$LOG" > "$TEMPLOGDIR/$log" +#done + +#for log in admin_access_log portal_access_log webservices_access_log +#do +# LOG="$LOGDIR/$log" +# grep -P -A"$(wc -l $LOG | cut -d' ' -f1)" "$PATTERN3" "$LOG" > "$TEMPLOGDIR/$log" +#done + +#for log in radius.log;do +# LOG="$LOGDIR/$log" +# grep -P -A"$(wc -l $LOG | cut -d' ' -f1)" "$PATTERN4" "$LOG" > "$TEMPLOGDIR/$log" +#done + + +tar -C"$TEMPDIR" -zcf $TEMPLOGDIRNAME.tar.gz $TEMPLOGDIRNAME + +rm -rf $TEMPDIR From 073cb54f9ba08867a3cca04809849376472adef0 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 18 Sep 2013 14:27:07 -0400 Subject: [PATCH 053/369] Perform Sanity check on SwitchConfig coming from the cache --- lib/pf/SwitchFactory.pm | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/pf/SwitchFactory.pm b/lib/pf/SwitchFactory.pm index c0d1c76b6a0e..38be8cd99728 100644 --- a/lib/pf/SwitchFactory.pm +++ b/lib/pf/SwitchFactory.pm @@ -70,7 +70,13 @@ $switches_cached_config = pf::config::cached->new( -oncachereload => [ on_cache_switches_reload => sub { my ($config, $name) = @_; - %SwitchConfig = %{$config->fromCacheUntainted("SwitchConfig")}; + my $data = $config->fromCacheUntainted("SwitchConfig"); + if($data) { + %SwitchConfig = %$data; + } else { + #if not found then call the onfilereload callback + $config->doCallbacks(1,0); + } }, ] ); From 79bf2b6fa9ed728b388c6029413e888acba2796d Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 18 Sep 2013 19:37:30 -0400 Subject: [PATCH 054/369] Untaint the launcher --- lib/pf/services.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/pf/services.pm b/lib/pf/services.pm index f34675e783f6..ad7d4db450bd 100644 --- a/lib/pf/services.pm +++ b/lib/pf/services.pm @@ -374,6 +374,8 @@ sub launchService { my $launcher = $service_launchers{$daemon}; @launcher_args = map { /^(.+)$/;$1 } @launcher_args; if ($launcher) { + $launcher =~ /^(.*)$/; + $launcher = $1; my $logger = Log::Log4perl::get_logger('pf::services'); my $cmd_line = sprintf($launcher, @launcher_args); $logger->info("Starting $daemon with '$cmd_line'"); From 6630a852c2df105968ee2349a36b273696499c8b Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 19 Sep 2013 10:58:11 -0400 Subject: [PATCH 055/369] If saved computed data was not in the cache then rerun the onfilereload callbacks --- lib/pf/authentication.pm | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/lib/pf/authentication.pm b/lib/pf/authentication.pm index ed5a0e109d7c..4254be72d58e 100644 --- a/lib/pf/authentication.pm +++ b/lib/pf/authentication.pm @@ -38,6 +38,7 @@ use pf::Authentication::Source::GoogleSource; use pf::Authentication::Source::GithubSource; use List::Util qw(first); use List::MoreUtils qw(none any); +use pf::util; # The results... # @@ -213,8 +214,14 @@ sub readAuthenticationConfigFile { -oncachereload => [ on_cache_authentication_reload => sub { my ($config, $name) = @_; - %authentication_lookup = %{$config->fromCacheUntainted("authentication_lookup")}; - @authentication_sources = @{$config->fromCacheUntainted("authentication_sources")}; + my $authentication_lookup_ref = $config->fromCacheUntainted("authentication_lookup"); + my $authentication_sources_ref = $config->fromCacheUntainted("authentication_sources"); + if( all_defined($authentication_sources_ref, $authentication_lookup_ref)) { + %authentication_lookup = %$authentication_lookup_ref; + @authentication_sources = @$authentication_sources_ref; + } else { + $config->doCallbacks(1,0); + } }, ], -onpostreload => [ From cd5aedeb3feac054323e506cbfcd61534ec4ffd4 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 19 Sep 2013 10:59:30 -0400 Subject: [PATCH 056/369] Created all defined method --- lib/pf/util.pm | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/pf/util.pm b/lib/pf/util.pm index 1c6365d45dbd..cd83c26aab52 100644 --- a/lib/pf/util.pm +++ b/lib/pf/util.pm @@ -26,6 +26,7 @@ use Net::SMTP; use POSIX(); use File::Spec::Functions; use File::Slurp qw(read_dir); +use List::MoreUtils qw(all); our ( %local_mac ); @@ -53,7 +54,7 @@ BEGIN { pf_run pfmailer generate_id load_oui download_oui trim_path format_bytes log_of ordinal_suffix - untaint_chain read_dir_recursive + untaint_chain read_dir_recursive all_defined ); } @@ -1137,6 +1138,10 @@ sub read_dir_recursive { return @files; } +sub all_defined { + all { defined $_ } @_; +} + =back =head1 AUTHOR From 3b6f17dc6a94466e8c5a224ed4dd7de3c6064dc2 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 19 Sep 2013 11:11:31 -0400 Subject: [PATCH 057/369] Removed commented code Allow date range to be enter free form ./addons/getlogs.sh 2 days ago instead of ./addons/getlogs.sh "2 days ago" --- addons/getlogs.sh | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/addons/getlogs.sh b/addons/getlogs.sh index 88e9a78b6fe6..ac2ab8249e15 100755 --- a/addons/getlogs.sh +++ b/addons/getlogs.sh @@ -4,8 +4,8 @@ DATE=now -if [ -n "$1" ]; then - DATE=$1 +if [ "$#" != "0" ]; then + DATE="$@" fi PATTERN1="$(date --date="$DATE" +'%b %d').*" @@ -36,35 +36,11 @@ extract_log() { done } - extract_log "$PATTERN1" catalyst.log packetfence.log extract_log "$PATTERN2" admin_error_log portal_error_log webservices_error_log extract_log "$PATTERN3" admin_access_log portal_access_log webservices_access_log extract_log "$PATTERN4" radius.log -#for log in catalyst.log packetfence.log;do -# LOG="$LOGDIR/$log" -# grep -P -A"$(wc -l $LOG | cut -d' ' -f1)" "$PATTERN1" "$LOG" > "$TEMPLOGDIR/$log" -#done - -#for log in admin_error_log portal_error_log webservices_error_log -#do -# LOG="$LOGDIR/$log" -# grep -P -A"$(wc -l $LOG | cut -d' ' -f1)" "$PATTERN2" "$LOG" > "$TEMPLOGDIR/$log" -#done - -#for log in admin_access_log portal_access_log webservices_access_log -#do -# LOG="$LOGDIR/$log" -# grep -P -A"$(wc -l $LOG | cut -d' ' -f1)" "$PATTERN3" "$LOG" > "$TEMPLOGDIR/$log" -#done - -#for log in radius.log;do -# LOG="$LOGDIR/$log" -# grep -P -A"$(wc -l $LOG | cut -d' ' -f1)" "$PATTERN4" "$LOG" > "$TEMPLOGDIR/$log" -#done - - tar -C"$TEMPDIR" -zcf $TEMPLOGDIRNAME.tar.gz $TEMPLOGDIRNAME rm -rf $TEMPDIR From 952c654508b9bfea4b22e822fd006d1cf80f73a5 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 25 Sep 2013 14:00:51 -0400 Subject: [PATCH 058/369] Remove Minor parts from the COPYRIGHT section --- html/pfappserver/lib/pfappserver/Form/Field/DynamicTable.pm | 1 - .../lib/pfappserver/Form/Widget/Field/DynamicTable.pm | 1 - .../lib/pfappserver/Form/Widget/Wrapper/DynamicTableRow.pm | 1 - lib/pf/CHI.pm | 1 - lib/pf/ConfigStore/Authentication.pm | 1 - lib/pf/ConfigStore/Role/ValidGenericID.pm | 1 - lib/pf/ConfigStore/Violations.pm | 1 - lib/pf/IniFiles.pm | 1 - lib/pf/WebAPI/AuthenHandler.pm | 1 - lib/pf/WebAPI/InitHandler.pm | 1 - lib/pf/cmd.pm | 1 - lib/pf/cmd/help.pm | 1 - lib/pf/cmd/roles/show_help.pm | 1 - lib/pf/cmd/roles/show_parent_help.pm | 1 - lib/pf/cmd/subcmd.pm | 1 - lib/pf/file_paths.pm | 1 - lib/pf/log.pm | 1 - lib/pf/pftest.pm | 1 - lib/pf/pftest/authentication.pm | 1 - lib/pf/pftest/help.pm | 1 - lib/pf/pftest/mysql.pm | 1 - lib/pf/radius/soapclient.pm | 1 - lib/pf/violation_config.pm | 1 - t/PfFilePaths.pm | 1 - 24 files changed, 24 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Form/Field/DynamicTable.pm b/html/pfappserver/lib/pfappserver/Form/Field/DynamicTable.pm index ce1f76a58edc..e6b137deb61a 100644 --- a/html/pfappserver/lib/pfappserver/Form/Field/DynamicTable.pm +++ b/html/pfappserver/lib/pfappserver/Form/Field/DynamicTable.pm @@ -40,7 +40,6 @@ sub BUILD { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/html/pfappserver/lib/pfappserver/Form/Widget/Field/DynamicTable.pm b/html/pfappserver/lib/pfappserver/Form/Widget/Field/DynamicTable.pm index 70824a532d65..1934ce92d8e1 100644 --- a/html/pfappserver/lib/pfappserver/Form/Widget/Field/DynamicTable.pm +++ b/html/pfappserver/lib/pfappserver/Form/Widget/Field/DynamicTable.pm @@ -52,7 +52,6 @@ use namespace::autoclean; Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/html/pfappserver/lib/pfappserver/Form/Widget/Wrapper/DynamicTableRow.pm b/html/pfappserver/lib/pfappserver/Form/Widget/Wrapper/DynamicTableRow.pm index 753c1e5e61a3..c29648cf1027 100644 --- a/html/pfappserver/lib/pfappserver/Form/Widget/Wrapper/DynamicTableRow.pm +++ b/html/pfappserver/lib/pfappserver/Form/Widget/Wrapper/DynamicTableRow.pm @@ -33,7 +33,6 @@ use namespace::autoclean; Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/CHI.pm b/lib/pf/CHI.pm index a4e41c594361..45a9339ea1fd 100644 --- a/lib/pf/CHI.pm +++ b/lib/pf/CHI.pm @@ -59,7 +59,6 @@ __PACKAGE__->config(chiConfigFromIniFile()); Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/ConfigStore/Authentication.pm b/lib/pf/ConfigStore/Authentication.pm index a793a279d490..1b7ea785ec57 100644 --- a/lib/pf/ConfigStore/Authentication.pm +++ b/lib/pf/ConfigStore/Authentication.pm @@ -38,7 +38,6 @@ __PACKAGE__->meta->make_immutable; Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/ConfigStore/Role/ValidGenericID.pm b/lib/pf/ConfigStore/Role/ValidGenericID.pm index 754b4038cafc..124e599e6174 100644 --- a/lib/pf/ConfigStore/Role/ValidGenericID.pm +++ b/lib/pf/ConfigStore/Role/ValidGenericID.pm @@ -22,7 +22,6 @@ sub validId { $_[1] =~ /[a-zA-Z0-9_-]+/; } Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/ConfigStore/Violations.pm b/lib/pf/ConfigStore/Violations.pm index 854db900637d..30921b7a5475 100644 --- a/lib/pf/ConfigStore/Violations.pm +++ b/lib/pf/ConfigStore/Violations.pm @@ -151,7 +151,6 @@ sub cleanupBeforeCommit { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/IniFiles.pm b/lib/pf/IniFiles.pm index 39894c6a7247..a385e8c72c4f 100644 --- a/lib/pf/IniFiles.pm +++ b/lib/pf/IniFiles.pm @@ -200,7 +200,6 @@ sub GetCurrentModTimestamp { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/WebAPI/AuthenHandler.pm b/lib/pf/WebAPI/AuthenHandler.pm index 1dce0a9c3352..d46d2abb7fe5 100644 --- a/lib/pf/WebAPI/AuthenHandler.pm +++ b/lib/pf/WebAPI/AuthenHandler.pm @@ -60,7 +60,6 @@ sub handler { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/WebAPI/InitHandler.pm b/lib/pf/WebAPI/InitHandler.pm index 1fbf026ed03d..1cb2eca4311c 100644 --- a/lib/pf/WebAPI/InitHandler.pm +++ b/lib/pf/WebAPI/InitHandler.pm @@ -29,7 +29,6 @@ sub handler { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/cmd.pm b/lib/pf/cmd.pm index c43360acabd6..c09075ac5477 100644 --- a/lib/pf/cmd.pm +++ b/lib/pf/cmd.pm @@ -44,7 +44,6 @@ sub args { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/cmd/help.pm b/lib/pf/cmd/help.pm index c1aca46501db..a521c347ea29 100644 --- a/lib/pf/cmd/help.pm +++ b/lib/pf/cmd/help.pm @@ -39,7 +39,6 @@ sub run { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/cmd/roles/show_help.pm b/lib/pf/cmd/roles/show_help.pm index 8c115d4e426c..90162b45d404 100644 --- a/lib/pf/cmd/roles/show_help.pm +++ b/lib/pf/cmd/roles/show_help.pm @@ -34,7 +34,6 @@ sub showHelp { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/cmd/roles/show_parent_help.pm b/lib/pf/cmd/roles/show_parent_help.pm index 2627b114081c..9f78e648d111 100644 --- a/lib/pf/cmd/roles/show_parent_help.pm +++ b/lib/pf/cmd/roles/show_parent_help.pm @@ -24,7 +24,6 @@ sub showHelp { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/cmd/subcmd.pm b/lib/pf/cmd/subcmd.pm index e08188e36692..5d8a35381fd7 100644 --- a/lib/pf/cmd/subcmd.pm +++ b/lib/pf/cmd/subcmd.pm @@ -91,7 +91,6 @@ sub unknownActionCmd { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/file_paths.pm b/lib/pf/file_paths.pm index 0fc0e6de8323..d56bcf6bc219 100644 --- a/lib/pf/file_paths.pm +++ b/lib/pf/file_paths.pm @@ -125,7 +125,6 @@ $dhcp_fingerprints_url = 'http://www.packetfence.org/dhcp_fingerprints.conf Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/log.pm b/lib/pf/log.pm index 59a3416793ff..737a9e247e8b 100644 --- a/lib/pf/log.pm +++ b/lib/pf/log.pm @@ -34,7 +34,6 @@ sub get_logger { Log::Log4perl->get_logger(@_); } Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/pftest.pm b/lib/pf/pftest.pm index b8b76ce4da65..cf7f1d6289ea 100644 --- a/lib/pf/pftest.pm +++ b/lib/pf/pftest.pm @@ -31,7 +31,6 @@ sub helpActionCmd { "pf::pftest::help" } Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/pftest/authentication.pm b/lib/pf/pftest/authentication.pm index 55d8089c0b11..622d752e06f7 100644 --- a/lib/pf/pftest/authentication.pm +++ b/lib/pf/pftest/authentication.pm @@ -78,7 +78,6 @@ sub colors_supported { return is_interactive() } Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/pftest/help.pm b/lib/pf/pftest/help.pm index 05ed96887a09..a271495f4cc5 100644 --- a/lib/pf/pftest/help.pm +++ b/lib/pf/pftest/help.pm @@ -19,7 +19,6 @@ use base qw(pf::cmd::help); Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/pftest/mysql.pm b/lib/pf/pftest/mysql.pm index dfff00fcd7a5..7c2718a3175e 100644 --- a/lib/pf/pftest/mysql.pm +++ b/lib/pf/pftest/mysql.pm @@ -21,7 +21,6 @@ use base qw(pf::cmd::subcmd); Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/radius/soapclient.pm b/lib/pf/radius/soapclient.pm index 8516767041c9..1ee22eddce49 100644 --- a/lib/pf/radius/soapclient.pm +++ b/lib/pf/radius/soapclient.pm @@ -139,7 +139,6 @@ sub build_soap_string { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/violation_config.pm b/lib/pf/violation_config.pm index b1fc55436542..e640451b5d1f 100644 --- a/lib/pf/violation_config.pm +++ b/lib/pf/violation_config.pm @@ -118,7 +118,6 @@ sub readViolationConfigFile { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/t/PfFilePaths.pm b/t/PfFilePaths.pm index 8ad9d733760e..d8ab4bcea171 100644 --- a/t/PfFilePaths.pm +++ b/t/PfFilePaths.pm @@ -28,7 +28,6 @@ BEGIN { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT From 467d3a89775fd0f81f73ea083033653bb8940a5b Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 25 Sep 2013 14:17:17 -0400 Subject: [PATCH 059/369] Added new Auth Source Null --- .../Form/Authentication/Source/Null.pm | 54 ++++++++++++++++++ .../root/authentication/source/type/Null.tt | 1 + lib/pf/Authentication/Source/NullSource.pm | 57 +++++++++++++++++++ lib/pf/authentication.pm | 4 +- 4 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 html/pfappserver/lib/pfappserver/Form/Authentication/Source/Null.pm create mode 100644 html/pfappserver/root/authentication/source/type/Null.tt create mode 100644 lib/pf/Authentication/Source/NullSource.pm diff --git a/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Null.pm b/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Null.pm new file mode 100644 index 000000000000..031c5eb98ac5 --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Null.pm @@ -0,0 +1,54 @@ +package pfappserver::Form::Authentication::Source::Null; +=head1 NAME + +pfappserver::Form::Authentication::Source::Null add documentation + +=cut + +=head1 DESCRIPTION + +pfappserver::Form::Authentication::Source::Null + +=cut + +use strict; +use warnings; +use HTML::FormHandler::Moose; +extends 'pfappserver::Form::Authentication::Source'; + +# Form fields +has_field 'email_required' => + ( + type => 'Toggle', + widget => 'Switch', + ); + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/html/pfappserver/root/authentication/source/type/Null.tt b/html/pfappserver/root/authentication/source/type/Null.tt new file mode 100644 index 000000000000..b14ec2fea631 --- /dev/null +++ b/html/pfappserver/root/authentication/source/type/Null.tt @@ -0,0 +1 @@ +[% form.field('email_required').render %] diff --git a/lib/pf/Authentication/Source/NullSource.pm b/lib/pf/Authentication/Source/NullSource.pm new file mode 100644 index 000000000000..57f600dd872b --- /dev/null +++ b/lib/pf/Authentication/Source/NullSource.pm @@ -0,0 +1,57 @@ +package pf::Authentication::Source::NullSource; +=head1 NAME + +pf::Authentication::Source::NullSource add documentation + +=cut + +=head1 DESCRIPTION + +pf::Authentication::Source::NullSource + +=cut + +use strict; +use warnings; +use Moose; + +extends 'pf::Authentication::Source'; + +has '+type' => (default => 'Null'); +has '+unique' => (default => 1); +has 'email_required' => ( is=> 'rw', default => 0); + +sub match_in_subclass { + my ($self, $params, $rule, $own_conditions, $matching_conditions) = @_; + return $params->{'username'}; +} + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/authentication.pm b/lib/pf/authentication.pm index 4254be72d58e..015bc05f4c12 100644 --- a/lib/pf/authentication.pm +++ b/lib/pf/authentication.pm @@ -36,6 +36,7 @@ use pf::Authentication::Source::SQLSource; use pf::Authentication::Source::FacebookSource; use pf::Authentication::Source::GoogleSource; use pf::Authentication::Source::GithubSource; +use pf::Authentication::Source::NullSource; use List::Util qw(first); use List::MoreUtils qw(none any); use pf::util; @@ -91,7 +92,8 @@ our %TYPE_TO_SOURCE = ( 'sms' => pf::Authentication::Source::SMSSource->meta->name, 'facebook' => pf::Authentication::Source::FacebookSource->meta->name, 'google' => pf::Authentication::Source::GoogleSource->meta->name, - 'github' => pf::Authentication::Source::GithubSource->meta->name + 'github' => pf::Authentication::Source::GithubSource->meta->name, + 'null' => pf::Authentication::Source::NullSource->meta->name ); our $logger = get_logger(); From 3206b0cd1a9de7d6862e87f1130c32bf93244bfb Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 25 Sep 2013 16:23:25 -0400 Subject: [PATCH 060/369] Will only allow one Null Authentication Source --- .../lib/pfappserver/Form/Portal/Common.pm | 2 +- .../static/admin/configuration/portal_profile.js | 14 +++++++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm b/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm index 356a3c8ce98f..b7de32f1cc67 100644 --- a/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm +++ b/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm @@ -23,7 +23,7 @@ use pf::authentication; =cut sub options_sources { - return map { { value => $_->id, label => $_->id } } @{getAllAuthenticationSources()}; + return map { { value => $_->id, label => $_->id, attributes => { 'data-source-type' => $_->type } } } @{getAllAuthenticationSources()}; } =head2 validate diff --git a/html/pfappserver/root/static/admin/configuration/portal_profile.js b/html/pfappserver/root/static/admin/configuration/portal_profile.js index 81411229f4d8..3e7c37088060 100644 --- a/html/pfappserver/root/static/admin/configuration/portal_profile.js +++ b/html/pfappserver/root/static/admin/configuration/portal_profile.js @@ -238,7 +238,9 @@ function initReadPage(element) { var rows = tbody.children(':not(.hidden)'); var row = rows.first(); var options = row.find("select option"); - if( rows.length < options.length){ + if (row.find('select').val() == 'null' ) { + row.find('[href="#add"]').addClass('hidden'); + } else if( rows.length < options.length ) { rows.find('[href="#add"]').removeClass('hidden'); } }); @@ -247,6 +249,16 @@ function initReadPage(element) { $('#sourcesEmpty').addClass('hidden'); return false; }); + $('#sources').on('change','select', function(event) { + var that = $(this); + var tr = that.closest('tr'); + if(that.find(':selected').attr('data-source-type') == 'Null') { + tr.siblings(':not(.hidden)').find('[href="#delete"]').click(); + tr.find('[href="#add"]').addClass('hidden'); + } else { + tr.find('[href="#add"]').removeClass('hidden'); + } + }); } function initTemplatesPage(element) { From e7fee889cb143c4689ab6c4f543cf1992f1439a0 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 25 Sep 2013 16:33:30 -0400 Subject: [PATCH 061/369] Will always return true when trying to authenticate --- lib/pf/Authentication/Source/NullSource.pm | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/pf/Authentication/Source/NullSource.pm b/lib/pf/Authentication/Source/NullSource.pm index 57f600dd872b..730efbc62e03 100644 --- a/lib/pf/Authentication/Source/NullSource.pm +++ b/lib/pf/Authentication/Source/NullSource.pm @@ -14,6 +14,7 @@ pf::Authentication::Source::NullSource use strict; use warnings; use Moose; +use pf::config qw($TRUE); extends 'pf::Authentication::Source'; @@ -26,6 +27,15 @@ sub match_in_subclass { return $params->{'username'}; } +=head2 authenticate + +=cut + +sub authenticate { + my ($self, $username, $password) = @_; + return ($TRUE, 'Successful authentication using null source.'); +} + =head1 AUTHOR Inverse inc. From 11a018cd6ab8aa5c6517cea2ee573e0b854428d0 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 26 Sep 2013 11:48:38 -0400 Subject: [PATCH 062/369] Make NullSource class exclusive --- lib/pf/Authentication/Source/NullSource.pm | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/pf/Authentication/Source/NullSource.pm b/lib/pf/Authentication/Source/NullSource.pm index 730efbc62e03..0f6d2aeacf68 100644 --- a/lib/pf/Authentication/Source/NullSource.pm +++ b/lib/pf/Authentication/Source/NullSource.pm @@ -14,10 +14,12 @@ pf::Authentication::Source::NullSource use strict; use warnings; use Moose; -use pf::config qw($TRUE); +use pf::config qw($FALSE $TRUE); +use Email::Valid; extends 'pf::Authentication::Source'; +has '+class' => (default => 'exclusive'); has '+type' => (default => 'Null'); has '+unique' => (default => 1); has 'email_required' => ( is=> 'rw', default => 0); @@ -33,7 +35,10 @@ sub match_in_subclass { sub authenticate { my ($self, $username, $password) = @_; - return ($TRUE, 'Successful authentication using null source.'); + if (!$self->email_required || Email::Valid->address($username) ) { + return ($TRUE, 'Successful authentication using null source.'); + } + return ($FALSE, 'Successful authentication using null source.'); } =head1 AUTHOR From 729cde94537ca5ef7419f6d690d2fe13def3cad9 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 26 Sep 2013 11:58:02 -0400 Subject: [PATCH 063/369] Added new class type exclusive --- .../pfappserver/Controller/Authentication.pm | 14 +++++---- .../lib/pfappserver/Form/Portal/Common.pm | 2 +- .../root/configuration/authentication.tt | 31 +++++++++++++++++++ .../admin/configuration/portal_profile.js | 4 +-- 4 files changed, 42 insertions(+), 9 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Authentication.pm b/html/pfappserver/lib/pfappserver/Controller/Authentication.pm index 5d6753930688..70480629088d 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Authentication.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Authentication.pm @@ -37,18 +37,20 @@ Show list of authentication sources. Allow user to order the list. sub index :Path :Args(0) { my ($self, $c) = @_; - my ($sources, $internal_types, $external_types, $form); + my ($sources); (undef, $sources) = $c->model('Config::Authentication')->readAll(); - $internal_types = availableAuthenticationSourceTypes('internal'); - $external_types = availableAuthenticationSourceTypes('external'); - $form = pfappserver::Form::Authentication->new(ctx => $c, + my $internal_types = availableAuthenticationSourceTypes('internal'); + my $external_types = availableAuthenticationSourceTypes('external'); + my $exclusive_types = availableAuthenticationSourceTypes('exclusive'); + my $form = pfappserver::Form::Authentication->new(ctx => $c, init_object => {sources => $sources}); $form->process(); $c->stash( - internal_types => $internal_types, - external_types => $external_types, + internal_types => $internal_types, + external_types => $external_types, + exclusive_types => $exclusive_types, form => $form, template => 'configuration/authentication.tt' ); diff --git a/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm b/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm index b7de32f1cc67..0c45a4009347 100644 --- a/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm +++ b/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm @@ -23,7 +23,7 @@ use pf::authentication; =cut sub options_sources { - return map { { value => $_->id, label => $_->id, attributes => { 'data-source-type' => $_->type } } } @{getAllAuthenticationSources()}; + return map { { value => $_->id, label => $_->id, attributes => { 'data-source-class' => $_->class } } } @{getAllAuthenticationSources()}; } =head2 validate diff --git a/html/pfappserver/root/configuration/authentication.tt b/html/pfappserver/root/configuration/authentication.tt index 861a4956bfb3..1c58f25d85c2 100644 --- a/html/pfappserver/root/configuration/authentication.tt +++ b/html/pfappserver/root/configuration/authentication.tt @@ -83,6 +83,32 @@ +

    [% l('Exclusive Sources') %]

    + + + + + + + + + + + + [% FOREACH source IN form.field('sources').fields %] + [% IF source.field('class').value == 'exclusive' %] + + + + + + + + [% END -%] + [% END -%] + +
    [% l('Name') %][% l('Description') %][% l('Type') %]
    [% source.field('id').render_element %][% source.field('id').value %][% source.field('description').value %][% l(source.field('type').value) %][% l('Delete') %]
    + [% END -%]
    @@ -102,6 +128,11 @@ [% FOREACH type IN external_types.sort -%]
  • [% l(type) %]
    • [% END -%] +
  • +
  • [% l('Exclusive') %]
    • + [% FOREACH type IN exclusive_types.sort -%] +
  • [% l(type) %]
    • + [% END -%]
    diff --git a/html/pfappserver/root/static/admin/configuration/portal_profile.js b/html/pfappserver/root/static/admin/configuration/portal_profile.js index 3e7c37088060..9665a3ab1ed7 100644 --- a/html/pfappserver/root/static/admin/configuration/portal_profile.js +++ b/html/pfappserver/root/static/admin/configuration/portal_profile.js @@ -238,7 +238,7 @@ function initReadPage(element) { var rows = tbody.children(':not(.hidden)'); var row = rows.first(); var options = row.find("select option"); - if (row.find('select').val() == 'null' ) { + if (options.filter(':selected').attr('data-source-class') == 'exclusive') { row.find('[href="#add"]').addClass('hidden'); } else if( rows.length < options.length ) { rows.find('[href="#add"]').removeClass('hidden'); @@ -252,7 +252,7 @@ function initReadPage(element) { $('#sources').on('change','select', function(event) { var that = $(this); var tr = that.closest('tr'); - if(that.find(':selected').attr('data-source-type') == 'Null') { + if(that.find(':selected').attr('data-source-class') == 'exclusive') { tr.siblings(':not(.hidden)').find('[href="#delete"]').click(); tr.find('[href="#add"]').addClass('hidden'); } else { From 637c5c09981a457e70cd503237228434a14eb6c1 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 26 Sep 2013 14:28:02 -0400 Subject: [PATCH 064/369] Added the Null Source type to the documentation --- docs/PacketFence_Administration_Guide.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/PacketFence_Administration_Guide.asciidoc b/docs/PacketFence_Administration_Guide.asciidoc index 82e5f99e0aa4..4aaf9bfd3438 100644 --- a/docs/PacketFence_Administration_Guide.asciidoc +++ b/docs/PacketFence_Administration_Guide.asciidoc @@ -422,6 +422,7 @@ PacketFence can authenticate users that register devices via the captive portal * Google (OAuth 2) * Kerberos * LDAP +* Null * RADIUS * SMS * Sponsored Email From 859b2320685cc57c4f1ec09fa069daa68bbcb407 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 26 Sep 2013 14:29:03 -0400 Subject: [PATCH 065/369] Added method getExclusiveSources --- lib/pf/Portal/Profile.pm | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/lib/pf/Portal/Profile.pm b/lib/pf/Portal/Profile.pm index 213a8f55ae68..845e29a0c605 100644 --- a/lib/pf/Portal/Profile.pm +++ b/lib/pf/Portal/Profile.pm @@ -175,6 +175,17 @@ sub getExternalSources { return grep { $_->{'class'} eq 'external' } $self->getSourcesAsObjects(); } +=item getExclusiveSources + +Returns the exclusive authentication sources objects for the current captive portal profile. + +=cut + +sub getExclusiveSources { + my ($self) = @_; + return grep { $_->{'class'} eq 'exclusive' } $self->getSourcesAsObjects(); +} + =item getSourceByType Returns the first source object for the requested source type for the current captive portal profile. From feabd4ac31cdf9d33db72233b01f7ecf2e59ffa7 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 26 Sep 2013 14:30:03 -0400 Subject: [PATCH 066/369] Added self registration mode null --- lib/pf/config.pm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/pf/config.pm b/lib/pf/config.pm index 3774b971f414..c01780a7440a 100644 --- a/lib/pf/config.pm +++ b/lib/pf/config.pm @@ -96,7 +96,7 @@ BEGIN { %connection_group %connection_group_to_str $RADIUS_API_LEVEL $VLAN_API_LEVEL $INLINE_API_LEVEL $AUTHENTICATION_API_LEVEL $SOH_API_LEVEL $BILLING_API_LEVEL $ROLE_API_LEVEL - $SELFREG_MODE_EMAIL $SELFREG_MODE_SMS $SELFREG_MODE_SPONSOR $SELFREG_MODE_GOOGLE $SELFREG_MODE_FACEBOOK $SELFREG_MODE_GITHUB + $SELFREG_MODE_EMAIL $SELFREG_MODE_SMS $SELFREG_MODE_SPONSOR $SELFREG_MODE_GOOGLE $SELFREG_MODE_FACEBOOK $SELFREG_MODE_GITHUB $SELFREG_MODE_NULL %CAPTIVE_PORTAL $HTTP $HTTPS normalize_time $TIME_MODIFIER_RE $ACCT_TIME_MODIFIER_RE @@ -289,6 +289,7 @@ Readonly our $SELFREG_MODE_SPONSOR => 'sponsoremail'; Readonly our $SELFREG_MODE_GOOGLE => 'google'; Readonly our $SELFREG_MODE_FACEBOOK => 'facebook'; Readonly our $SELFREG_MODE_GITHUB => 'github'; +Readonly our $SELFREG_MODE_NULL => 'null'; # SoH filters Readonly our $SOH_ACTION_ACCEPT => 'accept'; From a7c4e2c747f521d92f06cebe2ec66821af99511d Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 26 Sep 2013 14:41:43 -0400 Subject: [PATCH 067/369] Created drop down menus for each class type --- .../root/configuration/authentication.tt | 36 ++++++++++++------- 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/html/pfappserver/root/configuration/authentication.tt b/html/pfappserver/root/configuration/authentication.tt index 1c58f25d85c2..dd2120dd17a2 100644 --- a/html/pfappserver/root/configuration/authentication.tt +++ b/html/pfappserver/root/configuration/authentication.tt @@ -119,20 +119,32 @@
    [% l('Add source') %]
    From 9b33906b588cacd7467da4425af1e15fec558ab7 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 26 Sep 2013 14:42:34 -0400 Subject: [PATCH 068/369] Fixed issue with authentication and email required --- lib/pf/Authentication/Source/NullSource.pm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/pf/Authentication/Source/NullSource.pm b/lib/pf/Authentication/Source/NullSource.pm index 0f6d2aeacf68..9f262de1daaf 100644 --- a/lib/pf/Authentication/Source/NullSource.pm +++ b/lib/pf/Authentication/Source/NullSource.pm @@ -16,6 +16,7 @@ use warnings; use Moose; use pf::config qw($FALSE $TRUE); use Email::Valid; +use pf::util; extends 'pf::Authentication::Source'; @@ -35,7 +36,7 @@ sub match_in_subclass { sub authenticate { my ($self, $username, $password) = @_; - if (!$self->email_required || Email::Valid->address($username) ) { + if (isdisabled($self->email_required) || Email::Valid->address($username) ) { return ($TRUE, 'Successful authentication using null source.'); } return ($FALSE, 'Successful authentication using null source.'); From f98f319f50549fefa80c24239736a4308255f3fc Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 26 Sep 2013 14:45:56 -0400 Subject: [PATCH 069/369] Added the exclusive type to guest mode --- lib/pf/Portal/ProfileFactory.pm | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/pf/Portal/ProfileFactory.pm b/lib/pf/Portal/ProfileFactory.pm index dda980d22c2e..297aaf3c790c 100644 --- a/lib/pf/Portal/ProfileFactory.pm +++ b/lib/pf/Portal/ProfileFactory.pm @@ -95,10 +95,14 @@ sub _custom_profile { sub _guest_modes_from_sources { my ($sources) = @_; $sources ||= []; + my %modeClasses = ( + external => undef, + exclusive => undef, + ); my %is_in = map { $_ => undef } @$sources; my @guest_modes = map { lc($_->type) } - grep { exists $is_in{$_->id} && $_->class eq 'external' } + grep { exists $is_in{$_->id} && exists $modeClasses{$_->class} } @authentication_sources; return \@guest_modes; From 92ef8ac41a085cb8474a0c3696216d762c78679b Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 26 Sep 2013 15:11:19 -0400 Subject: [PATCH 070/369] Added new type null --- conf/authentication.conf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/conf/authentication.conf b/conf/authentication.conf index b290e8cda9d4..ba70dcfc2c6e 100644 --- a/conf/authentication.conf +++ b/conf/authentication.conf @@ -44,3 +44,8 @@ description= match=all action0=set_role=guest action1=set_access_duration=1D + +[null] +description=Null Source +type=Null +email_required=disabled From 4dfdafe22a8650de8da6590a3f5a95847728fab0 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 26 Sep 2013 16:08:06 -0400 Subject: [PATCH 071/369] Added support for a null authentication source --- lib/pf/web.pm | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/lib/pf/web.pm b/lib/pf/web.pm index 7cc2c9730784..5b1151c7eeba 100644 --- a/lib/pf/web.pm +++ b/lib/pf/web.pm @@ -36,6 +36,7 @@ use Log::Log4perl; use Readonly; use Template; use URI::Escape qw(uri_escape uri_unescape); +use List::MoreUtils qw(any); BEGIN { use Exporter (); @@ -297,10 +298,20 @@ sub generate_login_page { = is_in_list($SELFREG_MODE_FACEBOOK, $portalSession->getProfile->getGuestModes); $portalSession->stash->{'oauth2_github'} = is_in_list($SELFREG_MODE_GITHUB, $portalSession->getProfile->getGuestModes); + $portalSession->stash->{'null_source'} + = is_in_list($SELFREG_MODE_NULL, $portalSession->getProfile->getGuestModes); + $portalSession->stash->{'no_username'} = _no_username($portalSession); render_template($portalSession, $LOGIN_TEMPLATE); } +sub _no_username { + my ($portalSession) = @_; + return any {$_->type eq 'Null' && isdisabled($_->email_required) } + map { getAuthenticationSource($_) } + @{$portalSession->getProfile->getSources}; +} + sub generate_enabler_page { my ( $portalSession, $violation_id, $enable_text ) = @_; @@ -555,7 +566,10 @@ sub validate_form { $logger->trace("form validation attempt"); my $cgi = $portalSession->getCgi(); - if ( $cgi->param("username") && $cgi->param("password") ) { + my $no_password_needed = any {$_ eq 'null' } @{$portalSession->getProfile->getGuestModes}; + my $no_username_needed = _no_username($portalSession); + + if ( ($cgi->param("username") || $no_username_needed ) && ( $cgi->param("password") || $no_password_needed ) ) { # acceptable use pocliy accepted? if (!defined($cgi->param("aup_signed")) || !$cgi->param("aup_signed")) { return ( 0 , 'You need to accept the terms before proceeding any further.' ); @@ -579,11 +593,12 @@ sub web_user_authenticate { $logger->trace("authentication attempt"); my $session = $portalSession->getSession(); + my @sources = ($portalSession->getProfile->getInternalSources, $portalSession->getProfile->getExclusiveSources); + my $username = $portalSession->cgi->param("username"); + my $password = $portalSession->cgi->param("password"); # validate login and password - my ($return, $message, $source_id) = &pf::authentication::authenticate($portalSession->cgi->param("username"), - $portalSession->cgi->param("password"), - $portalSession->getProfile->getInternalSources); + my ($return, $message, $source_id) = pf::authentication::authenticate($username, $password, @sources); if (defined($return) && $return == 1) { # save login into session From 83b29f2196d2e35b5e2115d8279d646c4dbb6f2e Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 26 Sep 2013 16:09:02 -0400 Subject: [PATCH 072/369] Changed the default for email_required to disabled --- lib/pf/Authentication/Source/NullSource.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/Authentication/Source/NullSource.pm b/lib/pf/Authentication/Source/NullSource.pm index 9f262de1daaf..1afb1a41cd14 100644 --- a/lib/pf/Authentication/Source/NullSource.pm +++ b/lib/pf/Authentication/Source/NullSource.pm @@ -23,7 +23,7 @@ extends 'pf::Authentication::Source'; has '+class' => (default => 'exclusive'); has '+type' => (default => 'Null'); has '+unique' => (default => 1); -has 'email_required' => ( is=> 'rw', default => 0); +has 'email_required' => ( is=> 'rw', default => 'disabled'); sub match_in_subclass { my ($self, $params, $rule, $own_conditions, $matching_conditions) = @_; From b5e202eca0ef06cebf87f873adb07c34d3c01816 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 26 Sep 2013 16:10:29 -0400 Subject: [PATCH 073/369] Added values for the checkbox --- .../lib/pfappserver/Form/Authentication/Source/Null.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Null.pm b/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Null.pm index 031c5eb98ac5..ceb1358c9efe 100644 --- a/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Null.pm +++ b/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Null.pm @@ -21,6 +21,8 @@ has_field 'email_required' => ( type => 'Toggle', widget => 'Switch', + checkbox_value => 'enabled', + unchecked_value => 'disabled', ); =head1 AUTHOR From 1ccfc576d6b141bdb308d8338f725d38dc223b01 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 26 Sep 2013 16:13:01 -0400 Subject: [PATCH 074/369] Added support for the null authentication source --- html/captive-portal/templates/login.html | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/html/captive-portal/templates/login.html b/html/captive-portal/templates/login.html index fb09441bdb14..35c4e3ceacb9 100644 --- a/html/captive-portal/templates/login.html +++ b/html/captive-portal/templates/login.html @@ -60,13 +60,17 @@
    [%# User / Pass %] + [% UNLESS no_username %]
    - [% i18n("Username") %] + [% IF null_source %][% i18n("Email") %] [% ELSE %] [% i18n("Username") %][% END %]
    + [% END %] + [% UNLESS null_source %]
    [% i18n("Password") %]
    + [% END %] [%# submit %]
    @@ -90,7 +94,7 @@
    [% END %] - [% IF guest_allowed -%] + [% IF guest_allowed && !null_source -%]
    or
    [% i18n("Sign up") %] From aff72d60f99f147b9d49de6c43a8c3198578cb08 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 26 Sep 2013 16:13:16 -0400 Subject: [PATCH 075/369] Added support for the null authentication source --- html/captive-portal/register.cgi | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/html/captive-portal/register.cgi b/html/captive-portal/register.cgi index 1fe0aa5cf336..5b2fbccdc81b 100755 --- a/html/captive-portal/register.cgi +++ b/html/captive-portal/register.cgi @@ -2,7 +2,7 @@ =head1 NAME -register.cgi +register.cgi =head1 SYNOPSYS @@ -31,6 +31,7 @@ use pf::web::custom; # called last to allow redefinitions use pf::authentication; use pf::Authentication::constants; +use List::MoreUtils qw(any); Log::Log4perl->init("$conf_dir/log.conf"); my $logger = Log::Log4perl->get_logger('register.cgi'); @@ -58,8 +59,11 @@ $info{'pid'} = $cgi->remote_user || "admin"; # Pull browser user-agent string $info{'user_agent'} = $cgi->user_agent; -if (defined($cgi->param('username')) && $cgi->param('username') ne '') { - +my $no_password_needed = any {$_ eq 'null' } @{$portalSession->getProfile->getGuestModes}; +my $no_username_needed = pf::web::_no_username($portalSession); + +if ( (defined($cgi->param('username') ) || $no_username_needed ) && ($cgi->param('username') ne '' || $no_password_needed )) { + my ($form_return, $err) = pf::web::validate_form($portalSession); if ($form_return != 1) { $logger->trace("form validation failed or first time for " . $portalSession->getClientMac()); @@ -176,20 +180,20 @@ Inverse inc. Copyright (C) 2005-2013 Inverse inc. =head1 LICENSE - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, -USA. - +USA. + =cut From 04913925f0bdf474201875702b3aa0a7034e47d3 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Thu, 6 Jun 2013 16:13:50 -0400 Subject: [PATCH 076/369] Rewrite of feature proxy interception fir packetfence 4 Conflicts: lib/pf/iptables.pm --- conf/documentation.conf | 5 + conf/httpd.conf.d/httpd.proxy | 214 +++++++++++++++++++++++++++ conf/iptables.conf | 6 + conf/pf.conf.defaults | 6 + lib/pf/Portal/Session.pm | 8 +- lib/pf/iptables.pm | 88 +++++++++--- lib/pf/web/interceptproxy.pm | 263 ++++++++++++++++++++++++++++++++++ lib/pf/web/util.pm | 50 +++++++ 8 files changed, 617 insertions(+), 23 deletions(-) create mode 100644 conf/httpd.conf.d/httpd.proxy create mode 100644 lib/pf/web/interceptproxy.pm diff --git a/conf/documentation.conf b/conf/documentation.conf index af3bf151646a..05f49f13ddee 100644 --- a/conf/documentation.conf +++ b/conf/documentation.conf @@ -870,3 +870,8 @@ description=< + + LoadModule perl_module /usr/lib/apache2/modules/mod_perl.so + + + LoadModule log_config_module /usr/lib/apache2/modules/mod_log_config.so + + + LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so + + + LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so + + + LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so + + + LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so + + + LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so + + + LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so + + + LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so + + + LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so + + + LoadModule apreq_module /usr/lib/apache2/modules/mod_apreq2.so + + + LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so + + + LoadModule proxy_connect_module /usr/lib/apache2/modules/mod_proxy_connect.so + + + +#RHEL specific + + + LoadModule perl_module modules/mod_perl.so + + + LoadModule log_config_module modules/mod_log_config.so + + + LoadModule ssl_module modules/mod_ssl.so + + + LoadModule headers_module modules/mod_headers.so + + + LoadModule proxy_module modules/mod_proxy.so + + + LoadModule authz_host_module modules/mod_authz_host.so + + + LoadModule setenvif_module modules/mod_setenvif.so + + + LoadModule rewrite_module modules/mod_rewrite.so + + + LoadModule alias_module modules/mod_alias.so + + + LoadModule mime_module modules/mod_mime.so + + + LoadModule apreq_module modules/mod_apreq2.so + + + LoadModule proxy_http_module modules/mod_proxy_http.so + + + LoadModule proxy_connect_module modules/mod_proxy_connect.so + + + +PerlSwitches -I/usr/local/pf/lib +#AddHandler perl-script .cgi +#Options +ExecCGI +#PerlHandler ModPerl::PerlRun + +# Prevent Browsers (Chrome and Firefox) to cache DNS while under the captive portal +Header always set X-DNS-Prefetch-Control off + + + Order deny,allow + Allow from all + + + + SSLOptions +StdEnvVars + + +SetEnvIf User-Agent ".*MSIE.*" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +TypesConfig /etc/mime.types + + +use pf::config qw(); +use Tie::DxHash; +use pf::services::apache; + +sub gen_conf { + my %conf; + tie %conf, 'Tie::DxHash'; + + %conf = @_; + return \%conf; +} + +my $PfConfig = \%pf::config::Config; +my $management_network = $pf::config::management_network; +my $install_dir = $pf::config::install_dir; +my $var_dir = $pf::config::var_dir; +my @internal_nets = @pf::config::internal_nets; +my $host; + +$PidFile = $install_dir.'/var/run/httpd.proxy.pid'; + +$Include = $install_dir.'/conf/httpd.conf.d/log.conf'; + +$User = "pf"; +$Group = "pf"; + +$PerlOptions = "+GlobalRequest"; +$ProxyRequests = "Off"; + +if (defined($PfConfig->{'alerting'}{'fromaddr'}) && $PfConfig->{'alerting'}{'fromaddr'} ne '') { + $ServerAdmin = $PfConfig->{'alerting'}{'fromaddr'}; +} else { + $ServerAdmin = "root\@".$PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}; +} + +$ServerTokens = "Prod"; +$ServerSignature = "Off"; +$UseCanonicalName = "Off"; +$Timeout = "50"; +$KeepAliveTimeout = "10"; + +$MaxClients = pf::services::apache::calculate_max_clients(pf::services::apache::get_total_system_memory()); +$StartServers = pf::services::apache::calculate_start_servers($MaxClients); +$MinSpareServers = pf::services::apache::calculate_min_spare_servers($MaxClients); + +$HostnameLookups = "off"; +$MaxRequestsPerChild = "1000"; +$PerlInitHandler = "pf::WebAPI::InitHandler"; + + +$SSLPassPhraseDialog = "builtin"; +$SSLSessionCache = "dbm:".$install_dir."/var/ssl_scache"; +$SSLSessionCacheTimeout = "300"; +$SSLMutex = "file:".$install_dir."/var/ssl_mutex"; +$SSLRandomSeed = "startup builtin"; +$SSLRandomSeed = "connect builtin"; +$SSLCipherSuite = "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"; + +$ErrorLog = $install_dir.'/logs/proxy_error_log'; + +foreach my $port (split(',',$PfConfig->{'interception_proxy'}{'port'})) { + push (@NameVirtualHost,"*:".$port); +} + +push (@NameVirtualHost,"*:444"); + +foreach my $interface (@internal_nets) { + foreach my $port (split(',',$PfConfig->{'interception_proxy'}{'port'})) { + push (@Listen,$interface->{'Tip'}.":".$port); + push @{ $VirtualHost{$interface->{'Tip'}.":".$port} }, gen_conf( + ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}.":".$port, + PerlOptions => '+GlobalRequest', + PerlModule => 'pf::web::interceptproxy', + PerlTransHandler => '+pf::web::interceptproxy::translate', + ProxyRequests => 'On', + ProxyPreserveHost => 'On', + AllowCONNECT => '444 443', + ProxyVia => 'full', + ErrorLog => $install_dir.'/logs/proxy_error_log', + CustomLog => $install_dir.'/logs/proxy_access_log combined', + ); + } +} + +push (@Listen,"127.0.0.1:444"); + +push @{ VirtualHost{'127.0.0.1:444'} }, gen_conf( + ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}.":444", + PerlOptions => '+GlobalRequest', + PerlModule => 'pf::web::interceptproxy', + PerlTransHandler => '+pf::web::interceptproxy::reverse', + ProxyRequests => 'Off', + ProxyPreserveHost => 'On', + ProxyVia => 'Off', + ErrorLog => $install_dir.'/logs/reverse_reproxy_error_log', + CustomLog => $install_dir.'/logs/reverse_proxy_access_log combined', + SSLEngine => 'on', + SSLProxyEngine => 'on', + Include => $var_dir.'/conf/ssl-certificates.conf', +); + + diff --git a/conf/iptables.conf b/conf/iptables.conf index 7bf5cd551913..3af8013fb075 100644 --- a/conf/iptables.conf +++ b/conf/iptables.conf @@ -44,6 +44,7 @@ # HTTP (captive-portal) -A input-internal-vlan-if --protocol tcp --match tcp --dport 80 --jump ACCEPT -A input-internal-vlan-if --protocol tcp --match tcp --dport 443 --jump ACCEPT +%%input_inter_vlan_if%% :input-internal-inline-if - [0:0] # DHCP @@ -64,6 +65,7 @@ # allow everyone else behind inline interface (not registered, isolated, etc.) -A input-internal-inline-if --protocol tcp --match tcp --dport 80 --jump ACCEPT -A input-internal-inline-if --protocol tcp --match tcp --dport 443 --jump ACCEPT +%%input_inter_inline_rules%% :input-highavailability-if - [0:0] #SSH @@ -104,6 +106,9 @@ COMMIT :PREROUTING ACCEPT [0:0] :prerouting-int-inline-if - [0:0] %%nat_prerouting_inline%% +:prerouting-int-vlan-if - [0:0] +%%nat_prerouting_vlan%% + :POSTROUTING ACCEPT [0:0] # # NAT out (PAT actually) @@ -128,3 +133,4 @@ COMMIT # These will redirect to the proper chains based on conf/pf.conf's configuration %%nat_if_src_to_chain%% COMMIT + diff --git a/conf/pf.conf.defaults b/conf/pf.conf.defaults index a4aa09dd0d17..643395d98fd1 100644 --- a/conf/pf.conf.defaults +++ b/conf/pf.conf.defaults @@ -684,3 +684,9 @@ voip=no user = pass = +[interception_proxy] +# +# intercept_proxy.port +# +# Define the proxy port to intercept in vlan and in inline enforcement +port= diff --git a/lib/pf/Portal/Session.pm b/lib/pf/Portal/Session.pm index e0a9562ed992..ce3de982a851 100644 --- a/lib/pf/Portal/Session.pm +++ b/lib/pf/Portal/Session.pm @@ -174,18 +174,18 @@ sub _resolveIp { $proxied_lookup{$management_network->tag('vip')} = 1 if ($management_network && $management_network->tag('vip')); # if this is NOT from one of the expected proxy IPs return the IP - if (!$proxied_lookup{$directly_connected_ip}) { + if ( (!$proxied_lookup{$directly_connected_ip}) && !($directly_connected_ip ne '127.0.0.1') ) { return $directly_connected_ip; } # behind a proxy? if (defined($ENV{'HTTP_X_FORWARDED_FOR'})) { - my $proxied_ip = $ENV{'HTTP_X_FORWARDED_FOR'}; + my @proxied_ip = split(',',$ENV{'HTTP_X_FORWARDED_FOR'}); $logger->debug( "Remote Address is $directly_connected_ip. Client is behind proxy? " - . "Returning: $proxied_ip according to HTTP Headers" + . "Returning: $proxied_ip[0] according to HTTP Headers" ); - return $proxied_ip; + return $proxied_ip[0]; } $logger->debug("Remote Address is $directly_connected_ip but no further hints of client IP in HTTP Headers"); diff --git a/lib/pf/iptables.pm b/lib/pf/iptables.pm index e704bc54b6bb..a475b2464e2a 100644 --- a/lib/pf/iptables.pm +++ b/lib/pf/iptables.pm @@ -53,6 +53,7 @@ Readonly my $FW_FILTER_FORWARD_INT_VLAN => 'forward-internal-vlan-if'; Readonly my $FW_PREROUTING_INT_INLINE => 'prerouting-int-inline-if'; Readonly my $FW_POSTROUTING_INT_INLINE => 'postrouting-int-inline-if'; Readonly my $FW_POSTROUTING_INT_INLINE_ROUTED => 'postrouting-inline-routed'; +Readonly my $FW_PREROUTING_INT_VLAN => 'prerouting-int-vlan-if'; =head1 SUBROUTINES @@ -86,6 +87,7 @@ sub iptables_generate { 'mangle_if_src_to_chain' => '', 'mangle_prerouting_inline' => '', 'nat_if_src_to_chain' => '', 'nat_prerouting_inline' => '', 'nat_postrouting_vlan' => '', 'nat_postrouting_inline' => '', + 'input_inter_inline_rules' => '', 'nat_prerouting_vlan' => '', 'routed_postrouting_inline' => '', ); @@ -99,7 +101,7 @@ sub iptables_generate { if (is_inline_enforcement_enabled()) { # Note: I'm giving references to this guy here so he can directly mess with the tables $self->generate_inline_rules( - \$tags{'filter_forward_inline'}, \$tags{'nat_prerouting_inline'}, \$tags{'nat_postrouting_inline'},\$tags{'routed_postrouting_inline'} + \$tags{'filter_forward_inline'}, \$tags{'nat_prerouting_inline'}, \$tags{'nat_postrouting_inline'},\$tags{'routed_postrouting_inline'},\$tags{'input_inter_inline_rules'} ); # MANGLE @@ -111,7 +113,10 @@ sub iptables_generate { $tags{'nat_prerouting_inline'} .= $self->generate_nat_redirect_rules(); } - # OAuth and passthrough + #NAT Intercept Proxy + $self->generate_interception_rules(\$tags{'nat_if_src_to_chain'},\$tags{'nat_prerouting_vlan'},\$tags{'input_inter_vlan_if'} ); + + # OAuth my $google_enabled = $guest_self_registration{$SELFREG_MODE_GOOGLE}; my $facebook_enabled = $guest_self_registration{$SELFREG_MODE_FACEBOOK}; my $github_enabled = $guest_self_registration{$SELFREG_MODE_GITHUB}; @@ -161,7 +166,7 @@ sub generate_filter_if_src_to_chain { my $google_enabled = $guest_self_registration{$SELFREG_MODE_GOOGLE}; my $facebook_enabled = $guest_self_registration{$SELFREG_MODE_FACEBOOK}; my $github_enabled = $guest_self_registration{$SELFREG_MODE_GITHUB}; - my $passthrough_enabled = isenabled($Config{'trapping'}{'passthrough'}); + my $passthrough = isenabled($Config{'trapping'}{'passthrough'}); # internal interfaces handling foreach my $interface (@internal_nets) { @@ -176,7 +181,7 @@ sub generate_filter_if_src_to_chain { } $rules .= "-A INPUT --in-interface $dev -d $ip --jump $FW_FILTER_INPUT_INT_VLAN\n"; $rules .= "-A INPUT --in-interface $dev -d 255.255.255.255 --jump $FW_FILTER_INPUT_INT_VLAN\n"; - if ($google_enabled || $facebook_enabled || $github_enabled || $passthrough_enabled ) { + if ($google_enabled || $facebook_enabled || $github_enabled || $passthrough) { $rules .= "-A FORWARD --in-interface $dev --jump $FW_FILTER_FORWARD_INT_VLAN\n"; $rules .= "-A FORWARD --out-interface $dev --jump $FW_FILTER_FORWARD_INT_VLAN\n"; } @@ -232,21 +237,35 @@ Handling both FILTER and NAT tables at the same time. =cut sub generate_inline_rules { - my ($self,$filter_rules_ref, $nat_prerouting_ref, $nat_postrouting_ref, $routed_postrouting_inline) = @_; + my ($self,$filter_rules_ref, $nat_prerouting_ref, $nat_postrouting_ref, $routed_postrouting_inline, $input_filtering_ref) = @_; my $logger = Log::Log4perl::get_logger('pf::iptables'); $logger->info("Adding DNS DNAT rules for unregistered and isolated inline clients."); - foreach my $network ( keys %ConfigNetworks ) { - # skip non-inline interfaces - next if ( !pf::config::is_network_type_inline($network) ); - - my $rule = "--protocol udp --destination-port 53"; - $$nat_prerouting_ref .= "-A $FW_PREROUTING_INT_INLINE $rule --match mark --mark 0x$IPTABLES_MARK_UNREG " - . "--jump REDIRECT\n"; - $$nat_prerouting_ref .= "-A $FW_PREROUTING_INT_INLINE $rule --match mark --mark 0x$IPTABLES_MARK_ISOLATION " - . "--jump REDIRECT\n"; - last; - } + + my $rule = "--protocol udp --destination-port 53"; + $$nat_prerouting_ref .= "-A $FW_PREROUTING_INT_INLINE $rule --match mark --mark 0x$IPTABLES_MARK_UNREG " + . "--jump REDIRECT\n"; + $$nat_prerouting_ref .= "-A $FW_PREROUTING_INT_INLINE $rule --match mark --mark 0x$IPTABLES_MARK_ISOLATION " + . "--jump REDIRECT\n"; + + if (defined($Config{'interception_proxy'}{'port'})) { + $logger->info("Adding Proxy interception rules"); + foreach my $intercept_port ( split(',', $Config{'interception_proxy'}{'port'} ) ) { + my $rule = "--protocol tcp --destination-port $intercept_port"; + $$nat_prerouting_ref .= "-A $FW_PREROUTING_INT_INLINE $rule --match mark --mark 0x$IPTABLES_MARK_UNREG " + . "--jump REDIRECT\n"; + $$nat_prerouting_ref .= "-A $FW_PREROUTING_INT_INLINE $rule --match mark --mark 0x$IPTABLES_MARK_ISOLATION " + . "--jump REDIRECT\n"; + $$input_filtering_ref .= "-A $FW_FILTER_INPUT_INT_INLINE --protocol tcp --match tcp --dport $intercept_port " + . " --match mark --mark 0x$IPTABLES_MARK_UNREG --jump ACCEPT\n"; + $$input_filtering_ref .= "-A $FW_FILTER_INPUT_INT_INLINE --protocol tcp --match tcp --dport $intercept_port " + . " --match mark --mark 0x$IPTABLES_MARK_UNREG --jump ACCEPT\n"; + $$input_filtering_ref .= "-A $FW_FILTER_INPUT_INT_INLINE --protocol tcp --match tcp --dport $intercept_port " + . " --match mark --mark 0x$IPTABLES_MARK_REG --jump DROP\n"; + } + } + + $logger->info("Adding NAT Masquarade statement (PAT)"); $$nat_postrouting_ref .= "-A $FW_POSTROUTING_INT_INLINE --jump MASQUERADE\n"; @@ -258,7 +277,7 @@ sub generate_inline_rules { my $google_enabled = $guest_self_registration{$SELFREG_MODE_GOOGLE}; my $facebook_enabled = $guest_self_registration{$SELFREG_MODE_FACEBOOK}; my $github_enabled = $guest_self_registration{$SELFREG_MODE_GITHUB}; - my $passthrough_enabled = isenabled($Config{'trapping'}{'passthrough'}); + my $passthrough = isenabled($Config{'trapping'}{'passthrough'}); # Allow remote conformity scan server to reach unregistered devices in inline mode if ( defined($Config{'scan'}{'host'}) && $Config{'scan'}{'host'} ne "127.0.0.1" ) { @@ -433,9 +452,9 @@ sub generate_nat_redirect_rules { my $google_enabled = $guest_self_registration{$SELFREG_MODE_GOOGLE}; my $facebook_enabled = $guest_self_registration{$SELFREG_MODE_FACEBOOK}; my $github_enabled = $guest_self_registration{$SELFREG_MODE_GITHUB}; - my $passthrough_enabled = isenabled($Config{'trapping'}{'passthrough'}); + my $passthrough = isenabled($Config{'trapping'}{'passthrough'}); - if ($google_enabled||$facebook_enabled||$github_enabled||$passthrough_enabled) { + if ($google_enabled||$facebook_enabled||$github_enabled||$passthrough) { $rules .= "-A $FW_PREROUTING_INT_INLINE -m set --match-set pfsession_passthrough dst,dst ". "--match mark --mark 0x$IPTABLES_MARK_UNREG --jump ACCEPT\n"; } @@ -635,6 +654,37 @@ sub get_snat_interface { } } +=item generate_interception_rules + +Creating porper source interface matches to jump to the right chains for vlan enforcement method. + +=cut +sub generate_interception_rules { + my ($self, $nat_if_src_to_chain,$nat_prerouting_vlan, $input_inter_vlan_if) = @_; + my $logger = Log::Log4perl::get_logger('pf::iptables'); + + # internal interfaces handling + foreach my $interface (@internal_nets) { + my $dev = $interface->tag("int"); + my $enforcement_type = $Config{"interface $dev"}{'enforcement'}; + + # vlan enforcement + if ($enforcement_type eq $IF_ENFORCEMENT_VLAN) { + # send everything from vlan interfaces to the vlan chain + $$nat_if_src_to_chain .= "-A PREROUTING --in-interface $dev --jump $FW_PREROUTING_INT_VLAN\n"; + } + } + if (defined($Config{'interception_proxy'}{'port'})) { + foreach my $intercept_port ( split( ',', $Config{'interception_proxy'}{'port'} ) ) { + my $rule = "--protocol tcp --destination-port $intercept_port"; + $logger->warn($rule); + $$nat_prerouting_vlan .= "-A $FW_PREROUTING_INT_VLAN $rule --jump REDIRECT\n"; + $$input_inter_vlan_if .= "-A $FW_FILTER_INPUT_INT_VLAN $rule --jump ACCEPT\n"; + } + } + +} + =back diff --git a/lib/pf/web/interceptproxy.pm b/lib/pf/web/interceptproxy.pm new file mode 100644 index 000000000000..8a58e2940f6c --- /dev/null +++ b/lib/pf/web/interceptproxy.pm @@ -0,0 +1,263 @@ +package pf::web::interceptproxy; + +=head1 NAME + +interceptproxy.pm + +=cut + +use strict; +use warnings; + +use Apache2::Const -compile => qw(OK DECLINED HTTP_MOVED_TEMPORARILY); +use Apache2::RequestRec (); +use Apache2::RequestUtil; +use Apache2::Connection; +use Apache2::URI; + +use APR::URI; +use Log::Log4perl; +use URI::Escape qw(uri_escape); + +use pf::config; +use pf::util; +use pf::web::util; +#use pf::web::constants; + +use constant BUFF_LEN => 1024; + +=head1 SUBROUTINES + +=over + +=item translate + +Intercept proxy requests to forward them to the captive portal. + +=cut +sub translate { + my ($r) = shift; + my $logger = Log::Log4perl->get_logger(__PACKAGE__); + $logger->warn("hitting interceptor with URL: " . $r->uri); + #Fetch the captive portal URL + my $proto = isenabled($Config{'captive_portal'}{'secure_redirect'}) ? $HTTPS : $HTTP; + my $url = "$proto://".$Config{'general'}{'hostname'}.".".$Config{'general'}{'domain'}; + + my $parsed_portal = APR::URI->parse($r->pool, $url); + my $parsed_request = APR::URI->parse($r->pool, $r->uri); + + #in case of a Get request to another site than the captive portal, we redirect the request to the captive portal + if ( $parsed_request->scheme eq 'http' ) { + if ($parsed_portal->hostname ne $parsed_request->hostname) { + $logger->info("HTTP request redirect"); + $r->err_headers_out->set('Location' => $parsed_portal->unparse); + $r->content_type('text/html'); + $r->no_cache(1); + return Apache2::Const::HTTP_MOVED_TEMPORARILY; + } + } + + #in case of a CONNECT request we redirect the request to the reverse proxy + elsif ( $parsed_portal->hostname ne $parsed_request->scheme ) { + $logger->info("CONNECT request to reverseproxy"); + $r->parsed_uri->hostname('127.0.0.1'); + $r->parsed_uri->port('444'); + $r->uri('127.0.0.1:444'); + $r->pnotes( 'url_to_mod_proxy' => $r->uri ); + $r->handler('modperl'); + #Def FixupHandler + $r->set_handlers(PerlFixupHandler => \&fixup); + return Apache2::Const::OK; + } + + #The request match with the captive portal URL + + + #If it is an http request -> Forward to the captive portal + + if ( $parsed_request->scheme eq 'http' ) { + my $session_cook = pf::web::util::getcookie($r->headers_in->{Cookie}); + #If there is a session cookie then push the remote ip in the session and redirect to the captive portal + if ($session_cook) { + my (%session_id); + pf::web::util::session(\%session_id,$session_cook); + $session_id{remote_ip} = $r->connection->remote_ip; + my $uri = $parsed_portal->unparse; + $logger->info("http request redirect to captive portal"); + $r->err_headers_out->set('Location' => $uri); + $r->content_type('text/html'); + $r->no_cache(1); + return Apache2::Const::HTTP_MOVED_TEMPORARILY; + } + #if there is no cookie then proxy to captive portal + else { + $logger->warn($r->uri); + $parsed_portal->scheme(undef); + $parsed_portal->scheme('http'); + $logger->warn("DEBUG: ".$parsed_portal->unparse.$parsed_request->rpath); + $r->pnotes( 'url_to_mod_proxy' => $parsed_portal->unparse.$parsed_request->rpath ); + } + } else { + + #If it is a connect request -> forward to the reverse proxy + $r->parsed_uri->hostname('127.0.0.1'); + $r->parsed_uri->port('444'); + my $url = "127.0.0.1:444"; + $r->uri($url); + $r->pnotes( 'url_to_mod_proxy' => $r->uri ); + } + #Forward to mod_proxy + $r->handler('modperl'); + $r->set_handlers(PerlFixupHandler => \&fixup); + return Apache2::Const::OK; +} + +=item rewrite + +Rewrite Location header to Packetfence captive portal. + +=cut + +sub rewrite { + my $f = shift; + my $r = $f->r; + my $logger = Log::Log4perl->get_logger(__PACKAGE__); + if ($r->content_type =~ /text\/html(.*)/) { + unless ($f->ctx) { + my @valhead = $r->headers_out->get('Location'); + my $value = $Config{'general'}{'hostname'}.".".$Config{'general'}{'domain'}; + my $replacementheader = $r->hostname; + my $headval; + foreach $headval (@valhead) { + if ($headval && $headval =~ /$value/x) { + $headval =~ s/$value/$replacementheader/ig; + $r->headers_out->unset('Location'); + $r->headers_out->set('Location' => $headval); + } + } + } + my $ctx = $f->ctx; + while ($f->read(my $buffer, BUFF_LEN)) { + $ctx->{data} .= $buffer; + $ctx->{keepalives} = $f->c->keepalives; + $f->ctx($ctx); + } + # Thing we do at end + if ($f->seen_eos) { + # Dump datas out + $f->print($f->ctx->{data}); + } + return Apache2::Const::OK; + } else { + return Apache2::Const::DECLINED; + } +} + + +=item fixup + +Last Handler and last chance to do something in the request + +=cut + +sub fixup { + my $r = shift; + my $logger = Log::Log4perl->get_logger(__PACKAGE__); + if($r->pnotes('url_to_mod_proxy')){ + return proxy_redirect($r, $r->pnotes('url_to_mod_proxy')); + } +} + +=item proxy_redirect + +Mod_proxy redirect + +=cut + +sub proxy_redirect { + my ($r, $url) = @_; + my $logger = Log::Log4perl->get_logger(__PACKAGE__); + $r->set_handlers(PerlResponseHandler => []); + $r->filename("proxy:".$url); + $r->proxyreq(2); + $r->handler('proxy-server'); + return Apache2::Const::OK; +} + + +=item + +Reverse proxy TransHandler + +=cut +sub reverse { + my $r = shift; + my $logger = Log::Log4perl->get_logger(__PACKAGE__); + + my $parsed_request = APR::URI->parse($r->pool, $r->uri); + my $proto = isenabled($Config{'captive_portal'}{'secure_redirect'}) ? $HTTPS : $HTTP; + my $url = "$proto://".$Config{'general'}{'hostname'}.".".$Config{'general'}{'domain'}; + my $parsed_portal = APR::URI->parse($r->pool, $url); + $parsed_portal->scheme(undef); + $parsed_portal->scheme('http'); + my $session_cook = pf::web::util::getcookie($r->headers_in->{Cookie}); + + #If session cookie exist then we can set X-Forwarded-For and proxy to the captive portal + if ($session_cook) { + my (%session_id); + pf::web::util::session(\%session_id,$session_cook); + if ($session_id{remote_ip}) { + $r->headers_in->set('X-Forwarded-For' => $session_id{remote_ip}); + $r->headers_in->set('Host' => $Config{'general'}{'hostname'}); + my $url = "$proto://".$Config{'general'}{'hostname'}.".".$Config{'general'}{'domain'}; + $parsed_portal->scheme('https'); + my $url_proxy = $parsed_portal->unparse.$r->uri; + return proxy_redirect($r, $url_proxy); + } + #Cookie is invalid delete it + else { + $r->err_headers_out->add('Set-Cookie' => "packetfence=".$session_id{_session_id}."; expires=Thu, 01-Jan-70 00:00:01 GMT; domain=".$parsed_portal->hostname."; path=/"); + $r->err_headers_out->set('Location' => $parsed_portal->unparse); + $r->content_type('text/html'); + $r->no_cache(1); + return Apache2::Const::HTTP_MOVED_TEMPORARILY; + } + + } + #No session, create one and redirect to http portal to catch the remote ip + else { + my (%session_id); + pf::web::util::session(\%session_id); + $r->err_headers_out->add('Set-Cookie' => "packetfence=".$session_id{_session_id}."; domain=".$parsed_portal->hostname."; path=/"); + $r->err_headers_out->set('Location' => $parsed_portal->unparse); + $r->content_type('text/html'); + $r->no_cache(1); + return Apache2::Const::HTTP_MOVED_TEMPORARILY; + } +} + +=back + +=head1 AUTHOR + +Fabrice Durand + +=head1 COPYRIGHT +Copyright (C) 2012 Inverse inc. + +=head1 LICENSE +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. +=cut +1; + diff --git a/lib/pf/web/util.pm b/lib/pf/web/util.pm index fcb1032208d4..be476376f893 100644 --- a/lib/pf/web/util.pm +++ b/lib/pf/web/util.pm @@ -21,6 +21,8 @@ use warnings; use pf::config; use pf::util; use pf::web; +use Apache::Session::Generate::MD5; +use Apache::Session::Flex; use Cache::Memcached; BEGIN { @@ -274,6 +276,54 @@ sub del_memcached { $memd->delete($key); } +=item + +generate or retreive an apache session + +=cut + +sub session { + my ($session, $id) = @_; + eval { + tie %{$session}, 'Apache::Session::Flex', $id, { + Store => 'Memcached', + Lock => 'Null', + Generate => 'MD5', + Serialize => 'Storable', + Servers => get_memcached_conf(), + }; + } or session($session, undef); + + return $session; +} + +=item + +retreive packetfence cookie + +=cut + +sub getcookie { + my ($cookies) =@_; + my $logger = Log::Log4perl->get_logger(__PACKAGE__); + my $cleaned_cookies = ''; + if ( defined($cookies) ) { + foreach (split(';', $cookies)) { + if (/([^,; ]+)=([^,; ]+)/) { + if ($1 eq 'packetfence'){ + $cleaned_cookies .= $2; + } + } + } + if ($cleaned_cookies ne '') { + return $cleaned_cookies; + } + } + else { + return $FALSE; + } +} + =back =head1 AUTHOR From 4517340abe6d43945b4f42a97d23b69cda9ac299 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Fri, 7 Jun 2013 14:29:20 -0400 Subject: [PATCH 077/369] Manage httpd.proxy service Apache configuration file in perl Packaging RPM/DEB Conflicts: debian/control lib/pf/services.pm --- addons/packages/packetfence.spec | 3 ++ conf/httpd.conf.d/httpd.proxy | 59 ++++++++++---------------------- debian/control | 3 +- lib/pf/services.pm | 9 +++-- lib/pf/web/interceptproxy.pm | 20 ++++++----- 5 files changed, 42 insertions(+), 52 deletions(-) diff --git a/addons/packages/packetfence.spec b/addons/packages/packetfence.spec index 84f80130084a..bf89935889b0 100644 --- a/addons/packages/packetfence.spec +++ b/addons/packages/packetfence.spec @@ -104,6 +104,8 @@ Requires: %{real_name}-pfcmd-suid Requires: perl(Bit::Vector) Requires: perl(CGI::Session), perl(CGI::Session::Driver::memcached), perl(JSON), perl(PHP::Session) Requires: perl(Apache2::Request) +Requires: perl(Apache::Session) +Requires: perl(Apache::Session::Memcached) Requires: perl(Class::Accessor) Requires: perl(Class::Accessor::Fast::Contained) Requires: perl(Class::Data::Inheritable) @@ -712,6 +714,7 @@ fi %config /usr/local/pf/conf/httpd.conf.d/captive-portal-common.conf %config /usr/local/pf/conf/httpd.conf.d/httpd.admin %config /usr/local/pf/conf/httpd.conf.d/httpd.portal +%config /usr/local/pf/conf/httpd.conf.d/httpd.proxy %config /usr/local/pf/conf/httpd.conf.d/httpd.webservices %config /usr/local/pf/conf/httpd.conf.d/log.conf %config(noreplace) /usr/local/pf/conf/httpd.conf.d/ssl-certificates.conf diff --git a/conf/httpd.conf.d/httpd.proxy b/conf/httpd.conf.d/httpd.proxy index 11ab2b26232a..35c8e86136a6 100644 --- a/conf/httpd.conf.d/httpd.proxy +++ b/conf/httpd.conf.d/httpd.proxy @@ -87,21 +87,11 @@ PerlSwitches -I/usr/local/pf/lib -#AddHandler perl-script .cgi -#Options +ExecCGI -#PerlHandler ModPerl::PerlRun +PerlModule APR::Table # Prevent Browsers (Chrome and Firefox) to cache DNS while under the captive portal Header always set X-DNS-Prefetch-Control off - - Order deny,allow - Allow from all - - - - SSLOptions +StdEnvVars - SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ @@ -136,9 +126,6 @@ $Include = $install_dir.'/conf/httpd.conf.d/log.conf'; $User = "pf"; $Group = "pf"; -$PerlOptions = "+GlobalRequest"; -$ProxyRequests = "Off"; - if (defined($PfConfig->{'alerting'}{'fromaddr'}) && $PfConfig->{'alerting'}{'fromaddr'} ne '') { $ServerAdmin = $PfConfig->{'alerting'}{'fromaddr'}; } else { @@ -157,24 +144,33 @@ $MinSpareServers = pf::services::apache::calculate_min_spare_servers($MaxClients $HostnameLookups = "off"; $MaxRequestsPerChild = "1000"; -$PerlInitHandler = "pf::WebAPI::InitHandler"; -$SSLPassPhraseDialog = "builtin"; -$SSLSessionCache = "dbm:".$install_dir."/var/ssl_scache"; -$SSLSessionCacheTimeout = "300"; -$SSLMutex = "file:".$install_dir."/var/ssl_mutex"; -$SSLRandomSeed = "startup builtin"; -$SSLRandomSeed = "connect builtin"; -$SSLCipherSuite = "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"; - $ErrorLog = $install_dir.'/logs/proxy_error_log'; +$CustomLog = $install_dir.'/logs/proxy_access_log combined'; foreach my $port (split(',',$PfConfig->{'interception_proxy'}{'port'})) { push (@NameVirtualHost,"*:".$port); } push (@NameVirtualHost,"*:444"); +push (@Listen,"127.0.0.1:444"); +push @{ $VirtualHost{'*:444'} }, gen_conf( + ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}.":444", + PerlOptions => '+GlobalRequest', + SSLEngine => 'on', + SSLProxyEngine => 'on', + Include => $var_dir.'/conf/ssl-certificates.conf', + PerlModule => 'pf::web::interceptproxy', + PerlTransHandler => '+pf::web::interceptproxy::reverse', + ProxyRequests => 'off', + ProxyPreserveHost => 'on', + ProxyVia => 'off', + LogLevel => 'debug', + ErrorLog => $install_dir.'/logs/reverse_reproxy_error_log', + CustomLog => $install_dir.'/logs/reverse_proxy_access_log combined', +); + foreach my $interface (@internal_nets) { foreach my $port (split(',',$PfConfig->{'interception_proxy'}{'port'})) { @@ -194,21 +190,4 @@ foreach my $interface (@internal_nets) { } } -push (@Listen,"127.0.0.1:444"); - -push @{ VirtualHost{'127.0.0.1:444'} }, gen_conf( - ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}.":444", - PerlOptions => '+GlobalRequest', - PerlModule => 'pf::web::interceptproxy', - PerlTransHandler => '+pf::web::interceptproxy::reverse', - ProxyRequests => 'Off', - ProxyPreserveHost => 'On', - ProxyVia => 'Off', - ErrorLog => $install_dir.'/logs/reverse_reproxy_error_log', - CustomLog => $install_dir.'/logs/reverse_proxy_access_log combined', - SSLEngine => 'on', - SSLProxyEngine => 'on', - Include => $var_dir.'/conf/ssl-certificates.conf', -); - diff --git a/debian/control b/debian/control index 30fccefda8a5..bcaa56e8675d 100644 --- a/debian/control +++ b/debian/control @@ -20,7 +20,8 @@ Depends: ${misc:Depends}, vlan, make, # apache related apache2, apache2.2-common, apache2-utils, libapache2-mod-proxy-html, apache2-mpm-prefork, libapache2-mod-apreq2, libapache2-mod-perl2, - libapache2-request-perl, libtie-dxhash-perl, libapache-ssllookup-perl, + libapache2-request-perl, libtie-dxhash-perl, libapache-session-perl, + libapache-session-memcached-perl, libapache-ssllookup-perl, make, iproute, ipset, diff --git a/lib/pf/services.pm b/lib/pf/services.pm index ad7d4db450bd..6a545ab5446b 100644 --- a/lib/pf/services.pm +++ b/lib/pf/services.pm @@ -49,7 +49,7 @@ use pf::violation_config; use File::Slurp qw(read_file); Readonly our @APACHE_SERVICES => ( - 'httpd.admin', 'httpd.webservices', 'httpd.portal' + 'httpd.admin', 'httpd.webservices', 'httpd.portal', 'httpd.proxy' ); Readonly our @ALL_SERVICES => ( @@ -82,6 +82,7 @@ $service_launchers{'httpd'} = "%1\$s -f $conf_dir/httpd.conf"; $service_launchers{'httpd.webservices'} = "%1\$s -f $conf_dir/httpd.conf.d/httpd.webservices -D$OS"; $service_launchers{'httpd.admin'} = "%1\$s -f $conf_dir/httpd.conf.d/httpd.admin -D$OS"; $service_launchers{'httpd.portal'} = "%1\$s -f $conf_dir/httpd.conf.d/httpd.portal -D$OS"; +$service_launchers{'httpd.proxy'} = "%1\$s -f $conf_dir/httpd.conf.d/httpd.proxy -D$OS"; $service_launchers{'pfdetect'} = "%1\$s -d -p $install_dir/var/alert &"; $service_launchers{'pfmon'} = '%1$s -d &'; @@ -153,6 +154,7 @@ sub service_ctl { 'httpd' => \&generate_httpd_conf, 'httpd.webservices' => \&generate_httpd_conf, 'httpd.portal' => \&generate_httpd_conf, + 'httpd.proxy' => \&generate_httpd_conf, 'httpd.admin' => \&generate_httpd_conf, 'radiusd' => \&generate_radiusd_conf, 'snmptrapd' => \&generate_snmptrapd_conf @@ -167,7 +169,7 @@ sub service_ctl { # valid daemon and flags are set if (grep({ $daemon eq $_ } @ALL_SERVICES) && defined($service_launchers{$daemon})) { - if ( !( ($daemon eq 'pfdhcplistener' ) || ($daemon eq 'httpd') || ($daemon eq 'httpd.webservices') || ($daemon eq 'httpd.admin') || ($daemon eq 'httpd.portal') ) ) { + if ( !( ($daemon eq 'pfdhcplistener' ) || ($daemon eq 'httpd') || ($daemon eq 'httpd.webservices') || ($daemon eq 'httpd.admin') || ($daemon eq 'httpd.portal') || ($daemon eq 'httpd.proxy') ) ) { if ( $daemon eq 'dhcpd' ) { # create var/dhcpd/dhcpd.leases if it doesn't exist @@ -302,6 +304,9 @@ sub service_list { push @finalServiceList, $service if ( (is_inline_enforcement_enabled() || is_vlan_enforcement_enabled()) && isenabled($Config{'services'}{'pfdns'}) ); + } elsif ( $service eq "httpd.proxy" ) { + push @finalServiceList, $service + if ( defined($Config{'interception_proxy'}{'port'}) ); } elsif ( $service eq 'pfdhcplistener' ) { push @finalServiceList, $service if ( isenabled($Config{'network'}{'dhcpdetector'}) ); diff --git a/lib/pf/web/interceptproxy.pm b/lib/pf/web/interceptproxy.pm index 8a58e2940f6c..ad8ffbb45c3f 100644 --- a/lib/pf/web/interceptproxy.pm +++ b/lib/pf/web/interceptproxy.pm @@ -9,6 +9,8 @@ interceptproxy.pm use strict; use warnings; +use Apache2::Reload; + use Apache2::Const -compile => qw(OK DECLINED HTTP_MOVED_TEMPORARILY); use Apache2::RequestRec (); use Apache2::RequestUtil; @@ -49,7 +51,7 @@ sub translate { #in case of a Get request to another site than the captive portal, we redirect the request to the captive portal if ( $parsed_request->scheme eq 'http' ) { if ($parsed_portal->hostname ne $parsed_request->hostname) { - $logger->info("HTTP request redirect"); + $logger->trace("HTTP request redirect to captive portal"); $r->err_headers_out->set('Location' => $parsed_portal->unparse); $r->content_type('text/html'); $r->no_cache(1); @@ -59,7 +61,7 @@ sub translate { #in case of a CONNECT request we redirect the request to the reverse proxy elsif ( $parsed_portal->hostname ne $parsed_request->scheme ) { - $logger->info("CONNECT request to reverseproxy"); + $logger->trace("CONNECT request to reverseproxy"); $r->parsed_uri->hostname('127.0.0.1'); $r->parsed_uri->port('444'); $r->uri('127.0.0.1:444'); @@ -83,7 +85,7 @@ sub translate { pf::web::util::session(\%session_id,$session_cook); $session_id{remote_ip} = $r->connection->remote_ip; my $uri = $parsed_portal->unparse; - $logger->info("http request redirect to captive portal"); + $logger->trace("http request redirect to captive portal, we have the cookie"); $r->err_headers_out->set('Location' => $uri); $r->content_type('text/html'); $r->no_cache(1); @@ -91,19 +93,20 @@ sub translate { } #if there is no cookie then proxy to captive portal else { - $logger->warn($r->uri); + $logger->trace("No cookie then proxy to the captive portal"); $parsed_portal->scheme(undef); $parsed_portal->scheme('http'); $logger->warn("DEBUG: ".$parsed_portal->unparse.$parsed_request->rpath); $r->pnotes( 'url_to_mod_proxy' => $parsed_portal->unparse.$parsed_request->rpath ); } } else { - - #If it is a connect request -> forward to the reverse proxy + #If it is a connect request -> forward to the reverse proxy + $logger->trace("CONNECT request to the captive portal :".$r->uri); $r->parsed_uri->hostname('127.0.0.1'); $r->parsed_uri->port('444'); my $url = "127.0.0.1:444"; $r->uri($url); + $logger->warn("CONNECT request to the captive portal :".$r->uri); $r->pnotes( 'url_to_mod_proxy' => $r->uri ); } #Forward to mod_proxy @@ -193,7 +196,7 @@ Reverse proxy TransHandler sub reverse { my $r = shift; my $logger = Log::Log4perl->get_logger(__PACKAGE__); - + $logger->trace("Reverse proxy :".$r->uri); my $parsed_request = APR::URI->parse($r->pool, $r->uri); my $proto = isenabled($Config{'captive_portal'}{'secure_redirect'}) ? $HTTPS : $HTTP; my $url = "$proto://".$Config{'general'}{'hostname'}.".".$Config{'general'}{'domain'}; @@ -208,7 +211,7 @@ sub reverse { pf::web::util::session(\%session_id,$session_cook); if ($session_id{remote_ip}) { $r->headers_in->set('X-Forwarded-For' => $session_id{remote_ip}); - $r->headers_in->set('Host' => $Config{'general'}{'hostname'}); + $r->headers_in->set('Host' => $Config{'general'}{'hostname'}.".".$Config{'general'}{'domain'}); my $url = "$proto://".$Config{'general'}{'hostname'}.".".$Config{'general'}{'domain'}; $parsed_portal->scheme('https'); my $url_proxy = $parsed_portal->unparse.$r->uri; @@ -260,4 +263,3 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. =cut 1; - From 80e1bfebd403315849f45f9eb0c6d7ec69e5d746 Mon Sep 17 00:00:00 2001 From: Fabrice Durand Date: Sun, 30 Jun 2013 15:23:53 -0400 Subject: [PATCH 078/369] Fix pfcmd help and remove rebase stuff Conflicts: lib/pf/services.pm --- lib/pf/pfcmd/help.pm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/pf/pfcmd/help.pm b/lib/pf/pfcmd/help.pm index e4b6649f3ad1..2567f8ee5b17 100644 --- a/lib/pf/pfcmd/help.pm +++ b/lib/pf/pfcmd/help.pm @@ -117,10 +117,11 @@ Services managed by PacketFence: httpd.webservices| Apache Webservices httpd.admin | Apache Web admin httpd.portal | Apache Captive Portal - pfdns | DNS daemon + httpd.proxy | Apache Proxy Interception pf | all services that should be running based on your config pfdetect | PF snort alert parser pfdhcplistener | PF DHCP monitoring daemon + pfdns | DNS daemon pfmon | PF ARP monitoring daemon pfsetvlan | PF VLAN isolation daemon radiusd | FreeRADIUS daemon From e559a4e50cca23fc8686a1c55069cd92819808fa Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Fri, 19 Jul 2013 09:25:47 -0400 Subject: [PATCH 079/369] Fix for test --- lib/pf/web/interceptproxy.pm | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/lib/pf/web/interceptproxy.pm b/lib/pf/web/interceptproxy.pm index ad8ffbb45c3f..79bf89a37600 100644 --- a/lib/pf/web/interceptproxy.pm +++ b/lib/pf/web/interceptproxy.pm @@ -9,8 +9,6 @@ interceptproxy.pm use strict; use warnings; -use Apache2::Reload; - use Apache2::Const -compile => qw(OK DECLINED HTTP_MOVED_TEMPORARILY); use Apache2::RequestRec (); use Apache2::RequestUtil; @@ -24,7 +22,6 @@ use URI::Escape qw(uri_escape); use pf::config; use pf::util; use pf::web::util; -#use pf::web::constants; use constant BUFF_LEN => 1024; @@ -243,7 +240,7 @@ sub reverse { =head1 AUTHOR -Fabrice Durand +Inverse inc. =head1 COPYRIGHT Copyright (C) 2012 Inverse inc. From 9d7643600e5d47eb85d63f2f3b4f51dd53beb95e Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Tue, 17 Sep 2013 16:23:27 -0400 Subject: [PATCH 080/369] Passthrough fix --- lib/pf/iptables.pm | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/pf/iptables.pm b/lib/pf/iptables.pm index a475b2464e2a..6e02e3fa31fb 100644 --- a/lib/pf/iptables.pm +++ b/lib/pf/iptables.pm @@ -166,7 +166,7 @@ sub generate_filter_if_src_to_chain { my $google_enabled = $guest_self_registration{$SELFREG_MODE_GOOGLE}; my $facebook_enabled = $guest_self_registration{$SELFREG_MODE_FACEBOOK}; my $github_enabled = $guest_self_registration{$SELFREG_MODE_GITHUB}; - my $passthrough = isenabled($Config{'trapping'}{'passthrough'}); + my $passthrough_enabled = isenabled($Config{'trapping'}{'passthrough'}); # internal interfaces handling foreach my $interface (@internal_nets) { @@ -181,7 +181,7 @@ sub generate_filter_if_src_to_chain { } $rules .= "-A INPUT --in-interface $dev -d $ip --jump $FW_FILTER_INPUT_INT_VLAN\n"; $rules .= "-A INPUT --in-interface $dev -d 255.255.255.255 --jump $FW_FILTER_INPUT_INT_VLAN\n"; - if ($google_enabled || $facebook_enabled || $github_enabled || $passthrough) { + if ($google_enabled || $facebook_enabled || $github_enabled || $passthrough_enabled) { $rules .= "-A FORWARD --in-interface $dev --jump $FW_FILTER_FORWARD_INT_VLAN\n"; $rules .= "-A FORWARD --out-interface $dev --jump $FW_FILTER_FORWARD_INT_VLAN\n"; } @@ -277,7 +277,7 @@ sub generate_inline_rules { my $google_enabled = $guest_self_registration{$SELFREG_MODE_GOOGLE}; my $facebook_enabled = $guest_self_registration{$SELFREG_MODE_FACEBOOK}; my $github_enabled = $guest_self_registration{$SELFREG_MODE_GITHUB}; - my $passthrough = isenabled($Config{'trapping'}{'passthrough'}); + my $passthrough_enabled = isenabled($Config{'trapping'}{'passthrough'}); # Allow remote conformity scan server to reach unregistered devices in inline mode if ( defined($Config{'scan'}{'host'}) && $Config{'scan'}{'host'} ne "127.0.0.1" ) { @@ -452,9 +452,9 @@ sub generate_nat_redirect_rules { my $google_enabled = $guest_self_registration{$SELFREG_MODE_GOOGLE}; my $facebook_enabled = $guest_self_registration{$SELFREG_MODE_FACEBOOK}; my $github_enabled = $guest_self_registration{$SELFREG_MODE_GITHUB}; - my $passthrough = isenabled($Config{'trapping'}{'passthrough'}); + my $passthrough_enabled = isenabled($Config{'trapping'}{'passthrough'}); - if ($google_enabled||$facebook_enabled||$github_enabled||$passthrough) { + if ($google_enabled||$facebook_enabled||$github_enabled||$passthrough_enabled) { $rules .= "-A $FW_PREROUTING_INT_INLINE -m set --match-set pfsession_passthrough dst,dst ". "--match mark --mark 0x$IPTABLES_MARK_UNREG --jump ACCEPT\n"; } From 1e4064d689fcb02703e09a75bc0a343edb6fc4bc Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Thu, 19 Sep 2013 11:27:30 -0400 Subject: [PATCH 081/369] Move proxy interception in trapping section --- conf/documentation.conf | 27 +++++++++++++++++---- conf/httpd.conf.d/httpd.proxy | 4 +-- conf/pf.conf.defaults | 17 ++++++++----- html/pfappserver/lib/pfappserver/I18N/en.po | 8 ++++++ lib/pf/iptables.pm | 10 ++++---- lib/pf/services.pm | 2 +- 6 files changed, 49 insertions(+), 19 deletions(-) diff --git a/conf/documentation.conf b/conf/documentation.conf index 05f49f13ddee..a63cf273b5c9 100644 --- a/conf/documentation.conf +++ b/conf/documentation.conf @@ -295,6 +295,28 @@ The configuration parameter "passthrough" must be enabled for passthroughs to be effective. EOT +[trapping.proxy_passthroughs] +type=list +description=<{'interception_proxy'}{'port'})) { +foreach my $port (split(',',$PfConfig->{'trapping'}{'interception_proxy_port'})) { push (@NameVirtualHost,"*:".$port); } @@ -173,7 +173,7 @@ push @{ $VirtualHost{'*:444'} }, gen_conf( foreach my $interface (@internal_nets) { - foreach my $port (split(',',$PfConfig->{'interception_proxy'}{'port'})) { + foreach my $port (split(',',$PfConfig->{'trapping'}{'interception_proxy_port'})) { push (@Listen,$interface->{'Tip'}.":".$port); push @{ $VirtualHost{$interface->{'Tip'}.":".$port} }, gen_conf( ServerName => $PfConfig->{'general'}{'hostname'}.".".$PfConfig->{'general'}{'domain'}.":".$port, diff --git a/conf/pf.conf.defaults b/conf/pf.conf.defaults index 643395d98fd1..182fc5aa3c80 100644 --- a/conf/pf.conf.defaults +++ b/conf/pf.conf.defaults @@ -162,6 +162,17 @@ passthroughs= # # Comma-delimited list of domains to be use for apache passthrough proxy_passthroughs= +# +# trapping.interception_proxy +# +# When enabled, packetfence will intercept proxy request to somes specified port +interception_proxy=disabled +# +# trapping.interception_proxy_port +# +# Comma-delimited list of port used to intercept proxy traffic +interception_proxy_port=8080,3128 + [registration] # @@ -684,9 +695,3 @@ voip=no user = pass = -[interception_proxy] -# -# intercept_proxy.port -# -# Define the proxy port to intercept in vlan and in inline enforcement -port= diff --git a/html/pfappserver/lib/pfappserver/I18N/en.po b/html/pfappserver/lib/pfappserver/I18N/en.po index e4ae665f9c5c..886f6f04b24f 100644 --- a/html/pfappserver/lib/pfappserver/I18N/en.po +++ b/html/pfappserver/lib/pfappserver/I18N/en.po @@ -3709,6 +3709,14 @@ msgstr "Passthroughs" msgid "trapping.proxy_passthroughs" msgstr "Proxy Passthroughs" +# conf/documentation.conf +msgid "trapping.interception_proxy" +msgstr "Proxy Interception" + +# conf/documentation.conf +msgid "trapping.interception_proxy_port" +msgstr "Proxy Interception Port" + # conf/documentation.conf msgid "trapping.range" msgstr "Addresses ranges" diff --git a/lib/pf/iptables.pm b/lib/pf/iptables.pm index 6e02e3fa31fb..007a32ffa77c 100644 --- a/lib/pf/iptables.pm +++ b/lib/pf/iptables.pm @@ -88,7 +88,7 @@ sub iptables_generate { 'nat_if_src_to_chain' => '', 'nat_prerouting_inline' => '', 'nat_postrouting_vlan' => '', 'nat_postrouting_inline' => '', 'input_inter_inline_rules' => '', 'nat_prerouting_vlan' => '', - 'routed_postrouting_inline' => '', + 'routed_postrouting_inline' => '','input_inter_vlan_if' => '', ); # global substitution variables @@ -248,9 +248,9 @@ sub generate_inline_rules { $$nat_prerouting_ref .= "-A $FW_PREROUTING_INT_INLINE $rule --match mark --mark 0x$IPTABLES_MARK_ISOLATION " . "--jump REDIRECT\n"; - if (defined($Config{'interception_proxy'}{'port'})) { + if (defined($Config{'trapping'}{'interception_proxy_port'}) && isenabled($Config{'trapping'}{'interception_proxy'})) { $logger->info("Adding Proxy interception rules"); - foreach my $intercept_port ( split(',', $Config{'interception_proxy'}{'port'} ) ) { + foreach my $intercept_port ( split(',', $Config{'trapping'}{'interception_proxy_port'} ) ) { my $rule = "--protocol tcp --destination-port $intercept_port"; $$nat_prerouting_ref .= "-A $FW_PREROUTING_INT_INLINE $rule --match mark --mark 0x$IPTABLES_MARK_UNREG " . "--jump REDIRECT\n"; @@ -674,8 +674,8 @@ sub generate_interception_rules { $$nat_if_src_to_chain .= "-A PREROUTING --in-interface $dev --jump $FW_PREROUTING_INT_VLAN\n"; } } - if (defined($Config{'interception_proxy'}{'port'})) { - foreach my $intercept_port ( split( ',', $Config{'interception_proxy'}{'port'} ) ) { + if (defined($Config{'trapping'}{'interception_proxy_port'}) && isenabled($Config{'trapping'}{'interception_proxy'})) { + foreach my $intercept_port ( split( ',', $Config{'trapping'}{'interception_proxy_port'} ) ) { my $rule = "--protocol tcp --destination-port $intercept_port"; $logger->warn($rule); $$nat_prerouting_vlan .= "-A $FW_PREROUTING_INT_VLAN $rule --jump REDIRECT\n"; diff --git a/lib/pf/services.pm b/lib/pf/services.pm index 6a545ab5446b..e92a7315e5cd 100644 --- a/lib/pf/services.pm +++ b/lib/pf/services.pm @@ -306,7 +306,7 @@ sub service_list { && isenabled($Config{'services'}{'pfdns'}) ); } elsif ( $service eq "httpd.proxy" ) { push @finalServiceList, $service - if ( defined($Config{'interception_proxy'}{'port'}) ); + if ( isenabled($Config{'trapping'}{'interception_proxy'}) ); } elsif ( $service eq 'pfdhcplistener' ) { push @finalServiceList, $service if ( isenabled($Config{'network'}{'dhcpdetector'}) ); From d786b0d9562fab6dd0338c792a6563632cbe951f Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Fri, 27 Sep 2013 10:14:35 -0400 Subject: [PATCH 082/369] Update doc --- NEWS.asciidoc | 1 + docs/PacketFence_Administration_Guide.asciidoc | 13 ++++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 6e2f839571f6..106719b6781b 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -18,6 +18,7 @@ New Features ++++++++++++ * Profiles can be filter by switches +* Proxy interception Enhancements ++++++++++++ diff --git a/docs/PacketFence_Administration_Guide.asciidoc b/docs/PacketFence_Administration_Guide.asciidoc index 4aaf9bfd3438..e3b3bb9761bb 100644 --- a/docs/PacketFence_Administration_Guide.asciidoc +++ b/docs/PacketFence_Administration_Guide.asciidoc @@ -1140,13 +1140,24 @@ There are two solutions for passthroughs - one using DNS resolution and iptables When enabled, PacketFence will use pfdns if you defined *Passthroughs*, or Apache mod-proxy if you defined *Proxy Passthroughs* to allow trapped devices to reach web sites. *DNS passthrough: -Add a new FQDN (should be a wildcard domain like *.google.com) in the *Passthroughs* section. When PacketFence receives a DNS request for this domain, it will answer the real IP address and punch a hole in the firewall (using iptables) to allow access. With this method, PacketFence must be the default gateway of your device. +Add a new FQDN (should be a wildcard domain like *.google.com) in the Passthroughs section. When PacketFence receives a DNS request for this domain, it will answer the real IP address and punch a hole in the firewall (using iptables) to allow access. With this method, PacketFence must be the default gateway of your device. *mod_proxy passthrough: Add a new FQDN (should be a wildcard domain like *.google.com) in the Proxy Passthroughs section. For this FQDN, PacketFence will answer the IP address of the captive portal and when a device hits the captive portal, PacketFence will detect that this FQDN has a passthrough configuration and will forward the traffic to mod_proxy. These two methods can be used together but DNS-based passthroughs have higher priority. +Proxy Interception +~~~~~~~~~~~~~~~~~~ + +In PacketFence you are now able to intercept proxy request and forward them to the captive portal. It only work in layer 2 network because packetfence must be the default gateway of your device. +In order to use the Proxy Interception feature, you need to enable it from the GUI in +*Configuration -> Trapping* and check *Proxy Interception*. + +Add the port you want to intercept, like 8080 3128 and add a new entry in the /etc/hosts file to resolv the fqdn of the captive portal to 127.0.0.1. +The modification of the hosts file is really important because apache try to resolv the fqdn of the captive portal and it must be 127.0.0.1. + + Configuration by example ------------------------ From 5f97ebfdcf41a2c145547fdccd2e786dc78e2de0 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Fri, 27 Sep 2013 10:21:34 -0400 Subject: [PATCH 083/369] Update News file --- NEWS.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 6e2f839571f6..6c59acc7d0ca 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -27,6 +27,7 @@ Enhancements * Search by MAC address for nodes and users now accepts any MAC format * Improved starting delay when using inline mode * Added memcached as a managed service +* Added CoA support for Xirrus access point Bug Fixes +++++++++ From 0fb83052ee0a437eb144ba0756c78bb540a63164 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 27 Sep 2013 12:13:38 -0400 Subject: [PATCH 084/369] untaint values before storing them in the hash --- lib/pf/config/cached.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pf/config/cached.pm b/lib/pf/config/cached.pm index e743163973fd..07455f5e0f77 100644 --- a/lib/pf/config/cached.pm +++ b/lib/pf/config/cached.pm @@ -906,8 +906,8 @@ sub toHash { } foreach my $section ($self->Sections()) { my %data; - foreach my $param (uniq $self->Parameters($section),@default_parms) { - $data{$param} = untaint_value ($self->val($section,$param)); + foreach my $param ( map { untaint_value($_) } uniq $self->Parameters($section),@default_parms) { + $data{$param} = untaint ($self->val($section,$param)); } $hash->{$section} = \%data; } From 95fdca11abaa67293ff1798472fd69c407182479 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 27 Sep 2013 16:44:34 -0400 Subject: [PATCH 085/369] Syntax & logging cleanup --- html/pfappserver/lib/pfappserver/Base/Controller/Crud.pm | 4 ++-- .../lib/pfappserver/Base/Controller/Crud/Clone.pm | 7 +++---- html/pfappserver/lib/pfappserver/Model/MacAddress.pm | 2 -- html/pfappserver/root/node/violations.tt | 2 +- lib/pf/temporary_password.pm | 2 +- 5 files changed, 7 insertions(+), 10 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Base/Controller/Crud.pm b/html/pfappserver/lib/pfappserver/Base/Controller/Crud.pm index b830f8e9c58c..bbfe7bfb263b 100644 --- a/html/pfappserver/lib/pfappserver/Base/Controller/Crud.pm +++ b/html/pfappserver/lib/pfappserver/Base/Controller/Crud.pm @@ -21,8 +21,8 @@ use namespace::autoclean; =cut -sub create : Local: Args(0) { - my ($self,$c) = @_; +sub create :Local :Args(0) { + my ($self, $c) = @_; if ($c->request->method eq 'POST') { $self->_processCreatePost($c); # check if exists diff --git a/html/pfappserver/lib/pfappserver/Base/Controller/Crud/Clone.pm b/html/pfappserver/lib/pfappserver/Base/Controller/Crud/Clone.pm index 59349eccab62..42ce0a07f620 100644 --- a/html/pfappserver/lib/pfappserver/Base/Controller/Crud/Clone.pm +++ b/html/pfappserver/lib/pfappserver/Base/Controller/Crud/Clone.pm @@ -27,7 +27,8 @@ sub clone :Chained('object') :PathPart('clone') :Args(0) { my ( $self, $c, $to ) = @_; if ($c->request->method eq 'POST') { $self->_processCreatePost($c); - } else { + } + else { my $model = $self->getModel($c); my $itemKey = $model->itemKey; my $idKey = $model->idKey; @@ -35,9 +36,7 @@ sub clone :Chained('object') :PathPart('clone') :Args(0) { delete $item->{$idKey}; my $form = $self->getForm($c); $form->process(init_object => $item); - $c->stash( - form => $form, - ); + $c->stash(form => $form); } } diff --git a/html/pfappserver/lib/pfappserver/Model/MacAddress.pm b/html/pfappserver/lib/pfappserver/Model/MacAddress.pm index 88c30ac82741..27e8c7138da3 100644 --- a/html/pfappserver/lib/pfappserver/Model/MacAddress.pm +++ b/html/pfappserver/lib/pfappserver/Model/MacAddress.pm @@ -93,10 +93,8 @@ sub search { if ( exists $params{orderby} ) { - my ( $field, $order ) = $params{orderby} =~ /ORDER BY\s+(.*)\s+(.*)/; - $logger->info("$field, $order"); if ( $order eq 'desc' ) { $sorter = sub {$b->{$field} cmp $a->{$field} }; } diff --git a/html/pfappserver/root/node/violations.tt b/html/pfappserver/root/node/violations.tt index 29815ceb806e..9ed859e64b13 100644 --- a/html/pfappserver/root/node/violations.tt +++ b/html/pfappserver/root/node/violations.tt @@ -21,7 +21,7 @@ [% ELSE %]
    -

    [% l('No violation history') %]

    +

    [% l('No violation found') %]

    [% END %]
    diff --git a/lib/pf/temporary_password.pm b/lib/pf/temporary_password.pm index 00940087265d..51eb81192bf6 100644 --- a/lib/pf/temporary_password.pm +++ b/lib/pf/temporary_password.pm @@ -372,7 +372,7 @@ sub modify_actions { @{$temporary_password}{@ACTION_FIELDS}, $pid ); my $rows = $query->rows; - $logger->info("temporarypassword $pid modified") if $rows ; + $logger->info("pid $pid modified") if $rows ; return ($rows); } From 5567418dd53afd30e985b44782e6a53c2464a944 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 30 Sep 2013 08:57:57 -0400 Subject: [PATCH 086/369] Bump release to 4.0.7 --- NEWS.asciidoc | 11 +++++++++++ conf/pf-release | 2 +- debian/changelog | 4 ++-- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 1168d3e10bf7..79bc54749b04 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -35,6 +35,17 @@ Bug Fixes * +Version 4.0.6-2 released on 2013-09-13 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Bug Fixes ++++++++++ + +* Fixed dependancy in debian/ubuntu package (#1705) +* Fixed 802.1X error in RADIUS authorize (#1709) +* Fixed pfcmd not stopping services (#1710) +* Fixed caching issue on Web admin interface (#1711) + Version 4.0.6 released on 2013-09-05 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/conf/pf-release b/conf/pf-release index b9c2facad682..b0bf22650ccd 100644 --- a/conf/pf-release +++ b/conf/pf-release @@ -1 +1 @@ -PacketFence 4.0.6 +PacketFence 4.0.7 diff --git a/debian/changelog b/debian/changelog index a8d1e4b0cbf2..e36c7a519844 100644 --- a/debian/changelog +++ b/debian/changelog @@ -32,13 +32,13 @@ packetfence (4.0.0) unstable; urgency=low * Version 4.0.0 - -- Francis Lachapelle Wed, 8 May 2013 12:00:00 -0400 + -- Francis Lachapelle Wed, 8 May 2013 12:00:00 -0400 packetfence (3.6.1) unstable; urgency=low * Version 3.6.1 - -- Derek Wuelfrath Thu, 10 Oct 2012 17:12:00 -0400 + -- Derek Wuelfrath Thu, 10 Oct 2012 17:12:00 -0400 packetfence (3.6.0) unstable; urgency=low From 6cfb44a084ba1b93bb823c70c391e3182f5e7195 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 30 Sep 2013 08:58:42 -0400 Subject: [PATCH 087/369] Remove seperators from sources pulldown --- html/pfappserver/root/configuration/authentication.tt | 2 -- 1 file changed, 2 deletions(-) diff --git a/html/pfappserver/root/configuration/authentication.tt b/html/pfappserver/root/configuration/authentication.tt index dd2120dd17a2..f9619fa7ae3e 100644 --- a/html/pfappserver/root/configuration/authentication.tt +++ b/html/pfappserver/root/configuration/authentication.tt @@ -127,7 +127,6 @@ [% END -%] -
  • [% l('External') %]
    • -
  • [% l('Exclusive') %]
    • + [% ELSE %] + [% END %] [% UNLESS null_source %]
    From 679fb8ff61fb1ef774bc94079c8253a2469b1881 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 30 Sep 2013 17:37:35 -0400 Subject: [PATCH 097/369] Added help for new command fixpermissions --- lib/pf/pfcmd/help.pm | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/pf/pfcmd/help.pm b/lib/pf/pfcmd/help.pm index b5c7979382a5..0bbf707361d9 100644 --- a/lib/pf/pfcmd/help.pm +++ b/lib/pf/pfcmd/help.pm @@ -647,6 +647,16 @@ EOT return 1; } +sub help_fixpermissions { + print STDERR << "EOT"; +Usage: pfcmd fixpermissions + +Fix the permissions of the files and directories of packetfence + +EOT + return 1; +} + =back =head1 AUTHOR From 4a05b223b3e4eb05e99be2a2033f72ec5d7ab6f6 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 1 Oct 2013 10:24:55 -0400 Subject: [PATCH 098/369] Nodes will be registered with the admin user when when email is not required --- html/captive-portal/register.cgi | 1 + lib/pf/Authentication/Source/NullSource.pm | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/html/captive-portal/register.cgi b/html/captive-portal/register.cgi index 5b2fbccdc81b..b2bd8779fcdf 100755 --- a/html/captive-portal/register.cgi +++ b/html/captive-portal/register.cgi @@ -79,6 +79,7 @@ if ( (defined($cgi->param('username') ) || $no_username_needed ) && ($cgi->param } my $pid = $portalSession->getSession->param("username"); + $pid = $default_pid if $no_username_needed; my $params = { username => $pid }; # TODO : add current_time and computer_name my $locationlog_entry = locationlog_view_open_mac($mac); diff --git a/lib/pf/Authentication/Source/NullSource.pm b/lib/pf/Authentication/Source/NullSource.pm index 1afb1a41cd14..1d73c95a81bc 100644 --- a/lib/pf/Authentication/Source/NullSource.pm +++ b/lib/pf/Authentication/Source/NullSource.pm @@ -14,7 +14,7 @@ pf::Authentication::Source::NullSource use strict; use warnings; use Moose; -use pf::config qw($FALSE $TRUE); +use pf::config qw($FALSE $TRUE $default_pid); use Email::Valid; use pf::util; @@ -25,9 +25,13 @@ has '+type' => (default => 'Null'); has '+unique' => (default => 1); has 'email_required' => ( is=> 'rw', default => 'disabled'); +=head2 match_in_subclass + +=cut + sub match_in_subclass { my ($self, $params, $rule, $own_conditions, $matching_conditions) = @_; - return $params->{'username'}; + return $self->email_required ? $params->{'username'} : $default_pid; } =head2 authenticate From e3ca9c9fe3703b0ef7b8ab5541f2a1c3682504bf Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 2 Oct 2013 11:12:10 -0400 Subject: [PATCH 099/369] Fix templates of portal profiles section --- html/pfappserver/root/portal/profile/edit.tt | 90 +++++++++---------- html/pfappserver/root/portal/profile/files.tt | 58 ++++++------ html/pfappserver/root/portal/profile/view.tt | 90 +++++++++---------- 3 files changed, 117 insertions(+), 121 deletions(-) diff --git a/html/pfappserver/root/portal/profile/edit.tt b/html/pfappserver/root/portal/profile/edit.tt index 2ff47c46b4bb..6e5864a78dbb 100644 --- a/html/pfappserver/root/portal/profile/edit.tt +++ b/html/pfappserver/root/portal/profile/edit.tt @@ -59,50 +59,50 @@ [% l('Rename File') %]
    -
    - -
    - -

    [% directory %][% file_name %]

     - - - -
    -
    - -
    - -
    -
    [% l('Available Variables') %]
    -
      - [% FOREACH var IN ['logo', 'username', 'user_agent', 'dhcp_fingerprint', 'last_switch', 'last_port', 'last_vlan', 'last_connection_type', 'last_ssid'] %] - [% variable_entry(var) %] - [% END %] -
    -
    -
    [%file_content | html%]
    -
    - [% l('Save') %] - [% l('Revert Changes') %] - [% l('Preview') %] -
    -
    -
    + + +
    +
    +

    [% directory %][% file_name %]

     + + +
    +
    + +
    + +
    +
    [% l('Available Variables') %]
    +
      + [% FOREACH var IN ['logo', 'username', 'user_agent', 'dhcp_fingerprint', 'last_switch', 'last_port', 'last_vlan', 'last_connection_type', 'last_ssid'] %] + [% variable_entry(var) %] + [% END %] +
    +
    +
    [%file_content | html%]
    +
    + [% l('Save') %] + [% l('Revert Changes') %] + [% l('Preview') %] +
    +
    +
    +
    diff --git a/html/pfappserver/root/portal/profile/files.tt b/html/pfappserver/root/portal/profile/files.tt index 3f0529146553..f25a8461841a 100644 --- a/html/pfappserver/root/portal/profile/files.tt +++ b/html/pfappserver/root/portal/profile/files.tt @@ -174,37 +174,35 @@ td a.btn { margin-left: 5px; } -
    -
    diff --git a/html/pfappserver/root/portal/profile/view.tt b/html/pfappserver/root/portal/profile/view.tt index cd2f04bee789..5f17f1561594 100644 --- a/html/pfappserver/root/portal/profile/view.tt +++ b/html/pfappserver/root/portal/profile/view.tt @@ -13,58 +13,56 @@ -
    -
      + +

      +
      + -

      -
      - -
      -
      - [% form.block('definition').render %] - [% IF form.field('filter') %] -
      - -
      - [% form.field('filter').render %] -
      +
      + + [% form.block('definition').render %] + [% IF form.field('filter') %] +
      + +
      + [% form.field('filter').render %]
      - [% END -%] -
      - -
      - [% form.field('sources').render %] -
      -

      - - [%- IF form.meta.name.split(':').last == 'Default' -%] - [% l('With no source specified, all internal sources will be used.') %] - [%- ELSE -%] - [% l('With no source specified, the sources of the default profile will be used.') %] - [%- END -%]
      - [% l('Add a source.') %] -

      -
      +
      + [% END -%] +
      + +
      + [% form.field('sources').render %] +
      +

      + + [%- IF form.meta.name.split(':').last == 'Default' -%] + [% l('With no source specified, all internal sources will be used.') %] + [%- ELSE -%] + [% l('With no source specified, the sources of the default profile will be used.') %] + [%- END -%]
      + [% l('Add a source.') %] +

      -
      - [% l('Save') %] - -
      - -
      +
      +
      + [% l('Save') %] + +
      +
      From 6879e9bb2868514be4570cfa40b929635f785e64 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 2 Oct 2013 13:25:24 -0400 Subject: [PATCH 100/369] Role/category of local users is not mandatory Fixes #1721 --- UPGRADE.asciidoc | 10 ++++++++ db/upgrade-4.0.0-4.1.0.sql | 5 ++++ .../pfappserver/Form/Authentication/Rule.pm | 6 ++--- .../lib/pfappserver/Form/User/Create.pm | 23 +++++++++++++++---- 4 files changed, 36 insertions(+), 8 deletions(-) create mode 100644 db/upgrade-4.0.0-4.1.0.sql diff --git a/UPGRADE.asciidoc b/UPGRADE.asciidoc index 03f63a951e66..c553b829df23 100644 --- a/UPGRADE.asciidoc +++ b/UPGRADE.asciidoc @@ -5,6 +5,16 @@ http://www.packetfence.org/ Notes on upgrading from an older release. +Upgrading from a version prior to 4.1.0 +--------------------------------------- + +Database schema update +^^^^^^^^^^^^^^^^^^^^^^ +The category column in the temporary_password should not be mandatory. +Make sure you run the following to update your schema: + +mysql -u root -p pf -v < db/upgrade-4.0.0-4.1.0.sql + Upgrading from a version prior to 4.0.6 --------------------------------------- diff --git a/db/upgrade-4.0.0-4.1.0.sql b/db/upgrade-4.0.0-4.1.0.sql new file mode 100644 index 000000000000..50d532aaaebb --- /dev/null +++ b/db/upgrade-4.0.0-4.1.0.sql @@ -0,0 +1,5 @@ +-- +-- category of temporary password is not mandatory +-- + +ALTER TABLE `temporary_password` MODIFY category int DEFAULT NULL; \ No newline at end of file diff --git a/html/pfappserver/lib/pfappserver/Form/Authentication/Rule.pm b/html/pfappserver/lib/pfappserver/Form/Authentication/Rule.pm index caf81fa7f833..eecf67cb81d5 100644 --- a/html/pfappserver/lib/pfappserver/Form/Authentication/Rule.pm +++ b/html/pfappserver/lib/pfappserver/Form/Authentication/Rule.pm @@ -269,6 +269,7 @@ sub validate { $self->SUPER::validate(); my @actions; + @actions = grep { $_->{type} eq $Actions::SET_ACCESS_DURATION } @{$self->value->{actions}}; if (scalar @actions > 0) { @actions = grep { $_->{type} eq $Actions::SET_UNREG_DATE } @{$self->value->{actions}}; @@ -279,9 +280,8 @@ sub validate { @actions = grep { $_->{type} eq $Actions::SET_ROLE } @{$self->value->{actions}}; if (scalar @actions > 0) { - @actions = grep { - $_->{type} eq $Actions::SET_ACCESS_DURATION || $_->{type} eq $Actions::SET_UNREG_DATE - } @{$self->value->{actions}}; + @actions = grep { $_->{type} eq $Actions::SET_ACCESS_DURATION || $_->{type} eq $Actions::SET_UNREG_DATE } + @{$self->value->{actions}}; if (scalar @actions == 0) { $self->field('actions')->add_error("You must set an access duration or an unregistration date when setting a role."); } diff --git a/html/pfappserver/lib/pfappserver/Form/User/Create.pm b/html/pfappserver/lib/pfappserver/Form/User/Create.pm index 18e2823860a7..d50d6ed98221 100644 --- a/html/pfappserver/lib/pfappserver/Form/User/Create.pm +++ b/html/pfappserver/lib/pfappserver/Form/User/Create.pm @@ -53,7 +53,10 @@ has_block 'templates' => Validate the following constraints : - an access duration and an unregistration date cannot be set at the same time - - at least a role, an access duration, or an unregistration date is set + - when setting a role, an access duration or an unregistration date is set + - at least a role, a sponsor, or an access level is set + +See pfappserver::Form::Authentication::Rule->validate =cut @@ -63,20 +66,30 @@ sub validate { $self->SUPER::validate(); my @actions; + @actions = grep { $_->{type} eq $Actions::SET_ACCESS_DURATION } @{$self->value->{actions}}; if (scalar @actions > 0) { @actions = grep { $_->{type} eq $Actions::SET_UNREG_DATE } @{$self->value->{actions}}; if (scalar @actions > 0) { - $self->field('actions')->add_error("You can't define an access duration and a unregistration date at the same time."); + $self->field('actions')->add_error("You can't define an access duration and an unregistration date at the same time."); } } - else { - @actions = grep { $_->{type} eq $Actions::SET_UNREG_DATE || $_->{type} eq $Actions::SET_ROLE } + + @actions = grep { $_->{type} eq $Actions::SET_ROLE } @{$self->value->{actions}}; + if (scalar @actions > 0) { + @actions = grep { $_->{type} eq $Actions::SET_ACCESS_DURATION || $_->{type} eq $Actions::SET_UNREG_DATE } @{$self->value->{actions}}; if (scalar @actions == 0) { - $self->field('actions')->add_error("The actions must at least define a role, an access duration, or an unregistration date."); + $self->field('actions')->add_error("You must set an access duration or an unregistration date when setting a role."); } } + + @actions = grep { + $_->{type} eq $Actions::SET_ROLE || $_->{type} eq $Actions::MARK_AS_SPONSOR || $_->{type} eq $Actions::SET_ACCESS_LEVEL + } @{$self->value->{actions}}; + if (scalar @actions == 0) { + $self->field('actions')->add_error("You must at least set a role, mark the user as a sponsor, or set an access level."); + } } =head1 COPYRIGHT From 3174b779442bda11cf7491ffd5d85dcd093428a1 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 2 Oct 2013 13:27:45 -0400 Subject: [PATCH 101/369] Update Administration Guide --- docs/PacketFence_Administration_Guide.asciidoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/PacketFence_Administration_Guide.asciidoc b/docs/PacketFence_Administration_Guide.asciidoc index e3b3bb9761bb..bdac76fff5d5 100644 --- a/docs/PacketFence_Administration_Guide.asciidoc +++ b/docs/PacketFence_Administration_Guide.asciidoc @@ -1641,8 +1641,8 @@ Using Nessus: registration=enabled user=nessusUsername -Of course the basic-policy must exist on the nessus server -If you want to use a different nessus policy by category you have to ajust the settings like the following (if the policy doesn't exist, PacketFence will be use the default policy defined by nessus_clientpolicy): +Of course the basic-policy must exist on the nessus server. +If you want to use a different nessus policy by category, you have to adjust settings like the following (if the policy doesn't exist, PacketFence will use the default policy defined by nessus_clientpolicy): [nessus_category_policy] guest=guest_policy From 764f63ba5a345101a39dd35d586ff3242ecdb218 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 2 Oct 2013 13:48:49 -0400 Subject: [PATCH 102/369] Fix verification of expiration date --- NEWS.asciidoc | 7 ++++--- lib/pf/temporary_password.pm | 3 ++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 327cc23ad947..0068bb901768 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -17,7 +17,7 @@ Version 4.x.y released on 2013-MM-DD New Features ++++++++++++ -* Profiles can be filter by switches +* Portal profiles can be filtered by switches * Proxy interception * New pfcmd command fixpermissions @@ -30,12 +30,13 @@ Enhancements * Improved starting delay when using inline mode * Added memcached as a managed service * Added CoA support for Xirrus access point -* Improve validation of vlan management +* Improved validation of VLAN management Bug Fixes +++++++++ -* +* Fixed creation of users without a role (#1721) +* Fixed expiration date of registration to the end of the day (#1722) Version 4.0.6-2 released on 2013-09-13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/lib/pf/temporary_password.pm b/lib/pf/temporary_password.pm index afb6c5858ccd..701fe993f377 100644 --- a/lib/pf/temporary_password.pm +++ b/lib/pf/temporary_password.pm @@ -122,7 +122,8 @@ sub temporary_password_db_prepare { ); $temporary_password_statements->{'temporary_password_validate_password_sql'} = get_db_handle()->prepare(qq[ - SELECT pid, password, UNIX_TIMESTAMP(valid_from) as valid_from, UNIX_TIMESTAMP(expiration) as expiration, + SELECT pid, password, UNIX_TIMESTAMP(valid_from) as valid_from, + UNIX_TIMESTAMP(DATE_FORMAT(expiration,"%Y-%m-%d 23:59:59")) AS expiration, access_duration, category FROM temporary_password WHERE pid = ? From c10b8860ad7e68050a94f0860d1a9c6afca50b69 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 2 Oct 2013 15:20:10 -0400 Subject: [PATCH 103/369] Fixed vconfig configuration --- packetfence.init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packetfence.init b/packetfence.init index 0dc7b7940386..0533f872dec5 100755 --- a/packetfence.init +++ b/packetfence.init @@ -22,7 +22,7 @@ start() { if [ $IPSET ]; then modprobe ip_set fi - /sbin/vconfig set_name_type DEV_PLUS_VID + /sbin/vconfig set_name_type DEV_PLUS_VID_NO_PAD /usr/local/pf/bin/pfcmd service pf start RETVAL=$? echo From 89be4c65f3ca01668c17a1e942706bf947e414e4 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 3 Oct 2013 11:15:51 -0400 Subject: [PATCH 104/369] Expire and remove an item from l1_caches when retrieving from cache --- lib/pf/config/cached.pm | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/pf/config/cached.pm b/lib/pf/config/cached.pm index 07455f5e0f77..8e4d46aafd81 100644 --- a/lib/pf/config/cached.pm +++ b/lib/pf/config/cached.pm @@ -922,7 +922,11 @@ sub fromCacheUntainted { sub removeFromSubcaches { my ($self,$key) = @_; my $cache = $self->cache; - $cache->l1_cache->remove($key) if $cache->has_subcaches; + if($cache->has_subcaches) { + get_logger->trace("Removing from subcache"); + $cache->l1_cache->expire($key); + $cache->l1_cache->remove($key); + } } sub untaint { From f0660655caeb7205555bc22c9dd88b8aadbc8910 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 3 Oct 2013 14:20:04 -0400 Subject: [PATCH 105/369] Fixed issue where saving a source after it was pulled from cached changes will not be reflected in the conf/authentication.conf --- lib/pf/authentication.pm | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lib/pf/authentication.pm b/lib/pf/authentication.pm index 015bc05f4c12..d042d8c80bf5 100644 --- a/lib/pf/authentication.pm +++ b/lib/pf/authentication.pm @@ -210,17 +210,15 @@ sub readAuthenticationConfigFile { push(@authentication_sources, $current_source); $authentication_lookup{$source_id} = $current_source; } - $config->cache->set("authentication_lookup",\%authentication_lookup); $config->cache->set("authentication_sources",\@authentication_sources); }], -oncachereload => [ on_cache_authentication_reload => sub { my ($config, $name) = @_; - my $authentication_lookup_ref = $config->fromCacheUntainted("authentication_lookup"); my $authentication_sources_ref = $config->fromCacheUntainted("authentication_sources"); - if( all_defined($authentication_sources_ref, $authentication_lookup_ref)) { - %authentication_lookup = %$authentication_lookup_ref; + if( defined($authentication_sources_ref) ) { @authentication_sources = @$authentication_sources_ref; + %authentication_lookup = map { $_->id => $_ } @authentication_sources; } else { $config->doCallbacks(1,0); } From 69812df81b26649aeb4d1f46d1f779bffbe9688a Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 4 Oct 2013 12:24:46 -0400 Subject: [PATCH 106/369] Fix issue where dashes were being stripped from the rule name --- lib/pf/authentication.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/authentication.pm b/lib/pf/authentication.pm index d042d8c80bf5..993bcef2d3aa 100644 --- a/lib/pf/authentication.pm +++ b/lib/pf/authentication.pm @@ -176,7 +176,7 @@ sub readAuthenticationConfigFile { # Parse rules foreach my $rule_id ( $config->GroupMembers($source_id) ) { - my ($id) = $rule_id =~ m/$source_id rule (\w+)/; + my ($id) = $rule_id =~ m/$source_id rule (\S+)$/; my $current_rule = pf::Authentication::Rule->new({match => $Rules::ANY, id => $id}); foreach my $parameter ( $config->Parameters($rule_id) ) { From 40a9a53e8cf0cceeb294e2adffaf0ec2139bda8d Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 4 Oct 2013 16:06:48 -0400 Subject: [PATCH 107/369] Updated news file --- NEWS.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 0068bb901768..9caaf85d2858 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -37,6 +37,8 @@ Bug Fixes * Fixed creation of users without a role (#1721) * Fixed expiration date of registration to the end of the day (#1722) +* Fixed saving authentication sources and cached and allow rules with dashes +* Fixed vconfig setting the wrong name_type Version 4.0.6-2 released on 2013-09-13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From 3d2f6194e5cb550af172848276691628c6b69c6b Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 4 Oct 2013 18:39:24 -0400 Subject: [PATCH 108/369] Verify if the module is loaded before trying to load it --- lib/pf/cmd/subcmd.pm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/pf/cmd/subcmd.pm b/lib/pf/cmd/subcmd.pm index 5d8a35381fd7..61bf02a5a053 100644 --- a/lib/pf/cmd/subcmd.pm +++ b/lib/pf/cmd/subcmd.pm @@ -18,6 +18,7 @@ use warnings; use pf::cmd; use base qw(pf::cmd); use Module::Load; +use Module::Loaded; use pf::cmd::help; =head2 _run @@ -42,8 +43,7 @@ sub parseArgs { $module = "${base}::${action}"; } eval { - load $module; - $cmd = $module; + load $module unless is_loaded($module); }; if($@) { if ($@ =~ /Compilation failed/) { @@ -53,6 +53,7 @@ sub parseArgs { } $cmd = $self->unknownActionCmd; } + $cmd = $module; } else { $cmd = $self->noActionCmd; } From 2ea601ac34cb4d1f792666def699b18f773b8e2a Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 4 Oct 2013 18:40:24 -0400 Subject: [PATCH 109/369] Tool for dumping current global data in pf --- addons/dev-helpers/dump.pl | 103 +++++++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100755 addons/dev-helpers/dump.pl diff --git a/addons/dev-helpers/dump.pl b/addons/dev-helpers/dump.pl new file mode 100755 index 000000000000..9f3215b02a59 --- /dev/null +++ b/addons/dev-helpers/dump.pl @@ -0,0 +1,103 @@ +#!/usr/bin/perl +use lib qw(/usr/local/pf/lib); + +package pf::dump; +use base qw(pf::cmd::subcmd); + +=head1 NAME + +dump add documentation + +=head1 SYNOPSIS + +dump.pl + +=head1 DESCRIPTION + +dump + +=cut + + +package pf::dump::config; +use base qw(pf::cmd); +use Data::Dumper; + +sub _run { + require pf::config; + print Dumper(\%pf::config::Config); +} + + +package pf::dump::floatingdevices; +use base qw(pf::cmd); +use Data::Dumper; + +sub _run { + require pf::config; + print Dumper(\%pf::config::ConfigFloatingDevices); +} + +package pf::dump::profiles; +use base qw(pf::cmd); +use Data::Dumper; + +sub _run { + require pf::config; + print Dumper(\%pf::config::Profiles_Config); +} + + +package pf::dump::profiles_filters; +use base qw(pf::cmd); +use Data::Dumper; + +sub _run { + require pf::config; + print Dumper(\%pf::config::Profile_Filters); +} + +package pf::dump::sources; +use base qw(pf::cmd); +use Data::Dumper; + +sub _run { + require pf::authentication; + print Dumper(\@pf::authentication::authentication_sources); +} + +package main; +use strict; +use warnings; +use lib qw(/usr/local/pf/lib); + +exit pf::dump->new({args => \@ARGV})->run(); + + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + From ca661cd0ec6a274995275d61d010026f23392e4e Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 7 Oct 2013 11:15:19 -0400 Subject: [PATCH 110/369] Update default IP address for network detection --- conf/pf.conf.defaults | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/pf.conf.defaults b/conf/pf.conf.defaults index 182fc5aa3c80..24b96aa0e17d 100644 --- a/conf/pf.conf.defaults +++ b/conf/pf.conf.defaults @@ -602,7 +602,7 @@ network_detection=enabled # It is recommended that you allow your users to reach your packetfence server and put your LAN's PacketFence IP. # By default we will make this reach PacketFence's website as an easy solution. # -network_detection_ip = 67.205.85.245 +network_detection_ip = 192.95.20.194 # # captive_portal.loadbalancers_ip # From ab1b3ae6a2d2860802f8f2dc0323356bec27896c Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 7 Oct 2013 22:14:44 -0400 Subject: [PATCH 111/369] Help text is truncated to the first line When the description of a parameter from documentation.conf extends to multiple lines, only the first one is displayed on the Web admin. Fixes #1724. --- lib/pf/config/cached.pm | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/pf/config/cached.pm b/lib/pf/config/cached.pm index 8e4d46aafd81..e7d44ea46775 100644 --- a/lib/pf/config/cached.pm +++ b/lib/pf/config/cached.pm @@ -886,7 +886,7 @@ sub isa { sub untaint_value { my $val = shift; - if(defined $val && $val =~ /^(.*)$/) { + if (defined $val && $val =~ /^(.*)$/) { return $1; } } @@ -898,7 +898,7 @@ Copy configuration to a hash =cut sub toHash { - my ($self,$hash) = @_; + my ($self, $hash) = @_; %$hash = (); my @default_parms; if (exists $self->{default} ) { @@ -906,21 +906,21 @@ sub toHash { } foreach my $section ($self->Sections()) { my %data; - foreach my $param ( map { untaint_value($_) } uniq $self->Parameters($section),@default_parms) { - $data{$param} = untaint ($self->val($section,$param)); + foreach my $param ( map { untaint_value($_) } uniq $self->Parameters($section), @default_parms) { + $data{$param} = untaint(join('', $self->val($section, $param))); } $hash->{$section} = \%data; } } sub fromCacheUntainted { - my ($self,$key) = @_; + my ($self, $key) = @_; $self->removeFromSubcaches($key); return untaint($self->cache->get($key)); } sub removeFromSubcaches { - my ($self,$key) = @_; + my ($self, $key) = @_; my $cache = $self->cache; if($cache->has_subcaches) { get_logger->trace("Removing from subcache"); @@ -931,10 +931,10 @@ sub removeFromSubcaches { sub untaint { my $val = $_[0]; - if (tainted ($val)) { + if (tainted($val)) { $val = untaint_value($val); - } elsif( my $type = reftype($val)) { - if($type eq 'ARRAY') { + } elsif (my $type = reftype($val)) { + if ($type eq 'ARRAY') { foreach my $element (@$val) { $element = untaint($element); } From da53748a78a85c527ef211ebd1cbba0fe59f74f1 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 7 Oct 2013 22:22:05 -0400 Subject: [PATCH 112/369] Help text is truncated to the first line Better fix for #1724. --- NEWS.asciidoc | 1 + lib/pf/config/cached.pm | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 9caaf85d2858..7433e15ae5c4 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -39,6 +39,7 @@ Bug Fixes * Fixed expiration date of registration to the end of the day (#1722) * Fixed saving authentication sources and cached and allow rules with dashes * Fixed vconfig setting the wrong name_type +* Fixed help text in Web admin (#1724) Version 4.0.6-2 released on 2013-09-13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/lib/pf/config/cached.pm b/lib/pf/config/cached.pm index e7d44ea46775..5536cef6b3a0 100644 --- a/lib/pf/config/cached.pm +++ b/lib/pf/config/cached.pm @@ -907,7 +907,8 @@ sub toHash { foreach my $section ($self->Sections()) { my %data; foreach my $param ( map { untaint_value($_) } uniq $self->Parameters($section), @default_parms) { - $data{$param} = untaint(join('', $self->val($section, $param))); + my $val = $self->val($section, $param); + $data{$param} = untaint($val); } $hash->{$section} = \%data; } From fcc822277097afc3a0b64fe58d4958bd85fa65f6 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Tue, 8 Oct 2013 14:50:34 -0400 Subject: [PATCH 113/369] Added dep to fix nightly build --- addons/packages/packetfence.spec | 1 + debian/control | 1 + 2 files changed, 2 insertions(+) diff --git a/addons/packages/packetfence.spec b/addons/packages/packetfence.spec index bf89935889b0..b01926904354 100644 --- a/addons/packages/packetfence.spec +++ b/addons/packages/packetfence.spec @@ -223,6 +223,7 @@ Requires: perl(Cache::FastMmap) Requires: perl(Moo) >= 1.0 Requires: perl(Term::ANSIColor) Requires: perl(IO::Interactive) +Requires: perl(Module::Loaded) # configuration-wizard Requires: iproute, vconfig # diff --git a/debian/control b/debian/control index bcaa56e8675d..cb5bac368984 100644 --- a/debian/control +++ b/debian/control @@ -52,6 +52,7 @@ Depends: ${misc:Depends}, vlan, make, librrds-perl, libnetpacket-perl (>= 1.3), libcache-cache-perl, libcarp-perl, libiptables-libiptc-perl, libload-perl, libmime-lite-tt-perl, libmime-lite-perl, libconfig-general-perl, libproc-processtable-perl, libfile-flock-perl, libperl-version-perl, + perl-modules, # hard-coded to specific version because v3 broke the API and we haven't ported to it yet # see #1313: Port our Net-Appliance-Session to the version 3 API # http://packetfence.org/bugs/view.php?id=1313 From 86dc2a43ebf92a53ffa0c613eef222215a519e68 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Tue, 8 Oct 2013 15:14:38 -0400 Subject: [PATCH 114/369] Fix the number of test --- t/pfcmd.t | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/t/pfcmd.t b/t/pfcmd.t index 6978ff5900eb..d2538815cbae 100755 --- a/t/pfcmd.t +++ b/t/pfcmd.t @@ -14,7 +14,7 @@ use diagnostics; use lib '/usr/local/pf/lib'; -use Test::More tests => 93; +use Test::More tests => 94; use Test::NoWarnings; use English '-no_match_vars'; From 7d72045e2a72f82e1b1e6811e7b6aafdfeba4dc1 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 8 Oct 2013 16:18:31 -0400 Subject: [PATCH 115/369] Update snort rules update script Removed emerging-virus.rules which is no longer available. Fixes #1600 and #1715 --- addons/snort/update_rules.pl | 73 +++++++++++++++++++++--------------- conf/violations.conf | 2 +- 2 files changed, 44 insertions(+), 31 deletions(-) diff --git a/addons/snort/update_rules.pl b/addons/snort/update_rules.pl index 95020f67d8b4..ea581edfa1d4 100644 --- a/addons/snort/update_rules.pl +++ b/addons/snort/update_rules.pl @@ -10,39 +10,52 @@ =head1 DESCRIPTION =cut -my %snort_rules_version = ( - "RHEL5" => "snort-2.8.6", - "RHEL6" => "snort-2.9.0", - "latest" => "snort-2.9.0", - "SQUEEZE" => "snort-2.8.4", -); - -my %oses = ( - "CentOS release 5" => "RHEL5", - "Red Hat Enterprise Linux Server release 5" => "RHEL5", - "CentOS Linux release 6" => "RHEL6", - "CentOS release 6" => "RHEL6", - "Red Hat Enterprise Linux Server release 6" => "RHEL6", - "6" => "SQUEEZE", -); +my %snort_rules_version = + ( + "RHEL5" => "snort-2.8.6", + "RHEL6" => "snort-2.9.0", + "latest" => "snort-2.9.0", + "Squeeze" => "snort-2.8.4", + "Wheezy" => "snort-2.9.0" + ); + +my %oses = + ( + "CentOS release 5" => "RHEL5", + "Red Hat Enterprise Linux Server release 5" => "RHEL5", + "CentOS Linux release 6" => "RHEL6", + "CentOS release 6" => "RHEL6", + "Red Hat Enterprise Linux Server release 6" => "RHEL6", + "6" => "Squeeze", + "7" => "Wheezy" + ); my $os_type = supported_os(); - - my @rule_files = ( - 'emerging-botcc.rules', - 'emerging-attack_response.rules', - 'emerging-exploit.rules', - 'emerging-malware.rules', - 'emerging-p2p.rules', - 'emerging-scan.rules', - 'emerging-shellcode.rules', - 'emerging-trojan.rules', - 'emerging-virus.rules', - 'emerging-worm.rules' - ); - foreach my $current_rule_file (@rule_files) { - `/usr/bin/wget -N http://rules.emergingthreats.net/open/$snort_rules_version{$os_type}/rules/$current_rule_file -P /usr/local/pf/conf/snort`; +die "Your Linux distro is not supported or unknown." unless $os_type; + +my @rule_files = + ( + 'emerging-botcc.rules', + 'emerging-attack_response.rules', + 'emerging-exploit.rules', + 'emerging-malware.rules', + 'emerging-p2p.rules', + 'emerging-scan.rules', + 'emerging-shellcode.rules', + 'emerging-trojan.rules', + 'emerging-virus.rules', + 'emerging-worm.rules' + ); + +foreach my $current_rule_file (@rule_files) { + my $url = sprintf('http://rules.emergingthreats.net/open/%s/rules/%s', $snort_rules_version{$os_type}, $current_rule_file); + `/usr/bin/wget -N $url -P /usr/local/pf/conf/snort/ > /dev/null 2>&1`; + if ($?) { + print "An error occured while downloading $url ($?)\n"; + } else { + print "Downloaded $url\n"; } +} sub supported_os { diff --git a/conf/violations.conf b/conf/violations.conf index 0ae43b8699b8..1f58c3448169 100644 --- a/conf/violations.conf +++ b/conf/violations.conf @@ -12,7 +12,7 @@ enabled=N grace=120m window=0 button_text=Enable Network -snort_rules=local.rules,emerging-attack_response.rules,emerging-botcc.rules,emerging-exploit.rules,emerging-malware.rules,emerging-p2p.rules,emerging-scan.rules,emerging-shellcode.rules,emerging-trojan.rules,emerging-virus.rules,emerging-worm.rules +snort_rules=local.rules,emerging-attack_response.rules,emerging-botcc.rules,emerging-exploit.rules,emerging-malware.rules,emerging-p2p.rules,emerging-scan.rules,emerging-shellcode.rules,emerging-trojan.rules,emerging-worm.rules # vlan: The vlan parameter allows you to define in what vlan a node with a violation will be put in. # Accepted values are the vlan names: isolation, normal, registration, macDetection, inline, voice # and all the roles names you defined in the node_category table. (see switches.conf) From 74576b3f8d2f67061f8500e142dd8f4dbef350e6 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 8 Oct 2013 18:03:41 -0400 Subject: [PATCH 116/369] Exclude exclusive sources when there are no sources defined --- lib/pf/Portal/ProfileFactory.pm | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/pf/Portal/ProfileFactory.pm b/lib/pf/Portal/ProfileFactory.pm index 297aaf3c790c..a41276beb741 100644 --- a/lib/pf/Portal/ProfileFactory.pm +++ b/lib/pf/Portal/ProfileFactory.pm @@ -63,9 +63,10 @@ sub _from_default_profile { sub _default_profile { my %default = %{$Profiles_Config{default}}; unless (defined $default{'sources'} && @{$default{'sources'}} > 0) { - # When no authentication source is selected, use all authentication sources - my @sources = map { $_->id } @{pf::authentication::getAllAuthenticationSources()}; - $default{'sources'} = \@sources; + # When no authentication source is selected, use all authentication sources except + my @sources = grep { $_->class ne 'exclusive' } @{pf::authentication::getAllAuthenticationSources()}; + my @sources_id = map { $_->id } @sources; + $default{'sources'} = \@sources_id; } my %results = ( @@ -103,7 +104,7 @@ sub _guest_modes_from_sources { my @guest_modes = map { lc($_->type) } grep { exists $is_in{$_->id} && exists $modeClasses{$_->class} } - @authentication_sources; + @{pf::authentication::getAllAuthenticationSources()}; return \@guest_modes; } From 83769d3b6965230126f4e0033995e24c9d0d0101 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 9 Oct 2013 10:38:42 -0400 Subject: [PATCH 117/369] Add debugging information to pf::db --- lib/pf/db.pm | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/pf/db.pm b/lib/pf/db.pm index e0f31f813eb9..d1e0b677b5f5 100644 --- a/lib/pf/db.pm +++ b/lib/pf/db.pm @@ -256,6 +256,9 @@ sub db_query_execute { } my $valid_statement = (defined($db_statement) && (ref($db_statement) eq 'DBI::st')); + $logger->trace('SQL statement ('.$query. '): '.$db_statement->{Statement}) if ($valid_statement); + $logger->trace('SQL params ('.$query. '): '.join(', ', @params)) if (@params); + if ($valid_statement && $db_statement->execute(@params)) { # statement execute was a success; we are done From d9159772b3068f9abc49a6f247f17e76e5c8819c Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 9 Oct 2013 10:39:10 -0400 Subject: [PATCH 118/369] Update NEWS file --- NEWS.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 7433e15ae5c4..a1975df804b7 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -35,11 +35,13 @@ Enhancements Bug Fixes +++++++++ +* Fixed match of Htpasswd authentication source (#1714) * Fixed creation of users without a role (#1721) * Fixed expiration date of registration to the end of the day (#1722) * Fixed saving authentication sources and cached and allow rules with dashes * Fixed vconfig setting the wrong name_type * Fixed help text in Web admin (#1724) +* Removed references to unavailable snort rules (#1715) Version 4.0.6-2 released on 2013-09-13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From e831c2c393c53b92105928c27c078750cb3fb548 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 9 Oct 2013 12:19:25 -0400 Subject: [PATCH 119/369] Updated new feature --- NEWS.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index a1975df804b7..ef4d77d48fee 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -20,6 +20,7 @@ New Features * Portal profiles can be filtered by switches * Proxy interception * New pfcmd command fixpermissions +* Added a Null Authenication Source Enhancements ++++++++++++ From 7c556c31499e5a8a13f37d48a829686e1e50f3a2 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 9 Oct 2013 12:21:06 -0400 Subject: [PATCH 120/369] Updated comment to be more clear --- lib/pf/Portal/ProfileFactory.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/Portal/ProfileFactory.pm b/lib/pf/Portal/ProfileFactory.pm index a41276beb741..f16abad537de 100644 --- a/lib/pf/Portal/ProfileFactory.pm +++ b/lib/pf/Portal/ProfileFactory.pm @@ -63,7 +63,7 @@ sub _from_default_profile { sub _default_profile { my %default = %{$Profiles_Config{default}}; unless (defined $default{'sources'} && @{$default{'sources'}} > 0) { - # When no authentication source is selected, use all authentication sources except + # When no authentication source is selected, use all authentication sources except exclusive sources my @sources = grep { $_->class ne 'exclusive' } @{pf::authentication::getAllAuthenticationSources()}; my @sources_id = map { $_->id } @sources; $default{'sources'} = \@sources_id; From 611d63ab1c4b26ff1af8569b52bf96bb124a072a Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 9 Oct 2013 12:23:29 -0400 Subject: [PATCH 121/369] Move %pf::config::guest_self_registration to %pf::authentication::guest_self_registration since it is "owned" by pf::authentication --- lib/pf/authentication.pm | 2 ++ lib/pf/config.pm | 2 -- lib/pf/ipset.pm | 3 ++- lib/pf/iptables.pm | 23 ++++++++++++----------- lib/pf/pfcmd/checkup.pm | 1 + lib/pf/services/apache.pm | 1 + 6 files changed, 18 insertions(+), 14 deletions(-) diff --git a/lib/pf/authentication.pm b/lib/pf/authentication.pm index 993bcef2d3aa..44d924a8410f 100644 --- a/lib/pf/authentication.pm +++ b/lib/pf/authentication.pm @@ -55,6 +55,7 @@ use pf::util; our @authentication_sources = (); our %authentication_lookup; our $cached_authentication_config; +our %guest_self_registration; BEGIN { use Exporter (); @@ -70,6 +71,7 @@ BEGIN { getAllAuthenticationSources deleteAuthenticationSource writeAuthenticationConfigFile + %guest_self_registration ); @EXPORT_OK = qw( diff --git a/lib/pf/config.pm b/lib/pf/config.pm index c01780a7440a..0c85f4ab72a1 100644 --- a/lib/pf/config.pm +++ b/lib/pf/config.pm @@ -44,7 +44,6 @@ our ( @listen_ints, @dhcplistener_ints, @ha_ints, $monitor_int, @internal_nets, @routed_isolation_nets, @routed_registration_nets, @inline_nets, @external_nets, @inline_enforcement_nets, @vlan_enforcement_nets, $management_network, - %guest_self_registration, #pf.conf.default variables %Default_Config, $cached_pf_default_config, #pf.conf variables @@ -77,7 +76,6 @@ BEGIN { @listen_ints @dhcplistener_ints @ha_ints $monitor_int @internal_nets @routed_isolation_nets @routed_registration_nets @inline_nets $management_network @external_nets @inline_enforcement_nets @vlan_enforcement_nets - %guest_self_registration $IPTABLES_MARK_UNREG $IPTABLES_MARK_REG $IPTABLES_MARK_ISOLATION $IPSET_VERSION %mark_type_to_str %mark_type $MAC $PORT $SSID $ALWAYS diff --git a/lib/pf/ipset.pm b/lib/pf/ipset.pm index 7f79b3b9456e..d9f4ea3f0946 100644 --- a/lib/pf/ipset.pm +++ b/lib/pf/ipset.pm @@ -27,6 +27,7 @@ use pf::node qw(nodes_registered_not_violators node_view node_deregister $STATUS use pf::util; use pf::violation qw(violation_view_open_uniq violation_count); use pf::iplog; +use pf::authentication; Readonly my $FW_TABLE_FILTER => 'filter'; Readonly my $FW_TABLE_MANGLE => 'mangle'; @@ -247,7 +248,7 @@ sub get_mangle_mark_for_mac { if ($net_addr->contains($ip)) { foreach my $IPTABLES_MARK ($IPTABLES_MARK_UNREG, $IPTABLES_MARK_REG, $IPTABLES_MARK_ISOLATION) { - + my $cmd = "LANG=C sudo ipset --test pfsession_$mark_type_to_str{$IPTABLES_MARK}\_$network $iplog,$mac 2>&1"; my @out = pf_run($cmd, , accepted_exit_status => [ $_EXIT_CODE_EXISTS ]); diff --git a/lib/pf/iptables.pm b/lib/pf/iptables.pm index 15a653d5fe4b..7e12dce59940 100644 --- a/lib/pf/iptables.pm +++ b/lib/pf/iptables.pm @@ -40,6 +40,7 @@ use pf::config; use pf::node qw(nodes_registered_not_violators); use pf::util; use pf::violation qw(violation_view_open_uniq violation_count); +use pf::authentication; Readonly my $FW_TABLE_FILTER => 'filter'; Readonly my $FW_TABLE_MANGLE => 'mangle'; @@ -81,13 +82,13 @@ sub new { sub iptables_generate { my ($self) = @_; my $logger = Log::Log4perl::get_logger('pf::iptables'); - my %tags = ( + my %tags = ( 'filter_if_src_to_chain' => '', 'filter_forward_inline' => '', - 'filter_forward_vlan' => '', - 'mangle_if_src_to_chain' => '', 'mangle_prerouting_inline' => '', + 'filter_forward_vlan' => '', + 'mangle_if_src_to_chain' => '', 'mangle_prerouting_inline' => '', 'nat_if_src_to_chain' => '', 'nat_prerouting_inline' => '', 'nat_postrouting_vlan' => '', 'nat_postrouting_inline' => '', - 'input_inter_inline_rules' => '', 'nat_prerouting_vlan' => '', + 'input_inter_inline_rules' => '', 'nat_prerouting_vlan' => '', 'routed_postrouting_inline' => '','input_inter_vlan_if' => '', ); @@ -103,11 +104,11 @@ sub iptables_generate { $self->generate_inline_rules( \$tags{'filter_forward_inline'}, \$tags{'nat_prerouting_inline'}, \$tags{'nat_postrouting_inline'},\$tags{'routed_postrouting_inline'},\$tags{'input_inter_inline_rules'} ); - + # MANGLE $tags{'mangle_if_src_to_chain'} .= $self->generate_inline_if_src_to_chain($FW_TABLE_MANGLE); $tags{'mangle_prerouting_inline'} .= $self->generate_mangle_rules(); - + # NAT chain targets and redirections (other rules injected by generate_inline_rules) $tags{'nat_if_src_to_chain'} .= $self->generate_inline_if_src_to_chain($FW_TABLE_NAT); $tags{'nat_prerouting_inline'} .= $self->generate_nat_redirect_rules(); @@ -265,13 +266,13 @@ sub generate_inline_rules { $$input_filtering_ref .= "-A $FW_FILTER_INPUT_INT_INLINE --protocol tcp --match tcp --dport $intercept_port " . " --match mark --mark 0x$IPTABLES_MARK_REG --jump DROP\n"; } - } + } + - $logger->info("Adding NAT Masquarade statement (PAT)"); $$nat_postrouting_ref .= "-A $FW_POSTROUTING_INT_INLINE --jump MASQUERADE\n"; - + $logger->info("Addind ROUTED statement"); $$routed_postrouting_inline .= "-A $FW_POSTROUTING_INT_INLINE_ROUTED --jump ACCEPT\n"; @@ -464,7 +465,7 @@ sub generate_nat_redirect_rules { $rules .= "-A $FW_PREROUTING_INT_INLINE -m set --match-set pfsession_passthrough dst,dst ". "--match mark --mark 0x$IPTABLES_MARK_UNREG --jump ACCEPT\n"; } - + # Now, do your magic foreach my $redirectport ( split( /\s*,\s*/, $Config{'inline'}{'ports_redirect'} ) ) { my ( $port, $protocol ) = split( "/", $redirectport ); @@ -694,7 +695,7 @@ sub generate_interception_rules { } } -} +} =back diff --git a/lib/pf/pfcmd/checkup.pm b/lib/pf/pfcmd/checkup.pm index af895da0e63d..a86e10ca2b15 100644 --- a/lib/pf/pfcmd/checkup.pm +++ b/lib/pf/pfcmd/checkup.pm @@ -23,6 +23,7 @@ use pf::violation_config; use pf::util; use pf::services; use pf::trigger; +use pf::authentication; use NetAddr::IP; use File::Slurp qw(read_file); diff --git a/lib/pf/services/apache.pm b/lib/pf/services/apache.pm index 66d2e7bca2d3..ef09821c9ed3 100644 --- a/lib/pf/services/apache.pm +++ b/lib/pf/services/apache.pm @@ -28,6 +28,7 @@ use pf::config; use pf::util; use pf::util::apache qw(url_parser); use pf::web::constants; +use pf::authentication; BEGIN { use Exporter (); From 21fd18d7bce58880ab042703a29d91bd58814730 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 9 Oct 2013 14:04:54 -0400 Subject: [PATCH 122/369] Improve debugging information in pf::db --- lib/pf/db.pm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/pf/db.pm b/lib/pf/db.pm index d1e0b677b5f5..4feff690ca45 100644 --- a/lib/pf/db.pm +++ b/lib/pf/db.pm @@ -21,9 +21,9 @@ use strict; use warnings; use DBI; use File::Basename; -#get_logger() is equivalent to get_logger(__PACKAGE__) -use Log::Log4perl qw(get_logger); use threads; + +use pf::log; use pf::config; # Constants @@ -257,7 +257,7 @@ sub db_query_execute { my $valid_statement = (defined($db_statement) && (ref($db_statement) eq 'DBI::st')); $logger->trace('SQL statement ('.$query. '): '.$db_statement->{Statement}) if ($valid_statement); - $logger->trace('SQL params ('.$query. '): '.join(', ', @params)) if (@params); + $logger->trace('SQL params ('.$query. '): '.join(', ', map { defined $_? $_ : '' } @params)) if (@params); if ($valid_statement && $db_statement->execute(@params)) { From 02160bac4ee9dddc928b85279bb70707e2daef9c Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 9 Oct 2013 14:56:29 -0400 Subject: [PATCH 123/369] Improve generation of snort configuration file --- lib/pf/services/snort.pm | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/pf/services/snort.pm b/lib/pf/services/snort.pm index 7aa5003659f0..6c8384d47391 100644 --- a/lib/pf/services/snort.pm +++ b/lib/pf/services/snort.pm @@ -56,10 +56,14 @@ sub generate_snort_conf { if (exists $Violation_Config{'defaults'}{'snort_rules'}) { foreach my $rule ( split( /\s*,\s*/, $Violation_Config{'defaults'}{'snort_rules'} ) ) { - - #append install_dir if the path doesn't start with / - $rule = "\$RULE_PATH/$rule" if ( $rule !~ /^\// ); - push @rules, "include $rule"; + if ( $rule !~ /^\// && -e "$install_dir/conf/snort/$rule" || -e $rule ) { + # Append configuration directory if the path doesn't start with / + $rule = "\$RULE_PATH/$rule" if ( $rule !~ /^\// ); + push @rules, "include $rule"; + } + else { + $logger->warn("Snort rules definition file $rule was not found."); + } } } $tags{'snort_rules'} = join( "\n", @rules ); From 1ac5fb33f977c03a6c20b9b3a9ac58b1bdad0aee Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 9 Oct 2013 18:36:20 -0400 Subject: [PATCH 124/369] Removed switch widget --- .../lib/pfappserver/Form/Authentication/Source/Null.pm | 1 - 1 file changed, 1 deletion(-) diff --git a/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Null.pm b/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Null.pm index ceb1358c9efe..e76ca2171cf4 100644 --- a/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Null.pm +++ b/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Null.pm @@ -20,7 +20,6 @@ extends 'pfappserver::Form::Authentication::Source'; has_field 'email_required' => ( type => 'Toggle', - widget => 'Switch', checkbox_value => 'enabled', unchecked_value => 'disabled', ); From c995a2adf91ec89e6bd1d4b4db48df95ccc95c31 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 10 Oct 2013 10:50:53 -0400 Subject: [PATCH 125/369] Refactored profile forms --- .../lib/pfappserver/Form/Portal/Common.pm | 77 +++++++++++++++++++ .../lib/pfappserver/Form/Portal/Profile.pm | 64 ++++++--------- .../Form/Portal/Profile/Default.pm | 60 +++++---------- html/pfappserver/root/portal/profile/view.tt | 5 +- 4 files changed, 124 insertions(+), 82 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm b/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm index 0c45a4009347..4c7a92e4a5e9 100644 --- a/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm +++ b/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm @@ -17,9 +17,85 @@ use warnings; use HTML::FormHandler::Moose::Role; use List::MoreUtils qw(uniq); use pf::authentication; +with 'pfappserver::Base::Form::Role::Help'; + +=head1 Fields + +=head2 id + +Id of the profile + +=cut + +has_field 'id' => + ( + type => 'Text', + label => 'Profile Name', + required => 1, + apply => [ { check => qr/^[a-zA-Z0-9][a-zA-Z0-9\._-]*$/ } ], + ); + +=head2 description + +Description of the profile + +=cut + +has_field 'description' => + ( + type => 'Text', + label => 'Profile Description', + required => 1, + ); + +=head2 billing_engine + +Has the billing engine enabled + +=cut + +has_field 'billing_engine' => + ( + type => 'Toggle', + label => 'Enable Billing Engine', + checkbox_value => 'enabled', + unchecked_value => 'disabled', + tags => { after_element => \&help, + help => 'When enabling the billing engine, all authentication sources bellow are ignored.' }, + ); + +=head2 sources + +Collectiosn Authentication Sources for the profile + +=cut + +has_field 'sources' => + ( + 'type' => 'DynamicTable', + 'sortable' => 1, + 'do_label' => 0, + ); + +=head2 sources.contains + +The definition for Authentication Sources field + +=cut + +has_field 'sources.contains' => + ( + type => 'Select', + options_method => \&options_sources, + widget_wrapper => 'DynamicTableRow', + ); + +=head1 Methods =head2 options_sources +Returns the list of sources to be displayed + =cut sub options_sources { @@ -50,6 +126,7 @@ sub validate { } } + =head1 AUTHOR Inverse inc. diff --git a/html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm b/html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm index d0bc55e61d48..e51a96e8c167 100644 --- a/html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm +++ b/html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm @@ -16,39 +16,31 @@ use HTML::FormHandler::Moose; use pfappserver::Form::Field::ProfileFilter; extends 'pfappserver::Base::Form'; with 'pfappserver::Form::Portal::Common'; -with 'pfappserver::Base::Form::Role::Help'; use pf::config; use List::MoreUtils qw(uniq); -# Form fields -sub build_do_form_wrapper {0} -has_field 'id' => - ( - type => 'Text', - label => 'Profile Name', - required => 1, - apply => [ { check => qr/^[a-zA-Z0-9][a-zA-Z0-9\._-]*$/ } ], - ); -has_field 'description' => - ( - type => 'Text', - label => 'Profile Description', - required => 1, - ); -has_field 'billing_engine' => - ( - type => 'Toggle', - label => 'Enable Billing Engine', - checkbox_value => 'enabled', - unchecked_value => 'disabled', - tags => { after_element => \&help, - help => 'When enabling the billing engine, all authentication sources bellow are ignored.' }, - ); +=head1 Blocks + +=head2 definition + +The main definition block + +=cut + has_block 'definition' => ( render_list => [ qw(id description billing_engine) ], ); + +=head1 Fields + +=head2 filter + +The filter container field + +=cut + has_field 'filter' => ( type => 'DynamicTable', @@ -61,27 +53,19 @@ has_field 'filter' => ] } ); + +=head2 filter.conatains + +The filter container field contents + +=cut + has_field 'filter.contains' => ( type => '+ProfileFilter', label => 'Filter', widget_wrapper => 'DynamicTableRow', ); -has_field 'sources' => - ( - 'type' => 'DynamicTable', - 'sortable' => 1, - 'do_label' => 0, - ); -has_field 'sources.contains' => - ( - type => 'Select', - options_method => \&options_sources, - widget_wrapper => 'DynamicTableRow', - ); - -=head1 METHODS - =head1 COPYRIGHT diff --git a/html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm b/html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm index 0486b4cfc5d0..d7811d380376 100644 --- a/html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm +++ b/html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm @@ -15,55 +15,35 @@ use pf::authentication; use HTML::FormHandler::Moose; extends 'pfappserver::Base::Form'; with 'pfappserver::Form::Portal::Common'; -with 'pfappserver::Base::Form::Role::Help'; -# Form fields -has_field 'id' => - ( - type => 'Text', - label => 'Profile Name', - required => 1, - readonly => 1, - apply => [ { check => qr/^[a-zA-Z0-9][a-zA-Z0-9\._-]*$/ } ], - ); -has_field 'description' => +=head1 Blocks + +=head2 definition + +The main definition block + +=cut + +has_block 'definition' => ( - type => 'Text', - label => 'Profile Description', - required => 1, - readonly => 1, + render_list => [ qw(id description logo billing_engine) ], ); + + +=head1 Fields + +=head2 logo + +The logo field + +=cut + has_field 'logo' => ( type => 'Text', label => 'Logo', required => 1, ); -has_field 'billing_engine' => - ( - type => 'Toggle', - label => 'Enable Billing Engine', - checkbox_value => 'enabled', - unchecked_value => 'disabled', - tags => { after_element => \&help, - help => 'When enabling the billing engine, all authentication sources bellow are ignored.' }, - ); -has_block 'definition' => - ( - render_list => [ qw(id description logo billing_engine) ], - ); -has_field 'sources' => - ( - 'type' => 'DynamicTable', - 'sortable' => 1, - 'do_label' => 0, - ); -has_field 'sources.contains' => - ( - type => 'Select', - options_method => \&options_sources, - widget_wrapper => 'DynamicTableRow', - ); =head1 METHODS diff --git a/html/pfappserver/root/portal/profile/view.tt b/html/pfappserver/root/portal/profile/view.tt index 5f17f1561594..5bab062f75e9 100644 --- a/html/pfappserver/root/portal/profile/view.tt +++ b/html/pfappserver/root/portal/profile/view.tt @@ -1,5 +1,6 @@ +

      - + [%# submit %] From 6b47384c3f273f96cabf8a8f7c78db35f03ee444 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 18 Oct 2013 11:17:37 -0400 Subject: [PATCH 129/369] LDAP regexp condition doesn't consider all values Also improved debugging output. --- NEWS.asciidoc | 4 +- lib/pf/Authentication/Source/LDAPSource.pm | 76 +++++++++++----------- lib/pf/authentication.pm | 8 +-- 3 files changed, 44 insertions(+), 44 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index ef4d77d48fee..06012a512d20 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -39,10 +39,12 @@ Bug Fixes * Fixed match of Htpasswd authentication source (#1714) * Fixed creation of users without a role (#1721) * Fixed expiration date of registration to the end of the day (#1722) -* Fixed saving authentication sources and cached and allow rules with dashes +* Fixed caching issue when editing authentication sources (#1729) +* Allow rules with dashes (#1730) * Fixed vconfig setting the wrong name_type * Fixed help text in Web admin (#1724) * Removed references to unavailable snort rules (#1715) +* Fixed LDAP regexp condition not considering all attribute values (#1737) Version 4.0.6-2 released on 2013-09-13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/lib/pf/Authentication/Source/LDAPSource.pm b/lib/pf/Authentication/Source/LDAPSource.pm index 15ec1fefc2fc..7f181bf8f813 100644 --- a/lib/pf/Authentication/Source/LDAPSource.pm +++ b/lib/pf/Authentication/Source/LDAPSource.pm @@ -64,18 +64,17 @@ sub available_attributes { sub authenticate { my ( $self, $username, $password ) = @_; - my $logger = Log::Log4perl->get_logger( __PACKAGE__ ); + my $logger = Log::Log4perl->get_logger(__PACKAGE__); my ($connection, $LDAPServer, $LDAPServerPort ) = $self->_connect(); - if (! defined($connection)) { - $logger->error("Unable to connect to an LDAP server."); + if (!defined($connection)) { return ($FALSE, 'Unable to validate credentials at the moment'); } my $result = $self->bind_with_credentials($connection); if ($result->is_error) { - $logger->error("Unable to bind with $self->{'binddn'} on $LDAPServer:$LDAPServerPort"); + $logger->error("[$self->{'id'}] Unable to bind with $self->{'binddn'} on $LDAPServer:$LDAPServerPort"); return ($FALSE, 'Unable to validate credentials at the moment'); } @@ -87,15 +86,15 @@ sub authenticate { attrs => ['dn'] ); if ($result->is_error) { - $logger->error("Unable to execute search $filter from $self->{'basedn'} on $LDAPServer:$LDAPServerPort"); + $logger->error("[$self->{'id'}] Unable to execute search $filter from $self->{'basedn'} on $LDAPServer:$LDAPServerPort"); return ($FALSE, 'Unable to validate credentials at the moment'); } if ($result->count == 0) { - $logger->warn("No entries found (". $result->count .") with filter $filter from $self->{'basedn'} on $LDAPServer:$LDAPServerPort for source $self->{'id'}"); + $logger->warn("[$self->{'id'}] No entries found (". $result->count .") with filter $filter from $self->{'basedn'} on $LDAPServer:$LDAPServerPort"); return ($FALSE, 'Invalid login or password'); } elsif ($result->count > 1) { - $logger->warn("Unexpected number of entries found (" . $result->count .") with filter $filter from $self->{'basedn'} on $LDAPServer:$LDAPServerPort for source $self->{'id'}"); + $logger->warn("[$self->{'id'}] Unexpected number of entries found (" . $result->count .") with filter $filter from $self->{'basedn'} on $LDAPServer:$LDAPServerPort for source $self->{'id'}"); return ($FALSE, 'Invalid login or password'); } @@ -104,11 +103,12 @@ sub authenticate { $result = $connection->bind($user->dn, password => $password); if ($result->is_error) { - $logger->warn("User cannot " . $user->dn . " cannot bind from $self->{'basedn'} on $LDAPServer:$LDAPServerPort for source $self->{'id'}"); + $logger->warn("[$self->{'id'}] User " . $user->dn . " cannot bind from $self->{'basedn'} on $LDAPServer:$LDAPServerPort"); return ($FALSE, 'Invalid login or password'); } - return ($TRUE, 'Successful authentication using LDAP.'); + $logger->warn("[$self->{'id'}] Authentication successful for $username"); + return ($TRUE, 'Authentication successful using LDAP'); } @@ -145,22 +145,22 @@ sub _connect { $connection = Net::LDAP->new($LDAPServer, port => $LDAPServerPort ); } if (! defined($connection)) { - $logger->warn("Unable to connect to $LDAPServer"); + $logger->warn("[$self->{'id'}] Unable to connect to $LDAPServer"); next TRYSERVER; } # try TLS if required, return undef if it fails if ( $self->{'encryption'} eq TLS ) { my $mesg = $connection->start_tls(); - if ( $mesg->code() ) { $logger->error($mesg->error()) and return undef; } + if ( $mesg->code() ) { $logger->error("[$self->{'id'}] ".$mesg->error()) and return undef; } } - $logger->debug("using ldap connection to $LDAPServer"); + $logger->debug("[$self->{'id'}] Using LDAP connection to $LDAPServer"); return ( $connection, $LDAPServer, $LDAPServerPort ); } # if the connection is still undefined after trying every server, we fail and return undef. if (! defined($connection)) { - $logger->error("Unable to connect to any LDAP Server"); + $logger->error("[$self->{'id'}] Unable to connect to any LDAP server"); } return undef; } @@ -168,7 +168,7 @@ sub _connect { =head2 match_in_subclass -C<$params> are the parameters gathered at authentication (username, SSID, connection, type, etc). +C<$params> are the parameters gathered at authentication (username, SSID, connection type, etc). C<$rule> is the rule instance that defines the conditions. @@ -182,28 +182,24 @@ sub match_in_subclass { my ($self, $params, $rule, $own_conditions, $matching_conditions) = @_; - my $logger = Log::Log4perl->get_logger( __PACKAGE__ ); - - $logger->debug("Matching rules in LDAP source"); - - my $filter = $self->ldap_filter_for_conditions($own_conditions, $rule->match, $self->{'usernameattribute'}, $params); - - $logger->debug("LDAP filter: $filter"); + my $logger = Log::Log4perl->get_logger(__PACKAGE__); my ( $connection, $LDAPServer, $LDAPServerPort ) = $self->_connect(); if (! defined($connection)) { - $logger->error("Unable to connect to an LDAP server."); return undef; } my $result = $self->bind_with_credentials($connection); if ($result->is_error) { - $logger->error("Unable to bind with $self->{'binddn'} on $LDAPServer:$LDAPServerPort"); + $logger->error("[$self->{'id'}] Unable to bind with $self->{'binddn'} on $LDAPServer:$LDAPServerPort"); return undef; } - $logger->debug("Searching for $filter, from $self->{'basedn'}, with scope $self->{'scope'}"); + my $filter = $self->ldap_filter_for_conditions($own_conditions, $rule->match, $self->{'usernameattribute'}, $params); + + $logger->debug("[$self->{'id'} $rule->{'id'}] Searching for $filter, from $self->{'basedn'}, with scope $self->{'scope'}"); + my @attributes = map { $_->{'attribute'} } @{$own_conditions}; $result = $connection->search( base => $self->{'basedn'}, @@ -213,22 +209,25 @@ sub match_in_subclass { ); if ($result->is_error) { - $logger->error("Unable to execute search $filter from $self->{'basedn'} on $LDAPServer:$LDAPServerPort, we skip the rule."); + $logger->error("[$self->{'id'}] Unable to execute search $filter from $self->{'basedn'} on $LDAPServer:$LDAPServerPort, we skip the rule."); return undef; } - $logger->debug("Found ".$result->count." results"); + $logger->debug("[$self->{'id'} $rule->{'id'}] Found ".$result->count." results"); if ($result->count == 1) { my $entry = $result->pop_entry(); + my $dn = $entry->dn; my $entry_matches = 1; $connection->unbind; # Perform match on regexp conditions since they were not included in the LDAP filter foreach my $condition (grep { $_->{'operator'} eq $Conditions::MATCHES } @{$own_conditions}) { - my $attribute = $entry->get_value($condition->{'attribute'}); + my $attribute = $condition->{'attribute'}; my $value = $condition->{'value'}; - if ($attribute && $attribute =~ m/$condition->{'value'}/) { + my @attributes = $entry->get_value($attribute); + if (scalar @attributes > 0 && grep /$value/, @attributes) { $entry_matches = 1; + $logger->debug("[$self->{'id'} $rule->{'id'}] Regexp $attribute =~ /$value/ matches ($dn)"); last if ($rule->match eq $Rules::ANY) } else { @@ -242,8 +241,7 @@ sub match_in_subclass { if ($entry_matches) { # If we found a result, we push all conditions as matched ones. # That is normal, as we used them all to build our LDAP filter. - my $dn = $entry->dn; - $logger->info("Found a match ($dn)"); + $logger->info("[$self->{'id'} $rule->{'id'}] Found a match ($dn)"); push @{ $matching_conditions }, @{ $own_conditions }; return $params->{'username'}; } @@ -266,14 +264,14 @@ sub test { my ( $connection, $LDAPServer, $LDAPServerPort ) = $self->_connect(); if (! defined($connection)) { - $logger->warn("Unable to connect to any LDAP server"); + $logger->warn("[$self->{'id'}] Unable to connect to any LDAP server"); return ($FALSE, "Can't connect to server"); } # Bind my $result = $self->bind_with_credentials($connection); if ($result->is_error) { - $logger->warn("Unable to bind with $self->{'binddn'} on $LDAPServer:$LDAPServerPort"); + $logger->warn("[$self->{'id'}] Unable to bind with $self->{'binddn'} on $LDAPServer:$LDAPServerPort"); return ($FALSE, ["Unable to bind to [_1] with these settings", $LDAPServer]); } @@ -288,7 +286,7 @@ sub test { ); if ($result->is_error) { - $logger->warn("Unable to execute search $filter from $self->{'basedn'} on $LDAPServer:$LDAPServerPort: ".$result->error); + $logger->warn("[$self->{'id'}] Unable to execute search $filter from $self->{'basedn'} on $LDAPServer:$LDAPServerPort: ".$result->error); return ($FALSE, 'Wrong base DN or username attribute'); } @@ -355,18 +353,18 @@ sub username_from_email { my ( $connection, $LDAPServer, $LDAPServerPort ) = $self->_connect(); if (! defined($connection)) { - $logger->error("Unable to connect to $self->{'host'}"); + $logger->error("[$self->{'id'}] Unable to connect to $self->{'host'}"); return undef; } my $result = $self->bind_with_credentials($connection); if ($result->is_error) { - $logger->error("Unable to bind with $self->{'binddn'}"); + $logger->error("[$self->{'id'}] Unable to bind with $self->{'binddn'}"); return undef; } - $logger->info("Searching for $filter, from $self->{'basedn'}, with scope $self->{'scope'}"); + $logger->info("[$self->{'id'}] Searching for $filter, from $self->{'basedn'}, with scope $self->{'scope'}"); $result = $connection->search( base => $self->{'basedn'}, filter => $filter, @@ -375,18 +373,18 @@ sub username_from_email { ); if ($result->is_error) { - $logger->error("Unable to execute search: " . $result->error); + $logger->error("[$self->{'id'}] Unable to execute search: " . $result->error); next; } if ($result->count == 1) { my $username = $result->entry->get_value( $self->{'usernameattribute'} ); $connection->unbind; - $logger->info("LDAP:found a match in username_from_email ($email => $username)"); + $logger->info("[$self->{'id'}] Found a match: $email => $username"); return $username; } - $logger->info("No match found for filter: $filter"); + $logger->info("[$self->{'id'}] No match found for filter: $filter"); return undef; } diff --git a/lib/pf/authentication.pm b/lib/pf/authentication.pm index 44d924a8410f..a34d8cb94786 100644 --- a/lib/pf/authentication.pm +++ b/lib/pf/authentication.pm @@ -468,7 +468,7 @@ sub authenticate { @sources = @authentication_sources; } - $logger->debug("Authenticating '$username' from sources ".join(', ', map { $_->id } @sources)); + $logger->debug("Authenticating '$username' from source(s) ".join(', ', map { $_->id } @sources)); foreach my $current_source (@sources) { my ($result, $message); @@ -515,10 +515,10 @@ sub match { if (defined $action && defined $actions) { my $found_action = first { $_->type eq $action } @{$actions}; if (defined $found_action) { - $logger->debug("Returning '".$found_action->value."' for action $action on source ". $source->id); + $logger->debug("[".$source->id."] Returning '".$found_action->value."' for action $action for username ".$params->{'username'}); return $found_action->value } - $logger->debug("Params don't match rules for action $action on source " . $source->id); + $logger->debug("[".$source->id."] Params don't match rules for action $action for username ".$params->{'username'}); return undef; } @@ -526,7 +526,7 @@ sub match { $logger->debug("No source matches action $action"); } elsif (defined $source) { $actions ||= []; - $logger->debug("Returning actions ".join(', ', map { $_->type." = ".$_->value } @$actions ) . " for source " . $source->id); + $logger->debug("[".$source->id."] Returning actions ".join(', ', map { $_->type." = ".$_->value } @$actions )); } return $actions; From d98d58a3591d0781c4ee83c345e02f151cf36935 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 18 Oct 2013 11:37:33 -0400 Subject: [PATCH 130/369] Improve error message when sending a mail --- lib/pf/email_activation.pm | 2 +- lib/pf/sms_activation.pm | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/pf/email_activation.pm b/lib/pf/email_activation.pm index 671e6de9707a..985da3ad48ab 100644 --- a/lib/pf/email_activation.pm +++ b/lib/pf/email_activation.pm @@ -416,7 +416,7 @@ sub send_email { $logger->info("Email sent to ".$info{'email'}." (".$info{'subject'}.")"); } catch { - $logger->error("Can't send email to ".$info{'email'}); + $logger->error("Can't send email to ".$info{'email'}.": $!"); }; return $result; diff --git a/lib/pf/sms_activation.pm b/lib/pf/sms_activation.pm index f379a59b7fa8..2ed281226f31 100644 --- a/lib/pf/sms_activation.pm +++ b/lib/pf/sms_activation.pm @@ -332,6 +332,7 @@ sub send_sms { eval { $msg->send('smtp', $smtpserver, Timeout => 20); $result = $msg->last_send_successful(); + $logger->info("Email sent to $email (Network Activation)"); }; if ($@) { my $msg = "Can't send email to $email: $@"; From 5ddb92d1cce25fc3b43c8f46644aa300532afca2 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 18 Oct 2013 12:04:14 -0400 Subject: [PATCH 131/369] Can't sort by phone nor nodes count Fixed sort by phone number and nodes count when performing an advanced search on users. Fixes #1738 --- NEWS.asciidoc | 1 + html/pfappserver/lib/pfappserver/Model/Search/User.pm | 8 +++++--- html/pfappserver/lib/pfappserver/Model/User.pm | 2 +- html/pfappserver/root/user/advanced_search.tt | 2 +- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 06012a512d20..e36c0f7ea298 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -45,6 +45,7 @@ Bug Fixes * Fixed help text in Web admin (#1724) * Removed references to unavailable snort rules (#1715) * Fixed LDAP regexp condition not considering all attribute values (#1737) +* Fixed sort by phone number and nodes count when performing an advanced search on users (#1738) Version 4.0.6-2 released on 2013-09-13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/html/pfappserver/lib/pfappserver/Model/Search/User.pm b/html/pfappserver/lib/pfappserver/Model/Search/User.pm index d2e4238273cf..9a5a9505686b 100644 --- a/html/pfappserver/lib/pfappserver/Model/Search/User.pm +++ b/html/pfappserver/lib/pfappserver/Model/Search/User.pm @@ -60,11 +60,12 @@ my %COLUMN_MAP = ( table => 'node', name => 'mac', }, - name => \"concat(firstname,' ', lastname)", - ip_address => { + name => \"concat(firstname,' ', lastname)", + ip_address => { table => 'iplog', name => 'ip', }, + nodes => \"count(node.mac)", ); my %JOIN_MAP = ( @@ -159,7 +160,8 @@ sub add_searches { sub add_order_by { my ($self, $builder, $params) = @_; my ($by, $direction) = @$params{qw(by direction)}; - if($by && $direction) { + if ($by && $direction) { + $by = $COLUMN_MAP{$by} if (exists $COLUMN_MAP{$by}); $builder->order_by($by, $direction); } } diff --git a/html/pfappserver/lib/pfappserver/Model/User.pm b/html/pfappserver/lib/pfappserver/Model/User.pm index f652aa7eb61b..2f4bffb1e084 100644 --- a/html/pfappserver/lib/pfappserver/Model/User.pm +++ b/html/pfappserver/lib/pfappserver/Model/User.pm @@ -32,7 +32,7 @@ use pf::util qw(get_translatable_time); =cut sub field_names { - return [qw(pid firstname lastname email nodes) ]; + return [qw(pid firstname lastname email telephone nodes) ]; } =head2 read diff --git a/html/pfappserver/root/user/advanced_search.tt b/html/pfappserver/root/user/advanced_search.tt index 2956bd5966bf..eb212a1b31f7 100644 --- a/html/pfappserver/root/user/advanced_search.tt +++ b/html/pfappserver/root/user/advanced_search.tt @@ -1,5 +1,5 @@ [% MACRO header(column, title, class) BLOCK -%] -[% params = { by => column, filter => filter, per_page => per_page }; +[% params = { by => column, filter => filter, per_page => per_page, direction => 'asc' }; IF by == column && direction == 'asc'; params.direction = 'desc'; END %] From 16e2aaae6089d8c1241927eb54d4ca61378e4a8b Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 18 Oct 2013 14:34:55 -0400 Subject: [PATCH 132/369] Check mode parameter first in register.cgi The new Null authentication source needs to be considered only if no 'mode' parameter is specified. --- html/captive-portal/register.cgi | 113 +++++++++++++++++-------------- 1 file changed, 61 insertions(+), 52 deletions(-) diff --git a/html/captive-portal/register.cgi b/html/captive-portal/register.cgi index b2bd8779fcdf..3c554bcc0888 100755 --- a/html/captive-portal/register.cgi +++ b/html/captive-portal/register.cgi @@ -62,8 +62,66 @@ $info{'user_agent'} = $cgi->user_agent; my $no_password_needed = any {$_ eq 'null' } @{$portalSession->getProfile->getGuestModes}; my $no_username_needed = pf::web::_no_username($portalSession); -if ( (defined($cgi->param('username') ) || $no_username_needed ) && ($cgi->param('username') ne '' || $no_password_needed )) { +if (defined($cgi->url_param('mode')) && $cgi->url_param('mode') eq "next_page") { + my $pageNb = int($cgi->url_param('page')); + if (($pageNb > 1) && ($pageNb <= $Config{'registration'}{'nbregpages'})) { + pf::web::generate_registration_page($portalSession, $pageNb); + } else { + pf::web::generate_error_page($portalSession, i18n("error: invalid page number")); + } +} +elsif (defined($cgi->url_param('mode')) && $cgi->url_param('mode') eq "deregister") { + my ($form_return, $err) = pf::web::validate_form($portalSession); + if ($form_return != 1) { + $logger->trace("form validation failed or first time for " . $portalSession->getClientMac()); + pf::web::generate_login_page($portalSession, $err); + exit(0); + } + + my ($auth_return, $error) = pf::web::web_user_authenticate($portalSession); + if ($auth_return != 1) { + $logger->trace("authentication failed for " . $portalSession->getClientMac()); + pf::web::generate_login_page($portalSession, $error); + exit(0); + } + + my $node_info = node_view($portalSession->getClientMac()); + my $pid = $node_info->{'pid'}; + if ($portalSession->getSession->param("username") eq $pid) { + my $cmd = $bin_dir."/pfcmd manage deregister " . $portalSession->getClientMac(); + my $output = qx/$cmd/; + $logger->info("calling $bin_dir/pfcmd manage deregister " . $portalSession->getClientMac()); + print $cgi->redirect("/authenticate"); + } else { + pf::web::generate_error_page($portalSession, i18n("error: access denied not owner")); + } +} + +elsif (defined($cgi->url_param('mode')) && $cgi->url_param('mode') eq "release") { + # TODO this is duplicated also in register.cgi + # we drop HTTPS so we can perform our Internet detection and avoid all sort of certificate errors + if ($cgi->https()) { + print $cgi->redirect( + "http://".$Config{'general'}{'hostname'}.".".$Config{'general'}{'domain'} + .'/access?destination_url=' . uri_escape($portalSession->getDestinationUrl()) + ); + } else { + pf::web::generate_release_page($portalSession); + } + exit(0); +} + +elsif (defined($cgi->url_param('mode')) && $cgi->url_param('mode') eq "aup") { + pf::web::generate_aup_standalone_page($portalSession); + exit(0); +} + +elsif (defined($cgi->url_param('mode'))) { + pf::web::generate_error_page($portalSession, i18n("error: incorrect mode")); +} + +elsif ( (defined($cgi->param('username') ) || $no_username_needed ) && ($cgi->param('username') ne '' || $no_password_needed )) { my ($form_return, $err) = pf::web::validate_form($portalSession); if ($form_return != 1) { $logger->trace("form validation failed or first time for " . $portalSession->getClientMac()); @@ -117,58 +175,9 @@ if ( (defined($cgi->param('username') ) || $no_username_needed ) && ($cgi->param pf::web::web_node_register($portalSession, $pid, %info); pf::web::end_portal_session($portalSession); -} elsif (defined($cgi->url_param('mode')) && $cgi->url_param('mode') eq "next_page") { - my $pageNb = int($cgi->url_param('page')); - if (($pageNb > 1) && ($pageNb <= $Config{'registration'}{'nbregpages'})) { - pf::web::generate_registration_page($portalSession, $pageNb); - } else { - pf::web::generate_error_page($portalSession, i18n("error: invalid page number")); - } - -} elsif (defined($cgi->url_param('mode')) && $cgi->url_param('mode') eq "deregister") { - my ($form_return, $err) = pf::web::validate_form($portalSession); - if ($form_return != 1) { - $logger->trace("form validation failed or first time for " . $portalSession->getClientMac()); - pf::web::generate_login_page($portalSession, $err); - exit(0); - } - - my ($auth_return, $error) = pf::web::web_user_authenticate($portalSession); - if ($auth_return != 1) { - $logger->trace("authentication failed for " . $portalSession->getClientMac()); - pf::web::generate_login_page($portalSession, $error); - exit(0); - } - - my $node_info = node_view($portalSession->getClientMac()); - my $pid = $node_info->{'pid'}; - if ($portalSession->getSession->param("username") eq $pid) { - my $cmd = $bin_dir."/pfcmd manage deregister " . $portalSession->getClientMac(); - my $output = qx/$cmd/; - $logger->info("calling $bin_dir/pfcmd manage deregister " . $portalSession->getClientMac()); - print $cgi->redirect("/authenticate"); - } else { - pf::web::generate_error_page($portalSession, i18n("error: access denied not owner")); - } +} -} elsif (defined($cgi->url_param('mode')) && $cgi->url_param('mode') eq "release") { - # TODO this is duplicated also in register.cgi - # we drop HTTPS so we can perform our Internet detection and avoid all sort of certificate errors - if ($cgi->https()) { - print $cgi->redirect( - "http://".$Config{'general'}{'hostname'}.".".$Config{'general'}{'domain'} - .'/access?destination_url=' . uri_escape($portalSession->getDestinationUrl()) - ); - } else { - pf::web::generate_release_page($portalSession); - } - exit(0); -} elsif (defined($cgi->url_param('mode')) && $cgi->url_param('mode') eq "aup") { - pf::web::generate_aup_standalone_page($portalSession); - exit(0); -} elsif (defined($cgi->url_param('mode'))) { - pf::web::generate_error_page($portalSession, i18n("error: incorrect mode")); -} else { +else { pf::web::generate_login_page($portalSession); } From 82003f61c6937613a061823481206dc98d1f673c Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 18 Oct 2013 15:42:59 -0400 Subject: [PATCH 133/369] Update FontAwesome to version 3.2.1 --- NEWS.asciidoc | 1 + .../pfappserver/root/static/css/bootstrap.css | 1103 ++++++++++++++++- .../root/static/css/bootstrap.min.css | 26 +- .../root/static/font/fontawesome-webfont.eot | Bin 38708 -> 37405 bytes .../root/static/font/fontawesome-webfont.svg | 640 ++++++---- .../root/static/font/fontawesome-webfont.ttf | Bin 68476 -> 79076 bytes .../root/static/font/fontawesome-webfont.woff | Bin 41752 -> 43572 bytes 7 files changed, 1455 insertions(+), 315 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index e36c0f7ea298..60f3df8c0193 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -32,6 +32,7 @@ Enhancements * Added memcached as a managed service * Added CoA support for Xirrus access point * Improved validation of VLAN management +* Updated FontAwesome to version 3.2.1 Bug Fixes +++++++++ diff --git a/html/pfappserver/root/static/css/bootstrap.css b/html/pfappserver/root/static/css/bootstrap.css index ff5c7136b215..6814a22a5494 100644 --- a/html/pfappserver/root/static/css/bootstrap.css +++ b/html/pfappserver/root/static/css/bootstrap.css @@ -2273,106 +2273,458 @@ table th[class*="span"], background-color: #c4e3f3; } -/* Font Awesome - the iconic font designed for use with Twitter Bootstrap - ------------------------------------------------------- - The full suite of pictographic icons, examples, and documentation - can be found at: http://fortawesome.github.com/Font-Awesome/ - - License - ------------------------------------------------------- - The Font Awesome webfont, CSS, and LESS files are licensed under CC BY 3.0: - http://creativecommons.org/licenses/by/3.0/ A mention of - 'Font Awesome - http://fortawesome.github.com/Font-Awesome' in human-readable - source code is considered acceptable attribution (most common on the web). - If human readable source code is not available to the end user, a mention in - an 'About' or 'Credits' screen is considered acceptable (most common in desktop - or mobile software). - - Contact - ------------------------------------------------------- - Email: dave@davegandy.com - Twitter: http://twitter.com/fortaweso_me - Work: Lead Product Designer @ http://kyruus.com - - */ +/*! + * Font Awesome 3.2.1 + * the iconic font designed for Bootstrap + * ------------------------------------------------------------------------------ + * The full suite of pictographic icons, examples, and documentation can be + * found at http://fontawesome.io. Stay up to date on Twitter at + * http://twitter.com/fontawesome. + * + * License + * ------------------------------------------------------------------------------ + * - The Font Awesome font is licensed under SIL OFL 1.1 - + * http://scripts.sil.org/OFL + * - Font Awesome CSS, LESS, and SASS files are licensed under MIT License - + * http://opensource.org/licenses/mit-license.html + * - Font Awesome documentation licensed under CC BY 3.0 - + * http://creativecommons.org/licenses/by/3.0/ + * - Attribution is no longer required in Font Awesome 3.0, but much appreciated: + * "Font Awesome by Dave Gandy - http://fontawesome.io" + * + * Author - Dave Gandy + * ------------------------------------------------------------------------------ + * Email: dave@fontawesome.io + * Twitter: http://twitter.com/davegandy + * Work: Lead Product Designer @ Kyruus - http://kyruus.com + */ + +/* FONT PATH + * -------------------------- */ @font-face { font-family: 'FontAwesome'; font-style: normal; font-weight: normal; - src: url('../font/fontawesome-webfont.eot'); - src: url('../font/fontawesome-webfont.eot?#iefix') format('embedded-opentype'), url('../font/fontawesome-webfont.woff') format('woff'), url('../font/fontawesome-webfont.ttf') format('truetype'), url('../font/fontawesome-webfont.svg#FontAwesome') format('svg'); + src: url('../font/fontawesome-webfont.eot?v=3.2.1'); + src: url('../font/fontawesome-webfont.eot?#iefix&v=3.2.1') format('embedded-opentype'), url('../font/fontawesome-webfont.woff?v=3.2.1') format('woff'), url('../font/fontawesome-webfont.ttf?v=3.2.1') format('truetype'), url('../font/fontawesome-webfont.svg#fontawesomeregular?v=3.2.1') format('svg'); } -/* Font Awesome styles - ------------------------------------------------------- */ +/* FONT AWESOME CORE + * -------------------------- */ -[class^="icon-"]:before, -[class*=" icon-"]:before { - display: inline-block; +[class^="icon-"], +[class*=" icon-"] { + *margin-right: .3em; font-family: FontAwesome; + -webkit-font-smoothing: antialiased; font-style: normal; font-weight: normal; text-decoration: inherit; } -a [class^="icon-"], -a [class*=" icon-"] { +[class^="icon-"]:before, +[class*=" icon-"]:before { display: inline-block; text-decoration: inherit; + speak: none; } /* makes the font 33% larger relative to the icon container */ .icon-large:before { font-size: 1.3333333333333333em; - vertical-align: middle; + vertical-align: -10%; } -.btn [class^="icon-"], -.nav-tabs [class^="icon-"], -.btn [class*=" icon-"], -.nav-tabs [class*=" icon-"] { - /* keeps button heights with and without icons the same */ +/* makes sure icons active on rollover in links */ + +a [class^="icon-"], +a [class*=" icon-"] { + display: inline; +} + +/* increased font size for icon-large */ + +[class^="icon-"].icon-fixed-width, +[class*=" icon-"].icon-fixed-width { + display: inline-block; + width: 1.1428571428571428em; + padding-right: 0.2857142857142857em; + text-align: right; +} + +[class^="icon-"].icon-fixed-width.icon-large, +[class*=" icon-"].icon-fixed-width.icon-large { + width: 1.4285714285714286em; +} + +.icons-ul { + margin-left: 2.142857142857143em; + list-style-type: none; +} + +.icons-ul > li { + position: relative; +} + +.icons-ul .icon-li { + position: absolute; + left: -2.142857142857143em; + width: 2.142857142857143em; + line-height: inherit; + text-align: center; +} + +[class^="icon-"].hide, +[class*=" icon-"].hide { + display: none; +} + +.icon-muted { + color: #eeeeee; +} + +.icon-light { + color: #ffffff; +} + +.icon-dark { + color: #333333; +} +.icon-border { + padding: .2em .25em .15em; + border: solid 1px #eeeeee; + -webkit-border-radius: 3px; + -moz-border-radius: 3px; + border-radius: 3px; +} + +.icon-2x { + font-size: 2em; +} + +.icon-2x.icon-border { + border-width: 2px; + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; +} + +.icon-3x { + font-size: 3em; +} + +.icon-3x.icon-border { + border-width: 3px; + -webkit-border-radius: 5px; + -moz-border-radius: 5px; + border-radius: 5px; +} + +.icon-4x { + font-size: 4em; +} + +.icon-4x.icon-border { + border-width: 4px; + -webkit-border-radius: 6px; + -moz-border-radius: 6px; + border-radius: 6px; +} + +.icon-5x { + font-size: 5em; +} + +.icon-5x.icon-border { + border-width: 5px; + -webkit-border-radius: 7px; + -moz-border-radius: 7px; + border-radius: 7px; +} + +.pull-right { + float: right; +} + +.pull-left { + float: left; +} + +[class^="icon-"].pull-left, +[class*=" icon-"].pull-left { + margin-right: .3em; +} + +[class^="icon-"].pull-right, +[class*=" icon-"].pull-right { + margin-left: .3em; +} + +/* BOOTSTRAP SPECIFIC CLASSES + * -------------------------- */ + +/* Bootstrap 2.0 sprites.less reset */ + +[class^="icon-"], +[class*=" icon-"] { + display: inline; + width: auto; + height: auto; + margin-top: 0; + line-height: normal; + vertical-align: baseline; + background-image: none; + background-position: 0 0%; + background-repeat: repeat; +} + +/* more sprites.less reset */ + +.icon-white, +.nav-pills > .active > a > [class^="icon-"], +.nav-pills > .active > a > [class*=" icon-"], +.nav-list > .active > a > [class^="icon-"], +.nav-list > .active > a > [class*=" icon-"], +.navbar-inverse .nav > .active > a > [class^="icon-"], +.navbar-inverse .nav > .active > a > [class*=" icon-"], +.dropdown-menu > li > a:hover > [class^="icon-"], +.dropdown-menu > li > a:hover > [class*=" icon-"], +.dropdown-menu > .active > a > [class^="icon-"], +.dropdown-menu > .active > a > [class*=" icon-"], +.dropdown-submenu:hover > a > [class^="icon-"], +.dropdown-submenu:hover > a > [class*=" icon-"] { + background-image: none; +} + +/* keeps Bootstrap styles with and without icons the same */ + +.btn [class^="icon-"].icon-large, +.nav [class^="icon-"].icon-large, +.btn [class*=" icon-"].icon-large, +.nav [class*=" icon-"].icon-large { line-height: .9em; } -li [class^="icon-"], -li [class*=" icon-"] { +.btn [class^="icon-"].icon-spin, +.nav [class^="icon-"].icon-spin, +.btn [class*=" icon-"].icon-spin, +.nav [class*=" icon-"].icon-spin { display: inline-block; - width: 1.25em; +} + +.nav-tabs [class^="icon-"], +.nav-pills [class^="icon-"], +.nav-tabs [class*=" icon-"], +.nav-pills [class*=" icon-"], +.nav-tabs [class^="icon-"].icon-large, +.nav-pills [class^="icon-"].icon-large, +.nav-tabs [class*=" icon-"].icon-large, +.nav-pills [class*=" icon-"].icon-large { + line-height: .9em; +} + +.btn [class^="icon-"].pull-left.icon-2x, +.btn [class*=" icon-"].pull-left.icon-2x, +.btn [class^="icon-"].pull-right.icon-2x, +.btn [class*=" icon-"].pull-right.icon-2x { + margin-top: .18em; +} + +.btn [class^="icon-"].icon-spin.icon-large, +.btn [class*=" icon-"].icon-spin.icon-large { + line-height: .8em; +} + +.btn.btn-small [class^="icon-"].pull-left.icon-2x, +.btn.btn-small [class*=" icon-"].pull-left.icon-2x, +.btn.btn-small [class^="icon-"].pull-right.icon-2x, +.btn.btn-small [class*=" icon-"].pull-right.icon-2x { + margin-top: .25em; +} + +.btn.btn-large [class^="icon-"], +.btn.btn-large [class*=" icon-"] { + margin-top: 0; +} + +.btn.btn-large [class^="icon-"].pull-left.icon-2x, +.btn.btn-large [class*=" icon-"].pull-left.icon-2x, +.btn.btn-large [class^="icon-"].pull-right.icon-2x, +.btn.btn-large [class*=" icon-"].pull-right.icon-2x { + margin-top: .05em; +} + +.btn.btn-large [class^="icon-"].pull-left.icon-2x, +.btn.btn-large [class*=" icon-"].pull-left.icon-2x { + margin-right: .2em; +} + +.btn.btn-large [class^="icon-"].pull-right.icon-2x, +.btn.btn-large [class*=" icon-"].pull-right.icon-2x { + margin-left: .2em; +} + +/* Fixes alignment in nav lists */ + +.nav-list [class^="icon-"], +.nav-list [class*=" icon-"] { + line-height: inherit; +} + +/* EXTRAS + * -------------------------- */ + +/* Stacked and layered icon */ + +.icon-stack { + position: relative; + display: inline-block; + width: 2em; + height: 2em; + line-height: 2em; + vertical-align: -35%; +} + +.icon-stack [class^="icon-"], +.icon-stack [class*=" icon-"] { + position: absolute; + display: block; + width: 100%; + height: 100%; + font-size: 1em; + line-height: inherit; + *line-height: 2em; text-align: center; } -li .icon-large:before, -li .icon-large:before { - /* 1.5 increased font size for icon-large * 1.25 width */ +.icon-stack .icon-stack-base { + font-size: 2em; + *line-height: 1em; +} + +/* Animated rotating icon */ - width: 1.875em; +.icon-spin { + display: inline-block; + -webkit-animation: spin 2s infinite linear; + -moz-animation: spin 2s infinite linear; + -o-animation: spin 2s infinite linear; + animation: spin 2s infinite linear; } -ul.icons { - margin-left: 2em; - text-indent: -0.8em; - list-style-type: none; +/* Prevent stack and spinners from being taken inline when inside a link */ + +a .icon-stack, +a .icon-spin { + display: inline-block; + text-decoration: none; } -ul.icons li [class^="icon-"], -ul.icons li [class*=" icon-"] { - width: .8em; +@-moz-keyframes spin { + 0% { + -moz-transform: rotate(0deg); + } + 100% { + -moz-transform: rotate(359deg); + } } -ul.icons li .icon-large:before, -ul.icons li .icon-large:before { - /* 1.5 increased font size for icon-large * 1.25 width */ +@-webkit-keyframes spin { + 0% { + -webkit-transform: rotate(0deg); + } + 100% { + -webkit-transform: rotate(359deg); + } +} - vertical-align: initial; +@-o-keyframes spin { + 0% { + -o-transform: rotate(0deg); + } + 100% { + -o-transform: rotate(359deg); + } } -/* Font Awesome uses the Unicode Private Use Area (PUA) to ensure screen - readers do not read off random characters that represent icons */ +@-ms-keyframes spin { + 0% { + -ms-transform: rotate(0deg); + } + 100% { + -ms-transform: rotate(359deg); + } +} + +@keyframes spin { + 0% { + transform: rotate(0deg); + } + 100% { + transform: rotate(359deg); + } +} + +/* Icon rotations and mirroring */ + +.icon-rotate-90:before { + filter: progid:DXImageTransform.Microsoft.BasicImage(rotation=1); + -webkit-transform: rotate(90deg); + -moz-transform: rotate(90deg); + -ms-transform: rotate(90deg); + -o-transform: rotate(90deg); + transform: rotate(90deg); +} + +.icon-rotate-180:before { + filter: progid:DXImageTransform.Microsoft.BasicImage(rotation=2); + -webkit-transform: rotate(180deg); + -moz-transform: rotate(180deg); + -ms-transform: rotate(180deg); + -o-transform: rotate(180deg); + transform: rotate(180deg); +} + +.icon-rotate-270:before { + filter: progid:DXImageTransform.Microsoft.BasicImage(rotation=3); + -webkit-transform: rotate(270deg); + -moz-transform: rotate(270deg); + -ms-transform: rotate(270deg); + -o-transform: rotate(270deg); + transform: rotate(270deg); +} + +.icon-flip-horizontal:before { + -webkit-transform: scale(-1, 1); + -moz-transform: scale(-1, 1); + -ms-transform: scale(-1, 1); + -o-transform: scale(-1, 1); + transform: scale(-1, 1); +} + +.icon-flip-vertical:before { + -webkit-transform: scale(1, -1); + -moz-transform: scale(1, -1); + -ms-transform: scale(1, -1); + -o-transform: scale(1, -1); + transform: scale(1, -1); +} + +/* ensure rotation occurs inside anchor tags */ + +a .icon-rotate-90:before, +a .icon-rotate-180:before, +a .icon-rotate-270:before, +a .icon-flip-horizontal:before, +a .icon-flip-vertical:before { + display: inline-block; +} + +/* Font Awesome uses the Unicode Private Use Area (PUA) to ensure screen + readers do not read off random characters that represent icons */ .icon-glass:before { content: "\f000"; @@ -2386,7 +2738,7 @@ ul.icons li .icon-large:before { content: "\f002"; } -.icon-envelope:before { +.icon-envelope-alt:before { content: "\f003"; } @@ -2438,6 +2790,7 @@ ul.icons li .icon-large:before { content: "\f010"; } +.icon-power-off:before, .icon-off:before { content: "\f011"; } @@ -2446,6 +2799,7 @@ ul.icons li .icon-large:before { content: "\f012"; } +.icon-gear:before, .icon-cog:before { content: "\f013"; } @@ -2458,7 +2812,7 @@ ul.icons li .icon-large:before { content: "\f015"; } -.icon-file:before { +.icon-file-alt:before { content: "\f016"; } @@ -2490,12 +2844,11 @@ ul.icons li .icon-large:before { content: "\f01d"; } +.icon-rotate-right:before, .icon-repeat:before { content: "\f01e"; } -/* \f020 doesn't work in Safari. all shifted one down */ - .icon-refresh:before { content: "\f021"; } @@ -2752,6 +3105,7 @@ ul.icons li .icon-large:before { content: "\f063"; } +.icon-mail-forward:before, .icon-share-alt:before { content: "\f064"; } @@ -2876,6 +3230,7 @@ ul.icons li .icon-large:before { content: "\f084"; } +.icon-gears:before, .icon-cogs:before { content: "\f085"; } @@ -2884,11 +3239,11 @@ ul.icons li .icon-large:before { content: "\f086"; } -.icon-thumbs-up:before { +.icon-thumbs-up-alt:before { content: "\f087"; } -.icon-thumbs-down:before { +.icon-thumbs-down-alt:before { content: "\f088"; } @@ -2940,6 +3295,7 @@ ul.icons li .icon-large:before { content: "\f095"; } +.icon-unchecked:before, .icon-check-empty:before { content: "\f096"; } @@ -3072,6 +3428,7 @@ ul.icons li .icon-large:before { content: "\f0c5"; } +.icon-paperclip:before, .icon-paper-clip:before { content: "\f0c6"; } @@ -3168,7 +3525,7 @@ ul.icons li .icon-large:before { content: "\f0de"; } -.icon-envelope-alt:before { +.icon-envelope:before { content: "\f0e0"; } @@ -3176,6 +3533,7 @@ ul.icons li .icon-large:before { content: "\f0e1"; } +.icon-rotate-left:before, .icon-undo:before { content: "\f0e2"; } @@ -3212,8 +3570,621 @@ ul.icons li .icon-large:before { content: "\f0ea"; } +.icon-lightbulb:before { + content: "\f0eb"; +} + +.icon-exchange:before { + content: "\f0ec"; +} + +.icon-cloud-download:before { + content: "\f0ed"; +} + +.icon-cloud-upload:before { + content: "\f0ee"; +} + .icon-user-md:before { - content: "\f200"; + content: "\f0f0"; +} + +.icon-stethoscope:before { + content: "\f0f1"; +} + +.icon-suitcase:before { + content: "\f0f2"; +} + +.icon-bell-alt:before { + content: "\f0f3"; +} + +.icon-coffee:before { + content: "\f0f4"; +} + +.icon-food:before { + content: "\f0f5"; +} + +.icon-file-text-alt:before { + content: "\f0f6"; +} + +.icon-building:before { + content: "\f0f7"; +} + +.icon-hospital:before { + content: "\f0f8"; +} + +.icon-ambulance:before { + content: "\f0f9"; +} + +.icon-medkit:before { + content: "\f0fa"; +} + +.icon-fighter-jet:before { + content: "\f0fb"; +} + +.icon-beer:before { + content: "\f0fc"; +} + +.icon-h-sign:before { + content: "\f0fd"; +} + +.icon-plus-sign-alt:before { + content: "\f0fe"; +} + +.icon-double-angle-left:before { + content: "\f100"; +} + +.icon-double-angle-right:before { + content: "\f101"; +} + +.icon-double-angle-up:before { + content: "\f102"; +} + +.icon-double-angle-down:before { + content: "\f103"; +} + +.icon-angle-left:before { + content: "\f104"; +} + +.icon-angle-right:before { + content: "\f105"; +} + +.icon-angle-up:before { + content: "\f106"; +} + +.icon-angle-down:before { + content: "\f107"; +} + +.icon-desktop:before { + content: "\f108"; +} + +.icon-laptop:before { + content: "\f109"; +} + +.icon-tablet:before { + content: "\f10a"; +} + +.icon-mobile-phone:before { + content: "\f10b"; +} + +.icon-circle-blank:before { + content: "\f10c"; +} + +.icon-quote-left:before { + content: "\f10d"; +} + +.icon-quote-right:before { + content: "\f10e"; +} + +.icon-spinner:before { + content: "\f110"; +} + +.icon-circle:before { + content: "\f111"; +} + +.icon-mail-reply:before, +.icon-reply:before { + content: "\f112"; +} + +.icon-github-alt:before { + content: "\f113"; +} + +.icon-folder-close-alt:before { + content: "\f114"; +} + +.icon-folder-open-alt:before { + content: "\f115"; +} + +.icon-expand-alt:before { + content: "\f116"; +} + +.icon-collapse-alt:before { + content: "\f117"; +} + +.icon-smile:before { + content: "\f118"; +} + +.icon-frown:before { + content: "\f119"; +} + +.icon-meh:before { + content: "\f11a"; +} + +.icon-gamepad:before { + content: "\f11b"; +} + +.icon-keyboard:before { + content: "\f11c"; +} + +.icon-flag-alt:before { + content: "\f11d"; +} + +.icon-flag-checkered:before { + content: "\f11e"; +} + +.icon-terminal:before { + content: "\f120"; +} + +.icon-code:before { + content: "\f121"; +} + +.icon-reply-all:before { + content: "\f122"; +} + +.icon-mail-reply-all:before { + content: "\f122"; +} + +.icon-star-half-full:before, +.icon-star-half-empty:before { + content: "\f123"; +} + +.icon-location-arrow:before { + content: "\f124"; +} + +.icon-crop:before { + content: "\f125"; +} + +.icon-code-fork:before { + content: "\f126"; +} + +.icon-unlink:before { + content: "\f127"; +} + +.icon-question:before { + content: "\f128"; +} + +.icon-info:before { + content: "\f129"; +} + +.icon-exclamation:before { + content: "\f12a"; +} + +.icon-superscript:before { + content: "\f12b"; +} + +.icon-subscript:before { + content: "\f12c"; +} + +.icon-eraser:before { + content: "\f12d"; +} + +.icon-puzzle-piece:before { + content: "\f12e"; +} + +.icon-microphone:before { + content: "\f130"; +} + +.icon-microphone-off:before { + content: "\f131"; +} + +.icon-shield:before { + content: "\f132"; +} + +.icon-calendar-empty:before { + content: "\f133"; +} + +.icon-fire-extinguisher:before { + content: "\f134"; +} + +.icon-rocket:before { + content: "\f135"; +} + +.icon-maxcdn:before { + content: "\f136"; +} + +.icon-chevron-sign-left:before { + content: "\f137"; +} + +.icon-chevron-sign-right:before { + content: "\f138"; +} + +.icon-chevron-sign-up:before { + content: "\f139"; +} + +.icon-chevron-sign-down:before { + content: "\f13a"; +} + +.icon-html5:before { + content: "\f13b"; +} + +.icon-css3:before { + content: "\f13c"; +} + +.icon-anchor:before { + content: "\f13d"; +} + +.icon-unlock-alt:before { + content: "\f13e"; +} + +.icon-bullseye:before { + content: "\f140"; +} + +.icon-ellipsis-horizontal:before { + content: "\f141"; +} + +.icon-ellipsis-vertical:before { + content: "\f142"; +} + +.icon-rss-sign:before { + content: "\f143"; +} + +.icon-play-sign:before { + content: "\f144"; +} + +.icon-ticket:before { + content: "\f145"; +} + +.icon-minus-sign-alt:before { + content: "\f146"; +} + +.icon-check-minus:before { + content: "\f147"; +} + +.icon-level-up:before { + content: "\f148"; +} + +.icon-level-down:before { + content: "\f149"; +} + +.icon-check-sign:before { + content: "\f14a"; +} + +.icon-edit-sign:before { + content: "\f14b"; +} + +.icon-external-link-sign:before { + content: "\f14c"; +} + +.icon-share-sign:before { + content: "\f14d"; +} + +.icon-compass:before { + content: "\f14e"; +} + +.icon-collapse:before { + content: "\f150"; +} + +.icon-collapse-top:before { + content: "\f151"; +} + +.icon-expand:before { + content: "\f152"; +} + +.icon-euro:before, +.icon-eur:before { + content: "\f153"; +} + +.icon-gbp:before { + content: "\f154"; +} + +.icon-dollar:before, +.icon-usd:before { + content: "\f155"; +} + +.icon-rupee:before, +.icon-inr:before { + content: "\f156"; +} + +.icon-yen:before, +.icon-jpy:before { + content: "\f157"; +} + +.icon-renminbi:before, +.icon-cny:before { + content: "\f158"; +} + +.icon-won:before, +.icon-krw:before { + content: "\f159"; +} + +.icon-bitcoin:before, +.icon-btc:before { + content: "\f15a"; +} + +.icon-file:before { + content: "\f15b"; +} + +.icon-file-text:before { + content: "\f15c"; +} + +.icon-sort-by-alphabet:before { + content: "\f15d"; +} + +.icon-sort-by-alphabet-alt:before { + content: "\f15e"; +} + +.icon-sort-by-attributes:before { + content: "\f160"; +} + +.icon-sort-by-attributes-alt:before { + content: "\f161"; +} + +.icon-sort-by-order:before { + content: "\f162"; +} + +.icon-sort-by-order-alt:before { + content: "\f163"; +} + +.icon-thumbs-up:before { + content: "\f164"; +} + +.icon-thumbs-down:before { + content: "\f165"; +} + +.icon-youtube-sign:before { + content: "\f166"; +} + +.icon-youtube:before { + content: "\f167"; +} + +.icon-xing:before { + content: "\f168"; +} + +.icon-xing-sign:before { + content: "\f169"; +} + +.icon-youtube-play:before { + content: "\f16a"; +} + +.icon-dropbox:before { + content: "\f16b"; +} + +.icon-stackexchange:before { + content: "\f16c"; +} + +.icon-instagram:before { + content: "\f16d"; +} + +.icon-flickr:before { + content: "\f16e"; +} + +.icon-adn:before { + content: "\f170"; +} + +.icon-bitbucket:before { + content: "\f171"; +} + +.icon-bitbucket-sign:before { + content: "\f172"; +} + +.icon-tumblr:before { + content: "\f173"; +} + +.icon-tumblr-sign:before { + content: "\f174"; +} + +.icon-long-arrow-down:before { + content: "\f175"; +} + +.icon-long-arrow-up:before { + content: "\f176"; +} + +.icon-long-arrow-left:before { + content: "\f177"; +} + +.icon-long-arrow-right:before { + content: "\f178"; +} + +.icon-apple:before { + content: "\f179"; +} + +.icon-windows:before { + content: "\f17a"; +} + +.icon-android:before { + content: "\f17b"; +} + +.icon-linux:before { + content: "\f17c"; +} + +.icon-dribbble:before { + content: "\f17d"; +} + +.icon-skype:before { + content: "\f17e"; +} + +.icon-foursquare:before { + content: "\f180"; +} + +.icon-trello:before { + content: "\f181"; +} + +.icon-female:before { + content: "\f182"; +} + +.icon-male:before { + content: "\f183"; +} + +.icon-gittip:before { + content: "\f184"; +} + +.icon-sun:before { + content: "\f185"; +} + +.icon-moon:before { + content: "\f186"; +} + +.icon-archive:before { + content: "\f187"; +} + +.icon-bug:before { + content: "\f188"; +} + +.icon-vk:before { + content: "\f189"; +} + +.icon-weibo:before { + content: "\f18a"; +} + +.icon-renren:before { + content: "\f18b"; } .dropup, diff --git a/html/pfappserver/root/static/css/bootstrap.min.css b/html/pfappserver/root/static/css/bootstrap.min.css index 9aa3ae0f55f1..f0309c9bc6f9 100644 --- a/html/pfappserver/root/static/css/bootstrap.min.css +++ b/html/pfappserver/root/static/css/bootstrap.min.css @@ -6,4 +6,28 @@ * http://www.apache.org/licenses/LICENSE-2.0 * * Designed and built with all the love in the world @twitter by @mdo and @fat. - */.clearfix{*zoom:1}.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}.hide-text{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.input-block-level{display:block;width:100%;min-height:28px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}audio:not([controls]){display:none}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}a:hover,a:active{outline:0}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{width:auto\9;height:auto;max-width:100%;vertical-align:middle;border:0;-ms-interpolation-mode:bicubic}#map_canvas img,.google-maps img{max-width:none}button,input,select,textarea{margin:0;font-size:100%;vertical-align:middle}button,input{*overflow:visible;line-height:normal}button::-moz-focus-inner,input::-moz-focus-inner{padding:0;border:0}button,html input[type="button"],input[type="reset"],input[type="submit"]{cursor:pointer;-webkit-appearance:button}label,select,button,input[type="button"],input[type="reset"],input[type="submit"],input[type="radio"],input[type="checkbox"]{cursor:pointer}input[type="search"]{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-appearance:textfield}input[type="search"]::-webkit-search-decoration,input[type="search"]::-webkit-search-cancel-button{-webkit-appearance:none}textarea{overflow:auto;vertical-align:top}@media print{*{color:#000!important;text-shadow:none!important;background:transparent!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}.ir a:after,a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100%!important}@page{margin:.5cm}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}}body{margin:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px;line-height:18px;color:#333;background-color:#fff}a{color:#08c;text-decoration:none}a:hover,a:focus{color:#005580;text-decoration:underline}.img-rounded{-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.img-polaroid{padding:4px;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);-webkit-box-shadow:0 1px 3px rgba(0,0,0,0.1);-moz-box-shadow:0 1px 3px rgba(0,0,0,0.1);box-shadow:0 1px 3px rgba(0,0,0,0.1)}.img-circle{-webkit-border-radius:500px;-moz-border-radius:500px;border-radius:500px}.row{margin-left:-20px;*zoom:1}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}[class*="span"]{float:left;min-height:1px;margin-left:20px}.container,.navbar-static-top .container,.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:940px}.span12{width:940px}.span11{width:860px}.span10{width:780px}.span9{width:700px}.span8{width:620px}.span7{width:540px}.span6{width:460px}.span5{width:380px}.span4{width:300px}.span3{width:220px}.span2{width:140px}.span1{width:60px}.offset12{margin-left:980px}.offset11{margin-left:900px}.offset10{margin-left:820px}.offset9{margin-left:740px}.offset8{margin-left:660px}.offset7{margin-left:580px}.offset6{margin-left:500px}.offset5{margin-left:420px}.offset4{margin-left:340px}.offset3{margin-left:260px}.offset2{margin-left:180px}.offset1{margin-left:100px}.row-fluid{width:100%;*zoom:1}.row-fluid:before,.row-fluid:after{display:table;line-height:0;content:""}.row-fluid:after{clear:both}.row-fluid [class*="span"]{display:block;float:left;width:100%;min-height:28px;margin-left:2.127659574468085%;*margin-left:2.074468085106383%;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.row-fluid [class*="span"]:first-child{margin-left:0}.row-fluid .controls-row [class*="span"]+[class*="span"]{margin-left:2.127659574468085%}.row-fluid .span12{width:100%;*width:99.94680851063829%}.row-fluid .span11{width:91.48936170212765%;*width:91.43617021276594%}.row-fluid .span10{width:82.97872340425532%;*width:82.92553191489361%}.row-fluid .span9{width:74.46808510638297%;*width:74.41489361702126%}.row-fluid .span8{width:65.95744680851064%;*width:65.90425531914893%}.row-fluid .span7{width:57.44680851063829%;*width:57.39361702127659%}.row-fluid .span6{width:48.93617021276595%;*width:48.88297872340425%}.row-fluid .span5{width:40.42553191489362%;*width:40.37234042553192%}.row-fluid .span4{width:31.914893617021278%;*width:31.861702127659576%}.row-fluid .span3{width:23.404255319148934%;*width:23.351063829787233%}.row-fluid .span2{width:14.893617021276595%;*width:14.840425531914894%}.row-fluid .span1{width:6.382978723404255%;*width:6.329787234042553%}.row-fluid .offset12{margin-left:104.25531914893617%;*margin-left:104.14893617021275%}.row-fluid .offset12:first-child{margin-left:102.12765957446808%;*margin-left:102.02127659574467%}.row-fluid .offset11{margin-left:95.74468085106382%;*margin-left:95.6382978723404%}.row-fluid .offset11:first-child{margin-left:93.61702127659574%;*margin-left:93.51063829787232%}.row-fluid .offset10{margin-left:87.23404255319149%;*margin-left:87.12765957446807%}.row-fluid .offset10:first-child{margin-left:85.1063829787234%;*margin-left:84.99999999999999%}.row-fluid .offset9{margin-left:78.72340425531914%;*margin-left:78.61702127659572%}.row-fluid .offset9:first-child{margin-left:76.59574468085106%;*margin-left:76.48936170212764%}.row-fluid .offset8{margin-left:70.2127659574468%;*margin-left:70.10638297872339%}.row-fluid .offset8:first-child{margin-left:68.08510638297872%;*margin-left:67.9787234042553%}.row-fluid .offset7{margin-left:61.70212765957446%;*margin-left:61.59574468085106%}.row-fluid .offset7:first-child{margin-left:59.574468085106375%;*margin-left:59.46808510638297%}.row-fluid .offset6{margin-left:53.191489361702125%;*margin-left:53.085106382978715%}.row-fluid .offset6:first-child{margin-left:51.063829787234035%;*margin-left:50.95744680851063%}.row-fluid .offset5{margin-left:44.68085106382979%;*margin-left:44.57446808510638%}.row-fluid .offset5:first-child{margin-left:42.5531914893617%;*margin-left:42.4468085106383%}.row-fluid .offset4{margin-left:36.170212765957444%;*margin-left:36.06382978723405%}.row-fluid .offset4:first-child{margin-left:34.04255319148936%;*margin-left:33.93617021276596%}.row-fluid .offset3{margin-left:27.659574468085104%;*margin-left:27.5531914893617%}.row-fluid .offset3:first-child{margin-left:25.53191489361702%;*margin-left:25.425531914893618%}.row-fluid .offset2{margin-left:19.148936170212764%;*margin-left:19.04255319148936%}.row-fluid .offset2:first-child{margin-left:17.02127659574468%;*margin-left:16.914893617021278%}.row-fluid .offset1{margin-left:10.638297872340425%;*margin-left:10.53191489361702%}.row-fluid .offset1:first-child{margin-left:8.51063829787234%;*margin-left:8.404255319148938%}[class*="span"].hide,.row-fluid [class*="span"].hide{display:none}[class*="span"].pull-right,.row-fluid [class*="span"].pull-right{float:right}.container{margin-right:auto;margin-left:auto;*zoom:1}.container:before,.container:after{display:table;line-height:0;content:""}.container:after{clear:both}.container-fluid{padding-right:20px;padding-left:20px;*zoom:1}.container-fluid:before,.container-fluid:after{display:table;line-height:0;content:""}.container-fluid:after{clear:both}p{margin:0 0 9px}.lead{margin-bottom:18px;font-size:19.5px;font-weight:200;line-height:27px}small{font-size:85%}strong{font-weight:bold}em{font-style:italic}cite{font-style:normal}.muted{color:#999}a.muted:hover,a.muted:focus{color:#808080}.text-warning{color:#c09853}a.text-warning:hover,a.text-warning:focus{color:#a47e3c}.text-error{color:#b94a48}a.text-error:hover,a.text-error:focus{color:#953b39}.text-info{color:#3a87ad}a.text-info:hover,a.text-info:focus{color:#2d6987}.text-success{color:#468847}a.text-success:hover,a.text-success:focus{color:#356635}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}h1,h2,h3,h4,h5,h6{margin:9px 0;font-family:inherit;font-weight:bold;line-height:18px;color:inherit;text-rendering:optimizelegibility}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small{font-weight:normal;line-height:1;color:#999}h1,h2,h3{line-height:36px}h1{font-size:35.75px}h2{font-size:29.25px}h3{font-size:22.75px}h4{font-size:16.25px}h5{font-size:13px}h6{font-size:11.049999999999999px}h1 small{font-size:22.75px}h2 small{font-size:16.25px}h3 small{font-size:13px}h4 small{font-size:13px}.page-header{padding-bottom:8px;margin:18px 0 27px;border-bottom:1px solid #eee}ul,ol{padding:0;margin:0 0 9px 25px}ul ul,ul ol,ol ol,ol ul{margin-bottom:0}li{line-height:18px}ul.unstyled,ol.unstyled{margin-left:0;list-style:none}ul.inline,ol.inline{margin-left:0;list-style:none}ul.inline>li,ol.inline>li{display:inline-block;*display:inline;padding-right:5px;padding-left:5px;*zoom:1}dl{margin-bottom:18px}dt,dd{line-height:18px}dt{font-weight:bold}dd{margin-left:9px}.dl-horizontal{*zoom:1}.dl-horizontal:before,.dl-horizontal:after{display:table;line-height:0;content:""}.dl-horizontal:after{clear:both}.dl-horizontal dt{float:left;width:160px;overflow:hidden;clear:left;text-align:right;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}hr{margin:18px 0;border:0;border-top:1px solid #eee;border-bottom:1px solid #fff}abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #999}abbr.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:0 0 0 15px;margin:0 0 18px;border-left:5px solid #eee}blockquote p{margin-bottom:0;font-size:16.25px;font-weight:300;line-height:1.25}blockquote small{display:block;line-height:18px;color:#999}blockquote small:before{content:'\2014 \00A0'}blockquote.pull-right{float:right;padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0}blockquote.pull-right p,blockquote.pull-right small{text-align:right}blockquote.pull-right small:before{content:''}blockquote.pull-right small:after{content:'\00A0 \2014'}q:before,q:after,blockquote:before,blockquote:after{content:""}address{display:block;margin-bottom:18px;font-style:normal;line-height:18px}code,pre{padding:0 3px 2px;font-family:Monaco,Menlo,Consolas,"Courier New",monospace;font-size:11px;color:#333;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}code{padding:2px 4px;color:#d14;white-space:nowrap;background-color:#f7f7f9;border:1px solid #e1e1e8}pre{display:block;padding:8.5px;margin:0 0 9px;font-size:12px;line-height:18px;word-break:break-all;word-wrap:break-word;white-space:pre;white-space:pre-wrap;background-color:#f5f5f5;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.15);-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}pre.prettyprint{margin-bottom:18px}pre code{padding:0;color:inherit;white-space:pre;white-space:pre-wrap;background-color:transparent;border:0}.pre-scrollable{max-height:340px;overflow-y:scroll}form{margin:0 0 18px}fieldset{padding:0;margin:0;border:0}legend{display:block;width:100%;padding:0;margin-bottom:18px;font-size:19.5px;line-height:36px;color:#333;border:0;border-bottom:1px solid #e5e5e5}legend small{font-size:13.5px;color:#999}label,input,button,select,textarea{font-size:13px;font-weight:normal;line-height:18px}input,button,select,textarea{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif}label{display:block;margin-bottom:5px}select,textarea,input[type="text"],input[type="password"],input[type="datetime"],input[type="datetime-local"],input[type="date"],input[type="month"],input[type="time"],input[type="week"],input[type="number"],input[type="email"],input[type="url"],input[type="search"],input[type="tel"],input[type="color"],.uneditable-input{display:inline-block;height:18px;padding:4px 6px;margin-bottom:9px;font-size:13px;line-height:18px;color:#555;vertical-align:middle;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}input,textarea,.uneditable-input{width:206px}textarea{height:auto}textarea,input[type="text"],input[type="password"],input[type="datetime"],input[type="datetime-local"],input[type="date"],input[type="month"],input[type="time"],input[type="week"],input[type="number"],input[type="email"],input[type="url"],input[type="search"],input[type="tel"],input[type="color"],.uneditable-input{background-color:#fff;border:1px solid #ccc;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border linear .2s,box-shadow linear .2s;-moz-transition:border linear .2s,box-shadow linear .2s;-o-transition:border linear .2s,box-shadow linear .2s;transition:border linear .2s,box-shadow linear .2s}textarea:focus,input[type="text"]:focus,input[type="password"]:focus,input[type="datetime"]:focus,input[type="datetime-local"]:focus,input[type="date"]:focus,input[type="month"]:focus,input[type="time"]:focus,input[type="week"]:focus,input[type="number"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="search"]:focus,input[type="tel"]:focus,input[type="color"]:focus,.uneditable-input:focus{border-color:rgba(82,168,236,0.8);outline:0;outline:thin dotted \9;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6)}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;*margin-top:0;line-height:normal}input[type="file"],input[type="image"],input[type="submit"],input[type="reset"],input[type="button"],input[type="radio"],input[type="checkbox"]{width:auto}select,input[type="file"]{height:28px;*margin-top:4px;line-height:28px}select{width:220px;background-color:#fff;border:1px solid #ccc}select[multiple],select[size]{height:auto}select:focus,input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.uneditable-input,.uneditable-textarea{color:#999;cursor:not-allowed;background-color:#fcfcfc;border-color:#ccc;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.025);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.025);box-shadow:inset 0 1px 2px rgba(0,0,0,0.025)}.uneditable-input{overflow:hidden;white-space:nowrap}.uneditable-textarea{width:auto;height:auto}input:-moz-placeholder,textarea:-moz-placeholder{color:#999}input:-ms-input-placeholder,textarea:-ms-input-placeholder{color:#999}input::-webkit-input-placeholder,textarea::-webkit-input-placeholder{color:#999}.radio,.checkbox{min-height:18px;padding-left:20px}.radio input[type="radio"],.checkbox input[type="checkbox"]{float:left;margin-left:-20px}.controls>.radio:first-child,.controls>.checkbox:first-child{padding-top:5px}.radio.inline,.checkbox.inline{display:inline-block;padding-top:5px;margin-bottom:0;vertical-align:middle}.radio.inline+.radio.inline,.checkbox.inline+.checkbox.inline{margin-left:10px}.input-mini{width:60px}.input-small{width:90px}.input-medium{width:150px}.input-large{width:210px}.input-xlarge{width:270px}.input-xxlarge{width:530px}input[class*="span"],select[class*="span"],textarea[class*="span"],.uneditable-input[class*="span"],.row-fluid input[class*="span"],.row-fluid select[class*="span"],.row-fluid textarea[class*="span"],.row-fluid .uneditable-input[class*="span"]{float:none;margin-left:0}.input-append input[class*="span"],.input-append .uneditable-input[class*="span"],.input-prepend input[class*="span"],.input-prepend .uneditable-input[class*="span"],.row-fluid input[class*="span"],.row-fluid select[class*="span"],.row-fluid textarea[class*="span"],.row-fluid .uneditable-input[class*="span"],.row-fluid .input-prepend [class*="span"],.row-fluid .input-append [class*="span"]{display:inline-block}input,textarea,.uneditable-input{margin-left:0}.controls-row [class*="span"]+[class*="span"]{margin-left:20px}input.span12,textarea.span12,.uneditable-input.span12{width:926px}input.span11,textarea.span11,.uneditable-input.span11{width:846px}input.span10,textarea.span10,.uneditable-input.span10{width:766px}input.span9,textarea.span9,.uneditable-input.span9{width:686px}input.span8,textarea.span8,.uneditable-input.span8{width:606px}input.span7,textarea.span7,.uneditable-input.span7{width:526px}input.span6,textarea.span6,.uneditable-input.span6{width:446px}input.span5,textarea.span5,.uneditable-input.span5{width:366px}input.span4,textarea.span4,.uneditable-input.span4{width:286px}input.span3,textarea.span3,.uneditable-input.span3{width:206px}input.span2,textarea.span2,.uneditable-input.span2{width:126px}input.span1,textarea.span1,.uneditable-input.span1{width:46px}.controls-row{*zoom:1}.controls-row:before,.controls-row:after{display:table;line-height:0;content:""}.controls-row:after{clear:both}.controls-row [class*="span"],.row-fluid .controls-row [class*="span"]{float:left}.controls-row .checkbox[class*="span"],.controls-row .radio[class*="span"]{padding-top:5px}input[disabled],select[disabled],textarea[disabled],input[readonly],select[readonly],textarea[readonly]{cursor:not-allowed;background-color:#eee}input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"][readonly],input[type="checkbox"][readonly]{background-color:transparent}.control-group.warning .control-label,.control-group.warning .help-block,.control-group.warning .help-inline{color:#c09853}.control-group.warning .checkbox,.control-group.warning .radio,.control-group.warning input,.control-group.warning select,.control-group.warning textarea{color:#c09853}.control-group.warning input,.control-group.warning select,.control-group.warning textarea{border-color:#c09853;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.warning input:focus,.control-group.warning select:focus,.control-group.warning textarea:focus{border-color:#a47e3c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e}.control-group.warning .input-prepend .add-on,.control-group.warning .input-append .add-on{color:#c09853;background-color:#fcf8e3;border-color:#c09853}.control-group.error .control-label,.control-group.error .help-block,.control-group.error .help-inline{color:#b94a48}.control-group.error .checkbox,.control-group.error .radio,.control-group.error input,.control-group.error select,.control-group.error textarea{color:#b94a48}.control-group.error input,.control-group.error select,.control-group.error textarea{border-color:#b94a48;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.error input:focus,.control-group.error select:focus,.control-group.error textarea:focus{border-color:#953b39;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392}.control-group.error .input-prepend .add-on,.control-group.error .input-append .add-on{color:#b94a48;background-color:#f2dede;border-color:#b94a48}.control-group.success .control-label,.control-group.success .help-block,.control-group.success .help-inline{color:#468847}.control-group.success .checkbox,.control-group.success .radio,.control-group.success input,.control-group.success select,.control-group.success textarea{color:#468847}.control-group.success input,.control-group.success select,.control-group.success textarea{border-color:#468847;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.success input:focus,.control-group.success select:focus,.control-group.success textarea:focus{border-color:#356635;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b}.control-group.success .input-prepend .add-on,.control-group.success .input-append .add-on{color:#468847;background-color:#dff0d8;border-color:#468847}.control-group.info .control-label,.control-group.info .help-block,.control-group.info .help-inline{color:#3a87ad}.control-group.info .checkbox,.control-group.info .radio,.control-group.info input,.control-group.info select,.control-group.info textarea{color:#3a87ad}.control-group.info input,.control-group.info select,.control-group.info textarea{border-color:#3a87ad;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.info input:focus,.control-group.info select:focus,.control-group.info textarea:focus{border-color:#2d6987;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7ab5d3;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7ab5d3;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7ab5d3}.control-group.info .input-prepend .add-on,.control-group.info .input-append .add-on{color:#3a87ad;background-color:#d9edf7;border-color:#3a87ad}input:focus:invalid,textarea:focus:invalid,select:focus:invalid{color:#b94a48;border-color:#ee5f5b}input:focus:invalid:focus,textarea:focus:invalid:focus,select:focus:invalid:focus{border-color:#e9322d;-webkit-box-shadow:0 0 6px #f8b9b7;-moz-box-shadow:0 0 6px #f8b9b7;box-shadow:0 0 6px #f8b9b7}.form-actions{padding:17px 20px 18px;margin-top:18px;margin-bottom:18px;background-color:#f5f5f5;border-top:1px solid #e5e5e5;*zoom:1}.form-actions:before,.form-actions:after{display:table;line-height:0;content:""}.form-actions:after{clear:both}.help-block,.help-inline{color:#595959}.help-block{display:block;margin-bottom:9px}.help-inline{display:inline-block;*display:inline;padding-left:5px;vertical-align:middle;*zoom:1}.input-append,.input-prepend{display:inline-block;margin-bottom:9px;font-size:0;white-space:nowrap;vertical-align:middle}.input-append input,.input-prepend input,.input-append select,.input-prepend select,.input-append .uneditable-input,.input-prepend .uneditable-input,.input-append .dropdown-menu,.input-prepend .dropdown-menu,.input-append .popover,.input-prepend .popover{font-size:13px}.input-append input,.input-prepend input,.input-append select,.input-prepend select,.input-append .uneditable-input,.input-prepend .uneditable-input{position:relative;margin-bottom:0;*margin-left:0;vertical-align:top;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-append input:focus,.input-prepend input:focus,.input-append select:focus,.input-prepend select:focus,.input-append .uneditable-input:focus,.input-prepend .uneditable-input:focus{z-index:2}.input-append .add-on,.input-prepend .add-on{display:inline-block;width:auto;height:18px;min-width:16px;padding:4px 5px;font-size:13px;font-weight:normal;line-height:18px;text-align:center;text-shadow:0 1px 0 #fff;background-color:#eee;border:1px solid #ccc}.input-append .add-on,.input-prepend .add-on,.input-append .btn,.input-prepend .btn,.input-append .btn-group>.dropdown-toggle,.input-prepend .btn-group>.dropdown-toggle{vertical-align:top;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-append .active,.input-prepend .active{background-color:#a9dba9;border-color:#46a546}.input-prepend .add-on,.input-prepend .btn{margin-right:-1px}.input-prepend .add-on:first-child,.input-prepend .btn:first-child{-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.input-append input,.input-append select,.input-append .uneditable-input{-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.input-append input+.btn-group .btn:last-child,.input-append select+.btn-group .btn:last-child,.input-append .uneditable-input+.btn-group .btn:last-child{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-append .add-on,.input-append .btn,.input-append .btn-group{margin-left:-1px}.input-append .add-on:last-child,.input-append .btn:last-child,.input-append .btn-group:last-child>.dropdown-toggle{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-prepend.input-append input,.input-prepend.input-append select,.input-prepend.input-append .uneditable-input{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-prepend.input-append input+.btn-group .btn,.input-prepend.input-append select+.btn-group .btn,.input-prepend.input-append .uneditable-input+.btn-group .btn{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-prepend.input-append .add-on:first-child,.input-prepend.input-append .btn:first-child{margin-right:-1px;-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.input-prepend.input-append .add-on:last-child,.input-prepend.input-append .btn:last-child{margin-left:-1px;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-prepend.input-append .btn-group:first-child{margin-left:0}input.search-query{padding-right:14px;padding-right:4px \9;padding-left:14px;padding-left:4px \9;margin-bottom:0;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px}.form-search .input-append .search-query,.form-search .input-prepend .search-query{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.form-search .input-append .search-query{-webkit-border-radius:14px 0 0 14px;-moz-border-radius:14px 0 0 14px;border-radius:14px 0 0 14px}.form-search .input-append .btn{-webkit-border-radius:0 14px 14px 0;-moz-border-radius:0 14px 14px 0;border-radius:0 14px 14px 0}.form-search .input-prepend .search-query{-webkit-border-radius:0 14px 14px 0;-moz-border-radius:0 14px 14px 0;border-radius:0 14px 14px 0}.form-search .input-prepend .btn{-webkit-border-radius:14px 0 0 14px;-moz-border-radius:14px 0 0 14px;border-radius:14px 0 0 14px}.form-search input,.form-inline input,.form-horizontal input,.form-search textarea,.form-inline textarea,.form-horizontal textarea,.form-search select,.form-inline select,.form-horizontal select,.form-search .help-inline,.form-inline .help-inline,.form-horizontal .help-inline,.form-search .uneditable-input,.form-inline .uneditable-input,.form-horizontal .uneditable-input,.form-search .input-prepend,.form-inline .input-prepend,.form-horizontal .input-prepend,.form-search .input-append,.form-inline .input-append,.form-horizontal .input-append{display:inline-block;*display:inline;margin-bottom:0;vertical-align:middle;*zoom:1}.form-search .hide,.form-inline .hide,.form-horizontal .hide{display:none}.form-search label,.form-inline label,.form-search .btn-group,.form-inline .btn-group{display:inline-block}.form-search .input-append,.form-inline .input-append,.form-search .input-prepend,.form-inline .input-prepend{margin-bottom:0}.form-search .radio,.form-search .checkbox,.form-inline .radio,.form-inline .checkbox{padding-left:0;margin-bottom:0;vertical-align:middle}.form-search .radio input[type="radio"],.form-search .checkbox input[type="checkbox"],.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{float:left;margin-right:3px;margin-left:0}.control-group{margin-bottom:9px}legend+.control-group{margin-top:18px;-webkit-margin-top-collapse:separate}.form-horizontal .control-group{margin-bottom:18px;*zoom:1}.form-horizontal .control-group:before,.form-horizontal .control-group:after{display:table;line-height:0;content:""}.form-horizontal .control-group:after{clear:both}.form-horizontal .control-label{float:left;width:160px;padding-top:5px;text-align:right}.form-horizontal .controls{*display:inline-block;*padding-left:20px;margin-left:180px;*margin-left:0}.form-horizontal .controls:first-child{*padding-left:180px}.form-horizontal .help-block{margin-bottom:0}.form-horizontal input+.help-block,.form-horizontal select+.help-block,.form-horizontal textarea+.help-block,.form-horizontal .uneditable-input+.help-block,.form-horizontal .input-prepend+.help-block,.form-horizontal .input-append+.help-block{margin-top:9px}.form-horizontal .form-actions{padding-left:180px}table{max-width:100%;background-color:transparent;border-collapse:collapse;border-spacing:0}.table{width:100%;margin-bottom:18px}.table th,.table td{padding:8px;line-height:18px;text-align:left;vertical-align:top;border-top:1px solid #ddd}.table th{font-weight:bold}.table thead th{vertical-align:bottom}.table caption+thead tr:first-child th,.table caption+thead tr:first-child td,.table colgroup+thead tr:first-child th,.table colgroup+thead tr:first-child td,.table thead:first-child tr:first-child th,.table thead:first-child tr:first-child td{border-top:0}.table tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed th,.table-condensed td{padding:4px 5px}.table-bordered{border:1px solid #ddd;border-collapse:separate;*border-collapse:collapse;border-left:0;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.table-bordered th,.table-bordered td{border-left:1px solid #ddd}.table-bordered caption+thead tr:first-child th,.table-bordered caption+tbody tr:first-child th,.table-bordered caption+tbody tr:first-child td,.table-bordered colgroup+thead tr:first-child th,.table-bordered colgroup+tbody tr:first-child th,.table-bordered colgroup+tbody tr:first-child td,.table-bordered thead:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child td{border-top:0}.table-bordered thead:first-child tr:first-child>th:first-child,.table-bordered tbody:first-child tr:first-child>td:first-child,.table-bordered tbody:first-child tr:first-child>th:first-child{-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-topleft:4px}.table-bordered thead:first-child tr:first-child>th:last-child,.table-bordered tbody:first-child tr:first-child>td:last-child,.table-bordered tbody:first-child tr:first-child>th:last-child{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-moz-border-radius-topright:4px}.table-bordered thead:last-child tr:last-child>th:first-child,.table-bordered tbody:last-child tr:last-child>td:first-child,.table-bordered tbody:last-child tr:last-child>th:first-child,.table-bordered tfoot:last-child tr:last-child>td:first-child,.table-bordered tfoot:last-child tr:last-child>th:first-child{-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-moz-border-radius-bottomleft:4px}.table-bordered thead:last-child tr:last-child>th:last-child,.table-bordered tbody:last-child tr:last-child>td:last-child,.table-bordered tbody:last-child tr:last-child>th:last-child,.table-bordered tfoot:last-child tr:last-child>td:last-child,.table-bordered tfoot:last-child tr:last-child>th:last-child{-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-bottomright:4px}.table-bordered tfoot+tbody:last-child tr:last-child td:first-child{-webkit-border-bottom-left-radius:0;border-bottom-left-radius:0;-moz-border-radius-bottomleft:0}.table-bordered tfoot+tbody:last-child tr:last-child td:last-child{-webkit-border-bottom-right-radius:0;border-bottom-right-radius:0;-moz-border-radius-bottomright:0}.table-bordered caption+thead tr:first-child th:first-child,.table-bordered caption+tbody tr:first-child td:first-child,.table-bordered colgroup+thead tr:first-child th:first-child,.table-bordered colgroup+tbody tr:first-child td:first-child{-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-topleft:4px}.table-bordered caption+thead tr:first-child th:last-child,.table-bordered caption+tbody tr:first-child td:last-child,.table-bordered colgroup+thead tr:first-child th:last-child,.table-bordered colgroup+tbody tr:first-child td:last-child{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-moz-border-radius-topright:4px}.table-striped tbody>tr:nth-child(odd)>td,.table-striped tbody>tr:nth-child(odd)>th{background-color:#f9f9f9}.table-hover tbody tr:hover>td,.table-hover tbody tr:hover>th{background-color:#f5f5f5}table td[class*="span"],table th[class*="span"],.row-fluid table td[class*="span"],.row-fluid table th[class*="span"]{display:table-cell;float:none;margin-left:0}.table td.span1,.table th.span1{float:none;width:44px;margin-left:0}.table td.span2,.table th.span2{float:none;width:124px;margin-left:0}.table td.span3,.table th.span3{float:none;width:204px;margin-left:0}.table td.span4,.table th.span4{float:none;width:284px;margin-left:0}.table td.span5,.table th.span5{float:none;width:364px;margin-left:0}.table td.span6,.table th.span6{float:none;width:444px;margin-left:0}.table td.span7,.table th.span7{float:none;width:524px;margin-left:0}.table td.span8,.table th.span8{float:none;width:604px;margin-left:0}.table td.span9,.table th.span9{float:none;width:684px;margin-left:0}.table td.span10,.table th.span10{float:none;width:764px;margin-left:0}.table td.span11,.table th.span11{float:none;width:844px;margin-left:0}.table td.span12,.table th.span12{float:none;width:924px;margin-left:0}.table tbody tr.success>td{background-color:#dff0d8}.table tbody tr.error>td{background-color:#f2dede}.table tbody tr.warning>td{background-color:#fcf8e3}.table tbody tr.info>td{background-color:#d9edf7}.table-hover tbody tr.success:hover>td{background-color:#d0e9c6}.table-hover tbody tr.error:hover>td{background-color:#ebcccc}.table-hover tbody tr.warning:hover>td{background-color:#faf2cc}.table-hover tbody tr.info:hover>td{background-color:#c4e3f3}@font-face{font-family:'FontAwesome';font-style:normal;font-weight:normal;src:url('../font/fontawesome-webfont.eot');src:url('../font/fontawesome-webfont.eot?#iefix') format('embedded-opentype'),url('../font/fontawesome-webfont.woff') format('woff'),url('../font/fontawesome-webfont.ttf') format('truetype'),url('../font/fontawesome-webfont.svg#FontAwesome') format('svg')}[class^="icon-"]:before,[class*=" icon-"]:before{display:inline-block;font-family:FontAwesome;font-style:normal;font-weight:normal;text-decoration:inherit}a [class^="icon-"],a [class*=" icon-"]{display:inline-block;text-decoration:inherit}.icon-large:before{font-size:1.3333333333333333em;vertical-align:middle}.btn [class^="icon-"],.nav-tabs [class^="icon-"],.btn [class*=" icon-"],.nav-tabs [class*=" icon-"]{line-height:.9em}li [class^="icon-"],li [class*=" icon-"]{display:inline-block;width:1.25em;text-align:center}li .icon-large:before,li .icon-large:before{width:1.875em}ul.icons{margin-left:2em;text-indent:-0.8em;list-style-type:none}ul.icons li [class^="icon-"],ul.icons li [class*=" icon-"]{width:.8em}ul.icons li .icon-large:before,ul.icons li .icon-large:before{vertical-align:initial}.icon-glass:before{content:"\f000"}.icon-music:before{content:"\f001"}.icon-search:before{content:"\f002"}.icon-envelope:before{content:"\f003"}.icon-heart:before{content:"\f004"}.icon-star:before{content:"\f005"}.icon-star-empty:before{content:"\f006"}.icon-user:before{content:"\f007"}.icon-film:before{content:"\f008"}.icon-th-large:before{content:"\f009"}.icon-th:before{content:"\f00a"}.icon-th-list:before{content:"\f00b"}.icon-ok:before{content:"\f00c"}.icon-remove:before{content:"\f00d"}.icon-zoom-in:before{content:"\f00e"}.icon-zoom-out:before{content:"\f010"}.icon-off:before{content:"\f011"}.icon-signal:before{content:"\f012"}.icon-cog:before{content:"\f013"}.icon-trash:before{content:"\f014"}.icon-home:before{content:"\f015"}.icon-file:before{content:"\f016"}.icon-time:before{content:"\f017"}.icon-road:before{content:"\f018"}.icon-download-alt:before{content:"\f019"}.icon-download:before{content:"\f01a"}.icon-upload:before{content:"\f01b"}.icon-inbox:before{content:"\f01c"}.icon-play-circle:before{content:"\f01d"}.icon-repeat:before{content:"\f01e"}.icon-refresh:before{content:"\f021"}.icon-list-alt:before{content:"\f022"}.icon-lock:before{content:"\f023"}.icon-flag:before{content:"\f024"}.icon-headphones:before{content:"\f025"}.icon-volume-off:before{content:"\f026"}.icon-volume-down:before{content:"\f027"}.icon-volume-up:before{content:"\f028"}.icon-qrcode:before{content:"\f029"}.icon-barcode:before{content:"\f02a"}.icon-tag:before{content:"\f02b"}.icon-tags:before{content:"\f02c"}.icon-book:before{content:"\f02d"}.icon-bookmark:before{content:"\f02e"}.icon-print:before{content:"\f02f"}.icon-camera:before{content:"\f030"}.icon-font:before{content:"\f031"}.icon-bold:before{content:"\f032"}.icon-italic:before{content:"\f033"}.icon-text-height:before{content:"\f034"}.icon-text-width:before{content:"\f035"}.icon-align-left:before{content:"\f036"}.icon-align-center:before{content:"\f037"}.icon-align-right:before{content:"\f038"}.icon-align-justify:before{content:"\f039"}.icon-list:before{content:"\f03a"}.icon-indent-left:before{content:"\f03b"}.icon-indent-right:before{content:"\f03c"}.icon-facetime-video:before{content:"\f03d"}.icon-picture:before{content:"\f03e"}.icon-pencil:before{content:"\f040"}.icon-map-marker:before{content:"\f041"}.icon-adjust:before{content:"\f042"}.icon-tint:before{content:"\f043"}.icon-edit:before{content:"\f044"}.icon-share:before{content:"\f045"}.icon-check:before{content:"\f046"}.icon-move:before{content:"\f047"}.icon-step-backward:before{content:"\f048"}.icon-fast-backward:before{content:"\f049"}.icon-backward:before{content:"\f04a"}.icon-play:before{content:"\f04b"}.icon-pause:before{content:"\f04c"}.icon-stop:before{content:"\f04d"}.icon-forward:before{content:"\f04e"}.icon-fast-forward:before{content:"\f050"}.icon-step-forward:before{content:"\f051"}.icon-eject:before{content:"\f052"}.icon-chevron-left:before{content:"\f053"}.icon-chevron-right:before{content:"\f054"}.icon-plus-sign:before{content:"\f055"}.icon-minus-sign:before{content:"\f056"}.icon-remove-sign:before{content:"\f057"}.icon-ok-sign:before{content:"\f058"}.icon-question-sign:before{content:"\f059"}.icon-info-sign:before{content:"\f05a"}.icon-screenshot:before{content:"\f05b"}.icon-remove-circle:before{content:"\f05c"}.icon-ok-circle:before{content:"\f05d"}.icon-ban-circle:before{content:"\f05e"}.icon-arrow-left:before{content:"\f060"}.icon-arrow-right:before{content:"\f061"}.icon-arrow-up:before{content:"\f062"}.icon-arrow-down:before{content:"\f063"}.icon-share-alt:before{content:"\f064"}.icon-resize-full:before{content:"\f065"}.icon-resize-small:before{content:"\f066"}.icon-plus:before{content:"\f067"}.icon-minus:before{content:"\f068"}.icon-asterisk:before{content:"\f069"}.icon-exclamation-sign:before{content:"\f06a"}.icon-gift:before{content:"\f06b"}.icon-leaf:before{content:"\f06c"}.icon-fire:before{content:"\f06d"}.icon-eye-open:before{content:"\f06e"}.icon-eye-close:before{content:"\f070"}.icon-warning-sign:before{content:"\f071"}.icon-plane:before{content:"\f072"}.icon-calendar:before{content:"\f073"}.icon-random:before{content:"\f074"}.icon-comment:before{content:"\f075"}.icon-magnet:before{content:"\f076"}.icon-chevron-up:before{content:"\f077"}.icon-chevron-down:before{content:"\f078"}.icon-retweet:before{content:"\f079"}.icon-shopping-cart:before{content:"\f07a"}.icon-folder-close:before{content:"\f07b"}.icon-folder-open:before{content:"\f07c"}.icon-resize-vertical:before{content:"\f07d"}.icon-resize-horizontal:before{content:"\f07e"}.icon-bar-chart:before{content:"\f080"}.icon-twitter-sign:before{content:"\f081"}.icon-facebook-sign:before{content:"\f082"}.icon-camera-retro:before{content:"\f083"}.icon-key:before{content:"\f084"}.icon-cogs:before{content:"\f085"}.icon-comments:before{content:"\f086"}.icon-thumbs-up:before{content:"\f087"}.icon-thumbs-down:before{content:"\f088"}.icon-star-half:before{content:"\f089"}.icon-heart-empty:before{content:"\f08a"}.icon-signout:before{content:"\f08b"}.icon-linkedin-sign:before{content:"\f08c"}.icon-pushpin:before{content:"\f08d"}.icon-external-link:before{content:"\f08e"}.icon-signin:before{content:"\f090"}.icon-trophy:before{content:"\f091"}.icon-github-sign:before{content:"\f092"}.icon-upload-alt:before{content:"\f093"}.icon-lemon:before{content:"\f094"}.icon-phone:before{content:"\f095"}.icon-check-empty:before{content:"\f096"}.icon-bookmark-empty:before{content:"\f097"}.icon-phone-sign:before{content:"\f098"}.icon-twitter:before{content:"\f099"}.icon-facebook:before{content:"\f09a"}.icon-github:before{content:"\f09b"}.icon-unlock:before{content:"\f09c"}.icon-credit-card:before{content:"\f09d"}.icon-rss:before{content:"\f09e"}.icon-hdd:before{content:"\f0a0"}.icon-bullhorn:before{content:"\f0a1"}.icon-bell:before{content:"\f0a2"}.icon-certificate:before{content:"\f0a3"}.icon-hand-right:before{content:"\f0a4"}.icon-hand-left:before{content:"\f0a5"}.icon-hand-up:before{content:"\f0a6"}.icon-hand-down:before{content:"\f0a7"}.icon-circle-arrow-left:before{content:"\f0a8"}.icon-circle-arrow-right:before{content:"\f0a9"}.icon-circle-arrow-up:before{content:"\f0aa"}.icon-circle-arrow-down:before{content:"\f0ab"}.icon-globe:before{content:"\f0ac"}.icon-wrench:before{content:"\f0ad"}.icon-tasks:before{content:"\f0ae"}.icon-filter:before{content:"\f0b0"}.icon-briefcase:before{content:"\f0b1"}.icon-fullscreen:before{content:"\f0b2"}.icon-group:before{content:"\f0c0"}.icon-link:before{content:"\f0c1"}.icon-cloud:before{content:"\f0c2"}.icon-beaker:before{content:"\f0c3"}.icon-cut:before{content:"\f0c4"}.icon-copy:before{content:"\f0c5"}.icon-paper-clip:before{content:"\f0c6"}.icon-save:before{content:"\f0c7"}.icon-sign-blank:before{content:"\f0c8"}.icon-reorder:before{content:"\f0c9"}.icon-list-ul:before{content:"\f0ca"}.icon-list-ol:before{content:"\f0cb"}.icon-strikethrough:before{content:"\f0cc"}.icon-underline:before{content:"\f0cd"}.icon-table:before{content:"\f0ce"}.icon-magic:before{content:"\f0d0"}.icon-truck:before{content:"\f0d1"}.icon-pinterest:before{content:"\f0d2"}.icon-pinterest-sign:before{content:"\f0d3"}.icon-google-plus-sign:before{content:"\f0d4"}.icon-google-plus:before{content:"\f0d5"}.icon-money:before{content:"\f0d6"}.icon-caret-down:before{content:"\f0d7"}.icon-caret-up:before{content:"\f0d8"}.icon-caret-left:before{content:"\f0d9"}.icon-caret-right:before{content:"\f0da"}.icon-columns:before{content:"\f0db"}.icon-sort:before{content:"\f0dc"}.icon-sort-down:before{content:"\f0dd"}.icon-sort-up:before{content:"\f0de"}.icon-envelope-alt:before{content:"\f0e0"}.icon-linkedin:before{content:"\f0e1"}.icon-undo:before{content:"\f0e2"}.icon-legal:before{content:"\f0e3"}.icon-dashboard:before{content:"\f0e4"}.icon-comment-alt:before{content:"\f0e5"}.icon-comments-alt:before{content:"\f0e6"}.icon-bolt:before{content:"\f0e7"}.icon-sitemap:before{content:"\f0e8"}.icon-umbrella:before{content:"\f0e9"}.icon-paste:before{content:"\f0ea"}.icon-user-md:before{content:"\f200"}.dropup,.dropdown{position:relative}.dropdown-toggle{*margin-bottom:-3px}.dropdown-toggle:active,.open .dropdown-toggle{outline:0}.caret{display:inline-block;width:0;height:0;vertical-align:top;border-top:4px solid #000;border-right:4px solid transparent;border-left:4px solid transparent;content:""}.dropdown .caret{margin-top:8px;margin-left:2px}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;list-style:none;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);*border-right-width:2px;*border-bottom-width:2px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);-moz-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2);-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{*width:100%;height:1px;margin:8px 1px;*margin:-5px 0 5px;overflow:hidden;background-color:#e5e5e5;border-bottom:1px solid #fff}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:normal;line-height:18px;color:#333;white-space:nowrap}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus,.dropdown-submenu:hover>a,.dropdown-submenu:focus>a{color:#fff;text-decoration:none;background-color:#0081c2;background-image:-moz-linear-gradient(top,#08c,#0077b3);background-image:-webkit-gradient(linear,0 0,0 100%,from(#08c),to(#0077b3));background-image:-webkit-linear-gradient(top,#08c,#0077b3);background-image:-o-linear-gradient(top,#08c,#0077b3);background-image:linear-gradient(to bottom,#08c,#0077b3);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc',endColorstr='#ff0077b3',GradientType=0)}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{color:#fff;text-decoration:none;background-color:#0081c2;background-image:-moz-linear-gradient(top,#08c,#0077b3);background-image:-webkit-gradient(linear,0 0,0 100%,from(#08c),to(#0077b3));background-image:-webkit-linear-gradient(top,#08c,#0077b3);background-image:-o-linear-gradient(top,#08c,#0077b3);background-image:linear-gradient(to bottom,#08c,#0077b3);background-repeat:repeat-x;outline:0;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc',endColorstr='#ff0077b3',GradientType=0)}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{color:#999}.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{text-decoration:none;cursor:default;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.open{*z-index:1000}.open>.dropdown-menu{display:block}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-top:0;border-bottom:4px solid #000;content:""}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:1px}.dropdown-submenu{position:relative}.dropdown-submenu>.dropdown-menu{top:0;left:100%;margin-top:-6px;margin-left:-1px;-webkit-border-radius:0 6px 6px 6px;-moz-border-radius:0 6px 6px 6px;border-radius:0 6px 6px 6px}.dropdown-submenu:hover>.dropdown-menu{display:block}.dropup .dropdown-submenu>.dropdown-menu{top:auto;bottom:0;margin-top:0;margin-bottom:-2px;-webkit-border-radius:5px 5px 5px 0;-moz-border-radius:5px 5px 5px 0;border-radius:5px 5px 5px 0}.dropdown-submenu>a:after{display:block;float:right;width:0;height:0;margin-top:5px;margin-right:-10px;border-color:transparent;border-left-color:#ccc;border-style:solid;border-width:5px 0 5px 5px;content:" "}.dropdown-submenu:hover>a:after{border-left-color:#fff}.dropdown-submenu.pull-left{float:none}.dropdown-submenu.pull-left>.dropdown-menu{left:-100%;margin-left:10px;-webkit-border-radius:6px 0 6px 6px;-moz-border-radius:6px 0 6px 6px;border-radius:6px 0 6px 6px}.dropdown .dropdown-menu .nav-header{padding-right:20px;padding-left:20px}.typeahead{z-index:1051;margin-top:2px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);box-shadow:inset 0 1px 1px rgba(0,0,0,0.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,0.15)}.well-large{padding:24px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.well-small{padding:9px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.fade{opacity:0;-webkit-transition:opacity .15s linear;-moz-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{position:relative;height:0;overflow:hidden;-webkit-transition:height .35s ease;-moz-transition:height .35s ease;-o-transition:height .35s ease;transition:height .35s ease}.collapse.in{height:auto}.close{float:right;font-size:20px;font-weight:bold;line-height:18px;color:#000;text-shadow:0 1px 0 #fff;opacity:.2;filter:alpha(opacity=20)}.close:hover,.close:focus{color:#000;text-decoration:none;cursor:pointer;opacity:.4;filter:alpha(opacity=40)}button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none}.btn{display:inline-block;*display:inline;padding:4px 12px;margin-bottom:0;*margin-left:.3em;font-size:13px;line-height:18px;color:#333;text-align:center;text-shadow:0 1px 1px rgba(255,255,255,0.75);vertical-align:middle;cursor:pointer;background-color:#f5f5f5;*background-color:#e6e6e6;background-image:-moz-linear-gradient(top,#fff,#e6e6e6);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),to(#e6e6e6));background-image:-webkit-linear-gradient(top,#fff,#e6e6e6);background-image:-o-linear-gradient(top,#fff,#e6e6e6);background-image:linear-gradient(to bottom,#fff,#e6e6e6);background-repeat:repeat-x;border:1px solid #ccc;*border:0;border-color:#e6e6e6 #e6e6e6 #bfbfbf;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);border-bottom-color:#b3b3b3;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff',endColorstr='#ffe6e6e6',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);*zoom:1;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05)}.btn:hover,.btn:focus,.btn:active,.btn.active,.btn.disabled,.btn[disabled]{color:#333;background-color:#e6e6e6;*background-color:#d9d9d9}.btn:active,.btn.active{background-color:#ccc \9}.btn:first-child{*margin-left:0}.btn:hover,.btn:focus{color:#333;text-decoration:none;background-position:0 -15px;-webkit-transition:background-position .1s linear;-moz-transition:background-position .1s linear;-o-transition:background-position .1s linear;transition:background-position .1s linear}.btn:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn.active,.btn:active{background-image:none;outline:0;-webkit-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05)}.btn.disabled,.btn[disabled]{cursor:default;background-image:none;opacity:.65;filter:alpha(opacity=65);-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.btn-large{padding:11px 19px;font-size:16.25px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.btn-large [class^="icon-"],.btn-large [class*=" icon-"]{margin-top:4px}.btn-small{padding:2px 10px;font-size:11.049999999999999px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.btn-small [class^="icon-"],.btn-small [class*=" icon-"]{margin-top:0}.btn-mini [class^="icon-"],.btn-mini [class*=" icon-"]{margin-top:-1px}.btn-mini{padding:0 6px;font-size:9.75px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.btn-block{display:block;width:100%;padding-right:0;padding-left:0;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.btn-primary.active,.btn-warning.active,.btn-danger.active,.btn-success.active,.btn-info.active,.btn-inverse.active{color:rgba(255,255,255,0.75)}.btn-primary{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#006dcc;*background-color:#04c;background-image:-moz-linear-gradient(top,#08c,#04c);background-image:-webkit-gradient(linear,0 0,0 100%,from(#08c),to(#04c));background-image:-webkit-linear-gradient(top,#08c,#04c);background-image:-o-linear-gradient(top,#08c,#04c);background-image:linear-gradient(to bottom,#08c,#04c);background-repeat:repeat-x;border-color:#04c #04c #002a80;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc',endColorstr='#ff0044cc',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-primary:hover,.btn-primary:focus,.btn-primary:active,.btn-primary.active,.btn-primary.disabled,.btn-primary[disabled]{color:#fff;background-color:#04c;*background-color:#003bb3}.btn-primary:active,.btn-primary.active{background-color:#039 \9}.btn-warning{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#faa732;*background-color:#f89406;background-image:-moz-linear-gradient(top,#fbb450,#f89406);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fbb450),to(#f89406));background-image:-webkit-linear-gradient(top,#fbb450,#f89406);background-image:-o-linear-gradient(top,#fbb450,#f89406);background-image:linear-gradient(to bottom,#fbb450,#f89406);background-repeat:repeat-x;border-color:#f89406 #f89406 #ad6704;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffbb450',endColorstr='#fff89406',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-warning:hover,.btn-warning:focus,.btn-warning:active,.btn-warning.active,.btn-warning.disabled,.btn-warning[disabled]{color:#fff;background-color:#f89406;*background-color:#df8505}.btn-warning:active,.btn-warning.active{background-color:#c67605 \9}.btn-danger{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#da4f49;*background-color:#bd362f;background-image:-moz-linear-gradient(top,#ee5f5b,#bd362f);background-image:-webkit-gradient(linear,0 0,0 100%,from(#ee5f5b),to(#bd362f));background-image:-webkit-linear-gradient(top,#ee5f5b,#bd362f);background-image:-o-linear-gradient(top,#ee5f5b,#bd362f);background-image:linear-gradient(to bottom,#ee5f5b,#bd362f);background-repeat:repeat-x;border-color:#bd362f #bd362f #802420;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffee5f5b',endColorstr='#ffbd362f',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-danger:hover,.btn-danger:focus,.btn-danger:active,.btn-danger.active,.btn-danger.disabled,.btn-danger[disabled]{color:#fff;background-color:#bd362f;*background-color:#a9302a}.btn-danger:active,.btn-danger.active{background-color:#942a25 \9}.btn-success{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#5bb75b;*background-color:#51a351;background-image:-moz-linear-gradient(top,#62c462,#51a351);background-image:-webkit-gradient(linear,0 0,0 100%,from(#62c462),to(#51a351));background-image:-webkit-linear-gradient(top,#62c462,#51a351);background-image:-o-linear-gradient(top,#62c462,#51a351);background-image:linear-gradient(to bottom,#62c462,#51a351);background-repeat:repeat-x;border-color:#51a351 #51a351 #387038;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff62c462',endColorstr='#ff51a351',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-success:hover,.btn-success:focus,.btn-success:active,.btn-success.active,.btn-success.disabled,.btn-success[disabled]{color:#fff;background-color:#51a351;*background-color:#499249}.btn-success:active,.btn-success.active{background-color:#408140 \9}.btn-info{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#49afcd;*background-color:#2f96b4;background-image:-moz-linear-gradient(top,#5bc0de,#2f96b4);background-image:-webkit-gradient(linear,0 0,0 100%,from(#5bc0de),to(#2f96b4));background-image:-webkit-linear-gradient(top,#5bc0de,#2f96b4);background-image:-o-linear-gradient(top,#5bc0de,#2f96b4);background-image:linear-gradient(to bottom,#5bc0de,#2f96b4);background-repeat:repeat-x;border-color:#2f96b4 #2f96b4 #1f6377;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de',endColorstr='#ff2f96b4',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-info:hover,.btn-info:focus,.btn-info:active,.btn-info.active,.btn-info.disabled,.btn-info[disabled]{color:#fff;background-color:#2f96b4;*background-color:#2a85a0}.btn-info:active,.btn-info.active{background-color:#24748c \9}.btn-inverse{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#363636;*background-color:#222;background-image:-moz-linear-gradient(top,#444,#222);background-image:-webkit-gradient(linear,0 0,0 100%,from(#444),to(#222));background-image:-webkit-linear-gradient(top,#444,#222);background-image:-o-linear-gradient(top,#444,#222);background-image:linear-gradient(to bottom,#444,#222);background-repeat:repeat-x;border-color:#222 #222 #000;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff444444',endColorstr='#ff222222',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-inverse:hover,.btn-inverse:focus,.btn-inverse:active,.btn-inverse.active,.btn-inverse.disabled,.btn-inverse[disabled]{color:#fff;background-color:#222;*background-color:#151515}.btn-inverse:active,.btn-inverse.active{background-color:#080808 \9}button.btn,input[type="submit"].btn{*padding-top:3px;*padding-bottom:3px}button.btn::-moz-focus-inner,input[type="submit"].btn::-moz-focus-inner{padding:0;border:0}button.btn.btn-large,input[type="submit"].btn.btn-large{*padding-top:7px;*padding-bottom:7px}button.btn.btn-small,input[type="submit"].btn.btn-small{*padding-top:3px;*padding-bottom:3px}button.btn.btn-mini,input[type="submit"].btn.btn-mini{*padding-top:1px;*padding-bottom:1px}.btn-link,.btn-link:active,.btn-link[disabled]{background-color:transparent;background-image:none;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.btn-link{color:#08c;cursor:pointer;border-color:transparent;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-link:hover,.btn-link:focus{color:#005580;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,.btn-link[disabled]:focus{color:#333;text-decoration:none}.btn-group{position:relative;display:inline-block;*display:inline;*margin-left:.3em;font-size:0;white-space:nowrap;vertical-align:middle;*zoom:1}.btn-group:first-child{*margin-left:0}.btn-group+.btn-group{margin-left:5px}.btn-toolbar{margin-top:9px;margin-bottom:9px;font-size:0}.btn-toolbar>.btn+.btn,.btn-toolbar>.btn-group+.btn,.btn-toolbar>.btn+.btn-group{margin-left:5px}.btn-group>.btn{position:relative;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-group>.btn+.btn{margin-left:-1px}.btn-group>.btn,.btn-group>.dropdown-menu,.btn-group>.popover{font-size:13px}.btn-group>.btn-mini{font-size:9.75px}.btn-group>.btn-small{font-size:11.049999999999999px}.btn-group>.btn-large{font-size:16.25px}.btn-group>.btn:first-child{margin-left:0;-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-bottomleft:4px;-moz-border-radius-topleft:4px}.btn-group>.btn:last-child,.btn-group>.dropdown-toggle{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-bottomright:4px}.btn-group>.btn.large:first-child{margin-left:0;-webkit-border-bottom-left-radius:6px;border-bottom-left-radius:6px;-webkit-border-top-left-radius:6px;border-top-left-radius:6px;-moz-border-radius-bottomleft:6px;-moz-border-radius-topleft:6px}.btn-group>.btn.large:last-child,.btn-group>.large.dropdown-toggle{-webkit-border-top-right-radius:6px;border-top-right-radius:6px;-webkit-border-bottom-right-radius:6px;border-bottom-right-radius:6px;-moz-border-radius-topright:6px;-moz-border-radius-bottomright:6px}.btn-group>.btn:hover,.btn-group>.btn:focus,.btn-group>.btn:active,.btn-group>.btn.active{z-index:2}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{*padding-top:5px;padding-right:8px;*padding-bottom:5px;padding-left:8px;-webkit-box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05)}.btn-group>.btn-mini+.dropdown-toggle{*padding-top:2px;padding-right:5px;*padding-bottom:2px;padding-left:5px}.btn-group>.btn-small+.dropdown-toggle{*padding-top:5px;*padding-bottom:4px}.btn-group>.btn-large+.dropdown-toggle{*padding-top:7px;padding-right:12px;*padding-bottom:7px;padding-left:12px}.btn-group.open .dropdown-toggle{background-image:none;-webkit-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05)}.btn-group.open .btn.dropdown-toggle{background-color:#e6e6e6}.btn-group.open .btn-primary.dropdown-toggle{background-color:#04c}.btn-group.open .btn-warning.dropdown-toggle{background-color:#f89406}.btn-group.open .btn-danger.dropdown-toggle{background-color:#bd362f}.btn-group.open .btn-success.dropdown-toggle{background-color:#51a351}.btn-group.open .btn-info.dropdown-toggle{background-color:#2f96b4}.btn-group.open .btn-inverse.dropdown-toggle{background-color:#222}.btn .caret{margin-top:8px;margin-left:0}.btn-large .caret{margin-top:6px}.btn-large .caret{border-top-width:5px;border-right-width:5px;border-left-width:5px}.btn-mini .caret,.btn-small .caret{margin-top:8px}.dropup .btn-large .caret{border-bottom-width:5px}.btn-primary .caret,.btn-warning .caret,.btn-danger .caret,.btn-info .caret,.btn-success .caret,.btn-inverse .caret{border-top-color:#fff;border-bottom-color:#fff}.btn-group-vertical{display:inline-block;*display:inline;*zoom:1}.btn-group-vertical>.btn{display:block;float:none;max-width:100%;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-group-vertical>.btn+.btn{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:first-child{-webkit-border-radius:4px 4px 0 0;-moz-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0}.btn-group-vertical>.btn:last-child{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px}.btn-group-vertical>.btn-large:first-child{-webkit-border-radius:6px 6px 0 0;-moz-border-radius:6px 6px 0 0;border-radius:6px 6px 0 0}.btn-group-vertical>.btn-large:last-child{-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px}.alert{padding:8px 35px 8px 14px;margin-bottom:18px;text-shadow:0 1px 0 rgba(255,255,255,0.5);background-color:#fcf8e3;border:1px solid #fbeed5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.alert,.alert h4{color:#c09853}.alert h4{margin:0}.alert .close{position:relative;top:-2px;right:-21px;line-height:18px}.alert-success{color:#468847;background-color:#dff0d8;border-color:#d6e9c6}.alert-success h4{color:#468847}.alert-danger,.alert-error{color:#b94a48;background-color:#f2dede;border-color:#eed3d7}.alert-danger h4,.alert-error h4{color:#b94a48}.alert-info{color:#3a87ad;background-color:#d9edf7;border-color:#bce8f1}.alert-info h4{color:#3a87ad}.alert-block{padding-top:14px;padding-bottom:14px}.alert-block>p,.alert-block>ul{margin-bottom:0}.alert-block p+p{margin-top:5px}.nav{margin-bottom:18px;margin-left:0;list-style:none}.nav>li>a{display:block}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li>a>img{max-width:none}.nav>.pull-right{float:right}.nav-header{display:block;padding:3px 15px;font-size:11px;font-weight:bold;line-height:18px;color:#999;text-shadow:0 1px 0 rgba(255,255,255,0.5);text-transform:uppercase}.nav li+.nav-header{margin-top:9px}.nav-list{padding-right:15px;padding-left:15px;margin-bottom:0}.nav-list>li>a,.nav-list .nav-header{margin-right:-15px;margin-left:-15px;text-shadow:0 1px 0 rgba(255,255,255,0.5)}.nav-list>li>a{padding:3px 15px}.nav-list>.active>a,.nav-list>.active>a:hover,.nav-list>.active>a:focus{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.2);background-color:#08c}.nav-list [class^="icon-"],.nav-list [class*=" icon-"]{margin-right:2px}.nav-list .divider{*width:100%;height:1px;margin:8px 1px;*margin:-5px 0 5px;overflow:hidden;background-color:#e5e5e5;border-bottom:1px solid #fff}.nav-tabs,.nav-pills{*zoom:1}.nav-tabs:before,.nav-pills:before,.nav-tabs:after,.nav-pills:after{display:table;line-height:0;content:""}.nav-tabs:after,.nav-pills:after{clear:both}.nav-tabs>li,.nav-pills>li{float:left}.nav-tabs>li>a,.nav-pills>li>a{padding-right:12px;padding-left:12px;margin-right:2px;line-height:14px}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{margin-bottom:-1px}.nav-tabs>li>a{padding-top:8px;padding-bottom:8px;line-height:18px;border:1px solid transparent;-webkit-border-radius:4px 4px 0 0;-moz-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover,.nav-tabs>li>a:focus{border-color:#eee #eee #ddd}.nav-tabs>.active>a,.nav-tabs>.active>a:hover,.nav-tabs>.active>a:focus{color:#555;cursor:default;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent}.nav-pills>li>a{padding-top:8px;padding-bottom:8px;margin-top:2px;margin-bottom:2px;-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px}.nav-pills>.active>a,.nav-pills>.active>a:hover,.nav-pills>.active>a:focus{color:#fff;background-color:#08c}.nav-stacked>li{float:none}.nav-stacked>li>a{margin-right:0}.nav-tabs.nav-stacked{border-bottom:0}.nav-tabs.nav-stacked>li>a{border:1px solid #ddd;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.nav-tabs.nav-stacked>li:first-child>a{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-topleft:4px}.nav-tabs.nav-stacked>li:last-child>a{-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-moz-border-radius-bottomright:4px;-moz-border-radius-bottomleft:4px}.nav-tabs.nav-stacked>li>a:hover,.nav-tabs.nav-stacked>li>a:focus{z-index:2;border-color:#ddd}.nav-pills.nav-stacked>li>a{margin-bottom:3px}.nav-pills.nav-stacked>li:last-child>a{margin-bottom:1px}.nav-tabs .dropdown-menu{-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px}.nav-pills .dropdown-menu{-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.nav .dropdown-toggle .caret{margin-top:6px;border-top-color:#08c;border-bottom-color:#08c}.nav .dropdown-toggle:hover .caret,.nav .dropdown-toggle:focus .caret{border-top-color:#005580;border-bottom-color:#005580}.nav-tabs .dropdown-toggle .caret{margin-top:8px}.nav .active .dropdown-toggle .caret{border-top-color:#fff;border-bottom-color:#fff}.nav-tabs .active .dropdown-toggle .caret{border-top-color:#555;border-bottom-color:#555}.nav>.dropdown.active>a:hover,.nav>.dropdown.active>a:focus{cursor:pointer}.nav-tabs .open .dropdown-toggle,.nav-pills .open .dropdown-toggle,.nav>li.dropdown.open.active>a:hover,.nav>li.dropdown.open.active>a:focus{color:#fff;background-color:#999;border-color:#999}.nav li.dropdown.open .caret,.nav li.dropdown.open.active .caret,.nav li.dropdown.open a:hover .caret,.nav li.dropdown.open a:focus .caret{border-top-color:#fff;border-bottom-color:#fff;opacity:1;filter:alpha(opacity=100)}.tabs-stacked .open>a:hover,.tabs-stacked .open>a:focus{border-color:#999}.tabbable{*zoom:1}.tabbable:before,.tabbable:after{display:table;line-height:0;content:""}.tabbable:after{clear:both}.tab-content{overflow:auto}.tabs-below>.nav-tabs,.tabs-right>.nav-tabs,.tabs-left>.nav-tabs{border-bottom:0}.tab-content>.tab-pane,.pill-content>.pill-pane{display:none}.tab-content>.active,.pill-content>.active{display:block}.tabs-below>.nav-tabs{border-top:1px solid #ddd}.tabs-below>.nav-tabs>li{margin-top:-1px;margin-bottom:0}.tabs-below>.nav-tabs>li>a{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px}.tabs-below>.nav-tabs>li>a:hover,.tabs-below>.nav-tabs>li>a:focus{border-top-color:#ddd;border-bottom-color:transparent}.tabs-below>.nav-tabs>.active>a,.tabs-below>.nav-tabs>.active>a:hover,.tabs-below>.nav-tabs>.active>a:focus{border-color:transparent #ddd #ddd #ddd}.tabs-left>.nav-tabs>li,.tabs-right>.nav-tabs>li{float:none}.tabs-left>.nav-tabs>li>a,.tabs-right>.nav-tabs>li>a{min-width:74px;margin-right:0;margin-bottom:3px}.tabs-left>.nav-tabs{float:left;margin-right:19px;border-right:1px solid #ddd}.tabs-left>.nav-tabs>li>a{margin-right:-1px;-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.tabs-left>.nav-tabs>li>a:hover,.tabs-left>.nav-tabs>li>a:focus{border-color:#eee #ddd #eee #eee}.tabs-left>.nav-tabs .active>a,.tabs-left>.nav-tabs .active>a:hover,.tabs-left>.nav-tabs .active>a:focus{border-color:#ddd transparent #ddd #ddd;*border-right-color:#fff}.tabs-right>.nav-tabs{float:right;margin-left:19px;border-left:1px solid #ddd}.tabs-right>.nav-tabs>li>a{margin-left:-1px;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.tabs-right>.nav-tabs>li>a:hover,.tabs-right>.nav-tabs>li>a:focus{border-color:#eee #eee #eee #ddd}.tabs-right>.nav-tabs .active>a,.tabs-right>.nav-tabs .active>a:hover,.tabs-right>.nav-tabs .active>a:focus{border-color:#ddd #ddd #ddd transparent;*border-left-color:#fff}.nav>.disabled>a{color:#999}.nav>.disabled>a:hover,.nav>.disabled>a:focus{text-decoration:none;cursor:default;background-color:transparent}.navbar{*position:relative;*z-index:2;margin-bottom:18px;overflow:visible}.navbar-inner{min-height:50px;padding-right:20px;padding-left:20px;background-color:#fafafa;background-image:-moz-linear-gradient(top,#fff,#f2f2f2);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),to(#f2f2f2));background-image:-webkit-linear-gradient(top,#fff,#f2f2f2);background-image:-o-linear-gradient(top,#fff,#f2f2f2);background-image:linear-gradient(to bottom,#fff,#f2f2f2);background-repeat:repeat-x;border:1px solid #d4d4d4;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff',endColorstr='#fff2f2f2',GradientType=0);*zoom:1;-webkit-box-shadow:0 1px 4px rgba(0,0,0,0.065);-moz-box-shadow:0 1px 4px rgba(0,0,0,0.065);box-shadow:0 1px 4px rgba(0,0,0,0.065)}.navbar-inner:before,.navbar-inner:after{display:table;line-height:0;content:""}.navbar-inner:after{clear:both}.navbar .container{width:auto}.nav-collapse.collapse{height:auto;overflow:visible}.navbar .brand{display:block;float:left;padding:16px 20px 16px;margin-left:-20px;font-size:20px;font-weight:200;color:#777;text-shadow:0 1px 0 #fff}.navbar .brand:hover,.navbar .brand:focus{text-decoration:none}.navbar-text{margin-bottom:0;line-height:50px;color:#777}.navbar-link{color:#777}.navbar-link:hover,.navbar-link:focus{color:#333}.navbar .divider-vertical{height:50px;margin:0 9px;border-right:1px solid #fff;border-left:1px solid #f2f2f2}.navbar .btn,.navbar .btn-group{margin-top:10px}.navbar .btn-group .btn,.navbar .input-prepend .btn,.navbar .input-append .btn,.navbar .input-prepend .btn-group,.navbar .input-append .btn-group{margin-top:0}.navbar-form{margin-bottom:0;*zoom:1}.navbar-form:before,.navbar-form:after{display:table;line-height:0;content:""}.navbar-form:after{clear:both}.navbar-form input,.navbar-form select,.navbar-form .radio,.navbar-form .checkbox{margin-top:10px}.navbar-form input,.navbar-form select,.navbar-form .btn{display:inline-block;margin-bottom:0}.navbar-form input[type="image"],.navbar-form input[type="checkbox"],.navbar-form input[type="radio"]{margin-top:3px}.navbar-form .input-append,.navbar-form .input-prepend{margin-top:5px;white-space:nowrap}.navbar-form .input-append input,.navbar-form .input-prepend input{margin-top:0}.navbar-search{position:relative;float:left;margin-top:10px;margin-bottom:0}.navbar-search .search-query{padding:4px 14px;margin-bottom:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px;font-weight:normal;line-height:1;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px}.navbar-static-top{position:static;margin-bottom:0}.navbar-static-top .navbar-inner{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030;margin-bottom:0}.navbar-fixed-top .navbar-inner,.navbar-static-top .navbar-inner{border-width:0 0 1px}.navbar-fixed-bottom .navbar-inner{border-width:1px 0 0}.navbar-fixed-top .navbar-inner,.navbar-fixed-bottom .navbar-inner{padding-right:0;padding-left:0;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.navbar-static-top .container,.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:940px}.navbar-fixed-top{top:0}.navbar-fixed-top .navbar-inner,.navbar-static-top .navbar-inner{-webkit-box-shadow:0 1px 10px rgba(0,0,0,0.1);-moz-box-shadow:0 1px 10px rgba(0,0,0,0.1);box-shadow:0 1px 10px rgba(0,0,0,0.1)}.navbar-fixed-bottom{bottom:0}.navbar-fixed-bottom .navbar-inner{-webkit-box-shadow:0 -1px 10px rgba(0,0,0,0.1);-moz-box-shadow:0 -1px 10px rgba(0,0,0,0.1);box-shadow:0 -1px 10px rgba(0,0,0,0.1)}.navbar .nav{position:relative;left:0;display:block;float:left;margin:0 10px 0 0}.navbar .nav.pull-right{float:right;margin-right:0}.navbar .nav>li{float:left}.navbar .nav>li>a{float:none;padding:16px 15px 16px;color:#777;text-decoration:none;text-shadow:0 1px 0 #fff}.navbar .nav .dropdown-toggle .caret{margin-top:8px}.navbar .nav>li>a:focus,.navbar .nav>li>a:hover{color:#333;text-decoration:none;background-color:transparent}.navbar .nav>.active>a,.navbar .nav>.active>a:hover,.navbar .nav>.active>a:focus{color:#555;text-decoration:none;background-color:#e5e5e5;-webkit-box-shadow:inset 0 3px 8px rgba(0,0,0,0.125);-moz-box-shadow:inset 0 3px 8px rgba(0,0,0,0.125);box-shadow:inset 0 3px 8px rgba(0,0,0,0.125)}.navbar .btn-navbar{display:none;float:right;padding:7px 10px;margin-right:5px;margin-left:5px;color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#ededed;*background-color:#e5e5e5;background-image:-moz-linear-gradient(top,#f2f2f2,#e5e5e5);background-image:-webkit-gradient(linear,0 0,0 100%,from(#f2f2f2),to(#e5e5e5));background-image:-webkit-linear-gradient(top,#f2f2f2,#e5e5e5);background-image:-o-linear-gradient(top,#f2f2f2,#e5e5e5);background-image:linear-gradient(to bottom,#f2f2f2,#e5e5e5);background-repeat:repeat-x;border-color:#e5e5e5 #e5e5e5 #bfbfbf;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2f2f2',endColorstr='#ffe5e5e5',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075)}.navbar .btn-navbar:hover,.navbar .btn-navbar:focus,.navbar .btn-navbar:active,.navbar .btn-navbar.active,.navbar .btn-navbar.disabled,.navbar .btn-navbar[disabled]{color:#fff;background-color:#e5e5e5;*background-color:#d9d9d9}.navbar .btn-navbar:active,.navbar .btn-navbar.active{background-color:#ccc \9}.navbar .btn-navbar .icon-bar{display:block;width:18px;height:2px;background-color:#f5f5f5;-webkit-border-radius:1px;-moz-border-radius:1px;border-radius:1px;-webkit-box-shadow:0 1px 0 rgba(0,0,0,0.25);-moz-box-shadow:0 1px 0 rgba(0,0,0,0.25);box-shadow:0 1px 0 rgba(0,0,0,0.25)}.btn-navbar .icon-bar+.icon-bar{margin-top:3px}.navbar .nav>li>.dropdown-menu:before{position:absolute;top:-7px;left:9px;display:inline-block;border-right:7px solid transparent;border-bottom:7px solid #ccc;border-left:7px solid transparent;border-bottom-color:rgba(0,0,0,0.2);content:''}.navbar .nav>li>.dropdown-menu:after{position:absolute;top:-6px;left:10px;display:inline-block;border-right:6px solid transparent;border-bottom:6px solid #fff;border-left:6px solid transparent;content:''}.navbar-fixed-bottom .nav>li>.dropdown-menu:before{top:auto;bottom:-7px;border-top:7px solid #ccc;border-bottom:0;border-top-color:rgba(0,0,0,0.2)}.navbar-fixed-bottom .nav>li>.dropdown-menu:after{top:auto;bottom:-6px;border-top:6px solid #fff;border-bottom:0}.navbar .nav li.dropdown>a:hover .caret,.navbar .nav li.dropdown>a:focus .caret{border-top-color:#333;border-bottom-color:#333}.navbar .nav li.dropdown.open>.dropdown-toggle,.navbar .nav li.dropdown.active>.dropdown-toggle,.navbar .nav li.dropdown.open.active>.dropdown-toggle{color:#555;background-color:#e5e5e5}.navbar .nav li.dropdown>.dropdown-toggle .caret{border-top-color:#777;border-bottom-color:#777}.navbar .nav li.dropdown.open>.dropdown-toggle .caret,.navbar .nav li.dropdown.active>.dropdown-toggle .caret,.navbar .nav li.dropdown.open.active>.dropdown-toggle .caret{border-top-color:#555;border-bottom-color:#555}.navbar .pull-right>li>.dropdown-menu,.navbar .nav>li>.dropdown-menu.pull-right{right:0;left:auto}.navbar .pull-right>li>.dropdown-menu:before,.navbar .nav>li>.dropdown-menu.pull-right:before{right:12px;left:auto}.navbar .pull-right>li>.dropdown-menu:after,.navbar .nav>li>.dropdown-menu.pull-right:after{right:13px;left:auto}.navbar .pull-right>li>.dropdown-menu .dropdown-menu,.navbar .nav>li>.dropdown-menu.pull-right .dropdown-menu{right:100%;left:auto;margin-right:-1px;margin-left:0;-webkit-border-radius:6px 0 6px 6px;-moz-border-radius:6px 0 6px 6px;border-radius:6px 0 6px 6px}.navbar-inverse .navbar-inner{background-color:#1b1b1b;background-image:-moz-linear-gradient(top,#222,#111);background-image:-webkit-gradient(linear,0 0,0 100%,from(#222),to(#111));background-image:-webkit-linear-gradient(top,#222,#111);background-image:-o-linear-gradient(top,#222,#111);background-image:linear-gradient(to bottom,#222,#111);background-repeat:repeat-x;border-color:#252525;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff222222',endColorstr='#ff111111',GradientType=0)}.navbar-inverse .brand,.navbar-inverse .nav>li>a{color:#999;text-shadow:0 -1px 0 rgba(0,0,0,0.25)}.navbar-inverse .brand:hover,.navbar-inverse .nav>li>a:hover,.navbar-inverse .brand:focus,.navbar-inverse .nav>li>a:focus{color:#fff}.navbar-inverse .brand{color:#999}.navbar-inverse .navbar-text{color:#999}.navbar-inverse .nav>li>a:focus,.navbar-inverse .nav>li>a:hover{color:#fff;background-color:transparent}.navbar-inverse .nav .active>a,.navbar-inverse .nav .active>a:hover,.navbar-inverse .nav .active>a:focus{color:#fff;background-color:#111}.navbar-inverse .navbar-link{color:#999}.navbar-inverse .navbar-link:hover,.navbar-inverse .navbar-link:focus{color:#fff}.navbar-inverse .divider-vertical{border-right-color:#222;border-left-color:#111}.navbar-inverse .nav li.dropdown.open>.dropdown-toggle,.navbar-inverse .nav li.dropdown.active>.dropdown-toggle,.navbar-inverse .nav li.dropdown.open.active>.dropdown-toggle{color:#fff;background-color:#111}.navbar-inverse .nav li.dropdown>a:hover .caret,.navbar-inverse .nav li.dropdown>a:focus .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar-inverse .nav li.dropdown>.dropdown-toggle .caret{border-top-color:#999;border-bottom-color:#999}.navbar-inverse .nav li.dropdown.open>.dropdown-toggle .caret,.navbar-inverse .nav li.dropdown.active>.dropdown-toggle .caret,.navbar-inverse .nav li.dropdown.open.active>.dropdown-toggle .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar-inverse .navbar-search .search-query{color:#fff;background-color:#515151;border-color:#111;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);-webkit-transition:none;-moz-transition:none;-o-transition:none;transition:none}.navbar-inverse .navbar-search .search-query:-moz-placeholder{color:#ccc}.navbar-inverse .navbar-search .search-query:-ms-input-placeholder{color:#ccc}.navbar-inverse .navbar-search .search-query::-webkit-input-placeholder{color:#ccc}.navbar-inverse .navbar-search .search-query:focus,.navbar-inverse .navbar-search .search-query.focused{padding:5px 15px;color:#333;text-shadow:0 1px 0 #fff;background-color:#fff;border:0;outline:0;-webkit-box-shadow:0 0 3px rgba(0,0,0,0.15);-moz-box-shadow:0 0 3px rgba(0,0,0,0.15);box-shadow:0 0 3px rgba(0,0,0,0.15)}.navbar-inverse .btn-navbar{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#0e0e0e;*background-color:#040404;background-image:-moz-linear-gradient(top,#151515,#040404);background-image:-webkit-gradient(linear,0 0,0 100%,from(#151515),to(#040404));background-image:-webkit-linear-gradient(top,#151515,#040404);background-image:-o-linear-gradient(top,#151515,#040404);background-image:linear-gradient(to bottom,#151515,#040404);background-repeat:repeat-x;border-color:#040404 #040404 #000;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff151515',endColorstr='#ff040404',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.navbar-inverse .btn-navbar:hover,.navbar-inverse .btn-navbar:focus,.navbar-inverse .btn-navbar:active,.navbar-inverse .btn-navbar.active,.navbar-inverse .btn-navbar.disabled,.navbar-inverse .btn-navbar[disabled]{color:#fff;background-color:#040404;*background-color:#000}.navbar-inverse .btn-navbar:active,.navbar-inverse .btn-navbar.active{background-color:#000 \9}.breadcrumb{padding:8px 15px;margin:0 0 18px;list-style:none;background-color:#f5f5f5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.breadcrumb>li{display:inline-block;*display:inline;text-shadow:0 1px 0 #fff;*zoom:1}.breadcrumb>li>.divider{padding:0 5px;color:#ccc}.breadcrumb>.active{color:#999}.pagination{margin:18px 0}.pagination ul{display:inline-block;*display:inline;margin-bottom:0;margin-left:0;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;*zoom:1;-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:0 1px 2px rgba(0,0,0,0.05);box-shadow:0 1px 2px rgba(0,0,0,0.05)}.pagination ul>li{display:inline}.pagination ul>li>a,.pagination ul>li>span{float:left;padding:4px 12px;line-height:18px;text-decoration:none;background-color:#fff;border:1px solid #ddd;border-left-width:0}.pagination ul>li>a:hover,.pagination ul>li>a:focus,.pagination ul>.active>a,.pagination ul>.active>span{background-color:#f5f5f5}.pagination ul>.active>a,.pagination ul>.active>span{color:#999;cursor:default}.pagination ul>.disabled>span,.pagination ul>.disabled>a,.pagination ul>.disabled>a:hover,.pagination ul>.disabled>a:focus{color:#999;cursor:default;background-color:transparent}.pagination ul>li:first-child>a,.pagination ul>li:first-child>span{border-left-width:1px;-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-bottomleft:4px;-moz-border-radius-topleft:4px}.pagination ul>li:last-child>a,.pagination ul>li:last-child>span{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-bottomright:4px}.pagination-centered{text-align:center}.pagination-right{text-align:right}.pagination-large ul>li>a,.pagination-large ul>li>span{padding:11px 19px;font-size:16.25px}.pagination-large ul>li:first-child>a,.pagination-large ul>li:first-child>span{-webkit-border-bottom-left-radius:6px;border-bottom-left-radius:6px;-webkit-border-top-left-radius:6px;border-top-left-radius:6px;-moz-border-radius-bottomleft:6px;-moz-border-radius-topleft:6px}.pagination-large ul>li:last-child>a,.pagination-large ul>li:last-child>span{-webkit-border-top-right-radius:6px;border-top-right-radius:6px;-webkit-border-bottom-right-radius:6px;border-bottom-right-radius:6px;-moz-border-radius-topright:6px;-moz-border-radius-bottomright:6px}.pagination-mini ul>li:first-child>a,.pagination-small ul>li:first-child>a,.pagination-mini ul>li:first-child>span,.pagination-small ul>li:first-child>span{-webkit-border-bottom-left-radius:3px;border-bottom-left-radius:3px;-webkit-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-bottomleft:3px;-moz-border-radius-topleft:3px}.pagination-mini ul>li:last-child>a,.pagination-small ul>li:last-child>a,.pagination-mini ul>li:last-child>span,.pagination-small ul>li:last-child>span{-webkit-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-border-bottom-right-radius:3px;border-bottom-right-radius:3px;-moz-border-radius-topright:3px;-moz-border-radius-bottomright:3px}.pagination-small ul>li>a,.pagination-small ul>li>span{padding:2px 10px;font-size:11.049999999999999px}.pagination-mini ul>li>a,.pagination-mini ul>li>span{padding:0 6px;font-size:9.75px}.pager{margin:18px 0;text-align:center;list-style:none;*zoom:1}.pager:before,.pager:after{display:table;line-height:0;content:""}.pager:after{clear:both}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px}.pager li>a:hover,.pager li>a:focus{text-decoration:none;background-color:#f5f5f5}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>a:focus,.pager .disabled>span{color:#999;cursor:default;background-color:#fff}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{opacity:0}.modal-backdrop,.modal-backdrop.fade.in{opacity:.8;filter:alpha(opacity=80)}.modal{position:fixed;top:10%;left:50%;z-index:1050;width:560px;margin-left:-280px;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,0.3);*border:1px solid #999;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;outline:0;-webkit-box-shadow:0 3px 7px rgba(0,0,0,0.3);-moz-box-shadow:0 3px 7px rgba(0,0,0,0.3);box-shadow:0 3px 7px rgba(0,0,0,0.3);-webkit-background-clip:padding-box;-moz-background-clip:padding-box;background-clip:padding-box}.modal.fade{top:-25%;-webkit-transition:opacity .3s linear,top .3s ease-out;-moz-transition:opacity .3s linear,top .3s ease-out;-o-transition:opacity .3s linear,top .3s ease-out;transition:opacity .3s linear,top .3s ease-out}.modal.fade.in{top:10%}.modal-header{padding:9px 15px;border-bottom:1px solid #eee}.modal-header .close{margin-top:2px}.modal-header h3{margin:0;line-height:30px}.modal-body{position:relative;max-height:400px;padding:15px;overflow-y:auto}.modal-form{margin-bottom:0}.modal-footer{padding:14px 15px 15px;margin-bottom:0;text-align:right;background-color:#f5f5f5;border-top:1px solid #ddd;-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px;*zoom:1;-webkit-box-shadow:inset 0 1px 0 #fff;-moz-box-shadow:inset 0 1px 0 #fff;box-shadow:inset 0 1px 0 #fff}.modal-footer:before,.modal-footer:after{display:table;line-height:0;content:""}.modal-footer:after{clear:both}.modal-footer .btn+.btn{margin-bottom:0;margin-left:5px}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.tooltip{position:absolute;z-index:1030;display:block;font-size:11px;line-height:1.4;opacity:0;filter:alpha(opacity=0);visibility:visible}.tooltip.in{opacity:.8;filter:alpha(opacity=80)}.tooltip.top{padding:5px 0;margin-top:-3px}.tooltip.right{padding:0 5px;margin-left:3px}.tooltip.bottom{padding:5px 0;margin-top:3px}.tooltip.left{padding:0 5px;margin-left:-3px}.tooltip-inner{max-width:200px;padding:8px;color:#fff;text-align:center;text-decoration:none;background-color:#000;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-top-color:#000;border-width:5px 5px 0}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-right-color:#000;border-width:5px 5px 5px 0}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-left-color:#000;border-width:5px 0 5px 5px}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-bottom-color:#000;border-width:0 5px 5px}.popover{position:absolute;top:0;left:0;z-index:1010;display:none;max-width:276px;padding:1px;text-align:left;white-space:normal;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);-moz-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2);-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{padding:8px 14px;margin:0;font-size:14px;font-weight:normal;line-height:18px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;-webkit-border-radius:5px 5px 0 0;-moz-border-radius:5px 5px 0 0;border-radius:5px 5px 0 0}.popover-title:empty{display:none}.popover-content{padding:9px 14px}.popover .arrow,.popover .arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover .arrow{border-width:11px}.popover .arrow:after{border-width:10px;content:""}.popover.top .arrow{bottom:-11px;left:50%;margin-left:-11px;border-top-color:#999;border-top-color:rgba(0,0,0,0.25);border-bottom-width:0}.popover.top .arrow:after{bottom:1px;margin-left:-10px;border-top-color:#fff;border-bottom-width:0}.popover.right .arrow{top:50%;left:-11px;margin-top:-11px;border-right-color:#999;border-right-color:rgba(0,0,0,0.25);border-left-width:0}.popover.right .arrow:after{bottom:-10px;left:1px;border-right-color:#fff;border-left-width:0}.popover.bottom .arrow{top:-11px;left:50%;margin-left:-11px;border-bottom-color:#999;border-bottom-color:rgba(0,0,0,0.25);border-top-width:0}.popover.bottom .arrow:after{top:1px;margin-left:-10px;border-bottom-color:#fff;border-top-width:0}.popover.left .arrow{top:50%;right:-11px;margin-top:-11px;border-left-color:#999;border-left-color:rgba(0,0,0,0.25);border-right-width:0}.popover.left .arrow:after{right:1px;bottom:-10px;border-left-color:#fff;border-right-width:0}.thumbnails{margin-left:-20px;list-style:none;*zoom:1}.thumbnails:before,.thumbnails:after{display:table;line-height:0;content:""}.thumbnails:after{clear:both}.row-fluid .thumbnails{margin-left:0}.thumbnails>li{float:left;margin-bottom:18px;margin-left:20px}.thumbnail{display:block;padding:4px;line-height:18px;border:1px solid #ddd;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:0 1px 3px rgba(0,0,0,0.055);-moz-box-shadow:0 1px 3px rgba(0,0,0,0.055);box-shadow:0 1px 3px rgba(0,0,0,0.055);-webkit-transition:all .2s ease-in-out;-moz-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out}a.thumbnail:hover,a.thumbnail:focus{border-color:#08c;-webkit-box-shadow:0 1px 4px rgba(0,105,214,0.25);-moz-box-shadow:0 1px 4px rgba(0,105,214,0.25);box-shadow:0 1px 4px rgba(0,105,214,0.25)}.thumbnail>img{display:block;max-width:100%;margin-right:auto;margin-left:auto}.thumbnail .caption{padding:9px;color:#555}.media,.media-body{overflow:hidden;*overflow:visible;zoom:1}.media,.media .media{margin-top:15px}.media:first-child{margin-top:0}.media-object{display:block}.media-heading{margin:0 0 5px}.media>.pull-left{margin-right:10px}.media>.pull-right{margin-left:10px}.media-list{margin-left:0;list-style:none}.label,.badge{display:inline-block;padding:2px 4px;font-size:10.998px;font-weight:bold;line-height:14px;color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);white-space:nowrap;vertical-align:baseline;background-color:#999}.label{-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.badge{padding-right:9px;padding-left:9px;-webkit-border-radius:9px;-moz-border-radius:9px;border-radius:9px}.label:empty,.badge:empty{display:none}a.label:hover,a.label:focus,a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.label-important,.badge-important{background-color:#b94a48}.label-important[href],.badge-important[href]{background-color:#953b39}.label-warning,.badge-warning{background-color:#f89406}.label-warning[href],.badge-warning[href]{background-color:#c67605}.label-success,.badge-success{background-color:#468847}.label-success[href],.badge-success[href]{background-color:#356635}.label-info,.badge-info{background-color:#3a87ad}.label-info[href],.badge-info[href]{background-color:#2d6987}.label-inverse,.badge-inverse{background-color:#333}.label-inverse[href],.badge-inverse[href]{background-color:#1a1a1a}.btn .label,.btn .badge{position:relative;top:-1px}.btn-mini .label,.btn-mini .badge{top:0}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-moz-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-ms-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:0 0}to{background-position:40px 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{height:18px;margin-bottom:18px;overflow:hidden;background-color:#f7f7f7;background-image:-moz-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:-webkit-gradient(linear,0 0,0 100%,from(#f5f5f5),to(#f9f9f9));background-image:-webkit-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:-o-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:linear-gradient(to bottom,#f5f5f5,#f9f9f9);background-repeat:repeat-x;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5',endColorstr='#fff9f9f9',GradientType=0);-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress .bar{float:left;width:0;height:100%;font-size:12px;color:#fff;text-align:center;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#0e90d2;background-image:-moz-linear-gradient(top,#149bdf,#0480be);background-image:-webkit-gradient(linear,0 0,0 100%,from(#149bdf),to(#0480be));background-image:-webkit-linear-gradient(top,#149bdf,#0480be);background-image:-o-linear-gradient(top,#149bdf,#0480be);background-image:linear-gradient(to bottom,#149bdf,#0480be);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff149bdf',endColorstr='#ff0480be',GradientType=0);-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-moz-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;-webkit-transition:width .6s ease;-moz-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress .bar+.bar{-webkit-box-shadow:inset 1px 0 0 rgba(0,0,0,0.15),inset 0 -1px 0 rgba(0,0,0,0.15);-moz-box-shadow:inset 1px 0 0 rgba(0,0,0,0.15),inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 1px 0 0 rgba(0,0,0,0.15),inset 0 -1px 0 rgba(0,0,0,0.15)}.progress-striped .bar{background-color:#149bdf;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);-webkit-background-size:40px 40px;-moz-background-size:40px 40px;-o-background-size:40px 40px;background-size:40px 40px}.progress.active .bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-moz-animation:progress-bar-stripes 2s linear infinite;-ms-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-danger .bar,.progress .bar-danger{background-color:#dd514c;background-image:-moz-linear-gradient(top,#ee5f5b,#c43c35);background-image:-webkit-gradient(linear,0 0,0 100%,from(#ee5f5b),to(#c43c35));background-image:-webkit-linear-gradient(top,#ee5f5b,#c43c35);background-image:-o-linear-gradient(top,#ee5f5b,#c43c35);background-image:linear-gradient(to bottom,#ee5f5b,#c43c35);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffee5f5b',endColorstr='#ffc43c35',GradientType=0)}.progress-danger.progress-striped .bar,.progress-striped .bar-danger{background-color:#ee5f5b;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-success .bar,.progress .bar-success{background-color:#5eb95e;background-image:-moz-linear-gradient(top,#62c462,#57a957);background-image:-webkit-gradient(linear,0 0,0 100%,from(#62c462),to(#57a957));background-image:-webkit-linear-gradient(top,#62c462,#57a957);background-image:-o-linear-gradient(top,#62c462,#57a957);background-image:linear-gradient(to bottom,#62c462,#57a957);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff62c462',endColorstr='#ff57a957',GradientType=0)}.progress-success.progress-striped .bar,.progress-striped .bar-success{background-color:#62c462;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-info .bar,.progress .bar-info{background-color:#4bb1cf;background-image:-moz-linear-gradient(top,#5bc0de,#339bb9);background-image:-webkit-gradient(linear,0 0,0 100%,from(#5bc0de),to(#339bb9));background-image:-webkit-linear-gradient(top,#5bc0de,#339bb9);background-image:-o-linear-gradient(top,#5bc0de,#339bb9);background-image:linear-gradient(to bottom,#5bc0de,#339bb9);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de',endColorstr='#ff339bb9',GradientType=0)}.progress-info.progress-striped .bar,.progress-striped .bar-info{background-color:#5bc0de;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-warning .bar,.progress .bar-warning{background-color:#faa732;background-image:-moz-linear-gradient(top,#fbb450,#f89406);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fbb450),to(#f89406));background-image:-webkit-linear-gradient(top,#fbb450,#f89406);background-image:-o-linear-gradient(top,#fbb450,#f89406);background-image:linear-gradient(to bottom,#fbb450,#f89406);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffbb450',endColorstr='#fff89406',GradientType=0)}.progress-warning.progress-striped .bar,.progress-striped .bar-warning{background-color:#fbb450;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.accordion{margin-bottom:18px}.accordion-group{margin-bottom:2px;border:1px solid #e5e5e5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.accordion-heading{border-bottom:0}.accordion-heading .accordion-toggle{display:block;padding:8px 15px}.accordion-toggle{cursor:pointer}.accordion-inner{padding:9px 15px;border-top:1px solid #e5e5e5}.carousel{position:relative;margin-bottom:18px;line-height:1}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner>.item{position:relative;display:none;-webkit-transition:.6s ease-in-out left;-moz-transition:.6s ease-in-out left;-o-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>img,.carousel-inner>.item>a>img{display:block;line-height:1}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:40%;left:15px;width:40px;height:40px;margin-top:-20px;font-size:60px;font-weight:100;line-height:30px;color:#fff;text-align:center;background:#222;border:3px solid #fff;-webkit-border-radius:23px;-moz-border-radius:23px;border-radius:23px;opacity:.5;filter:alpha(opacity=50)}.carousel-control.right{right:15px;left:auto}.carousel-control:hover,.carousel-control:focus{color:#fff;text-decoration:none;opacity:.9;filter:alpha(opacity=90)}.carousel-indicators{position:absolute;top:15px;right:15px;z-index:5;margin:0;list-style:none}.carousel-indicators li{display:block;float:left;width:10px;height:10px;margin-left:5px;text-indent:-999px;background-color:#ccc;background-color:rgba(255,255,255,0.25);border-radius:5px}.carousel-indicators .active{background-color:#fff}.carousel-caption{position:absolute;right:0;bottom:0;left:0;padding:15px;background:#333;background:rgba(0,0,0,0.75)}.carousel-caption h4,.carousel-caption p{line-height:18px;color:#fff}.carousel-caption h4{margin:0 0 5px}.carousel-caption p{margin-bottom:0}.hero-unit{padding:60px;margin-bottom:30px;font-size:18px;font-weight:200;line-height:27px;color:inherit;background-color:#eee;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.hero-unit h1{margin-bottom:0;font-size:60px;line-height:1;letter-spacing:-1px;color:inherit}.hero-unit li{line-height:27px}.pull-right{float:right}.pull-left{float:left}.hide{display:none}.show{display:block}.invisible{visibility:hidden}.affix{position:fixed}.chzn-container .chzn-drop{position:fixed}.chzn-container{position:relative;display:inline-block;*display:inline;zoom:1}.chzn-drop{position:absolute;top:29px;left:0;z-index:1050;background:#fff;border:1px solid #aaa;border-top:0;-webkit-box-shadow:0 4px 5px rgba(0,0,0,0.15);-moz-box-shadow:0 4px 5px rgba(0,0,0,0.15);box-shadow:0 4px 5px rgba(0,0,0,0.15)}.chzn-container-single .chzn-single{position:relative;display:block;height:23px;padding:0 0 0 8px;overflow:hidden;line-height:24px;color:#444;text-decoration:none;white-space:nowrap;background-color:#efefef;background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),color-stop(50%,#eee),to(#f4f4f4));background-image:-webkit-linear-gradient(#fff,#eee 50%,#f4f4f4);background-image:-moz-linear-gradient(top,#fff,#eee 50%,#f4f4f4);background-image:-o-linear-gradient(#fff,#eee 50%,#f4f4f4);background-image:linear-gradient(#fff,#eee 50%,#f4f4f4);background-repeat:no-repeat;border:1px solid #aaa;-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff',endColorstr='#fff4f4f4',GradientType=0);-webkit-box-shadow:0 0 3px #fff inset,0 1px 1px rgba(0,0,0,0.1);-moz-box-shadow:0 0 3px #fff inset,0 1px 1px rgba(0,0,0,0.1);box-shadow:0 0 3px #fff inset,0 1px 1px rgba(0,0,0,0.1);-webkit-background-clip:padding-box;-moz-background-clip:padding-box;background-clip:padding-box}.chzn-container-single .chzn-default{color:#999}.chzn-container-single .chzn-single span{display:block;margin-right:26px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.chzn-container-single .chzn-single abbr{position:absolute;top:0;right:26px}.chzn-container-single .chzn-single abbr:before{float:right;font-size:20px;font-weight:bold;line-height:18px;color:#000;text-shadow:0 1px 0 #fff;content:'\00D7';opacity:.2;filter:alpha(opacity=20)}.chzn-container-single .chzn-single abbr:before:hover,.chzn-container-single .chzn-single abbr:before:focus{color:#000;text-decoration:none;cursor:pointer;opacity:.4;filter:alpha(opacity=40)}.chzn-container-single .chzn-single abbr:hover,.chzn-container-single.chzn-disabled .chzn-single abbr:hover{text-decoration:none;cursor:pointer}.chzn-container-single .chzn-single abbr:hover:before,.chzn-container-single.chzn-disabled .chzn-single abbr:hover:before{color:#000;opacity:.4;filter:alpha(opacity=40)}.chzn-container-single .chzn-single div{position:absolute;top:0;right:0;display:block;width:18px;height:100%}.chzn-container-single .chzn-single div b{display:block;width:100%;height:100%}.chzn-container-single .chzn-single div b:after{font-family:FontAwesome;content:'\f078'}.chzn-search{position:relative;z-index:1050;padding:3px 4px;margin:0;white-space:nowrap}.chzn-search:after{position:relative;right:16px;font-family:FontAwesome;content:'\f002'}.chzn-search input{padding:4px 20px 4px 5px;margin:1px 0;font-family:sans-serif;font-size:1em;background-color:#f5f5f5;background-image:-moz-linear-gradient(top,#eee,#fff);background-image:-webkit-gradient(linear,0 0,0 100%,from(#eee),to(#fff));background-image:-webkit-linear-gradient(top,#eee,#fff);background-image:-o-linear-gradient(top,#eee,#fff);background-image:linear-gradient(to bottom,#eee,#fff);background-repeat:repeat-x;border:1px solid #aaa;outline:0;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffeeeeee',endColorstr='#ffffffff',GradientType=0)}.chzn-drop{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px;-webkit-background-clip:padding-box;-moz-background-clip:padding-box;background-clip:padding-box}.chzn-container-single-nosearch .chzn-search input{position:absolute;left:-9000px;display:none}.chzn-container-multi .chzn-choices{position:relative;height:auto!important;height:1%;padding:0;margin:0;overflow:hidden;cursor:text;background-color:#fff;border:1px solid #ccc;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border linear .2s,box-shadow linear .2s;-moz-transition:border linear .2s,box-shadow linear .2s;-o-transition:border linear .2s,box-shadow linear .2s;transition:border linear .2s,box-shadow linear .2s}.chzn-container-multi .chzn-choices li{float:left;list-style:none}.chzn-container-multi .chzn-choices .search-field{padding:0;margin:0;white-space:nowrap}.chzn-container-multi .chzn-choices .search-field input{height:15px;padding:5px;margin:1px 0;font-family:sans-serif;font-size:100%;color:#666;background:transparent!important;border:0!important;outline:0;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.chzn-container-multi .chzn-choices .search-field .default{color:#999}.chzn-container-multi .chzn-choices .search-choice{position:relative;padding:3px 20px 3px 5px;margin:3px 0 3px 5px;line-height:13px;color:#333;cursor:default;background-color:#f0f0f0;background-image:-webkit-gradient(linear,0 0,0 100%,from(#f4f4f4),color-stop(50%,#f0f0f0),to(#eee));background-image:-webkit-linear-gradient(#f4f4f4,#f0f0f0 50%,#eee);background-image:-moz-linear-gradient(top,#f4f4f4,#f0f0f0 50%,#eee);background-image:-o-linear-gradient(#f4f4f4,#f0f0f0 50%,#eee);background-image:linear-gradient(#f4f4f4,#f0f0f0 50%,#eee);background-repeat:no-repeat;border:1px solid #aaa;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff4f4f4',endColorstr='#ffeeeeee',GradientType=0);-webkit-box-shadow:0 0 2px #fff inset,0 1px 0 rgba(0,0,0,0.05);-moz-box-shadow:0 0 2px #fff inset,0 1px 0 rgba(0,0,0,0.05);box-shadow:0 0 2px #fff inset,0 1px 0 rgba(0,0,0,0.05);-webkit-background-clip:padding-box;-moz-background-clip:padding-box;background-clip:padding-box}.chzn-container-multi .chzn-choices .search-choice-focus{background:#d4d4d4}.chzn-container-multi .chzn-choices .search-choice .search-choice-close{position:absolute;top:0;right:3px}.chzn-container-multi .chzn-choices .search-choice .search-choice-close:before{font-size:20px;font-weight:bold;line-height:14px;color:#000;text-shadow:0 1px 0 #fff;content:'\00D7';opacity:.2;filter:alpha(opacity=20)}.chzn-container-multi .chzn-choices .search-choice .search-choice-close:hover,.chzn-container-multi .chzn-choices .search-choice-focus .search-choice-close{text-decoration:none;cursor:pointer}.chzn-container-multi .chzn-choices .search-choice .search-choice-close:hover:before,.chzn-container-multi .chzn-choices .search-choice-focus .search-choice-close:before{color:#000;opacity:.4;filter:alpha(opacity=40)}.chzn-results{position:relative;max-height:240px;padding:0 0 0 4px;margin:0 4px 4px 0;overflow-x:hidden;overflow-y:auto;-webkit-overflow-scrolling:touch}.chzn-container-multi .chzn-results{padding:0;margin:-1px 0 0}.chzn-results li{display:none;padding:5px 6px;margin:0;line-height:15px;list-style:none}.chzn-results .active-result{display:list-item;cursor:pointer}.chzn-results .highlighted{color:#fff;background-color:#008bd1;background-image:-moz-linear-gradient(top,#0099e6,#0077b3);background-image:-webkit-gradient(linear,0 0,0 100%,from(#0099e6),to(#0077b3));background-image:-webkit-linear-gradient(top,#0099e6,#0077b3);background-image:-o-linear-gradient(top,#0099e6,#0077b3);background-image:linear-gradient(to bottom,#0099e6,#0077b3);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0099e6',endColorstr='#ff0077b3',GradientType=0)}.chzn-results li em{font-style:normal;background:#feffde}.chzn-results .highlighted em{background:transparent}.chzn-results .no-results{display:list-item;background:#f4f4f4}.chzn-results .group-result{font-weight:bold;color:#999;cursor:default}.chzn-results .group-option{padding-left:15px}.chzn-container-multi .chzn-drop .result-selected{display:none}.chzn-container-active .chzn-single{border:1px solid #5897fb;-webkit-box-shadow:0 0 5px rgba(0,0,0,0.3);-moz-box-shadow:0 0 5px rgba(0,0,0,0.3);box-shadow:0 0 5px rgba(0,0,0,0.3)}.chzn-container-active .chzn-single-with-drop{background-color:#f5f5f5;background-image:-moz-linear-gradient(top,#eee,#fff);background-image:-webkit-gradient(linear,0 0,0 100%,from(#eee),to(#fff));background-image:-webkit-linear-gradient(top,#eee,#fff);background-image:-o-linear-gradient(top,#eee,#fff);background-image:linear-gradient(to bottom,#eee,#fff);background-repeat:repeat-x;border:1px solid #aaa;-webkit-border-bottom-right-radius:0;border-bottom-right-radius:0;-webkit-border-bottom-left-radius:0;border-bottom-left-radius:0;-moz-border-radius-bottomright:0;-moz-border-radius-bottomleft:0;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffeeeeee',endColorstr='#ffffffff',GradientType=0);-webkit-box-shadow:0 1px 0 #fff inset;-moz-box-shadow:0 1px 0 #fff inset;box-shadow:0 1px 0 #fff inset}.chzn-container-active .chzn-single-with-drop div{background:transparent;border-left:none}.chzn-container-active .chzn-single-with-drop div b:after{content:'\f077'}.chzn-container-active .chzn-choices{border-color:rgba(82,168,236,0.8);-webkit-border-bottom-right-radius:0;border-bottom-right-radius:0;-webkit-border-bottom-left-radius:0;border-bottom-left-radius:0;-moz-border-radius-bottomright:0;-moz-border-radius-bottomleft:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6)}.chzn-container-active .chzn-choices .search-field input{color:#111!important}.chzn-disabled{cursor:default;opacity:.5!important}.chzn-disabled .chzn-single{cursor:default}.chzn-disabled .chzn-choices .search-choice .search-choice-close{cursor:default}.chzn-rtl{text-align:right}.chzn-rtl .chzn-single{padding:0 8px 0 0;overflow:visible}.chzn-rtl .chzn-single span{margin-right:0;margin-left:26px;direction:rtl}.chzn-rtl .chzn-single div{right:auto;left:3px}.chzn-rtl .chzn-single abbr{right:auto;left:26px}.chzn-rtl .chzn-choices .search-field input{direction:rtl}.chzn-rtl .chzn-choices li{float:right}.chzn-rtl .chzn-choices .search-choice{padding:3px 5px 3px 19px;margin:3px 5px 3px 0}.chzn-rtl .chzn-choices .search-choice .search-choice-close{right:auto;left:4px}.chzn-rtl.chzn-container-single .chzn-results{padding:0 4px 0 0;margin:0 0 4px 4px}.chzn-rtl .chzn-results .group-option{padding-right:15px;padding-left:0}.chzn-rtl.chzn-container-active .chzn-single-with-drop div{border-right:0}.chzn-rtl.chzn-container-single .chzn-search:after{right:auto;left:16px}.chzn-rtl .chzn-search input{padding:4px 5px 4px 20px;background-color:#f5f5f5;background-image:-moz-linear-gradient(top,#eee,#fff);background-image:-webkit-gradient(linear,0 0,0 100%,from(#eee),to(#fff));background-image:-webkit-linear-gradient(top,#eee,#fff);background-image:-o-linear-gradient(top,#eee,#fff);background-image:linear-gradient(to bottom,#eee,#fff);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffeeeeee',endColorstr='#ffffffff',GradientType=0);direction:rtl} + */.clearfix{*zoom:1}.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}.hide-text{font:0/0 a;color:transparent;text-shadow:none;background-color:transparent;border:0}.input-block-level{display:block;width:100%;min-height:28px;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}audio:not([controls]){display:none}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}a:hover,a:active{outline:0}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{width:auto\9;height:auto;max-width:100%;vertical-align:middle;border:0;-ms-interpolation-mode:bicubic}#map_canvas img,.google-maps img{max-width:none}button,input,select,textarea{margin:0;font-size:100%;vertical-align:middle}button,input{*overflow:visible;line-height:normal}button::-moz-focus-inner,input::-moz-focus-inner{padding:0;border:0}button,html input[type="button"],input[type="reset"],input[type="submit"]{cursor:pointer;-webkit-appearance:button}label,select,button,input[type="button"],input[type="reset"],input[type="submit"],input[type="radio"],input[type="checkbox"]{cursor:pointer}input[type="search"]{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-appearance:textfield}input[type="search"]::-webkit-search-decoration,input[type="search"]::-webkit-search-cancel-button{-webkit-appearance:none}textarea{overflow:auto;vertical-align:top}@media print{*{color:#000!important;text-shadow:none!important;background:transparent!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" (" attr(href) ")"}abbr[title]:after{content:" (" attr(title) ")"}.ir a:after,a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100%!important}@page{margin:.5cm}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}}body{margin:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px;line-height:18px;color:#333;background-color:#fff}a{color:#08c;text-decoration:none}a:hover,a:focus{color:#005580;text-decoration:underline}.img-rounded{-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.img-polaroid{padding:4px;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);-webkit-box-shadow:0 1px 3px rgba(0,0,0,0.1);-moz-box-shadow:0 1px 3px rgba(0,0,0,0.1);box-shadow:0 1px 3px rgba(0,0,0,0.1)}.img-circle{-webkit-border-radius:500px;-moz-border-radius:500px;border-radius:500px}.row{margin-left:-20px;*zoom:1}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}[class*="span"]{float:left;min-height:1px;margin-left:20px}.container,.navbar-static-top .container,.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:940px}.span12{width:940px}.span11{width:860px}.span10{width:780px}.span9{width:700px}.span8{width:620px}.span7{width:540px}.span6{width:460px}.span5{width:380px}.span4{width:300px}.span3{width:220px}.span2{width:140px}.span1{width:60px}.offset12{margin-left:980px}.offset11{margin-left:900px}.offset10{margin-left:820px}.offset9{margin-left:740px}.offset8{margin-left:660px}.offset7{margin-left:580px}.offset6{margin-left:500px}.offset5{margin-left:420px}.offset4{margin-left:340px}.offset3{margin-left:260px}.offset2{margin-left:180px}.offset1{margin-left:100px}.row-fluid{width:100%;*zoom:1}.row-fluid:before,.row-fluid:after{display:table;line-height:0;content:""}.row-fluid:after{clear:both}.row-fluid [class*="span"]{display:block;float:left;width:100%;min-height:28px;margin-left:2.127659574468085%;*margin-left:2.074468085106383%;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.row-fluid [class*="span"]:first-child{margin-left:0}.row-fluid .controls-row [class*="span"]+[class*="span"]{margin-left:2.127659574468085%}.row-fluid .span12{width:100%;*width:99.94680851063829%}.row-fluid .span11{width:91.48936170212765%;*width:91.43617021276594%}.row-fluid .span10{width:82.97872340425532%;*width:82.92553191489361%}.row-fluid .span9{width:74.46808510638297%;*width:74.41489361702126%}.row-fluid .span8{width:65.95744680851064%;*width:65.90425531914893%}.row-fluid .span7{width:57.44680851063829%;*width:57.39361702127659%}.row-fluid .span6{width:48.93617021276595%;*width:48.88297872340425%}.row-fluid .span5{width:40.42553191489362%;*width:40.37234042553192%}.row-fluid .span4{width:31.914893617021278%;*width:31.861702127659576%}.row-fluid .span3{width:23.404255319148934%;*width:23.351063829787233%}.row-fluid .span2{width:14.893617021276595%;*width:14.840425531914894%}.row-fluid .span1{width:6.382978723404255%;*width:6.329787234042553%}.row-fluid .offset12{margin-left:104.25531914893617%;*margin-left:104.14893617021275%}.row-fluid .offset12:first-child{margin-left:102.12765957446808%;*margin-left:102.02127659574467%}.row-fluid .offset11{margin-left:95.74468085106382%;*margin-left:95.6382978723404%}.row-fluid .offset11:first-child{margin-left:93.61702127659574%;*margin-left:93.51063829787232%}.row-fluid .offset10{margin-left:87.23404255319149%;*margin-left:87.12765957446807%}.row-fluid .offset10:first-child{margin-left:85.1063829787234%;*margin-left:84.99999999999999%}.row-fluid .offset9{margin-left:78.72340425531914%;*margin-left:78.61702127659572%}.row-fluid .offset9:first-child{margin-left:76.59574468085106%;*margin-left:76.48936170212764%}.row-fluid .offset8{margin-left:70.2127659574468%;*margin-left:70.10638297872339%}.row-fluid .offset8:first-child{margin-left:68.08510638297872%;*margin-left:67.9787234042553%}.row-fluid .offset7{margin-left:61.70212765957446%;*margin-left:61.59574468085106%}.row-fluid .offset7:first-child{margin-left:59.574468085106375%;*margin-left:59.46808510638297%}.row-fluid .offset6{margin-left:53.191489361702125%;*margin-left:53.085106382978715%}.row-fluid .offset6:first-child{margin-left:51.063829787234035%;*margin-left:50.95744680851063%}.row-fluid .offset5{margin-left:44.68085106382979%;*margin-left:44.57446808510638%}.row-fluid .offset5:first-child{margin-left:42.5531914893617%;*margin-left:42.4468085106383%}.row-fluid .offset4{margin-left:36.170212765957444%;*margin-left:36.06382978723405%}.row-fluid .offset4:first-child{margin-left:34.04255319148936%;*margin-left:33.93617021276596%}.row-fluid .offset3{margin-left:27.659574468085104%;*margin-left:27.5531914893617%}.row-fluid .offset3:first-child{margin-left:25.53191489361702%;*margin-left:25.425531914893618%}.row-fluid .offset2{margin-left:19.148936170212764%;*margin-left:19.04255319148936%}.row-fluid .offset2:first-child{margin-left:17.02127659574468%;*margin-left:16.914893617021278%}.row-fluid .offset1{margin-left:10.638297872340425%;*margin-left:10.53191489361702%}.row-fluid .offset1:first-child{margin-left:8.51063829787234%;*margin-left:8.404255319148938%}[class*="span"].hide,.row-fluid [class*="span"].hide{display:none}[class*="span"].pull-right,.row-fluid [class*="span"].pull-right{float:right}.container{margin-right:auto;margin-left:auto;*zoom:1}.container:before,.container:after{display:table;line-height:0;content:""}.container:after{clear:both}.container-fluid{padding-right:20px;padding-left:20px;*zoom:1}.container-fluid:before,.container-fluid:after{display:table;line-height:0;content:""}.container-fluid:after{clear:both}p{margin:0 0 9px}.lead{margin-bottom:18px;font-size:19.5px;font-weight:200;line-height:27px}small{font-size:85%}strong{font-weight:bold}em{font-style:italic}cite{font-style:normal}.muted{color:#999}a.muted:hover,a.muted:focus{color:#808080}.text-warning{color:#c09853}a.text-warning:hover,a.text-warning:focus{color:#a47e3c}.text-error{color:#b94a48}a.text-error:hover,a.text-error:focus{color:#953b39}.text-info{color:#3a87ad}a.text-info:hover,a.text-info:focus{color:#2d6987}.text-success{color:#468847}a.text-success:hover,a.text-success:focus{color:#356635}.text-left{text-align:left}.text-right{text-align:right}.text-center{text-align:center}h1,h2,h3,h4,h5,h6{margin:9px 0;font-family:inherit;font-weight:bold;line-height:18px;color:inherit;text-rendering:optimizelegibility}h1 small,h2 small,h3 small,h4 small,h5 small,h6 small{font-weight:normal;line-height:1;color:#999}h1,h2,h3{line-height:36px}h1{font-size:35.75px}h2{font-size:29.25px}h3{font-size:22.75px}h4{font-size:16.25px}h5{font-size:13px}h6{font-size:11.049999999999999px}h1 small{font-size:22.75px}h2 small{font-size:16.25px}h3 small{font-size:13px}h4 small{font-size:13px}.page-header{padding-bottom:8px;margin:18px 0 27px;border-bottom:1px solid #eee}ul,ol{padding:0;margin:0 0 9px 25px}ul ul,ul ol,ol ol,ol ul{margin-bottom:0}li{line-height:18px}ul.unstyled,ol.unstyled{margin-left:0;list-style:none}ul.inline,ol.inline{margin-left:0;list-style:none}ul.inline>li,ol.inline>li{display:inline-block;*display:inline;padding-right:5px;padding-left:5px;*zoom:1}dl{margin-bottom:18px}dt,dd{line-height:18px}dt{font-weight:bold}dd{margin-left:9px}.dl-horizontal{*zoom:1}.dl-horizontal:before,.dl-horizontal:after{display:table;line-height:0;content:""}.dl-horizontal:after{clear:both}.dl-horizontal dt{float:left;width:160px;overflow:hidden;clear:left;text-align:right;text-overflow:ellipsis;white-space:nowrap}.dl-horizontal dd{margin-left:180px}hr{margin:18px 0;border:0;border-top:1px solid #eee;border-bottom:1px solid #fff}abbr[title],abbr[data-original-title]{cursor:help;border-bottom:1px dotted #999}abbr.initialism{font-size:90%;text-transform:uppercase}blockquote{padding:0 0 0 15px;margin:0 0 18px;border-left:5px solid #eee}blockquote p{margin-bottom:0;font-size:16.25px;font-weight:300;line-height:1.25}blockquote small{display:block;line-height:18px;color:#999}blockquote small:before{content:'\2014 \00A0'}blockquote.pull-right{float:right;padding-right:15px;padding-left:0;border-right:5px solid #eee;border-left:0}blockquote.pull-right p,blockquote.pull-right small{text-align:right}blockquote.pull-right small:before{content:''}blockquote.pull-right small:after{content:'\00A0 \2014'}q:before,q:after,blockquote:before,blockquote:after{content:""}address{display:block;margin-bottom:18px;font-style:normal;line-height:18px}code,pre{padding:0 3px 2px;font-family:Monaco,Menlo,Consolas,"Courier New",monospace;font-size:11px;color:#333;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}code{padding:2px 4px;color:#d14;white-space:nowrap;background-color:#f7f7f9;border:1px solid #e1e1e8}pre{display:block;padding:8.5px;margin:0 0 9px;font-size:12px;line-height:18px;word-break:break-all;word-wrap:break-word;white-space:pre;white-space:pre-wrap;background-color:#f5f5f5;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.15);-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}pre.prettyprint{margin-bottom:18px}pre code{padding:0;color:inherit;white-space:pre;white-space:pre-wrap;background-color:transparent;border:0}.pre-scrollable{max-height:340px;overflow-y:scroll}form{margin:0 0 18px}fieldset{padding:0;margin:0;border:0}legend{display:block;width:100%;padding:0;margin-bottom:18px;font-size:19.5px;line-height:36px;color:#333;border:0;border-bottom:1px solid #e5e5e5}legend small{font-size:13.5px;color:#999}label,input,button,select,textarea{font-size:13px;font-weight:normal;line-height:18px}input,button,select,textarea{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif}label{display:block;margin-bottom:5px}select,textarea,input[type="text"],input[type="password"],input[type="datetime"],input[type="datetime-local"],input[type="date"],input[type="month"],input[type="time"],input[type="week"],input[type="number"],input[type="email"],input[type="url"],input[type="search"],input[type="tel"],input[type="color"],.uneditable-input{display:inline-block;height:18px;padding:4px 6px;margin-bottom:9px;font-size:13px;line-height:18px;color:#555;vertical-align:middle;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}input,textarea,.uneditable-input{width:206px}textarea{height:auto}textarea,input[type="text"],input[type="password"],input[type="datetime"],input[type="datetime-local"],input[type="date"],input[type="month"],input[type="time"],input[type="week"],input[type="number"],input[type="email"],input[type="url"],input[type="search"],input[type="tel"],input[type="color"],.uneditable-input{background-color:#fff;border:1px solid #ccc;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border linear .2s,box-shadow linear .2s;-moz-transition:border linear .2s,box-shadow linear .2s;-o-transition:border linear .2s,box-shadow linear .2s;transition:border linear .2s,box-shadow linear .2s}textarea:focus,input[type="text"]:focus,input[type="password"]:focus,input[type="datetime"]:focus,input[type="datetime-local"]:focus,input[type="date"]:focus,input[type="month"]:focus,input[type="time"]:focus,input[type="week"]:focus,input[type="number"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="search"]:focus,input[type="tel"]:focus,input[type="color"]:focus,.uneditable-input:focus{border-color:rgba(82,168,236,0.8);outline:0;outline:thin dotted \9;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6)}input[type="radio"],input[type="checkbox"]{margin:4px 0 0;margin-top:1px \9;*margin-top:0;line-height:normal}input[type="file"],input[type="image"],input[type="submit"],input[type="reset"],input[type="button"],input[type="radio"],input[type="checkbox"]{width:auto}select,input[type="file"]{height:28px;*margin-top:4px;line-height:28px}select{width:220px;background-color:#fff;border:1px solid #ccc}select[multiple],select[size]{height:auto}select:focus,input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.uneditable-input,.uneditable-textarea{color:#999;cursor:not-allowed;background-color:#fcfcfc;border-color:#ccc;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.025);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.025);box-shadow:inset 0 1px 2px rgba(0,0,0,0.025)}.uneditable-input{overflow:hidden;white-space:nowrap}.uneditable-textarea{width:auto;height:auto}input:-moz-placeholder,textarea:-moz-placeholder{color:#999}input:-ms-input-placeholder,textarea:-ms-input-placeholder{color:#999}input::-webkit-input-placeholder,textarea::-webkit-input-placeholder{color:#999}.radio,.checkbox{min-height:18px;padding-left:20px}.radio input[type="radio"],.checkbox input[type="checkbox"]{float:left;margin-left:-20px}.controls>.radio:first-child,.controls>.checkbox:first-child{padding-top:5px}.radio.inline,.checkbox.inline{display:inline-block;padding-top:5px;margin-bottom:0;vertical-align:middle}.radio.inline+.radio.inline,.checkbox.inline+.checkbox.inline{margin-left:10px}.input-mini{width:60px}.input-small{width:90px}.input-medium{width:150px}.input-large{width:210px}.input-xlarge{width:270px}.input-xxlarge{width:530px}input[class*="span"],select[class*="span"],textarea[class*="span"],.uneditable-input[class*="span"],.row-fluid input[class*="span"],.row-fluid select[class*="span"],.row-fluid textarea[class*="span"],.row-fluid .uneditable-input[class*="span"]{float:none;margin-left:0}.input-append input[class*="span"],.input-append .uneditable-input[class*="span"],.input-prepend input[class*="span"],.input-prepend .uneditable-input[class*="span"],.row-fluid input[class*="span"],.row-fluid select[class*="span"],.row-fluid textarea[class*="span"],.row-fluid .uneditable-input[class*="span"],.row-fluid .input-prepend [class*="span"],.row-fluid .input-append [class*="span"]{display:inline-block}input,textarea,.uneditable-input{margin-left:0}.controls-row [class*="span"]+[class*="span"]{margin-left:20px}input.span12,textarea.span12,.uneditable-input.span12{width:926px}input.span11,textarea.span11,.uneditable-input.span11{width:846px}input.span10,textarea.span10,.uneditable-input.span10{width:766px}input.span9,textarea.span9,.uneditable-input.span9{width:686px}input.span8,textarea.span8,.uneditable-input.span8{width:606px}input.span7,textarea.span7,.uneditable-input.span7{width:526px}input.span6,textarea.span6,.uneditable-input.span6{width:446px}input.span5,textarea.span5,.uneditable-input.span5{width:366px}input.span4,textarea.span4,.uneditable-input.span4{width:286px}input.span3,textarea.span3,.uneditable-input.span3{width:206px}input.span2,textarea.span2,.uneditable-input.span2{width:126px}input.span1,textarea.span1,.uneditable-input.span1{width:46px}.controls-row{*zoom:1}.controls-row:before,.controls-row:after{display:table;line-height:0;content:""}.controls-row:after{clear:both}.controls-row [class*="span"],.row-fluid .controls-row [class*="span"]{float:left}.controls-row .checkbox[class*="span"],.controls-row .radio[class*="span"]{padding-top:5px}input[disabled],select[disabled],textarea[disabled],input[readonly],select[readonly],textarea[readonly]{cursor:not-allowed;background-color:#eee}input[type="radio"][disabled],input[type="checkbox"][disabled],input[type="radio"][readonly],input[type="checkbox"][readonly]{background-color:transparent}.control-group.warning .control-label,.control-group.warning .help-block,.control-group.warning .help-inline{color:#c09853}.control-group.warning .checkbox,.control-group.warning .radio,.control-group.warning input,.control-group.warning select,.control-group.warning textarea{color:#c09853}.control-group.warning input,.control-group.warning select,.control-group.warning textarea{border-color:#c09853;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.warning input:focus,.control-group.warning select:focus,.control-group.warning textarea:focus{border-color:#a47e3c;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #dbc59e}.control-group.warning .input-prepend .add-on,.control-group.warning .input-append .add-on{color:#c09853;background-color:#fcf8e3;border-color:#c09853}.control-group.error .control-label,.control-group.error .help-block,.control-group.error .help-inline{color:#b94a48}.control-group.error .checkbox,.control-group.error .radio,.control-group.error input,.control-group.error select,.control-group.error textarea{color:#b94a48}.control-group.error input,.control-group.error select,.control-group.error textarea{border-color:#b94a48;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.error input:focus,.control-group.error select:focus,.control-group.error textarea:focus{border-color:#953b39;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #d59392}.control-group.error .input-prepend .add-on,.control-group.error .input-append .add-on{color:#b94a48;background-color:#f2dede;border-color:#b94a48}.control-group.success .control-label,.control-group.success .help-block,.control-group.success .help-inline{color:#468847}.control-group.success .checkbox,.control-group.success .radio,.control-group.success input,.control-group.success select,.control-group.success textarea{color:#468847}.control-group.success input,.control-group.success select,.control-group.success textarea{border-color:#468847;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.success input:focus,.control-group.success select:focus,.control-group.success textarea:focus{border-color:#356635;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7aba7b}.control-group.success .input-prepend .add-on,.control-group.success .input-append .add-on{color:#468847;background-color:#dff0d8;border-color:#468847}.control-group.info .control-label,.control-group.info .help-block,.control-group.info .help-inline{color:#3a87ad}.control-group.info .checkbox,.control-group.info .radio,.control-group.info input,.control-group.info select,.control-group.info textarea{color:#3a87ad}.control-group.info input,.control-group.info select,.control-group.info textarea{border-color:#3a87ad;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075)}.control-group.info input:focus,.control-group.info select:focus,.control-group.info textarea:focus{border-color:#2d6987;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7ab5d3;-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7ab5d3;box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 6px #7ab5d3}.control-group.info .input-prepend .add-on,.control-group.info .input-append .add-on{color:#3a87ad;background-color:#d9edf7;border-color:#3a87ad}input:focus:invalid,textarea:focus:invalid,select:focus:invalid{color:#b94a48;border-color:#ee5f5b}input:focus:invalid:focus,textarea:focus:invalid:focus,select:focus:invalid:focus{border-color:#e9322d;-webkit-box-shadow:0 0 6px #f8b9b7;-moz-box-shadow:0 0 6px #f8b9b7;box-shadow:0 0 6px #f8b9b7}.form-actions{padding:17px 20px 18px;margin-top:18px;margin-bottom:18px;background-color:#f5f5f5;border-top:1px solid #e5e5e5;*zoom:1}.form-actions:before,.form-actions:after{display:table;line-height:0;content:""}.form-actions:after{clear:both}.help-block,.help-inline{color:#595959}.help-block{display:block;margin-bottom:9px}.help-inline{display:inline-block;*display:inline;padding-left:5px;vertical-align:middle;*zoom:1}.input-append,.input-prepend{display:inline-block;margin-bottom:9px;font-size:0;white-space:nowrap;vertical-align:middle}.input-append input,.input-prepend input,.input-append select,.input-prepend select,.input-append .uneditable-input,.input-prepend .uneditable-input,.input-append .dropdown-menu,.input-prepend .dropdown-menu,.input-append .popover,.input-prepend .popover{font-size:13px}.input-append input,.input-prepend input,.input-append select,.input-prepend select,.input-append .uneditable-input,.input-prepend .uneditable-input{position:relative;margin-bottom:0;*margin-left:0;vertical-align:top;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-append input:focus,.input-prepend input:focus,.input-append select:focus,.input-prepend select:focus,.input-append .uneditable-input:focus,.input-prepend .uneditable-input:focus{z-index:2}.input-append .add-on,.input-prepend .add-on{display:inline-block;width:auto;height:18px;min-width:16px;padding:4px 5px;font-size:13px;font-weight:normal;line-height:18px;text-align:center;text-shadow:0 1px 0 #fff;background-color:#eee;border:1px solid #ccc}.input-append .add-on,.input-prepend .add-on,.input-append .btn,.input-prepend .btn,.input-append .btn-group>.dropdown-toggle,.input-prepend .btn-group>.dropdown-toggle{vertical-align:top;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-append .active,.input-prepend .active{background-color:#a9dba9;border-color:#46a546}.input-prepend .add-on,.input-prepend .btn{margin-right:-1px}.input-prepend .add-on:first-child,.input-prepend .btn:first-child{-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.input-append input,.input-append select,.input-append .uneditable-input{-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.input-append input+.btn-group .btn:last-child,.input-append select+.btn-group .btn:last-child,.input-append .uneditable-input+.btn-group .btn:last-child{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-append .add-on,.input-append .btn,.input-append .btn-group{margin-left:-1px}.input-append .add-on:last-child,.input-append .btn:last-child,.input-append .btn-group:last-child>.dropdown-toggle{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-prepend.input-append input,.input-prepend.input-append select,.input-prepend.input-append .uneditable-input{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.input-prepend.input-append input+.btn-group .btn,.input-prepend.input-append select+.btn-group .btn,.input-prepend.input-append .uneditable-input+.btn-group .btn{-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-prepend.input-append .add-on:first-child,.input-prepend.input-append .btn:first-child{margin-right:-1px;-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.input-prepend.input-append .add-on:last-child,.input-prepend.input-append .btn:last-child{margin-left:-1px;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.input-prepend.input-append .btn-group:first-child{margin-left:0}input.search-query{padding-right:14px;padding-right:4px \9;padding-left:14px;padding-left:4px \9;margin-bottom:0;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px}.form-search .input-append .search-query,.form-search .input-prepend .search-query{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.form-search .input-append .search-query{-webkit-border-radius:14px 0 0 14px;-moz-border-radius:14px 0 0 14px;border-radius:14px 0 0 14px}.form-search .input-append .btn{-webkit-border-radius:0 14px 14px 0;-moz-border-radius:0 14px 14px 0;border-radius:0 14px 14px 0}.form-search .input-prepend .search-query{-webkit-border-radius:0 14px 14px 0;-moz-border-radius:0 14px 14px 0;border-radius:0 14px 14px 0}.form-search .input-prepend .btn{-webkit-border-radius:14px 0 0 14px;-moz-border-radius:14px 0 0 14px;border-radius:14px 0 0 14px}.form-search input,.form-inline input,.form-horizontal input,.form-search textarea,.form-inline textarea,.form-horizontal textarea,.form-search select,.form-inline select,.form-horizontal select,.form-search .help-inline,.form-inline .help-inline,.form-horizontal .help-inline,.form-search .uneditable-input,.form-inline .uneditable-input,.form-horizontal .uneditable-input,.form-search .input-prepend,.form-inline .input-prepend,.form-horizontal .input-prepend,.form-search .input-append,.form-inline .input-append,.form-horizontal .input-append{display:inline-block;*display:inline;margin-bottom:0;vertical-align:middle;*zoom:1}.form-search .hide,.form-inline .hide,.form-horizontal .hide{display:none}.form-search label,.form-inline label,.form-search .btn-group,.form-inline .btn-group{display:inline-block}.form-search .input-append,.form-inline .input-append,.form-search .input-prepend,.form-inline .input-prepend{margin-bottom:0}.form-search .radio,.form-search .checkbox,.form-inline .radio,.form-inline .checkbox{padding-left:0;margin-bottom:0;vertical-align:middle}.form-search .radio input[type="radio"],.form-search .checkbox input[type="checkbox"],.form-inline .radio input[type="radio"],.form-inline .checkbox input[type="checkbox"]{float:left;margin-right:3px;margin-left:0}.control-group{margin-bottom:9px}legend+.control-group{margin-top:18px;-webkit-margin-top-collapse:separate}.form-horizontal .control-group{margin-bottom:18px;*zoom:1}.form-horizontal .control-group:before,.form-horizontal .control-group:after{display:table;line-height:0;content:""}.form-horizontal .control-group:after{clear:both}.form-horizontal .control-label{float:left;width:160px;padding-top:5px;text-align:right}.form-horizontal .controls{*display:inline-block;*padding-left:20px;margin-left:180px;*margin-left:0}.form-horizontal .controls:first-child{*padding-left:180px}.form-horizontal .help-block{margin-bottom:0}.form-horizontal input+.help-block,.form-horizontal select+.help-block,.form-horizontal textarea+.help-block,.form-horizontal .uneditable-input+.help-block,.form-horizontal .input-prepend+.help-block,.form-horizontal .input-append+.help-block{margin-top:9px}.form-horizontal .form-actions{padding-left:180px}table{max-width:100%;background-color:transparent;border-collapse:collapse;border-spacing:0}.table{width:100%;margin-bottom:18px}.table th,.table td{padding:8px;line-height:18px;text-align:left;vertical-align:top;border-top:1px solid #ddd}.table th{font-weight:bold}.table thead th{vertical-align:bottom}.table caption+thead tr:first-child th,.table caption+thead tr:first-child td,.table colgroup+thead tr:first-child th,.table colgroup+thead tr:first-child td,.table thead:first-child tr:first-child th,.table thead:first-child tr:first-child td{border-top:0}.table tbody+tbody{border-top:2px solid #ddd}.table .table{background-color:#fff}.table-condensed th,.table-condensed td{padding:4px 5px}.table-bordered{border:1px solid #ddd;border-collapse:separate;*border-collapse:collapse;border-left:0;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.table-bordered th,.table-bordered td{border-left:1px solid #ddd}.table-bordered caption+thead tr:first-child th,.table-bordered caption+tbody tr:first-child th,.table-bordered caption+tbody tr:first-child td,.table-bordered colgroup+thead tr:first-child th,.table-bordered colgroup+tbody tr:first-child th,.table-bordered colgroup+tbody tr:first-child td,.table-bordered thead:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child th,.table-bordered tbody:first-child tr:first-child td{border-top:0}.table-bordered thead:first-child tr:first-child>th:first-child,.table-bordered tbody:first-child tr:first-child>td:first-child,.table-bordered tbody:first-child tr:first-child>th:first-child{-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-topleft:4px}.table-bordered thead:first-child tr:first-child>th:last-child,.table-bordered tbody:first-child tr:first-child>td:last-child,.table-bordered tbody:first-child tr:first-child>th:last-child{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-moz-border-radius-topright:4px}.table-bordered thead:last-child tr:last-child>th:first-child,.table-bordered tbody:last-child tr:last-child>td:first-child,.table-bordered tbody:last-child tr:last-child>th:first-child,.table-bordered tfoot:last-child tr:last-child>td:first-child,.table-bordered tfoot:last-child tr:last-child>th:first-child{-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-moz-border-radius-bottomleft:4px}.table-bordered thead:last-child tr:last-child>th:last-child,.table-bordered tbody:last-child tr:last-child>td:last-child,.table-bordered tbody:last-child tr:last-child>th:last-child,.table-bordered tfoot:last-child tr:last-child>td:last-child,.table-bordered tfoot:last-child tr:last-child>th:last-child{-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-bottomright:4px}.table-bordered tfoot+tbody:last-child tr:last-child td:first-child{-webkit-border-bottom-left-radius:0;border-bottom-left-radius:0;-moz-border-radius-bottomleft:0}.table-bordered tfoot+tbody:last-child tr:last-child td:last-child{-webkit-border-bottom-right-radius:0;border-bottom-right-radius:0;-moz-border-radius-bottomright:0}.table-bordered caption+thead tr:first-child th:first-child,.table-bordered caption+tbody tr:first-child td:first-child,.table-bordered colgroup+thead tr:first-child th:first-child,.table-bordered colgroup+tbody tr:first-child td:first-child{-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-topleft:4px}.table-bordered caption+thead tr:first-child th:last-child,.table-bordered caption+tbody tr:first-child td:last-child,.table-bordered colgroup+thead tr:first-child th:last-child,.table-bordered colgroup+tbody tr:first-child td:last-child{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-moz-border-radius-topright:4px}.table-striped tbody>tr:nth-child(odd)>td,.table-striped tbody>tr:nth-child(odd)>th{background-color:#f9f9f9}.table-hover tbody tr:hover>td,.table-hover tbody tr:hover>th{background-color:#f5f5f5}table td[class*="span"],table th[class*="span"],.row-fluid table td[class*="span"],.row-fluid table th[class*="span"]{display:table-cell;float:none;margin-left:0}.table td.span1,.table th.span1{float:none;width:44px;margin-left:0}.table td.span2,.table th.span2{float:none;width:124px;margin-left:0}.table td.span3,.table th.span3{float:none;width:204px;margin-left:0}.table td.span4,.table th.span4{float:none;width:284px;margin-left:0}.table td.span5,.table th.span5{float:none;width:364px;margin-left:0}.table td.span6,.table th.span6{float:none;width:444px;margin-left:0}.table td.span7,.table th.span7{float:none;width:524px;margin-left:0}.table td.span8,.table th.span8{float:none;width:604px;margin-left:0}.table td.span9,.table th.span9{float:none;width:684px;margin-left:0}.table td.span10,.table th.span10{float:none;width:764px;margin-left:0}.table td.span11,.table th.span11{float:none;width:844px;margin-left:0}.table td.span12,.table th.span12{float:none;width:924px;margin-left:0}.table tbody tr.success>td{background-color:#dff0d8}.table tbody tr.error>td{background-color:#f2dede}.table tbody tr.warning>td{background-color:#fcf8e3}.table tbody tr.info>td{background-color:#d9edf7}.table-hover tbody tr.success:hover>td{background-color:#d0e9c6}.table-hover tbody tr.error:hover>td{background-color:#ebcccc}.table-hover tbody tr.warning:hover>td{background-color:#faf2cc}.table-hover tbody tr.info:hover>td{background-color:#c4e3f3}/*! + * Font Awesome 3.2.1 + * the iconic font designed for Bootstrap + * ------------------------------------------------------------------------------ + * The full suite of pictographic icons, examples, and documentation can be + * found at http://fontawesome.io. Stay up to date on Twitter at + * http://twitter.com/fontawesome. + * + * License + * ------------------------------------------------------------------------------ + * - The Font Awesome font is licensed under SIL OFL 1.1 - + * http://scripts.sil.org/OFL + * - Font Awesome CSS, LESS, and SASS files are licensed under MIT License - + * http://opensource.org/licenses/mit-license.html + * - Font Awesome documentation licensed under CC BY 3.0 - + * http://creativecommons.org/licenses/by/3.0/ + * - Attribution is no longer required in Font Awesome 3.0, but much appreciated: + * "Font Awesome by Dave Gandy - http://fontawesome.io" + * + * Author - Dave Gandy + * ------------------------------------------------------------------------------ + * Email: dave@fontawesome.io + * Twitter: http://twitter.com/davegandy + * Work: Lead Product Designer @ Kyruus - http://kyruus.com + */@font-face{font-family:'FontAwesome';font-style:normal;font-weight:normal;src:url('../font/fontawesome-webfont.eot?v=3.2.1');src:url('../font/fontawesome-webfont.eot?#iefix&v=3.2.1') format('embedded-opentype'),url('../font/fontawesome-webfont.woff?v=3.2.1') format('woff'),url('../font/fontawesome-webfont.ttf?v=3.2.1') format('truetype'),url('../font/fontawesome-webfont.svg#fontawesomeregular?v=3.2.1') format('svg')}[class^="icon-"],[class*=" icon-"]{*margin-right:.3em;font-family:FontAwesome;-webkit-font-smoothing:antialiased;font-style:normal;font-weight:normal;text-decoration:inherit}[class^="icon-"]:before,[class*=" icon-"]:before{display:inline-block;text-decoration:inherit;speak:none}.icon-large:before{font-size:1.3333333333333333em;vertical-align:-10%}a [class^="icon-"],a [class*=" icon-"]{display:inline}[class^="icon-"].icon-fixed-width,[class*=" icon-"].icon-fixed-width{display:inline-block;width:1.1428571428571428em;padding-right:.2857142857142857em;text-align:right}[class^="icon-"].icon-fixed-width.icon-large,[class*=" icon-"].icon-fixed-width.icon-large{width:1.4285714285714286em}.icons-ul{margin-left:2.142857142857143em;list-style-type:none}.icons-ul>li{position:relative}.icons-ul .icon-li{position:absolute;left:-2.142857142857143em;width:2.142857142857143em;line-height:inherit;text-align:center}[class^="icon-"].hide,[class*=" icon-"].hide{display:none}.icon-muted{color:#eee}.icon-light{color:#fff}.icon-dark{color:#333}.icon-border{padding:.2em .25em .15em;border:solid 1px #eee;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.icon-2x{font-size:2em}.icon-2x.icon-border{border-width:2px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.icon-3x{font-size:3em}.icon-3x.icon-border{border-width:3px;-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px}.icon-4x{font-size:4em}.icon-4x.icon-border{border-width:4px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.icon-5x{font-size:5em}.icon-5x.icon-border{border-width:5px;-webkit-border-radius:7px;-moz-border-radius:7px;border-radius:7px}.pull-right{float:right}.pull-left{float:left}[class^="icon-"].pull-left,[class*=" icon-"].pull-left{margin-right:.3em}[class^="icon-"].pull-right,[class*=" icon-"].pull-right{margin-left:.3em}[class^="icon-"],[class*=" icon-"]{display:inline;width:auto;height:auto;margin-top:0;line-height:normal;vertical-align:baseline;background-image:none;background-position:0 0;background-repeat:repeat}.icon-white,.nav-pills>.active>a>[class^="icon-"],.nav-pills>.active>a>[class*=" icon-"],.nav-list>.active>a>[class^="icon-"],.nav-list>.active>a>[class*=" icon-"],.navbar-inverse .nav>.active>a>[class^="icon-"],.navbar-inverse .nav>.active>a>[class*=" icon-"],.dropdown-menu>li>a:hover>[class^="icon-"],.dropdown-menu>li>a:hover>[class*=" icon-"],.dropdown-menu>.active>a>[class^="icon-"],.dropdown-menu>.active>a>[class*=" icon-"],.dropdown-submenu:hover>a>[class^="icon-"],.dropdown-submenu:hover>a>[class*=" icon-"]{background-image:none}.btn [class^="icon-"].icon-large,.nav [class^="icon-"].icon-large,.btn [class*=" icon-"].icon-large,.nav [class*=" icon-"].icon-large{line-height:.9em}.btn [class^="icon-"].icon-spin,.nav [class^="icon-"].icon-spin,.btn [class*=" icon-"].icon-spin,.nav [class*=" icon-"].icon-spin{display:inline-block}.nav-tabs [class^="icon-"],.nav-pills [class^="icon-"],.nav-tabs [class*=" icon-"],.nav-pills [class*=" icon-"],.nav-tabs [class^="icon-"].icon-large,.nav-pills [class^="icon-"].icon-large,.nav-tabs [class*=" icon-"].icon-large,.nav-pills [class*=" icon-"].icon-large{line-height:.9em}.btn [class^="icon-"].pull-left.icon-2x,.btn [class*=" icon-"].pull-left.icon-2x,.btn [class^="icon-"].pull-right.icon-2x,.btn [class*=" icon-"].pull-right.icon-2x{margin-top:.18em}.btn [class^="icon-"].icon-spin.icon-large,.btn [class*=" icon-"].icon-spin.icon-large{line-height:.8em}.btn.btn-small [class^="icon-"].pull-left.icon-2x,.btn.btn-small [class*=" icon-"].pull-left.icon-2x,.btn.btn-small [class^="icon-"].pull-right.icon-2x,.btn.btn-small [class*=" icon-"].pull-right.icon-2x{margin-top:.25em}.btn.btn-large [class^="icon-"],.btn.btn-large [class*=" icon-"]{margin-top:0}.btn.btn-large [class^="icon-"].pull-left.icon-2x,.btn.btn-large [class*=" icon-"].pull-left.icon-2x,.btn.btn-large [class^="icon-"].pull-right.icon-2x,.btn.btn-large [class*=" icon-"].pull-right.icon-2x{margin-top:.05em}.btn.btn-large [class^="icon-"].pull-left.icon-2x,.btn.btn-large [class*=" icon-"].pull-left.icon-2x{margin-right:.2em}.btn.btn-large [class^="icon-"].pull-right.icon-2x,.btn.btn-large [class*=" icon-"].pull-right.icon-2x{margin-left:.2em}.nav-list [class^="icon-"],.nav-list [class*=" icon-"]{line-height:inherit}.icon-stack{position:relative;display:inline-block;width:2em;height:2em;line-height:2em;vertical-align:-35%}.icon-stack [class^="icon-"],.icon-stack [class*=" icon-"]{position:absolute;display:block;width:100%;height:100%;font-size:1em;line-height:inherit;*line-height:2em;text-align:center}.icon-stack .icon-stack-base{font-size:2em;*line-height:1em}.icon-spin{display:inline-block;-webkit-animation:spin 2s infinite linear;-moz-animation:spin 2s infinite linear;-o-animation:spin 2s infinite linear;animation:spin 2s infinite linear}a .icon-stack,a .icon-spin{display:inline-block;text-decoration:none}@-moz-keyframes spin{0%{-moz-transform:rotate(0deg)}100%{-moz-transform:rotate(359deg)}}@-webkit-keyframes spin{0%{-webkit-transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg)}}@-o-keyframes spin{0%{-o-transform:rotate(0deg)}100%{-o-transform:rotate(359deg)}}@-ms-keyframes spin{0%{-ms-transform:rotate(0deg)}100%{-ms-transform:rotate(359deg)}}@keyframes spin{0%{transform:rotate(0deg)}100%{transform:rotate(359deg)}}.icon-rotate-90:before{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=1);-webkit-transform:rotate(90deg);-moz-transform:rotate(90deg);-ms-transform:rotate(90deg);-o-transform:rotate(90deg);transform:rotate(90deg)}.icon-rotate-180:before{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=2);-webkit-transform:rotate(180deg);-moz-transform:rotate(180deg);-ms-transform:rotate(180deg);-o-transform:rotate(180deg);transform:rotate(180deg)}.icon-rotate-270:before{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=3);-webkit-transform:rotate(270deg);-moz-transform:rotate(270deg);-ms-transform:rotate(270deg);-o-transform:rotate(270deg);transform:rotate(270deg)}.icon-flip-horizontal:before{-webkit-transform:scale(-1,1);-moz-transform:scale(-1,1);-ms-transform:scale(-1,1);-o-transform:scale(-1,1);transform:scale(-1,1)}.icon-flip-vertical:before{-webkit-transform:scale(1,-1);-moz-transform:scale(1,-1);-ms-transform:scale(1,-1);-o-transform:scale(1,-1);transform:scale(1,-1)}a .icon-rotate-90:before,a .icon-rotate-180:before,a .icon-rotate-270:before,a .icon-flip-horizontal:before,a .icon-flip-vertical:before{display:inline-block}.icon-glass:before{content:"\f000"}.icon-music:before{content:"\f001"}.icon-search:before{content:"\f002"}.icon-envelope-alt:before{content:"\f003"}.icon-heart:before{content:"\f004"}.icon-star:before{content:"\f005"}.icon-star-empty:before{content:"\f006"}.icon-user:before{content:"\f007"}.icon-film:before{content:"\f008"}.icon-th-large:before{content:"\f009"}.icon-th:before{content:"\f00a"}.icon-th-list:before{content:"\f00b"}.icon-ok:before{content:"\f00c"}.icon-remove:before{content:"\f00d"}.icon-zoom-in:before{content:"\f00e"}.icon-zoom-out:before{content:"\f010"}.icon-power-off:before,.icon-off:before{content:"\f011"}.icon-signal:before{content:"\f012"}.icon-gear:before,.icon-cog:before{content:"\f013"}.icon-trash:before{content:"\f014"}.icon-home:before{content:"\f015"}.icon-file-alt:before{content:"\f016"}.icon-time:before{content:"\f017"}.icon-road:before{content:"\f018"}.icon-download-alt:before{content:"\f019"}.icon-download:before{content:"\f01a"}.icon-upload:before{content:"\f01b"}.icon-inbox:before{content:"\f01c"}.icon-play-circle:before{content:"\f01d"}.icon-rotate-right:before,.icon-repeat:before{content:"\f01e"}.icon-refresh:before{content:"\f021"}.icon-list-alt:before{content:"\f022"}.icon-lock:before{content:"\f023"}.icon-flag:before{content:"\f024"}.icon-headphones:before{content:"\f025"}.icon-volume-off:before{content:"\f026"}.icon-volume-down:before{content:"\f027"}.icon-volume-up:before{content:"\f028"}.icon-qrcode:before{content:"\f029"}.icon-barcode:before{content:"\f02a"}.icon-tag:before{content:"\f02b"}.icon-tags:before{content:"\f02c"}.icon-book:before{content:"\f02d"}.icon-bookmark:before{content:"\f02e"}.icon-print:before{content:"\f02f"}.icon-camera:before{content:"\f030"}.icon-font:before{content:"\f031"}.icon-bold:before{content:"\f032"}.icon-italic:before{content:"\f033"}.icon-text-height:before{content:"\f034"}.icon-text-width:before{content:"\f035"}.icon-align-left:before{content:"\f036"}.icon-align-center:before{content:"\f037"}.icon-align-right:before{content:"\f038"}.icon-align-justify:before{content:"\f039"}.icon-list:before{content:"\f03a"}.icon-indent-left:before{content:"\f03b"}.icon-indent-right:before{content:"\f03c"}.icon-facetime-video:before{content:"\f03d"}.icon-picture:before{content:"\f03e"}.icon-pencil:before{content:"\f040"}.icon-map-marker:before{content:"\f041"}.icon-adjust:before{content:"\f042"}.icon-tint:before{content:"\f043"}.icon-edit:before{content:"\f044"}.icon-share:before{content:"\f045"}.icon-check:before{content:"\f046"}.icon-move:before{content:"\f047"}.icon-step-backward:before{content:"\f048"}.icon-fast-backward:before{content:"\f049"}.icon-backward:before{content:"\f04a"}.icon-play:before{content:"\f04b"}.icon-pause:before{content:"\f04c"}.icon-stop:before{content:"\f04d"}.icon-forward:before{content:"\f04e"}.icon-fast-forward:before{content:"\f050"}.icon-step-forward:before{content:"\f051"}.icon-eject:before{content:"\f052"}.icon-chevron-left:before{content:"\f053"}.icon-chevron-right:before{content:"\f054"}.icon-plus-sign:before{content:"\f055"}.icon-minus-sign:before{content:"\f056"}.icon-remove-sign:before{content:"\f057"}.icon-ok-sign:before{content:"\f058"}.icon-question-sign:before{content:"\f059"}.icon-info-sign:before{content:"\f05a"}.icon-screenshot:before{content:"\f05b"}.icon-remove-circle:before{content:"\f05c"}.icon-ok-circle:before{content:"\f05d"}.icon-ban-circle:before{content:"\f05e"}.icon-arrow-left:before{content:"\f060"}.icon-arrow-right:before{content:"\f061"}.icon-arrow-up:before{content:"\f062"}.icon-arrow-down:before{content:"\f063"}.icon-mail-forward:before,.icon-share-alt:before{content:"\f064"}.icon-resize-full:before{content:"\f065"}.icon-resize-small:before{content:"\f066"}.icon-plus:before{content:"\f067"}.icon-minus:before{content:"\f068"}.icon-asterisk:before{content:"\f069"}.icon-exclamation-sign:before{content:"\f06a"}.icon-gift:before{content:"\f06b"}.icon-leaf:before{content:"\f06c"}.icon-fire:before{content:"\f06d"}.icon-eye-open:before{content:"\f06e"}.icon-eye-close:before{content:"\f070"}.icon-warning-sign:before{content:"\f071"}.icon-plane:before{content:"\f072"}.icon-calendar:before{content:"\f073"}.icon-random:before{content:"\f074"}.icon-comment:before{content:"\f075"}.icon-magnet:before{content:"\f076"}.icon-chevron-up:before{content:"\f077"}.icon-chevron-down:before{content:"\f078"}.icon-retweet:before{content:"\f079"}.icon-shopping-cart:before{content:"\f07a"}.icon-folder-close:before{content:"\f07b"}.icon-folder-open:before{content:"\f07c"}.icon-resize-vertical:before{content:"\f07d"}.icon-resize-horizontal:before{content:"\f07e"}.icon-bar-chart:before{content:"\f080"}.icon-twitter-sign:before{content:"\f081"}.icon-facebook-sign:before{content:"\f082"}.icon-camera-retro:before{content:"\f083"}.icon-key:before{content:"\f084"}.icon-gears:before,.icon-cogs:before{content:"\f085"}.icon-comments:before{content:"\f086"}.icon-thumbs-up-alt:before{content:"\f087"}.icon-thumbs-down-alt:before{content:"\f088"}.icon-star-half:before{content:"\f089"}.icon-heart-empty:before{content:"\f08a"}.icon-signout:before{content:"\f08b"}.icon-linkedin-sign:before{content:"\f08c"}.icon-pushpin:before{content:"\f08d"}.icon-external-link:before{content:"\f08e"}.icon-signin:before{content:"\f090"}.icon-trophy:before{content:"\f091"}.icon-github-sign:before{content:"\f092"}.icon-upload-alt:before{content:"\f093"}.icon-lemon:before{content:"\f094"}.icon-phone:before{content:"\f095"}.icon-unchecked:before,.icon-check-empty:before{content:"\f096"}.icon-bookmark-empty:before{content:"\f097"}.icon-phone-sign:before{content:"\f098"}.icon-twitter:before{content:"\f099"}.icon-facebook:before{content:"\f09a"}.icon-github:before{content:"\f09b"}.icon-unlock:before{content:"\f09c"}.icon-credit-card:before{content:"\f09d"}.icon-rss:before{content:"\f09e"}.icon-hdd:before{content:"\f0a0"}.icon-bullhorn:before{content:"\f0a1"}.icon-bell:before{content:"\f0a2"}.icon-certificate:before{content:"\f0a3"}.icon-hand-right:before{content:"\f0a4"}.icon-hand-left:before{content:"\f0a5"}.icon-hand-up:before{content:"\f0a6"}.icon-hand-down:before{content:"\f0a7"}.icon-circle-arrow-left:before{content:"\f0a8"}.icon-circle-arrow-right:before{content:"\f0a9"}.icon-circle-arrow-up:before{content:"\f0aa"}.icon-circle-arrow-down:before{content:"\f0ab"}.icon-globe:before{content:"\f0ac"}.icon-wrench:before{content:"\f0ad"}.icon-tasks:before{content:"\f0ae"}.icon-filter:before{content:"\f0b0"}.icon-briefcase:before{content:"\f0b1"}.icon-fullscreen:before{content:"\f0b2"}.icon-group:before{content:"\f0c0"}.icon-link:before{content:"\f0c1"}.icon-cloud:before{content:"\f0c2"}.icon-beaker:before{content:"\f0c3"}.icon-cut:before{content:"\f0c4"}.icon-copy:before{content:"\f0c5"}.icon-paperclip:before,.icon-paper-clip:before{content:"\f0c6"}.icon-save:before{content:"\f0c7"}.icon-sign-blank:before{content:"\f0c8"}.icon-reorder:before{content:"\f0c9"}.icon-list-ul:before{content:"\f0ca"}.icon-list-ol:before{content:"\f0cb"}.icon-strikethrough:before{content:"\f0cc"}.icon-underline:before{content:"\f0cd"}.icon-table:before{content:"\f0ce"}.icon-magic:before{content:"\f0d0"}.icon-truck:before{content:"\f0d1"}.icon-pinterest:before{content:"\f0d2"}.icon-pinterest-sign:before{content:"\f0d3"}.icon-google-plus-sign:before{content:"\f0d4"}.icon-google-plus:before{content:"\f0d5"}.icon-money:before{content:"\f0d6"}.icon-caret-down:before{content:"\f0d7"}.icon-caret-up:before{content:"\f0d8"}.icon-caret-left:before{content:"\f0d9"}.icon-caret-right:before{content:"\f0da"}.icon-columns:before{content:"\f0db"}.icon-sort:before{content:"\f0dc"}.icon-sort-down:before{content:"\f0dd"}.icon-sort-up:before{content:"\f0de"}.icon-envelope:before{content:"\f0e0"}.icon-linkedin:before{content:"\f0e1"}.icon-rotate-left:before,.icon-undo:before{content:"\f0e2"}.icon-legal:before{content:"\f0e3"}.icon-dashboard:before{content:"\f0e4"}.icon-comment-alt:before{content:"\f0e5"}.icon-comments-alt:before{content:"\f0e6"}.icon-bolt:before{content:"\f0e7"}.icon-sitemap:before{content:"\f0e8"}.icon-umbrella:before{content:"\f0e9"}.icon-paste:before{content:"\f0ea"}.icon-lightbulb:before{content:"\f0eb"}.icon-exchange:before{content:"\f0ec"}.icon-cloud-download:before{content:"\f0ed"}.icon-cloud-upload:before{content:"\f0ee"}.icon-user-md:before{content:"\f0f0"}.icon-stethoscope:before{content:"\f0f1"}.icon-suitcase:before{content:"\f0f2"}.icon-bell-alt:before{content:"\f0f3"}.icon-coffee:before{content:"\f0f4"}.icon-food:before{content:"\f0f5"}.icon-file-text-alt:before{content:"\f0f6"}.icon-building:before{content:"\f0f7"}.icon-hospital:before{content:"\f0f8"}.icon-ambulance:before{content:"\f0f9"}.icon-medkit:before{content:"\f0fa"}.icon-fighter-jet:before{content:"\f0fb"}.icon-beer:before{content:"\f0fc"}.icon-h-sign:before{content:"\f0fd"}.icon-plus-sign-alt:before{content:"\f0fe"}.icon-double-angle-left:before{content:"\f100"}.icon-double-angle-right:before{content:"\f101"}.icon-double-angle-up:before{content:"\f102"}.icon-double-angle-down:before{content:"\f103"}.icon-angle-left:before{content:"\f104"}.icon-angle-right:before{content:"\f105"}.icon-angle-up:before{content:"\f106"}.icon-angle-down:before{content:"\f107"}.icon-desktop:before{content:"\f108"}.icon-laptop:before{content:"\f109"}.icon-tablet:before{content:"\f10a"}.icon-mobile-phone:before{content:"\f10b"}.icon-circle-blank:before{content:"\f10c"}.icon-quote-left:before{content:"\f10d"}.icon-quote-right:before{content:"\f10e"}.icon-spinner:before{content:"\f110"}.icon-circle:before{content:"\f111"}.icon-mail-reply:before,.icon-reply:before{content:"\f112"}.icon-github-alt:before{content:"\f113"}.icon-folder-close-alt:before{content:"\f114"}.icon-folder-open-alt:before{content:"\f115"}.icon-expand-alt:before{content:"\f116"}.icon-collapse-alt:before{content:"\f117"}.icon-smile:before{content:"\f118"}.icon-frown:before{content:"\f119"}.icon-meh:before{content:"\f11a"}.icon-gamepad:before{content:"\f11b"}.icon-keyboard:before{content:"\f11c"}.icon-flag-alt:before{content:"\f11d"}.icon-flag-checkered:before{content:"\f11e"}.icon-terminal:before{content:"\f120"}.icon-code:before{content:"\f121"}.icon-reply-all:before{content:"\f122"}.icon-mail-reply-all:before{content:"\f122"}.icon-star-half-full:before,.icon-star-half-empty:before{content:"\f123"}.icon-location-arrow:before{content:"\f124"}.icon-crop:before{content:"\f125"}.icon-code-fork:before{content:"\f126"}.icon-unlink:before{content:"\f127"}.icon-question:before{content:"\f128"}.icon-info:before{content:"\f129"}.icon-exclamation:before{content:"\f12a"}.icon-superscript:before{content:"\f12b"}.icon-subscript:before{content:"\f12c"}.icon-eraser:before{content:"\f12d"}.icon-puzzle-piece:before{content:"\f12e"}.icon-microphone:before{content:"\f130"}.icon-microphone-off:before{content:"\f131"}.icon-shield:before{content:"\f132"}.icon-calendar-empty:before{content:"\f133"}.icon-fire-extinguisher:before{content:"\f134"}.icon-rocket:before{content:"\f135"}.icon-maxcdn:before{content:"\f136"}.icon-chevron-sign-left:before{content:"\f137"}.icon-chevron-sign-right:before{content:"\f138"}.icon-chevron-sign-up:before{content:"\f139"}.icon-chevron-sign-down:before{content:"\f13a"}.icon-html5:before{content:"\f13b"}.icon-css3:before{content:"\f13c"}.icon-anchor:before{content:"\f13d"}.icon-unlock-alt:before{content:"\f13e"}.icon-bullseye:before{content:"\f140"}.icon-ellipsis-horizontal:before{content:"\f141"}.icon-ellipsis-vertical:before{content:"\f142"}.icon-rss-sign:before{content:"\f143"}.icon-play-sign:before{content:"\f144"}.icon-ticket:before{content:"\f145"}.icon-minus-sign-alt:before{content:"\f146"}.icon-check-minus:before{content:"\f147"}.icon-level-up:before{content:"\f148"}.icon-level-down:before{content:"\f149"}.icon-check-sign:before{content:"\f14a"}.icon-edit-sign:before{content:"\f14b"}.icon-external-link-sign:before{content:"\f14c"}.icon-share-sign:before{content:"\f14d"}.icon-compass:before{content:"\f14e"}.icon-collapse:before{content:"\f150"}.icon-collapse-top:before{content:"\f151"}.icon-expand:before{content:"\f152"}.icon-euro:before,.icon-eur:before{content:"\f153"}.icon-gbp:before{content:"\f154"}.icon-dollar:before,.icon-usd:before{content:"\f155"}.icon-rupee:before,.icon-inr:before{content:"\f156"}.icon-yen:before,.icon-jpy:before{content:"\f157"}.icon-renminbi:before,.icon-cny:before{content:"\f158"}.icon-won:before,.icon-krw:before{content:"\f159"}.icon-bitcoin:before,.icon-btc:before{content:"\f15a"}.icon-file:before{content:"\f15b"}.icon-file-text:before{content:"\f15c"}.icon-sort-by-alphabet:before{content:"\f15d"}.icon-sort-by-alphabet-alt:before{content:"\f15e"}.icon-sort-by-attributes:before{content:"\f160"}.icon-sort-by-attributes-alt:before{content:"\f161"}.icon-sort-by-order:before{content:"\f162"}.icon-sort-by-order-alt:before{content:"\f163"}.icon-thumbs-up:before{content:"\f164"}.icon-thumbs-down:before{content:"\f165"}.icon-youtube-sign:before{content:"\f166"}.icon-youtube:before{content:"\f167"}.icon-xing:before{content:"\f168"}.icon-xing-sign:before{content:"\f169"}.icon-youtube-play:before{content:"\f16a"}.icon-dropbox:before{content:"\f16b"}.icon-stackexchange:before{content:"\f16c"}.icon-instagram:before{content:"\f16d"}.icon-flickr:before{content:"\f16e"}.icon-adn:before{content:"\f170"}.icon-bitbucket:before{content:"\f171"}.icon-bitbucket-sign:before{content:"\f172"}.icon-tumblr:before{content:"\f173"}.icon-tumblr-sign:before{content:"\f174"}.icon-long-arrow-down:before{content:"\f175"}.icon-long-arrow-up:before{content:"\f176"}.icon-long-arrow-left:before{content:"\f177"}.icon-long-arrow-right:before{content:"\f178"}.icon-apple:before{content:"\f179"}.icon-windows:before{content:"\f17a"}.icon-android:before{content:"\f17b"}.icon-linux:before{content:"\f17c"}.icon-dribbble:before{content:"\f17d"}.icon-skype:before{content:"\f17e"}.icon-foursquare:before{content:"\f180"}.icon-trello:before{content:"\f181"}.icon-female:before{content:"\f182"}.icon-male:before{content:"\f183"}.icon-gittip:before{content:"\f184"}.icon-sun:before{content:"\f185"}.icon-moon:before{content:"\f186"}.icon-archive:before{content:"\f187"}.icon-bug:before{content:"\f188"}.icon-vk:before{content:"\f189"}.icon-weibo:before{content:"\f18a"}.icon-renren:before{content:"\f18b"}.dropup,.dropdown{position:relative}.dropdown-toggle{*margin-bottom:-3px}.dropdown-toggle:active,.open .dropdown-toggle{outline:0}.caret{display:inline-block;width:0;height:0;vertical-align:top;border-top:4px solid #000;border-right:4px solid transparent;border-left:4px solid transparent;content:""}.dropdown .caret{margin-top:8px;margin-left:2px}.dropdown-menu{position:absolute;top:100%;left:0;z-index:1000;display:none;float:left;min-width:160px;padding:5px 0;margin:2px 0 0;list-style:none;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);*border-right-width:2px;*border-bottom-width:2px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);-moz-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2);-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box}.dropdown-menu.pull-right{right:0;left:auto}.dropdown-menu .divider{*width:100%;height:1px;margin:8px 1px;*margin:-5px 0 5px;overflow:hidden;background-color:#e5e5e5;border-bottom:1px solid #fff}.dropdown-menu>li>a{display:block;padding:3px 20px;clear:both;font-weight:normal;line-height:18px;color:#333;white-space:nowrap}.dropdown-menu>li>a:hover,.dropdown-menu>li>a:focus,.dropdown-submenu:hover>a,.dropdown-submenu:focus>a{color:#fff;text-decoration:none;background-color:#0081c2;background-image:-moz-linear-gradient(top,#08c,#0077b3);background-image:-webkit-gradient(linear,0 0,0 100%,from(#08c),to(#0077b3));background-image:-webkit-linear-gradient(top,#08c,#0077b3);background-image:-o-linear-gradient(top,#08c,#0077b3);background-image:linear-gradient(to bottom,#08c,#0077b3);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc',endColorstr='#ff0077b3',GradientType=0)}.dropdown-menu>.active>a,.dropdown-menu>.active>a:hover,.dropdown-menu>.active>a:focus{color:#fff;text-decoration:none;background-color:#0081c2;background-image:-moz-linear-gradient(top,#08c,#0077b3);background-image:-webkit-gradient(linear,0 0,0 100%,from(#08c),to(#0077b3));background-image:-webkit-linear-gradient(top,#08c,#0077b3);background-image:-o-linear-gradient(top,#08c,#0077b3);background-image:linear-gradient(to bottom,#08c,#0077b3);background-repeat:repeat-x;outline:0;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc',endColorstr='#ff0077b3',GradientType=0)}.dropdown-menu>.disabled>a,.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{color:#999}.dropdown-menu>.disabled>a:hover,.dropdown-menu>.disabled>a:focus{text-decoration:none;cursor:default;background-color:transparent;background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.open{*z-index:1000}.open>.dropdown-menu{display:block}.pull-right>.dropdown-menu{right:0;left:auto}.dropup .caret,.navbar-fixed-bottom .dropdown .caret{border-top:0;border-bottom:4px solid #000;content:""}.dropup .dropdown-menu,.navbar-fixed-bottom .dropdown .dropdown-menu{top:auto;bottom:100%;margin-bottom:1px}.dropdown-submenu{position:relative}.dropdown-submenu>.dropdown-menu{top:0;left:100%;margin-top:-6px;margin-left:-1px;-webkit-border-radius:0 6px 6px 6px;-moz-border-radius:0 6px 6px 6px;border-radius:0 6px 6px 6px}.dropdown-submenu:hover>.dropdown-menu{display:block}.dropup .dropdown-submenu>.dropdown-menu{top:auto;bottom:0;margin-top:0;margin-bottom:-2px;-webkit-border-radius:5px 5px 5px 0;-moz-border-radius:5px 5px 5px 0;border-radius:5px 5px 5px 0}.dropdown-submenu>a:after{display:block;float:right;width:0;height:0;margin-top:5px;margin-right:-10px;border-color:transparent;border-left-color:#ccc;border-style:solid;border-width:5px 0 5px 5px;content:" "}.dropdown-submenu:hover>a:after{border-left-color:#fff}.dropdown-submenu.pull-left{float:none}.dropdown-submenu.pull-left>.dropdown-menu{left:-100%;margin-left:10px;-webkit-border-radius:6px 0 6px 6px;-moz-border-radius:6px 0 6px 6px;border-radius:6px 0 6px 6px}.dropdown .dropdown-menu .nav-header{padding-right:20px;padding-left:20px}.typeahead{z-index:1051;margin-top:2px;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.well{min-height:20px;padding:19px;margin-bottom:20px;background-color:#f5f5f5;border:1px solid #e3e3e3;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.05);box-shadow:inset 0 1px 1px rgba(0,0,0,0.05)}.well blockquote{border-color:#ddd;border-color:rgba(0,0,0,0.15)}.well-large{padding:24px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.well-small{padding:9px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.fade{opacity:0;-webkit-transition:opacity .15s linear;-moz-transition:opacity .15s linear;-o-transition:opacity .15s linear;transition:opacity .15s linear}.fade.in{opacity:1}.collapse{position:relative;height:0;overflow:hidden;-webkit-transition:height .35s ease;-moz-transition:height .35s ease;-o-transition:height .35s ease;transition:height .35s ease}.collapse.in{height:auto}.close{float:right;font-size:20px;font-weight:bold;line-height:18px;color:#000;text-shadow:0 1px 0 #fff;opacity:.2;filter:alpha(opacity=20)}.close:hover,.close:focus{color:#000;text-decoration:none;cursor:pointer;opacity:.4;filter:alpha(opacity=40)}button.close{padding:0;cursor:pointer;background:transparent;border:0;-webkit-appearance:none}.btn{display:inline-block;*display:inline;padding:4px 12px;margin-bottom:0;*margin-left:.3em;font-size:13px;line-height:18px;color:#333;text-align:center;text-shadow:0 1px 1px rgba(255,255,255,0.75);vertical-align:middle;cursor:pointer;background-color:#f5f5f5;*background-color:#e6e6e6;background-image:-moz-linear-gradient(top,#fff,#e6e6e6);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),to(#e6e6e6));background-image:-webkit-linear-gradient(top,#fff,#e6e6e6);background-image:-o-linear-gradient(top,#fff,#e6e6e6);background-image:linear-gradient(to bottom,#fff,#e6e6e6);background-repeat:repeat-x;border:1px solid #ccc;*border:0;border-color:#e6e6e6 #e6e6e6 #bfbfbf;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);border-bottom-color:#b3b3b3;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff',endColorstr='#ffe6e6e6',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);*zoom:1;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05)}.btn:hover,.btn:focus,.btn:active,.btn.active,.btn.disabled,.btn[disabled]{color:#333;background-color:#e6e6e6;*background-color:#d9d9d9}.btn:active,.btn.active{background-color:#ccc \9}.btn:first-child{*margin-left:0}.btn:hover,.btn:focus{color:#333;text-decoration:none;background-position:0 -15px;-webkit-transition:background-position .1s linear;-moz-transition:background-position .1s linear;-o-transition:background-position .1s linear;transition:background-position .1s linear}.btn:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}.btn.active,.btn:active{background-image:none;outline:0;-webkit-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05)}.btn.disabled,.btn[disabled]{cursor:default;background-image:none;opacity:.65;filter:alpha(opacity=65);-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.btn-large{padding:11px 19px;font-size:16.25px;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.btn-large [class^="icon-"],.btn-large [class*=" icon-"]{margin-top:4px}.btn-small{padding:2px 10px;font-size:11.049999999999999px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.btn-small [class^="icon-"],.btn-small [class*=" icon-"]{margin-top:0}.btn-mini [class^="icon-"],.btn-mini [class*=" icon-"]{margin-top:-1px}.btn-mini{padding:0 6px;font-size:9.75px;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.btn-block{display:block;width:100%;padding-right:0;padding-left:0;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.btn-block+.btn-block{margin-top:5px}input[type="submit"].btn-block,input[type="reset"].btn-block,input[type="button"].btn-block{width:100%}.btn-primary.active,.btn-warning.active,.btn-danger.active,.btn-success.active,.btn-info.active,.btn-inverse.active{color:rgba(255,255,255,0.75)}.btn-primary{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#006dcc;*background-color:#04c;background-image:-moz-linear-gradient(top,#08c,#04c);background-image:-webkit-gradient(linear,0 0,0 100%,from(#08c),to(#04c));background-image:-webkit-linear-gradient(top,#08c,#04c);background-image:-o-linear-gradient(top,#08c,#04c);background-image:linear-gradient(to bottom,#08c,#04c);background-repeat:repeat-x;border-color:#04c #04c #002a80;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0088cc',endColorstr='#ff0044cc',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-primary:hover,.btn-primary:focus,.btn-primary:active,.btn-primary.active,.btn-primary.disabled,.btn-primary[disabled]{color:#fff;background-color:#04c;*background-color:#003bb3}.btn-primary:active,.btn-primary.active{background-color:#039 \9}.btn-warning{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#faa732;*background-color:#f89406;background-image:-moz-linear-gradient(top,#fbb450,#f89406);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fbb450),to(#f89406));background-image:-webkit-linear-gradient(top,#fbb450,#f89406);background-image:-o-linear-gradient(top,#fbb450,#f89406);background-image:linear-gradient(to bottom,#fbb450,#f89406);background-repeat:repeat-x;border-color:#f89406 #f89406 #ad6704;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffbb450',endColorstr='#fff89406',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-warning:hover,.btn-warning:focus,.btn-warning:active,.btn-warning.active,.btn-warning.disabled,.btn-warning[disabled]{color:#fff;background-color:#f89406;*background-color:#df8505}.btn-warning:active,.btn-warning.active{background-color:#c67605 \9}.btn-danger{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#da4f49;*background-color:#bd362f;background-image:-moz-linear-gradient(top,#ee5f5b,#bd362f);background-image:-webkit-gradient(linear,0 0,0 100%,from(#ee5f5b),to(#bd362f));background-image:-webkit-linear-gradient(top,#ee5f5b,#bd362f);background-image:-o-linear-gradient(top,#ee5f5b,#bd362f);background-image:linear-gradient(to bottom,#ee5f5b,#bd362f);background-repeat:repeat-x;border-color:#bd362f #bd362f #802420;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffee5f5b',endColorstr='#ffbd362f',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-danger:hover,.btn-danger:focus,.btn-danger:active,.btn-danger.active,.btn-danger.disabled,.btn-danger[disabled]{color:#fff;background-color:#bd362f;*background-color:#a9302a}.btn-danger:active,.btn-danger.active{background-color:#942a25 \9}.btn-success{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#5bb75b;*background-color:#51a351;background-image:-moz-linear-gradient(top,#62c462,#51a351);background-image:-webkit-gradient(linear,0 0,0 100%,from(#62c462),to(#51a351));background-image:-webkit-linear-gradient(top,#62c462,#51a351);background-image:-o-linear-gradient(top,#62c462,#51a351);background-image:linear-gradient(to bottom,#62c462,#51a351);background-repeat:repeat-x;border-color:#51a351 #51a351 #387038;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff62c462',endColorstr='#ff51a351',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-success:hover,.btn-success:focus,.btn-success:active,.btn-success.active,.btn-success.disabled,.btn-success[disabled]{color:#fff;background-color:#51a351;*background-color:#499249}.btn-success:active,.btn-success.active{background-color:#408140 \9}.btn-info{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#49afcd;*background-color:#2f96b4;background-image:-moz-linear-gradient(top,#5bc0de,#2f96b4);background-image:-webkit-gradient(linear,0 0,0 100%,from(#5bc0de),to(#2f96b4));background-image:-webkit-linear-gradient(top,#5bc0de,#2f96b4);background-image:-o-linear-gradient(top,#5bc0de,#2f96b4);background-image:linear-gradient(to bottom,#5bc0de,#2f96b4);background-repeat:repeat-x;border-color:#2f96b4 #2f96b4 #1f6377;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de',endColorstr='#ff2f96b4',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-info:hover,.btn-info:focus,.btn-info:active,.btn-info.active,.btn-info.disabled,.btn-info[disabled]{color:#fff;background-color:#2f96b4;*background-color:#2a85a0}.btn-info:active,.btn-info.active{background-color:#24748c \9}.btn-inverse{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#363636;*background-color:#222;background-image:-moz-linear-gradient(top,#444,#222);background-image:-webkit-gradient(linear,0 0,0 100%,from(#444),to(#222));background-image:-webkit-linear-gradient(top,#444,#222);background-image:-o-linear-gradient(top,#444,#222);background-image:linear-gradient(to bottom,#444,#222);background-repeat:repeat-x;border-color:#222 #222 #000;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff444444',endColorstr='#ff222222',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.btn-inverse:hover,.btn-inverse:focus,.btn-inverse:active,.btn-inverse.active,.btn-inverse.disabled,.btn-inverse[disabled]{color:#fff;background-color:#222;*background-color:#151515}.btn-inverse:active,.btn-inverse.active{background-color:#080808 \9}button.btn,input[type="submit"].btn{*padding-top:3px;*padding-bottom:3px}button.btn::-moz-focus-inner,input[type="submit"].btn::-moz-focus-inner{padding:0;border:0}button.btn.btn-large,input[type="submit"].btn.btn-large{*padding-top:7px;*padding-bottom:7px}button.btn.btn-small,input[type="submit"].btn.btn-small{*padding-top:3px;*padding-bottom:3px}button.btn.btn-mini,input[type="submit"].btn.btn-mini{*padding-top:1px;*padding-bottom:1px}.btn-link,.btn-link:active,.btn-link[disabled]{background-color:transparent;background-image:none;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.btn-link{color:#08c;cursor:pointer;border-color:transparent;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-link:hover,.btn-link:focus{color:#005580;text-decoration:underline;background-color:transparent}.btn-link[disabled]:hover,.btn-link[disabled]:focus{color:#333;text-decoration:none}.btn-group{position:relative;display:inline-block;*display:inline;*margin-left:.3em;font-size:0;white-space:nowrap;vertical-align:middle;*zoom:1}.btn-group:first-child{*margin-left:0}.btn-group+.btn-group{margin-left:5px}.btn-toolbar{margin-top:9px;margin-bottom:9px;font-size:0}.btn-toolbar>.btn+.btn,.btn-toolbar>.btn-group+.btn,.btn-toolbar>.btn+.btn-group{margin-left:5px}.btn-group>.btn{position:relative;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-group>.btn+.btn{margin-left:-1px}.btn-group>.btn,.btn-group>.dropdown-menu,.btn-group>.popover{font-size:13px}.btn-group>.btn-mini{font-size:9.75px}.btn-group>.btn-small{font-size:11.049999999999999px}.btn-group>.btn-large{font-size:16.25px}.btn-group>.btn:first-child{margin-left:0;-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-bottomleft:4px;-moz-border-radius-topleft:4px}.btn-group>.btn:last-child,.btn-group>.dropdown-toggle{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-bottomright:4px}.btn-group>.btn.large:first-child{margin-left:0;-webkit-border-bottom-left-radius:6px;border-bottom-left-radius:6px;-webkit-border-top-left-radius:6px;border-top-left-radius:6px;-moz-border-radius-bottomleft:6px;-moz-border-radius-topleft:6px}.btn-group>.btn.large:last-child,.btn-group>.large.dropdown-toggle{-webkit-border-top-right-radius:6px;border-top-right-radius:6px;-webkit-border-bottom-right-radius:6px;border-bottom-right-radius:6px;-moz-border-radius-topright:6px;-moz-border-radius-bottomright:6px}.btn-group>.btn:hover,.btn-group>.btn:focus,.btn-group>.btn:active,.btn-group>.btn.active{z-index:2}.btn-group .dropdown-toggle:active,.btn-group.open .dropdown-toggle{outline:0}.btn-group>.btn+.dropdown-toggle{*padding-top:5px;padding-right:8px;*padding-bottom:5px;padding-left:8px;-webkit-box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 1px 0 0 rgba(255,255,255,0.125),inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05)}.btn-group>.btn-mini+.dropdown-toggle{*padding-top:2px;padding-right:5px;*padding-bottom:2px;padding-left:5px}.btn-group>.btn-small+.dropdown-toggle{*padding-top:5px;*padding-bottom:4px}.btn-group>.btn-large+.dropdown-toggle{*padding-top:7px;padding-right:12px;*padding-bottom:7px;padding-left:12px}.btn-group.open .dropdown-toggle{background-image:none;-webkit-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05);box-shadow:inset 0 2px 4px rgba(0,0,0,0.15),0 1px 2px rgba(0,0,0,0.05)}.btn-group.open .btn.dropdown-toggle{background-color:#e6e6e6}.btn-group.open .btn-primary.dropdown-toggle{background-color:#04c}.btn-group.open .btn-warning.dropdown-toggle{background-color:#f89406}.btn-group.open .btn-danger.dropdown-toggle{background-color:#bd362f}.btn-group.open .btn-success.dropdown-toggle{background-color:#51a351}.btn-group.open .btn-info.dropdown-toggle{background-color:#2f96b4}.btn-group.open .btn-inverse.dropdown-toggle{background-color:#222}.btn .caret{margin-top:8px;margin-left:0}.btn-large .caret{margin-top:6px}.btn-large .caret{border-top-width:5px;border-right-width:5px;border-left-width:5px}.btn-mini .caret,.btn-small .caret{margin-top:8px}.dropup .btn-large .caret{border-bottom-width:5px}.btn-primary .caret,.btn-warning .caret,.btn-danger .caret,.btn-info .caret,.btn-success .caret,.btn-inverse .caret{border-top-color:#fff;border-bottom-color:#fff}.btn-group-vertical{display:inline-block;*display:inline;*zoom:1}.btn-group-vertical>.btn{display:block;float:none;max-width:100%;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.btn-group-vertical>.btn+.btn{margin-top:-1px;margin-left:0}.btn-group-vertical>.btn:first-child{-webkit-border-radius:4px 4px 0 0;-moz-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0}.btn-group-vertical>.btn:last-child{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px}.btn-group-vertical>.btn-large:first-child{-webkit-border-radius:6px 6px 0 0;-moz-border-radius:6px 6px 0 0;border-radius:6px 6px 0 0}.btn-group-vertical>.btn-large:last-child{-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px}.alert{padding:8px 35px 8px 14px;margin-bottom:18px;text-shadow:0 1px 0 rgba(255,255,255,0.5);background-color:#fcf8e3;border:1px solid #fbeed5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.alert,.alert h4{color:#c09853}.alert h4{margin:0}.alert .close{position:relative;top:-2px;right:-21px;line-height:18px}.alert-success{color:#468847;background-color:#dff0d8;border-color:#d6e9c6}.alert-success h4{color:#468847}.alert-danger,.alert-error{color:#b94a48;background-color:#f2dede;border-color:#eed3d7}.alert-danger h4,.alert-error h4{color:#b94a48}.alert-info{color:#3a87ad;background-color:#d9edf7;border-color:#bce8f1}.alert-info h4{color:#3a87ad}.alert-block{padding-top:14px;padding-bottom:14px}.alert-block>p,.alert-block>ul{margin-bottom:0}.alert-block p+p{margin-top:5px}.nav{margin-bottom:18px;margin-left:0;list-style:none}.nav>li>a{display:block}.nav>li>a:hover,.nav>li>a:focus{text-decoration:none;background-color:#eee}.nav>li>a>img{max-width:none}.nav>.pull-right{float:right}.nav-header{display:block;padding:3px 15px;font-size:11px;font-weight:bold;line-height:18px;color:#999;text-shadow:0 1px 0 rgba(255,255,255,0.5);text-transform:uppercase}.nav li+.nav-header{margin-top:9px}.nav-list{padding-right:15px;padding-left:15px;margin-bottom:0}.nav-list>li>a,.nav-list .nav-header{margin-right:-15px;margin-left:-15px;text-shadow:0 1px 0 rgba(255,255,255,0.5)}.nav-list>li>a{padding:3px 15px}.nav-list>.active>a,.nav-list>.active>a:hover,.nav-list>.active>a:focus{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.2);background-color:#08c}.nav-list [class^="icon-"],.nav-list [class*=" icon-"]{margin-right:2px}.nav-list .divider{*width:100%;height:1px;margin:8px 1px;*margin:-5px 0 5px;overflow:hidden;background-color:#e5e5e5;border-bottom:1px solid #fff}.nav-tabs,.nav-pills{*zoom:1}.nav-tabs:before,.nav-pills:before,.nav-tabs:after,.nav-pills:after{display:table;line-height:0;content:""}.nav-tabs:after,.nav-pills:after{clear:both}.nav-tabs>li,.nav-pills>li{float:left}.nav-tabs>li>a,.nav-pills>li>a{padding-right:12px;padding-left:12px;margin-right:2px;line-height:14px}.nav-tabs{border-bottom:1px solid #ddd}.nav-tabs>li{margin-bottom:-1px}.nav-tabs>li>a{padding-top:8px;padding-bottom:8px;line-height:18px;border:1px solid transparent;-webkit-border-radius:4px 4px 0 0;-moz-border-radius:4px 4px 0 0;border-radius:4px 4px 0 0}.nav-tabs>li>a:hover,.nav-tabs>li>a:focus{border-color:#eee #eee #ddd}.nav-tabs>.active>a,.nav-tabs>.active>a:hover,.nav-tabs>.active>a:focus{color:#555;cursor:default;background-color:#fff;border:1px solid #ddd;border-bottom-color:transparent}.nav-pills>li>a{padding-top:8px;padding-bottom:8px;margin-top:2px;margin-bottom:2px;-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px}.nav-pills>.active>a,.nav-pills>.active>a:hover,.nav-pills>.active>a:focus{color:#fff;background-color:#08c}.nav-stacked>li{float:none}.nav-stacked>li>a{margin-right:0}.nav-tabs.nav-stacked{border-bottom:0}.nav-tabs.nav-stacked>li>a{border:1px solid #ddd;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.nav-tabs.nav-stacked>li:first-child>a{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-topleft:4px}.nav-tabs.nav-stacked>li:last-child>a{-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-moz-border-radius-bottomright:4px;-moz-border-radius-bottomleft:4px}.nav-tabs.nav-stacked>li>a:hover,.nav-tabs.nav-stacked>li>a:focus{z-index:2;border-color:#ddd}.nav-pills.nav-stacked>li>a{margin-bottom:3px}.nav-pills.nav-stacked>li:last-child>a{margin-bottom:1px}.nav-tabs .dropdown-menu{-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px}.nav-pills .dropdown-menu{-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.nav .dropdown-toggle .caret{margin-top:6px;border-top-color:#08c;border-bottom-color:#08c}.nav .dropdown-toggle:hover .caret,.nav .dropdown-toggle:focus .caret{border-top-color:#005580;border-bottom-color:#005580}.nav-tabs .dropdown-toggle .caret{margin-top:8px}.nav .active .dropdown-toggle .caret{border-top-color:#fff;border-bottom-color:#fff}.nav-tabs .active .dropdown-toggle .caret{border-top-color:#555;border-bottom-color:#555}.nav>.dropdown.active>a:hover,.nav>.dropdown.active>a:focus{cursor:pointer}.nav-tabs .open .dropdown-toggle,.nav-pills .open .dropdown-toggle,.nav>li.dropdown.open.active>a:hover,.nav>li.dropdown.open.active>a:focus{color:#fff;background-color:#999;border-color:#999}.nav li.dropdown.open .caret,.nav li.dropdown.open.active .caret,.nav li.dropdown.open a:hover .caret,.nav li.dropdown.open a:focus .caret{border-top-color:#fff;border-bottom-color:#fff;opacity:1;filter:alpha(opacity=100)}.tabs-stacked .open>a:hover,.tabs-stacked .open>a:focus{border-color:#999}.tabbable{*zoom:1}.tabbable:before,.tabbable:after{display:table;line-height:0;content:""}.tabbable:after{clear:both}.tab-content{overflow:auto}.tabs-below>.nav-tabs,.tabs-right>.nav-tabs,.tabs-left>.nav-tabs{border-bottom:0}.tab-content>.tab-pane,.pill-content>.pill-pane{display:none}.tab-content>.active,.pill-content>.active{display:block}.tabs-below>.nav-tabs{border-top:1px solid #ddd}.tabs-below>.nav-tabs>li{margin-top:-1px;margin-bottom:0}.tabs-below>.nav-tabs>li>a{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px}.tabs-below>.nav-tabs>li>a:hover,.tabs-below>.nav-tabs>li>a:focus{border-top-color:#ddd;border-bottom-color:transparent}.tabs-below>.nav-tabs>.active>a,.tabs-below>.nav-tabs>.active>a:hover,.tabs-below>.nav-tabs>.active>a:focus{border-color:transparent #ddd #ddd #ddd}.tabs-left>.nav-tabs>li,.tabs-right>.nav-tabs>li{float:none}.tabs-left>.nav-tabs>li>a,.tabs-right>.nav-tabs>li>a{min-width:74px;margin-right:0;margin-bottom:3px}.tabs-left>.nav-tabs{float:left;margin-right:19px;border-right:1px solid #ddd}.tabs-left>.nav-tabs>li>a{margin-right:-1px;-webkit-border-radius:4px 0 0 4px;-moz-border-radius:4px 0 0 4px;border-radius:4px 0 0 4px}.tabs-left>.nav-tabs>li>a:hover,.tabs-left>.nav-tabs>li>a:focus{border-color:#eee #ddd #eee #eee}.tabs-left>.nav-tabs .active>a,.tabs-left>.nav-tabs .active>a:hover,.tabs-left>.nav-tabs .active>a:focus{border-color:#ddd transparent #ddd #ddd;*border-right-color:#fff}.tabs-right>.nav-tabs{float:right;margin-left:19px;border-left:1px solid #ddd}.tabs-right>.nav-tabs>li>a{margin-left:-1px;-webkit-border-radius:0 4px 4px 0;-moz-border-radius:0 4px 4px 0;border-radius:0 4px 4px 0}.tabs-right>.nav-tabs>li>a:hover,.tabs-right>.nav-tabs>li>a:focus{border-color:#eee #eee #eee #ddd}.tabs-right>.nav-tabs .active>a,.tabs-right>.nav-tabs .active>a:hover,.tabs-right>.nav-tabs .active>a:focus{border-color:#ddd #ddd #ddd transparent;*border-left-color:#fff}.nav>.disabled>a{color:#999}.nav>.disabled>a:hover,.nav>.disabled>a:focus{text-decoration:none;cursor:default;background-color:transparent}.navbar{*position:relative;*z-index:2;margin-bottom:18px;overflow:visible}.navbar-inner{min-height:50px;padding-right:20px;padding-left:20px;background-color:#fafafa;background-image:-moz-linear-gradient(top,#fff,#f2f2f2);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),to(#f2f2f2));background-image:-webkit-linear-gradient(top,#fff,#f2f2f2);background-image:-o-linear-gradient(top,#fff,#f2f2f2);background-image:linear-gradient(to bottom,#fff,#f2f2f2);background-repeat:repeat-x;border:1px solid #d4d4d4;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff',endColorstr='#fff2f2f2',GradientType=0);*zoom:1;-webkit-box-shadow:0 1px 4px rgba(0,0,0,0.065);-moz-box-shadow:0 1px 4px rgba(0,0,0,0.065);box-shadow:0 1px 4px rgba(0,0,0,0.065)}.navbar-inner:before,.navbar-inner:after{display:table;line-height:0;content:""}.navbar-inner:after{clear:both}.navbar .container{width:auto}.nav-collapse.collapse{height:auto;overflow:visible}.navbar .brand{display:block;float:left;padding:16px 20px 16px;margin-left:-20px;font-size:20px;font-weight:200;color:#777;text-shadow:0 1px 0 #fff}.navbar .brand:hover,.navbar .brand:focus{text-decoration:none}.navbar-text{margin-bottom:0;line-height:50px;color:#777}.navbar-link{color:#777}.navbar-link:hover,.navbar-link:focus{color:#333}.navbar .divider-vertical{height:50px;margin:0 9px;border-right:1px solid #fff;border-left:1px solid #f2f2f2}.navbar .btn,.navbar .btn-group{margin-top:10px}.navbar .btn-group .btn,.navbar .input-prepend .btn,.navbar .input-append .btn,.navbar .input-prepend .btn-group,.navbar .input-append .btn-group{margin-top:0}.navbar-form{margin-bottom:0;*zoom:1}.navbar-form:before,.navbar-form:after{display:table;line-height:0;content:""}.navbar-form:after{clear:both}.navbar-form input,.navbar-form select,.navbar-form .radio,.navbar-form .checkbox{margin-top:10px}.navbar-form input,.navbar-form select,.navbar-form .btn{display:inline-block;margin-bottom:0}.navbar-form input[type="image"],.navbar-form input[type="checkbox"],.navbar-form input[type="radio"]{margin-top:3px}.navbar-form .input-append,.navbar-form .input-prepend{margin-top:5px;white-space:nowrap}.navbar-form .input-append input,.navbar-form .input-prepend input{margin-top:0}.navbar-search{position:relative;float:left;margin-top:10px;margin-bottom:0}.navbar-search .search-query{padding:4px 14px;margin-bottom:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:13px;font-weight:normal;line-height:1;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px}.navbar-static-top{position:static;margin-bottom:0}.navbar-static-top .navbar-inner{-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.navbar-fixed-top,.navbar-fixed-bottom{position:fixed;right:0;left:0;z-index:1030;margin-bottom:0}.navbar-fixed-top .navbar-inner,.navbar-static-top .navbar-inner{border-width:0 0 1px}.navbar-fixed-bottom .navbar-inner{border-width:1px 0 0}.navbar-fixed-top .navbar-inner,.navbar-fixed-bottom .navbar-inner{padding-right:0;padding-left:0;-webkit-border-radius:0;-moz-border-radius:0;border-radius:0}.navbar-static-top .container,.navbar-fixed-top .container,.navbar-fixed-bottom .container{width:940px}.navbar-fixed-top{top:0}.navbar-fixed-top .navbar-inner,.navbar-static-top .navbar-inner{-webkit-box-shadow:0 1px 10px rgba(0,0,0,0.1);-moz-box-shadow:0 1px 10px rgba(0,0,0,0.1);box-shadow:0 1px 10px rgba(0,0,0,0.1)}.navbar-fixed-bottom{bottom:0}.navbar-fixed-bottom .navbar-inner{-webkit-box-shadow:0 -1px 10px rgba(0,0,0,0.1);-moz-box-shadow:0 -1px 10px rgba(0,0,0,0.1);box-shadow:0 -1px 10px rgba(0,0,0,0.1)}.navbar .nav{position:relative;left:0;display:block;float:left;margin:0 10px 0 0}.navbar .nav.pull-right{float:right;margin-right:0}.navbar .nav>li{float:left}.navbar .nav>li>a{float:none;padding:16px 15px 16px;color:#777;text-decoration:none;text-shadow:0 1px 0 #fff}.navbar .nav .dropdown-toggle .caret{margin-top:8px}.navbar .nav>li>a:focus,.navbar .nav>li>a:hover{color:#333;text-decoration:none;background-color:transparent}.navbar .nav>.active>a,.navbar .nav>.active>a:hover,.navbar .nav>.active>a:focus{color:#555;text-decoration:none;background-color:#e5e5e5;-webkit-box-shadow:inset 0 3px 8px rgba(0,0,0,0.125);-moz-box-shadow:inset 0 3px 8px rgba(0,0,0,0.125);box-shadow:inset 0 3px 8px rgba(0,0,0,0.125)}.navbar .btn-navbar{display:none;float:right;padding:7px 10px;margin-right:5px;margin-left:5px;color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#ededed;*background-color:#e5e5e5;background-image:-moz-linear-gradient(top,#f2f2f2,#e5e5e5);background-image:-webkit-gradient(linear,0 0,0 100%,from(#f2f2f2),to(#e5e5e5));background-image:-webkit-linear-gradient(top,#f2f2f2,#e5e5e5);background-image:-o-linear-gradient(top,#f2f2f2,#e5e5e5);background-image:linear-gradient(to bottom,#f2f2f2,#e5e5e5);background-repeat:repeat-x;border-color:#e5e5e5 #e5e5e5 #bfbfbf;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff2f2f2',endColorstr='#ffe5e5e5',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false);-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075);-moz-box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075);box-shadow:inset 0 1px 0 rgba(255,255,255,0.1),0 1px 0 rgba(255,255,255,0.075)}.navbar .btn-navbar:hover,.navbar .btn-navbar:focus,.navbar .btn-navbar:active,.navbar .btn-navbar.active,.navbar .btn-navbar.disabled,.navbar .btn-navbar[disabled]{color:#fff;background-color:#e5e5e5;*background-color:#d9d9d9}.navbar .btn-navbar:active,.navbar .btn-navbar.active{background-color:#ccc \9}.navbar .btn-navbar .icon-bar{display:block;width:18px;height:2px;background-color:#f5f5f5;-webkit-border-radius:1px;-moz-border-radius:1px;border-radius:1px;-webkit-box-shadow:0 1px 0 rgba(0,0,0,0.25);-moz-box-shadow:0 1px 0 rgba(0,0,0,0.25);box-shadow:0 1px 0 rgba(0,0,0,0.25)}.btn-navbar .icon-bar+.icon-bar{margin-top:3px}.navbar .nav>li>.dropdown-menu:before{position:absolute;top:-7px;left:9px;display:inline-block;border-right:7px solid transparent;border-bottom:7px solid #ccc;border-left:7px solid transparent;border-bottom-color:rgba(0,0,0,0.2);content:''}.navbar .nav>li>.dropdown-menu:after{position:absolute;top:-6px;left:10px;display:inline-block;border-right:6px solid transparent;border-bottom:6px solid #fff;border-left:6px solid transparent;content:''}.navbar-fixed-bottom .nav>li>.dropdown-menu:before{top:auto;bottom:-7px;border-top:7px solid #ccc;border-bottom:0;border-top-color:rgba(0,0,0,0.2)}.navbar-fixed-bottom .nav>li>.dropdown-menu:after{top:auto;bottom:-6px;border-top:6px solid #fff;border-bottom:0}.navbar .nav li.dropdown>a:hover .caret,.navbar .nav li.dropdown>a:focus .caret{border-top-color:#333;border-bottom-color:#333}.navbar .nav li.dropdown.open>.dropdown-toggle,.navbar .nav li.dropdown.active>.dropdown-toggle,.navbar .nav li.dropdown.open.active>.dropdown-toggle{color:#555;background-color:#e5e5e5}.navbar .nav li.dropdown>.dropdown-toggle .caret{border-top-color:#777;border-bottom-color:#777}.navbar .nav li.dropdown.open>.dropdown-toggle .caret,.navbar .nav li.dropdown.active>.dropdown-toggle .caret,.navbar .nav li.dropdown.open.active>.dropdown-toggle .caret{border-top-color:#555;border-bottom-color:#555}.navbar .pull-right>li>.dropdown-menu,.navbar .nav>li>.dropdown-menu.pull-right{right:0;left:auto}.navbar .pull-right>li>.dropdown-menu:before,.navbar .nav>li>.dropdown-menu.pull-right:before{right:12px;left:auto}.navbar .pull-right>li>.dropdown-menu:after,.navbar .nav>li>.dropdown-menu.pull-right:after{right:13px;left:auto}.navbar .pull-right>li>.dropdown-menu .dropdown-menu,.navbar .nav>li>.dropdown-menu.pull-right .dropdown-menu{right:100%;left:auto;margin-right:-1px;margin-left:0;-webkit-border-radius:6px 0 6px 6px;-moz-border-radius:6px 0 6px 6px;border-radius:6px 0 6px 6px}.navbar-inverse .navbar-inner{background-color:#1b1b1b;background-image:-moz-linear-gradient(top,#222,#111);background-image:-webkit-gradient(linear,0 0,0 100%,from(#222),to(#111));background-image:-webkit-linear-gradient(top,#222,#111);background-image:-o-linear-gradient(top,#222,#111);background-image:linear-gradient(to bottom,#222,#111);background-repeat:repeat-x;border-color:#252525;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff222222',endColorstr='#ff111111',GradientType=0)}.navbar-inverse .brand,.navbar-inverse .nav>li>a{color:#999;text-shadow:0 -1px 0 rgba(0,0,0,0.25)}.navbar-inverse .brand:hover,.navbar-inverse .nav>li>a:hover,.navbar-inverse .brand:focus,.navbar-inverse .nav>li>a:focus{color:#fff}.navbar-inverse .brand{color:#999}.navbar-inverse .navbar-text{color:#999}.navbar-inverse .nav>li>a:focus,.navbar-inverse .nav>li>a:hover{color:#fff;background-color:transparent}.navbar-inverse .nav .active>a,.navbar-inverse .nav .active>a:hover,.navbar-inverse .nav .active>a:focus{color:#fff;background-color:#111}.navbar-inverse .navbar-link{color:#999}.navbar-inverse .navbar-link:hover,.navbar-inverse .navbar-link:focus{color:#fff}.navbar-inverse .divider-vertical{border-right-color:#222;border-left-color:#111}.navbar-inverse .nav li.dropdown.open>.dropdown-toggle,.navbar-inverse .nav li.dropdown.active>.dropdown-toggle,.navbar-inverse .nav li.dropdown.open.active>.dropdown-toggle{color:#fff;background-color:#111}.navbar-inverse .nav li.dropdown>a:hover .caret,.navbar-inverse .nav li.dropdown>a:focus .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar-inverse .nav li.dropdown>.dropdown-toggle .caret{border-top-color:#999;border-bottom-color:#999}.navbar-inverse .nav li.dropdown.open>.dropdown-toggle .caret,.navbar-inverse .nav li.dropdown.active>.dropdown-toggle .caret,.navbar-inverse .nav li.dropdown.open.active>.dropdown-toggle .caret{border-top-color:#fff;border-bottom-color:#fff}.navbar-inverse .navbar-search .search-query{color:#fff;background-color:#515151;border-color:#111;-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1),0 1px 0 rgba(255,255,255,0.15);-webkit-transition:none;-moz-transition:none;-o-transition:none;transition:none}.navbar-inverse .navbar-search .search-query:-moz-placeholder{color:#ccc}.navbar-inverse .navbar-search .search-query:-ms-input-placeholder{color:#ccc}.navbar-inverse .navbar-search .search-query::-webkit-input-placeholder{color:#ccc}.navbar-inverse .navbar-search .search-query:focus,.navbar-inverse .navbar-search .search-query.focused{padding:5px 15px;color:#333;text-shadow:0 1px 0 #fff;background-color:#fff;border:0;outline:0;-webkit-box-shadow:0 0 3px rgba(0,0,0,0.15);-moz-box-shadow:0 0 3px rgba(0,0,0,0.15);box-shadow:0 0 3px rgba(0,0,0,0.15)}.navbar-inverse .btn-navbar{color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#0e0e0e;*background-color:#040404;background-image:-moz-linear-gradient(top,#151515,#040404);background-image:-webkit-gradient(linear,0 0,0 100%,from(#151515),to(#040404));background-image:-webkit-linear-gradient(top,#151515,#040404);background-image:-o-linear-gradient(top,#151515,#040404);background-image:linear-gradient(to bottom,#151515,#040404);background-repeat:repeat-x;border-color:#040404 #040404 #000;border-color:rgba(0,0,0,0.1) rgba(0,0,0,0.1) rgba(0,0,0,0.25);filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff151515',endColorstr='#ff040404',GradientType=0);filter:progid:DXImageTransform.Microsoft.gradient(enabled=false)}.navbar-inverse .btn-navbar:hover,.navbar-inverse .btn-navbar:focus,.navbar-inverse .btn-navbar:active,.navbar-inverse .btn-navbar.active,.navbar-inverse .btn-navbar.disabled,.navbar-inverse .btn-navbar[disabled]{color:#fff;background-color:#040404;*background-color:#000}.navbar-inverse .btn-navbar:active,.navbar-inverse .btn-navbar.active{background-color:#000 \9}.breadcrumb{padding:8px 15px;margin:0 0 18px;list-style:none;background-color:#f5f5f5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.breadcrumb>li{display:inline-block;*display:inline;text-shadow:0 1px 0 #fff;*zoom:1}.breadcrumb>li>.divider{padding:0 5px;color:#ccc}.breadcrumb>.active{color:#999}.pagination{margin:18px 0}.pagination ul{display:inline-block;*display:inline;margin-bottom:0;margin-left:0;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;*zoom:1;-webkit-box-shadow:0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:0 1px 2px rgba(0,0,0,0.05);box-shadow:0 1px 2px rgba(0,0,0,0.05)}.pagination ul>li{display:inline}.pagination ul>li>a,.pagination ul>li>span{float:left;padding:4px 12px;line-height:18px;text-decoration:none;background-color:#fff;border:1px solid #ddd;border-left-width:0}.pagination ul>li>a:hover,.pagination ul>li>a:focus,.pagination ul>.active>a,.pagination ul>.active>span{background-color:#f5f5f5}.pagination ul>.active>a,.pagination ul>.active>span{color:#999;cursor:default}.pagination ul>.disabled>span,.pagination ul>.disabled>a,.pagination ul>.disabled>a:hover,.pagination ul>.disabled>a:focus{color:#999;cursor:default;background-color:transparent}.pagination ul>li:first-child>a,.pagination ul>li:first-child>span{border-left-width:1px;-webkit-border-bottom-left-radius:4px;border-bottom-left-radius:4px;-webkit-border-top-left-radius:4px;border-top-left-radius:4px;-moz-border-radius-bottomleft:4px;-moz-border-radius-topleft:4px}.pagination ul>li:last-child>a,.pagination ul>li:last-child>span{-webkit-border-top-right-radius:4px;border-top-right-radius:4px;-webkit-border-bottom-right-radius:4px;border-bottom-right-radius:4px;-moz-border-radius-topright:4px;-moz-border-radius-bottomright:4px}.pagination-centered{text-align:center}.pagination-right{text-align:right}.pagination-large ul>li>a,.pagination-large ul>li>span{padding:11px 19px;font-size:16.25px}.pagination-large ul>li:first-child>a,.pagination-large ul>li:first-child>span{-webkit-border-bottom-left-radius:6px;border-bottom-left-radius:6px;-webkit-border-top-left-radius:6px;border-top-left-radius:6px;-moz-border-radius-bottomleft:6px;-moz-border-radius-topleft:6px}.pagination-large ul>li:last-child>a,.pagination-large ul>li:last-child>span{-webkit-border-top-right-radius:6px;border-top-right-radius:6px;-webkit-border-bottom-right-radius:6px;border-bottom-right-radius:6px;-moz-border-radius-topright:6px;-moz-border-radius-bottomright:6px}.pagination-mini ul>li:first-child>a,.pagination-small ul>li:first-child>a,.pagination-mini ul>li:first-child>span,.pagination-small ul>li:first-child>span{-webkit-border-bottom-left-radius:3px;border-bottom-left-radius:3px;-webkit-border-top-left-radius:3px;border-top-left-radius:3px;-moz-border-radius-bottomleft:3px;-moz-border-radius-topleft:3px}.pagination-mini ul>li:last-child>a,.pagination-small ul>li:last-child>a,.pagination-mini ul>li:last-child>span,.pagination-small ul>li:last-child>span{-webkit-border-top-right-radius:3px;border-top-right-radius:3px;-webkit-border-bottom-right-radius:3px;border-bottom-right-radius:3px;-moz-border-radius-topright:3px;-moz-border-radius-bottomright:3px}.pagination-small ul>li>a,.pagination-small ul>li>span{padding:2px 10px;font-size:11.049999999999999px}.pagination-mini ul>li>a,.pagination-mini ul>li>span{padding:0 6px;font-size:9.75px}.pager{margin:18px 0;text-align:center;list-style:none;*zoom:1}.pager:before,.pager:after{display:table;line-height:0;content:""}.pager:after{clear:both}.pager li{display:inline}.pager li>a,.pager li>span{display:inline-block;padding:5px 14px;background-color:#fff;border:1px solid #ddd;-webkit-border-radius:15px;-moz-border-radius:15px;border-radius:15px}.pager li>a:hover,.pager li>a:focus{text-decoration:none;background-color:#f5f5f5}.pager .next>a,.pager .next>span{float:right}.pager .previous>a,.pager .previous>span{float:left}.pager .disabled>a,.pager .disabled>a:hover,.pager .disabled>a:focus,.pager .disabled>span{color:#999;cursor:default;background-color:#fff}.modal-backdrop{position:fixed;top:0;right:0;bottom:0;left:0;z-index:1040;background-color:#000}.modal-backdrop.fade{opacity:0}.modal-backdrop,.modal-backdrop.fade.in{opacity:.8;filter:alpha(opacity=80)}.modal{position:fixed;top:10%;left:50%;z-index:1050;width:560px;margin-left:-280px;background-color:#fff;border:1px solid #999;border:1px solid rgba(0,0,0,0.3);*border:1px solid #999;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;outline:0;-webkit-box-shadow:0 3px 7px rgba(0,0,0,0.3);-moz-box-shadow:0 3px 7px rgba(0,0,0,0.3);box-shadow:0 3px 7px rgba(0,0,0,0.3);-webkit-background-clip:padding-box;-moz-background-clip:padding-box;background-clip:padding-box}.modal.fade{top:-25%;-webkit-transition:opacity .3s linear,top .3s ease-out;-moz-transition:opacity .3s linear,top .3s ease-out;-o-transition:opacity .3s linear,top .3s ease-out;transition:opacity .3s linear,top .3s ease-out}.modal.fade.in{top:10%}.modal-header{padding:9px 15px;border-bottom:1px solid #eee}.modal-header .close{margin-top:2px}.modal-header h3{margin:0;line-height:30px}.modal-body{position:relative;max-height:400px;padding:15px;overflow-y:auto}.modal-form{margin-bottom:0}.modal-footer{padding:14px 15px 15px;margin-bottom:0;text-align:right;background-color:#f5f5f5;border-top:1px solid #ddd;-webkit-border-radius:0 0 6px 6px;-moz-border-radius:0 0 6px 6px;border-radius:0 0 6px 6px;*zoom:1;-webkit-box-shadow:inset 0 1px 0 #fff;-moz-box-shadow:inset 0 1px 0 #fff;box-shadow:inset 0 1px 0 #fff}.modal-footer:before,.modal-footer:after{display:table;line-height:0;content:""}.modal-footer:after{clear:both}.modal-footer .btn+.btn{margin-bottom:0;margin-left:5px}.modal-footer .btn-group .btn+.btn{margin-left:-1px}.modal-footer .btn-block+.btn-block{margin-left:0}.tooltip{position:absolute;z-index:1030;display:block;font-size:11px;line-height:1.4;opacity:0;filter:alpha(opacity=0);visibility:visible}.tooltip.in{opacity:.8;filter:alpha(opacity=80)}.tooltip.top{padding:5px 0;margin-top:-3px}.tooltip.right{padding:0 5px;margin-left:3px}.tooltip.bottom{padding:5px 0;margin-top:3px}.tooltip.left{padding:0 5px;margin-left:-3px}.tooltip-inner{max-width:200px;padding:8px;color:#fff;text-align:center;text-decoration:none;background-color:#000;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.tooltip-arrow{position:absolute;width:0;height:0;border-color:transparent;border-style:solid}.tooltip.top .tooltip-arrow{bottom:0;left:50%;margin-left:-5px;border-top-color:#000;border-width:5px 5px 0}.tooltip.right .tooltip-arrow{top:50%;left:0;margin-top:-5px;border-right-color:#000;border-width:5px 5px 5px 0}.tooltip.left .tooltip-arrow{top:50%;right:0;margin-top:-5px;border-left-color:#000;border-width:5px 0 5px 5px}.tooltip.bottom .tooltip-arrow{top:0;left:50%;margin-left:-5px;border-bottom-color:#000;border-width:0 5px 5px}.popover{position:absolute;top:0;left:0;z-index:1010;display:none;max-width:276px;padding:1px;text-align:left;white-space:normal;background-color:#fff;border:1px solid #ccc;border:1px solid rgba(0,0,0,0.2);-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px;-webkit-box-shadow:0 5px 10px rgba(0,0,0,0.2);-moz-box-shadow:0 5px 10px rgba(0,0,0,0.2);box-shadow:0 5px 10px rgba(0,0,0,0.2);-webkit-background-clip:padding-box;-moz-background-clip:padding;background-clip:padding-box}.popover.top{margin-top:-10px}.popover.right{margin-left:10px}.popover.bottom{margin-top:10px}.popover.left{margin-left:-10px}.popover-title{padding:8px 14px;margin:0;font-size:14px;font-weight:normal;line-height:18px;background-color:#f7f7f7;border-bottom:1px solid #ebebeb;-webkit-border-radius:5px 5px 0 0;-moz-border-radius:5px 5px 0 0;border-radius:5px 5px 0 0}.popover-title:empty{display:none}.popover-content{padding:9px 14px}.popover .arrow,.popover .arrow:after{position:absolute;display:block;width:0;height:0;border-color:transparent;border-style:solid}.popover .arrow{border-width:11px}.popover .arrow:after{border-width:10px;content:""}.popover.top .arrow{bottom:-11px;left:50%;margin-left:-11px;border-top-color:#999;border-top-color:rgba(0,0,0,0.25);border-bottom-width:0}.popover.top .arrow:after{bottom:1px;margin-left:-10px;border-top-color:#fff;border-bottom-width:0}.popover.right .arrow{top:50%;left:-11px;margin-top:-11px;border-right-color:#999;border-right-color:rgba(0,0,0,0.25);border-left-width:0}.popover.right .arrow:after{bottom:-10px;left:1px;border-right-color:#fff;border-left-width:0}.popover.bottom .arrow{top:-11px;left:50%;margin-left:-11px;border-bottom-color:#999;border-bottom-color:rgba(0,0,0,0.25);border-top-width:0}.popover.bottom .arrow:after{top:1px;margin-left:-10px;border-bottom-color:#fff;border-top-width:0}.popover.left .arrow{top:50%;right:-11px;margin-top:-11px;border-left-color:#999;border-left-color:rgba(0,0,0,0.25);border-right-width:0}.popover.left .arrow:after{right:1px;bottom:-10px;border-left-color:#fff;border-right-width:0}.thumbnails{margin-left:-20px;list-style:none;*zoom:1}.thumbnails:before,.thumbnails:after{display:table;line-height:0;content:""}.thumbnails:after{clear:both}.row-fluid .thumbnails{margin-left:0}.thumbnails>li{float:left;margin-bottom:18px;margin-left:20px}.thumbnail{display:block;padding:4px;line-height:18px;border:1px solid #ddd;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:0 1px 3px rgba(0,0,0,0.055);-moz-box-shadow:0 1px 3px rgba(0,0,0,0.055);box-shadow:0 1px 3px rgba(0,0,0,0.055);-webkit-transition:all .2s ease-in-out;-moz-transition:all .2s ease-in-out;-o-transition:all .2s ease-in-out;transition:all .2s ease-in-out}a.thumbnail:hover,a.thumbnail:focus{border-color:#08c;-webkit-box-shadow:0 1px 4px rgba(0,105,214,0.25);-moz-box-shadow:0 1px 4px rgba(0,105,214,0.25);box-shadow:0 1px 4px rgba(0,105,214,0.25)}.thumbnail>img{display:block;max-width:100%;margin-right:auto;margin-left:auto}.thumbnail .caption{padding:9px;color:#555}.media,.media-body{overflow:hidden;*overflow:visible;zoom:1}.media,.media .media{margin-top:15px}.media:first-child{margin-top:0}.media-object{display:block}.media-heading{margin:0 0 5px}.media>.pull-left{margin-right:10px}.media>.pull-right{margin-left:10px}.media-list{margin-left:0;list-style:none}.label,.badge{display:inline-block;padding:2px 4px;font-size:10.998px;font-weight:bold;line-height:14px;color:#fff;text-shadow:0 -1px 0 rgba(0,0,0,0.25);white-space:nowrap;vertical-align:baseline;background-color:#999}.label{-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px}.badge{padding-right:9px;padding-left:9px;-webkit-border-radius:9px;-moz-border-radius:9px;border-radius:9px}.label:empty,.badge:empty{display:none}a.label:hover,a.label:focus,a.badge:hover,a.badge:focus{color:#fff;text-decoration:none;cursor:pointer}.label-important,.badge-important{background-color:#b94a48}.label-important[href],.badge-important[href]{background-color:#953b39}.label-warning,.badge-warning{background-color:#f89406}.label-warning[href],.badge-warning[href]{background-color:#c67605}.label-success,.badge-success{background-color:#468847}.label-success[href],.badge-success[href]{background-color:#356635}.label-info,.badge-info{background-color:#3a87ad}.label-info[href],.badge-info[href]{background-color:#2d6987}.label-inverse,.badge-inverse{background-color:#333}.label-inverse[href],.badge-inverse[href]{background-color:#1a1a1a}.btn .label,.btn .badge{position:relative;top:-1px}.btn-mini .label,.btn-mini .badge{top:0}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-moz-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-ms-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:0 0}to{background-position:40px 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}.progress{height:18px;margin-bottom:18px;overflow:hidden;background-color:#f7f7f7;background-image:-moz-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:-webkit-gradient(linear,0 0,0 100%,from(#f5f5f5),to(#f9f9f9));background-image:-webkit-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:-o-linear-gradient(top,#f5f5f5,#f9f9f9);background-image:linear-gradient(to bottom,#f5f5f5,#f9f9f9);background-repeat:repeat-x;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff5f5f5',endColorstr='#fff9f9f9',GradientType=0);-webkit-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);-moz-box-shadow:inset 0 1px 2px rgba(0,0,0,0.1);box-shadow:inset 0 1px 2px rgba(0,0,0,0.1)}.progress .bar{float:left;width:0;height:100%;font-size:12px;color:#fff;text-align:center;text-shadow:0 -1px 0 rgba(0,0,0,0.25);background-color:#0e90d2;background-image:-moz-linear-gradient(top,#149bdf,#0480be);background-image:-webkit-gradient(linear,0 0,0 100%,from(#149bdf),to(#0480be));background-image:-webkit-linear-gradient(top,#149bdf,#0480be);background-image:-o-linear-gradient(top,#149bdf,#0480be);background-image:linear-gradient(to bottom,#149bdf,#0480be);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff149bdf',endColorstr='#ff0480be',GradientType=0);-webkit-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-moz-box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 0 -1px 0 rgba(0,0,0,0.15);-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;-webkit-transition:width .6s ease;-moz-transition:width .6s ease;-o-transition:width .6s ease;transition:width .6s ease}.progress .bar+.bar{-webkit-box-shadow:inset 1px 0 0 rgba(0,0,0,0.15),inset 0 -1px 0 rgba(0,0,0,0.15);-moz-box-shadow:inset 1px 0 0 rgba(0,0,0,0.15),inset 0 -1px 0 rgba(0,0,0,0.15);box-shadow:inset 1px 0 0 rgba(0,0,0,0.15),inset 0 -1px 0 rgba(0,0,0,0.15)}.progress-striped .bar{background-color:#149bdf;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);-webkit-background-size:40px 40px;-moz-background-size:40px 40px;-o-background-size:40px 40px;background-size:40px 40px}.progress.active .bar{-webkit-animation:progress-bar-stripes 2s linear infinite;-moz-animation:progress-bar-stripes 2s linear infinite;-ms-animation:progress-bar-stripes 2s linear infinite;-o-animation:progress-bar-stripes 2s linear infinite;animation:progress-bar-stripes 2s linear infinite}.progress-danger .bar,.progress .bar-danger{background-color:#dd514c;background-image:-moz-linear-gradient(top,#ee5f5b,#c43c35);background-image:-webkit-gradient(linear,0 0,0 100%,from(#ee5f5b),to(#c43c35));background-image:-webkit-linear-gradient(top,#ee5f5b,#c43c35);background-image:-o-linear-gradient(top,#ee5f5b,#c43c35);background-image:linear-gradient(to bottom,#ee5f5b,#c43c35);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffee5f5b',endColorstr='#ffc43c35',GradientType=0)}.progress-danger.progress-striped .bar,.progress-striped .bar-danger{background-color:#ee5f5b;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-success .bar,.progress .bar-success{background-color:#5eb95e;background-image:-moz-linear-gradient(top,#62c462,#57a957);background-image:-webkit-gradient(linear,0 0,0 100%,from(#62c462),to(#57a957));background-image:-webkit-linear-gradient(top,#62c462,#57a957);background-image:-o-linear-gradient(top,#62c462,#57a957);background-image:linear-gradient(to bottom,#62c462,#57a957);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff62c462',endColorstr='#ff57a957',GradientType=0)}.progress-success.progress-striped .bar,.progress-striped .bar-success{background-color:#62c462;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-info .bar,.progress .bar-info{background-color:#4bb1cf;background-image:-moz-linear-gradient(top,#5bc0de,#339bb9);background-image:-webkit-gradient(linear,0 0,0 100%,from(#5bc0de),to(#339bb9));background-image:-webkit-linear-gradient(top,#5bc0de,#339bb9);background-image:-o-linear-gradient(top,#5bc0de,#339bb9);background-image:linear-gradient(to bottom,#5bc0de,#339bb9);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff5bc0de',endColorstr='#ff339bb9',GradientType=0)}.progress-info.progress-striped .bar,.progress-striped .bar-info{background-color:#5bc0de;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.progress-warning .bar,.progress .bar-warning{background-color:#faa732;background-image:-moz-linear-gradient(top,#fbb450,#f89406);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fbb450),to(#f89406));background-image:-webkit-linear-gradient(top,#fbb450,#f89406);background-image:-o-linear-gradient(top,#fbb450,#f89406);background-image:linear-gradient(to bottom,#fbb450,#f89406);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fffbb450',endColorstr='#fff89406',GradientType=0)}.progress-warning.progress-striped .bar,.progress-striped .bar-warning{background-color:#fbb450;background-image:-webkit-gradient(linear,0 100%,100% 0,color-stop(0.25,rgba(255,255,255,0.15)),color-stop(0.25,transparent),color-stop(0.5,transparent),color-stop(0.5,rgba(255,255,255,0.15)),color-stop(0.75,rgba(255,255,255,0.15)),color-stop(0.75,transparent),to(transparent));background-image:-webkit-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-moz-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:-o-linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent);background-image:linear-gradient(45deg,rgba(255,255,255,0.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,0.15) 50%,rgba(255,255,255,0.15) 75%,transparent 75%,transparent)}.accordion{margin-bottom:18px}.accordion-group{margin-bottom:2px;border:1px solid #e5e5e5;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px}.accordion-heading{border-bottom:0}.accordion-heading .accordion-toggle{display:block;padding:8px 15px}.accordion-toggle{cursor:pointer}.accordion-inner{padding:9px 15px;border-top:1px solid #e5e5e5}.carousel{position:relative;margin-bottom:18px;line-height:1}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner>.item{position:relative;display:none;-webkit-transition:.6s ease-in-out left;-moz-transition:.6s ease-in-out left;-o-transition:.6s ease-in-out left;transition:.6s ease-in-out left}.carousel-inner>.item>img,.carousel-inner>.item>a>img{display:block;line-height:1}.carousel-inner>.active,.carousel-inner>.next,.carousel-inner>.prev{display:block}.carousel-inner>.active{left:0}.carousel-inner>.next,.carousel-inner>.prev{position:absolute;top:0;width:100%}.carousel-inner>.next{left:100%}.carousel-inner>.prev{left:-100%}.carousel-inner>.next.left,.carousel-inner>.prev.right{left:0}.carousel-inner>.active.left{left:-100%}.carousel-inner>.active.right{left:100%}.carousel-control{position:absolute;top:40%;left:15px;width:40px;height:40px;margin-top:-20px;font-size:60px;font-weight:100;line-height:30px;color:#fff;text-align:center;background:#222;border:3px solid #fff;-webkit-border-radius:23px;-moz-border-radius:23px;border-radius:23px;opacity:.5;filter:alpha(opacity=50)}.carousel-control.right{right:15px;left:auto}.carousel-control:hover,.carousel-control:focus{color:#fff;text-decoration:none;opacity:.9;filter:alpha(opacity=90)}.carousel-indicators{position:absolute;top:15px;right:15px;z-index:5;margin:0;list-style:none}.carousel-indicators li{display:block;float:left;width:10px;height:10px;margin-left:5px;text-indent:-999px;background-color:#ccc;background-color:rgba(255,255,255,0.25);border-radius:5px}.carousel-indicators .active{background-color:#fff}.carousel-caption{position:absolute;right:0;bottom:0;left:0;padding:15px;background:#333;background:rgba(0,0,0,0.75)}.carousel-caption h4,.carousel-caption p{line-height:18px;color:#fff}.carousel-caption h4{margin:0 0 5px}.carousel-caption p{margin-bottom:0}.hero-unit{padding:60px;margin-bottom:30px;font-size:18px;font-weight:200;line-height:27px;color:inherit;background-color:#eee;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}.hero-unit h1{margin-bottom:0;font-size:60px;line-height:1;letter-spacing:-1px;color:inherit}.hero-unit li{line-height:27px}.pull-right{float:right}.pull-left{float:left}.hide{display:none}.show{display:block}.invisible{visibility:hidden}.affix{position:fixed}.chzn-container .chzn-drop{position:fixed}.chzn-container{position:relative;display:inline-block;*display:inline;zoom:1}.chzn-drop{position:absolute;top:29px;left:0;z-index:1050;background:#fff;border:1px solid #aaa;border-top:0;-webkit-box-shadow:0 4px 5px rgba(0,0,0,0.15);-moz-box-shadow:0 4px 5px rgba(0,0,0,0.15);box-shadow:0 4px 5px rgba(0,0,0,0.15)}.chzn-container-single .chzn-single{position:relative;display:block;height:23px;padding:0 0 0 8px;overflow:hidden;line-height:24px;color:#444;text-decoration:none;white-space:nowrap;background-color:#efefef;background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),color-stop(50%,#eee),to(#f4f4f4));background-image:-webkit-linear-gradient(#fff,#eee 50%,#f4f4f4);background-image:-moz-linear-gradient(top,#fff,#eee 50%,#f4f4f4);background-image:-o-linear-gradient(#fff,#eee 50%,#f4f4f4);background-image:linear-gradient(#fff,#eee 50%,#f4f4f4);background-repeat:no-repeat;border:1px solid #aaa;-webkit-border-radius:5px;-moz-border-radius:5px;border-radius:5px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffffffff',endColorstr='#fff4f4f4',GradientType=0);-webkit-box-shadow:0 0 3px #fff inset,0 1px 1px rgba(0,0,0,0.1);-moz-box-shadow:0 0 3px #fff inset,0 1px 1px rgba(0,0,0,0.1);box-shadow:0 0 3px #fff inset,0 1px 1px rgba(0,0,0,0.1);-webkit-background-clip:padding-box;-moz-background-clip:padding-box;background-clip:padding-box}.chzn-container-single .chzn-default{color:#999}.chzn-container-single .chzn-single span{display:block;margin-right:26px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.chzn-container-single .chzn-single abbr{position:absolute;top:0;right:26px}.chzn-container-single .chzn-single abbr:before{float:right;font-size:20px;font-weight:bold;line-height:18px;color:#000;text-shadow:0 1px 0 #fff;content:'\00D7';opacity:.2;filter:alpha(opacity=20)}.chzn-container-single .chzn-single abbr:before:hover,.chzn-container-single .chzn-single abbr:before:focus{color:#000;text-decoration:none;cursor:pointer;opacity:.4;filter:alpha(opacity=40)}.chzn-container-single .chzn-single abbr:hover,.chzn-container-single.chzn-disabled .chzn-single abbr:hover{text-decoration:none;cursor:pointer}.chzn-container-single .chzn-single abbr:hover:before,.chzn-container-single.chzn-disabled .chzn-single abbr:hover:before{color:#000;opacity:.4;filter:alpha(opacity=40)}.chzn-container-single .chzn-single div{position:absolute;top:0;right:0;display:block;width:18px;height:100%}.chzn-container-single .chzn-single div b{display:block;width:100%;height:100%}.chzn-container-single .chzn-single div b:after{font-family:FontAwesome;content:'\f078'}.chzn-search{position:relative;z-index:1050;padding:3px 4px;margin:0;white-space:nowrap}.chzn-search:after{position:relative;right:16px;font-family:FontAwesome;content:'\f002'}.chzn-search input{padding:4px 20px 4px 5px;margin:1px 0;font-family:sans-serif;font-size:1em;background-color:#f5f5f5;background-image:-moz-linear-gradient(top,#eee,#fff);background-image:-webkit-gradient(linear,0 0,0 100%,from(#eee),to(#fff));background-image:-webkit-linear-gradient(top,#eee,#fff);background-image:-o-linear-gradient(top,#eee,#fff);background-image:linear-gradient(to bottom,#eee,#fff);background-repeat:repeat-x;border:1px solid #aaa;outline:0;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffeeeeee',endColorstr='#ffffffff',GradientType=0)}.chzn-drop{-webkit-border-radius:0 0 4px 4px;-moz-border-radius:0 0 4px 4px;border-radius:0 0 4px 4px;-webkit-background-clip:padding-box;-moz-background-clip:padding-box;background-clip:padding-box}.chzn-container-single-nosearch .chzn-search input{position:absolute;left:-9000px;display:none}.chzn-container-multi .chzn-choices{position:relative;height:auto!important;height:1%;padding:0;margin:0;overflow:hidden;cursor:text;background-color:#fff;border:1px solid #ccc;-webkit-border-radius:4px;-moz-border-radius:4px;border-radius:4px;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border linear .2s,box-shadow linear .2s;-moz-transition:border linear .2s,box-shadow linear .2s;-o-transition:border linear .2s,box-shadow linear .2s;transition:border linear .2s,box-shadow linear .2s}.chzn-container-multi .chzn-choices li{float:left;list-style:none}.chzn-container-multi .chzn-choices .search-field{padding:0;margin:0;white-space:nowrap}.chzn-container-multi .chzn-choices .search-field input{height:15px;padding:5px;margin:1px 0;font-family:sans-serif;font-size:100%;color:#666;background:transparent!important;border:0!important;outline:0;-webkit-box-shadow:none;-moz-box-shadow:none;box-shadow:none}.chzn-container-multi .chzn-choices .search-field .default{color:#999}.chzn-container-multi .chzn-choices .search-choice{position:relative;padding:3px 20px 3px 5px;margin:3px 0 3px 5px;line-height:13px;color:#333;cursor:default;background-color:#f0f0f0;background-image:-webkit-gradient(linear,0 0,0 100%,from(#f4f4f4),color-stop(50%,#f0f0f0),to(#eee));background-image:-webkit-linear-gradient(#f4f4f4,#f0f0f0 50%,#eee);background-image:-moz-linear-gradient(top,#f4f4f4,#f0f0f0 50%,#eee);background-image:-o-linear-gradient(#f4f4f4,#f0f0f0 50%,#eee);background-image:linear-gradient(#f4f4f4,#f0f0f0 50%,#eee);background-repeat:no-repeat;border:1px solid #aaa;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fff4f4f4',endColorstr='#ffeeeeee',GradientType=0);-webkit-box-shadow:0 0 2px #fff inset,0 1px 0 rgba(0,0,0,0.05);-moz-box-shadow:0 0 2px #fff inset,0 1px 0 rgba(0,0,0,0.05);box-shadow:0 0 2px #fff inset,0 1px 0 rgba(0,0,0,0.05);-webkit-background-clip:padding-box;-moz-background-clip:padding-box;background-clip:padding-box}.chzn-container-multi .chzn-choices .search-choice-focus{background:#d4d4d4}.chzn-container-multi .chzn-choices .search-choice .search-choice-close{position:absolute;top:0;right:3px}.chzn-container-multi .chzn-choices .search-choice .search-choice-close:before{font-size:20px;font-weight:bold;line-height:14px;color:#000;text-shadow:0 1px 0 #fff;content:'\00D7';opacity:.2;filter:alpha(opacity=20)}.chzn-container-multi .chzn-choices .search-choice .search-choice-close:hover,.chzn-container-multi .chzn-choices .search-choice-focus .search-choice-close{text-decoration:none;cursor:pointer}.chzn-container-multi .chzn-choices .search-choice .search-choice-close:hover:before,.chzn-container-multi .chzn-choices .search-choice-focus .search-choice-close:before{color:#000;opacity:.4;filter:alpha(opacity=40)}.chzn-results{position:relative;max-height:240px;padding:0 0 0 4px;margin:0 4px 4px 0;overflow-x:hidden;overflow-y:auto;-webkit-overflow-scrolling:touch}.chzn-container-multi .chzn-results{padding:0;margin:-1px 0 0}.chzn-results li{display:none;padding:5px 6px;margin:0;line-height:15px;list-style:none}.chzn-results .active-result{display:list-item;cursor:pointer}.chzn-results .highlighted{color:#fff;background-color:#008bd1;background-image:-moz-linear-gradient(top,#0099e6,#0077b3);background-image:-webkit-gradient(linear,0 0,0 100%,from(#0099e6),to(#0077b3));background-image:-webkit-linear-gradient(top,#0099e6,#0077b3);background-image:-o-linear-gradient(top,#0099e6,#0077b3);background-image:linear-gradient(to bottom,#0099e6,#0077b3);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ff0099e6',endColorstr='#ff0077b3',GradientType=0)}.chzn-results li em{font-style:normal;background:#feffde}.chzn-results .highlighted em{background:transparent}.chzn-results .no-results{display:list-item;background:#f4f4f4}.chzn-results .group-result{font-weight:bold;color:#999;cursor:default}.chzn-results .group-option{padding-left:15px}.chzn-container-multi .chzn-drop .result-selected{display:none}.chzn-container-active .chzn-single{border:1px solid #5897fb;-webkit-box-shadow:0 0 5px rgba(0,0,0,0.3);-moz-box-shadow:0 0 5px rgba(0,0,0,0.3);box-shadow:0 0 5px rgba(0,0,0,0.3)}.chzn-container-active .chzn-single-with-drop{background-color:#f5f5f5;background-image:-moz-linear-gradient(top,#eee,#fff);background-image:-webkit-gradient(linear,0 0,0 100%,from(#eee),to(#fff));background-image:-webkit-linear-gradient(top,#eee,#fff);background-image:-o-linear-gradient(top,#eee,#fff);background-image:linear-gradient(to bottom,#eee,#fff);background-repeat:repeat-x;border:1px solid #aaa;-webkit-border-bottom-right-radius:0;border-bottom-right-radius:0;-webkit-border-bottom-left-radius:0;border-bottom-left-radius:0;-moz-border-radius-bottomright:0;-moz-border-radius-bottomleft:0;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffeeeeee',endColorstr='#ffffffff',GradientType=0);-webkit-box-shadow:0 1px 0 #fff inset;-moz-box-shadow:0 1px 0 #fff inset;box-shadow:0 1px 0 #fff inset}.chzn-container-active .chzn-single-with-drop div{background:transparent;border-left:none}.chzn-container-active .chzn-single-with-drop div b:after{content:'\f077'}.chzn-container-active .chzn-choices{border-color:rgba(82,168,236,0.8);-webkit-border-bottom-right-radius:0;border-bottom-right-radius:0;-webkit-border-bottom-left-radius:0;border-bottom-left-radius:0;-moz-border-radius-bottomright:0;-moz-border-radius-bottomleft:0;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6)}.chzn-container-active .chzn-choices .search-field input{color:#111!important}.chzn-disabled{cursor:default;opacity:.5!important}.chzn-disabled .chzn-single{cursor:default}.chzn-disabled .chzn-choices .search-choice .search-choice-close{cursor:default}.chzn-rtl{text-align:right}.chzn-rtl .chzn-single{padding:0 8px 0 0;overflow:visible}.chzn-rtl .chzn-single span{margin-right:0;margin-left:26px;direction:rtl}.chzn-rtl .chzn-single div{right:auto;left:3px}.chzn-rtl .chzn-single abbr{right:auto;left:26px}.chzn-rtl .chzn-choices .search-field input{direction:rtl}.chzn-rtl .chzn-choices li{float:right}.chzn-rtl .chzn-choices .search-choice{padding:3px 5px 3px 19px;margin:3px 5px 3px 0}.chzn-rtl .chzn-choices .search-choice .search-choice-close{right:auto;left:4px}.chzn-rtl.chzn-container-single .chzn-results{padding:0 4px 0 0;margin:0 0 4px 4px}.chzn-rtl .chzn-results .group-option{padding-right:15px;padding-left:0}.chzn-rtl.chzn-container-active .chzn-single-with-drop div{border-right:0}.chzn-rtl.chzn-container-single .chzn-search:after{right:auto;left:16px}.chzn-rtl .chzn-search input{padding:4px 5px 4px 20px;background-color:#f5f5f5;background-image:-moz-linear-gradient(top,#eee,#fff);background-image:-webkit-gradient(linear,0 0,0 100%,from(#eee),to(#fff));background-image:-webkit-linear-gradient(top,#eee,#fff);background-image:-o-linear-gradient(top,#eee,#fff);background-image:linear-gradient(to bottom,#eee,#fff);background-repeat:repeat-x;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ffeeeeee',endColorstr='#ffffffff',GradientType=0);direction:rtl} diff --git a/html/pfappserver/root/static/font/fontawesome-webfont.eot b/html/pfappserver/root/static/font/fontawesome-webfont.eot index 89070c1e63c2703b2334023922ecc1664f759b55..0662cb96bfb78cb2603df4bc9995314bd6806312 100755 GIT binary patch literal 37405 zcmZ^pWl$VU@a7j-+}&YucXwahCAho06I>Q|cXxMpcMa|Y2qZwTkO24I)qVI^U0rug zJw3mg>FTdj^N^+j0DLI`0Q7$e1pLo{0whBL{$omN|C9dj`ak@CLXyXN`Tv&xL+}7# zfD6DG;0cfb_yDW`9{=r}{!;(|4WRL#+5o%&jsP=&`+tNQpz|Mb|L=_5|G5JKZ~<5W zoc}F$0O&tu2XOpH007$mPfyVQ(-8oW)Rg^yCWe8+UI(PG0aCaC0oOPSSMf`$n0jT> zNXqA6GJtPRak*%7-a)|uJ_cYiiNSybhhwHgZsoQT!Xm){KHAvM=U7}|U1LMC#O~E5 zr29c@hQt;YTG-}+NpnmSA-uodhzL6v(y*sW`M!ORS+=>yZEu#TCj! zUy+<2^w9t}gp+uZf4of?Wu~aMPFG3*SSQZCNj%`3Bj@JX#iTZn)$zBBxIh!mQkTH^ z$w|djT}ESOe63Tg_77=Kz*-Hv z>{BQjmd06dHK(UTXP4msH0^JEhbcuu1K6tPKEA0hD-``i-8n+4m3HNWmvab<;8NlS zDAsXXE>0tAwn8zMiXDesTOk`z05XDaMEI9&(8~|Nl;&D%6C@bNj6Gu2vaDayhS`Zv z)W46=-5L8j*NC+e7!=_YpV7bPQMRXH``qc@*(&=}Hv2!d+a@yGe{WuVftGFtJwqZ$ zXlZnjCV5(O>mF@@5tL!3w)g9~xQ?h}eEhYFbmRT_ZQt*qoF)PNYv44JmY81?P^}^P z8=vEU0?Y%~chU3Paw=H3G37{0tnbte`sP+RLWzaPDi}WL*t<-xclAU8ZJHv)&RQ!WD+LZ5>G4Z=X5e8h zI~8x0!V1~u)|J&aWqBxvnqxKNjU7WKjakJB?JgwDJ;`A0#&QZ24YnkX6JqgItAlG* zRLYYB)iEk!%4Utz$Pj}CBp0IOR_!v_{WraEVmY*2lMhXyz|Y#Kn@J^k78Xp}MXlX! z#-km>Z@u_epCJ>#)tNu1gnC6@;K`;vSCk$iDAA>&b2?}gR!L8pXBM4!14 ze;6nq#ODiF{jqqg#tUutCTo()dzY=JHPe%AjvZa0`EALGl~fc)-RVj0DM<^zLMS~l z@*^OQT|>5}r-!{Xr-7{XlUR<6P8eid6%K&py{Z%xF}oVHDmqq;=YeNf>Et=@Xf+&LGOx>6Lcxi0c1-J%%$n^Y z0_!{mDCN%?pK^mdIsvt38PT8W%*)lsf0N4qZNLzTbty#wB22yjkXMe9B-#B4!aIc_ z!9NR;!Ca(NXBe_BfznV=fVI7$o~nEnFwh~jo}{rT^Cciw3wM)N%U?(q);-l1fiPvI zT_PT$)0`lIxoF)w3ZzdS5P0PX4G{K1Lm^hsh&Qexk?=Ogwrq8`=nrk2L@k8QR+)bby7QXcZYX=B9u1NnfzZT z9^K&T@)D)!?z3EbAhjD0M{<>|Z7p0K-N7#E#}gDb2%S|4f?3n}3o#KozgQ_3iUg{s z{D=^3IRs&?ao>C_CFWZfjW&2i+w-i#u##w^NYV&Z6BlPPc+mXGpdl}etH?UUYq%0S zVC>r!$*Csq6N2c=T^o(Fj9X&1X#mHDA7jK-HK~q*7QH0XeU#l0J3ZSubwz*fc8m~F zc_*Wp2E+54uop~t!Iq_kIi& zx63!K&I(~un;B49{A0CaBro&v6H`-`uVO4?(ai;2Kwwsm>5v)j%fLUYH5IFXn4UZ~ zDmHrbVrHL!Z4|XWe+hEWIIf#B-p);T+>2JV$D z@-si^D34!8SOg33#Da_Fs6#Bp;cy|f=w&UrH8|zrPlMc^CULm(w21K%9g>lu29X7G)HxDeVKVJ#OmQIA3<DB=wbw_C~hLLg*7e;3P;*kd`~+Fe^VU-Bt)ri!@* z60eD^A_>i;O`?=jo1}GX3pSuft>KR?qdNF4pwf z|Dhr_u@*sXZ3}$DzEWTV5+>68ThA#>WIaS>RwT7$TngT zmn!yfa4J)I7E|7i{o z$ES{Y36>D>4<^w@_#p^iv&iB=DVOK~A0}(JLMV}IAksuBZDFB-7M2dbloF&R z$`TcBVy|{uo)$;eMk@!WK99jP{+x-7KrbBF{z#F|tA$r;e17{ti#2e5u6fOrPyoR} z<=oO9fc(z7s9svZe@oWA*W&p5?|OZx+GPNp)pLb$fVONpeKj(agx~f06){dbByl{ObJJ)V8@)BW!-; zz+|>i$>7w;aTDKmtSl#`vw;yV=0{|=qxYG~bIlYOPWv*EfT0t|s<3TOza|dH=*RhN zd~|P5(@{QePE_>rMu7Khi!P?k`f1jXyoyaI6K6}q z5w2l3gp{AWp@uyD-oYS)`Qs{rfTP-0v(24h5>HmtChQ9hsjPESIr#|9TfE&Nb4*5R zSVxS$@V!;exgU4*F={h5$7NvFNNu7iIzl7k8cmir4O!A-_-V-)K#8f-v%Kv-P@sX1 zWLsZgy{93V>2Fa)DX!PbD5g(!-AM_~@=a7vu$In<=p$=9jMgju?Hs!{lcuOvn?m?- z;9qquyPiv>Zv{9T?bzoJPg(h^Qdomi*RWd;Rqo#0VAbET;7d-%Mfjg7$!7Jkf)728IE?nF zuwW8}QZX7wm?(GU4)hlyp8cXC&cM>yAw3>Jv?^S)sAh7AQAANE*ptw@b8w7$EoWE0B!5=X5u86kvtt9eGosARbHb;g(0_IP)jbYe7NBor8KN(wT!`(4$Ib zIUJk+{=EZW8;GKKL{1fT!}p04oXjTyFpVoN9Ug>A{US@XYGFVQj&0O!NEH40o898J^8hCa^y6Qs|gtW{b% zdtJWq?48pozNht0^0JhMasrmO8zMr=BT2!?by$zdZ=|H@Xke zI0d#9t})kW;F7|JHO*|@m!y46>bGSa2Ax(DdlNwZ@bR`iw;3NPI-)S(Q2}pC9P|7r ziziW-Dlp^6-NgYpz{X93X(RL^M8H@@?W1$V{O|xx;-%hs!8Sgo^!SXb-@LT5jGD$|XcS=KCe{V^BGVzmAOs3s3BIS}l`@-)R1 zG?>~s>Wiy}Nc=2O%>HLI|1Yz`T5YWjqLA*f=7o-tm1g?MkHtFtHBJUcQv|MG zSYHQF8jW5^a;ez*RzoxP_3r~Qhu@e+eC>bT61 zM!%+znz~09KgdtDhxDoCs!07c%{?>xwX!*{o;w4tDCV5q3foqA;2V3`X*a~_c~ zPsC^)uTL~$Q{~AlcP*e2AE69@OsS&UX^6=lpr}s*R{phnj{V9N%)DqEeBKi;YN*Lz z=c;@?Z&WK+dn(W!0~Se4s_QAT)?U6&}E+Lhw!5N$nYe4FBNj2f7^@NA2Bv;xGx8lg*ujReEln# zL*5Ay?Wf+Dr{(Q%s=5w&XgF<1v9EvH!zS-J-vkfik8-=&RRmS|QQ>oUx(0Sc*a|sW z%%S33!=+A^cX2-EoPM<#N2*YUdgM7ES2ZzhBC{4^^(Mj9hx3F?oNWlkgD1Y?>j$^~ zdVoL{Cg}4_K}?7=FtwY{Y5)^MOP+_uZa0Wxv@rIHC5-*?RaxlFWIc`2rnV&*Kh<(x zjC@1D*{SYh_IZVQf!_F0Y6FX9K$iEgEvY>!goU^g3A3&9N>z18C|amAL;G*Et>rlRrV48k*ER{0vazDox=PyAr+a zEq`}2?4NUNPfMEjv5%wQ5!`m%EUwtJQbr4e4s%XI47Xepy2NM7;cG2_wF8){JGSIv z9G9s`M1@fVKB7Wv6cyn_?K4TphQFuAsHPg6B^7^IY>BhfYvf)dEQY2^XCnU|s=Jol zh+&iieR>ax{n+t_Im1%9Ng1Y$h)CsC!KF=n<(4H!y%JE9D-=hqmg5z`?>J&_KC5Ff z!l`Rb=2OoGySCgr{*s(RoR`B}0l6g@+cWgmV^h1tFU_s+z|qJVkLpE|spVX1-tj^x zp=Hijw{rfD;yeFcBgjt^VQCqDY+F9UeZu|3KlcX7Jhwt6GELR7e<^jTFD0?M(ax>C)E75Zrq(=FZp|?e$VN+z5id zMJ#<12q0U>hn9ag0fkZ8)MlojEn4tI`^8wwV!cBGIw$o1#`rQr*Exw%Em+oz`l48V z>smox%zyVF+l8yt{*JbSb;`txVeDNw|B)Bp-iR)*BRb#elYSukwk$f!9rCPrDra~D z0NuL>G>n!QX|DZ6ep}HGD=o7fb2G*%4F@3$H^Ohup2|>B%Clifwg0+ntVheV@qSx> zo0IngEsKDM-Pg|#5>qpcv1*o-GAm8tx;np8!Ds zp#)8-HsN_|hG$I!BQFPlSn+Zy57k-oXRX!t zH!R$Z4Ai?&(Pc~p>Z^D)p&w`P#phG@!i1fsKO)KIyjBQt4qajY= za|XyFvW#RB%NUI37BqpI&cB|()<&6HYII9FQHE!Q1%`gQ=Ql4En7Qg4yso8TvSiRW ze))y7RqzOl-M1o65}n>BsGR>5j=~n)lOu_kQeJJEirO#{YcFh^p%rF4m~=R7;aD2# z17PaV6$(3c&t1|eV$7`6A8KBig#IY~2{T|nr?tVOBt)Oxx@~Yw#{ekrzsJa|#7@WH zs#Y{(if9&R%_M~~ZWhyYqPjg7u?UPY8;jWu<|*uU(1@0j7`mpZgv&qwWm}TD2e2mc z``MrubPsyLB@S*64<~`x_I)>uoU;ZJLdBak+%6w^n9Lu6t`8xT7PykuFA_&*6^ zY^7I%zP6pRxI`~95l7OWm(T8f_XCl4xLf3-_RD^&xKtV@$Oh$%>9!%%IKNT7N96bf zo|9&wksUa->zFXOo4=S6*GkV2WYw#IdoHT2WIUNBexWJV1!^!zitVkii6*>3FIol+?C|sx6}!Y8>k3+^0roSAQif>ck3ay5G8B`AGsMO#0$IL)?b}s>g#x# ztx@Pg@db|YRrgZb_Q+Pe7MG6vjx&fRLP@=UNG;=r_9NlW9ta1*##f?e^qd${n3Jjb-O~6|gSt#MU>b(5+ELlDd-X4yn1}(&XH;&EqtPwcZ zzwJ;}TDd7~Ay{AhUJSu6%I3VSSoskfs*d!!a3VywPG7d9;L%#V`C$ti$_5zr45^5@ zHV@{el?YatwPeR*0%VKUA|*M0=7Tjolr#v)In@KpRz)ZoHNHMQoJ}^u#%rEr54)tl zt6A}(0R&{A_~*8t^ds(HT021G8`3?dbb^n+{1yk<;DV-HXh-`=D_r}0LPYNDy5n`%Xmttr+O z>l-Er93NUC6)1HtX)XLH2QAx|nX%|Vrs&Ij=*Q}tWM=2=WAdf9N{klAS1 z)v@hyE#_5d-Bz6mY*8b&3DYiC&myy%xF>vv;Djuqi?0BzoR$OL#9U}e(NgYZOx-TE zXN>BPBCi?5(d~S`h}H{<^c9@)TWJuB zk^l41mEVC(+coUjUoy1$~9wT1um%Sr|i=F`_{YQTf`0zQ})K>4tL3*uECr zp>N0x$16t%7&GIC`w=S4-n?DwqSYXI;eayjxPL)e?)(-CvSkiWoqYJSYlueR6in@1 zHjDmu06Ce>FDtG6b5I@i@|I4QrhG7^fVqYQ6?by`8wT9M*>KT17Ph`Q*Jv$qdisnI z=83pw&?*Q`Lw?V6Sx65VRmneXMDYVV657^k&Qwy^1T}1Ng0K&M$mSrl z7a5&-0^4#GrOND_-rn31$@MMTx*DPC962Llwj^G zT2$OETczZY3Y1n>dM0jr5=&2Swe+IEhaDk08f8~)B0MVJ-6r7|3QV}a3!EV=YIq*q z2K^27*a<*NS~*;_oQ`}$>4UFnm)cMJ=6Zob*>0F3Aeq_H`=BJQd`nQY^G2v{YoC~( z-|L%*G4o-zoiJd&Zrh}vw2Hzm5Cr>o8^JA=$T_)Ac&j+B<(cWFzlmpcO_A1iu2t)A zCZqqmU=dBKK@uD{w|Sl^_H_Lg^e-q{vfhjY@-ZOofR?6r;biWmDPJo>*~g`t`J$Q%I5QH?OV2pw#$W1!@PD>@oVVfJ&7yu*4tJS*hqS*{>y&vxB#f9b+L zGv%mj%KkkH=D%{Q8o}K^xaeVyUAe#W%V#D~#aqe_O3_Y|XWf!<9W;qUR7xr}Ba2bY z13ZLb9p_iY*5*BtH@<&q+xo6FtV_4&-64$7KYdq8oXH$o4yh&r>-Do)ZGX>F_HSj6 z$~k9R&n5rZBfavw&W~*)t&x2FKw^*cHJY#|wQ4fbFuXi|GoA2yj%AgBZm6n(XGNUt z`%#%wA}O3l)KAVkIC7ooehzC7+8K)$7�-A&iY%khEsGVMaq&$BJA^QAs8x>7-g_ z%a|Cu`#=j-hMK0t0lC$!Nr;nh>V934W*5m7WvAqofBHSANk`JbJQ*t$U zwQgIEy~F9FW8C8!NIl{&c@{l{Priv(mk(uBQcp1xb~$O3f(xlI1ScJ_B&AIw$)w?M;Wtan~MCVv2uecOjC8#5{IUKyw2hLV2GGd5ET@5iCT%iO#hM4oG0Jo56Ro z|BN4>5npfnR`(o^UFwEDo@L$IK0;tXbm70bZ9*tq4&C^5xYF${9%s*7C;ATszyXJo zTwo%Guzw@Ib68RYOQpBH7i$CKldh9-3Wo5@OIyezUj8aJI`JLuKBW6=oSZNJZ1(I2 ziqYBfj9 zB6>Z#sdF3F{=5OVO3>iYeiL61>s!Y^SC#ta>1z-Mv-5dNKu5cKcZ~)qvX)tOb4%S{ ztbY?Zc=^V{J(sqqTi!7gKZ6iyBZQCSr+mRfiPO%dzlAC*=c! zmc9_mR9hUjMYiO&?$bqcS5L-*bMtrgFJh;sVlwyk#Dd@zfPR*?rMM2dTyNdX=khz| zmpzK_JdiM10*(7=Tj@iRH*SXzD5Zlfmj#au=Uck4Ky#$5rs2U zcztXZloO*$Rqd5C)pdVEESzivA+lI0VK&*wk?o0qp_A9+$Tob;6f>-vCTw`4?lg`| zRLbE%b5hUU%eEz)>w#0Bq2PHQJM*gjv@jZ`C@ zu7#yinEvDZA%dJKB~cfd`u+(VUnnhBU-50)AJx5vU;f7E+KW;6NIXW;3Bi3HfIgbw z)LBrsem)%qD0EPgDG0MWi{A;TD^B57RX~zEu2*zL95=+o4Kc$`wdL2W0#ix*F&C%?}&b;gRQJJp*3I8)| zo!ZgT6C;j{@;XXZfkrH~Q02tgtcd6^&#V`>Oz+UZimT8))AR_cw^ONMQiX|-kWFi;bq;**f=|y`a~A!9eHVZQ zlxDiPhvX7R$>OH61^-oA%H+cHnO6#Y|nQynRtfoA&#MdTuC8jh|@i1TAui-8ZXwRq1;AcR=UTK1lcBlwf6Y2m`uQRVF|c5Kq}%t zuoB7-?vh1>GpIFcESBSjh@tKV_)_I8$G5eq8{Y4TqKSz(rwr}=lR?&QCSRl}P%5o9 z???(=KI!Gc`{y}H2=8CT*yKd2#Y!37o(A0rvjNf@BcA8t7;>bpMzy>@hYO7AE zB^|%*N7<;$;fN1dF#^Eb<2AT!_Nh%Cxjpk=np19(;*7G??NB~H)3)dR_RfRdX2ccZ z63aF7W5|YX8+vtnVzk26HOO-H@$|rl#y}fS4}lJ;xD{M(EY{ZRpLH=_=bf}-DwJwt zxRvv1<2+FRn*Db8q++R7)0Jk%MHIVx%XHQGU@uSPv;#R`c0DqXJ4^XU-}Z0}N=~;9 zGWgo;VE?|aak$PrjpBg(6)pV&4p6iE*PhoD#t{M3K7$1bMfouQ;3*s${~G}y&Z<%Y z5aD(_yAS5~*6E1TgS$vu>Z4^u_;q@-q|6 z>}UGTQz!2l;WU&|tktoqcZFTJY}`Xn3+Gv#APh_Q0wCifTJ*-e9ZQR-iw)h_2VC|1 z9o>@^6hoL%VyB2wRc4XcxT|1$H$I&^$_FX~9d_EBS(EXt)OWG>ep2H5>f!erw-~+K z9s~4=v5YxU0{x(xI7VUwN;>J!fPYXH&4|Sd#rhamWn5h&AfI{UpEr*u91LV8E+_S^ z+hdfG1QetE*he)JCyH56Hl#%pf++Q&5CzugYtt_2pMGp@fkoAP2J8D}6 zW4SGDKU=7u1Y_HDgV3q?m_R(RR!Q=~ zEfMsdG-gM~G#U}3HKqKAT(Vl)g|%J&)JMv_SBzg%A}2!>GFQHJIA?lgqezx;UoN(3 ztg;Bk3AxR0;ti}E<E=GL&h1%;qU-ENjf%tc^OEza3{s;i2NKnM?hT;^C5b9o+9WKJFq3;4Du8A~&!GQi`D`FH$Uo5S*`m+KY?8au8|!hAoMOIdZ6R z2n@Uq{WlP>PQ%jMI3@B77^SOngMKYFkLpC3!OVrA@Qz~U<<=Mc3PE}BbXGJ9h~biJ zJH3`%K!H8#*_(y;W_Au^h>?oDr~}|)Or#hEW@@R+K_Z09uw}7klzq943d|8<@JK

      h!Ew-CkL#7+!+)@&03H!1k|bv@FI~pm8x%T+51^g^b@%x?Pg+ zraVO@|B9Kw8Sy&-^q$N1q7#Re7hNTV;#j$LtQpUE_#^kfcej9{E}Z7f$x+=!*l zo|8|XzT&&oY#j3M~+TURyuNvww$-ftP} zlpn3tmwapyupHG45}o2Y$-~GL9Iy0c`XceTiucC3ty*4Bh&R4J=pFUMniu)JGLF~9p3 z_bnU+?I2w8yt9$!$J;GZ$}4F-I{^y4lKdCYIK_`IwKlL`rhBUyw@@f}qY$Yy6)vQ1 zJyjI!jIt$bpC3<;m_ZNN?$WyrrU*eaEEhGD^k~7Rl|0sz&cehDl!sj zuy!=ud=~fn@WZ%(I*;nOh>Djg`{K=vWsJ5$%9n7tK$E!c#NKa&eHu}Ckvdf`94(>q zt1`rSluzF)*i(Ye>q+NW?v#L$BN7Ak^hnX4D%#DJ5`lTMq^P7!5#nyqZxEgK(JPAT zM81_Wp)*a5GAcXemr_i`e1>3hU`C=23`JoixYPTPROl$*`=vyXg_!?L{um_Q zl(DNNA@O#Ca_?!Cum5t=9|RE#R-6nLz8U4--a2MiGICt=A`0#nwEL63;w%S0GK_duOj%&R{;;;aa8cT53c6raq}o&nA(@$ffOQ0|?r? zi3TFHN=2C+XGIA|H?zTbB0H3S3T@_$g?l0Hr`pVx zv;7<;9qP~l6!E&c;%UO4(ud?MZnNTKeC;Qf*RMfWRAteO{Nwx&sR{m$dU{F9#8c(;ftR-=vh zHEUbR-MvM^(5qH7r{^YHjNxi#c)lU*%h4zUYqqFdO-W^1QB`aVrgBKB@$4fH3$(XV z6bG_JFDA0j1lPYjma5@}G8R27N-8JkNe0g}y^k^RPUlQT+I?neynh4O`2BNVqG2;u zKB~mR(I(v=CWkvs3ecu8N3RAY9*odm$F7o??+KV=0@$o}=xx)(UoZn<9VDGcdXUG5 z!8(eeMerskRP-$<3gM&-Il$Lk8^utly5VxB!W${%3VJn27Gt|}A~)1Sta$5RGUiHfqGq4W*Fb`gn#E4Il|x{YSp!T{~DyE1zP9t{i+&~$qH4Z zQL?lP>B9+Npi9(+a61HvNmMP@^l*Sz3hoGjG&R!{xyNym2;>ujoCtzAS{BPGi^O6P;+EQVRh$$jbEhIxrPr_TP}5OfNBfG!&Bk!@!i*ML>rJrCAAg^SJ@@V6#9dUuoI3Xp+Xj zjBZ{(=?xj2K^E>tApTE7i_Ke9H^UPrsI4gX@vNCSJ-4c+$#{C_Gka`<&-ZkA z1f$Z3-zFgD64G5*WssT|O|EaCat5gaY`tGAF!@ZibpS4;;0r-2y z>25XCM?a?TD3dt$1Pz=GW(WA6?%wk@FHcoD8CDKlBXBg3z9F5V;J8H(Ta#1nq}KS8r$CNDAe^2X|5MJ+WsL0gmtzcJibIfu-QgzOV^b$Daa zGI^CUw&7}^{VOMWF-+_4{l{`;-z-U=bKX|SmHov7_Pw(eGhPb=@ZLXwQ0^1jNX+Vd zE3Z~MRsCHa#zT8+k#s1Mq&kd^ea1EgzTzh6W}?7j zCmgKlhP;r$6257#yX5jt8TJqvE0y0&RpO74=>GO1y1Vbc$=G$#ru$?O%Nm_@uCBbF zG?_h?e?m|6!pCRA zM(<0DH1|flh0tK|m@zo9!c#Zj4&dMin=kaTAGn+Dpj4Ojc>CGbpIav7W2B~ z*xe)0a7B8(g@O_AZlzU*_Ylhg^(|^pwl+$(x-%vDAH#yL8NMvlreV{_Zx!mPi(K!} zZ%L+#@z24eq0q;kf#^Fb+FTo(4hn(#ZUThK{u~r^6O?}}gNBNdK=mlY-N}Al3N!D3 zay>sAFdGiI%ist6xO;srz=&Cut^w=Rg4~lE<0TJfEIvKo2fGxJchEu(aMSi_N*kc5 zW;MH+`NwISj?JEL>6SaLK=$Mf5L0d+C^}z5k0c|p_w;5hYMv6YqUZ$#xjT2EbS)8@ z=UNO29or~M2_^H}xl1JBa-^}n9)j#c2C;)${p7_jwF2iX)zBR(253~_ z^Ueh)uSh)rRhQVKdw196P!8E;$&%wM9v%cSiP8|!{r%xgfr{&}YMOwrD>7m=>U3?) z-iNRe4{f)`60&_HEAbs(Ir?=h@R&=t-_+xBfB1nz;-Xf1sFPhSXykW{2cA*OMSSCsQTy@^D5X@>{GT=i@*YrEI5@@i}y zpDdHia%Gzvr>V>keTzVR6y38N!>ZC_5Y#`JIbrJC%YQoHjkKisT^p>s!RE*(_ds_M z@3hv#4gU>ZavCh-2){(v-7c8&8UdiIDmu;Iu5vWNp9`(9_(Q;CfL)+>701a}qn7Qj z>x`8xXhwV&t$vz2q>(?Hp~xCF-vgQ=+F$2q3O}l=tC{8sv|~^hW%@h$x^C{`ze;CU z)O)`sh!5E~?roEo$yI&es^T1zRJhF+oFq=_amU`ELLI1Rg&wR^#E5>hkWYEa65;r5 z`(0B>zQW?`N-v3}Sl3E3@882^Ds1)O#TzpfazkIH&LKDRRVc(c1K!1S1O&bcifu&! z0rZ2EsVJUjWKVGx*7D|{*U6Mm(auj9zX^nAu^1(!s<+=rrtZHsXeST4ql$8gPPE={ zktU(p*^^Evu$NCA!XPj{Hd-IV=TK~3J;TDEb_%xvXh-Y5X?*qeKd3wx7-s}Hm%kwVK4=$1P%MRS8ld~BIH*eESCj40`zg1k`+kHg{^RR!1!xpf=7Kh*;UjG4tn}!JEnIMVN;|0V}4J6ugNkD;PGlH&R?xsF4K`RakmQc zh4Qz(SV3WKAM&sS7~~l{dY^J&E?A#}NV$BrhfFuJYh;S;a(3x)L6S334h6tvB}THc zS>|G{si9v(zif8Z)*zz+NMo1B^SH_Hmoca%-;FCtSZY|td%B1?q)EQ=5ny&X;yfnz z5VsvyT8P-M{j*aw|89Z3pTSQ=ow=%#U?r#7j*t?xjrPka!gJfMSd{J(xgA`%`j{16 zCHsfYnR9JMq4E|4&!xmd1EZRO7|H=r`s*Ec5Utcs+!1r(f^yFi8arJh4Xba$k`3o! z0ZftaVB1R@S%tIz8*Icxxm6!?=?77dVfS}L$PJ$bg(In z_c=g@26-yS9Y757;Z2IV$F$glt+oGa@CG1D2&~hc8~oB zQm`xoca|?c9Tmzc$!ZLIB^-N_wFcxQTMw$+C@!$v1t>0jTz51i75@u0K+39d);&}^mTxNr;g-dw3#w7u0 zi@-~!J!_KzaT|auh=tnNIKbQmKqO|vOCXI>5vkahhiHbc`&FS_u)Uf%ng5@G| zbiicnL?|pE4j56EQ5GTHg9e7#L4qTztW1o|XCgb>P<>JeVPi7G4rJ51Vc z@8miaQ1ODql8LnL_UOKXp}yoI2rMIJT_hayS3ZN`2xKI~rdR`tsd03Pwf<}rwq#^o zOePCnf1iA(fxr4{CIbNu`ydR)R&l0zC18$j-l03$f9|U)xq*R0CdN6L>%7bz&CQUkj%F%4PlE=r5pe-f@EuJct^nd^Xx$8WN zRPpZ9%!f+b4a2$6=;p(05PH1ZFNpASr77Y;6|{x?oPuMynFFsj$2{F0)OZx7N1N7| zYXTCaGW$+os|A%8?sl@rMgTSnba?pF{x|DI=ax=U3cm8N6ols3j_gIkAV&y9YTKAP zF=2&W#1#sUr~_v#$erBp!Yh5IVMrZf1H-7S^Ss?bQ%{Zn8te!qbSQmU)_{w7oiZ52 z*JJ@{oP;873!Ux=5Es?Ow-t<}z}230<{_a_J%m=eG$luqPkunt3=@?3KiOImE90b8 zlfo+6n_;K5xW-XHUPg^)!|HyWGF9U#~b?Y!#PAd zQKGRc`B~=S>#sa#lQeD+vQeHjl}^u9M7<(gQZ~}%zJduQ*p^mH02u~JAPX%TZZhYc ziOiH96KZihNO6qmID%#23svzBwDqn*HTf};^5%NE+(=<4dzX%gk~s$ByLc?UCx5cB z$>y7>+ie|C8}uH6d=)#vKHtLCqqFJ-B9HfW{?DCbAAPbyAh@kuP&*AjP{_W>}2 z*V%cPDZ~l4765ZM0T!F+CuIl*WHK^*H2qLN(vOvE`)G(}d9&^cA(s=G@5P%h5NAiP zgsKH2lc}gW!deCY81ZdA&Xj%%aZX+7<_RUg6?kA(ob0OC=wRr;m&Yx8xl0HT5{0FeO>V7sxJ*%S`7E1Pj?HvkWt)DyvV(G)?v|756SOQl z4FXJ$G^hd`W?;A`thXOa^H`^2@p36fi@3FrA7_Q6MGer2aMoHjBzTn(@vhdcZdCaN zrg_vrlMSA{ldIbZw>Y4zTm~1%kmH4XE+z+fy&T4R4h-MjinLlnB{}%9M1(*$-<-UG z=Y5=pt)<2mpMh!3?K0>2o>3k7PbSA+7d3W zY556%8q{sTZrco+?4Y&_%Yg~=*3R^chTnM=Mj-oWo&<`9cPXwxnzA{_2UwKBvDlLt zlruL~6u5V)A%D+x_Z1Q?Y2D7U)8>I~tcf6HBDhA27z*jVGz#GwBv}E#5(mXCO~R0o z24jw(QIykO9Fv(r@G)N78(D~^8i9+2>0sU-NA2C10T-zRcT8?G=s-ngzR)+QuVK2p zIBCRi$M@&}Op~5iJx5dN4TB0r23bBPQfynYXHa00oNG2c1%TD55hZD>e#k**ibRpC zK+nk9XrKcVpzz{P6T>KGH;%s5SiK?F-6#e5Q;7=6Dj2}JNFJ_d^~eSD2W2oBlcTO>M{5jXpy5{d%U zD(rMDq)`5F@Mw}CX-&L@w=E!XG=xq`7xmjsJf?B@aF;?R22NHH!Wx++e3bcG~S zT!ay{Fys==H%c6e}Te%PpJFY5!TomJQNc4`c zECoNs{ePBmI3&a1_spMRKJ9y?I88l>qfbc~x#1bRQ1#;;E=9|q3`z)7cwns$DJZ6dsvbg&Or*8?5OmBn_c{jhP!i4!JKXlRy zo~L~q(6q{GYC)&c2B|;;j2`85yt4l`mhc7mHust_OzvLTw-p5RJEToHT+AV?zJ_F=ID;V&HAyKmsvX}AZNp?545q`r+&1wux!2uEHCIrjzK<`jIhM?p9b8p=#%06= zy?*FuSck}X;x1|Ftf-C|wiVq|YARm7RxnHK1lP8#<3ixObIRq>tx(l1ow@}WKoI9- zyJ?2gJn&18N*#fbQZzDoloXN?RGoRRcCd2p1Vse53_JFzPggcV%{lCbz)vH3eTL!_ z`SE9>Gnc_1=!8aC6g3JPP@{k}0ySO*3okt3@}>u5fk5%SukC|+GhjFX+TO{U)YugB zn9p$uecCQ=PhWbLGsQW!4oKhdPTM1b(=%hOn+{QwC#qr9(i+qFS+obmeFDc#3?6w~B((OXgm_lNwriB|3 zbaX^P7i&0BfG$X*6Ma(b_A!!jnkX_aX+KYBB(+$>35{S>|FW-Tv92*mjCU5bP#zLN zwm_>1*r=`Ev^~q&Hz4^)L&Q&4Eggf@b-FJXX&M5q=m83N_@V@0)X#>Cn~h*(5YZGGQIbh`!yp++(e=0o9Q*YdJzTt|#K>nP{izR-*bZ3;O{O%qlBBm;2thGTfldzSwuG9tC^T`f0=ykrY=imgR~-BS zXX(B-B!&u#qoxV_%c#VwS&5Yj;Hsb{p^zmU+VEhwC$C;cHrW-&wQ+65?BYmiDsE{k z`C|uuV7)ZRm$2OgH0u+eX9*L}B)DOrDtO`z;E1n+J@qomFq4Z&0z%PIr9g)@NU5`r z6=-x-8%zR`;Yv0c5ea1}L*P6(11*nj5-}(xT zFkEkI2Z@uug(7=3OSJncpXZ0@gx(@Lavohjs#rN51rR_RBZnrDW3p*MLxXN~Co0XA z4S^Q-PzNRqv@i?on3)K4fNm$;>o%&WFKD1yI~+VD;$rhLsnI_@h2YkSl#jtHL|8bo z2UL*8{L#*&wrL>!(SMO$IJwubk-~zC?VB#wR)9G)wu*5EO{z?Tbfc;?h#FwZDGFhh z-D}9}K($E#c5WChk~HUl0gbW)Ut>Qfrktw!0hv%MgpyU*lLusS7~r3eMd6p=ayskT zXWxXb>m0wx$k{ngO@*6!ii~|3w5rdnnir#O7ft|xmDgA@2v8D=2eCyUJJFGFfU;4t z8bVL>0n-l2vw6rsREdu1RZkp8_nh)@KgfH5Ig!XGM)h(O+9!{T)j*^(3TDAW!UR5d zQt?!3K#JQxBg+!~DSOStfb)VTy?~*~L~|Mwa)`46e?BntD?Z6OohIO-4Kap6WG4ZC z=T2rYT%6hJLRyqifM7I7za^+cr5Hd4vpEf9A|Mh$qEa%eoup*uSA7=Ln0Q7wSxrsZ zLowrNLKfQ-gAcSO|NefL4e@Q5h7<>Y5$RU{lf{yy(Xv;VuV;P4E;Wa9#d~oTJYQ<9he@9PJVrRah<+?~0UJfkJm*em@57e@THEh^yh^MmqFu0^DZ1@f#TewYZm&8+@`s* z+WSw_35~^60;0OG*qlRjwUF?GiTHH}`0DCt?sfxya?Nh5QTxzjWXhF+0U zYwW+_iE7;j?TBV|d2&2Dvj``}x9wpfrUxln6bcO$Z?STiSNu zVW3eJ%7PUrMUnJpbydJSCbY6LJs{J-Be;RV5f%U#mGn$-L@as?c|^chcErfAX`?Hf z$$KPtL`{y6C^YPO&d|_oA+ur;mEjOV(y;ZKR)b2i7vK{g z%Zh6}@{L{uCst;lM_*79u`or+{4=fSd}2X3#PcOlg`U(?RAOy|RpDdnn;W;)+%y#W8NW=4Fdez9|Ok1L7k~{Z41`#D0$n$)Ddq=)(e&2X8 zKv_CXR0dSk*!m=5iiAP6efJa&tR(fa9CD&ewC97QPYsof&K~x}jjzKOJpCX}7*++K zwjqqJ5iiS|8)@I-Md70bk7bVCG!l;RmR;$Oq+DI1xH(Z0-7SiEOZyO!oKq+o;Ta<~ zfdXWgLP8Yn@(&p-CxSbNQ_!ej^CxaLW-EaopStH%p_6$Aq1N(a$OV3hxS zt%d+n?1qqF&op$?_9Wu?9Vd58r3n9KpYpNGFyMe!u#n?`*ZX$jBW;Uw8Sw>8bpUZP z7X=Nbh)gK+LyxuzNK;x!^LzsVdWcYPfI*7Vl=kib@zM6;)Pw^3$;UK3ZlqQ zMHz~EQ#6EVD<%9`zrERJP+LPU)zd;d^E4Z6jK%^XMC&05x8;^JC*$g z;Oa~tgay(r;!(0X3? z3&Qcta2y5C{T2}gh_&89?r+;f3os}w1Hp|Euw;Z#{o z8&sp8?C?B*ayUmiK9`jABc{<7=6iYAEEyR)AclZI^pD?#B6OsiqBB@t~%<*jl zG&dnaXQp0Ik)=XLln4%-+=~2kNc-V5cw;!G>ia|*XymB#MT%$eWdo*&GX!Yr6!O`6 zSMz4K#tRI>2uNU$lpXUhR~igFi(yq^Qqnoj>L zSv>p3GySc>DEs!HuF!N2b9@~oQnvEu74fEGE!2=~rpc<6$K^(#rEs1r0KZ@x0ss~> z6p(QogLA09-{Hk3&(-p1_PN0`03h-nDuSy9pT!`~Fw3#NLs}z?xD5?GtB{FdwC-pM zpg03-hjtcRSXhuzA~7r-gLn!E;-kSjfAqg_ZF-6!KESG$QjA0=rV{GqO->UBA`#np zi!BMR3^OD5?Mkc>vwLL_DvxeF-?W6m4|ygB#i>GEofvJC?JDFvY?j^CurdxPG=Pt|bM5e9J}Bd0!;3E9CN?Dy6=?3*WM8`;FIg zHw!px@14}boBg^~eP9$Y%epa|Lu>8+(l)tpm_Z^FY3o*{<(IIH_t5c(TiWTJ$T=t8 z*xj&r!th0tj+cA_LMQeb<&Z00Liq}Y5XYzsaO;@@QwKOTI!~$?G%r#-!hgt782puH zK7{g_zFS5Oq=*pr*iY#%Y+nA>y5~U^2U{Yb_{b^v?l1!VhsXC+tU$pVSPz#(0o*uZ zFDMFpy|B;~9al($qqYu0Lbcf`Gl(;y3dfQR1hIbeB&w>&dpZWXj56LCMlGUFk!ET@5Cu{QWL%Nc094CVGD zzaP_gunGv@5a!+NXb#88xO<@wij8_;u}6OZsDTE{dBE%se|Aq3ZG&Ejl8?n&&M{C{ z9_s3p$>s(cIs6d;zHD9dho9{m!_>W^eN5TDIw0=9TzJ1iZu>*}6%&>2f4{IkHLj9B z@*tmBw4W>uKyWJfc#SwiKDE8Ib~}Y$2nyay>(0kCrEq;EcuT0UnaolPsT8GZlQc(K z=#bo3u^o{M5R5R}0Hn)xJPIyCkUJRkj5H!Ix)FE;T=fRd7>LS6V|?QfeNF2t7|L_q zONu=Sa?obM_#<`3Zep@A+0Q(%1kMT074h8(@M{lL*YspLetXhDR*YJk((D2EXZ7HK7@|H9W2VYeMsD`nm4=2 z80iU?3Xnkm1htF+AXY}!eq=}UxG2AIc`z3&e4AX6Au5{fwi^&;)zHo23O7U$6NsKJ zrZ4&cLeLYCybp#cr-0m@7+V3SLe(eXEL4j7zT!N6pTh0jYAH?=CeXV&Z3b zP^OrGOViAfnPEf;4>kdb@n%<^9*PoW{w9;Pv6gR|<(#`H8__Ds>?5GVt)K~N%Ne<~XBFtbmIxgRWs{c&zf=JAbDjgIT0E4vdm3bA1 z2>_wRfrWZruntauhvhE#;X5a=U_Xfo;q-vAy;B&~U7SMVR(y1NaM(lAhhkWZ6*yG09Uc*R znM>w7`&61u1O$c&ETKa&Iqa|{4Guzt;JnPVxFTW6#=b8zSEUM@BJ0YBS>0ygH3#;6 z=1CWcEIqO|H%Uw%$)Al9BNM=TBp35cG*&sM3%a%MRvSEro9N$iZuT~yWW01=(?A=@ zpq2+a*Sc=u1KKbIlDQ$4z8y&(D?%m1NQs*3M!jZaS`5m_FH+QGUmWoQKE4Sj6F5o}<z*YEY`0IiCh#QB&FA88Tv0YN`$5eQ)wY& zkKddfAf(CnsQv7tCF<(XtA|$WoM@DJ?KQg+PyFBLY&a*xs~hhWDQE+VXCQIv?rC>KV@zmBLXRRVhbVR2(D|&oMbvD%F{}y2yY9A58YMea4)UU;H2? z?v~O6k?NmL)GRX*_C4$RB;Pm$1p|guoS^JPY_&SFufQjI(+b`RF7`-Wiu~KE#4|^q6{<;r>~*1 z9$e}|1rJY+r7eN8gpK0XVYj|vk%KEbHxc63aVX12=wOl6#&(|z&_`ED38z1f_jS)S z>y2COpvEeK%x@*+n)q2CDeiwjFvfhPp|d1_gB4r_i^eo?rMV5)8$uNTBkjM2I#|^Z zu+D_g>oeOZjR@}L z4wYg4+QJ!=%{+J&lkH%<(>j>uoEb4S1*)&EYNnxwQ%d0=%k~b_bKsT|`k40B(F)u2 z7&ORF)v^aIMKX}b_y3AzAHGM%c9Dne*t>Y~c=(n`?`+&~qL?~(Dy~7D0x;UC1$C@z zZx7XEC0OJ#-p!uaAi(&MtzkXQ?S&KPIU0N#YH81Q-%CMVZ==$ zxsN5ydy!qStU`(z5cv8bULS6!^p=|Rud5mBD%=DD0mDe|BdRbkk5z!|pD8z7q#NyO zPq2!tCM6?``Y?kAU0(hLdwfCHOo}2zm#XJ`6>!?cFoKNB`Ho-_Zu#4FLNTP60CJW* zT3C>k7oxyAivz(^6qQ0sgu#&_V975ysBmv*5*yT+Ie1hnv>4IW9`Od3PM*b!#G=;= zJp|MX$55!9C|wbzUq^EwOL&!T*o*LTyW>pu=$pFe*cO0}A zDWDMn?~<8>c%FNVP1bH2C|FQz7Jiwk`0PQ-s!aT$Zms-Zr_AUmEHG>9G(P*PbEFUp3>mKS@Y$43UNy8zX-6aq zi47MF!Iulh-U{aU`8<`uRaD-m<+VxI7v(S-M3`q^iap`O7+%y8^I^ZQnn(8ShhHF> z)}w@i3MeVeFFX6G^BHDiQ-_d^4RaEGrdJIdBq3k+U2j714Y!w%k?todsK6RgbytD_ zw??XC_&|v;lCKMhTa+k*=xH)|iMf2d`gh4O3JiA1xrYdI8EX&27w5K9tiXq(&Vx)Y z;%=)$+2vmz?VwXNzqUWguCI^UHwkecKP2q9(yeF1EE|*2T4*L);W;D{Ku7$Qiwm*O z9kItf8?$hhfZ0AKq1kqg28KQcq=Q~;6yxDQUMTen;dIG?*7jILYT$04na^VSW?@7lm}MU$^;|e&)Tlno_*ROdK~#B!g7MpzfWk1cxtMT!D9vb-E#R3LVSt zb9-1pvrX&hA`b=?M;u(od%p`}b+efv=ECi})j7GiNtkx68ISR;$0LQ=2O^+yFlkQN zQb#v5gjd*O*gWMsOp9-BQ6$wshhK$u2VE3A4+LK$xi|@YP5NdWmSx63P%F|MT49$v z;3X1&*gli5xfI#s8|OmUi2|r&C`Wr!<7Y#siuie2VNlBQ19rvCN)Z@?q_8W!2w`7V z&(};4xE7~9x&r^s;9ZX_UijV&$Iy}&K%@`TuHp(2MRqHzW^*~;OmKm!U>A4>K}g01 zyn#kw*KOWd&9q+93LGqS9l>h0=F8NaEeaIWr>+PJ5nA@7q7h?^2t?>N@eA=mK|kQm zWR`<){3|I_0?2O5^N&0rN<-=(1{K^-*IV^m=jo77z#zL; zq6cC~3V=i9P!~F2S4ru9>6k-U<5Q@i7F9PgN6xHR*0q+^Mc5A`k}`BiMH|&~VD)$L zE5Vl9M7KS4#TR}KVsu+yPRI_cD0T+Ri)<)D6XEKFy*wyGLcl^BvA`q1pe+r4gBr$N zEY*7Xvz0)Y+9{hM*2n%EuUvdj7hlX2PmPM}x9~Ig{o%_-O)as4kN3)<6#C;vxYLLW z4hKo$HhIo}b?XL>dvF9#omnR$?UKsm9uwRx?9BWBfut_5{Uc;^7Uv=B;Y>$w!*(Q& ze)x`EPzX)~vU|Sn0vt|nV94WdV*Q28`0uM`ERSRNx`XOCXNtTtnseWeO6a?F^jH=w zdQ1d0iy@pjw{-k*@J2QItUp*`>Coi2+Xb>ywJY-`1vABACe$3`vl0!*6-dBjH>&m$ zf^=Ub)NZRp6cx55L_xkP;7D;QSUm#q`^QgDrteQ``t;vYi~%@!iX=2v*mahCQ3N`m z?EIvqT`V9qGvyl15lMlNVfpyUFn?bLCM-JLoEt;|J(mX*oW@5BmJZRwvV}2K1zrv; zQPbe-KJ=oB3Es2|2~3f;HLXC)iQ+0RUda@0U@907M?!^0JwScts|!A|`7%jQK=8oEF|E%pn>NL9_$){>`y1 zw6F5eoiwe~xJy$!Wn0(dQMFI&cPC9MzcIHVlPRd?N_$=(AHNCZcxgz+2u39PgSku* zy-{PABHI;Hb|xj{yu1uc5Ib=XezlZBN7NX7hl2*m-A4}UJ`CH8R0F^PyCMp-Em!Yk zNCvL0i2GF|H|$!a8h_G;>_r zFGR@+3$a8mwWikfHA%{22Mkp;zu(zfkc;X?O&Uj^+7Srtn@+4q-hF8WWv`Q(p=Ps~kGgpxKs$8Dd~+3W@xC!;X+$ z?20kVM$ik1fvbB!I2ihg2X|>=x_FINk12}gD^WR~WM-zXf_soalwvF*J3^Xc7)1Ws zQIWSf{AGwvR3?#y%U;g{{W4H*P8l#ZE;jLhd2P3;jjK$|LNwxA6yy+MfrcNUC@Q;7 z9r;30u&7kbA}!&uhdc?23^g#3w8rs*AJ}2A4K>DaplA~ z42tw4*vvRU;{Zf3L9A2iq6tE z)doTw)ht-Z>!z0z2pTj4vlX>a%iUVWDD#C|Jv3Y37iS&1=QV zE=~lI6-?;H)4+swW6X)?&QN?zC|F4bLxPiJVN6ye8rEIurE(&5=uT{kd-(V-~m*)(mmAh{&~r*I{T>$_dfjLylUceqy(PJtpN zr&%};bUw64JR5n{A->D)2GmL{v;KLjZ3ona6s@A};a8NIl5aL(Qwa`Hz!1r62LW*< z3yuyMVKw+?oAhI_h!MU6MDpKO@k95VA4`w*ODZOTjVK2ZqvIQ7s%n}zDu7oEKkR!_ zRh2W3c){&QXk|Z1kxK@Yfv{A%SeWGJ#v?|Ko1|jM<|Di$g@X8zP{_%=P$Lswjf=tE z7m$s$T>yEUxZy%Nh@g;Qc=FrEA4@Qw0Hdi2_mr3L{F0yz>9nV7U3BXPza%u&!mM~> zr2jv}zu*)ISN}<~2_=iefw}3TKsZ~1ux`y^D6FS&mk?vuMpI-&^yM5gU(1MAb^|Xn zX&+u@Vsm(!!u@J9(*EPE_25~hxif6sGz!x#6tE7u2$q{gtIa)gTv-yx@6ZC?23o2K z1i=bxT^a{#@yj%ktLkm1>@slGzsf763x2I}^&tctQK~-cr3rL@yB>;n<-nkg{VZJ5 zoBnJ~b3hN1{U-`}$iksGnP}iiQ~Em9Fv{%KlHW(0*m_I9f}O)|c#D?HMj7*L!P|rg zG@0^l;TE?zk$*@@#0nssy}>pxe)_5r)gc>f|0Vbi8FUP(?7Crr56ZN>0Qv@0F0>R< zqIhMU=uR0x9=!752hwm2Vb40|y8+i}B^tIvp!Y2>d-E|lO!Z5XY^_U8$Oso6In-+O zga=80mp=w+(ZrR^Mq@t#XaU?=yupKP4QyVWsyg-n_7bZH{_$Govu%xW>Gw>oweFhG z$&e)KDi0@+e`XWtpc_~QuVp-dxAgkFO^k6tW{jg19Cy|i>Lu>P>zZLi2vurYBE&LR zuvplL-3mtrpCDKY1$1yb{3+BwIB0Pw^dXjBDZ6*@PCkIl#zru;7s+mh5>pgxOf-6cPyCzNlQ6G3@UgPl)H_|G(zt&BAaUnYpXKa!@@*Kc<-Bs3Z5`(N1}-dJ~d0yW}PcoX^>=#@*c_UC7WGYe<>6zj*xuCRH!*F-d{;w69iEdr4l} z#WKctn%r>s*wmEPfd@CaXMI9Q7W|d_h-+c7fmHrryYDC;{`0qdf_hDmbq8 zrNMB=B7%Uoa&8z{iBX9>b=!|-@tnp4I8Y;%Lv}{77tWDIB!D{MvF<3A7;Vf;H{s@OR*t*b#{bckk6syg%$zx6Q%LtEmVM{ zwL}U?Q!~AS5L*RkP$vod*ia{vko>BwP*PffcNK^WE&wdAPfR?JKbAQq9=@({$c~`J z{29ep*59Qfl*$U-T5wcpjQ(95R`=l3@(>*H?(%pNUO{{(NQ)e2{jwr6hr)9=P2`?| zV6r%G_9E)}5#+u{W}sdP(=smTG@-w< zG+JwRaRMEm09nrabofmHd-V9hE%7BZu#M=YwntH8QpJ9E{Wyc^%)j*tPk5laymQEA zP0qA;JX+j76@>35Mand5#AcB}&y8y zVE^rp>#^YDtN>QJ7`a2PJqd2Iu_3a0tSiGxwLv%?NR8J2JzmiU?ZN<%gLcn|nK>0{ zhr{*v|>ViNu_oiJR74lG5^HO?;0O-eQ zAK}$~<7Tje9p>(6Y0nMENZY(bft}EqTeVTah$+^r2N@ZP;$)E1(q#4w*F_B+{G8eC zBo56WngbbPG z277_DJ;#?cr$oXBJ3+dA=I@Yjnt?Y7FFQwDfdHut3PR{eq9X0)vog{t#D4!YE!A%b zT7rS=KQWz~48*SNRt`o6_p&QQ$0E+g*;EnbE36JAdNS)Sz~Y%4IWxV9vt&CP{K638 zA?qqtr8&%*FQvlfhv1_@xg!xF>_mIw!EMMQeqdO-aiAC$jNI2#uSE#QYaB3%F+H+X6l>G1^#tZiz|mBDEl~DiTH{I<&Pp$TDTKDQZp?#o!QiEM48xlAAuLuN1<(C ztIzh-t^i?vj-{uDTx+l6SzjPVhD=*8>7Z=1mHuT6v4dDd0Wn4gbd}vi%Q~i{c7uBU zl#t}RDeXL$oX(2)HKnA8Owoe2awZ%u3gtmqX#Q2=J`IK$#~-bnwwOy`_)n__G*2OL z5M(!4Ku$L^pGD13>=~7VIC7{?Bb{d)Z45<*WXds$)>h}L#*l7a2E>yrLZJXGg}bwL z7i_NaCYT|dnDLJYf=g@!Z3NS<(YHmW#Sec&is^g=ZR%=@udh(8Xx2Ya0``~8Ah-n( zreHGAl*o{RIeNXK%cw)0nlwRixU(X_AC==>f(G2hahL+V9434%{OvB%J)JB^0u#bwjPVfWT)Hs7ie&W* z&7657`VR9Gi2~cP50^DwU>1EZ4V=<=H1Re7QNap_>ijy37yt`|<6jeP51HyWHD8&R z<#OyXr|dpOe1HSUATTl< zt^JiE0C*^{9UX;$F4NzWK%nLcO6+33kAO37nXc9R=kcelL7)Is6C`K|q3~i_uB4a| zo+K9hz*q$@qcw| zzL-vQTP9j+caTx#Wq<5A1F~RqNigrCxnU5HR>pAygq^Q#_>q-(A+q)#nwi@<7s&?w z|GxJwq9eYRP38$8J4rTy7?rE0_$IrYWzROI=KCZ=qo)iEM=SgH&31Etjabn>N|AIbD zE*DFjIZyD~e2Lc>hOsV+F+*uKlmNCk!~03H#?F#u1Rn&_M-vVwn!8F&jv3MtTfFpXEI|XcuIxHqpguESf?-nO=M=Uzs-TJselD%DsYvChNgV^ z74)N8C`Mn5z$YtSPuXUhnvq3>wDq}ZR>T7k7@9(Jbp(|?vYE1gAB44eSt3*{u2iu< z5e$5K377==Y(_sd?VatlJ`7T9Pft5pA0288Nk1;IIHmbEZzhNFGgXJ7;oyInVUz*D z3IO8<4)3gA-OiQh(v(a;1dZWL8deL#vZ*bU$t9Y`l}4`{(6sHshSw&wp-=&y1<1qv zS%M~*!|V*M(_L5dP{jTdND1m6B9+x<|9wBH^8u5DVqojfC6(|)}ql? zkf*K>i8)t?rP&M1!o8*(&NG@7%8p&;l=tKwaTZJt?ZZD|ep60S!gO9Rgld;|MN+}? z@63aYf5f#y46IUQbDLoE{q-ljLFTvw63tcz3L}#(D&-3vRtq4gXlqoyRjo1!Dga9= z-5wkTY@owcqtiS9L21$1pO14SJcsZR=xq1FlNE=Jn7iO~*dCZS{=p`YN-OF!ji0hV zoPh@F?<{8dOa_OhlZh2H^wxwc>e?l9o!`I_HnZe;7AkGAhB;7r%UdWIEy43c!38^z zRBG8Syh#L64vTMJYi@}jRQeg}6wIPPGXrSllPh|~+ZWINk0YaC5gVvh(dx{`d z0kUKQz6(k|XU3xi8JUg zqj6 zN1egsed;6=H!!)Pl7@3>S;8`pKYD=#eMMPfAt`R9Ln7J*;B2p0q$@#<5e z(-*l8QkL=c6J>G55DHkWj0zXA{z@R!L}+mgKKd}j;<=o>pGw0X)+>K@`Y6<`k$V5hl>TCuFd^2LRNyRDe{|Rmm2XHcn z9N(Sm#NjJ(rU~4rqw=w`qw9g88hU~t1$0mmbv6envfao}1x)~Tkg$|@}&r%E&U_TpY zV~s|Nq&ZfKCVwPN`NRR=U_t_3a#exx5_v&=G$$9$`u6?ds*00t7T^lxiIwzw5>F5= zgmP70Oa^2jsCE;Oc#+_ve^J;Y|%96k!QLf8{fl?u(EIR_yOl`Oyb(_~btuvCTMhA3vt?%ZgP?CM!q=L>Vm zhBzZfkWs`&GsdlM&o|yYSR_jKwnuKHQ;1o?>Avx^EOOkr+f~$&lr#o>07u5)kau~w zx_5k5qbjkMRbaB0jYGN=4@qGixeF0|#rS-~dce{BHn634~7+-R9-Jd=4Mr zMda22NqO?~rW`rP7FW&ZMNg!TAxK&&B$PKu?Fi&DTg9GTT(Z--87U z{&r6t4yAM><=O5%$|Mt^#p;Hr@@6z-?GH~e4UomNq-M(MC?gT7WqE+0bYR2&TfDXb z9m+N(lfL=@_E%K{k_Da-chbeeT%n@LY&r0sy=XB=kE? z2M&R-|Fiy$PWJ;nF-~0$;nEoji4iq47OP23sXoE^tSAr67YmIr%=w@Q)mIMDtU0=& zaH_bj>*G0W!x|mHq;&z^7S3RYRJ9rWfRz+d!2k}Lt=th9$^$E=zgSxeh7K|kTb`o| ztT{hZ%5>$|qhfY!%fx~eHO3x4fc!2Tk#WPi&0Ox`d?ID1H59naSOBwK01Go+Ve}j3f@$I|S;T>e(qEUwWDf9~`cSPf@U9t3Wlx6oNQwCqIff;;M^R(^>P&hp?>9VX%S;jh}j7HMxRnRkE}-J$ssC2HbXuxG0uqAJGlnBu3X-X`W02cQg@r13-7 z&mF+p5XUFopdhE2^8cJ+nwyGgUade|3(Hs#U)$IZ?8}; zX5=i+U*2C!ZOI9G?J_kW*u3B<+bNUCR>PGTp&?W}#W9PP#bzjPv5Hp!?p_c34PEbubnAN)#Rpaa5%%5Yx3;@JE z7(9m0(p|muQZJY)q5O{6YVYR;U;4oV8O8)bPrN^zsG4Vej;#Qh3^K=)xaDOy8$Ef* z^frJ8s%z-Ns=Ww$5{Oc`;J8|5#6{$?sS*PrMcozfHuR9^a19&vr*1`n@vX96f08KS z>q2SOlD^axCu~b<4)$21xK{vpHe_2a%aW)wp-NG#-Lvdjw4H7UkRs#yP$mA?WEPkJ z*HHn!R{>0bo&| zeULX${oT0tQ~8I3SJmLc&;cEl9fSFE<-n zi_72zCuyuAUMTaOc2HOabDJxZ^c!T6g(!0?QRN613=T8eY@CJ_iok29lHgdeK zXf&-6x{0G{_Cg;YPf=(wB_)D#<}B!A;o6RLzEim0M!@LgvdZ!Ca>=*0U+!Jf~ z0@7}Zk;wgqpv*kTvX2Etqr)ug?X62LQ1B(Q?aly57!rwC<6Hx%^x~Aj&7YmikXy(R zf51I%FBlBHtSEe3*tn-648_CsP&3kjK;C>64Rn%Fpg%!hEhKT>o&c<~;qg@4dxWY( zm06IGwM2-hICL0Ty?Kb>Y-~_)n$iGtb_7`hEf}=^xyWRp*GrW{R~_ze^3MvQDHy~- zI@xEI>?xnSo6x5U9S=3EiQ<@@qGEW}Ogu5KIcJt}zheUb_m90DQ8-YV9uT3-sZdIT zkamw>-(202AaVs*;!WYUcm;=8$^$whkgd6rBKWz2Mu&tk&hg;@eT%F3*ITj? zQWi!PE(`^sN{$OW0%y+UWK;@Id*0mj0+YaDWQj#-giJx`Lz}c3bAk>n%drLMel-G- zVT$uCH^{~1gDc0daD$IIwcglZ2_z(>cG-#c#;El1OHu876fYCDs}Lr`gQALAwtl<^ zIh>Nakt&Dhv;on|2X-x}uwjL&TZ=kXOOc7bMRr*^wI*XwL@6$*7bda-b;2Z>#t9la zC*V2T0sJT5Fq(n$U~Flq=zbVTM%xeh2pjA>bwb+m?1a8(=ZeVK;FRcJkmA{F>F%!K zS~_Ta&KWzS!n*;5vgp@TME?Rh#4;`eB5)ZT;8cW`G-IAG>srl~?Jh(rZ&!BEfK-sm zTU5E}K`f$4PzGdN3VkmUBGh7SSW;Y9O@m$2zWxS`8YdNXf|4pjH=_%|2$gfYn)Ne=WEc^BMa9T_!k8Eq?W=~ z2w*j8MYYQ|VULL)ZzhtM=p-hE2Rlx|iAi*eA7K=}MT zjpYKD7;5Q(W+q*JeU7iOEP%>dqg;r7@M^x+wN70**e=g@?_pwCM6wOhsB9Z)^ns{H zs?P6^K)0wsQ*d>@C_D>bcsd09`@#VQH~#Hv^Z-Fd ztb@6+g)T_+XyCsaVtvRoWEdqqG7=R@WtkZA2!xPBHK5(XfHG^;#unSNWL=Yb zAkvCc$O*{qFp`_4g<{qrm@wNMszKKcy*^kF!=?0^DGoZs9Bh6ogXUy35*VUH2b<)U3|#Wvz=~#>m1n18Mz30+NiKOnJYQND-EFTzo~_mCMBqe#?0-x){TYMlJ6MYLC2RKpJBy zA{qeAi)k5R{C16DjW^@mToAq|!}qDkwo}oKrCp0Mb%Etph;Ydf(ax$NGOl|J#glO*bMM$pwxkap@arTG62T`NkY3t3WbCV zRTXY3q(dPH#BT_h6TT$eM(BqD8G=ECL6r~F&>U(>!2ej)#>;!ZcbuiXfCW6@i*o{HT-x?T5++xw)?uFq8-CHy(~J@8lM|H7Y+Zw=mFTxqx?c!6-) zaVzGZw?4@h&0g{S%>=7}j0iz3#Pi@IZgxAVO#p!!yhrLoOIlgWHf}Ov&2~>YU*%PX zUIduv!4n01Twsfa{t3X9lMJ#;w-%EasLywI=u5AO<>^N|Bez9H=!woqK;XI@5h1}# zw~ip%#)!JDmf4B3E+njLjHlc?mZKH7SdS_gus1NdCaI_doV$tFubBV_tY>!JOG+rE zxP^v*D!DkK0J2p}pv}cKl8XFKV@ykLPWFVPtCEJ!szjx57$NMNWEe1dkSHikj0Y{pxWzLKPne;l-K5b3@PmQ4T!cHBE;QeDyQ9s`c35YRH{lBI?|95qp%x5E# zh;tFM%v5j!rM|nU1W})au9V`vGmJ_or8gJJbG;ICXt_6AUl`~Ohy$jJ)7JrEXSMs9?B=$HTS7y+;~ zBe{^Qi@9|w!)GW}=)B?vGT%2j)I9wxP6Eh9;C|Cu*I08ldM(NwB_fIDg_}y`voGWu z;ELHI_rsDi0HS-oPM5 zBDsr$G}xQYieJlb54HqQ@3ILZVGqcfFD~}C86X*1BYz+Vo~$QjhF0SQ$#}%JK^I3J zn8|MpBbxfdeSq$1x3ctja>@0&`xAUJKe-ngjUhjS>{`yf!81L6KV{Uhc(Z8-3f z%kequZPQA##?BucVOnN3Z~7gK!4BBVeUPh97^guo-@l!=3FsoRdA!A=n@hR%8{R(- zB8JQ85hS|qAQh`(gJ=gW!gtK!1-2a(n+_1^cG4@dUMEx^@V_6$E@`$Nx6s+SU{r@V zTAVknjspdh{QpgrH3Si=iNTG8U*y|EjSI>O1h+ekhRhE;96of6d)MmY&MNI^>^D~~ zS{>t#nbil#%AB_A*-Dv}C~-^Tzgd>x0vzKG8QnO-DLScHm#LjlVx~=Z5lu9{-m3$o z`wN>pYD1WeTfpzqCU#osj?16h*%@hF50L>j^t^ttbVCO!-HaBv@@!6 zpQ)+h-b0g?qWR>l(_hLHoq381=&u18zGzO&E|`gCzG&k}*c#(5=TTP8l}lr?6Qsws zliG1G_MBr18GMZv6dK=4-UbDZXxFZek1XKWTwY}_6)^&wt$~?Qwtv4pl4einrA#?} za-h{|#WNR4!o?9ol2D^bT=QZzv~FU`+cO7_cyo6tF*-B9(0X$$K(_hC9wV;*Vy>2r z#_N>>39Gb=Rgu>P$O90ZFe=!Y#wj2I*u&Zi(xD7&B1y_^FvGOQaohd9L~`^Mo7E*O z(^m&#XXzn?aOegfMiW8<-JWTNzzHh-5jMHzA~?rY$rva<4B=zQueYsaHrei2BrxZg z4i8vtK$-^EW$BqqK7y>qfo;eLl9c1vu@p*H%CMA3<52BjMjT}oy(FZ1<=&)6qtEK! z3krmBvkinW9no9%jm(COJr3!&k?&%isIuQ|vqSdAbdf8YWC)n6f&i6!%z`N(ypVl( z=_HO2*Qc`$y(Y4`g)gsZ?lyU->NU7hr$vfJM$=rgGh=N%aRT};VOkj&QktT<^<^a; z3=7Qt7k59h$_A_AH+#*YYzJ|&W{icQry9t%!9h=NuZE&?s`Y?s5-`d;7^C5%`SShk71;Q?rYt_Sg)ud8qM#>V~8*!b63$@BW6PK^K zk$}5S08e70{XeP*tv6NB%l#o`YLLm7Qe^zln36!XQBDryvgDR9G@9!iVovu*;*y{Pv@9SC+oo~TuctqL!}W=lw1eo k3oQ=HUOZO1pvVO$8doEn}C26AmBetSq&Bd2$2T>K>vI6Klp!=8iNPw z|Hl50#s|m(Tma4hPkmp9TOh02=>k8-N$U5nu*z{|})C==_Jc|2N0( zf3Befa01u>9RD#Tfa^cW`JV&;!2chMl>d)C06Llnw$t>}hzM-#e6=u{F)w{^nQwZl9 z@OUm+641h42fDKas|XWI=_cA{`CBxlVCZ&6a!<)FNlJD83OzvsT(i=BJ87;mML_of zRJUlB^}Mz8marZwpTAty@mrFTk;BzeNgOUz)tR!~8v{h*wCHhH5@)2`cRh>ka?dtT z$q71jj?U|c2a#U7Etf?J%4t04fhP0F+$>JiYH~}D%R2}}FK=-S0xIQi0GJaYsY@yR*)s*38^ErE82t?(+PzkyRPOMzmrh@rNm_9>FpuPNc-mi zC*TQ|*wzd8YimRd3zqa41*|C}75i1hmFO3hT=on#Qbt}tQrAqBTjo#mncsZ7Rj*Lf zvMSUl#*!LoI@AcB1{B9$HN%&|8mOwj$ico8|4Qx6LaH0i!6#mq9}B#0POEkAP1Lz; ziW?>N=6IUR{dfI^W{XLli-b9&BNIH~*c>;!%j3*~Gg`&Zdx0Xr$&P;^kgE~cpA}~) zrNnB2Zew97X4&7u5=ZDWwa8scejFkIP*+8t3Li=nb;xRZ3-I_K;y92(NUU|xdkd5Y zF0ev+sE>pHhVsxYT5|a|B+Ze$ZZkCUm9y78V`B$D^(KpO$YvRmMLw$cp3>7 zdOpa&q5H00;4m2t9}#uoST#Sx)|Lj<@8z)Rpe#dclbACn6cwC4=h~u_qwa!{FBEYTn?SV;7CRVH}5mD~bu z@}Xq;^o;*U;7uzoOAw};1k_N5ux=3>N)sERPcV?OiQ=!3de8AXm~#AnEaB$a{g1aL zA*u%{CWI^_mx*ORQ!iNYB9<;e%MFlb&Fa$xqQ%bC&HB2thhd6DhN zs>C7EPiMi+Hp7-;W%qt_^&OI5yrf4kd0>-;yJm+4yj=Hh*wt*7A5Dwf0$9;z!_X$8 zLtxO+nLgSm9{!9D&QaD6Ej~{Y4iyvgvhC!Fq~3o*A=3Aq>kLHV)I4&R)^^CN?wS;u z8Gl1L%gt)i-34Y$4(TXnlA^`k)$hk&7XOWBzYm|Fw5RDYkichUAik5tj_&!0`y zruX%HEv?^hClTHD%U>z(#k=&p3!Xv4w8zc45Zq(SS8s!pxh;K5* zm20m7&~zhTnsK(ZzQN#Soz^-n8`c$JEpgJs0`Sm)F%2PmV}X0!8xr!u8s`Q{DN@8D zAIJku0U46slcNMwCt;zkEgrP_M4-Wc`L8~}n~WfHIt})7&q&@I?{(9HYuT*oMi$C1Q7b}t7joSHFnxbs}d{?ST z0bAuBiYl4Z+edZ_wKo7@bfK&#@}|X$ZLZO!eAb0(gg`)NGBsTw9rC>b0&sR&`Kz6d zWrUX1%szJ9HQ!Y*j-?v4N`Kzb%_dEjlw36}nlu?tcZ9S!njxwY8!95|IG6(m_uiX> z0K$wrL&UL&9(6&J!u7;C{N#PfsjTNu#bTIoYRjOZyA4tM=1BV@$RK8mjFD)Ta-+H= z20SLp#>j6f)Xn+(^z15u_)EM_xOmm{bk#Xb@-a&4#Uf!p=BW3QZJS zi&JdL4iH|HZXuKSSYhkLfv$K&p~s%1d$y8rI^5!Ve>Vf0)=`s`W_4R#<52qvEsmOe-!X=z|AqNU17czn7nVNq0epZA5~qO( zLKinc;@VS+S#2U(;L8WGL2?KNWp+DW#zep3@M7@vSsMO#M^Y>m{W+A+de`zbd~0Vm ze z!or&Dh6c)O9$m;=c{70{>d}Bl4K;rxWkWghliEJctuD@WW$BO)c zD7dZk$?ggp5?x=T40kGn(2yuMwgwH{m@=FFgJ$5F_19T9(sntWbvqzMGr?4r$3%Rn zX2b2GRbSsMIMk$ExT{Q~GUMEi$PUrLkciAViC0HLw;voSD1Xh;=>fJ-bhV@%z=Jv# z%IuW`YPGy@Gt5w=WXX-&%5t|PsitQGA?Z|&)n=%{_~7IZkvIZ)gP2wOUI9|nL<@7c z__dfQ3oX(l!0@P`Bu~L3)WLDAJR;g zxf5Z(Q{&PIgu|tn{07l%Gy)B?)t;I~VeYo!t6INMkMF z1TI!=t%k)-2f%!$xigv+;Vl)H%-EKLjw)@u=g8Ep4jKHDvV-BzH9OTo;@bwOv(|fz z@<1WcLv50;5KRVD_WQ`6Subj8rw=6ukEwRl}9s(oYgN_9ZBc5*imv z!`U}%#bJv&%d~GPd=3i`EA@~~FDeQ8$)G^$$*T6#raix#DktAbp-4$h9#%IT{?^m; zpcvMQIHeyv+aOqp$R#;kehl#Jaf0T;7`GWJsTB~9xz_1)*b`KXba_u1Y$2Hfi^9<8 zl(62qhC$3+HWv~%1w)Z4A5I6Ovf)wlo?&mf{gc1x_DW;Cd39@udANhJX|A;%X=jfKbF9d zo5>yUUt@LI97~_v3z?sI>#$jT#PkzqKXXr01TG7Vs-dx6@IiC_gh9 z!`U}Uz(%c&3apYwP-IK;;=@)PG~gd+r4#V@ONbtqp~7n*rnt{(7;Vfp!BBGAm_-do zox#H*f6Y|h;J9({Co6bZ&-y-ps`fGtAmqs_ zS&Jptr5c!AS0@RtQR`>oNP9lKMFds!xwpysRK37i7Oun&$j?W#qiXH4xpnv&Zj_nVB;L=AtT$uz z^uL<}hRWu@PT)q?ps;Y=Hr{@h%w7wJgL_I9ch25@cNgU>r^7vxnGG+p(Ruj|^;@ys zUT-37Rt3tm=ah2%ZEr& z_FppwJPRX5$IdSyL_%q?tpo2B-JSz)mWz5L0vzX5T!^68P1CPG_E?7=IiZH!i%CU*4+^LI1`Zl=Fe1@2_&JGR$->W3<3do zuNp)5(5;{n6}zshe&M)ClzbtXgHGLp8=?jL5ph3MBaR=)d)k+-^K|W;)u|$3R&BfJ zJ(r})m&`CISIX31mPWtRj^VLkniq652&5PvvZRV5yy%a$SU85^IHLyBktoRuDTlDh z(q18%`rBKZYYV=~ig-&tW{IJ)HK&AMxb#KcVdKfXl&F6xTxMt844hhC_r~KJduFOo zu`!d|`tqAzTKt!89Q?kf2%W#Pd=ga-D{iH@P5lz(#neWJHv92{h}nq zMcy? zssSQL5a4l)ek!L5$QOG13+ga-22t-+S^Zkm+X1F3U^b8X^KgzhstWQ@PhC{mHlc5c z1DBV-s<;OXPjZR!V8(lvW%P$J2RRTFN+oG9cU2!$h1SO?3!!xV1mYTCr@^DOO@rc) zj}A&~$=EItG|*fR0-pOtC|lJLXW24hL_6rpYQ~Oq#=XBiN+6zmHknMVbCWAdmya5% z*ufK4$NXqCKsFQmFH96JEGeXTPd33CilwN~qk&^6fRV%lj#b)K4)arlveoYQ-ppbN zfB!77`Wsn!{XppTkvowY>%wh)A$Ymh_{x$nM_CDCb@xk@Rzv-c=@^!_jbTtdWneYw zm<{z>Cg%xS!eSdfL$k(8KDZgbm}&w>@Rl_4F|Yls{q#Z)}1#Q;MKrBso&*i zuOCj)M4I2y235Hiahd_Y=>lkTyC63YtPONbcp88>hc@CegH-q~RQY2Y%dy-#ibTt) zxt6P6%uh0Tm&zAJd6?EZbqE8;N)-1;Vi*9fdAKZqT$B)N>5QPgU^D_J0C zUNm!}5i7)&+}F0HmVw(I&oA6h^2;Z(&tnO`)4w2cE8k`w%P6P7C$D2Fh~tHMpw@;G zcJqgIoJ6YrF^-HmdWmGX9TT-0%&2BMY>8nUJoUFR-N`7Q38dh1R1gEN z)a}}B4)5pRI!S@d>}_-)ZM+$oRgNmE&Bp0LAia3BpG;K7Q5kZj%Q;KuQU zND_sid}~%}x2&AS81?I~XHOi(4##B;oh+jeYTx4&2YT)pc!@~@6=`x=4q@lIk(img z8EQ&V^Ub=ZqUrK|N0*@^vsj)pq)|V8CjHP~`6?NsRZC<_%jBjMFzZ*^j6ro1d{&`h zM>fdmhzZuvH5At~(?z84zlnOilIaK-%wFrvqMpZtP`AUipZGl(_zPT>0!)-Ci4m-w zl(vj|?}9}Suxs#OkFwN1*DR{-&^x&5B*>yicm3f|gy2$L{=PG+%L)^_i}ayWa6H@| zJ@#%czf9win^muoyFn8&gSPFd@tMI z8f)H1R4bbQP$41IDE<3ONm#uUAI$TBqC=kh+xwu&OC8}g$&sxkN zvINSD&A7H`o}d(VzIH&M9^p+*jTgJ^SpHCzS-Z@oBykFhUS36NyzoH8Hu~LOGS1oiC8mwQpq90ufh{RLrnJh86 zV*3mSuAOp({a$fKmPJMOMS#G;s!XboXnSt;hEz<|Ehq6Q?O|3$nA*hy z42!~taQ;r>I_npD4oRB!|H!fP&KOAZd+^pj>K`HzKy#tgSl1~$iH4&x!%jr_Cx??X zT63vKUiP%uIOVm_!1E`j?oTMNQ0=RIsef)(78l2HK{2l!w-*I&YqR&p1)=9LHeEQz zwtO_cA!j+0StDzFhVq@vk2n6mA`RWZ^$q?kW_&(WAmV*Y8RrQ09OrrdB}1Na?aq!F zRkE&4qgCh6wyduKlVGV&slLl&k01eR71cV?b{Nxhgv~HQ2_)V;5gLILFIwk~3^-J; z`gc(5f(HhIWN(Y*ftEG#MMQd)mm`}TR%a}%n*cEqFUqPD-XPN_I~~V}_%`dokcsf$ zTf@ajpXrW?Uh?9igUhAqqYPV)>vJ>xIbtkL2UH&rw~!!(38~=K7)7MKap%~O%ru+(p3Ip-)GDHK+CD)H0UZ3c&+EWf+ zaK#`hn!fBE|2y>&``15q97Od<(@{Ise!*+PTun5kd!W^rkiElWNcf=Ol(t9bei&Vs zGEW*o9z2>V!#QW>aS{zH;gbuA{-`le1$VtSm?JIBD3m}r9=Up6*G+FaP#flop;Q;g zC49D=WVFbk_&sC7cTeTlZRkrG2-(P&2kO+X)ylZ}Na*XNV~kcg69zvYGnl}Pck)~( zVN(%8fgi{Q1e`G@Y-zk3)f8+BY2vR;2YiIvW`s}@$h)d=yK+7Jtr2-KEBn)z|7s-P zZqd&2<(ruOTC9bg+z%Me<1eh1qWxU89WnVGIqJ(M-J-u=5>L%}`@C7H=0G*9X@PKG z3hvN(heB(v*z0oj+}tCTb;Ltf0vLc+lu#uh7$3>GDO|Zw|85@lMG(kv@M%*(#2ap2 z6lyBVh~m*kT&iJzNg?c}!e1yyxq&=g^Ee80ZtwBuGL{^A!=jb=({X{2VK(-PBg_1; zqq+v#UewgY7=?EPx+#bAU=;;Np-O4WVd<_oLV1fn`o!)xN^ zZI;MKRjA=A)57D3BqJEc3e<|0PFt=%{GGDDNS@^-y$=AxO=e7lpRfFo#mVWE|Dy`P znxd7D4hHITcbO;{s!>tm&p6yIe5$})i6N}XXNa750r=SrpEGyKZ?v%Rh8N4fnC7^N zN)u|R+dL9tUldN{X~2n{t1yNljgzw0d(%zmzo46DjzDKcGycsKD%O=6R0#nM1wAdkcEX)#L7>r7KJ5<=~Nqw1Bq3@-{hg?hMgZ7h$|RwB8^n#B@C5Zm!v?d%)f8iO}72esfIHyD8|Oul%I9VRY14 z$<0)OZxRYIsYd^(GchAQlheF|yXnIC;)KVFsTE?~{R>Qbr`b9rnUo9-;Glo(HJBl$ zp-7n^?U-0SOD5+w-|Y)c4Rk96tQ7>Q16h3d8gWnM2$b+a#ouMar-#UIYCHN-RKJr7 zB>3vqQ`s^A(=4+h3AsOV9C|{i^k8OF3jE!HQ3~j#PKUlG`Yj5BxXOAV-9GQ$e$CMX zVJ~Fp%T+5;IRyA`>rx}5r1%s96~mI;6YNDvztavsgJThfKvhMRD?W+}^(E>pd2{J6 z2G{kLUfk(h>p;x8LUU42u2^NC1GQzMFFZ;JkqB~KQX>qslvp^pGQt-zlBf_Q|Nig7 z^xm;K96J$2X!-RKO#HvJVxXw=U%elr#R^j|bM~IYg>D$QMLNk*^6K{2OOp{MW_ml> zty;fG5rs!f!ZDeTMv~L7`Bh>c%@AD6OFLC`nak4BLNRcZ^`tZy7jR8-Z5vpee|pl< zSap_K=rU9Zqu}Uq@K?uKk>f{*Vjh;NU3?CRjRt(-->}9@wghKXGYINV-Gk9Nu69T37Q6dFVS1YQG+w!Ym(9U1S;Uvm@o(|&)RURk8( zmQn88O!r@fDZV)n?-)|Nfm11I;wj-^u=ig2EH;evf?bwkJa$=bj#?Bdk8p1K+Kk^j zqK71*t(J=zJM}!oQnOPaj4ou8ya|KwJE%FkM241)5HB(xQ^&Ids zx|~G;6}DG)(tJqgntG7^{qERqL6Hu(`bOZ{n#CcGO=NIf<>jijA<5#Pq=UBx@GO7O zUE#KbaT3#2VJ+(Au<9vYev>L;sr}T(WH+q^8`^X5`Dhw6_Oeoe?z`FWmT})1nGw$A za_Xle4ChbugS`^Dq=2kUJ*sXf@&;cH&I}L&FovR-#pWQEr|axIpp}J_a_^1~%wo&X zt1)m*sPa0X0c3P@nbM7Mbgjxa9VW7U4{c z=4{*l?T(|ROi+_26H_4lC6AT779={mGLZiP3JX3#i1TC4sBw8}!#HNac z)p`Hrv`Bg$PV*%a%1@}LjD<1xd9RggV9x)|!iAbUFz#+#tvUm*q<4d4Kd^D5%TGs? z;p{lZ?8$KOPt0WRiUWRy|2Qm(et{1g65z!ClcXCu7v~**zq}4#7*))CAfq~`v&hP# z9=(;oitXzV8b#4`sH3l!9lD9OlElH+zWdD=de5ZRhD)_N749F81Jp**(2$5L~qd5zGr?Z|rt z8#yFFj71Vo{MXZl_G+jb9h_hV4sPkXD^p?8ej0EEcUW}KSOkQ8kBL#SEII3Zz&-x- zkGJ@A45`Z6LAC>_@Z|?nvdPW{vd~>YoStZUV|-cDXiVn}G_F)StnEvzG-KniLR&#~ zz3N$I-0OAss;R}TFZa*fVN6P3l(8xVQ9un)dsoV4+=3l!_Auw|NEI1|R&ozm8$Spt zgQHU$X-w(*cFT|mL-=$aVgw5dyuq2kBrBD}B$HsmIMRiiu!;I62pafxn@Ln`%y8*{ zUXJu=dlxr-j0HU!6MPP!mQD#h64=A#PC!#g^&r8N1I%1+m0q{?BfUyc`RxwFbfq+(-Pk&5evA7bmHr z6AQT4ojzdKvhRii$?-HQerN54wv(b&u8Fr_G8+|22skdu;!PWl6^8R0?S(`iASX;S zVH~JQ%GslcFQffEm}eiF55d>ITcphlHFn$OK%@4)d`!xA>`Lu@SVvq1Z3rhCx%t8(@<~xTa*SSi>-A*`f1vBoc$}QP)+&1o@>ZMW*I6mZmF)gR$Lp;^|=W8q6K!jurI@J+;l@7)~ zH1&|PX57uiX2q-fTv!*l*tlQqnW+V&6v^*T_uA?$v8mDa<5o24nV^q@>TAJvkpoVj8ANEdgR8^ zOo?S7M=On17WL(gh=bHK!6ySrUNnUJMkX3dqYTTL{Kp+MniHNh%==F>X+7`ypXs_@ z?+hK+0tF8R`aHX;Fu(FJ+-pg7K5>ADCal~r<&b{7J?0tA=P!1JFhAEC5@np{k_R4E zWoA=FF%yLfTA7Y~V7Lz4-ACUdKS$v^dm`VQZo-M|=kCMI2wLPEY*^qVd53QS21!&w zmR2OoMyqF@Q?Zbh&*d;r;>J>3B&;I-HtQ_J?v5S?xy=_~itv+LI-dtjmR_F9ob;ql zP!>YliS64l)f}}!9SvC1G8`(N>gjlgFkbseRG}ydb|*Q^)7HeWT1uG6vGOUfDfz%bXv?TOm%Rr%he^4)0P~~&YOsPDf9ylnq!vyNkMkT3+GQbK|t-Gmt@4E z1A)d*5y`D?Z1l3b;(|QebxFeXBx&^ODA4kK5n4Y+I+BZ_*OT%ISLkvOTmeiy)sj>7 z$%7Dt*!5R3>Sn0LNe1RW`;}#pf`K|BJUajP!EzO}KaMaoxU*^DJDz@8uelGNVJ14; z_W9`07&Xz6-e5QBWs^v(=>QsXwXODKC2)AK68Y)xt{rwQ2vr|!aE1lW7?hR-DQ#Yw=PF6*hp?r~!c|RQrST%#BjWFf zay4Y{iAdXm-+tEIfzkZn*Q&5em8Cs@@dWuYsi-{70->9ju2I@n6Lr}a*38j32c3E(qJIy_~%x%MqoC12H0%&)r_xt39^x2*n{gHW#W+W?9KyX_*ETn%sx77RGW2jo-c!d;h)88 zTdVN1NKocM1EoCq=!=pE)KEQSDS1u~TevZ9^n6Jlj6*SnvdvI!V&Lw<`iOi@&`7;! z4P9(WjqULw2L+nhi?g0xQ!o|P)*{^*Ta(Ffde54jT%VpL@?K_CiWZ)4o}rmiBX%B1 z6qIELdxz*2FH$3%=Qd1%UIc1ctvxCt*j}NY*FqP+EX;hg5%%elGvP}!KSnvqNc(bz zl3FA9+}BDiTVT-qr-n_ul8nH(ST=>A=loUpsf>6YE4ggMew2J4Yg!*MyEo9~OuND0 zvC)Ss+)K zBRr}(lUglM&m?ag%~U^JG!VHB{o~uC{waPg%2Jojz$3e0Ysbd|HO8tvG)J zp_$3d2;ApCJo)fF2M#C=_RiR1voyI^DvdFdXJ||r3V~7DAS_Y4cgNw?OCvGi4qjG+ zmgG@S4)t2nk{USQ!x&_-EsmF&A`fV>I19obhHIXjb$yYRj2;tAOdv&6B>SL3vOLTY zxM8*pGj=46GO(IXYlK?0A@24Y!ML+hI|Gj4VDV% zAWPtZ;lK%3U~M=46`f)b0u?fL{v>nx{o_!;8XA+&Sc8%;BA%JWZV46xnPoikbuFft zCEkIseC0N}sXUU`z8Kk0pBvV+R#xCd7`$n_k|DcmX!Pqruy6@X^%%H_7PdOF=uWgm^ci+3{v<- z$b`*+x>M+&Ryf8m@u$1wHVFpXgdoaM%G?_;Y;(RSqCm4HEsk;!OeALJHd#snIQg*m z?x{q-JV=xq?GsC81rnAK*}Vo zZ8p}ZKoW;WjgC4Tp?J_5OZ~7UiC=}`GnVAsnM z2T7BBA1H7vbN9*+OtBnly>E(XI%r5!xuD8ykj3#V zVk8t%={HNp2M}~yr*E)#F_5S$d5dPSDup^)-v2C!;-h`699z}deQM4riG_>%EuNBS zq0$lru?fojo9GHjlt3inlQRS9nH|UI??B$Sl_IFu!@uICy>p;9OI*VzS9$I+SIb04(Vso-w!#= zr=+4T!%>jzmS*ZEC$F_Q+NTqdidHi&P`y|EGSf0HWal1>^slzE9%x$xx_*kX&*wRl zsti(UWPMxBBK+7Kbo#<5HAHq<*tI0YD}puvc^qY&!!KAln9$v}t`iMrs`)Lr39v4{ zqMKCuJzX5&PEKvgF3~&>U`)iNnp48j^Tl^)nyb$)0kT&UoZG_Gq7nHh@FELDXM31n zV8IfM4<^)o70qF~qvqO^YSz9DV;rT+GmO_)SoltHmJlt4qm%eSj5K3e&!1*g&{gE) z8pVlG!`O2U>~9%Bv*aRg6hhJlR+J2dG2|Fu#$4dJ84~5|h>ar%hlyk}Mp8@BqJ6Y0 z+AXlbnA>J9(v-E6S07Dje=(QQjkdEoQYuMih6y#hwvpQAsQ-=315guIXYED!MC&6p z$#d=sS4A9NdnKw`gf*~Ea4>ZP8%T}h5}iP;SF)RR&KUg>tPL*{gVKi>Mu_VL+suD= zbpgSzWgB5l8D#o9Alms-B^;X4v{Zoq{RZ^;eKXc_B|h}s78`txIO9a!Ld7Z%OBO*5 z84Ge{EFV3g&iB5JK*Rw~1EE2Hp6vhX7l?XJvd^Os$C6!00$^o<)u;MB5{9g{C?EY1 z^f3c`eL6|_VWt$lY5SQa0X8~IXzRhk?o8#kef1X~NzKz(*hkAzBx#z(i#WXc3S z4U*&9325n8(gr5Vi_uP6jHy%23+Zn%E+Ke`U5Q4X+URl;6L48eFQx_K!~dALuoP|G zPIoo3FFTAx89r)61h(l3Dr%15Za@$sE3DP={L%v}j@zx+YU`0SKRcdfD7ohmJ_x(KVP_7L`PgwrNseBNq&3<6)$T0~ zB&gPjf%;nxOTcl3p&rSf+wf~MFnD5BdCGi}>>XlWUn%|BsLqG=o4DzQ6il4@2zcX9 zw~IV6;P-TPvRGPc1wgzei*~V+?apbZ1^+xO z>aGw+ltWIt6CBJb}t<3l@nI%cXfwvTKq6T)ggUsBa0(cl0@5PEeTx!JR2OMzcTh;oQYF4qo zFe{~5_^VJjn3gY9C7dZS6$Rk#3g>-PP!-K(HN1=j5{_`Rl+qEIq z993_BZgMd*9c9caMD!{_g-(=o*oLwV5Yn4?LTaYjZ6@@Mp(ls@Ra8q$sai8gWK}bG zzq=FeEu;c%l$xLcD`&qqH+FN@eRlNm;Lc96%O0*|(Qu_nE9-K*X#~|VO3}qLt}s0hRrzf@B3GOgt|pNyWK^D3Er$(QWOSB<$qJA%ae?05861Die%=c zkD0C(@eS`2>%qc`MwUBYVGXRUH9w!zT=-RWrOJF0{$Q|7{X}!gT#-M!Ft5$C6q|R# z``JuI>6j>gbHDddmCy-+(1<{(?6PL@TVj!?2ER3x0z!v~>Qzd!Ecl}58vu!k@OnqGDk*6w==4le zK>#nud-aNK^~bTqKq4m}vp!NS9`Aoob*g2igBV<2zT@9CaF6SepFCUVtMK*ymp4-5 zEA?eHF-#N3pi)-AeuG3u3jz(;Osgnsn!`w~kqfXD{cd0*?VD}zj6H?PyA)($D^mMj zTY8a)o@nKX4m93rTcnxEk}4Gt(L{9|LR7IP0C|AUlhBh|R*6X?-=~T)A*<0K%HMHS z{voyWVX72}#9!#iW$&WceFP$sx_V3F>?L_*{Omd@A`lOo(PZR9#L{7TawrA4Iluo= z(Ok-9RahQCbcISD{sApSoKvjIv~q-R-QiRq{VJ)SLo~2d_Ta8abhUrx|nF6x7>-2q5V? zRhqxK_#icnl^7u01~8EQwFHp^)rrHN6iQk8;!}Vk9^(Y*j&69rZ#EyQZE0 z7|doKwA!>zc$;51ea^Jxsf<%lXtUOsLR%+OIuk(2$l}kMv8O_#@S;w#Ffi(_+Y#X# z+%a_>Bt*hfamV=Z^NuVb_%*UZ1XsSCJ6(!OrrMK6p^s(vY04Hk2W9i>u6&J<=XCNK8q=lN2*_~*0DR%)V& zT2j}kD*zGJ_6N*39XE6{`1H+i$<)94Z@NtDzp;3~U`dsZ1WYt551d{GF@`OG7#Q3H zc;5+jmKZU&C6#*q*EE(OD?rWKTH>$~{>Byjh;Fm9i`%xuzFx|N0>LP?r3*Kkhg-M8 z#eDV*bhr8~VLla7$Xfl{R$NjOqoW%$MXx2G6{E~`u?IP@1bpqPq?_iuL@CF}MOZm0 zfkjlr2d^l$g#Dv#kCP)o_AMkt@@#kBo|g$(LVMUAFocp`P;rZ5zq_uuDFLhis&>|gLLun09W%U45#96l3= zLjQe<%+zZ~OGu)U{-`ZnSS3M_f`IwLY$SN$ZLiGBt>|HvG6n@9pUUp9 zO}HSk-)NsL_BbrqD?Qw^dSC>=Ok?)eele@q2JIq&88lKHN{pE64u0i&EOn}4SXVhP zvgGOJ!Y(#t4Uv}KuOf^?V3 zlt%=AJt))Xns9+T)f@^YicH|4aXhyfvpMCfrpb?2uExTRkYfh)V`;mFB6`bup1pyC z{0>d!#CmZ;J?0F&0_y{-|J>#)`knMWi~14n3F1w>9R|(JUq%%l3X6eiR8&~x^u^g| zC&0fM1SBBD@i^91d`3tTDZ4sB#IkL z2+9i;0eln3ZTIV{3J%Mn)arO?nE)^Hkh-XgqtjXu7mmlQacM@A>4`i@!sVXh>| z2sZCsUM{S85Yrs@gRx9PJbM|lI51*?-%fqrb%90uva8fmP4V%Kj^Ou`GjAiXI*fd& z{&JL!KAiL;0!+EHjlj@xuTUBD6Jkras5!`P>;y{|h{a$ZL-}77pV_iC8^8MpfHI#r zr{};TZ37S;@GmhqH?nrdI0SKR2sy?=dBcp^RGw~_R|i}%%dkjIzM?nRc50j&x$vqUx%x5HPrv4;!!Zssqnc~xQ1IMDEdnlEmaa3;Apqlsvo;~*O5XP zIt-n5;mzR9x1Epq<%lIX^~GuqtRoweX4vF-IU#97?k6zOJevxA@-=}}4I-AY<_hUJ zN=BS@S#6)s8W}@rDXhJPN+$68cK~D!AaQt6oJ8mvh;&?!E(X2$_lvskQ2;elT6pMI znDAxatI^;iVrZ)@U07)*9vcHP3Bo?MJu>6T=99$+H4Nh2!WL6ivM--0#YnEynKiDj zx5wRWW{&zUEc=jiWlQ;~9hzAB=(Qq=Y1R1U*n;L0*8Ik`uo}%_|J@wY%N6^u!YgdACgIG*N=krt3jG^wugg{ z4evE@Fj_#iqin9lf`lTM41iZ40#Z4mk> z*yvW7&9zB2{_bNKMK`D{y!SpJW8yOehg8&OQ6gbW!iIf1(%9(XvJpczk(rsopY!aZrzFYWM~DfLTvZsOHk1E#wG-*_fuIIo$dD!|E1*G zPcyZpY(QPhfzNLQ)S=KO?)XASU$r@C;}0n3Yaa?2yBU>C(j~UsswRsH zlb&y(tNHAIZH+TW_BO8KtlNM1uJAvdo4e!KiHZ*pxrd4tgrT$;fBxp5I}$cq7me11 zKQ`=sYGdOT5`s1Q@4d7MkJ-js`VEb8s%F1&~)CkacXtyZ$JHJRlF!53q_pD zzTYO?GSGgGkR&lv4F5LE(C{ciqjr{6DVjnwszHW=$lxrm%v;iBC+TqP={w>^l#u=5 z-!AizMxsj$?PW{9T4z(_f8>>Lkj2i}{4XnabzZi(%qgajqw zkH#Iao*`Obet{P!iAl&Bs&>j+R1W&@#srE^ zbiltv7&VRFa2Sj9IzE69zW?@NJjHAPBF{12=`n2vj7Q^5#CNe%)G82t~Y{%nU+Jl0ATuL5g#8Dqn*V z#);S%fI(w7#HXx75ln1UEJG1k7vz!y5$5GbNXr)cOdG*0SlHGRhS-KLj*u9*;B#oj z6v2IlQJ=@+5Q7&O>>DR620|I7r>zN)tpyRH{jgB&6eIxVxgdlXqq^jqXjG}uyr)J) z?33i2M2;YavbJ$BE-hlciIzHqnHR{30PbC=Ps*IaG0P4t4qfCEt-~L2l)=>z&fxIg zP8(~oa|#uvDT-)8o$K6`1?Ulgk7tZL)S-5PAlF}-k~-WM?U0UjxF-H1Sb0q_uZMzv zTeS_3G}sDh_H{&NCcJu;(V-(u-*C$VNKxpcrUPTPZt13&!AJl#P$8lHGuMVNmkHge zDbCAc^Qky^V^&jsJXLA__|o63x}`xxIAI1YW&w5xfI(0T3A`OGiK~$OH>}MT)d$0N zQTPe#!Bo6Jy)->L9?$O0E3@K1$Ap(OAfCC)IBBX2FlV}$5=%)#TU&|fM zdGO)dx>|OAIl#}F&kZ_Y_Y7o;3wtj;H1}Uw`U4sz9KMWPtow5%oXCJ0(*yz=1sKp2 zgwJLa_QCkrqg^KUUQ<^;G~~yg3bbi$F0MoYut4O^;+P``N)FqNOgQYw6d|Cbo|6Yr zFaZ8kF1s5L!U2f(Z3>8}sD5>_aP*wekW!i|Rd5_v$1P$YmNKCBMHJ|gkMBzPdrEbK zcaFfhfaVAwtyk;BOV2wqd}x6JUb_}E5O=ERVhX*WLW9-}T&#T=XNyq^CPscCaD-bg zAcf~XM(_nK5R(7W<9NkAk4O-6aaEW{CTajg-ajAWZXF3X(Q3poB$VqQoD8Tk!H|qb zE1z~9&(4bGhrrM#ycXR}It7Zw)Tk?@U@^L4L)A(J1O^{SLUCb7GZP;>L9cTo)xeXz z(|aYQcTIAOMqy+YaWquPRXgb*00QYUm5D-7s>tvSTTBK3iZ4keEkH8Msm?>PlGc_ zG9jIDDee*}Hb+i5x(StoOzDTy>Oc>8G;Aa+d6xm~!8FO_a=v!y7SVn)l@MPb2*c;i zaT}AeY$qX=vq&Q`%}+`em`XlNP=TqMS)?Z6f!Y(ti6cdsnQ5WQ7}5wAcB}yLAw?zf z0K-6PU;%YgV3^J*p^$Gr>JcO@gDlm!>Z!eO=33@DdQ9>aH1|DX*%bvDUp%H_>TgRT zqb@216N30|QIRkzkxULiX~*OUg$WH{)~=w(8GnPDVKZSe7?SrRhD-GVjSgx+>o4#G z0qOuX0k7-{(+%QQhI6PC(4%Um2}{=J@MZAH!V?lgqsmHvGleiQmNi-Zs1Pcr* z48`Ogp2OC$fh#Dg6U5q@C7&k=O>mPcXumEP#t#BdKxvW(<5wB8W1vt*li@<<0VWMX-6ug-Sud!}od)AsO(xw|1GLg{`v!pmFKj!S-Mra_Zbd3Y zGnfsXjZa)yJ4LkghN-Mn;yRE#CV&P4_Z5;`(X*0Kjx}eG^K^@2I5J7nDkTb_N+LwX z6%XhOSYw+qPKR9H*x-L<|4)r_p~*l7DC-|7VKAKh7K54@wkfMDBtn#Aavv)FcoBluH|1A&&I?X>X=T1P{%P-d#1CXo|N zyJ*T>?vIEaNRos5$j^|X;uI5Pp!tAs=D;CfcLM(90gVVcS4Lnqr>=oHNh6Gqm4h2} z5-_$FEFl+T0Bw%q(~&=Txv~0!ijvd=6FKtJGXT-;bL4W7&rjH7HhCaeSWBU1&y&DucrYDM*a!AuSG!gGx|{-<34y$|e6y zu!Sr0?3ruW`kV3ihfT)8N@MNekMF92X!jDjswuts++ouVk;|WTewE@F(wH8bL{Yd(IaF;TMsJD z32d^<5x$~LfWme+xVzA?MIfE{`hQO`Y0d^(C?5Ml&Pzq}jF&htX^U>+V#KQ1R1I9XAf!n3yw;Qy9Uwhw zd=vJq0J7i#6$Y2~Z?DyiU5JimNh%7vIaq_SNE<4NGa>B_+TaT9_ZqbeA(MNk{f$Oe zN_9T^q7iuA*x-J;zv6W^wm>eV30?f44@s3I&;d0vG|~w((r_(v-V8De0CC98 zO&~rnG9zLHZso+i3l(~wN9*yQluu2qb{YGb=-keP$#V)hY07x$+wT0w!+>OWGFtQL z$OJ8-TEd~w7LuUo3tUmA2flcry83X63G{>VDr_}iVN)EqkZsWJc^1iSfA_3}LvZbF zxg=7Cl&mO|A-V;Z=Nbsah9hmx8ibi|YHDdrhgdN`#d1S@yK2YjE~kc8I?`e`WzH$F z4(6^lC~HPCFX@)Y-~}@EZ>g}P*u5VGR6)R6Sn0mp;P)l{B;J!nMJx?O2Y_voO~Q|W zT;xPgEJ6$>PM$X%GJ}CWMD#q(B2xM$Z|WF7SmoW77Y#y5G@r~H7`6ybiK+G%z;$=4 zO$lw<(C|&H>}f`WDRs_CTA^<$(g;=Mq$u=qT-u_$v?jRGbZqh1#4Ku%L8d2foQWvE zw9t}5gSZNq-#A}x$qcC!DAEH^73UDvL^lvQi>4@%?i$8I*eOJip-3pfEsEfpMcGZq z7AnjGj`5)zoSYf77jVuoF(?XKtEwOf43Y$kW=fR;rb2s$hUgInlSmIZkk~9WFIXz_ z4jnAQr$)hvNGWPwAcZp z3fOanPt+`R^aHWiVForR-H*>E($2ulun@eH(hMd;BKjSX`OO8kb^!oE)T$|wgCNwxf@T83FNe>2vw_X zM1WbH5rjP3kP|1B;jYGVGd|}BT97EQgYq|*%9F>B(U+~~!NY;#L3bF2 zzS(VFq330z{tUG^*!8E@U(3T*dwi2@iedc(l49Is9tZV3) zT6*QiQxuvCln=H?W&c4((ER9KS5QN%^=s4>4GDA}SyG?7lOpI6jp&BaQRLg?pMPezeT3J*`T;t2i7Oa6_hMUX3De5DQD zdUCLSo16N5$vHOIflB$ym_uJO$0Q)sb2slWO#IMysFhx^upr+f3NPmbeoe{xv|tf~ zsLldhful5zfE&{&m6?Ev%#IP)C^pDT#)KJ#{eVGcF$l{i*#(ihxtsCS6U^RyC25OTp(6U~RDMZ8(B4dwo@QC+vEBcp*a0$rpRyiT+eJj@Y3P@O8z z>xQVGk%*Sj!(!PPQS2eZh*(ylDsC5e>qWE?rk>2*DC516IG{A&Gdh4g$ryZW;YKiz zgxS8p6#4CutdXG02NCea!PzcxIa*O$m5_(R)I>tWmg4DQ#NeaxsH5c{llX)QA|%rw zS4I?MH9mZ_nqVlVM9XsoWfn_iTh#3aQIuK`ElF>3TLg>UFbg@9JU;L32KCPfqp*p| z0x?HGVIw=LLUiaSN=c=U7#W@+dpYl`s{(jmU%JfC?1Z3k@qtPY)hXgYiD`xK&ftnf zL3bpnVgi-o#9Y+g%uR4ve%?xFJq0h0WLwn*MN}RLLU^++;tYb#!%m=9}<&O*c`88kxT&SwJ3N1LL!LQ14)90^JZNQB=d_A zbc$<$E14M=xFFlWINU_vGG0V2naV1d)3Jf2+MxiW%)VMW1U>BPhROinY0dhuKzTl# zFv1*00y8`nUk8=$3qTfwj@S&UFX;61z}W&7a21TCfZkGL_MzM@GNni%_wkdg=+?)* zC%pRQoZB@IQDLlT_ISpA?Wj#{%1A)P}<_|B9fH9gXy zihGOElj*|p(%e8`2-0p6#)P9_m~VGK5bur59>XI(avQ)yN&JH#`+3QyH$rENhVivk zIxZ9h^mUq;EGP_vFkh+!KYV(Y6r`yTc`lUEl$kJ5^4Q zMZZl79xj**z+Y;HveBV_e^VH|Q^wxGivTtt6{akXu^lr|K+5}{Bf0&x7Zhss% zZ_Vp;>3CuV)2@$I24LA^;;!(R8dse;XxLzff#)a5RJmjX?Zn*Ej^bA_9SzPj2rG*N zH^f`NN@fP47m-#_rI{sfm3}@-3EDnFd?ZRWR>Luhc2&fU@ua$_kTOcY3hs7!sj9zw z{RRL+d*C5IBU37xufm_jVYnGZyWK8A2&s-;Pg=#%Ni6g*0z)=2FTR($W&0~cc(Y@I zPYf7g`lJbx%>Z1Pov;TKTA*SY*Uu_Sg< zO?OFJ*s$aTAq9hf(&mju@?h|B{%kP+VN!y&&~RpHqfiLw*)*=QlVPP2vd zsr>_myi3RK!>)68EFKR8ppvgL%ks)4w-PSg;G_U(!q9|(QD65qc91T?*)57q1=LCb z;nGeQ;4;%d4#1h(YQtiFsH9wg4ykTgpJn|sDKEP6rU~KHX4{ESvpgBc{j$%ruF}HzFsUM14M+8&KnP z9HtSEov`wr{Y#hqW?$srmg%tApC5dF5}8M`mEMtZE?xsUh3nd1#A>{al^wYz&J zhsZ(H9-wlfk5F`0O&?QK#pN)s{+~s$X7J^J=EAAaDU4;d7!FlSTH*Wi#j8y~Q$Ijy z*iAkU6yf1LNZM;4E1@V`986grXL_Iz9UZ!C1utV_T)}n8^PTa#3d&a!see>|vFp@k ze@l?rN&)g&Wa}3fv#nm`!zy_|9;LY{Z+uH01$2TkyuP(nIx;7LY0t_5ZB%QgLr&1Q zJy(P2@(QC7DI5|korEEOLRTJHOZ?(RzD+e5+7ixXHI0xhz=VQtEH~}6R z3PTd{^LsB9xS%MVLoPgNPUuqDt zca;(iCt3?=k*^n)VN%PGuT?yc@qma71a7g@ z$BG*~CaX3>g898`!{+}B3fnOg45^z5qZqDj0!nRf28#w`!a$%K80W9j@G#JI8jCNV z!oQZhxx?coz*TkerpmwrsEvloQwoLvzWRyLA{Hp*WO88F zm531<-{$j(_MX1)FV^7?{bJD0$e#6w zE5?H+k7h`8N8eF${zg_7k^bD(_N1<;{VhEScRr9FTGH$1Y}X$pv5l1^J76 z1K4=Dcm=DI9j!)4_zr?}I4lj}|B$fZ%bDEAe4^I%6W zcn$!-2s9QnNfNwyHUJ=)19*X;i4iM1&tS(fyx@bNFg!j4=o)RWW8fMR0RXdSD?DzsiBB+!PQ7)#3|fjI6(M9n>at_ULwo`>lR*cvbmhdU*mA^Y7BeYcLI5=zPWNR5w9 zpY{0upB*qrk4SR1+7763$50WhC}08gv|3W*%NP> z|Mc1hE&l<|_kR8BR@fkWBmG!K5J&(yeZtZ?E@Bl{(-V8Bh|;8uy!SuJp7M)iN2uOM zE);f|!&#`8QP)PwzQawS!)Yy|K**pMWwWvx^cUR5N})bwDo6gDy|jpTlkFr0>lb(g zJZBahAxF78{`H_1L3FVQm_8guUht3~bHUXX-BSprtT_9}>-oQD<^`o#T&EM>p{sq! z4hz(6gasa~mJb!tNLK5{B0WIa}2UIPZ zuo(#;cxaJ*2v)-!&}1d!M13v&mMXV!oPHfA)P+JQ2)4PT2LRzPAu-(mzzTKpuw5`_ znKYCLvM@+TI|D=nNW|)sU|_9lOw(7mFQLffrDe4t7G-P%(IxAINN>!E_344L;J+bk zhv139h|n7N_8syaa%Sa`Mw5cl{KDW+<*{zoaL;#pNr#Sr!?W1P=B9Lsk}igDxwV_n z1EYnpsFT4p4dyQ>Xw*}=Us%Bv-*F;4s5yoJk3>5<_*s~Tj9b2HX$nhsNj`))i`eMN zhO~tSl`XWxm4l*7AYcStYTvDIREU0Tcy(SJ>M++nevptzZI=;QW&`EL**R}=Vkglo zM@6NFxbwjv&=p(66fe$)lGjd9dbIwNE;0(zJxyT~b zvYWj)Q`o{0JjS=$R2H(s^S?S}c5Fa&$YVcj0OTd@NWfH;*_qXTL6Jgf5d+Ya3w3%8 zm(HWrCnSdcv(TElkTK!T-G4YA42#%tg)qPt5jDI75)GbI7Ddqz}FOT+pP? zX#2G!@{f^?C*i33a}gOv!i{M?_%s)w;^<+PZ1Qv?auN0cXeV14N%*r52$Z=?K`+m* zz#`#&4RG09#~x%a`(uGfG~0|w&E)f&^{j|Z854DovzR*IRq9*5Zk0}2P}KU=*9a%+ z+)TpE{=PxUL^@fsTi88^F_MHb`*%9*HW56gu9dS88Z>WF52Y#QapqY{#hHGW6*4LU zAQM5fpag!Tw&*9KHX4lu$0#8gIkeE>*(6ClUf7V@yVtcHw3x-W8##j_KNJIrK-ZI9 z3L4YnXnswk4kGYPxeF~b0hxAh5}O3TY*}WwWiDtlz94Xl!mO*V!VR!yQm#Rm*ZHE? z0W7OMz<3B-hKMU@Xhz6vkx77CZm_EJ$ab;^(ltzsApk)kfNZHSiG&SXTA6fU@-`>s zeF6oTf@pXC6hA#6b1ImWG_o;BGyg&$!oJS|4nSlKs*akgc82v)pn-VkPH!Z5f7c?% zxwsBh1%-(F=~95%y2}!;fmxM-NaJozaqTG-#MjY&m~gpGx2pp&8(6q;s@yqJeFdt< z%NLYTYqSu(ELbmm6Dp9?iOT;_Al)?Dr6@9hZ_z{;3-RFVf{{szKw(0b4Yi=XXGR6U z)C5hnI)Pq5q)dgCG0jKw4PunoJPQLs^lA3eP6CR3;X>nSf>Z_EHps?(buM<$W62Yz z_+Krz)Na>^r&&;^6wmY+5;=zs`{@F1A`uzcJ}|(X1iT^dq-1{C)f)~#_NP|-8c0LZ-`Tnk4^QPz^?R@h?~TM%ZiGlh$*F@!rHB>l?nw1 z7Cs4~U^6@ig@VHrB@JZl&h$~>BfM@QI+-cJ>TxV|%~CNZA)IablV)rht`bXG4E$vA zNjeJaGIO~K@FW{M5GPfL^gDfW2@k^xC>e;`^ezhy5T1Mw+IaNu^U1d<1neJHt(drs z-~{E)MKHO}sMyrd8laF)EH77iWs2l1WsfPuGO0Ha5`QNYnTdXHtjKV~fJ_rXOf5FU zp5w{6rIwlC*;at(dM_n^4|CY%mk;;=gYFJ>5&;dR7j@&9e0xoBD+7fFM+F;MUNqgx+36j~Cq=m*VjBOi~n+<>2S*4*h%ae(q+J90SaV zx2Nba>x7G}PDmlaHW)IDYCh7+nO(&?3Wb2QWD0Vvv=HRAJX%|2uxJj8Oxr{0Jy3+s ziU_&8G#DM!Dp}lhJ`V$!q%;vq`I_vKJU*ysAN7s$x6>Y)c(zUwZMIP*vO$m65V6eh zrTlZoEYocZfw2wUt58pF+(Vd*<5M6*q8UH72dM6{ow1%QgZktFBwPZOnKHW)g*=nI zK9YLljR`~nSf2Y04J8IE^MAylFcXzp0Uttcqz1>2bQ}T@K8*7fzx{FWAJp*D5uWpoA<%5MVt`}!It``{lSzQ#{4q;;x_q!C zBFc@}1S|xlHl?7OgpinB=2IoV4!#%n#b*?#O7wDGN#h8rc8g>)psfQ&0O+OyCIPRc zFcK+5grWdx7~z5~)`T}m$3}>gM?}ooK-7_i05)G*Z+p>4u=tVLw2I+MbvGCcn>Don zU~@HxfS7rUXeeK_h8^KmxdhoT^%wMmvu%g{-eg=5C1;I%Ii_zz#~?`4_6vZh0r6zi z;u+gY(dFrQ3Ie+${~vB}5G*?Tga$eq2!X@EvWl=eRtK+?Vd_jbG4x2rw)|`!VKDbJ z8WXj}RAb~@X#!*zxsOR^kZ#}Oi2CYd4J)(=H`sd|+ewJhL7-7yvk>A1&!SifoPB%9 z)5>-wV`w0((3$e96(?aqxf#py`kIy>ZEWteAA_M}he;KtaF;0>@pOy^xze8QqQZ3W z8&sTu;Q+2xTf%Co(1z1mj3!woo}pB6AUv%fB*w?W$cOrDCR3OgXiOFqC)8SDNdy3` zcVHS?g(O@`NHa+lOm;wY9aBj}7zn2vf+#K?`qXCKFh!q88I{RXjOmM@6#|O?5gB@h z(M~N++IMi~jp}lYfeYO+I(;d2!kbdUfy3J zQ9@7*?!R4 zRONEsAx3Kdy#%3ny&R_Y;1X>ZRuzi%TIvMbcf>Z%QkaDf36dscX6_OOcPs`>;dt2X zxW*wq&dLM`3Yu|uyG;u1TnF@3ohv8XO#;CN0wZJ`0D=P(P?elH(k|@-{~5F&c>hDq zr^0o?O_$NoZ1@mt$3#MQ_u11f7?Y~7TFv}(x`r!hB3_O$Q#=v(d1ge2y5AYPj`r5n zE;w8<%JCV8tuU?-3*SDxwMLBeBsQfYuwMov6{q7+8xadLlsX)DMxpd2nIZ&@O{WID z5h&!^DRO0tooFNenn;?$-%AOI_RI7|$yG3=86e-6c#h*#XN77Vgr8l7$=&P%Bo10C zZ^}lsw0f>FDlySh{5(4RG!qg7Fi=7D9{3s~IZYImn(8YT6cdCydGXcdBAH*JOX--% z_>s?)JR(){7ZAoJW6BO+FhK8f2ZC@{&mmC`GguL{-T4VtP1LQJ3Ou8X8(^a0h24zu zcI}s}io)C&mvf|CN3n~;2$4lAm~;pb<>}0iV6u=PX^><13AizAKyO}~UZIg#Nfrj< zdMDAhC)N1R`i3Y+SSycq*C7;h>7~=(ki?v$$TQ_c;*qqYEwuv`m||sfh@?8W$wR(U zjDsQ`Bsm-DggA_lF`1ebpGaGmqb|#cQSF?C8h1&D5G}iNcp7)E?zda6G*;4#&VX5x ziEbCPeC`&!XgN%_DXD49mh4at$gwuxB<&=l2ijs9QiP~oQc?O!nICS%1;$rH`3L~m ztxF`Q#0`cBY1j#K$`6J?9OdMMnj}c~{+1k$XJ+Pxut!#9BuXEJ3uF7`^S>{BY~f3J zyMGWK z@*Z}NlN~jA*vY(q7H1hEoz9|2G-qO?9Z@C|Eqj7%2a>#d(0I_5(iCZUL0uzjPy{(G zK*NNq95e{x&J$6}+%dA}?l+61WD2%_5IbFhCg!3K@Lif*xENB%AcBAq2O!C#4c}$v zN40-ff-aPrRGqPwGjkvgRO3N?hlD^Z0;3sqtU73OdC`@_P*wZ&`@#lPm=v1x;F?CU{Q&||Jm>lk32r3BIQ#^4V5&UpH6)s_D3>PXPpRzOwGoVp`Qc&wbb;uR0 z!u`xk5XO3OF!E#M`?=0af@w9vJE=}lYP;pE+a^b^Kj+^H&C5 z6>V*Z78F~~%A0xEt6(L%ZKGfMf@(mj&Y>!s>ho2_U5dl%sMF;L>3^aoiW+n%AEv&7 zx?^Z*Myhlvl%!^g6#LT}=arwPa#MAiT;Hc(GkM!gS0gOCB#f7Qva&5p7bq0EWHyMx zBS@KJl^eM9M*b@pnxa~Y$}lM3A_R!WDTw+ZdV{tDNEV<{hujqK3_)`QWDoFZL3s7c z_YYpbu=zvS4?R3=`p4JaoqUzocLpxky87hzayo_8j!s>;Z7H<7UuKx?qFMo3AT@Gm z+RE!6b|j2a7?!c}V1Y&djMc=HsI<>1WbHabJ5QE6Xtg9uSrkg>Lh?71nV_%9 z&t)NGDOqCr-pCOhhM2Xu;Ao z4H8g9j=`371co_+LmNLKj9!q%&q!j&gfT0U7>UUYLez#JYC{e*A%_|e!%YZbhJ-MR z;u{TdI{j%n;b}U>Svt8{I-OBEkx@E=5Fhf-r!%~;SPnN??6T?fB!$*?CMUlZmk-;jF!6}i!DG|1!6J;oAPd1C3Beu-!5fId8VJF72f=iQ!Epz{Y=*&VhQVe9!DR)(VT8e6 z1i@N^!C3>rRf54&0l`rL!Aya{Oo72n|ALnP1sVPd8|)Mp*eDNhPM+YKJ;615f@1Ro zyXFaZ%o5LdC2sIoJz%c-!CP~Jv*!g_&I+H56%P0*&G1uO;H7rKM(u)!+XVl%3HMAB zu9zl#@J!j@nDfCg=Yn3(1ih9CYb+AJSS4I=N_gOualt5If=|B$n|=u@{1ScGBaDbEs)8ol3D)p=rnp?j&i z?YjtZGU3U(naHW1#vbjuEZncDxv{3_9fSF8a3SAz`q#C@8a2E3lpBi8Bn0{$@XdbvhJYZjYf`!Y>Sf zmjs6*9`3`Fu!@8eAk0jXvlv3E!oZtY=^_CbA4>)7jw**Xj_Et{h<8Q&>ZE z|Cs>wiY+}UL-lC*f}r7hA^#CON8_iS@@<)P%Vc+P3?XM0%-(~!GdDO;YjW@`&Ddsma}pqnq-s-8|Q`t z`!TReVx6Q>B5fCc<~F3p3gfU%T%~h62$QVw#D=J5VF}PVl;~NxYMmNjwYa4i<%ZzQ zk;Yo>&%X5Xi}Nwxr2Ur^js}VZG2tBp=&M}Eeqv`)V&Z=y@sh!r*Y-<6M*u+pc%K}M z;ps5Y4$C|PJTqX9*9Wl5GP=|ZAdJ>_N3gOyyR#ww&U!sU!n@L6i6MIgnoPvB-RIQy4M)}S4n9rALqpMxNmH!%4MhN!hU;C-; z?bD9p-k~!6)P_}sO!H0jPeaw*^xJbkh=~yHH67R#sZvW4Nu^ps<3xb5s_kqyn@}Kw z8y<&VH07k)!+O--fY+v`GJxqY;Ii0!lngW+$e=`uh=Mr`{`W8}ByZ$nAw>z~Z-VPF z)B%v+&Ol(Fz;f&WX+7KGuE1bO=K;(|mQDul4QhB;Ixi|76qk12u>)btAPA$eZ}R6| zwJ^u-^uvSq2GWrZ4G?kZd!Q_?ByMg1oNA8a5$p@V5Ta;yaTVfYcm&KWoq(JJo_4mP zzncbGcU_q(C$)2lN0KJ|AO!Xld8h^`e}Zav=xWa)P%1Ug1W#c9*;R1mqdmM7)?-k$ z#a`fWazLLWmuKN(5UPHugA6G1Z2=_8OTRI4S@;RCK%GEvTHszIpS)>>Rvf;%5$-$9 zs+KOtwAUg4^^CVYX()*bcp*X9t=s)4Yw zlL=9hxnDH9#bHJOAc(iqbF6w#Cr}qClP^RyKBIA!xPfd^O_=g6)Y1L}x1fpxbpDAH zFzA)821^iHMq`M~zc51Nai+L5hMZz)uY7fudSIE5?O&%sT!4r23~RAvPNz9s(a%a4 zCjg(x zdhyMK%wsa5cqAxV5N7@AMdKX=@A`|xKc#;Pnf{=u%fHgN9fG}sKyrM*JnW@7wc<>f zbYsh>3Qdk7W*$X^;+Q;MapFd~Ufza>I>qc-FoP(HJjB}AGF%`U2UNF= z?M3PD7?}X>1ZF+70Sw_nLA>{o;H(t3u)UE>3FCWTvg5Rm-V98J>KQ z2SLQDt_{&-==D&CwD}2J547|W_|ks$`6{fah1WM_l_R!YV@b5AMOq1Gw-J2${KOz( zv6VwCud+CVXhK&Z>`8}^Uf@)_*l2LgkgwLv)x>4T(#6$>-W}%qDGESIOCtRy!J%L{ zL@TogL;>!4d8*T|v~1F{@Z*cn21R3dJQALI?z=+S^97z9nDPlByi?K=P?M`k7&z*K zZdd za8T}Gb%Oli(+Z*3K>uEqyJ!SMMvDTvm#)87;igf1R)xVAgiA=*%WF5rUBi8 zU2GQvhJjN{iil;}Gbz#s3?shsC(KnOVDklt$tcB0&I2~n&_XaP@WDq!B&nvG(i@~h zZF-_k9ZrFk<;WxvWq*v8X!K|eD3trya{&X;(^s+VNc6z6@ePeuj&-QTTX;#o3m%2e znmVA}iyFl!8I9&!1b@W(Z&LwhIF6`++KP}8PPax2be{P1o1}W2WyZY`=4q5(RTXK` zBMfN#19>FEKH&(ECyHw{oaJCTr3CpP8an5HjANt)sohtzxhR_$s5x^9A`Kl2Ww(L? z34~)(A&26#hLBk@8b&;%QyuFHfP)6O1eJw^jKj)mrqXNHf=cWpn8oV^n!=fN z&R8WFI_?H%RyTT6nzx-~W}szi1RR>8450r)Ca=bYJ@uxka(#)+BvB{IgE>^CWBKYq zF`}*=DOnJ*2Z8*=iZ`o>#aPRnCJQ_jU-l{W7EzL4VdjSXm*1NbJ4S(vPM7k&@GO%b#D5aH znP;hpvucZ*j0UtYfj~L&o)-lmWL6VI&^<8TEP4jYvJ-xD+zRD(BwYnRjv3Ev6(Im$ znfVbb?Vt7=_c*2Pk`y{`aeFNhEFp?>Cbl*oQA|f*2(8JiXeiWqh@KUxRgPb?2pZ}N zY0-KgGYDm@V~h~)R6dX3e6E1eH&F18Y^0;wal1%#Fb(if{z>{kG3Is4r;SwOW!Yi& zkA6h|k9-fLG~A;Jix*|diXy_2SB^tAk2N9FSF>o_Eq{T$A*OH;f7-V<%qUFOP_G@oFT>qh?pJjr z@5Hmk!Ut({g=FsHFOXx58i@`l>?a27QfY5fBM0yRh6+OF&~9Kv6)PzaWNey?)b5$P zNe(QfH(tbbHbRh#%<9>!vvu#1`m~^$3vel&Y*-H=FAA;p%(CV5Tmo850XP~Qm~5vX zT#OQ*xkPTM=3px*2Np)eofp2~=yKk=Fc&*i97t0?Ot`8ABQQx9gOR8!{M97PfsO2C z9|^BDFn&}a2PYxlwP6q(SEeF|(sCElN+okr0_V6~JrU*;bXg)pw1gQAl)(riL&p4W z#XvOtp(g_XddpaQ)4#4iqf(TvW)~5xdi`OzKsBail zWmDRl=3E+LRB*HU(gzt2vJQ~R%Q0ku**;V}htOc*P^X#@p!>9>E?6Li&Y z*rTUA1U#U2jU}v6b!_-0#d~%!NFipiir^h;PGY32h+CBzQc`rm)n70=Rg;cVM{?~~ zlsPts1l0r1fIm47SrTzBsxhkE2*8@DqfsK@LGgaTpr45Q)wI#pFD9UE3vFy$H-UyL z(=oMSSf9U0NGa*&iyskp{cl7-qBOjg2eqOwJ6!+cPtGylLm74V$}j`5zBqZq3SN4HxNY+=phjQ;6}B-R1pM8Z9r%xe$b zy-^pm9l6rVZxwAM-9NItRQi|vwS)kcSn&UOApfxjQ{4D42xg_NgkE>s(a_;tX7T&x zC=XeDP)D#NoE&ZQXcOO-gigohNwRnlO=1Sw?JLQD3&$JFxcrRf$e`+__Io9oLA*cg z@>Mv(*gY2HCd5~B+EMsZ-9>fywfOFnQ_%m?aD@X-_K4j3v@)WBLoiyfb{|!6v_rVI zn4f)pH?b-9j5!Hb%O~3LNELxPvx-lFtD#f?bYzS9^Go>YRqMe}%#-IvZCQY%tr*+5{dJoynjJ1luj0lBf15@cq zfvo+g1mqJhtB8bU5gR5NuB(^>U{Ma-s+wh}6}&YV6}*XT4ZWspVQM@GB3kyNpwvuk zcR=!~$Gd8RE*gST2^{PqvE(98t4hQx#m)qkTWXuJbX&u>HbsL2)B&f#m|E{P(tsJQ zM?*_~*pVyB+@~;^N)^>f5O~uPKY?ffXb+QGU9ll(2JX9~2}yu6iy*xp^`o?o8$Mn~ zNo+;o!6`Oez=!{oH!S0Oa)$|M4t)k1R%@FKs@V=0h{gF;35B)~WeNto#Rbi?s5?=G-u&x}k z6B`+Z6(y+2(hc7`#Pvm;7=8VDdoA&?*Y-Y+NmP-9z@Wg(U2*>t;(6h5JO^a_hN z9@JZ2E?9ZL;)Darhbx3OQHQ|5WJGWKVYEbboBen8**E}KkyQ;<@rm3zHPMGpdqB?O z;2$UYNh`Xf?6$Qher=+2)|H8mt#EvsVG)w5Mum&v!U`O;34lduu7ReUw1u=0{ooK_ zt7Hc~;l;VSsEdvoBRoP_x_Pk^4v_*4c1U_j`0g@ghOnMy_TK8 z>Bt@sqZ?y%CCY$pvA}7ZE0SHJcr?h(p&*^#0J5rRwJnf?ByVwcr{R<_3l`A9BX>Mu z7cr=r^Z)3c5I*|9s1u)GI0qzvXUItP;Tel9Rg=#%VC^12r>ZD(jIIcC%&{Oi*lO2( zdT~oYijCqr%bjqs)M_5|v+X+sal|AF~0-tf}6sLub?nIzx4 zJsZhvgVj0Aq1AY1WzZ>H4JA1_?Y=<<8I&h0ND)$LmNzgWJgEWS@^YHh3J@?NanBt$ zCp+CZhq{&6fKGtm9B^$q2(s}YfC)%lrp_Z~3Dv?Jn+5xg(Ql8uyQ;~2F&EoLZL!#j zsJHxF>&(oGrY~Rlqn>Tl6wuS;M7x{%f*$@^_No+*8<(GRC?j(U%1O*M`JsXUhQiC? z@%(^q7f%T`CT!OG_+;>_5J5#+>xI{rdm$*wYd|!hBfBPwlv?LQ^b-HM1sn1b@@EdZ zp24>{B+vqGiWeZJ0D+oPgEWO5W|BbftP4FKQLRQ_QKfKpys<{=usnA5CV=<^Zs0k^ zapgdfVxH(ZrQu#sCWD1%Q$;!(Tx}S`43%5y_+f#Uj+@#?BuR&i-?L*id3dP^^MJPn zdN2P#c)lLEuQZpfTMiKcal^-B~D^vXU$ugCwNl2O8P>D%bj}RG-9ao!{tQ}yHRA|5{p5uY&8Cohe=IqhS)L0 zFg&t8rnCZ8(YcNx0XF;gHFITv9J9;_0%dN$g9Tkp&dRR{25`(S-ZN3_XG-7z0k1$Ugk8)av;?Pf zEHw|vDQ#P+IH5>zWl$`LaT;Lc*+OBi1(>e^Y8I90=TKpthp+T{7t%YxUxmNazHwHL zni4Bpl!@qj1WY18+2HM{r5L9bI5dBvh!92Gtk;dt2r%1csJ-L~HdFkSqYADK!{r^o zV&E}#(NN*G&w!S&NY3gSL}G?c-rp}8#bG$9e{Gg{1m?b&jL-u>+^-0=DaHRZHD%NI z!kX*T0>QGh7mk?F`x6y%;1%{Qxv?mh5yY@zUdw}QEIcT{OR@P&Pq)q+JY7NyFBrU4 zLeEy|+ndbkhxbR$9{Daaj06c=% z{#?8ccm@U`F=y}0Z6&UOwtj8tUe6|TMY z6OHn!BvJ*LzD3uVO5`OHD=D>RLZ-IkN0Q8qDAHMQM=~S7yId8aq=kfMZV|A3wm&~% z=}5lEP0jCo&S~e4r&QQOoc0a{KP#t%=UWHpy~UTZ_m}+)J*qS{Y!VQ-rqE@_&T82Y zL<}pSSA#)FwyWX{BaK`+2;YJ9ybAe|x`8@yLV!EPbb7Nr1MDe?q<|eF!tyOlgD<=y z_?PIYApUDq`6RStYUo2$E}u(7Y}J1Q6HbDlL4mH|lW(PW$?lpiCNY)dj9CxZLZbcn+2g zB1NbSGA&S%AmP(0#Y~+6Qd{L!MH}bVIuE{HMX*RfB`1!a{k3F zK%71!ZY8uA!VyC73<#Ve;1`kK(6J#VJr!9VaS4Sveo|*=!Ro6>)OhipG#8dBtui87 z!uL6Y$~f|-X`&$>4kMM$%hLnup1x4m583SdMrd zOtf9eyB6hCGo}<6ihMHzIvi@)(MOXnIBa2r(n8e_E_n;hLBh~;S`0eSFzZ=aMBMqT zg=m;ZHqjOea1kV>9QG^X)S}E!_m+B)XcZHBGSquOXj}O$N0F&MXz>CX@92R*o4y1^ z%tpF38nx#TJr*($%Y#nj61HKiQKvXF3f7EYkbB+gmZ6LB97E(``zE)1o}5(_s@qSjk8| zGNQFkK;m)(&{SX?B>b`DrDN&M>NqX|8lacmR{KkidGD`^WhtgIKMJ{N5myk*L;3iW zcS|Y+%%UWgOrCC#5OO?6Zn&h7l+uXJ)*s7sr2Mn3%#XS%%y-0u3kigb9@B;30Ix_3 zmL=+75)050ML??T{Z$XB3T~h!fv~hz+lrW0fq= z)xu&f1mca;7-co!#E!e{OjTT_4FR;2VHP%4C6beaj=TFNlHq?Eyk}lcEN1!UuJHgqGD< z#1+Ej#cIX~Lj-k#gN|H_-0~O!M(k|D+4b)Ma$l^x2 zH4DbOQ0lv+pc>;6<_ILKoYt2}<^rpZICS)?6OTbbQL=9ujn`7 zpUP^SH8=l0oAsXUniRCpQ69UW> zc>!>CkZyUW<#_efliki9y<*<5ogvs1JHAkJY%xUfpx-1J*Y;U8W%vqf4v$cwenyCY z>5m3qa*t_X!V=L{MnqAJ(Vd>r|DF+0U;;22XZaTKKp7Ohz}lu<<853y0C`d2S)NBQ z(Cl-ahGT-$8+UujfNzSd!!@P=#&}!`w+zF;(LxRjTOhCdr4a#1UIk_y4LcA93?Ub1 zLGT>{&moZfE~G!69n;St9Zw*>k+NGJd1y%Y9}Fe_|7Nt5H4K(2EPI+1JjFc>d`CX- zsiK9kA(!`Hn>-FOp)HiELO@s?yaN^j_235bu3}F9*~35gA2%U9LhECY3GLLbx}?9 z9SHLsG!Vsv(*|(^AQ`!^e1;A|NQrC7X~zdyq)~pRhipr0yzm(a!%2tYwj=`cuv$GW z?-@J|G zfesVLhr|$xP(_tNf$0PxB2^885J{jR8LPmT})w~EhNPkIoT`AE_ z0l(%L_Z$b|tyD9wl4~FVS;hgo3LGtiRK??V=`J}^YvCTO1YMW{BleJqkn0p66IWC0 zvA{Gfb!2mvG-vBVMhn3f+Q>GC zW+kni3;$}-J4jqxqO&L*73fHgzyy!xneAK#$eA***-HuHU@d_~WpA<#RWai6b57R_ z9Mia2)rc`T8;Ve&Fh0|gT?0#uk$T&Plp1E06AB;fv09l_FwxqV$QG%pi#;SF6;Vrs zKADI{rg%D+InG~LWLW%&T=E3%1{YR(>rG0ch`=SCXuk>=kZY7K(f}I&00$-{JAZW- zYKg~i*N&A1!sXQ-r?Q+Ya2lhTNOIjvRX0N5juIy_irX3`F$W_5Q)L-^RTs<;OhVOV z7E|R0euvI=o8E{jO>prmBwb75WcS4MvsAk?mvRM7N4j{ZIp^-o>!&b3Wloo7`6}iufC1V z^lv?>ABQKDjRG92ah|+&eZ0!kKS_BM#B9(Rkd}ZJoZA`A9xnrc9NcKLv<->qEX^BP zt)ts+2fmcZnP(Fr8B>J+mDS>^g-ByFM5+*h`n?f})0Rgl9XSI*Qp=H%6SYZ`6dd-6 zqy)Ic;_I`jp&C$-9hhOP(!)QFKt;!yNs#)8JhIfW3+deaH8lq?*70+~EIUWFXDJ*S%{YEYn)cwx7Vp!qr) z2A2mLEhP|vI9xS7z#=r8k0v~bv#CRmILF+=U|Kb7Dq`=7t%b_$ zt6fGJ{M(^1uK2dV&B1=uxB70dlqh%aWJHP9FKoi9+-EHi2k~r2N(`n&%hx*n$YJS#zyzV-?idQ z<+X_zF9IZoiF6@AG-nqcmsEr^nhZN>Nx>xOW+@S%%PPP~sHPiEkz8ZXD|5-(Z$y0C zT2F}W8eT#lHH;ov zr9xl~v#Jn?8TZ$U=BN^fKZMt9g~0-Mfg&S|;0lbQN6>#1Ak_%NPb5mU0unqQo;SDk;}6;7l_57SSxXYOd20Iv^G)= z5el4b5T3YuAb7q*#-T+1mjfrK28Dtjmk=%qppuX9)NjhbQt->Yim)Lt+-~6zccsGq zI0#yr{xi_RA0~i?gSy71x%#6t-ik=A!ZdfK4JPP??!Ztpxl_cnTCtKs;u~dj*9l+` znLyW-rlmo)tD+5wsqQ%lS%OBvlNT*5e%OKJx8G3XH55S;LZ?)= zZeik_V3G!!fJ9xH4{N5mR@QCQe$>PFX_|QnmPE$VM%%+8F zMT4OOB{m3=Qh7CVOFuZ!sc?f+X) zu67Lon<%Qhy$~09BlwFrk8Q@468b6Qh6FM{a97uSNfc;1-XW9N6cr*!n&10`5qva7 zYR_N<#BTX*tAzj(IWWGTa*D)GM|ntXg5fj%y)fzMj)ZoadB$C`ha(A`?+DQnoNi0@ zK2%n(-+HLTZnSrePBaB6BPd%IlZ~rrL45V{iow#*c#NRPH)d-X7>vd6C15D8cU{?c zr2Jc#cHl7q1s~y1eYz|fEf|#Z7 z_9W$|nIygT`3~cCirTF@ao$4^#$o!Q22RaWQ|0QNaWb{+BdjH)p7jPRCPPAbWh7(0J9W{AJ4`SS}v5^8yv-iZH#H&mY zzDY_#LnWAh(xqgrF6S@f2{8r`<5yl5P>ohxw~E?KNf4A>9*;;_K!3jSO - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/html/pfappserver/root/static/font/fontawesome-webfont.ttf b/html/pfappserver/root/static/font/fontawesome-webfont.ttf index c17e9f8d100d01a002029b5b93cc081062618bf3..d3659246915cacb0c9204271f1f9fc5f77049eac 100755 GIT binary patch literal 79076 zcmd4434B!5y$62Jx!dgfl1wJaOp=*N2qchXlCUL1*hxS(6#+4z2!bdGh~hR1qKGS6 zYHii1)k;^p*w+o;)K!q$t7haS?ZrNXZgbQTi5;wSKh*ZbndL#bJ&+8MUt2W`Pezjnp+O= z-9F^&k?+5F%i68~oqpyWh9y zdnHv;lslDH&^fAw_pG7f1dcyuf`&t3QxpS<_UX3o}ee-@q2t8 zugBw&J>0`QlKYg~aOd4a?vw5l?)Th(cmK^nqyK;W!vF)tN*T>6{g?jWCQZTrAAWQ# zY*EXt1%NzLiwHFTr60gHX5Nk7W4+2A42mr2lGG9R#$|8ZJIHcIW-A}qs>V)i)ua>R z9mQc2nMpK^7oL)|C)BJ|iA+Fe-grwWpw-4}l5Op+aW6}z+qzh5yrqh1Pc-IlXPHPc z85zpbk!A9?H`djM)oi%FPMuSW+j%M3mc*Yd@oO4u!xa`wg_tV5L&7^6k?{sxyrzk_ zb@A4guvZfarld`-D8|Qa^;mrn98b{dgRLM+4%{M0!%jx8`-wLBs=f= zkrG!PF;3p|+82$(2?3I)vN{&O6p^M&3neMx)pSL7@kR^?OC=M@ls6EZqBbz5LDg3$tr_PGox4tm#p6J!@jJR9AI$Z{x&C zlO{IqJz7uf?YNoloz0@JV%2B;oTVB9qi7A8fp@|0JGU)1y!w<{VSs zvcPkaf+1~E(r95z6%TjGm{1y1`Jpyn{$5*c-?V09up5nYy~n{Kmh(_MdO$pEm3M4CZc7szC-7`B5FsTSCPV0NUXvFzrbA z+grkZ6=M=HK6D-n2K+&z+vvuG2Kjl$1Ld9U-Piro{I9cjJLPLb5#tfVp*w?>jl5lmR;v+p!C7?bB)X^jxvnD4d{^jcZMj>(r3YOx(>Z-%mswHPap95Gh1 zmicTqyOw=Nw5#Fl&Ef&p(8X>vZs{_9ZmjywcVt_!nJw?rN@^n@8)IKBr2th02x;q5 zY5ZGgp;f7pM~fvr?J+fb@Y*ut`g1V7=-FW`> z*ICz|YYrT^CcS>=B^S-CZ%jAhuYTr5m+V|G|K7a+x+K|YP3iPrH{RSVbxY?+7fDx2 zH%a$Mk4m4DBsJZZY-BZBB@2Y6GJy35|$csWJF-L zvm6vD8Ock8`eYo3kSi8cOP(~49x3%fbz&L5Cl->1g_J4Qmt+r}DVdLOyf_&#=%|bo zIXRM)ON$sI*Uwzx*G`Cct6~w0jY#0g;(QXe7JESv-INo;#NJTMf6#qd>T5Hkw!XeL zE{-E(U`|9_ny z`#vsp)*HF{&dz$4q2oxJXG?SWQMu9gM(5tIWND2oCSFSi_KV?Uek3W6BulQAB+p!+ zq%xC2$2L0#FZ`d+!aqK$D#m+AjI@kCpBy#%qwkfL`xnP*)KExFx>j;&w<%wcLfB2P zcj;P9Gh@lNZidauibFNiZj0u}-yU5Yz1=tzjZ%Uo`Ms2v-&rhfMQ>-DC?Aa)zvTC! z4C=k&)Z400IVgb(sSCK7R+F;g(2S}(tfT7>1#~M@eWGULSH`c*nphI4!rNG~Q2VcN zRlMhHcg-iL7L%SaX{uW6jkB;fV_h|xhnnPchP|0q+*F`#99lw^3>y)c1VMR8SdwR? zycEgr9P~RuwhV#<8A*X~SiGhwyxA{8SL*bC7yU=<;0bnCdH8IeS z;gFATwu!-s&fb00_?_`x<9A1QKX$P3vg(+7+`7$6?l|)Dkvo=bUN_DitKKy3;A8o0 z-^M=t@$AQ_BlwOb$0%nSk(h^Fbb)Xr<4nsgQHczcDy?^0{&@pE$7WKbP(=KIps3 z5J{FnP4DDInp2uxHAE+uOqbX@Cqzc2Oo3L!d;st1(iOr=;!1TZ7D zSfiSbU+M*xYf7hukW3K;3;G_Hniwq`Ac&6Q)mC7McF_M~8CA1TxC5j$I0GW9T}%&E zgB?+%L$4e<^a?-ZaeUPusGVoCR@@tMxb7I=>~ZRqzjg&#bW+1zHn+=uV@kKU=lLpJ z|K{{~>|b-0*Uz+BBlm@z&e4VMwz{2;o9jg3h#Q4@h~99BZTYn$#G~zrmKBbOEpfN? z^052%mZ;bH6;E)p)qYjG&FQcQSCzL+s^CGVDBILDd5ObebJpEs+gw`MwyV|RG7C?P z@}Sr|3bd@bk583mN*e&%V`d#}<0vQ?oA-nN4O9`|+QnELqZ`+BRX`dZGzpjjc501d z)QOX-W;k#_kC;;&*jduqp{&a-%Ng12%J;L}MBQe5%cjd$`ds~MdWJwx^%I1!^c?ph z+TRzs=diTPC&x;_$aR){fn-l;|2OGZDpYj02-hRJ41?Kjks%oQUM%pjM6SDbQSz zB;(z@oBdap#VI>2`M!Lg!{M}aS-6e=M{GsxuVOL1YU4a+#85a(gf1Io3S+-Al6=Mj zE7$pq{J&cmw=S?%Soryo$Pd3oV_|IkGRXlTlEK{4`mlgwz`h0ff@o`;#gi$l1e)bi z>M{(l&MK18U*Bm+Jj<@JIgIZ(Dv5kLDTo)It?!Sr&S<@iOKiZ%Ryx>Zht1eHlqI@K z&D3|+M~&}B`^|TYwHd(vGv0(KdY8FFftw~|BYB!w%*8xaEY>c0IIt;%0+0#FKqMwc z7!;Gh1`eJuesSX9!4s_h1iR{}@u;!Jc=YH|ww684*2;s%Fboka0ar#&QmyKh%9$-FaKGPIok6G#hY#FY&apfr# zaia)Z7O1nZ$09tcFzjM}r;$?}9uK%;zmrLH;S`SZ+q;y2Kk9epXqIzMBu~E8C1kCj z3$QQgnCAp!9a3EZ7Z%U{Q8OJ5wRF?!Vw&BvXpFls*X}bi)n4y7CIK?RBQa^*Q$ikPN~KtAgwnpfv-9>& z?ro?vGJZeHRW_tpPOw&)5?Cpd>I4k{x~CPZi^+96AK4p^uuA8Ie73isNww%hw)9Tm1R8s03*0@83R7vQUYm5P6M4Yv=w*} zgKKV)rgVfTO?LLSt|@7ujdi2hEaU$1`!@A~fH6P~Wc@yu!@;_(RwL(O@4Zh`A)_GV z4j6aR%4cy1yyUoy%_|;`(;i<~_Z@x{8;AWN`4pSRWcEsa+ABD*X&12!?@vZf08y2{ zZA(YwOeAf4yPRiao6L?G9`4||$BinQME0Am>Ab$Yrlvgqi|Hj}9_g(b-$ptN3+?y7)m7jalwt8?Ym0)tAEX@s+{ldcdaLhv;Cn^lYu79Db&t!w z-^wgojPHMXgjBnq`8VGJ2v;Q|6G_&ms_xidAn`U{WaHL5EakSn_YqOYI$8AS?km^d zj72m|Ujkp(NpsQ4fX=0OO&ti95di==4{Wodv0_;i7dH4CbY+;%na+GtT(rFf3p=HK5l@0P2)mxTSYpB~4RJNBCwoH}!`h3J|;NuX$TGEgBGIoY2_7ZuW&Ohy|K$v+{FyF}T+6r0;-R4&DpwYk3W3EMSF(T?9r8el#ldwz zgk8F;6EBGUmpH)?mNSv8a;C_1$C!m}WtLcdr!3_*9Xhnh7|iDg(Q}~t+*g>z`1@CK zodlPe0w3X(Is{w}BRmk%?SL@kiK=emwKb-QnASPb%pjRtg+LT<&xpaz^ls`^bLAC3 ze`xv*s}Ic28OOYyNU}OO<*l!7{@RVnmiC)2T;_}IK=c_%q9-P^k}ua;N1 zc8qTuf6$tY@Hb;&SLHQRruxUVjUxcV`UbwEvFN21x;Y5{0vypi6R}Z=e=O#78wZ8K zgMn(=&WA}e6NOJF9)Y7*1=WO>ofi0NX#a{4Ds}GFHM1(8fw=e!#?POroKv`L z_J_V2n6___wXr_dHn@-9@zev8;>$M22zLv9#ub}8&2iDX2blJ;j~OQ(Sa*?Q+FWth zBv50Um&GSN@YIJ{*-N{3zhwNu>{m>dltIv(0&iivF3_8;acndp8GE(g_@Z$_;9-p| z#8OoTPSOfz3$aeK*p(NWYmne2resB36V6;4qy#jP7=SLhtx3k{5Z`mAcd+cab8PNN zvaF`2jQ*1mw{6ZDUTpXt+!Iw36~W42dDE<>a-1s?DyUPaEr651iaDE$zD(KvpS;uQs7R(d0}GZdTM+0>B_mGf zo$QmwPn-bLlwPej)m?YT9oN-0At`SD{fVzU(eADcqyYU> zzihM_H?6{*y0GF@$|I|ohqW-zsz^Dq;W`vqB{^sig&uCBK|h3nwm(zV`NZ#>wVrt9>}viOm+V7-X#pnoXUaXcmEvq}~h zvdD;YKAXp?%Zp30glpL$#%^Nb8HVfmEYBL^I?0*w6h{$RqRaG8U4Z37VQ)CSA1O$> z%)U&8zC&uQ^|t!|U;KCDCl*^%UHvfry1H(xuI?6p4|jLt??&;rrn~#dnl)6cyIakk zxLLjFU-~CpWbWx7QvZmwP8#1~8AX920tZpthCmjv9FSx0Cgtjc5lpqE6Zv#94Y~Y4 zI-BG_NGNu?*=uCd2_uk5@E<0!X*ST-mrmx}iO7;{_&WxpaxN z0~i2232--XTq@ZC^>ll(ql=TEh7u%E8=b%{Ev$omX(>Jj0|2mVppaO5Dx?zY)zR( zvv{5UKs*Jhv6H{IU~$NJyKe4NkOM$h%vvCX2o^SM z5>!B3VFDrcYvs;xFrG@q{pAyDjk(6$x@I#Ugw27~*;#YqZ#A7xON>2jtcX)ywIVN6 zL4?b*V*izamjco>2uV$3BIG{tA}EpyP>8He3XQfJu{{^KPolpCr^kSOhVVa7-$@w9 zWJDoYHffhZr+?cypkw#|>oezUW57==+gU%5H+j#D(eL!*Xt1K56dUNw=TOlA(iX$AFiE#ww1V zRa$~slEIRYIFi-U{)JyZo65kXkq~m^7ve~WGHYwxob($V?QP9Gfel<(F+lV$NFfmG!3WFKq~>CPz|b4IyW!xw%tgi??3be@^Fj zrzm?m9S*H|wb51C8}>#P%E45S@gC!iiA&@k8C{Gse$m0bCyjG-yT|Qm;~V)aK_m7~ z$ECMU*)((MB#U3sf+?`877MrY3Gt}Y=BV;s^*cV}N0~siBWPDNIa=kl1uQP=KjAK5 zOyB`OBpBm`9}% zgz&;9uVUq@!fed$Ypq(YKmvFD1l6aqhQNXq8yeG-CyXDL>5g3g`IW0HgDpJ^=HIe( z#|z7U7I(*%&YN@PRXuBBG26YLG2U_Wm-Jg6-P+sh93S8P@VdsK^=quM!(UO>lV!)5 z^uYNc#o~~;eVOKDj8!-zmCemp&6u;JIWW25vQ4-2o!iwhudc4ltti}y@e=DA;yR4k z0!a#*aMI2E9bHPgTTathbf_3H0^mZQ3w@W}97qzsbh*Zqhl}CxD)am5D;*V`4vWua z*DF0COT&h!&CjN%YI+`s&tY8AwT|{o!r`zg<3rPvjSennI_hAoq;sEI=Ck_!H@?_# z>w+84WqyAkkvYH|nej`~^+EP<_iZi7kjD827sqJ&{golV!{e@=JU;oI&Bpg0`QrpV z;MP>Nva;I7xU4uibLho&aRPn3OuAK){9#OLHw(wZq4sXx5{|NJrqh&yx)T6U1AL}y z)y(UseIP6rfjR3W^rw5Z$#g1BD+<3UIoWPfj>J2=IH?O@6qE)MAPpZ$a3O#KlEUhO zY#>Cko+a&pf4{}Q{pT!EC)%k-dGd2agw1pCe`y;r@Jbk z%C5i_3+Fwx;=YL?&Vo}81gx@!t9Ve+EXgYxuktv35xZ8Qk9TM<$9;ht15@zti!WYW zno)16P*E#q9*c#s$iwMNro{Yix$)exh3(v}aIUURJ!pK%_{jZDsdC-sQ7pCzDrV1S zaVa4sVvT!}j$m!>IQw+hw$&j;Wm<*ZI`PuDKT_dk4dMeJrhP(o zvQgSQJO}Cr&O!PgngegjW3JmVQxGC0E5yZdtX)h5Avmyb;Bni-g(+aqv97bs!G_N^ ztU22pEdB6=^5Pt5D(7MbTK?o3o&oiBF$hD$gFwUa4~>1>8HV1ejtu>NRzIFuopu`f zsI6q^PyFSK6Hc=)_@pti6QRX3cTm&9VysN$gYr7$S?_^0Oh#b5l_bT&Nr`eQjwH-I zA#xgy;$D{SDLCdtiVp134@mxh)Na!>QbuD$yG5f^9EDYo$Z;J1uiHJ=7UF~QqsO~+ zv`fbt*F}r}>5=}2#`=TWIQIV7HjltdDeRP{|EW=aUzy-oEj6``MC_*as3kNue-+Y zt_eP}J3AxE;Ndq@o4xT`Ycck=SYml{p zieun$K-q%DNBg{x_cCw-WVI1un^*mDRhC~Jvg!HX=s5B!y`2pV<&1vykBO&@{-^5N z)5$+3P-=5l9tcq>TZl@1-{>F8u>n4qPCUg1o=hhH2T~QmmkAnMhiq+>M8ySsgf%4u z?6PSL!Vbla2Rz;Ly4}Y8aW6=Q|*$`Wnc1y@9^Ep4rq=oJ@i z)0VJoU7R(>JHj4MxFg=k;&qVFKl_S-e!X(vE!HOv{PMyoc-LI`%L7kXZ!*`b_ILDC z1B^|Ux}7dO)vJxc)v(2T zFv|K-O=myP4cC+ZkLS!pAcrlA$7Tyn9#^XeYo{){ z@{VUW4FF|C{4DF|wMM?!PrtK5jnpW`UjEE)bC!85R`!~a1-=-U+q2(zCTs_jQ?sFe zZ|9`t{fn2)n34(!1cM@QH#7Tw6Xv>ESSXH07KLdQtk`K2OPCD(7yA_PTLo*)((Vq= zsLd&Zy(^tln^V&QzaRQ>Sx=dU!TVcSkg{?I>H-aqAL z(Bz1IYRk-iT2y+oAN}%2RLhutns38wj8rfBdcAs+x|h5&AWaqYhghQ4p7)MB_{j2}9u5jNzP` zArlSoZsJ&yruPu+7T2oqn+`M7AVO?&v8&K zXMa1I@e~b{*a&05+RF;2xbF}f{d8!_D9()W(;@0b^%v*Z~oY48vOoIv^MH<5y% zP+7@5Q)gWm#R81c8dF~!nW7}0P#oe&{!M6iCF;>B9L@1epZc<5SAPJCNm5N}Uu=;u zM;FqR8vbT}2Q)`_CN?K}6A2^2-b^5|Il&K@2az!%Mn!THl4hMdPd%&jqE1jhavbEPXe)q$$a2`{jTm#Pifv`DUr`p|UavfrRL zz9<-)L%_t1Il@<-&z}#nL-RqtpQ<$of>;Hq`O7WIPAj^lh>8B zl1xr>!mN@kk*|E}{J&(~;k~-UV@=0v+9vkaPwc)-lxU2{YNk||v+S7G4-}vF@z1U} zwDhNCzDqR6tg^DUc(N%J-8r+4D)&$K`+}327fc`1C26Ej#Dh&K_NidHWHuY*L}5v^ zw8Jz*tdnAgMp;8jFpVx6(DwHW!$CBzq=Wpl#t*oBT%wXl7&&qB$#)}TCcinhy(4R+ z89s>8i0=uEEHKoj>;=|_77zmM7W@R;8U??a#PO@`S5R(KZ_DL|Iwd;`2_`s5UR%hlNV zdDs4dE5CQ}yrFXbm)o8MJFUiGTJ>A_;QW@1tbh_aS>;Q7&tv=Y?hDR8_=9iocUB!7 zdf;)^ZM&QQkZ7g!li+GdZidLfZp1;xwi`W8rg^g*$`W*lYzA+&1lPK zSR$G1C9?5QECn&^vQ4{%w{Yq3N zI)bYB0jRBss^IDOX$!TL))Kw*S-dk_^fwppG|3C<)-WMh7+buQdI|fOofs)WTO|A1 z;Pu3kG=9CHJ8(}BIwb2MO6OM?Yq+>#E|Nr!nB$rS?U^IrgaS{O27-0LYb6{g_`5@; z2UDb@y2CBslzyClZxGxWm*92pM=2sl9M$dT z?i^U(F-xnpx&vNo1UqHrQ{UOg?k7qFrAldlFwsEN5+Dje7ZUAXTz(|M#k`xtkI4sm z!OTPW_7|J+rF-$Rg7xjatPhyuDmjd%+-rP^(l#6GqY`BF%l;G*<%f-csXU6$7q-9j z0Ln+i11N&#fJSqkx=a0wx*hZ%(P(FB$JyE~EC=5vZ^*GEg46l%30K$l=un{r(JL_|BV(1rM4Fe*>U@Ib%x9(|IMft+JINl`_&sKO> zaSfXFp3G2%3MvsbiF#o_%Ov7KiH{<$!74a>xLAs8@Xa-)YNo5u1ejoTWA6*A!|hG9 z!%Yf)g{u1friw@=vZ2X%S3tV)Zqo+jE1H-MN%I!7nTxqqd&6}bPe^U4C^e9dh!|&$;{o=X1`0pIyqgI5dkz zbL8*0xiR7rWWwN~B;Y0|ynCz3>LHQ#!nP5z{17OMcGgNnGkgHy_CmySYm4cphM_i@ z>4LctoOo#cU~vi3knX~ecEHHhMRUGIpfY`+`UN%h zl?(Umxp4FJY@u-xcquWM}q-=#^WED(g23s%;kmdHA{ z3+M@U9+Ut%i$4lL0q>p2r;XQsyBmwXELgE7u%GE)j__ol$@t@|KO21D4)?*Zr@67K zvT9tw%Pq3pwV*4?t>=IExh)-E`r;Qpl(MA)HL0>xcg!Qhmg?few*||9t;*K;uiwbD zi`ESq&u_WBSzVCn%Y-78ic53qwF}#)_?20<*7WutKf0^V=a#Lhge~O_TUYPhA^1G3 z8_3Vxuu7H4FOa6g+`XWU3J9c|3JXD}3Je}jRVk!X8qu(wk|v$g-+#`enF?EZ=l+!) zX0Asza|1$$KnKOYXzzu~=FMBx+Mi{tVfl`mKfSJaWz8*xD>USw-)P*GEPTM?5(VZ- zrhxUO7|F$9DFk2_b72b1L5;Sy0LN*#57gVyj&oScKKRCTGY-x4Hy*r|-N#;G_vN3B z25$Ibv_87~ynuXp;7%izf5%AO83^3TehHiOU*5?xZ|&T8?N=$#%~!A8xbv--{_+<- zxjy>E8v@a2;Jn?&k7w1sY5b9e-l&~b`vwac|MLdP&rc1Yt%IO@%HiELQ#u!r-vO&V zYN~H+I}_ASbK?eNpqSa>c#H62C0V~8yb!o{lp|jkfEX;zIzVXi#zp6^Ltj3@_mA{~ z-Nr66R&SbQ^Eq~V#@};%MIi7I_9Am$u&UkWQzLa%aoLl2^@*kVcfdz)DX0Yj$S=E5W#`HsPIGb3&?_>P^(jl6TsiX^#Oh`CW8id)W^hy4|k3 zj1HUADL-=}+udDRQ&UOi!qs(k!1wr3FIO*@;AaT*?M48d!hAqoB@`QtjNA;!0ZE`C z2vbBltU@89_K(l>JvN|vv${i(-J0>=Mn0`N`>ihSwjLR>b7n(Y|ep<>LCV@TP!|aj#guW6Zr0A2e`$!|Yys zI0ddR3kSkM)(`ikoG~yq%?HKxEFEE-j*>7`7bQoWcu;2eI?O|nhQ_goEEpo9oFHHM zHn{6RFT~6fu85K>mZ9q4x58qG!xv*Y^Ng!J#$u$kGzM`T`iv-ohQ?50`0~P&5>>6@ z*iX8de)HHTnfoi&vpNVarUSO960GN%6e0!)C1N8J^r+y5!PGQqsrHU4rIkj8s9~SU z1ds*-TLG4^OVAO8N3jt=vY`!^<_}F<7^-S*?HxZzJJ;X|RfF#!>9u2E~Z~%`CHyF&B$ZDb=f=ozO9_p;CxRhFnm8 z=b--1F(&J-a81+n)P-LX_pu?uT~ppwEKoJAyQynS&&q2SpVt}}50AQH7RR_@U6CFJ z=#WTL5F}ttG!-~3nMx#D=HqEQQfN6(r`O~M@ zf6AOUtQ3`K%~s(#91IAmsJN4XCaRJVIjoo$b{E*`ic)-{Mn+5ZUoajs<{6K@0P-AS zhvsQZo5nRQoz`q-Dc}*giJLhJhBT7nx$O6h=bn9*^?Xm10MsT!iV`A52v6`!M~ap{ zMgxa&OiMepUZq!Pvrctk*^aVmzTwsa?mLqkZV2uU)Moi-f`}QUT(Smc6;oLx%`GF$mX3D6+u?b!Y zdv;dI!Wsaqu^D%(NuGxA4WwxkO($_Q=nK-d5gTqwtRc$~Xa(NyqKm{jRmoAX{-ncG zu@eksEOuStxk%E@GKg6QkKAM=$1@)5fX=gSBM0+5I2YquK1bL5PB~Y60&8BeX{ zRv1d*OkRt+S_Qu~9mHw@jsWQ$GP*99!73$;J3I@;eeWju2jcXDSoz7fn68$|4-y;= zNs(kI!9V{)0aTKw+-+BMrhGnF3Mpp54rXv9)0Ro_y!psrPZ)kXo!O0>CHze10T2k?XOV;NnNbLP9~9fZ*V zx}!A609#Y;AoRs&tZ+mdT=II5{)NWjUFZ<}H)*bldpt#t!>qw_X4L=aXmDfwWI3=e z&yM`VcECAe>VwU5B(55{da*2*$b*Ai#yE0A;NMOTkfBe(=tp^})Zhp09FZwclrm_a zrb8vH6GsP`49HkIB_Umg-8v8p=v6v}ApZj=lxiOfga|Y>V^;Z$+0$2_f1P^sZ_cS) z)ttU$er3oR32vUXlDvvS_M(`8Y*m$H@enz_3^dU(0dI)U+#rw)&5zh6irI%);hNei)kZLn30_2?Zy ztq8wZ-Fe059^AWU57XEKr48YmUfnV&_3FKM?RhnSE5DAtTlzL#%&CMqrMO8IcwY*7 zgD$j!ILH#NrM-YZU^yL^Jjs~m3B@Qa#{q77X(#|8P?86HuAVi%sIRl$^$xs+54|#U zh+>&4*+QJcq1VX|Fsn&J-_GQ(*Rs9o6B3MnAQMgZ@-IYvYkG*zsPD9h&^1HPXJMh= z^*TMQz!5Na^&Q#lN%4S6M=|H~wENMIAo;wb^14@IlTK1e zpmZO$d0c@hP|;PjN|7@#G4nT!TTG^Abe6xh&TCE8G|K(2MHh{$kLK4tbL5Gao?|To zPrS5;UED7>)x_3$oi=Up@(U)*&%i`&@wf&*9u{Xq@~(^3G||KL;}%8vqkCR@Vt}?2hA62&5gBo40zm&dAUhCBAqPsi((U*{X@?{4i~10 zq*h=L3f?Kee%Pcy)Qk;S1cV4|4^h!S9Igl>Qw&ywcc4ZZD;l{JkPN*?#6SY)0eS^g zBW<7*yD}68&VkDu%yCd2hFB1<{Ob?PSph}zA%wHS_F^85tjqdQd$6Wc*TcK~cH8zu zz1^XQzh?Kba81M2y3=mESGRR}!j1=RuHmAgYp7^VV`))~gNiz)xx;o8<=GE8e67lE zZs~Ic0s&W_h3{5ceU1-($mwlWl&;Rgjn)QDxkhRAIzRN!mM?^4IwgpE05EK`K;=)wJ+y*{} z?u9Ge^09yADS}^tg9VM95b`Jw1;a=YI1=0>5#y8uO(c4t*u7YoI>?SHjUY{UacH$M zTCsJ2RjgeKck~V8>;Hb<%IhDhYmx1K4rYL>G7KT=Je5J)^>=@R&1N^U*?ijF*V}@X zo;o;2kl!VW1spAP4_&|VJmdKHrc^z~>UZ3*FMRVM`GE01Z|(Q2sJDWng*~ID=rT6X zWH3=*Ht)x~4!pI0e}4ZpKbluop9m&3hMS6}>9WhibZh+z&t7Ha^3})oE$p59vtfE3 z+oKMD#VsRIbFfNl<844b$=YEK3#0&gN@7Ozs|z-jbQ_5dED>5J^sgbXFa~La#3v^s zuqB{-$pwv+p|DW^J=LZ>wW!4y=+E>=$`TEs4kcMWzOEsKxF^m;Wpj9<`jb7^=G3ZM zUpnB9HD)JSlb~`xeOKLu{a?RsN5~i?gv)$&>!(aA3nv>>t;_e#nfT1c2cM#{12oRHee;4-tt8k0;aQlS@Pu4VAz?WR;5F5e5lBLkeO&I6R`m!_^pb2hzUU zDs|oY**!mjQB`wg!WoNsQVn(E%ack+s3B1n!FaO%mPOeIH$F45wszn0)>KWsz05yx z>iRn4Z82uC(2neLmuXm)~uWQgDDGJHavLog;&p-JtGlcx9q%N%fdbIqoh%*A3y$){p!N? zq2SDgb@2s6?w{HCbv~QV`bHMPpnYeF z6D@yw$@TM_Jgp07Mnj?K%!RFb$VGR6Cy_6wd zEd;Uk$V_8`%?kw+*eSe97E%vlmWPX(S~s5MOm!n77MXBTbgV*_q$(^16y()xiag-Y z50Xh`MzA(HQpLskl~^$1G|k~*V@{bhJ$ZUwU=uH3 zT?TcPAgxVDtG5DMgb@uF`Pq4cmdSvJNp8TC`Z_-yg z>0!RTl=dSWEh$9L+sR%Z`cWb!U?xS8%OGGtlqW30luY9YIPezuLt+}ez(9kb?(oOK zs~XE%x!1ue)IQ_#Nb=!}X)hDuBik;1m=7>WUSLL&!O{3EnAu8)w}QQqj9m8um(2K- zhV%j^8|@(!3Ot&k7!6|yakBrw)DIgw7wt=_97r8g?oguB9I~XU$hIHeMb7vFW|`;-B!wo-7Ow3&Of1}) zK#{eQJI65O@|+2|789%mPRUgOY<*|Hkd8u4N-?4!12Oj)7c_iTSbGy7X}b&fLqjwO z*vF?}5|2cxkPVldaW@>O)zWRPNKql0GpvIqjt-~b6OAn@l?0^?d$lHvOBhU2l?)eX z;m6U$nz6d8z^sUWxf`a37(ZG_!(s<^hsEKvS{#lRtJUJOTGOh8mQoC(dcetX(y^ z-Wr_PGb8Mu8VCeEnnTw^jW(OJYu-!>#t{k)3d?mMzpq#wb_@Q~4qc0=dNZ`bx+<#; zy3G!uu6?INgOji7fqA~2%Qj1y%;nD$+TfO;_s?r5Xl3o^>^b+^b60J%)|Zt z>$X+6aLeNMGOZ3&Yhy#KUXiUXm#W%2!{KDJ6Yj~$TjWq!hBF0P047)X#aQo|vI|9P6u^g-mGgSaJTK9-I za0)nd65@_vKP3lpECN6Y@H#O`P_)9P3r^u!J>bx231Lsg5xCyhf!M!-l`_kU2Z3yf z))Ojavn(DHFa|RCCYRk|v)F8k)xRh(?GIBMH_YtZKcoMqN#&ukP}$n@$*)g-cEim- z-Icv_=%d$vfAViSac%zkPIKRB5vsL%mtK`~= z=P++};X3Q$>P&0J>NV?w_5i%9{BtIkE8{9%foUzBK5K=mhVTD&9}DU>)a|O2-La&- z)(5$XiSvcch-rI2dT%<-!A!RlkZ8NG=++)bEXrSnIL<@!B%Z$0A30V+C zZ5?6ef8XFM5RtJ@TyO#VgyXDHSfrClcIe!5jZNyx_m9US;9KC**`zHdA247z3eZNR zH)JU#76g=3LClEg)!=cYa238}0YDz!^+1Tx?x0Fso|{gq(U8qIrPHJP9U=MRdpfvN z(;Fr=*aEU#7O4o^>=V;XvsBfo`}j0A`QzF|UqgAFXY&0)a6hFa4?EwkS{kF3a=e%YXaAP|#AO#M8`sTtMQ<_kZ~xnt z`;@gC*blg5<`5e?)g|N5?T zsq8CL7qa_K{>U^XBGe@Clc0AJ$e6o3ZO)*6MSw$co*3aVgkPqXO~Onn2@#aAz%f5c z0LoUx-jQ=fzX6Kjlk2Q6iGKK13eAIe0+flEX%48n~zArad~ji=|3sKX}BK&qx@O= zAv&*sm+4zdi0(V=p$lq=2oy{s*0Ye}O@&ceqqHa?b(l10ORTcKKHB_f_6j zUdKbm*WW0I6;(tXV0GKBx{W(|z!$wIl3HqrL*MG)5!i(2< zAsPtA%imzLL%gp1wo0GZdD~UnjMpBo2n1@&f6n%>$}c!sqWm5(8_u77{cA>?#*zf2 zI1%koji^iD7K(i->bc?r@6U@;U9mGmO2!lY*9Y; zuu|q4ddF3!D4#b++Vg^Ub%*TgSnYkm!`9L>g}-CPz{^ljus^ZiIK5tH{zfAw*vw3M z3tyA&=}G4wZxOhC4`gIna9?nF1T+w5g?}mG0&a0JY=16TbTldL9UvqGy&aDc(8yj% z^(q=<1-%IDW?W?KoYJEt1DbDAbF%WuPdCArszSDTcZ+upvM(~2?PZOtjXT)2GU@f` z+bnEV+`ndXDn6riYD3kOmWpxVo2Om9d|UgP9yFC~8iwlRuNgmXFy4VaP4EbkuPSRC4NPs|(ODyrN z^Se~v$Dhn+pHvg*K?WHB{bqTV=!OGCVuxF&?7F>a3qPw`%s>SZv;NFDyAykT|klK;4HgJFLWo)bZ9MAD>zfImT>Z zSQNU-_>5X-eNA(B@`fiu?CMg%V_w#<2gV08OO}*R&Sx{3Qh{S%`mzVRCY#d6 z*;7rinbq%&x})-fj^NU+Ozpniv!+4dDD>fCd^&(7V1JZ=1V+#;oF*P?OK7=3ffB9& zEXRp@34=^0z788bY(QvZfKa5sj|g%dQIbK!Cdt)AaJ=FOTL7YGVKf60r#}{}oiVMx zl0ytVuijP0{Jv1oGWP0b5FOBq($Oq*ywb8%-xfOL!KeD#nr)3;l|%ObE6~WK-Nxo74ga z049iBGlf6_sv_jti!9tzqo%s8b>SFj;DClKO*{4E4AZ`01UOa-QMNp-6eiCGxaa)? z5IPLb!#I)TRc(;_LzWF`Dt1qZPK3OK)|^W*frz)#UQU}jjvWxNbx@8M#uGdeRCPi> zBJ`3VMvwzcb;-2$w4&V)hLO0TOeQa;-Kw5x(wiom;%Az3h`7KCvt(he+h@>Rw=cN% zwlQ-p#LiP^^9&$yUIB0|%2~j+mgMKkT6ww{+WagNRIBv&2h{>#W7x#LXUb=)1r72AX)5=Yp(F(eH4fn^B#tEC*OyYXO+pjUDyUV_C}0S(R&R}qCWhdj*iq{Fr>dfE zvoVHE$dBJGG?i^y#hhcCwjM>%`a)wOBMn7qV~nHR2p?8xR|=aI+9euBgEj2kDn80E zs$I(IJs*Amb+9Bwc25bkTT6!G6I{i~=sIyQl zuMMH@j&=yJLWm?QN@(Gv3(PW0)lik~NTC`Mc2MjgRUPKNFc{hpe2KMGTN4M0Mq{Zl7$q%OlR~e$WNHmHn(mOrq`1mLAp1Z? zgwU>zwq!@BL%bYVkJ{Mzrw- z0@KS02|i9RWBIV8)@#wQkj^SZ#jQC0iX7Hsm&?_{R z*=3X9F*Rozj&&d*i5&ee#Df(Wo$?NepMIka+wHwLXAQe{NflsU6%+zxRIBNcg# zjyPUWzB?3zI>jf3WSQxWnp;;nj0ekA89h^N+-}hkc@jTv9e!mluM)%;bs2`+3Td=z zg=AW-mUV>h3~{e4`e~y7{DULJWhZV$Ix5LWYw+$ zyj2?_apDWI9Lg3Aky~NUU`60ftD;%`vgT5CuhW7!nL&*!G)8L3U9MWJPN!96_~?`t zripbs6t`N2v9ytsgAXsTVuZqgyK?5XxR?W>H&xw=DACNOFwCnGP}Fk8Dl>)a77Qqc z+Z{m@tjwjW9;+g2nnROa7|F$VBg(7?U9hvLSHYaQFpVshQkY|cEY~9zwcVi z$DUmD3=fPeSJa>)<86A-6XIG$z-Fn_bf<X~j}>pSeswiai#x7;04^a=|oHdzXu3Tiik z_twGB!iup-<%>wx!n(HuDjeATlAIHv#S~XL9g&T6i-|(Y@H9U`!KsRHFMu5Od(Rd%3fnX zJh)k2H5Zn!L{yS^1MM?yEh|7N!J0P#i#xKq6aOPbwUDZg{l@Fqydn|lZ)6o|2r06@ zBRBRBj>ecpS^68w6vbTFf!Uj9%YY1)RPf)|K|Vt=O2ktyhMfalYkniDMZFH+ee#QF zbFfG?{PgiBRT`)K65n<5=OZG}oaBeiHv1F4e}kcbzKF&{%pBP%lHDnd!|)i8!jd#Z z2zeDmyg3NZNY*Tvvw}Jj`hUrg6iCYG``M(nW)SK1Lj^9q2LU{TXC8g9g!T8VQKf8N zGGeCqWPk{c0Sv()8KXizPXdR5HPp|do)H#@R%~Q2bTivS5(VF4&%M#i52!mTZ%L^s=lE*jf zTe|gnt@oO#Gka8J^yjW^J&X6%d|tttRE}?5x^KhdOVpm3Q?KdO zt~ZSZIiPUKBDQv1V>nTHAn!WMr?J%*VPk4k7rv04e{|83>(reGDih(xacq;gN#IBR zV)trWA$yO*YvVGE0p-@Hj=tB9|k1ad6?A-rYcFlF?tyqDYM`vkWV6A3>yDBh70xqB)5Q0FU zQHAyMty0bSm`gCpYKBaBU*)4%CZ!_7~#?4z&4v2pLK?NK*^0X}ng*P%_l z-BmvV@311}(>`wMKtRK_H z1HydcE#nyfu5m1oU2(xpH(el?vwKV&ZETxmEMuRkPOy87Z3)p8iHYwP5dvByt(G=P z*GT)MJ8_F7wy=s(f#k^a7ONX;9K<2t`TAFe$;1QTEBkBn%p_=iBrx3&wX3VGs=?;3U{FLCw+2!nHR9369 zPLJ1>Uvz~<0ZqJa+1~qZKX0X7U$=Dc!DX|o&fUA6)>+FA?p?Z0R~s77-GATSW$Sd5 zv|Pcz;PQH$*(z0zo?PA3vSjro3sUB(X-P{{YQZI|%@cF=$6e<{WS0s$>F51?5EyfS z!rQx)h}@se|NZj_*Kcl;5#y>rU9Berl5bCs!X`~zcvpJ)qUG21-JM=u?X=FHZ*^8L zPv6})_43p?%iHc=IB^nFde|O|p7GSy1@0KPw{>bA9r9CK_l~O*2R<;xUKg-5M`RDk zBKF@gp2-+Xw)I<}*7hh7BbQ+h-XUYtz$OIzMf*lIqCzBK1%fY1kO+Nb;}8fMpZS13 zS|H-~R>a&uY)C(CA_To+FB#5g0{@c+C_hMFf?)J12=e-$H7#rWlr>_D#qry0nvo@s ze=gO_zc7;uE|{+UELQmD1Rh2m##icpYW$Rc%J`}AaeO;(fZV+CB^;@~f9UT@*31Fg zn53NAt6r~OPx=n>S^~J4f=AO?N#sot9N{2BvV@+1e@gDtj!4c;>h+K8yzP>qzioT% z(MPuP3vJUqPFw!*b1vO6P&VM~pQ<*Gh55a&M-{!ou`>LfYrt{gCe0b+0 zm&lgwAA9uI+wzaw9G>Yme$m21n=b1c`djz%%+hW?yDV85t1vFby)GMjX!?q!SD~_X zw1*e$a%8OCNz!cd+a3&dZwP=24sdu*pwTop$q;PeilPM57j&%e8+~gOANi2-5~e_S~|Irp&)&*3#MRCiQ>Jaqzjw)#*gm`21$ZE#v0izDa$n z^iJt$EnmF4XT^ldXvWfMo7v!FJpJH`?T!UJ^Jtx~b$MIk_;7i}l&P(gm(6Wi*3?lx z&G@D{pe~HBcoTg$8J8P34Br?tt|R&sH}p;G1uiWZW}0A|z#c~CJqQzk zZH!z$+%Om^Y;3?p;$m2i69qsLa{LPFM|h7A-JI?qK^Xmlu*6mgESA&;$>#4pVfn|t z6%9|^cPmp`cJ^Fpv%6Hsa#u@w#qO(S&Fty<>FkYD5^u4O>J8zEiFu3XFTU=oC3jB7 z_cXvaUh1xLtF;pvyQa?1^e&vxyrhOBl$mKw=<;Q1C#+rdZ1yIT%w5hs_uR97&v*YOHl5d46R8^O^!Q5cX1&$2acog6S|Nm|$MoZ)B_3~npry5Q z{+z}4c+}RaEhZfsbQzrYHP(TH#tmqA zS5ba1`SZ>89I+EQNfD2M{T2hX$ndCZ8^%WUq9wnj{y=!)yzNEfikQ%nY(WeoX4O_k zS{E4PK3xt8!eR#73DEe~q`{D9z0eZZ{z>`ZlG)9n>H=q|q+ndrv^(dlylG)` zhbIC?z(OOq7%_{^Z)PT~Eubqkxs-!HK7VG_#HR7VP*wGenLE4gVzZ9tm7Lg@9UG{< zlkSU#>ujj7lDrA5&`{jZ>ovy!IY+eJG2(t?-~4aikNnr?>c{SBY&@Gr824Dw}?UeiljrHK{FOOB$8qg+A^U%O-CSLD&Yr2 zrVaYQWSf#hNr)-enD$<02_V5G9)wWO1AEM1^kr=g;8h!1r(5+= z*b25S%vfUojN6$Bc=AdpY`1-A9-};+- z_doRUqSnZcCB?PvTNg~LQI=2Mu#{c$XRhy++ctR27{vRtt#hJrq{^r^j#42*_>#tv zP?iu=sh<$Jbom0Gp~ADS<>^07zWAB-Jx}jByL`?pi$^lbT1V|K@4w~#gX>$Uao$8t z>jM8uzvEeYjoT#v6TE0~`0@BS7XQ!rckP}wzWd_K+t=I~l#SL3htJiv_{dxLT=u|U z7qx_UEGn*x2xDApOe`!^MS6Z)2t=jMhDz6-UjtqUlG`tIxcI*u)s|Z zF(-JtiUieR3bs|6m59y?`H2{>YsAK(Q?XXa?RgYWI3{<%y|Hp&#clcivoGjr3_7$m zj!IXFBhP41e)r+6Yaa^6JbztuZr!rvSl`-n+Sj)Q#W!H4P!X@_nAK5H)jqK*QKPjR zO!C2l%8WyA&AewXX@8&6q)uVZrN+lXTb5Q%gwCQAHisSIypm9yP1nt4-@Z_8&Ff%~ zuHIdLR!>iL_n~=vuP90fcRo06e*2bblWLobN|Mc!w;#T-N^1lgIXP>^-p3x?*-aWk zykv9_r#005q5!)8tFTjOqV-jJqNr)Ki=bcJCLlDesT#|>gg2N@agJ$er3QaWvj z_Zo#aAhb|ur0I@cghH!_cTs}6NZe>J<~d4Sm5v&%Bh=8dd49u`ZF`f=8DwkZPbdl0R@JsnSv9`*qW$jbN#}R8PEVdw;}gzmH~Z}QdijN$uX(4~oh_ewP3aG`!6YelygkMic{ZBYEnW<;@>5@k7#lJGCXI% zum~SjKO`k{%i#f(QD?lHRNo!66yhElge0#sls51-ne${T4=;~N4gPWbd(c(~e)r+m z8e9r*6i0BsM~*}<^gj`D;e5DG=!P0-E-oOYPWHlkkJNoK{V8T{va@Lu~5!@|Dw+E0-B3mbb#WJ@YlRmQOS;RUQhrU2xVcxo_eMv1#CaLdV2F zP3#}5%BpK>s>?3^eVi?vb3>hSGO4RBEO9zZ3afR=kNjmfO_<%YoR9ev(0AR4D;w}9 z)EH&}6hx4NBdFvNhYFAlRDs74a@wIbb2imEnTlXJ9puP z1s;>~EJz|Y4N|}CSR2!?bx@0xo*0X6}&1Iz}4=1uU>TH z0b`#2kU=o6=t1_^@Ya;}Lpf57%g);b2fJXNLB97F`PbwZE0py=3+PR}QaJsmU{Zo#U?|V+gq3{0^-9Qdwm0M!vr!;%5rBJ*F z;}P72o;Dwn}6ufaep$WjZwYRbp=A&Zqf0zQLpot_o78YS!AQ<`$LB~BPF z@Cv>*h!;c=ZAt0_Wxy{mELltlg*ocxY4EDrWR)U(%k<}Jtc0LE&t7X=q(ym!8Tdn+&@G?K`Q1kUECx2g9_zu%PLxo)T zsqz%fYk~{t0Kf$=?SIe~BKn-%=Ib!GiFPk(u*b+lI_3>I3-R0n_g5XgxP1Ji)?ctyufNXb=J*klZT{07iG9lMWFN3Qr4+mmY<_uqZTHf-6E?=Q z`m6uSoPYi4kaIDQV-(+FkFof}4`=oV-Uc^d+v?m_47Q;@Mx*d09vRq|`(gmzFD^mE z`G4HCzWdxrxS%32d&X_dc-LL&Z;%g$<6q&aL2mk59vZHbQa#^UGw|E8I4m{Nk%UHe9^xb-)L9N+Vt(r$~xKGHNVw!1qQMS=U2w8fzVer>2#Ij~^%W4FqP$siLWllWn`d^6+dHk_o=u0aZ2%mbTS zY{77{n>za1QON6Nubv%h6GJYG$y~FzsdHDk&Lf!|PLt%(mG8WAC%<(%`0cLFro}a8 zcuZrJnp14S_pf1={`*2KttqQ0LrKC5>Ek^|kM%$&4++8>D+OUCA*Cee02~2ZT@P+SK3Pl1z|LsULZ>mF zAZg0X1ZWQDjw`Hoiy32QcPICyDCi!Cf4q`>~~y zeVLm}E`4>--6QQuY@@=E=MrKGa64!kcA}d2588UTB+@|;`dtCn#(HW;?W!5QlQtbZ zba2z8PU9G3%JQBig>z?WZDn(dRGpVsX_-*v?pogEu9{$}%*(5mTAC}@F1hj9?>~Fv z5)qx?vQ*WgwBXG8sh7;DtekVn)br+;DonTCc;jt2%{lLmEj2T@)fO~F^Yf$ig+6~( zZAE>3MQxSeS6EMJ4F$E^X4Y)EW7Wf3CQjV)Fo*xW+&^xB+v9MSKWB1qIU9Fqs9Lt$ ziO@jL@F7#BHJrNUA-OCkdR-Q?S@|KtS|)i|%Wj0IRGnp>=%s4Q-Ku{~){R!+&xm{o zgoz`h8!jP~b!f?D9pKZ!%O#BwKnSPND2@_*Nx;?^_8eL17#0kd^HDHEZiN#bUFI%> z!`ROY?x(<+-4r-;g;B^#;;*@oB=L7Lv3bf0NaFY1FLWc0NjKG6L9-C8vlq=;VSba# z=l8wcSY&~G{;?Y%pP$)QO!D~=bwt;xVHV-?W>7~N)Hdc95W_Rokv@Z7xZ9Xh*)OSM zFFLQ=fc$1NoMiV>ZCSTV`RELlL=`z5#cg+Wn#G##A!(P|cQjqaMzGSk(*qKvVyCZf z^adL-0f@y;m;slta&R>4J{GSh{nR39Q0YY#gG;f)y9bW!K5U9M^>lihCPN-JWqjTN zHu*r_`XfOYJq5wK|Wgp z|72aQtKBcR75DTMw_t1hnZeH*c&jgFQG*{+3(k2C%8;t*X&S{z1gAoljXlr(+{dWXD* z<1g8^(xdD+_U^mK4!D1P19#C;R06!usa(K0n}?maDJc@5Fr~TS*X{#6@oLY?HgpY# z#VO!JDU3K#vr()Y=#9x>+h+Dq&`xANOJrRkBk3|Xk^&V^+G0vC_cST>4rl;UNj*%^ z99Wh_q6CY|leiXfeG)ihF9)st1AWU5$eIJZPc<2Pxk|93a;@cP=5y#u@czqeQJW< z$8$I~!0iGtkq9%OYqj@jU40O$4^SWsxi6i&3g9nbs2=T`{pt(Xarcy}cJJ15Y3k=ER6C>`y zEY0lfA&TP4W1M6tUOuO27ncBY(@7G&WIfSjuLn|+hI9@T4OsZQjArGh=0e)lPxjGt z5>lk2Fb+Bj-TZAjd^UKMJ}e?9v_(>dW;Pxg8a)FkdP`1{T8i=#-`Jr`ni-GL9j*jr}pc*&b-k~W}W2g2U62~c<)ycTn=bJNds{r^XP;S6;cUT2m% znWDCF$64Txp2UJftVkUDvki0o*WlG)19Q^SLyy1w>VGSvGTLW`YIfo#a!A^*B4jyg z(8P`Wk~QYVY5}`&>1DW zjIVFyWyqne`X9sMM+1~<#`>3meRFkze%h}FFJS>5=*!BcQv?PAuAjJ)fnHTA!(W|2 zB56VQW3w^+DCfB$l9AOpyc{Z0s3LI=p=|WS){bpDiPE@kKJW>?Cv*Ibd}h=@^O5|M zeVwL%Ei8{yL!&ei@)E-SQXI39`cC%s4q<;mBr?*Z7^O8Ie<@N3?2F;2(WRsmmpo`K zOcx<7GwhgR0%A5@B%Y|l|9GM?5y5|`{~$F1kpyL7tj;IHEr%|}ly{Zh{-pA|N!0z_ zy~$*6Uw1H=>g!7dgWY{}-%U>@v1qcNbu$@eL&+figRZg~f~>bc*ca6MQ+_?p{j4{L zRN%V7CPXO#4wua6+GxSQ&@gOwu&p4CH*!OfaKsx!jUk`TA*4=eW+Wg-0xEp$-DHsU z2gSZ%l59&(X%LMr+1J{{3y@BGvc6T*{SSQ-#aZC z(^tR_IZOQaY`s+ZAlKtT{23nX(T94GD0W1ma2C}`{oGaf0{<3!1N9m$S(v3ZftrHK zQ&dZ82o*pr8<|Y?nx(l`s*}zd)?b-`6d8e~Q|+(eiBjEHwK`L2>P+?qg5RMcET;uj zEq39k$-KX2X&yzrwyE_RlBYsomW@u&qp|S8%}GSP&e+^hdO^TQQqSa$Ir@nzHcB$V zBFryg8y`oK@@AtugN)(5Rm?DvXyRlh#bD7QdO#UvilD8G=7wAWqpm#7c0-uohp3ewo*23p9T;D7{T!? zkO~>uyqi=^RG0>9Y3?Q`vkU7qBjO;W`-4GZY6N1zV7i}###+dng`mhWumQp*#95?n z7oFQ`A)sSz>545!_zGl2qcq?{bABPkOCzrVfVm*+vV;n^fB=HvrMe-J*OgE}UO6Cx za&0|;vb&D;(x-W;?I(NTMU;R3Bt9>9_o^ zO?XZ>b}6bBwi#3~g}p!rOCAUwv(iJ_6;AK9p=xJrO4zp$Y=wHjLcIaSh9Td2YdF`a zU*!-FP-VqehAAcTet{1);)(cF&HFQbUEp2N%!Xscz=L1o{+=|az!ud|EdUc;ebfcL zY%G{Ikf)H0rGDlL?iT7(;@M~T_u{NzFgU<7NOUB)mEC_#sEe@^qdu(#Bs9JwyTxoyTW)a+@Q6C6NO5WTh^pU8aZ;waT1Nl|6 zkCIMRKE2*n0rku>CqT4t)M0Q|quyVhLDZa9$b|BOnjwQ|OOrvK$7vo^Ox z3|iNiw$&3ae(j@U^A>MkGiQDzIB)iv?ThC2()bOnBOiIU%s^RMMqdhTp$kgUr(sZ) zW|;e(M;nmEkY?EuVo0OC)=#Hc4okG!Qhrl@xZ`BsU@$3Aa(xYFdu_rwk@8~Y7Qa1GQOq`YpX#M%s!e&AH76#0v#m+F zB{2!ye*SLoz_Q+&svz}iW*?JsW4Qs44zfTo&s9DuX1fY!LG8J|VviG3oZ3zfk(lab zDmxC;*Qx#Iq>~giR_Hrtzd#J)EIm4Osccn8g^yl#Kq&wI;dNJe!$bPfneCROi@AHT zsO}Rq5Y(tTv6sHD)q4pVNnK=%6BQ zswRm!!o|sCGfS#vm?UjrsAmCU*4d-RUL^#rg1tz1kvF$?lfwWHu4E;CSruWy5&9tgI zFW}cxTb0KDUfb&Os_ofk>GjolXsTfNpSH~e%@6Wa0gVSVgXRh69e({LrDB0J=wn!E zrvggszt<8~K+2x}Z&f~nBjco6rgUJ&eGTqXR<|w7j4QEgAQO#XTO(H?p;|EsrjpZ| zvO4)17`zmcnJJe!DQ~{nclhnYeQzp|qQ5Do-ei5Jy+b9f<&DZ{yS=F_R^Eg^iVF4s z11tx2kAIw}MEhCdfQKG#sOo2mSNrF7tC{R7`bDY9~8o3THRKKP1wThEL4c7^R?lSf*Ksu_DnrU;@w( z2Sn>d0{1HcEPa?bH6u06T2YcY1J_msfDKT zbFA*7<6c8?aWVUg(6cmH(|Bq6!7a9EUcS{UZizHGPFgw4|IE=u0{$IoIqsCD?GbCJ zs9F8^43^eqieHSwmU(7YX{pd12Zc_wByN|t+WocI!}X(A8`#$%XpOm z-9egiFc0;3>uT{3odkd2|6jUAOg{bcD^EW1=C8y*|K%39OCD#bbyWo_A{Aa=z_sS- z4K8c zri4Lz+#%?`w^aW^8TMHh+^20h43g7+liFu{2h zd60+GiZ&i4W7KL2>*#Bzajk?&%GHw3+-9*zY=?RwTsvw5uA&yH?79s1iu0?a(239S zvP1G&WRrT4?isyt8M+*F%Xi_&sF_1gqFXWzBLAjvzUV{Ld4vx`a;(vbB{7TrRC8T%IV<>Y+=UCzRikeCzJvdDtDtA7nq7OkQ}1+`)mA;wLFv z$)aUe)2(~BpM+8>QO5rSsfzC=lDyir=7Q#U95SEQw@vMJfmKqHI?1zq=23dcLUpF4$ zo@4N0caCi7p9TYR|6|}$S}dFv<@%PSm*XQ1`z#O2nehsn#W6?^3luX@#6qCHXb2~r z8%djnE6@<^16nL6G6`@l!l`$D6rNMb|N07{zw=<~tcrSY1?np@r-s#y6K9si9sJhM z-;$o=r>XqdUB4txdH2#-d1>3EK;DviVtOD+tRK2oYytRHi(DwO+U{A4C{sV)F8(7AG%k;L4IEL?Z>Vfw#1n zYI2LUrz4dca*RWh1s>~jir_qjOwlrNcLzVpo;{^8TFfTsF=}Y|det~q{W(_CvY>03WhKFK&!8Q)Oorrub2z`EFG=6?yEyeLE74b2RxU+fo&2Fwer*&d^WU9q!w%lux_27$k z-Lr2V^Jic13sW1GH@D<_ee?4i#Zgz~SvN)Uo2tu_g?VS&^?Qs(7G`YgxfK=WybFQW zbP>fVBYh#7DeB@SRk7@52F?*w!*d=3hXwFedFbF!ay}&mNXG?IhdkKzahd}MhGc%7 z?u$ul`iK&t1Jz+A4n?Q~(aNW3g}Gn{Lv@OaF^;v8P;#jFq5>AD+c+y=QIc#&S+JkV zrh}wSYv@{}BZpcV_^#ie36l?&s3$_6AR^>m3JynHVk8mb&N1p5CI~R{5?v6>a^-3m z^Qt2h2dRv1fE}v@za`>jUmWwpC!@h=yF*b@FFt=2V)+Ojq=@>wYZ%+}+%JR=(~2n7 z&pvy0ee;;QDyw&0AbQri3$Co0v3O>q_`&`650n|q9=HF*{Vc-l545 z62E4f{+d=Kad?}$HePV$q*be@OJC8X-@KY%$xd%k`?`*%&Nwv)PJuvgU5fQ10&;7j zpHo=Z-5!WKFQ{;L`N`z+=3}`CG zgmIQ|rhQR!>TRw&+JhTRcJ5gndL23s+<^hbC+*}xqkA689eIF!z-4eeoN$o;6!IoQ z#_gop$|nO9_mSAp=ppVa`C%a|Jv`E;mdqJ5t+F$EL6CV(;Y)j}TIWZ`L^jTye_>Iy zs4CjE;)o$?u)yo6P#hJHtmukXA^pMyT^o^WerxiBY6eHT{zyfocYIA(`Mjmf zCC=qo9)zqRtCt~&pNMG)4saHgCYZUVT_DJJfuI+jw0`p&(i6?{7?|ca%5O;Jghz3~ z#VO5k<%{E_e=H_b?Suy{1-m)+rorkMIMyAG>(J>rl{~Ehap22C{xH1mC>U@we9U$pnW#wXlv|G{ zcO$~eAmOz3?70Ab$Bpw49*j`mc}C@;^i9VPthrB^bKcrbY6B8Nk#cM5z;Rc19USbb zX}L|cbSg%?8K5HQj1s7Y7pibLqaUlqO6GbYfHg2VhWlG=u&|oUNHV3QlH9rcFMS=W zuG+pgVK*0;?TNkHuUgfiDhLTlME1FU!u03FC(@dQ5AMHY-n4)Yu7d;9=3TP?!G$Uy z#PIo?+Nz=!Igxo0{#ml*#eUgjxWE{Im0NSk{A>ISL5YcZb;NUuVq8ik%M?E>I z5Cz^A@&L0N61g=%`v-ms_+w%VN+fJhgQ$eye}F8~Kvk%k_2Re8@C_^~Nt5-IX48%8 zX18ZmuzB;8R=4CRwOf1+v+No-aoxB)h|zcDyt;v{ET1+^_yY;p?SaKKD$D>)V9__hw(1cPmZ zduSjFqE<)51*SB}i@__Ze`7-l7O&jPkyGZs^*eL7!aP<<=@6GNX^|Hw|3~?&sI?lB z4s*ZJ&MxlmI?m=Z+3J>5ES07HrQGslSGRJx-PkV~lEA;+EN=lbBwcQng4yfVx!=9c zh57)Nf+l_huo{q>!BUL;pW}ZyU5CUFot_OsH)o2(Y$kBpR$XBK`nf~h?6`}j1_VRA=9 zQG6+4!SL@3ui$fPaVVD6DX;K~h?7TtpK3)_Q>*z3@=-;;>ie(;L83{`hUbb0sS;= zz=WNnj6ssy&NzsQWsR6s zY|1z}l}dj<{Uh<=$I~Camq=Wre7Kse5`s^&w@$3Q=N`0=Y0RgR+P}+$cWQuW2(FM$ zM!7Di;4zo{uJVt8x6_lSurY<~TkQSLlT(|d=VK?Q0=&Jfe9la4^-Xu*&CX(Devs)a zyAGHb;LrlxXQPj(aHyJTVe5k}hzPU{Bqtxmu>8y7*np-vL?`j#RJ8#IECIp)P_dpq z4phW7ZoOnNp0iWgqSPx}cAf)w?0UD;%DTOJy=`^J=eP6`l<8}l3`Nq(P3p}ppLeXb z>GfXLZFNfT^R0KFSLyZY1;aVl-+%x0=fL4Of9Q7ES1;Y;77lW3{hQ$(lSzAY@{aH~ zc|v-(d(YCmr$kaIku9Oe`xHnpw{jULPn7Jok?t^x;JLt zjO`aYSK&;5&hmd`NX|5>xJvj?b!U7oth?xaVLr(VRB1ta?^jByI1dHP6Y!`xty7JD z%b^8{Q!>&bV&px8pb`>Fejsa>(XPc{Hg)KE&K30~csclXiqC!SA9G|q$jM@sMx}a< zyw9yiPT7O?VMBFbzaFek&Si#A!)1~>NVXCrwa)TsqKK9k;|eom5nDtd=NqCip^Cv5 zhE7fQN>25`=`k<`RmGY;WKo{`!0L8bZhzavoR*Zu4d0JzzWrzA-P^4Oqto&Ww(NBs ze_%AR;@q&8FLRkt_yac8!rXY#$xLtGZgIFRx3l6ue|wG05dD`@b+0S;{=(uk8pKyd z>X&BcstIk=42zD!K{*HoiZ}#XLKqoA<2$61RvZcj?RJOlw5ST{TbWCsj65DG2n7nB#+I$=Ek zGR37yAHfcW$UoxM13RJ{qI<_}?j5%$8Wpd`%^teh8F(oO8HaPUaeugQ)r7%n2XA8c<;AKqc$72<@RUnom^o^^^ ziTj4~JcwmRt4%y1Ukb@Pyt{Li95k97assSl0|0y{ZB^zKPdH2a$ezuk*PD9{c9!fb zbvnS+aJFH{^Tqq3#3hBEZ6EwUN2A3o<@G|5o|ZD&JDoH>?ij9f!s0fInpAq!3j4)BR#< zSwX?kg06yPLT_%x*ds^lyT`GAv(PJ63%!y~3PFaosq_oo%kak0f`Vn;xi!u0r##Xt z&uDq*wD2UJ!Q8mBlha`qY2PbB9&jN2q1q9G_XcOa*%BWy?Ymh&;t-4}yaD-m&mkWI z4G3kqH5nSODA}_U>Wqm%pfha6mZCB-;sUsj&`PDdk%K3G#JT|wdg1+N=a2TEJ1%6r z-)MvTbg^Q6)dSa*n#}0HkXMJ@qq$mQg z`y4OLoKMf;zW~I^2@WL5P#DD2&^ZD5$2B#Fg(xG#7cx>(G-5DECG#|eO-TAvY)<+= zPl2tdyu+0`PjCfKVZ{g>6Du==Q&=>GL}l>_r7jvUnnps3k-a4CcKVb)SG!B;^En-4 zRC*M;vq@4&B^}w}BPX5{DOQsC`3Q&}iKK(WlxTB1=JYxdS~UnHzPe71(sZiS;q+mb zXm_!sZ^xPI#J(AcL=dMvKVL}}E5H5vb>e#6swf=JxW2MZNh%+oqHp~!SN=J?i-fy# zx)Lo=`qFbOR!R)U+XX541$$gNk9XY;4zN)`0K`#N9<6 z5|PT#J=76>O2Uwk)~8+)qq&HDY)JskKCk#%L^PXZ$>Q?oV*p$qD)&rSL1Wu4h#gd^ zl^yKd{x!=GJx44Ty%tHbx%2Xit$SapWpCOIM$s?lD}IE|dD#XG!4DpQvS;kempV&| z3p@zDW3ib3bj<9b5IzV?g_uN4e#d3mVsVWh>$GmQI^SR#AHHunMj}~+szOwr)Mj{L z*cym-n$5P&Cfkmy5PnBS0SJ^udjR#v0QzGBL7ve#`J89Ng@0(bPK)qf+_nw-1yLL1 zjz7c65eLxaop4@lId=uMbj3e^@ca>w2x}2{$tag~S1#ybHPjW#FWEPo)_cGtxL&!D zavs67ztm;fZ*~6R;otAk=NT_GF~J}glq{e5E2nk8#id;SG+sninWi3og5Chlv=TQE zwGE=2qy>r*K-8D9G-ll2KHS7r=~27JL0%I)DbeszGoU$2s-$o+rxoA$=`pAEpvBdG zaaU)a?69rX*=+`4%f4uI?!`sXuKI>}`I>%V~W=8xED(wNCe88)AWp&PbteVP~Kso*zL-U0-#qZQ|n0 znC-)uwV@Aq2f%ZWmx5jZ`;G$(Rz)%3E@#9tbs;cVhU79TmFV?>U=;T`tq=I#eCU2w zVm0bLKeii`SNq`hWb=W$y~+X_8+Oxf4Jmvn5a=YE> zG_y^=Fjy|NxE9WHTJd0u%W^s8#bxVRMDqb^i>FXuVCx}bmy?OUDkLI<3$?Z?$^mJ& z*9Y>|McSFLtRrJQb(*O@mH32nYlWqcU{dtcWP+0T2YS8H`6HL{SFWgWjP3_| z&kr0%gI@XRulSt%JqxR6G=)ufTGv`!3!K&-i%V#?+wD$eQEZWav4h>~vRfVL@3|~J zR_6kjWi9-dJY#VImnlB=e>h)_eAf?BV31l{^;t0-Bn_x}n_;Ne2MO}54QNK9Hv+fR zrj8!~3%Fm%D``#48^5%=Oe)YzUi}o=Xx0Vf;^L-IT~XZYGr>m|^{d38TR+ERxjEVgg4$b*O%>`(`E8>E<7_LTPc^ImTM<@XfiPZ#^{uKFa z6eIi$N!%cW9fGwYM>8?z-~-ZlXU|?8X-cWnREH};n0ssn{3C9UC~pVZ-B(8@vtzUG znTwQ7A>~(L0nLBwUY-A#U-zxo@5kBX5PDyurad0Ij!x$h}vh zI9iQD569#2aip`wHjCM>9A!Oz^=O7Orw1|_F#R>Kl$Jg~Kh|lc@)_hsfCH$n>k#Z9 z9QQ=v!nK?=g0yqgA>2H!6TaHUM4hLh4u>KUu5l$qMu3CY+BPlSVB5h>n^wBsdCQLN z7G2%!?U&BGy{qhY=Tz5A#hYpojL>MAx#`Vh==OP~x6iq#r}g!siYYCNYv<_oO|j0J ziB&a4t|@sXEw$6iC+g(paC=2_ti&m%o|##2trJc)80ZwoL9@n)ry*deqvmZ4-E?Ml45CFt@2VWmqnxo zeS_4HX31CjoX_FsgM=FT_L<#*u+eMPOACcZDq#GmUS4p9s-mu8$W8WODH%ZrwQJ^K z{nUZxNJMnlz!1_dqg%mAE)_y>N(^Gx1cPNbg~Y&G!bAyq7!Vc@WlSJAMgj{@S4U@8 zolCm^+f&UHT2V@W3I|oBQK9q^_YTBiAJ=;oJJZjxEr`j8Abe)$2fKtu<$A5nWHorc zcth!*QT<=lGn98HzkkpBQqOOz?UI{?%_obpj(>iM((4Iq3~zTmwL3c0ZZaYu-e!i>%xO1SHs`iX{L+5- z8tuMoSnFJ8?1jN*|L16}RtAQeCtZ447Z`!F?bOIL);i+p5-m3#*75MW7d>NB2~q-2 z&uoULD@%-2o)~#A^p8H&QV<&gMqS;tF$2;mx)E^1jgq7rhUd6Zw-lzaI=e?}^-wSZ z_8DH_bICdSC5`z|`)xz*AKA(?_Xiiu=JbbaME{JumxeV!369kfZU zsNTAjJ)!fo#irBh$e%UEqk}95 zgG@Li4q&q&f+cxDhUO3u1p$<&mppysN2B?HST8s~VClfIK`;=LdK+zGmBV3+8=8`r zm&|mu-??bk#gRa)B+uVd(;0FG3mnKuF3XDw!q()Xkh3LP7O!Y=yFA6Ur7cDN*vyKs z*6+6Rc|d)kL0^#W1@8;4Gn1LiBdPwV*TX4jguaGK40izyXMOmi{>XL-^+&Uam4W!$ z)Nk%Hb;P^R7fEjw!SZAVTc~ z2+=&@GH8&o@<4vEFmux8=y-J8%piI0&+>^3klgrShtrCgu^KUQuF-r$^Bv8PFiR3} zM5iOw`9?Us3wxknhFA}g1pMJ8GJ?Ol49nkviNJ+{$UxmcJOkss z+Q#~ZdWw-nh9kACp1Lv?3UZIGVBJAH0?&yw&w#e;;uMJ-W!0fFWM9c;B`UMe2WKbT z?g1nlqQUXRER!H3lJttV7CInwD15HHJ^fgWiT zj4|s@3ZgkbQD5kB7p}?oTpsponQ~b&DR^AQ_VOzc0`j9PD<&GF%hq43Lq zb#c>k>A-VMODq9gH$N-9&#wmpYj&@;R!0lgPhrm#L??B`3JPK!lcEJ|&eB9}l|{dl ziO&2YR`Ty1URLSttg7lfvV3{^r|e_piZYKFWE+*;HU4Pp@)xHC#x?vVy>4t{WByr| zI%CPCMQi6o>*}I&9>pnqW(H|NVzd2c+1%y;`6I`>>O_gwZ66ffcC(FoT4U7_n1;&5o$3F46jcLa2hMu(VlhT0rbCW6kDeE#Bjowen z{K}(Ff#t>j<`vI#D$}dN6e0tQ+GeX{tL>hFvswB!x5HK`To4qmBekH+enoUW)uj=& z!P-Y{Nb2B0*dQ-H+{kzebiDapL!5yeAr*1LShLGtcyzC)_&F!y$M1Oofy3?37rVqp zo#VSjF6BIs(eB`LPDB(}2H0)--{me)V9W1>O=ichner{G)lwqPHAm8MK?y}bIJ38z z@bC63hc6eRB{?sG^rRuN)Tq*ltVk5`t7xBucX&RRDK-ijaAsyREEhCIil#Um3fXON zNdP9lV6)lRPx<}8-rrBzV7JyDYp<-M4d4UHpapgixOJN5Ry z7nKj(*G2+TWnPK$9s&nG{q&_N_IhdIV}+&s@YwdbClAftzJ0EA;oR*P2v<(%-22ug z%+}XAA-yXQiLfWXc>M7%9v5!9uVBoWg8T5&M?=}S=d2gn$uX`_Z^%^;tjlWeWVI30 zkW}gnX18DR#3h$JAw0oPGRcDnWm*Fd(4)*>?z$APD|ql7S4gfiu)4<3Fx559&y)*< zhUH2^Ni6RXjO^qHoiXvS@@l{EWO`OFLkOkh9gQWh zPlChrYW$*0t|$);D7Sxc*ygdwI>8X}1Po$fcw9-* zp5yFdHs+2NI}`4kFf-_wH_zcTH#;_Ltti+%X=zHYKPp_5A2H~wYjnnNpdez<6&C3A zkpXAmypCz^vDKnO?+zy--7nY;H{Yxcj}xD}U-1{!7dZCD@;93c$K=-=YG1nek*R^o zq9U8A${Af$HPhWjM1DpNsOM0$3AFw?f~1g{0#9vdk$=5&Q?ub|1 z@nA))!(*um7yaaoP)Y4LlWeAA-&2W-`M{p-nak?o+tQNH=t%HIwwkCoR+dT)uA z>9tPFx+j_Vw7 zipjdXw5W^cN$b~Z&9{%6n_socHF3T0(}cG%G$G#{wzIIyWW1XH1o{L#WxM%{M3LNH&-(fqy*=mW` zcI?=;X6CH!b#rI8G&rHVFB@DQak( zHJiRUB=c5%;Hg+QeFOdq;o*_+Ygo9d^-z)Gk>eq)TD-6>S_pL@SO?u}DlDuS+j%Jj z+U2cnvpd?xvk!B-^wOut`5XmBt62PL7CC$T__9*pHaH@N#%D>o2Hb|nS7%aq;alKP2xb25lhNbf@< zq~$&;GoxEVhzK{qQw{x?S4a<*&)CHpo35*A8&aJ`ZLC@5i`?@sGdkzgn5RF-4g!HDJ(n(4G$z) zoe4DU03h97c}sl$WvQB_3n#YDom+SGmYcS0eq`#po^a*LHB)vjudkmInRrNfx3FkJ zLqoJfoH6|ghTxBE;+{P(1cRY4ZsgD2JA6Y?Q8+xYB-v57e9I+2kuGYTF=Il5)1!;BKC9>_HsyRqfmDs%Y5}LJd|EYKW%DY2dQ5P&h(Duu$KHk>GOp| zdgs8$dxTrW3kKd7?n3(sW?_ZNdr_JVx!{ZTz8tAyLxEsZbk*zscHev3|PK2TP6z^v6- z(zj&aDsOJa{%S&B{0m*8M_+`YTf`3Q34wyVq``Tr74c5F=WRMi|0C+ zsl^(6F#SOh9EJ4}^rtX~*eW2aRzDn%sXGO>RWk6f5{D#4v(qa0Cudi081*u6bg3|&tsUeP7qts;lcTZrr z0e`>>@&ups5^4?QyCQ)qLkI)y{DiaVtdP3%j-c`hr$AO%EbZAICMs>WYRepbNd}`#=Hi7oLLYo)N9Q5RyPV| z`9T?RHbsNkJaD=M@&eRB{MTdVg3 zB?NGjrIISSRB}IHu#3e-`Z8-(T(W4H=r&gEy1c??G7I>m)+71^!6A5UC9Gq1`fkyr zH3(1|5KSWcreJVrWrM60L~EJTV0y}E7Ogr#fY$do*&^DYw6zUsG`hWl z&hLu`V*1#M0>_$|(`O79RV;MPbXQC%sVgYFH|a{2l>234m_d`38LbN)MSf2rSQj=} zoPrq|C1FtvyDy9QS5Nenmy1rfarfBHN|OY@=Pc48>T1k=fz>Pt^tb#Y@w7Xr#ac7q{w@yopHN}IWkZ5IATfm+#oyS~Ei>5G} zXtHRPc}x#?WO}2(>_$Xd!*C1A?M}ZfFW+8h4C~6}u@|`A6YkkwDoB+VRmEG1p{vj~ zuc*Z9nHbiKh@4ql&&2jT7wp%Qa#5+rAnNzp45FkP5BAmgVp~PAAes!U(B&;+WhIi$ zYW6W}K-T+gP*8C&v%z7oYEctWTP(RGV5Ly!L6||a-DNXK1_63DS`ogoS^{QMTd_gZ zK)7fB^LvW^?~Yk5J#D5mH3K-Y79=zsaG8)*$57`J((+L8}*R z%wo|>78%S2v&f_qFPZavUN5wgosw&MzFp@u6nZg@F-Qf$JjPlqnAT>8$+yU49~&(( zm?fh#9G(_(%c8|rruCb>CR?Y~VbJF3wLz<>t*D#m+73nqON~Go@4z!cla(-eoS7qt^M2llM%VB8O@sd1zLi$uxb6 zxwx(<--Jyr>#r{boAn?#6jks-(gumbO3;fjF+zg#IJjJ5EG~s;hxVzVoB>GyCW3Md zjNc1D8?kVH3INX6>C+Ph&AaY#RZJwklTPXV0;el39Q2Cj1 zge~r>z3I@!v8d!+yX%reeL+?wzWv5e7me9;^T6M*p$l`K|6=Bx{o5v8G^NG%o_LrU z+#NIaOv-aX#9A_Ia%W4TyvT^?ipO$kuo8Mx>zTFax>=?p!c8@8=jg1Lyt`z{9m_kd z7AF74TlY=;?AA|Oia&XO#-GIV8N2ab*F$dxCN;Epl<)`NVdlK#_-O@+GOZ8OO9aIr z3oqps|LUt*JcsK^wrQ4QH>zOs}dgbKzHrcx}H%z7*_M6(X8Y=uI zzfNbj2OP8fp|C$$*|?;tc*3S>txH>?))KGPT^g?oR#paEDwpk#PTq0Dv3I-do4&{7 z>!;1?*{9wpC+TLe4F>gZ8Jz1L`MQ7r3%N~87KiR5gojPFzG~!x2~DaCxa{9m*6#_i|hsOfR_~z8m3PhD&*%=HqeEWa1j@gH#13kShUA zATH8W?Xl7ASvwq3{-`VbW92^$us~|B>aA*rEXMH9%0Cv?m5zfG+i7cAYV9=mh*G-u z|J(lk|HhyRQqC3}P|mYC;e7m43gHartO2Ku-Ely9xO`k`p`WETY*12uv727luhtc` zWj`Vgk;X1CRO%aWn?^lD?210i)=$#FE;0$HocxDtI7fxUQKg^PModz~7{oT{9@xxl z@|rT1&f*P9FHi4%uWr5V%N-M*x)%*>AklyNd(BP)bV+!YokSJ>7fVC~%FxL9tUtyXj8)b zOyANw-um#ZJC>>^wn?%pZ(D3ufUodT5kK$|dlIK&TuwCN~?T%!?cN-1)d+ z+%wA0pX&M9DVTWey8)YIY`JoI|D6=}cH4{0d0U0U8CtmX@QIr*ykJbRRrhDKrs0{s z`&yL8ezgw{2rvHe%l~!JtE}M8+nDbcd$husF~zfgx$Wi?hwGfh)>5o#m0zsNjLT^> zVqmS4szB&8-TIL-WGR{B(Lz|0yMpoLgoc*07DwS*+-{F)29lJ-rJU?rL%uMuk_Aoh zRIj!h{D5}orfD$i%R%rGB&2Bo535)vaCuOjnWS+40@WpQB?t=<*ap#b2w_rW9Q82J zgF&yh8{RZJUW1^y!TA%}oort@HdS}tv}UXAS$BaSE}$JhZ|bKC^*`!@7uiR}nUBJU ztn1PKfHFCq`YtnmS3sEPhj+dX`v8~gMcFBa5jo zs>LY36*QNB_q$l&r=at%+apcUT!9-<3o7mAt1A|O0SF-OWNi#PBDk57&kdytM32={ z8>>VRR@{RPFcnzrVjdK;BC!@m-yk!fwZ)eLWa-1)%ifyZkdR=qP^ z))sB4mVk*1TDOq}aNmI|X(sqkEY!JLIQ$S#5 z*-;#7s$UW_wS}vT4T2OXU)t8Q+h~J$2Y-TWGmywebLt`OKjj(VHxtyWhPCTDNWnGH zK{^=J9y%6-1fmnvEP5K9iEf20ehKI|T8uDJhms6oY-IE5#4Qnl2z3mlZ_*UDl4UF$ zRghLCFQ5T5B??8+7)hj|OnjsYvzYU_y}~!)S}{D^<8^k<-L6N#$3mT>$XfJt<$rG4 zFt@t;_4S)pfHLe=P96S(@;j@cm$ActU{MyEe!~xywDP|4_qX<4oqCWhnLe>n(pqg= z?bZKLRaq&>R-<|Rvd-=E^IZCJA1dZvJi%Wk$pL>0Td=4uZm4Yt=nG2P+8$X{FxFgL zaPemY;mI~@AQYYy%)i5uFT)X9u~jxLU(;O@etyL{%km4KZt1>xveoy|VfA!f=k@!0 z+B$YVyKx(nQV(7+J$a+mjASHuavPz(?gvDgV_#zDS=k?(*D0dVs) zGNDX>nGP>k-y3>ZLr$R(M^eWhYQ*S8S6{np<)OU1L&}pkUdBY>yQ$QTPre|Q4y8YH z`0~py6DMAF=AIsrPudmgmdd z^Y7$b(|b~izn`Rh)D8(}y5`^343^*M-mBq_LUaBMgsDIFxN&X(CY1H3fS(GP}M$g3TJp*Zlp= zIa}B47~^{tG;Y~E^le^Gr13J;_XN5gEECr}|HyMnr%SU{=}482VNG^=^g$o zg)@HHKBBbj_jnra2cO})*>{jQ;&0;60U3KRlx`)@bR6YyJzW z_u21ezb)Z8{ditYCJ*j;SsGrCB=TBtUzvGVKs^O|pW2o=ccUH}{8pkInSRL6_%oy< zza_gqaV;XfgqKC{=lrPsNH^0n3D@+D(pcu2?(wW4n~v{`^vf+{v}>wo=2s7YV;V`+ zNT@?GeFya#M|I28FO2js()kZ%h50X~wlh<9KI%kmRL2#4M0LzO8>}@`}U<52!UovXgY)~5qg29 z!Gtu>bf9V0L3Vgl)w}ho`qir{YUwQmFq4E#CX+$Ld@+u3WSEE%}f^kSXTQ_%-e43O$A4!s~UNb^Ghi*7ww(Yna;5-|#}??#3q@uT5Gs>BY%ClfQY} z@RY78r>A^)d*AJ6r*58ld0P84b=rk#A2-cy+S>H&^v3B=Pyb}bp&2J-dCl`K&iicsq4`hEzqnx0f=3p-u;7D*Eem%q zJin;0Xw9M*?y0}my!X4f96M$4%EhM^f4HQ3$rDSixAwH2Z#&v{t=(w9+A+Cfd&e6~ zXDnT{^y1Qwmvt@sN@uKdXXp9lEz2+9?EC79BP(8CId!GH@*DSGT2;TwSoO@Rs}F2{ z;N5Pc`?>D7S6^7uv}SnCwY9OeJ!@a;+1qnt-7~#T@7oXdJa}RKo$FuP(7WNxhRYki zv*EM88GZeI$NQe|ySQ=6#{C;#>hJ5nvT4z#OPfB~tZn{aOYfE|Tbs5HY`wItXWNBs zH@3HLAJ~57bL~6c*qPaRYUiiB`gaZQdUbc>?)|&Z?f(9r?mYv0PVc$2=e@nHdynqD zxG%Az`@9ls2K<9zs1J@3AAAI8A$Hh|dl|yr-l=P^)K-T0pm3HO0@}hFH zWbpg=Y5tCyQ$6+X%7yYX8f0)yl?ayCylqN z-POVB8`Ya;uQ_a?!s^`<(sJ;nBlyIXj&5ZoT`Yx7d5pd&j@mKR4Ji zcxI?&=&Qqb4xb%aFxvG{>qCPNy?Lbhho^ zj`tmRj(_s`*B(_Leebc&k3IX?jmO&`cOHN5MAwNUC$2wn{tHLHaIN+)M(`Ua*mUeV zEdCfiB=Tb2_=JCTu`@7DO5o%G*L8)N3YuU;?Gepz-FJON$73zH@*9>(U}ZWS(Mh~b z^L#|7Q1_LHPNVgABRUgnqS1)X#-`Azh{nFw^g={miQ)HyBKljgR=SS8+BaZlu;$nn ztoS(IcWaLI#w?^BsD7NgC_%1^V>8yti}9&_zZyHd^O%d$RixYTDPyNqBPL-7?OwFE zIkp2Wtj3x4N^m=nw+_F1vK939fD3z>*h=&NYiB1~b@;ek=`@38Vrx>dz3^;mra9Dtoj&J^b5EL23uqxN zqIU9^H$V)L8(=zd&We1N)XHDb(K>Y;Vii+kJa zX#@4qM(U?cw3)WhR@z3}u_e_Gy!^Nm4;}8NJ+znh(SABW2dPMhNFtdODiJ4@%6Onp zrva*vK~*xzLi9QeTm4?FjvR8yBcBFoh=yr|M)6eE5qg-8(lI(tKS__!=jl;;j2@>G z^aSDO59y2a6n%-FrZ3Y;`YAjY`O|coeukdG6NS&x&(d@BbMzJZd3v6Hfxb$=NN4D4 zbe6u3jkSIWzqIhn^dkKVou^-=m+05%8}#dRfqsL26VE1olYWa{rr)ODq2Hy8^m}xP zejks+{sFy0e@L&=AJJ>{$8?3hMX%GJ&>Qrp^k?+v^d|iUe)#Y&>23NedWZg+-le~x zZ`0r6LDave@6bQcRr*J|M*l?LrGKXD^e^-t{VTms|3)9sztau+9(_pvK_Ah7Vq5M1 zqL1mn=@a@N`jqhgB>gYlq#q!@;|?^=(Gx7mQY_7|g%-=&0#IpmbOKFdz5xW>Cz}&7Nwn0x;#p|qI5-+ zt`5`o-Y{Jjr0dX6vTR7Mo2>e-uB2QpIf|Cy<{&pLn|@}T3XP$>oKd6a(LAmL_FNFzl>cNBx8Pn%0# z+Tp6hT`eO-2^uskrIJt$shq=LO15U1+|3PIhF|4H$divq(Lpw%eLHp7QLGYA%TNc> zxF?kp__zt#vML#Is7g*HX*;^btECilGn`=%7yhJIw)JON(vWRD-P-< zZl!Hq@qCA;Y;G#Lk*i8}QOL@jlvEN8Lc@@gmvk@bYLdf~ipHTKF=2JC$L*plDU~6~ zDb=YGR9NFOH6kIDp0p)^0Kl;9v}!q`cp)fWV}h0bEpK3h{9RjRIRX@t2msSu4Z|4QMC{iSyT+EoGh6& zQgR$?D9~g+Bm*fjA?@3_kO&YFs7T-l;<)-KFRH#_6e8NKN`}$MhZRGrN@HRr%DU<$ z3@)j#5r=2^2!Mv!$O=L+ESDFcFH<+mf$T}>)8rXNGPqfioRlM(C99fNtZEhWovKP@ zlY6oCTYM2naRN3^8v)ej_Pa18?w2eKu|dy4LDO9YbtCx<--jrl{_E@ zqY(-&#U0m;Yo$^~1{$C|Ga+-s$SXpvDirJSoQ7#EhUgARVejdH^6hMp3WZDx!CAb8 z$jK9Of(9BUWcl{QN}?I~a7*T?AqO_EB|XWlxG8v4=qxKcI#(6RoJkz{PxnSq40YqgS}6 zp~142_2Hu&G|M4_Z15z&t1EExzEa6z8X*tNw|idwdO-I&=u?kp51g4uH^t~I0V(w0R`i!MK%Eu#E1}U3CL{$FlFGs zgped#nB#l|XHl|HgSKFVkN1FAkHfcSfOH3QFTo?i=jGtrH8@S*kTdWLnCCLD4^$k8 zAwpLnWJ9E;MJO#+OL^4wG|PqZdB*j1Ps~_GfJ*e3QV^&(M})E9l|`fs!igAy?CS=s zrJO-!Tg08LR7LNSsqj>lmnyoKSA|IEWq?C;jyRwNdQYgWDxXxcd`wgka^fhIIe9`( zh`$M0z~2O3%u4Q7{d`CU6*D0%JZjLsD4H&Dw}P;dG9+6h0Z_a`)sn@y0&6Tpcn|QF zJM3FtC|W)w!+FMNO%sC&%O(;1jgegB3ZR(A@h(v4uwk4V6nu^k+rmUaVs%XEOb(?rgNiIUkfy$G?PS#D#E=2L%!~6(5M4v$3@^7R!VSC zQPd7RKmd>lIUztMWC;f~zEa?zG_PtbODL|}kped1GIOC<6^abJsEg=$8}P2%uI?6Z z1*A!1d9|RGD0Z}VV99``pAagANCtT^+SCblATwidEN6w!2#El(5K#%ESvGL% zqA9f8)}9MPzTia=hFOcq76RlJQUG01dU>4tPP{DJao;V)b<>Ft*duYp9En$)p}6cR zVwuddV>a6u_#t@&BHEfH!y=0v?JFja<$7?ZvhQ(s>JMj$Vb#^L10OtT0w=yla~(^? zVOe1W(bSiD7}_ExF^p->ibIe+Rz@f@T>@^fsD?|&057E^WOc;6oXt-w{|xNk!fAHp)%8gkPx zQ^(RvNf?Gd3^8?C#1^+QVk4+ozT+PD5frc-0934$3b$E#Y}!pPn=Yk!_m_Y@ zeE(-gHinQUeRsc?%jnEGb2;ZZ&w0*sAC7SxXTw3@#P06FWvl;L`ZdR~8r0S->RQ;% zf@tB`T$~4PSS}~;$(z28^C6tCUc330t)VU4a-2WSaeT+xojU@;O~M|IGmN9XZvEB` zo0p%Fzk!Db(0=QNTefdSy~uIKyYXww|sHiwz>cII3&g(}v@A%AfuW~=e`DgKtmp5%$dyD7E|Mw!tslDjK?>67^nXP<{ z@I1#jt-qhXW%I56RSSNMbM%)zx^>I;9rt$qLzZLgJ&r3|vh|Kzw<;H6PL7p#;rX+7 z-MVId{pW5d;Cu(pjrdQ{;a)nlB|*PuZ~BR%{a$$0ptV?WRz)=&k8{TT3I72toS}Qh z5WANv;e?W7B`G|}um2ie;nq|0l|P@wwE#)aWX;w)@7T_@a}^f^Bd4O$7-Z-0qxGbC zO+Y&{;Eev)=xuC1&giNdPGAB2cHt>_KS~u`fZM_y=l+&E#hu}P$Q1(SfE<_?_*Ag2 zuJ#w)dF%Pw^R4Im&aXQE>GOYm{)^`yJ%8$a{`~(u|FiSI`(w!k;qqlX`c5ynO5BRhNe^ z-*ma_a_cWFKmX0ofA;fde)is*6M-7hC)SA7qDQO}CDARqM5pKw?P7^2h=$7FTL1kj zC}^Gf-#akO?Ib`MO~=(!qBRm|{|o=nJp6C{F_l)A896iO{m{EhKG>pTWwE~egYCr{ z7U%BZHnKU~SGm9Dc5^$qhqA=v!(8^$3G0fUn6;Rsyhk{D`%D5uT zqFaNZ;9m{B=`F1E;<}*;?>j5Kp`cO{8&bM=uGAVt&~#}(tOTpha`Zx7r( zGU8P@Jf?J3u3oEZpQ_vbD2DLjP(TqHmMC2R(BWGT-x8q0 zTyHSA(tB7t8_>__g=W2XqE`&!CFQdM|EvwiGAke}rLmErKwwd*`1C5W7Xc&a;_>E^ajoy1{iSD zV)X5%V&Bj|TvjG!1r4 zgN+721^YDvKu1H}p<8ZSJ$)o}t78@harhvCZOOXO;Zh~gKQ!O_JX)NyPIK+7y`zII zeOlz!a@vtDz6m`K93B`7twHZY9bWvfPzNC2J}{IA)#+T@k!JyhA0@C>@!VRY^%PHZ z%~DVcxZn^cYy|xTg{Z_z+y}C@4-3@5m2xw=JlbN4P*6%`g%y}$k`?Y8oeN^FgvAs? zAy>v?+?+(p7PN(fw%|SkH?fxo=`?Z|xqaH&m|W@_)`OHYqU|LYaqw~}E^nhZNCl-V z$&?ydsXC{W74l_O=Gf`>vWl`;zN(ChRnD?l&ZoV~(Ub}%C3h*arIK!!(-;cYHKZGx znwgC?7@f(I^(mJ#Jn`sz!FW74!TIBH|HX+%!zHiCvW)79y>UOa_~ZOOeoa^#J9qh) zC9fF$T$=kAE{`6@l#+r{A}S4mb2g<0!)}rl(>Y~UL5U^vrdiY<6IT{fW{J5dfG{&j z{g*@~SWtp;E`zG3>St`ZfB0+86*CJ;Y_?UgiAqe&Rj~I36mv7#`_I^Z`VWWEUanM# zr>zw>N9=T^b`RQmM^Dnat4Uls8p1F-(Q@?ZcT@vm>oRQ>mfcJJV#G z-Q1B0%b`o-%{R9MgDu1J(HJlpdC&L8U(u^>)^^X!zcjW0?tb9GB5n_tcM5pX?Ja% zU4u#*Sc26?IHIkyOweX5wKDt*)ip$Bvq(e42H;4wOsX|B^MFyNm1SBDEiBk28~fzW zPWk=3+;z;z`MtNjy0PV+6$4*v89jHKx3(sh@~nGtopbK|W)IJMnwv8&oO)6*-$ibF zNwwV7C13nk99I|y{f_>x4JL+%6NATZum@Pizpy>y=zXwHj75FEXiV(;%2NB>_J#fh zL|d?yOU=Nk5LeCR!AQrLQm+l%Sx}sXTv#I^lanpA8d6D`b1PrUFqsiH+t9W5%+}@| zqpPBk)f=}pZ~Nxn&hUc4_{32u;IE!I8Xs&63yEz{@9hrHUlxfhn;-7p`}DSs&)&H? zKJkbo@$2K8cY%ZwJ^hXGF!}*rfN#o#9ZgBeQBuoFnZs?2giDMK83!}j~LySvX0(bs*%dHgUx0o%n&Xyuy8pG+tCYSjcE56 z(Gh#tYDQ0ZyCm7EFLsyY6douCBOAN6|IN_QBV(PTBi?nJR=Glp=7-H5Uv=5VlcD-7+aDet z=r9{AtrnsA@3##7%~)60*xw9o{%*5iu~r(*?SsQ%b&ue5SYsH5#^e>(pr4buHgIsC z0@uHn`x1D%zvJ#Nu1QBBw|sjtNgLhnloBc^`;*EnId}7sR7yz|a%&$z+k9F1o0QU7 zQ2u*T>6LT0|KDh%^{W)uZ$2=mJ&EhEh9wruM>31(tiPbF#!<|D0_%E1QrTL_fA-$v z)Us8~?ZR~jANmHJVZG+A z|EcFsrzhLpwxgo-F%E3lZ8I#TOUIw08oy@SNq@TIL8(SH+hlU7~PD!0^ zwiyThcTy+Ln0x#V>4xA?sNX$tfq%Bs{dcHR9{^MITS>bZ&4Hkshrp-tY2!w&L~|cZR>wP}xG4B#2bA_E%5tt}|EVs05|ZBtTNR8U%y`9;g<(nTG( zYuO?yE=%IBMPhCSu7Yr~93*DZGVm^*P`rdhlNmO}4FScj2`C{C1QeX!K=O)`28UBS zgS(E90{B?jhsr4F#%6Fq5?DbW_(7slG2#a?c`d}eYXZx=XLNzZzREcl@=D(`>!-;p z58T$?e%k|@ymBD;cyNK$bu#F%o^)0&2tICgT#;GUKf4Sv%UtIwJJV&BGZ&6rBeQJp zzyp}w`gpLz>O5(61W!7zg?}4&^CbLRWCDH>#`>}0tawKn@1x2GgIm%vw) z>?Q%%@}C48$oeEz{|mvyegY7w@xL5A1Q@_Xsqzv}c+mx3+k#z<^0nwgIwRLmO*l zlH2Zb@V=obcrayOB_;<4{-tMF_o!JAEc-2fbI+UmMxQ;@-+$Lnuo zd7*+9m*6O)V@Nxuv?Ep?Qs78;Q9#l)4MK z-l?r%8VIh1$j3Ox-4K`oK1qCDbUAI$N7x}rd_i=%aFFyeMoZ-{pp{0B>)4^la}oN- z1gcTTMJdAaTCtCg{0TZvjL^~W7D0O4N9B@yByzDYqT$ZZjaj3Q8{-af+qwKO;m+=Y zazIvmz@Wn#ICd74of>DD`z!|CQpgt zZL#GVZp=b=vU?a8c5Ok`0o!R~M`jyc=dtgMn1l~WmA<#4S!rlq&XV)thjl+In)ZsHU3 z(?(yj-)M1I-m#Wg%w_&;jj6F&HX2*IGND*h2-*{yWwE($iNzYsbQm+;ZDo9-IbG^& zuH{QDVg>H9nvE@Uqx}(!v9&W3h((P-d+K&s1@vac1+16z^NNag`_h>QVI1m=?^>!=a#=uCt!Wdf8WvQy*ftA*tg-%Ze z&sS8r#>0k%qM0{|0xJT9N4xsRuql9rW*b4sG1B*ffo%*)I|t_kxp8%p7PZOsf?)iZ5*(Pp96u$RXf&p*aL2FYPqJ+2N1V}@#fIsZc^bA4YMt9n9x*X*xITTT3G zr*q=C$(o*MdRA^YV{Xi&SUv$928sO@=IJdrNJAn8LIT##5P*&=o zhu74{P_V>li(txZjqH*3Ps~*V5YR1$#heSJhNMzapj{wW?F298s}0tHoaJ0$ocIHw zdYtG=B~8wg0FY^FPz*n93p&z47o-2dMzF-the9S^AMACrPe}o=@r7XgnBl0J_RmuH z+`&IJv6O#G{a}Uu$O$iB`o)eN%({I$dq8mT zY(x2NPh*;*toPvvjsYV|+F-~;R4DF&O zTm-DBMJ0IAR*XL}14FL#goqdAa*263GdpW1c}{y%eJUwT=MpkgT!gL=Cs|kDGBtKn z7l`+~&O#?ovbvw%b=ObTpPf9ZzWMr|^Ft3|!+-hVp`nM*?if4!&=5N!2m3>_UJA-` zP<=Qk8@Q7!^!lDXud8qBcW6)1?|8X*=gaEv*(=%&KgP`{&^iF;RGI*ONRVV^7cB{5 zN^!uVR3MXrv5+@dS1n?lA31r7LH*T7PS5YG=7{o?mb zPnLa8^kXd>t>Q#YwW@k2d}5^`_G{LSaR(@@5~3LZwYYHK`< z1Z-W-<-ys+AYbXf5MHh5gpQp$kK)CIKz6Mcb7qvFDkRkOmVtc2T4AooZv?X=pdvRj zMkEuotO)ktRLKeD8wZ3%1!*T-HXN{gNnjIyElNT``-!~ojj-hvL6(Z)e=yEcev4Z* zNed*^6d@Yqwy7uCF#S#(ix`dv*`GA&wIV2~M!<-{?c<94L^#{EExfx*SF?v(bd(r7zF*f*cJiCVidm-YwCKE zPYdAFR8X3(f=>&^$~`~T(|yV zwbmr{Vs$~OgW(mltO3^Nb4AKc{JU7lMSwnjQ0kngM%%z>Ezm+Hq@PZz9YHCW2{trF zV7)Lp?G>!X((X6B?QgfB{DR;LAODaq8ud+V z^sNX^d>8bYKlJw7Lb<>XOgzb#UxWX1;qh}V{%5D*f05eGL$_;bx2Y_dF-N1eMMR&K z{@4=F`dK7^@UHKl70F0V!4@j3Lf!+%g=12 z_YiIxFaJyFE@KTijm4aWW6Baaw^S1kz2K9YBpBB!(LKpc1}CQXlvx;wETzTbS7$dsY~K~^ySo-hNj)cGVH0K#bWx3n2^@>ZL1C2 zSDn}*T7(oH`si;Ddeic$JJ(4e{=G+jKXnpU7k|ht*uP99h!=J64lW3dL&T>~tV+@zOpMs5h8egAhAStQLERh(A~l6v zG(*3-K^oSnjcBsfz;NHXuy^_JEwo1Tolf7*rtHw*y`bUJ_3xl$kUc;2jF?(or$eY# zRK!E@{NUMiBNL3)7rCPm-AEL<_LuE*VF^Vd6C8>4A1qyEH4;+e_w+_2u@@5m@MPiU zr4hFcwyBBdQ5``o>zpifp*n(QqA@T8{Tgen8hdOL@w_l7YYL1xGJr<}(hS&U0OE6s zx1cZ*&j9urNyRJXYBX92fGZBFhYSd8k;w7G6(lSYVY=75@t!X#sn znKYsLrZK)OIOzl7as&;n0BnQi0^ycop%o9lv~Alzeq}{y=0bT~kh@uy-=0{py{%*G zClXIFbB8b7m&x?i`^NY?BJ(XL=+YHmd1>nj%lyd17v=75L)9Z4cMK*HgWDI3Kf!$V zmQbd@KND(!d*(D=$_Y+mE|-V%Cp0`@Fl^@l0L3gSMj9bkP&nfCa>QMjZP+~xS;c6} zx!l?&K}->NBDi==ZGW>N)Q~3(gWdvCr{tF0Sl>jM$k72hve|}^=JH@{7;bMHj)vS~ zpXdt3SSsQheSCg*Q`ffjs~g(}y1%o{S0Ap~_MPs5w$v@_w{>L}HvjFYFH*9;?dF@? zqMg#EE|Tno??|2FYx&;>JH$+@Rpi~_gx4nskuK30oN)R(#jc1T_`Hd*n-{IESrM}h z9X)&+_5cTNB))$k&A$r*{d664vY;fzTo0yuZc1yCe=Fe1;t*YXeE<@r5XIW=)yXXrBeev4uf9SjmG*>&jzr3_8>4!`cIVi!{z= z^*ZJD)AlDwp+4>0}{i0{+{%9n~_P=tO z+r9hpEBgbH=>0>~>UL9WW*1E3vMC|s=NuL z+v2RB*}Q=21=|^SpsDi)lt1>M-GGEcoP>lO)D_rQ7olo*UVqdp$^j5otD!1<#yMt<-9}k{ScKCkDjLi5;Ux$dN?pJ?t zOg*cD21r_{ZLg1Yxfy8~WX+C&)1v`PMzS1+|^2kc+3WKVqMSGz$W6D=6jUi<$HIP|ZYAc?hynpHeIu z)px?>E2X%g_es*c&P;(TQ^Jrm=W5%pki;Vu3yxw=#LPOeJr@)=jv{$-DiulibSg$1 zb>jk@3}6w%ZW0o6vj_!f)0PXlYVswKMRLK*)kIOw6mqoHe)x#u4C82kDckEkO@j!d>3 z!JjYES+{|%?w(kPMfw;!ap|#p?lCMpa^%tp{+T03)K4B!SLqiVVJ9x)9s$p|bmGVn z4v@zmjklRT4_T_{epM`ew43kB4R@DUR1(+Nde04~o1%v<|0pKcyXRMerp;V4} z5px!lDho=b4qQMMUVd9IROxZr} z-(!ozBV#>%BfVS0OO7@z+Y;H2Ut(iE?tcOcXxZgol>C#XYa{usUM_Y_(ka;`r!ii*@VA}pL(LyCE7g#TS+C!4F^ zxR4oX)Zum1#D}f8acw>SZ=o2*Ylc$)B*wc^)8y~q@(AuB4_DIhjTE5DS2h)tG4kmo z)jjFi$wi&)vYkuk=07o$g-LcLR9}v#An!33Is-sP}Tb4OIMA zTdu|f24HLxYU-EJz68l7)7YRnae^b#3x*FCq*7w2$q5?-7~Wo`Mo2rT(M0eF_OD_C z^!5$RNDZ*=Ykpy+8Ke8Eb2BgSCZ6|Nq_|mt$aXp)I>+~$T_%e~9Eut8zHAvw3p^inM%~odHQpCp)}5~O@XTD#ZxDS# zl>pt{QPD5RLZt{Dm#@?B zT0E6jzv$`A_^pCDo9-Ro*)}AYo%OK=v1-E`qPNoOL*=fH6~07gq>KN7&fL3g(AT@b zGGZXWX^ocyKhJSa&c{JA#{619S6muhff^9>-mNV!VzU4zjT6BZ2QLU1?Ym@wBcEF6 zO8ZsPe0B|%WHndW7v-)XQ&876&2P+xbra|2kZuJp2iFKs1>%lLYG^1Za#D!_lM=Gx zIR{O6-lJJlJ>*=8^~B{GV&D{K11ZoK*kpoal(CV}6xLn+$W@Rg-{sKyYNJ|EeHLyT zluI_qgDqiA%?L+3LGyOIl!8d6S~qfT3crX9M# zzu}Lo`x0Ghfj!Rls{4xcph&Yl7}Wxjg(Mmk=qPmEka?oI_X_-+K^LGrs@5$Zx`~&l zt6lST&dr9avr>{(=Gt;mKbAqgU9p05Nwv@_sK$CIi$ZH5Sjkv5DSBc>&}{hGTcotR8k80M$v*;mW#S$VZ1%eG8d~qRX5U@)FN^mdz1ZMqHGC8^t{jd(caGdCeA|OtI z2mLU-U!wFsukhk&11~sY1`Z?zWaNx+LqBiOVh=z_0Iyy^31B7N&SIMq$SU*gIcF`w zETPL&P4IDUW|9Mn5d9wr1OAfQM1pls^B@n+WR-j)kp~E1jWQ@A12J*x7l8}LMa1NR zc5C_*s8D!w#5aPK`CH~%oGyPk*jnS09hRU|ih9bNb3BO}BQwNSrP3o&xx@Klmgo0n z%@$TF533!PWK?3JwJ~h%=0i^&PQ?17yzSs)RX%&%=ZlN|f=RGfn&k6PegO zH&ri9!O+8$U9wVfPT5&d`jYvIon*_XV6bJt*K?dsB7V>wZxQfvMWtlMYbtvp#2@ULJ445J8u)Utgz)OnsB+>e%dOhhc&J} zfr%lfe)^X-kPb`x3v(dM22Du_)KI+W^F?z@k_%?6v?#>j1b=1LK$Wn;;)+tzD5R3Q zxD%=~IGmC@gHw7w1fWPmDK-=r?~O)Uuo=KJh39zzQ&Z+lNFxH+?!9qSrP1iG>K(b& zp76Cr<1Vu~;BOauoAbjXHBzEuY2V)NeJ{3sWyo_kdz|j(J(*hN=HV5Cr_$Ymc}eH~ zl>;;Eu2}Ox{}bVaxXNfWR+_CIOK^2NyAb)ulS3{OZ{;fnjo630g5BnyCC~FU2Ya$v z*%J0eM@K)`Gu)Bv35TjItb{K!@MV=TfchYyZY{4CMx#l zb6MeiWzO@@w7l`}_v_UaqGEeKmqzvM=i%vc+FWKwEK#|3w9qkEVKbespwcs~4`29O z+*N+ssx_3^O;gcFQ*HE&O6_iO`bAn;61Ca%C!M_T8+sC)kWMGEbMVHbc5I|$E<4Ah zq{Y*X>Di7LU6H2RXIhK*oNm%C&1lEDbj+jE)54v~vxX48_cms>s)Nel{RquF7Ov>#%Y_FX%LN7@f2B2tNA6xwwBL6g}d zij`tzFyonFTlY|t`qHDnkAt?E%tDD^_gRcCV7_275$i>?i}V{@X%e(+H+PhKfm4>r zxs~@qK83C+B`aIW0XLs=5=~0o39mVMyY9D53U;3 zjMk%{#8vZj(+09%hOAN0JYgQT7;vH6LTx_h zwpUp&W42-DVwfSCao$;H^;Y{#mP+%wA!{ABCf;oFx`eu**DdgM@<1qb=a4wicw<>KiayOVKmmLuy_<`an+{blOyAHaWe7 zkA!U42zhgbP-XTzyl%5!?0WqH_T=zJr>WE^xO{hoEYgEs=eI4EZ#%u0e&e-2Yq30Q z_X-p?1(Y*DSHgo+eh?mQRx_F~0vyqz$oR6>yh%cpFx<%M#%xM9<@ z=WpM>i%NaA)3pmaKcnr3Y0W9xN2+j`sGzCC{52rp4f;_`;v{AfdL-TR!2e{LF@G99 zG&3I$q%sz9YBrn62&>?g=_th>i0f$^)xx%1;Q2|luAx+}oJtBOaq!m}}y_X1;UilQp{?o6fT1X^Vv~5h5TQ!CH^kTWYB^_N>_)vjpw5 zOIj>&kMkjl3$qOILC1{ddckb^PJi42`co3_Xa<7diFTh^ z?cCMkHyTYwAgJho+o%aUGTKDJWx``!CU>QMrQ1rpY>$(A`kn zRYTD>1w8@u7I1%oo*dRmNC=H!q1xqQ91LU^O}v`)^Sw4YPZJoQtW z*FM~RP_Ks^b5u5H*N|^d-**43cEr5)VK5Xna*+$hem#AZXfYh6QDA7XD?>AEE)FdgQ+H2|(y-~u z(EfiL7dXd1JI?9jLQu@qB+X(!nm({&*PpYG9@t0C+5b6QoQ{{*FJGCkDFpm;xH#Po ze06N&Kyj@h{szkp@i!PH;%~6%2DMn6OyHe!-vjfb)XGzzQ7fF*$v1<9M z8FNv}?bFmAv@WOFaW!M@Uvhpe9(>d~zP3Fc)RwG<+<&gb3P775X{)}G7Q#oD{{pCA zivK0l0!&#^FXDt}*rQe6!>hCENV52e5)2xfgN*U;k034pNZVdNW#2{LIs&} zi>$cLku81=>3!0z(2rDRa|^)_E2YFO>9HiV+eyXUE>s7zDJBLAAsFAo*Q~y4q54th zkynH6*FxG6M9HcoC{k{%z5rO^4?1aLjLY{}h@}=t8-!(o{(YtY1lv+*aYE88Q-s7V>~s zGlr;W6p5FcAycLeE@upZORIp#m!{V*DkXhT+NVg}0B<5PnnDEu`6vht9BCpA9CVCf z_LdZ=5M^1cfWxgX+`4?u1nS$utc%)P!r_)d`8<0~f{$3@($R#|=w`3IBM-KR!|hPQ zU$q}Q;EU0~Z7kvf{8^A+0N%$%FBe#RVIk7JT*#pl2DV@!AJkk=gVm69f>WL@unFga zl#IfiRctneTyN_k*Pe!w#6!|btqqQ!lM2Y9CKzf*9@@kjTYO;$@8pLaUV9@9jh zA-pTJCX~&DLc7>whBfMM#=pwE9y0{Yyi+opC;AOf?+S%7+0fd$U3i&hgZiZ~3ZDlj zq8ldl*8nuRm_g4A5JQ>m(xZ9c#EhgLIY07wA0HdSrDKB+ zbxqt3rR+mpUs;}AuU(PNZs?1}`qt}x*YcV;5WCcR#VfGrAqOKCx{pl~4(a5if$j&; zeGj|>bCu{lyyoEhnlp2H*FVJj+6M0b!yPx_6Zhf%eZnd@zfHpUHo({qyEFQU99Qrj z2Y_``v7Te40X=jV$gG2(bpG zqD>HvG|=odAhZYSz?gIG*r!A0rdog69Nadx#u<}`j{bOT?0+5`dT*e)dBAP-)c8z- z!)`QreIBF4ODi7g2p&*=vNaSGgkWgfKPv}<9S^N2&WEXa`M~^Gz!Z!();J9iD^u}6 zS#WCIrXfStb5Uf-Xy-<_e1OJ@{m-J=Lgs>2>yFC$qLnbE(2MHUC@J>kf#WINRxZO~9%p-JvkDcMCdiwK3FAZBHfA~~4EB9kiz*r=}@ z@+M3SY-xrs& zdS*mC>YY(fmI*5!cxk(rQp4%6YXs~<@QUr_@_vFH+^^uPVZ@5ky<&CG0ND4S&L{ua zoEr{7r_1VNx&vN0{IE_}&Ct%sX)O*6NCx=~ug;8jtyZ)&u!jcexea|jCXf{vs}b3>eFyR2l+A^d`pQb>AI3TTT#?&{}* zo|M{hoaP<{4`hB8&{W(uMSAD3(%`66w!K3xlGaao#W+ zeKIV183(U(I?6HjXbG79QNYez!filf^7)HV2-e6 z?fRonL@KErPs4d-L{T3ISK}N}&v+c$te_cJ>$m{7Tgt}-G$`g#fep0*44To!72WW4 zb|u2%{z+kjH8LB2kJW1wL!n63#P(id%1U%*E!8CQ-?Iz$=*7FDqP2#9p}0>M{c}k! z`^Y!df9yB&=l_D9*gx1c4F<@dISB)irjtT4G!`ww>aRH$`7c7BXbFYF)f0E{=dV8f zb)y|aH(Fyfbg`Cy!G3Lp&P#G7-6j8l{HEYnh)ZXRP0raheg&|H%l0&f`A|3@JR1sK zS}1~whPq33L|l?IvB*;&u9{ec@DF_sr}|%CaExI0`3TqM6X18Ufqjp zdu8CRthkTv;oK{0kh-eT`Kh%HOe2^PQhXS|KB8-XrYl#yS$i+$YBT1_2cGx}223&K z*9wvjtah+t6zv09XgV4g?E(H-=R7C>Y|tUjx%dUS`-g;ibl{^%-SZ4$Gbg%{>_w;N zU+A1cy#kA}k&}e_n*LPJi4&THr{A;~6{A1VV-r&Ek`M;=!9{`{6yy5`FN;eZGm+l*{80r1cnQ|DmVwnD`W4IB|=X#RG6D=J0SJhev0T*M<=_ri%*6 zX}oqFRx5bz6!zV^E4+3L&LB^j-JH}A0eeD>><1a{uoI3g&P*y9K{TC~AuANLHNx(L z=(;-B^|)|05MkQpSB^(m!V1n_p(y<+5a6?S7 z$k^D99b;qa>uN!LeQb^~%F%;Wyk&&<{3pZ0j(xWJEM=Z)Y7 z{84|Z{z(0)Rvi0&b@>i6EC17*X53cw#(zjv+dZCli)Zg%H9s|5+9P3^R2Tu`ATMbD7%81E`FsLJReP|51Bue!# zmKJ3CjD+ffu(v{@&@BwGuZHSK$ZV!ay~*n!Wa@VtLy~yHJ}~y+AY#E>gAa}k*pZPX zqF1@ZV-dY7!Z!Pk-bQ%^UAG;pc{0M>;*+SL3vhl)bUH=;%+v#*A-(niQ_q~d{1k4d zSJLA|cSG@MBAg$uT89xx?H`Om)x~pN+fws z(Q$=iK3+QTf`qqkj4t0G*-bzsyvZ6__lsO!UElp-z0_1T1LVdT~XbHE0| z57;K%O&$vizCRxeJR{h)LgqY@mfdI$mEVD_NZnwG+U^i%S}uMp;CwrTCz#K8JZ#Xc zJxg705k<>2vHO%eb`oz8iGW-QL}m0y2OV#qsHV*d@d&vY;4TomTousp#tU^kg7l@> zpMi;6!fGO41pq)#qTCR<_Uq-4_fM-07qHYKtnW}8@Fjp1ek<7Xln{u#U){n8TRfi>>+;h-hGV*?p2 ztGg~gYVe?bP!AM|OcbQe&xz#sQi7;Y$c`c@2uRaHMm}g%rh+83b!a4d@qxZg^<3xsjXdOtsd>@*QF^5xrRYbsu1wa_4x%5Bpouag7Y(f+iqN25 zO%9IU&IYfN3HaA^QRI}NH*(E{`2f4(yuju(0nL28h#xTA5W<72_EEZFQpR&R2h9$L z*`cs?3vdM*NUok_`bj+kG>{e^&OBJqk%lj^FnfWedeZFop^)lIEm1G3cc_1O#3=;% zpkO@s3fsnaiWN#?Lvj$6YO>K{%<(jKqj^Wh3+*NSx$|3Me1|8BKDN=uAn z6IIhoP+v)syIvn?0%GbQ&yzD{GMvSgQgz4J;eIdyy4X)p}WxjJlm@QVej*3 zxGS{8`N9j%VvD+uTG+nloz7y*RlH3-vRmC)G4|!g^NsA;D?cR0H#)C zcB0%lUP>&GFDsu#+##jCGE=4y-MAJcg7@JNjN8Dkj*Va z$Ze*NR^Sr}U;q*MbGjzB7_I%t*FdQR@-_W*O%2kl=SV7BoPpV<(oxdfi_JaPkErpS z1m9UM*M|79ytxKBCP5bUC_tF`iXV>vHwa&7iWJg}H@ekY%QgdI1(FGMz9yt0Q3iyN zqP&JgTH&dn_9E$wDT-qO|A%I3lkTAl<3@rK?Z53gDxx8N-}CAzuv92qt9R z_w=6lm%keL-fb4^xwXmus; zWyb`s(;xN>fAgiE?++$;J|22N9sk{{>kg)Se9{bw(kl9$$C>rDM`AvN?%5+D=geA% z~1nuRfs;`ABn-C-ReggKc6Ygo?GCyGw=HQhw24E4u)jj7+-&4Orw4H z_R2}41ZoW)w3{HC#G2Mqca|6O<(hz7z5oD5c$Z@7J?ub~EGcqR}o^gw||a6AD|7G57g@_`+g?-EQ)h^Ed9kzb!Vn;n1p} zk+)R%>pSP%$=YILTR$mUY<8n~oBICl&HrO}SJ&=Sz(LZJZ!T>t$#Nbp%PoVPtbnbB zW&mi|QcxDl$_z5GF>;DdpCg(8hx%@9ndfc*z~-faa&rj(cM4X8yO1keevL;MTcJ8bN0^B z|FN^9W9O3__kFLq`O7PCb5GCSldJpgnb-VNsV?O1yDcPn0&@QrTEBWO*+%f5b+D3k z!i#GJUuV$ssC1D>91%}~-6yqua!w()icoAO8Dks#aSg*3b^(6=tkP!t7USX#sU?Fq zpx~7GyyLTSj)@CFB(Om)Mzl^ zwfR`@$ng%$!EsgI&X8>+*0+iO2_XC8p+#2nqgE)ZdQE=o#iMZZ7pSzo>&*uT_Wz)H zwC#nlzI*1kd^>m*P$vvu^PGR~iEW2E9v{W5sOrBVL6Pc=NJ|cU8hJ@In~w23=%o{0 z7b*IRloscTeH+*cJunp41nx#z*8uD3M>KC2LM2Kf0^+BQpE%qGiYhN|$(r^~KaC*D zTvJk6$_<<-2ZOR`K%7Bu?0q%XYv3&|>k+G~(q%maqXM84dJpLv!+Iq4c!OJh{fe+K$<{+LRc$xTP55`0B$NKkHn&6|* zic$5#Q*;n}+Ir-b`82*ox0CxTe2MOECUf~lqQqbvmTkc2N)Wdr=Wp0JM%uXMLjK0v zcTrudoL|2APO57|jK!ASRJTCRe`4Dns#}Qsv-?nkyjg2MkMr_Et}0AAyh9qhhIA3l zZOP>6k_-nPq_?1CL@g!Je0a1 z$lbn$e)aUUdW!H-v~Jpp+U!sgp8A_{rjkG>7?T`Rb?G29v7n@+u%?Y_dJE!CrvB2s zSO~bcTaGy6OVa5jaaTew$gYGdzPJfB&ImC%7thMwkHY)qUnl?H(ThJnWaQpN+j@K1(%vy)x4f{z-a%^jtFl9Vrj6S+yEyZb)v|J%=d$JtAkc6w~Bi z4&^YCLr|nmDH7!}5FDKmBm2s=_raY_d?R(s@Nhh{>)`QqXA_Wb@L)9`N}Nrv8o4>1 z89Vscnm3@reWPpV#^G4YT%b9<(8%D;DiSE|XgFQp14ln<9 zRP?F8vwQIYvETb_(Nk?3QUBzjLCG+BEW&2=te!hOWU`d4|AK4ctI?qtG6b(b^juV| zQGajudF|?NanIw?p4CO(O3ND+LUv$E21C*kq+Uo%lrl^I7*?)?k`md#*=tHoJ>?VG zQ!D^eM1uz{BOtWtL*i{n<4PelbP)&JS6Yq`OWI(F6gaI@Uto z8Xzv(S^}=morEbsS&$-!p)6(`J2pvs6gi;8wQsl}b(4}tx-aSkitv7l!NkUkHtd?jcxgx@EW&sjZ)L-~o;q#hl^|1i*L8!kt_y=Xf2IU>J7cZq7 zu9P)>-B*pAaI0o-Cv_ZlLQNglKq(*~hF_(H>#I=(eAxoJKi0a`2a7wanONoPt=WJA zQ&o_nnhlyxb}C(?HeUR022UD9valPrX`jqc4GhxidMMiP zYzDhN=8orh$V9ubH&(&!zM9L2Y386wLmG(+2TfiDO&&4=Qs6o!5LvJ)pk~pM2*F!g zv%*)vJWc+jvuvl!?4BqwR7h?b28o@G$n~enr7DnEjlkNAo=e4$NiazcU7FO>F@RqH zzeS$kdJHAl(@Ia2?ejE5JZxXoleu`xXel3`SR9n!=l{rmD>(aN2A+I-sa@Txw^x`9 z=Ud|JaeP%|DBdzLgcw=%ZAgL-LsSWk-_{aWhoFdmJl?{eM4}LYK<9I`oWqS=JND9p zT)vf{0GS*qClC#TtffFoL@i?EDH&OV7{X?WJ#Q{3%_0S&;d3FhpHUWu7q(s4qX%@$ zA|knSmXi0Cs^?2iS6HeLTrJVjz@4^K&6X+DnLTAe=$&4kJsaW6xn|<!ZtddWjA6F@Eu(EYmx^v8O*#;BH`Pblll*Wm|F*LkoFb>eSCEr)a@xyitc5Te)-J70Rb7=f^{yix$VV3Ghmv{M>1|Qa#rZcYw zZfQDm!#T>|NV{4V%FYmLlWP4ETM%@~ zFTX6iLh1{W-|tqx%ZB6pg*Y`!>I*c2fV_cJ;t6MhqYS?#1?$(oto;~u?m(CtKdu{y1W9)YIL4#@h zJ-&ZJF&rD$Vh4);elBF^^A|JRdyt#QMu_M^Ks{5o%DHWmYk<6`HNLXwDvew#nuHE9 z6yEkB{Reo6Tm^_s2Vn$n(**Sgg&-pk83(XEy8em6)7_F0N)s)clVqfjWGk7%;ay_% zr@9-2ef`_~sh-HCy^)0}|4aSv+_O6OrHxesvej&I3sR{`MDBuE6@qwqaUhM@Z=;cS zRpBcE6`m^IYHRNEh1@N7udpKe7kVL2iDhnu)hxuJu`&k3gDd)LO_E7^LHO%PPs+co z|I&YpcBlM!FMDXqj`XViea4j4VTZ!YX~8!cDL(<^fh`n%7bK}dKLB!&)iNgGqdSBUHAy|=o0fk}&b4DTW{Ef?vpF}?j^;v0tf`dS zl$o?PGsXN#M5Sn+urQm_87P=z#9)%N3qKx8frIG?*bw?Hft-*tGxVxF01yG-w*v4D zYW0)QznRPxPrG8CmKtLvxJya!4X;suvVp#@v_ah!0nDxeA-`X&cpN}q67}K(y@FAE z%xCm4^^L*6;}*xn9=rg#2&bRWB1y}K4 zDN=u@gCCWrNtd-~CelUamGJ|4fQ{UEr*-1&RyJS#J_}{n9_a1;90bF)2bT68SexA* z=^SZHjdV3Mbd97^pX`h*^5AQ#b0g#{zGUO{Wj}IYYy~I zznvaO=}V(&zRG6z+)kK!`7QAB)zDzwz;Sls$9bqTVSr>AENAUIPFhZC%3)WE%^vF- zDhN_;+QBZ>>N3s$$JzV9w^3dB;+oNTEX%Sy`a70oS(eALqA0Q~%d(;<{;w#G;~3+( zig8RZ!EyePgd~IjA*60dvusLJ7Rr)91Dj>@WBKq{Ne;9x{X+uVEi8CxA4^%bkFwp} zZp-!`rCqj=Sbg7fN3tEDyYKxVmgdi$(agQ~+G=5qt-LzTe> z@5pe!6K3PYexK8940^pIBmLE0p@#PP^Y8p}*RC&iINPIVpMPyK|K^E)+-8-rwERES zZ~efDoO@d!U~=>ALz7-l49m6Q{%Urk=pp1>i?Z9z?+2q^ng@RWHtN8M+(ySVKjYSd zO!g*bnZY2~2IJa7)*&!Sv7|#-*V$zXB`G*0KuT0gC^1aYVreaCyGa}&WLW253#t(O z7>&M8Rn*cED;Mu)pS{|uh54taYvgiV#-+|59$g?Cy_#M@hiq1wx zR1C}@gK5%Q=$1Ib?#Py-9h@8~-V#sCnp!SAH@hEuY_u`l0<=kwLg|tCHkikXHdyjq z&2I-2ZF+-44ps^NXh`HKQBfcy>MHa(T_rd=f_`@=BCbNM0jI|;$dbM-9t_5p>x{A- zaPs~(c8O2KV6Cszu}gvhce_h3gd+ZGkE?J6_XODQke(=9Qxop-4(#Bcb1HSBP_7ru z7Na*D6m^25+94=@-e{3TVP$Vyxgf#)5SDe;NkR>VW0_zImtraBEoLZaXe_(Wfn7t0O0oE}7Bd?4sf;F{*B->KA=$VPozA{b0W z%h3)Y2alLCv;(dQM0hmBM6ueuyQhmt)$Vd3r+bZ4 zkQ;c>-GAjf;l5R^;Z>`&_E0C)UKbm;RPJgo#;x5NS^x!Lx>0Qr@H-Z45o%7mDC~Zi z0rZ$ibBzJ;QN}aPrrh#mingNWnfA^uA{EwT1EBdiFE>^#@5gSY5(&$z-Aib*#C+bY zG`AFUDRgj@xrSNN$+Oc)@&^}Mqc5r&G(i3hL57Sp5VJ7zX^_0q@M(i=v4N6=w7&7s z>s2-OyYC!-FATbo$hW!CEBA{Nd(Pdb zv%B18eWk$L46@%k@noN}#(UrIv_C%h+Uc>e)2|&o@ZHm6qOf-?N}qUBTvBz?wx|=_8KCI zn^|#9D{Px_#?l1K*>>hJx&t#Ubeb=)y6-@ApOgjIEd%6kKeLQtHqYH!P1@$Id!RUj zL=o0a|9F*A>x_459hFY{q^xnPtxi&6K~24Hc@86wc>}y%%GHw zi6370#SdS2jLv4`F&)ljVi%2>wNhr?#S0yKe*K=h>aAq#X4Bvu}9F+P~1L{q5he64TPm zk?Ff}{Im24O0n1i(^w9_vapvi#d9b`jAKVYG-ik$A)2w}1MBYo?DS%OF|Mn!a4Nob zVBO%y&Y~pIiDmoAWd!TSt)}xjTk8t4N)n%#>t^)j5mUBqJHA6^5Z2v@-mS@Q2Oayf z-q7liKR!Vv>r693*`DLHd53wXqI%yw*eu3^tM*CyEGbSp#TiE|#Zt7i;Idb_*u9ZBzrCw8{+B{t;4b1ioTLW5n2gTawKy-u6i+O+DJvMgASpS{)N^%(qp2}q9A z@AbLD{qmAZSG->F+psz@`1{umw|Kgv3Vh~eiRoyh-|vnDeauw?KURJi>)w-yWIU|7 zm-`{`8akn zr8f+D8JNutgh{{#RztuBr0gUP-aVVSTgu*pEku+dCnHH!#~Z)-zA7CXq|9{}vrBa! zW|myM@ZR5D`g=NDlG)ajv4XU78~h`sAnimz`IgcTFZ?|J!oRStZzjO&m`8G&1qZ_UxNlIK&Wow%>Gqr6CGVv)n$79B*vg}uxa zL`HAkU|Hf{I(psI)&+s#x+-wk%8qZD+PZDwOi@&J>oMTpdfOoy=EJ6JtQ+40=4@*c z-;)Rluz8kkCrP-Qr8LdPu7&R3815gZW8J11SN-Z6XmiqhUZdZ5Iz;CI|`y;m!vk2&+;j`niLc7sL5Kch;FDkHwR=I}DD_f%Yw{d`gwFN{MYB zjvQ1X?at6BM8W0p)mnWquTZIqLJf(6KM?WreMgT!kPhw~?}7j|SQAy1l0!&9wt_*( z7#DTLNf0^{w+BadC#$U%YcLg_I~-0KJ$7rOSxGJl?43-iq7&r>h)%cSx2ke5FdT*) zc(AJ0=@Ort7X<#O$LFc^ty!s;%1MA~AV7YjE6xi{rh@?gaj;tdM4Q4Kgs?>95%gNx zA|^n_K>n&T2f2^_MRw*B{*W%6e^C2GOzh`g@qhGLk|2C^zIXL~NTTD}kB-NyD-txj{Ut zjgrhnws}edY&G!&&ZIPPK*y+f1-w20T9__C7SPGf<|AaoqHl`)=B^+!;nO}}HSb5j z^W2+ehu+}Jk9a@<3(^4;xTFS)U&6)Q2zLt-H+m^h86{gKd?5IfQ-UhCjp0Tuux>R0 zi*Z-M#-+?=Te{(rMN=bGJU}knYgl5TQq`sabpu@hW*Hb1ke>qSzo33l1_HqQ2mq&Q zGI0Npr};DJ96pMJamh5xnljb#Y)2caV+|>f#38c+Jd$iWrJ7kVpfxUDF{wZUiYvv+ zP_)g1)tJc!rW_TOK(RC6=_{ZSU`+7~cNffLpBviy+E6S$G!%~wiRSW`5F+!E-oouM z>t8mQq5}!PRPn0ba`t#^yI-`ws5gJiZnIY?Tsw5dq_>#M`4zwQcr-u6 zw%@+*c&%UZB9sR8OMaOHVjb8nI)PQYiE`z@`5&OT&px`VnGf8nY*)7ytd_#~L zYeP-%bu@%FnR4E)H5i9sP^KY|Yz$l}Fc0{`ph>}`6lza)g(fcMWu8HxtyGgEYz?Ge z(`N~XV+3r&RRmRATma}bSRJJP&d!G)KG7QW>$u>a?+(NwLOjMj?XVeadfnXR{y%^G zWn*8?$PDCR|Md$q6{x2jCw^3W^TH?Q9 zV%(1-29G|nbu?)-y7k)0C(ftShdOwl|Jd-4I<0a4@pIqUl%I0cNZ{Y_4(*N@{IS;# zzvJP3zCZSq8R$*9-62;mQqE5x2*#)(LSPw|2{cY$PI00D`AbK3%s2LCK)((?J=IO=$% ziti#&P}AH_*@bz#qn`IvafT~- zNgBFptaGSi9eF$o9yHh%VY>IC>td_}YI|8>taB2TyD6UaVkSWH^P)fI(?&HeieOjB za-#y1AlZXhtg;Fd@J`V9=?U@fbaW5!`j?i82z-T zL%o-%2Cq!f>lSfPGHni;f7~3!xGJI znC@~7{dBs)4orG~18w$~Qpf2}LT^Nx&>K+-q-|T#HTs7k#wGFY!42pe*&9(EIZx|2 zTUl(3q1Si@H;}pnA3xbSkq;3DH#YR4B0yowIs=)P)C}=(8j6@X(REmmK_LwU;=Q62 zRSDUr8I+f?KK3Bc4&0|k4i(wUm)ZRaf6f!I1Lu_V1UH^~?OWbg^*uX_T9>T)5P z@=1~}6*V}G0ngVvkKZwF(Rcb3kE>phtKb)K+Vly<6Nz|~gx*?XHdh*Dy;AS;D85d; z_4XR^w!ME52p#K{dfWu;S16KJNo&~k!XXQJR4LVoN|&QNGQ)H*HK)I}RG>XcHj z3EHbz+Jr?KHK3}P(kI%J)LI61CEF(kWh?2c;F4)vJXPiYN+@q^`o^olpeR`EhCp9e zyW;8g;GfdowR)KW_A;3Mp1%EUS1FG!;;jF>Ji3&-O4Su97NC$vH$d8u1IZrXR3PVqoJPBe~L@2R&qd))UCj z`aYRW_X0eyAHvaED!cO)M8(JbhPom7d-LKNj2ELwb4}}(`DMqVjW!B-W(Y|&{##wz zpq)utNnlBc8B!eMI_WK-DZs?6+WmPD=L(pkJvG)Am)>3>FLOH4(5t+uG#?!DC3Z&r zqha3F>v8xEvRDEanoz03hq=Vx7xa!y-qAns7X$8X&rS)-h@bbyjn)z*yDg_AHobnO z-_>(h%s=Ea0_GF6T0JJoX>{3nLpd^t8ubQ?`&vcmYmhxw^D^tUubw&48NM;S%HcE$ z9&`qWvexZhJv7W@vJhL|PaaT)sX(l+w*#W6@h+vIa&3rU;P9-GV=ZQHV|qT>?U-qt z1b|frX&ve*)C(Em*?NzLFZ^@GhoT0TLBC{)w+xS0CWuOdE1YQY=tsWypgAVXiS|yX ze*MIlB&|de0=-c*ub^Hd5UX5nz4?a8wBFkh z4cVO~b$Yi|G)exTztYzobVgjkKY8x;-TqzsZ@F5>_Yqo_;=X9! z!;D9K2}{_#fFPwRmF^CDK5-!~FhdpRGSceF)H6TNL1`sjULXygO<`aXQ&n}E+LM%6 zq_?QQQ$cm+qAi;KX+rBo+zDHs32M$72d&Q-n%97w6sk`hw06+URXRQ*PlK-<#D`fM zxkF(}lTF|f&6JrDMWmc`?CF45WshPiDC}!@a@1aV7o9WH(>t-pu=j zrwZ#NauHd8Mgmg~0K5SNV6Y0jkqy#VGctD5>nJN^!>0_b^^I_z7o?~lOR5Z_w-ju_ zG{|C5h1$!G6eLuQ-=HHfkT=62vv_2^j77jDzS<-yQvd8B_Zpvn#MgO~-`S2VLb{R? z!7l~kK52|Dmjdzp;G7d*O%%%iGbr{gX~`IW6FB3 zH&rwJPlIN!5jo2BRT#hBy2eItxxrfQs6(>cm}FeR^Ht@E(~}Z%`nZkKQoFRw8t4f~ zVNnpZS}8F!!RA5{xJw7{@funj0y`9gW4Z~G4RcKuH&v&#svmS9x&j4hL;`&|Opi1K z!49H=h)UZEV#kvB`Wl^9qv_BSi34GmS7(lfJ=RKp%A@!#HRgLxeWAt?v|HPHhQd0@ zTqZ?KE~7i*oH*hXO`&1Q?DQGs#%OA-EpYz5{Lk9e2{|H0=xb1-_CV7v`EJuuj>~t*!@%f4GpB(u5 zd1mut`hZr3Euslg7A$^_jD8-buOZP2f-Wc@HCEqdRPv%$fe9}a(S^{R02ZdW%~IlOou6DVV$0HDZug;G9>FOX zq)KJ2E9!U${veZGdJPD}yd)n6qIAhgve(1bojG7WA5Qe&Y$rYEkSV)m8;(sQkN0YP_m~L7mc5xGrl1q;+lB!ez#vtr_7X{2Qp2r4X? zyU_@;x}s;Gw-RKTRQo-?nEG^;`J7T;6|H>z1CX3@!C*1!+HV>g38(+(*x1)bL+R0* z+A-T1uu|m*)*Sn7{^`GaE&tT}$3B{V`4_wTzw*%W$(3yr$A$*KGB|i<@a#*7d!<-T zUz7_XR!HaUaYytzGny_H45Xrp!%?qPITS9m97QnFEa!i+|IIYC=8=G-GnueCf(bWr zc{tpOpu@T{+35(3_;?}x=Kgo{uRonkKFtN4_n+xE2)5AZ@y#Pg(gCCKndzQQn|gY# zzy2kuOtcJe{(8hjSwivn8H!m%6yiyo>p_{K?nSYPA)sV-X>zdlA@&W*E_v`W4FGqj z(e;4HAn6u5Q*#Sp8%xjypn^rIAB7_sgnnST0^lB?9tjSOZ+Ngj7_kzL%kP7AMgZXD~n+)AH-C`@yP%Mb3yf23!^ zuYp0qjW)G_EqpC-K8(93>+OQ1gSe=ql18(VHd3?(Na(ZHFbs3Ri?72&GUu$TiEKn@ zGs2E9UB#wzT22;V7PRERI+JDwd&CYFVOmc@7gaScj-5&%Te`+ZwU-aY2_f=#(HO~qqhKgko)s@11mG+hfiu2b7xv{7iKSF4hub z9w33S)B&1k(NMS;3v3X7Y2DMKeX3`-^_QZ-9a-)BXmDunX}hT;M-vUPd?!lo{f6L{ zuB0V*3IC;-pGGx*jEfYvE^&9uL79KEb7-h@4og2d&j5aVkp>#j`Mc@!65k_%ALmM^ zdTsH_7}M{-!-IAptTnK)1VmfGv`%EKMKxm1$=VQ@oYey`Y#K``>p5+N_ex zA$U6!>rH!acAJ;gRK3)>QR|!f-pkMR51fDbdsF=TKknSvyZ7Y4SXcf_hHInIAw< z=UDQyI|mGg<*WK!{#9KGS0E@lYui72?Bvi`MCuv4d4=|DV%KPIWxS>-WY0(Oi)nxX#{{41zI7#m;-qV*=s3o#E{W))&>SjZzF7O*uUTxr`M4L6pFlMg>L)So-G zT?~vIpA@zw^8xd8I(^iV4Ta|wCdq3D4+uZLDq$VPJ-g)EOFQhhG ztz3W9N;+;~ZMl_S3wSWHwE77GIk=EF#4MVuc~ zEohiy$q5Eh3_(jN6!gD!KSwAvq8?9d8L zO7nT{?=`s=n%gi#AXaZ}%S>#5m<8aWLznDpp*8BnY-R@wc(^qLn@dq&ghntQ>Oiz_ zq%T&@=Jqg#jXgVHSHr3npr1?-{aW>e*E7|T2F2e#cZp+zVx%e4*OZ9>RZpj-NM}njZA}+C{{A=LRYd?m66C|XtNg>vodqC?32yFRJ@!I9&X=oc=^_A( zL?gOPn>2%FhtE4opBLWaUeK{ZebUUDzO^{sPoEb$%YOSScKj}B=FnYtLXdEFL69>2 zaR5n73kPy2M3U8|zY_?O*65o4Lw7BBy}2$U9geg{+xph@uU&kK3Ni4=YM?;~JhBJi z5lc&q*#xU7z9SnX=l6!|Hj?=e&hgxm8!0!MCc6YeIulG@%iK5;I<4B6G z@aWbMuXLp&;dG~xXigjm4(v`TaC%<_A(4DNVdRG_LP-2ZzC9A{;{PCg1UeShT!%59 zub|Zy_t%;n*i-|QjvXtkk(Qap^#RBac(F%kvm5S)dIgdeh|)o_SY&pFfGfFLg0Ps( z3cV2G)}x95QEIke0SlNK12SkWf{b4pSx>&m05|!gXVG3(<7m;i}!VpU&+Bzgg9d zw_sB>Hb%S=vWG0#6;(@->Ouyx1Pc=q6+~J9jZ0fhVC={axquW=VI{bQiL{ZTZ3$5p zDy#&ehY)Z^j#88)ktBk<{qwThmzwMt?5rxUl1CsslG*L##>1&pIDc>Z;iLBrrVek4 z`xJ=IOC(2kbhkn-jE;oWtMGhd$8aEZ{MfNofJZ?L(&bx-B9 zPe*!64nf8kdP*COq`MS8G}RX0la3@O_XhmEin-A$*Hx}!xDtqolG;5GJdg;jR65h) zNIP#_YVQxbeBL!CgTol^@ksz+AppS_jJW;%k?3?nhfq)@+EW)^zqa4ccg;OjKx)yP zlRwM2<5ih?UPIH$-7GSD9ZU?g;>;ajtf~iYLAT$)0uM0fEXc~8vza@ktPXwumRS-D zq~0kQCWo)#f}$&iL zr`mt_9?fm#xYNuvgV*AcA^ObW>>|+sS`ng=LxF{ZnW1Ev`%7<*8>UuNhi6#pW0t=BSyHmQ}2u-vWaQ98Q@j^Gsjmz*_Y8>@@t# zGu0bzID{QdcHKP?rXZ|0rt@x1L-Q~RM~OM3i)X9h!kW4Mh8rj8&<<11wpE>8)T}FZ zIZEhu(yd$|U_m@HD9 zDylVr&>8d6LI@`|taoBq-+*B~l(;R3VZFZ2=eY_H)$6BO;EqoLJ$XGQUpI#QiUrUU z-`*PS#E@S=N(tRG715N$k74#|td);(cZ5eNW6)^$Wql3JUN_vuX0ML?ABR(`T7aG` z%y|H0J39L@L4l~k>T;u&nkIV4feA@bg=s-M19eQh8k~cmo;6aI?0P<+M1Uj2))cX5flF&f zuGum#FWVU?r)pkaE^T<9@PiPH?M)eHQ)WBtJP-^ggb#x8Li?{)(Af(w$OQ?hl4cxL zPIUKb`b6=Wt=p%tyNy0`IJKywSI2WWOdWk|T=Uf`N3|31!R^Iv%*{BeRWu>%&Mipa z{;W{e*0cXM>WFJh=k=AwRWx#EhRnHTJAu26XM841M6fo_ct$7Ge(eF2JlEJiL}w>V zGwai%l=V8>LujE0_2=^jSyQuxZUgwCu`mr3EdS7*7>bG+qEwX$4p^YfNqJ)PfHrDm z9#}Gj*Fp*)304pdseQFA3Q%H8jCNwQrGn95+EE>NDoSy2$1V=RUYlHJOof4qO?iBE z^{G8;g9lcI5*UJ8B2Z)a(AFr8*avw}wA&LN9>74`8I5%CM!$@~xzXD%861`2ZqS)~ zJ#&W_2IrMJ1nMsI>%PHGhyMR+rdd2c4Picsc`=`Op2}x1pM2^hlq$J;65_Y3svUCH zF@F=A2Z+;sQT`-Y-HE|KMZ2l~CJ>&JVG6jntb*aHK=Bs(uk$Anc{XDZZw(cN# z%k%JEU;TbXmS@aN0B0?{A8dwz^Dcfrm3g&MB_#4;9S&O@sqvr2SkK&muwH{T6FIs% z5DG@j;IvQJpig~8e+|Fo12F&hTVpc!E;jNqas>2aC_0D(kJ^UE|zsYv;$utQTjAJmf;nPj#Hnc^glYu6!Am_KqR~PaMvU7n1$nE4;n%#>@Q@IX+%U0DFY&`$hKNQ+sL~Z!Cwr)XUhG*P{ z^a@`yibW}CFuDR)06XEsXzz=O_D-%*B=ZpaJztD+5VWJ1uceig_|oPW_@KzT1^ZAZ zh(eC zz?j$QE5!@qIq}bjD5XkNGN6@&M6VCPZX5O4d~NuV`qDPMJyk$y8@)a5jlg0A7`LKj z=)t0xY%p`-)lhdb-aCeh03r|-i7#A%N5>oC1~x04ll3;-sh)zy3on2;OWMO~g|kM$ zJ%l^7;nHRs(xVgUS*g{o_{d9BD#N#if4;!C4w zG6nqw(XB2{wt?CwTFJ}JHXrU|FO{j9-DnfpiUIP-4>->gXSwU<0*p)9HDs6q=-nhoGC#UnL$EfrldKOL+J^ z4aQQlsL*?`vq16~&7m@*S!+Q+rlG9#x^^v}Jf; z{AUw+G&y<;Zmgwp2K)}4qAC+agI05vQ&{JETkTxb;dlqVw?V`Y;y;u{QgeKR9SSG~ zUa02zW1#2dkNr}T9u>yxc?Wu^$m`3EXb-BQGK0yg!#iko zz$M_nGIUP#OtG9thoZ`%07vTkdIwJ8KsBC=8izNl%^?aUxGiWN(9mTibPGX&r9vz- z7~BH&32IIJhZ2&$j5=3Y4SrZB^LkViZ!l4t z5ulwxJ zPdzq%=GGq5+@FO)GI(#j^V&Ycr_A%a5Y8ZiY@`Wd17rEfT3NguumLPD&B!+Mir;a1s9e+yJr=P3MmcyhZ85=!4(>rh8ei z_D#S&`KkG%bH6)1=RT$V?I~(Q)i*_aXm%iVaz?ZuN4NpY_Yu;PD`%`)<-mXEEamie z7J55CDzfDi?_*?6PxbvU9WpEt+)|A(6S6;hN{)Jh^4u#ykH`LVnVWk>F3Az@6wyqt zTzMC#ekOY`BuC{%d5&ddg$SV?5T9eCzN7=CY$y|%&2p8fXaYFQW*fn;O&!dmwgTw$ zm(Au}%joG`L^Tb-)G{@)8!qygL=0ElX5G^q*)wpQm6mQc2sOj;PJatgqBk7Jv?br$PlN_592Hx)rBl*J$~dRU)Wl zh`_WMaP zl)sPrw^LVcWQCDSl40cltU_CLf>kZIl4__K*#WykMC(;>y;Fo4X?qlnKo44peJEns zEHd>|-ekhCuoP_|WG{n%k&I%##;|gh8_7TOgc6pWwcOhgoANj}%nh7XY!U8lkKKXu z`5ZTVMhQFQy1at(=kl5S({w(sxT_pP?3%Njbg<;&v8R^kFWz|TV!8?ToU%DUh^5v?ZgGMp5AjA!10K|3S|xu7(QnozZuM* zTn2IF7--6v&B%gJiB{zxC(gA;sJYwMq31^0X)~grN0wwQ>T|1{HX&V`!0=t$a>?diq$KJ!d+c>HEqWHi}2bet@mrhKW9cD5X5*7*e^ zJvsiF@ezg?2)P9Yn+5C5)y1GP7XR4@4S?d%d111-y4a$-@n*j_81*Cu1Hr+#5(|3$ z;GnRW^Iwx}e=-);yUpe%d;1^vjO|L^`snEBqqin+-q>?*hrG;Ub{l%u8YEk_{Lzz& zPxwHv_#1*T+$b0rOn9O}ug@$PY*PMfW{Y;@VRNF*=em9couc20Z*uwC66S|>V66QG zcXaTMFc71dn4t8%r=~cS(ytSm0>Mh$(FW zse}-1fxA;b}W8ZV5DEl+7Wgf_iPq+8%?%?C0B5$wkW_bi_$V5 zc}tu)%pyt%_0aI1ZcjrPfV{oy%^MCrFf#G^hfeNn=Z>ciPo*UP z=H-OK>l-*a(bj+D>52IEP~wO8ZhmUIzkTOP>ZgG0mb`~C*oDYppzj!Brgj#25wd1P z0%6uQ)Y8o2F%s!(CHM3a=b9Me#SFuMfeq?cgvO_8DUmyr8kKoRF3%c3X=>* z5dd@%|EP{4oChaO5)j|QAQEMIc$TGi0Cf3{<{s~5v$vZ|YmNEuobKyerB%4yK@UwN zo?!k@8I4l_=<-$+c4iA(|kemu;x+j5ls$Zaf~?NcCsdA zKHHLcD3tjUXthF_jo?BK0ZGASzQURVD8lW?y@yXJyB{xieM@HTY}R!Q6Ev7Mh-NE< z4Mx}Tz-;DJOZE&3!9iR;c1a)uy)koI$~dnP&DGrq2uIxl2~&#_EyaX6VG(Zu-pObCDsxE1tupiw-m+&>z05ik8nEJ^e^i zs5uN~m!6_wpM8Th;18c<2LJurVeps4p{l8kWU(*9UjtNRWgnLb6Ae(50u&*{pKEq@ey8OfA0-gBG^Z8Sey z=kb1Cz0;KGyvw)5rc%q$tbiPI9C)kX!WD^ssW7I%41oY05km*22}~y#h02H(977Ql zYm7EUS-@08F?2K>#R!ee>>;HVD`51hC!jG38xGQD*-XOO@R#ox(MvXCODrO}yvkgX{{}dGq)4pA z2uh4A&!u_obtj%4-hBAmc8^z5Hih&ixz20ChLKiudeOgmL!8%D`ZuTJ+|j7(=Aia> zPhSa(yA?y&6>v?36eyDLft}?)dV0=(KK;b>pkuXcz#`4#Hi(1Ao*db{cX0ZNv|iSO zRXg54IMC@Ak@G|kQl_9QAm^QVryKyN6N`N;^SEaQP?GMlSGXca!=M_72%;Pb2WaE+ z1Qu`LeF)I13*X$mj%5>0{&{!ac;rRJRb})BGX?M18rRU_UQ^ZyFG$92&RCc)M4kOf;%FYH$(@9VETt5ZP98S+LQ2WB zi31CTn3@N*VezrlZI6$Qp6%dI8tiV5UaFYe>z`U4pBe}tPx8C5L1J25J~xYy^OY{{ z2Zb_uFZk0_H%229UOqe(+jOM=HF7W^!T&(dUVh$he4L6A^Hf>C0zVt=!sXMsT0 zG}eXavEb>T3MM}-L@v+r=T&?;j&>rTY~vXJTfPc`(pc{V9{6<%ZB(F z=z!(3MABd@E|kz@YEMUtp_hLmdg^LIPznhxtW8w>J=qNE<}+fGod6aBFn2cK_vUkm z|G%#NgC6k|P1zq}x%h{+2j8R;>XQB+N!;jT(dr)03FSm%MoiT&!C>q~=9V>xU)`>O zr+zhqdvyS=OCb`-+XOTV@Le9-lV>wqLzzv5@QDCk1Fn0(@Xd{w&Cz-_%`j=~q$ccG zjV2^7V0Mt=h-=K)3T(wzV>4@3rq&kx(y(t_wF`*;$M(s-Pc5P5LHwjW!uY|$CQK{~n~UvBwcuq)BiqGoh=01G$@P+U)i_IR7*MBT0F={s zPCT#RfJGxfWPoMeIh)ZD#)wkuAj*4f3(z<;bX~IsL)Sea!0rl2y{y5F_Q7>Ae6rib zL)pGTD5A28tXNA7^`wPSbd0|R!kMk6bQflcQqWa}Sj5y&oT$(1>Vr*b8sFBMp3~}V zjg`G@v@0>^S|Y7bO|oWMD%T_iu&v2%#PaCbdVf=0dl#sR)-pX|xM0~4oLgza6iDt=_F zlEws>I?Dw8cn?>4qrYdMPl-s5?Y-CM=dS1V4iopYpkMqN^R5avq)z;d)zCc$Z z+z}3X+V<;BbH8eXMO9~LaJd!l&CE6%-V@y~u82lQ%;mOSsVG&(}5o#&s#(OlmHPp*s#nd1|ie*?OjDfzeIo=|nv{*BTO?;Q zb{YfFH;BZB=?Y5*X@WC7TjpzR?_mAFtVYwef&>?6u#Cnu69{z>D+oq*teb^O3njD9 zl&PsJO=vd8_CU*G^2}BO4S)r%Ix*G?G8)|sLI`+Oix?E2ht|(DgEGYwx~ZtSY#4p; z;?B{`2vUOc74YMkTi0w|9p1PK_J{)qZ}!dgdAz3G?w<6W8)LgS#y5ZA)N+2i&R8nk z@Yov%qeBA-w{F$Ls($|Ahq-eHp1P&Y@9KMUjh=Z95BQ@pt%3v`!>ksePg9y4#@hhZGlo-O zm$rw_o0cvMbu=J?q7<14n%kJE3i#RyqIb_YT5|RY5@tJ$k+}&wZBCHoQfSH8B?`&{ z%LCHUL)eT6%deTP=B|nFg;yu-T_SxX6z9q?tya7l^2&G_xw%hlNy%eXgd@9F8nn zJ*DEA)$tsP6E+a{!56URDW$>N=u56z-M6ri;=0OGpE$}^Pxc9#I<800@|eyWD?-gg z9FkdQ&P95!VS~zcj2-9g=H7LTTdmYIqqjt8cxeuYsXw)~kiQtfB@y$5*hu(RGaEHX z#cC3KG`L`pfPIshTkLS#V<}`ruR`gF+^IBCE`Wzy+Isblco{QH0W!1=_1%zo?G{zKdPb>KeZ zhXrIiFgOeb6FgJ0(^y?8c3;1HqQAnsVdF?$ay%+qs+FC`&yI85hLzpR^-`rMpv!4k zLI@V0REem%B1gTC+0Y}HZHkeB*&4VfK&73nU5a@DA?bBwLPt`A`X=ln`D_E`cG%9c zjV;(G#`;#KF(Fy6wF+k>7BiT&Ij{`_d|d;5OIbimvL0ktLZD@K8Qo!tL>vLxAO-Hh zDH1KJT5NtV>UhLmA1(aRO5)SDuOhIElb~!5q%o3fr{KDQEe`3nT2!lE!8wIl$qi_L&s6yK7QT^j z)~79OyTpLisZ{BGUZ?BBH>^&tUB9Hk$!QLF>kl5R_x`M}?`Qbq1`l|>x8CaY{>vtA z@1}zXybT8qGR^~JaB*;UH$W)ug3L1@*ZGUT)Kl( z?wI?Ya@%bRju00Y*>y-qr97VNp!t2N5I9Gioj5LQEShf(jRt&Q_1EYH~U@YP? zV=SOHHai3S7G{VZ=0NE~n^r7m?MzMV#W zkjRP>;$+vZf*ydZCy~}_CdrI73f$pphNR+p6El5b=*OyaVH0ycRs|4i0+QJl6QvdN z*^$f}WViH=)Dn$4hJv*MsFZ@9wJq1~?dse+9L~=YKN4*Xx`UTsxYh^C-qA^?kn;mf z6QQK`G<{Ou5CpY9=!izc(hnuKz2a|})|hiIE2V4c9;FLgLGD&=uT=K7E}+j>tM@5p z9_cOk)QBHip4F_OKLOVw_8=mShptzg^NZ_bJ2QGizf;%5#pMG+85r#l z+StZW+C+o_bEw>;{TK)>v3I!~GL(x}i@c+I;_>CaB&1;o`FA&g;NJck>WFGx$ntP z%n_XM2fzHyA1(IdO=|8hu!h_iA@UWqi+I%p5L=iq!uEq8H<*8xqbq#8myksny#x^l z*$JeM%toTnzp2q?T1>5ssq`AtvsQ0=)mj#zg=TZIW^;m$Bx|R67|m8DSJf?TLZhi% zUGN-UwKo34O{O|3pr-v-ZN>!JfEcA~LvNuse*)L4V3V&T5qHp=#Z|GuZtR;l}g zdkc0vnl38AXt)+x;dW~NM?tr)i>Nww2W)UG3k3+)z|tFGF;$@GCGv`!Lz#i^6J-Sl zyE-u3rSnS#ftn~a4&tV zZAopSgIIL|_y(M=7SX53FiDy?xgv{U6vYwQ8=)0jREa7!C3bYw+#q2g6u;g3&c8$rQzHoA~(`^oWFlcumihlpEr`sUb8>wr)Kwq+LFy^QLI!yp-%I#u6OXdFgO= z6eK3kTIz1NX>w~}FfBN_p#0V|ls{UHT>Pbq>gOUyW3iQpD6creG7~@Y8?ZxIT{mHU zW#mg1wd3A%7YAi;g-%jT$-Bmvw~XAYa^y%~s%NNsbjRrAsjrXr{OR<_GpTKd zW09TdXrOZtX_k%gdv^CtDaji1+Ji~fU`__B2Ed#hDdh51THs?hW9_fe?kGGjYs0G^ZqdWI zFTdgrYQJ{%uNQ1AY#mdJbqvr>3|nY`ME8WUy@h%$;AWTsi9`wi3Ro?RYE-825ZWRZ z{QJsC*7T}5r;cHlh028TYTjp&|4*Ge|x*%J<#879)EV++!j`p zaGQDj{PpJc{sGhp!#0V2w4nvqfqu=TCWodBWZPClGl0(z2DwUgb$}(B_4^r33ldvp z^!Svrq%y!vx2y%Gn(PYf02GH&EbBsm4hulau1I3N6~X`&qM&@olB#9%^Tq=3q=_de zQgO{ij*t1&qpC@EK0cBRwJ^^X_T7P90=(Hb$6*MeMqC8K&6zDow{CWpo!On zxN7H;0C~_gS-XJ@m9E-m>}3KbM1{jF4G0`qx1jM9XG|`S?=HfmfOW?zj%(T zf9vq!xAJfQ#Y6e`-}nOmkPms|^g7E_Zn}T;;lDj_;BOxuZC~-25;Eu=wcKk+k9ckC14sXAZSL=Yq^~0=7&DSCWJPUb`wII-efdJIZnJHWF0@AN;u4E(5Q~pLfb<0E7hi-T zt9if`8;-~gAAQ$rj}FCLXL`fovJKr#fCzb zWXyKmpdD6G3TPJyAK=l=QWiEMOoG`BXpp{U$XJz539yE!s>7({ql_83zzPO}xyC#r zE!V(0UT_Iv)Gk8j*kFxb%3@Gq`9aqP(GQ}s81XYkdz>g(4{)5}SI}k{-8Y|oZO5id zn>SzDwBx&HH)C(-ri(X?kB+}~i!<(!WRuRl%x%#P9^amTKD1+nv)Q4qG$gi1V|(I{ zK0NZw$+5AM&x}0$=$S9mws!NO*|P`g-7ffNZaq7D=+LWY4|?1+hQ3YJLWL|DEILnY z<*Hy{|9$7i`|jMHt}{9-Lz_ab)qb5J;Mj2F@y(kbKQihF1RSGB9;3R%xL?3pEdyfg zAdptMT{Mn?TmZZra)_25eQKQobA>vE`U+YaV(n5Di!p57Fq^#twc8cM5>M9EFBw|D z4^;@` z2fi{mbY>v^DlhV*5kgB#`IL&99J+kWVk|** z@!u0LtB#tTJb&Jh8s9wHA!2*(6}`t?t9{kbH$FAmC0d<`f8w=INH(Wc)RoTtR=)cuid?xVskJ3aT2^*Gs$^V6Q-Aa}$Q zJQW*!Cg4#o#wCGg)-6A!o(6X|oi}q&FW!IJQanx7%=G8dam;IL;r-9~N#0}7SO!={ zrdU=|sv691t*Sx?V%LV*i~*l2X(gPoM19zl!T<`Um{wD^y9eUC!kqPYs@HwT!b|jo5!b6OnjIBc5VA%$s_^PESW|FcIU>SvCB)n>Q_gDUnt9d*GVu{DO+JAcl z*=zM>R^8^?(~m^;4u^jDXlQ6>d;6{-MuS9YMUD>RcvMMPKI7^7sBUv!fzP zFu15;XXdB(y1*Yi#qHWG%MUG^dp~*G#zgQTrBa~nX-5rdKeK&gsA%> z8yqF=SpoXoS(=_S*$5`4tg8mLm1VHFJf|;L%3{k?Y!FmKJE$Isft~awmZgI9V}^kv zO<+D~AEszpzEOWgqz>$69Kvt$uMul^E$};@c1OE~t1>(4omZZ4Dg=e&tQG?|OGKyn zh{3|m^8cK_-&vpkTQ0-3l=AtXQc#(e=ca`S^~Ik!p;ntasygPzob^ie2SM%2bZNW6 zVy?Js;{!@Hw@Pqg(i0g)txk}e&1O5?x$RPnImL#JT^=D zATakJiitYqA2CZa;Dm^`0iqC2JVxib8Oq-}* zFr*QjekTQ0WbZ|nt@V=fc<7dns z5a|U+6kuCJsa5bbA&k){$A+YGhgD5I&-eR-2LDL6Uk}C+-A5OddM;g$keNF0kH)z} zzKM|zA(2Xa&hKsPo2(9XDN1L^r7try29}sYgEhAJ*KelZqTk$gAudaPXRyx0Au^d) z9bLLg(O?>k$zDmX9uWGs_IIW>xZT3akqLkP7*PQFKVUzoC~U647*@W2$4VY!yr2zyE!H7#bp!c#Tf&gV@3~q9?zU4*mZ3zyHtD!|JR<*B1W!HC&X_ zv`yWX{zN1wp>O(yPy5rt0zto0{N@pS$o&!iz!5-yn!m<31ruOGqi?zgoiE-CzehHF zvE;k>Xr~zvfAF1)Co~-XG-7Sx7#&~qhih1Qx`wW$b0Y3vf}yDt*%E|T)$=&cvvVj{ zygz-@dzId$0lPWM{6xhf zfA>e_gl+2c2s^GWPtPV4?m^{BR-qidYvGSQFa0+5wWwSAWA9UVzpJ+Cn#ITG@ALcL z)Ae+(;(d$XB@bwLx`yhI>Zjx{7M@T1RpEZcHbH$+`-tdG?0$EtbzOXaZEfLR3%|qK z0{5kRv%li=X;*1D*6yd&XTo{4-DtmfjPA2$;hxkM#rM#Hd!v-vl%AW)6`zr|-@zZf z)5m_Z_}f=~$2Gde*R%WMp6q)1)@UTU5ABzHi|x-pL-D=on&NZKAES1duYdI!(MLu4 z+=r|NE=WvVE@3zfqxHbA6z^nd&u#~a=(Y4?;nbV zW2fVrh7KOOby(Bzg5j+Nk%B#iX@!#tFBUB>I#--pysr4Kkt?Jl+uqT&V>*r9GH&qr zVXT^YwPT)IZZW1bFJF$wQaTM>Qd|S>I&-C*0t50t52(+*Kke4nud$>+UD0bmNo8L zP~D_7H8(XcZ0mT)D=zQt%K4O2i56j5Qe-_vMh#1lI{+t_G-Z)|+C`^sQkj^kCRt9A z_V?~AUnQTDGFa}UWXkt9$!$8zc+WPEFY3>POyAf+Kv7U zt{Q8UdD2?EK<<0hAlHy{B#x1vN@cz>TPauSWh_QN**5VQpwuc0rKUkjiR;b(|L2u! zLznGwyzD=*mzlvnLjMXOMH5Ap-&fvGqPAYL4PBP6FL^e~K10%LxLmTDCRt99^$O`r zlFYKh7(uZ>j;=PZON=-)|$&;+SD3>Z_Usqbr%WEkU0?4yE z2A!1EGR9)1vP$|7wWG7#vaYK%7IuT&ct_??zgjxuT#M_JeYjp)GuA?eGehPyLU-JN z8*vkQ;AY$+*U*XSbwV<1ttWaR1HF+cLyEGIgFeVb9{NfLy#5G7g(f4{4VdzNV8eln ze7O!Eh(Yqj&m9;74-rJ+BZfGJVi<;_0EH;R2oz%^Mq#uJI36qae;g<6Z4*#}QcT2M zn1snF!xT(KIVx~BreV5t@To)?!849oElR^VZ*#3OhVtFRi6VGSO~T0DVucoOUJ6gJ>#JcDPk5zk>0 zo=3CH>%JK;U<+QvR=k95cp0zYRlJ7Ru^n&7M}QsJi8rweZ{cmcgWY&n#_7F>y?7t3 z*oXc200;0PKElU1h)-|`htY;l(T*ed44>l*e2K5{HIB;dYL4L>9LKjff$wk;~ zz-j!5pYSt&!LK-j-*6Vccb#7|Gb{_EpNw9xuCZRCny8nkG3ty4qseG7+KdjP%jhMe z7EeYqh%q|x|6<_Ddf-V6Jc)rPG4Lb?p2WbD7i+=xOvcdKx{Ao<>ijr_s~s zX&qkhe8pli@I=o)klx&~c? zu0hwJYtS|58gvc1CS8-RN!O%n(lzOtbWOS@U6Za!*Q9IGHR+mkExHz6i>^i2qHEE$ z=vs6wx)xoFu0_|PYtgmn+H`HYHeH*pP1mMt)3xc^bZxpeU7M~=*QRUJb?7>D9l8!( zhpt1{q3h6f=sI*Ax(;23u0z+M>(X`Ux^!K-E?t+dOV_3A(sk*&bX~eGU6-y)H~Bsp z4|{Yyx*lDRu1D9S>(TY-dUQRy9$k;FN7thp;qgZ3M(9RaA7y>Cqn`OhnNO7YM43;N z`9zsdl=(!NPn7vYnNO7YM469I*Qe{#_38R_eY!qfpRP~Wr|Z-8>H2hix<1_)-5A{% z-5A{%-5A{%-5A{%-5A|i(p7nWkrQ5UKG2fqzqrQpk@T@;y`d<(acNl#Rw;!osiR7E s0IN%P#Jl8{+}?6sX<9m zrn;t&tDKk^2q?&RD`y2k`0hYi5B|sgkNw{!CZ;6w?I7|^asQLCo&KD-h^W{%)BCmw zzC{Sy2m&Fe$iV!~{(js1-_nZ!^FT4Q*0=j+z271P0Rgi(Wvjh2)pz`6U^^fnAkhCS zBvUJQlW%qc0+L(<0*X55#~ku(W~^@n0+N>c?Zfmfb}+30VzY1f%_hI?|MHT;`$O%T zSv$FXvy1N>{U9I!jI|2{WGh?4Z@-M%?|VLifPf>}BQ>2_>$`pD%`W}lSVGWEFkBmb zYvXS=`W^dU{#ITv<8(V)M<)=FTt*NOm{$-Gq;BRZ$R1Z?gYWrr+V5Dve~MI)Z~gB7 z{}Y_#%b)okgG?y-f5(7;Ol|Sbxd9FJjP&$&zztvkNO}g}VS{DO)?hEo0f^5BJ7&{;(MUO5E?jpdmFzytbK0qntFzxZ*$3z%aKL=^IS zd!a$V6kt$5zT>Cjx}?D6k%EqGd=?2kN45tkCrk)_dHW;P)@dlLs$sQA;N3wGB^lqq zkQT8Eio`mpB=5nIsw2@JN+U0pw%KSQqgf61gF6O;ht#AJ?Er_TDh0ZRV_}7riYa zW;2(tlo%G-fVqAN5Z85s5CbJkM9z&SN0=L?qPGt~LPEh%WiKK%hAE_cgNRw|-FTIm7&@6#pkFa2B!_ z@Pgn=l~gQOT2I{2jk$;U4kc66uuzutbNpjf;xqgWu*d9V^Sv^lUtb`IZotki7%!#6 zB}Sha$Cfmnw+;39F(c+TBR^83W)St@+60I-2#CSZd}#Vy!tiy<&^>zUqGpT5@}dgu zixrF8ETDy|x3#6}$8&^r(}zw~Q?r03k>l(1{YKgtDQUj<*ELj{XO1`D%zdU~w&V06 zbW7I0TSp+G>`|-LDDoa2(FinJ=Mnnl0Hxe72bjLM3 zz7xD&GCg`S_MIH~JB}uvh9y|M{2O(RLzgz{9`xNPg-;AaYfGT-&p7e0c0v^5YB+bR zfHXM$l}oMIPmm65SrGnwdjnUKe8Ikbr+r4Zz|JQ>myjpWQ9CLI#6o8I%h45`4n-cH zhxp&o{?MREF**)xm0`%zAoba56D5GX+J9$tXeqc$(c7=Ul|~XKZk~;>&dD&`R37eFaeR${wNpZxSDI-t9^H~at%iM(k z@Fc|HMql34N$o|1Ss!`&*W9NVwLeXvkP)!?M(nr~>WiM;_w}qanbyvrtr`ux>hlxZ zW0`5&tFE*wE%t^vYA5Sh2W@6MMc#CmEGCUD7oJo|bPgEG=-6QkCybQ&7Oxl612JJN zUQ8t{M;S!?F0F@GdHay*nz_a&j?!<*$M3ilJF(5M=2rURf89LYGXHQFzkg7f-qMpX z&n^{5J!tuk)tfo3k*z#On%SaVPxFj%3qMpkUZ=hRdo(bP^XE49l6||LzPjY!D|MbQ z?XSdIYY_^lF~pDQ$oEh|St}G6r-m1$LsZf2rM-aO6@8Zqn;JFC5vXV66-}O&Ji8w& zOZ1PMwsa!d}}V;n*`hzMGS8}qAY zreB;u8QD-w9V#*B}NcMi*tcb~JroNW>RUZ0ceD8Hs^lm319Tyh-PJQ%cL=D3MF!9uk`kBDls z$M(aJ%+~LhRoZ*K;-^?a%#BGc`&4|WFu?4cP%i;)6;6AGW)Y(vRi)-`e|qmq74YDbZ8tsVVI69C?kxO}fAf19NqOS+sy*}%&aHA^ zXg+Mg^?p5}n`p7NXokdTW+(7!O(j@m{_9KnWuERZ^Lyv(fg|@iKewsq)qf{mSEmg! z!LXW6_0vJ}#{USz@`m_Qy}odi-K?M8?43fzZm`bVFG9Ij6e>Pd_<7+;<|st*m8+yl z&$%AzKp@+*^ukW3oQdM#=2a)I4aRw(sNli)&>X4LHPT(=>}Lj|n4wnWrxGu18!sN3 zzn%9uCkcIK9CWq3O3U(TXZU!#^OqSF>Z-jUs+4=pFd?^8(tsnc%RnkYzh)`hQt#!tZHn zBN`2IVVnA$vz8rg1J|`)3s+kvtlH`Fv?d9j-qs_L+d^EG`~)l@&A6mBogtW0CV&}G6kIl zb+PR|ta_F~b7RMF#MJ&Qf+WNb6{s~$R*dWjt-`1^`D6w(nMll~Yz3DNKyqnnf7VN!?6-L_Ga0P^o513Ave z$Lj%59=QXqq$=NKwhK3yFDab91kqm+wFyLm`cVoi&{9PotCu%>#r`j4$pU_yn0w`g zDG&W$S4?Vd5qX?{a2Ye`g7LxSM|}Y+fUmyf;R;wHK{^R!&G3_cXlRh0r9Go*6q2~H z%spSMzgQ`h&Vc&iUOyUrV)j$f+G)5< z_QlmQds0MIN|VdCBM*;R0@D!MF%E>+yoK#iL!=*;uO2LutTe#nIo>FYTUy%(OMx52 zQ|E@J)BY|`AeKqRH4ju>I?{cu9(gkC+V%hArjMOiEkKyEBfaR%IPG1q8l9QK&nVt`h12_1bY zXvr&q359!4Q)&ZeUr-;g1M3Q`q$t($v2P%_6i&q;6kZsAgp^$xj7D1?ocDsn2Xu9; z5FMgnGy0*}0(2a^HnaD5Pda8t;iFu1n}hCz_tQl#EjpGG#cba|i^G7jsH^r}Wn`*x zWnu2ODuJ6(_{cBb-|BMQKU(qf5af@k1v9(wudR58V_9ELWg7VT&Q08Y_U-=^4@h=2 z$<(Os+cg7_PW?sE)w1t}&(brdH&N>Es3$% z-8s6K;EH-IiLm`P(?+Sqw){Ll|M72{>&1B7nwy(y6ABXrHxW3->4R&}c1c5PPA$!M zXV)dHwN~zNqC7WF9w+mlpST%R$z6=Nw9%`$E}o277KD9>+7AbHWU^IytffrxF=evK zH1971Dtt=7#L5fNFgJ!l5`7xMOu99}nKuNF+KKo-g3JkcVA&s`KzlTW47})I&8rXn zpRd4=af3A*HatfEUE)h|T`b|HD^TZkc<5c?l0&cCVUe9=a56O833XVeErU|!r%f3} zA&M7WpySxlxjnM-K8w5!ktSpyTu?!1ZKU;_g!>NDy1bz5I2_MVyF#C1d*4`)+WKwf zC+a~X9gqjAsmG>6M`rG{KdA&??d7rI`ODp}>}TIx{_^~%KBY?y+KYDtH`Eo>BVlXv z=HE3v5mKN)V~w`g)?>Mj2yYSoiKf#)QM6+hb3`QVi0UK{6ig`!h++?DEP-)eUJ@2^SHpb6Nnx(OeYY+~C913Igw}B1 zubUInnT>)*e*M~Xn91eV-1}9W6KuJK%`I*3azzcK8C@wD4?8Z!#H5*|uq#3=JsvFo zs4QO9RgaTd73;!Mf_p6O7jmpdU+;!l$z5jEd=gx(c2b3LCPx+Ubm< z^US@;P-cps!f2K=bqI(5TAm_;fbF`Q+ul>bnwXf4u6QoGoqc@gm$ufP|A21dN9`=C z8eaBsnrH$xMR=H75e!n#&)3x9P0q_%3knMe*!%o=eHqn#973xOGqshe)z}ei6C z^(qV9h3GnOHGe^^^8Oq9_I`aNVajx_(i%Zn20@~k@pOK7^GyD@#I&gr4R@EKovcQL z(VXsIb+3DDyLRv&L*DGheWd7?(*vF#29?v=*VWcpD;g2k?Wt-bzc8OWY)OL+M2twLpz+k6K}<)s;7kx$`K4_{YpNN5CTecW^Y zT8^2H@G0J==pK4H`A3Z}3PU0UYY_Qz_Y0I`(kZCGQqR4Q_iI*?df7gj$)(00= znzdecqR23v27^Q(>~MiG6I)^=B2DBcN0;1|N;!>pIZ%WTZS2x?jHFCjH~1F?;4+YrG|d(~e}#?&z-cEvQ5o<|s5p9d=x%imfjD zYxw=i_L=+?+>BCpla~doX|q%>JAH$hAszO z37;b{Rur#zb&@fDcA(^vP;fkx^Mb&Fx9^g23~<8g7;4#%|A*!?`YDcDf9j!j*79pSHpKBpA%>qDGUN2_xSwnOQ-vAe-Mie ze|AVX?f{l;T69jFW^}_KiKNh49MTxGmOw?n)i2^Ho~xd9G7@xDn04qb-%%3>dE8izwhTPG@xlAGqNL`ZmjzWEXt*!w zLRUZ)LZ5^PC>kSIf}b)NwB4iA9FHyk@x z+WW{qOtMo|q%c5A8(z-Vf%I7odZrncCJT_7wpg596djb}HtVc2^$cF9`K<69=Y-HA?AwrxDG`z!~EL&{(5AG|Nme<*uioVw@B$Pwvuk zn&b}j$u{$eg(w@h+~?xxR&nA3FPgqNr6rFTi{^D~6WIt~-;AdLsO@z64y$;|`fL-YW?kuJs z|2cBA!VR7r#XMQ5)gk_2jn6wZ#*< z)pYZW`3^vAASTE>$Y9g9Xk-6RS|N*fina^ap}pF9sy~ON(Mr8Zyt7(%PyuEY9ssfp ze(Gonsf@Gj;4!5ayb2*S*nk?+RAZUbS;8hyL*vqyD~)OYgchKD1I=$ZiqFwO64cX& z>EU8^15GU9Om6t*PPC+Y{I_^%L~`;u6!FUdOw}bS`KkCLlA$hWT{R8-HqkNmQ^Ija zVih$(2GrPD;^CyXX}wstmKY|4)n-^T9n1~Gqc}C-zGtz~zMM<#Hte+NkSkV1X!VEF z`;bN&=NZ7|-Px|w=N0D`OvljM z^~T|Z*2Xhvf>fLo3hPK3TEu8->-V<#D4|sW_czr}10(sO!xmNMR}8Q!LhSBUp(9O> z_BSLG!7G7T%f8{ik(LgR#)^@D+xVwn6xRGrZ-&jU!fyVkwqN5P7&bzYXTtZyybR`ec9lsTZd9(tDP)3kUEF0T-9#Hzo4Db5Jaf z-$y7Ij#-KwC!<#eHqUV+9g_Ob$gLylrp=_3EahuN<#sdshp8kT1OWl%C#AF2_0z)5 z4xrUZ(WFHI%y<&rMW9gi;m*pZf{Te`fqi-2f;7~a0InJ5>BL7Wy#HG z7p%Ka27(jlY6{SMJ9VI_jK6O<4b$L);;l&M!EM9VIbq7iGzwu_|F9EvB-lt00YD}8 z2~8qM`I~1zL#aWGIY`0*>&rb&{Brcqln%Gg%>0tSrh9M91aVNd!}+S=`S7O-_icw5 zmzsG6F7nFI5M>@otj!uh28>AYJaK~wB1XPwbd42sJO> zxgyMox#;;`kAz_)Ae3C;YbmhXsM^>Bq?stfGu67_a4C!jd<~gi#3l>#WBVunS+;EP zY{&2y;>6{==V;-#=#j$kz0=F*4^Js6ZJ#l0ZF2B!P)5r>OB($ zxpK~@R^7IE2hJWm#C~GkK^qKbR@p=Q4-r|5tkw$RtnKI?30#B_(H1*~qER2Bech{f zC2opa7MV+dtD)W6{@noxB-d9me_rr+2WfK17rTmyhXIOE zpp^LvN^4gN&YlZ5kzmH-&-5#@rJkNgAIL)_iS$#3yxJl*U?R?NE|dx{54X5J_&d%% zBa%%keARe7)~-%FR|r?phgcf8h&xCcQgj?96g5NaCvM7G6B0sIXrC3E7Q?!0|6Cn1 zC=V$Za$xPU(Z#%pI_h78UP{)$AYa_P3cqoiR$^;3J4{ywhFCMEk}6-lIdiU9OAF00 ztu-<;?-Yg=@uZb+zr~~!^cD3zBo}p6_AT z%X`|qD^V9RCt=GL_2cZIPilhe8vL|qL}a9)D=Zvv1WTcuKHiw;8c@?nlu^b|(xau7 zDod18Z|7p!QdP(OJ0>K52FcgDA!la+Yp)~{l$yYg#3WRh#HGBm8UztlEc>t5EO)Lq z?oB|)!`aJP*$ccpAW{FFo*IEwuz2Ef)aW&*f-R;s-f5njGX-~yg^O#De=XkDWQ=} zxy-#tr$Mk#PPwQlELhTVU=EKa`|;7@mfN0SX_}F^PpV^R`6Stp!Bd#1X7!596cZdH zMUM7G3&TmY&AvXOc^*dK>JK_aIi5WkJb1A+V|vX~SQ}G$Njg|~ihhgMjAWCmEWecLlm%TV*sKSQP|DBI!LIyy0%C4$L<*T(i26{j=fEAHFG z*%)Jw2?up+>GN@koGuTJz)!5?4mNhAh`x+;1`M1~9jqY@38Ey*tA2&kN5oDT+gVp% z-e~>(6_Bo)gHm>R(t}y$;Em|mYL3JoTuz61jo@fP?zx9XYh~20MG76`Ra|ZG%I)F_%NqIKn&ff9v?~k!R~CxazkY66E5(lhB5UMs zHvq9~3keq|kPM#DwgYTuigIOV+)dNsc-`Di*|=by6pirs@3jX-NN(oib+^oI%s>s1 z5#%l->&JN&1+KC3r!apAg5PnLy|x-mW6M9vScX-&HPTu?2|! z+9@7ZL-aP5HKc$IPxy(YF7lSpV2`zn{b8UFP4qGSldoXa>Y$xgc7TsbpyV~~2mZoY zI@`kB_q7)yDb$ZhF{5<5;?v6cFjfy7rl#!#l?oY66v}uuJ3qPmtSZkAx%T`ubnJeX zjflSW&UGYDG_6oi%X(cGvpS8#MRIJ^K2`?7_{tnNW>5S_f50g#Gd?&LOG~j4AFKNy z1WGk#IlgE60V{sNz-}f2NYF@N=9?>|(n{te^buinJ@6LM%(9I8e%mtUd5##p^#=W5 z!C=;7ijoDI3i-GwIy0~l#@d`mAYNWrQJ7N|*^|8d)9PXpGFWd)65SCgV&tuC6`T)l ztSXf{Iwbdr8b8KSf-KQHh-Uw>;0W*^esUalNxt!r8(g<*^40p~x zv~!W+sC1b>kw>M^hkC@fOsI_DcfN*7kFjW7w4VIIvIM&@GHm>3Z1Ze$@@;ZS?X;Kr zb|-IYk&Uul?fj}iQDcg^*PaB^1~Gr^cnN?|cBF>jHrh#A+=;R##DKeJs16@1*Acno zWEAU4J@-Z@|FrbIS$R-+QhDChmJG(<+c`Ksnt8KWUdqB~p@hH9P*F|<4UfG;oqhe~ zd_E?YAeyjAloP*bl70@_ez1lF?38(g5>w z&+wE+sF#(GTzAsQ*Bl^yZTM5+HhwbqaPV?(duZa}NoFa!3^;XgL2f>Zc1hkQi6eBC z*0_fLhMixHs;&`(u2)qV3kxDY9)5O)z~n7oek`=4mI@V&!}Gdhlt=4bM(^)@%T34T zrz<_dH$7+(Bve*duTU-1s2Z+h085%<-mp*&eE_%(;=rw~5B6~e*vVi5UR_(ZI@DeHqWz%cys zcFi#IE8aYyM=h+3ACa<(IZHB%dxGavB+FMvhRh6Pue2Or2>3wP(Rr9q!%YVnF%g7F zVNV_Y$X1chskLmYu53??@9x@cqsnU}=yKd1V>&?T z9wnTNYo4fOK)e4f{sLp|FsvBsF7smcak1Qa)=4TtT~oirQGugpes?#dNoY~`M!aeI zTIbxdFO8(<%F60i`(BHLH_R=u8obC*ahuoidW)sS`S^Zwy%et7+}WoKRfh_#(LAfk z+4=n_1cy7tc~5s>U;quCW+1V8xApn7D`5=SJ+yPY&c65Eq|Ssi;*weBIvD9Qw{(Q__|$sNwf||j4Z#=kEq5Tj0HT+To=vv zqry_-?cAbpo-P-y`$7{5EDC^_dxIGmnCnicI>RSu_E68{U|?N}*c}W!eN&v)W+#n5 z9U;|R*ZrK;H&;f^yLZDIJ9FtbU5~~^BbF&b?m%QJTy(yIWDaAaI1+`VS|RXU{l*(Z zQuVXlz+Anv80g3FAzauoxd$>O;T@eY{BdpE*M4+&DSY1GY_{jBKI4Sg26pVCw|2ZF zZaYt{yhnZVRcOBlRj)US-15=cXG}Qbya%i8ayZ!!DuZZpEcbwk805HKF(!Haa_bm`>Sf2SBDwDN3b_2#=5}q3KTW~dkd^%->O61xm;up zXzN`7zLnE$E6CaM4mWe<*nNLlqutE+ywvc}*0BHiKp#+o6jZuO^-PM->mXW=c2X4b z$JsQZBYx;1eM|wEM9YgA#$^%`W52r=trmEUs}0wVKO805G!JzVK#*aaAlYo8K4h?) z!<&44S%nyKUe;rNz5a{Nu?tm95BCNm*8-pf8fGmlHoK{VoYKk3 zO2=_?Q+qNxVdB>!3H+K1H=koRYDCGnJt+u(dr3)M-k=58>qd3lg901jzSsf^{; z+A7h6Ala*_r$oblT#N8C%>1F$swH)XT?pIl2K&NAaf_Irl{dD4Vh!e_de3O>yngY~ ze8U*`m`*Z!guF8ksH?w~__SZ{v<72e2ctnv=D?t2+|ip5lFJSz9J>GuybS`4N>z z3N1)({5uLS(kG5A?-eu~}4ZkHzmz~wSV#&GsniwuEs$rU!Ii@ak9FNfNADGD@k{w~- zakA61wHK9U)P5AG2+%>UV1h7ccI_@-4W{Xu-YQ+ozajK=WD?FUtpgq9x7%rwt7L=K zj_ip%?&>_THV~*R!l7ZRDJ2K_XtO0oSnNFj;p!IAc~GT$*^^xrS#L3r9}H$ACX@Dy zFrCn_OsH*}n@XsRd^d}D*ZsX5pP)HMnoToiJ+Ga+6OL7YJ$rvWOsmc$tog0!Wzi_p zzfLE?Jzo0v$0G~xlEqvXE=-lBUh%u1s5?9!FXLk_Qq`aLzyTofHugz$Rsp z;h_QN5+%ws^A}K=k|*bg2GyC{8MdQYftKqP7Afek}E8lMJ2(u z@r3E_QpQcOWaA}Mb}3GCA~9pSKvwBW`H(kzjj8;wXnoV-up<{|*nI2E1xiR7JJ(Av zW!d)Rfu4DQxRXHA*CT|&K`CZNFCNmrF$mtlA_bO9b3>JotHWN6+&x3ZZpy(N5?h6K zma+U^b=uET=MQPffxkYMSmFezdyM!5k3}g`dYPWTFdG8h^&=RZe`lK>Yn1U^aQTa* zyZp*-wv6@Ui2|0;sZ0}wG1IRN`ZfcmSRs$(n3G~~9x(ruFhj;m_|K7x$9=ua+ZI6# z%a?)4Xu|lcY^>LDIj7~8u4NMxBc$%Vh?2Cc;Lj0E)@t(M>$r1EG*2G%l4tdVdkFpr z*@%Wd)P#NIe=gMt*GXqTuSt4r2W~flz2DeD_{VO7z2EKPUSGky0nbrWr`Y7ro0Y;* zKC&rGmt~D8ON$^}Y~5b&G67FU6D9wmG5b#eYQgkGn6j4QVsJRRXUpBRLS=h|pBQW+ zjag$s-M@q(Yz8qI@uhjJ0 zDms0rY)->!9WtwIPY_Z#dI{E4c$M(p0^HxdZwn!#Hvw|3A9R~f$yQ#YOCARB+;jvE zkzd}e*|dF|DF-7yO0ZVai>8^{Y~^Q=?)~!c(WufZaCZd~J$M8dPN!7C6+LQnH!RVZ z^V5f`WvPPiD&jU>p~Lg4yndn8DK@mBHS?H7ayRSF$kTQl>H8DovY&u^9v@*0!f zJvmouKWlesFYtnn>Bvd4Cy_;?-YJc)A_xG% z-{S4o0bJ~~@;sgLbxjyZg>JbKu6a#i=lB<4D&YPwhnW);y(_M}0eAf4wrY2WJVZ1u zxr*D6{OjQ6>2e}HWAU=6WtfW{@;0__GHUAg$3b2f13&i0 zG;_P5_U^my0#6N3Ow&=ndj~w%L>?V7j^bxT&!f`T@(c7ffkC~w5e`))<4Wk%NqI?t zKz6T8@bW+K@Wi#f9tr8j8o8S!k6gu)ldiB#fe}OR}WJD?3JleQq%G8(+tY?yCfZ4nQrfsk_4N>cML6j|u$yEz15{*>ysLCZaD$4TmEzr4wy|cr&)_0eI=7o0w z^kR=5yCEI?fl%7`q{}y`Uq}hWQ%X|xLKShxPgvcyl~~)#xHe}|=!7upvcySVAv_Ye zI{=~dputf^!rR>_jDtT8|7u|%lU<2alZ9a|wHhG!yRv&~o&MA7Ith{q$-Y>-S?{+` zFjKVJ6{by0HrK`B7ttK5iq!>n9>-PAVP;<}az&co#>r%Uh6S~rlM z-zJmjq&*)Sa}6Z=3iyiGM;37jx_wH6ff~|B{(GpC1zQq|XV85s8HeH7dV}?CqyfM) zE#NhsmNJteK!E{lbZF`@w6l%kw}@IO=5zanyK!MZgBKZ`eBzS$id%4xyv{vl!IYC> zmZXNu_4Gbw5>l~3wzQiiY0IzaF7~k?|3lNAmpQI;JlSpura8CBYhoi0UbA|&vvhcE zzf!&NHJlD7_^6pz_$a}Bd%8!ybDb+F%j^?wqDE)KLJnd2(UbSHEkM%qe6J$K_bF{} zqVRG(r)W4oD<57io}riQw4dnNu>#CTNc zkf>0>$1_dlUr zt*>ad0B?KKqmfXf#!IaP`z0(L4CK@`h}_h>daV%FAhtzElPJ6e`OK2yVf=+61>ml^ z$b(lmF@#m+RnjOSKhFk1FNJj9{T!)}NEDBGe+B!6MKG>g08?U9t2lVhcA{FZ%a377 z)=L&!k7-zOH^osC))=c-tkG0ykdjaC%s`4)}oFrLsJ}@*e z9Y&P*kuZkwCv?BDxQn8(7oefnBR?upuNf^k_46YkfS5F*je3*}63+piTTRsspj5rp zPgm@UWnM_gSLZZJwm){@a$15}J5hMYd-6?y=TH4Z-{DbNuZ^JKig*OcJGpg2Ztz>uHa%p&yb?+BQ6Jl?&IQ3 zSirmRvw`6dbF1l|m1zMDU)m(OGN(p!EUm{!lAH_6W<0dyveQz(yH4>q!sYCr9=bO) z&G9Z+>r=6#6Xc{& zl43l>i7HNd9jyt_t=}UQ($)iwyJrX>qRF=-&tT|adT{2Ge-`Ng4MS#(89b3<0Sji* z5rCj$^dSZ+v7f%45IEV`PxKuFSE-`@{+rW1c1F*ko4fJ~EGs#DC8v$6PG8F+?~|C* zjU^0KIT$=uRIX3|(xSv%J-2adxYrLI*2!4*+UUX!PSsgcu=j7=#Kz&iGQ=9j{`NGg zCwt{@kVoXx-WeoRrizT20gaO(VhDjUg9gN%2Bo_&U+C@DNCE4&D-9*T+0quCvV9Iu z&t0)_EG@kF746#XM?8MC>Z=!vg%d9W=h3Xt+zOVc!=*}AaBLg?5)Rt#@ac359VB1! zqG9EPS3M)Pu#HCgo76kKJaoA8g=^^2)SVaCv%k1Mb8YrI=j;d1uml85DcL1RS!eH* z60uWqvdB`h4wf)-uC|%Un^OF=pk){l8x(^pFFyoJx>w@$t7Q-1Ny#oza_7pTR>#bx zU_+SC$gE3kR2eI3Ttw|Z4|Yh*(EDd5}HZQnZ9VWQDh zLd5-{y3_v1beXolX8!n?LR+nVZtc~28n4^=5XIHdkD-nelnNpO? z9WZGCR@Ct`d3df%i1MeVL9-olNA89MH~%8c7D!FTzkFFCHon2miG!_9dtq(nmD4*eZZD2Y`KQzsV}r?$$+DWS_r z$TP68kl}W=CcG@kHFMaTxTl5QID!o$t>xI?%hs!{Yt|08D8(7-G^{I{+S+(ovW8h~ z(gxY@ z*3}a2AEHo3UAaD`w@L4mP;!~}0ABsNh)2TEouL*N5iRv%k9t z;_!{~iycX%<)qN1iXukA>NR56A@=|g6R&-vWb9qc;)VR}0!~wBpz+eh?o1oYZ`$|` z)&fcUTd$~^>55d~Le;&<95Ih1=Hz?i;+0i-6wq{QU(Bf+`_PY#d~SBH=2&|?lV80) z_9E-}2ETz?Gd-V&tm=v!CuDy+JhL znWiI$@1;`EgdE1O28xA^T@bMO1E2Q4BC>TC;@1u$ z@L1rvje++oga^giCd^m#ZT|%EMfS$`6KBTEw=s}JP-Pm`N=J2;ZG3D|q`$|rbGK|v zo?hdRomA%2Sa*$PQhhD?7{Lnt&+qyhfv;z|ta~@pC{Acsg0C`qsllj* zTTC3&JZ{<7im_W4PfD=?NG9ivkhiZqRRs7bZz~WcO%u-$hD2wOQtNCXQ^Tak0bBV6 zUUZzZe>(D-_2R=awaAH13xGf85uv(@e30#FMhlDC8l!Ykvmb({QJP9rH5#;MP%pS( z^oVL#!`)2uoPd}}wZ;8R3nJkm{RpY4;zMV3^tyMtqAO~6?U-rO!gZE?SOo+^p{5Zk z6$5BYya*N+&xiJY`ZZZ4(+`;@`MtSp_X73Aj{y2q|*2 z4x5}@`rbpIc6U47#vwGfTp2gI(WDs6{-UCJw`ZccqEqSJpMibooHU|QnF&BMbAzJb zhMXUjv(W7vRR9?FXlhd81?;Eso6tTN?#nj!n5OV@c1Z znF?5ow8WBF{`d!W^za6?-9a6Q}G2aRBQ))D1<{E2tgvOzCe^QC0DbNskH3x6MBlyW=#p^+39G&n!AoyZ_I zZ?@!NQ8@5>Oh7OQ1h6$S7~LAIL9-~YbIh#yDhJ; zWa`i1*;+REqWd7O=5)Q zi`SfX8C=ep{p>Zz7yo-i*Qxaef%tRv-D&z=dnCN_x}N?DV=rrfrjR>n>1m(}bOVp_ zTHZDqcj}tXrU~xbOf>WGYI3=3n@XJssL{hUfH~NIWTLi&8Rq$=wM;e(0v;ldNUo%d z^R+QY0Dyb`FoW%)JaC}&x8onlFEhx@wzFGFd+o#&na82kL!SMV*)J7ADB^f0#(sv& z+|~jpRout8aCGR63{n??{wuOF53{j9bP4_C^Jj&Nf9O?>7HrTcG9H%G3>~u>#xtV+TYq2ylBch_vdoipu1~`~XOFg3lAe}eE{nf} z4lwtSF30QFI^q1c+n!iytrhO`5OzjtP(a0!a_9YURRK+2th$Z&oQ&v{% z%%?`qZtWP{)V+wcttQOW#9q{GRHhB1t%~wc{P6z(KtR90LPfikeUu?OUT^ZGo>wXZ z>%>-_$6D*0qA$f$wX2N{S4BuuSLk$kfi-KKO%kflIZ4l*Y*bEe*STY}JP8bNCq7Ic z%>=(DH52p?tRQ#vlAKo=n2SQb^vo6=)4%T4aV6$gn*RHC!io zWJ+UFLMzVLl2l|x)(i1wJ>EFIL`T{z5oV?+10?H_GYmta?eb)COOd_!mP*VOK#v@j zB8;Ds&FBWKI|5h{i;YmjEtKm*pLA!UpPag?C-WHV_gk!mHB*~{|MQIgzYdTH6i z#~E*n%1%;RxCdA$c$iQ@#Dne1rs7#omQ{|s9&Kk2Ao7(;V+Q?JGtrR^BW|9dS+O?u z%B0wYWFjh=KsTVC7reB}ufCutBs+GImHNg3W5MO9#)8 zMS<{&QGyng@D{KGFU#0E!aFRM5VqWD76h|_cma6eYk44oM0_@il@J5w;uWilNOptK zBZ(3r7PE^N>kNw7A=>p4y zMIM$dD!qI+3xqZvhY{o!$tH_Ltl?`#9(yJ##AJ{SK>yifMFFcra7(fPINU~A6h)(1 zmc#~LCcNMw4xV>f6gzJ=@(yD2IF7z_H?Q(e31p+4CyHQ_WI9y@+&0l{G)W@C#U%1J zqgAjFoI9ctftS@fBG~P4lA@6IJUBoxgKUr_gGxMrVBrC~1wo47&>L%b(Ig^xi;6-3 za9jz9k^q8T5{w2S8U@Ly@{(1Q9TtOKFt{Zm&@mD{wp!6(v{;NHSZ%!Ir4ws23pTL^ z$5Nq64omlYlFROp0qocX6Zjnh&Y2ab5rPQ;%+q#2oAb{eGLn$0W3}vFF7SaG}I8j-WCEQ!j0?{3^lxwAQU46 zAg*Ayn6U*aZ!_>b5e&_CCFHOZ8&Bx$r zsTx5v2&&zPHJNxjF)IdxEK3AORWyJ}AQtQat~4NuB#zz?{Up|d$by-+)_~JYA&tih za9I&aL@2J6aOIkakr(XP8D8nIG&pK)9zm`%Ff9f53Ac1Dqnq4Rim{C48%vt8RBkkY zV9rDgI6KF_LE(}`w^#oRg^pU0&lOiwiQ}#DI60E|1bNNd_SWsXQqHXFrrGV|4#7@*NJ|Cqo}`@7r0USQ7&pi|07vuWajztZ!}kCb5S!CZ%*Z*^tXug_f;at zc$6NwVs?%y{<3dGb%<9v8Z?zzn>)d&no2+ZBy!EdZ<^{gwdiAp<~Y>{Z^B>dn-XJo zDcQ_XImI^iosz0C2)WBPpd#)N`~JYh>qtVs9KZ>sZ>rF1Yx+_2p%Ym42i(R!7}8mG zFx0nEM^j{w~T=U{;9Gn*UfeH2Rr z=U^uG1+9WF&Mb2Af0#U9ATc2qHONJC(G;w1mV(wTs=6E^$LyOsxEb6`ZVtDSThF-S zlt8iT+=MJ5LNNK)t4rLt@>i^x2?r+M!vtmWzFJXJ64TU9AfX5`@C#OX2M17H_Qn z)}nQaPh*Q6OcqaTD19Nj_|VejSBblBt&e$Inqe!8EbEKiC2beqaeV<8`bn#0{T$In^WiIha|I7Zy<^Ufwsd8td zt=4C5;6whG>Y5t;_xOu*{4e<%6ZQA_{V&%wO-#jKcltdmuefsMODor|UA^auRWGla z;D=lzmLB9A%)VM%W2dZ|(B0hV|Ia$#K|lF3I{bA9{RvD|*DyX&@%49C9$b0)f3CdZ zs?}@PV#(vZC7Y9!&s@ju{}3*?w9W|R=!dZMD@{27a{l#)ju&vdykjSUX|Fs8Fnht! z)%r9HpJjgZAVPscAzB7D054>4cu1l3T{7l+nB9?5g3n=?Qsk_x0aSV!`YKekd?_a zhS|4c*wrq>wy98UY0@c!F{7KPm)O^i_#S4u2g{;9YV`yQp(W!V=1PEDW+v&;ou#$% zI`a%JgyVi*4CF0#hqbu$VuOG<@urpg?!I~TI+MI<#lC|p=NT<~_E?PbRvz59Vv{U3 zwVZz7?tLpa$(Yh`G5M<1VYlQ1BJV%Gp|xZAhI5xB^jGWhj@HDIb2sQOunvW+r}=oR zhL;2#rzCuhyKO}wHrLJhiouUfk5s)0Mw zs~RlE#fy!WhE?f124-KFIBiwxj=}aBAoRgrgPgNRqOMz-_a$dX>7zJ1xvx3O9%Oiy zDe5w``FJ~`Meu)uB$v~c?-()=L9h!xt&oGmxA1~~@1ma@4P2OuaY_0`iE;NXr4zEO zCE|8uk}`yh5K`$OQu;J!DpT=D!{r;G;t2f`1kg`GQ2qXSU3u*n&{Aa2??IQwECdj) zk^i;s6e_Cy5G;Lj0yAS7+BX}2q5Xnqy{!7T~KE~G;PV5t} z7O!SjnO$YADBXfaNua%?QrJsw+KT|F#E{fn(o| z8Pl(KB+D$XiMpWTB;OhZ`XL~W&*xo=_9vy?rr*HjakzOLZY^J>p^IV1*zFw8hQG$& z$UaJxx6V+YR&kXT?2mK0#RkGv-R7vHLsefV{j-1Q)OPWzuc?Kh@z>1yeH^>TDrwSu zTua;I?e0zGuCk{6=44KG#usF24?(|AOK@3=(UdjEoaI}>3AJ-mgr98XncWlWf8x8< zH*3f8lLS_~UuN0hF5TeoaK*4O|A&bo@b@aK$8=b2Ovm$|TmV=60Pflsa#!Paz*a$4 zUmbFyhh)=XDZ)Nrh3Ap#4l$;yerJ;CVVA*_nVU?XY#2P0PNpcfDana!(s9Z`xaOke zTl;3tm|5R)fzL1_s@mt+x5D6A$u6QDlG^(E+UjdtBd6D#HEZ#?^H$7<>%{-k$H8gU z2TJ?OHXw%Pg*R^%->#0S9<5c&HuSBXUhmHtI+eLiP9W*SYcDe|A-RX5&g808%QSCo z-K^QknJX7|tZdEJc4^%ZSKlRy$ts#xSv%5e_gp$}ZeQOo=5Lu5dmBC_H+kD*iJ>W!odFnjI{3t{-Cf-tyQ5ZI?X-@4K3xnEvK9oHM;hOn zGa75Hms=9j8`__*UOGF}=68mo{?1v8KYiM!dsfe$>y7~7S1Y`Q#4U1-8BCJRCpVf@ z?WXTuG|)O{*34k2wXJ_(_p%3I@Y}V~V>guN#>sI?MP_57jsH8jhjhyg)qQtN@WcPG ze`0+n>pYh2=rJkcD);ypjhi~|qo=HPQ*xKd9*9)5tYTXb?x;AmF(+@GEcBEKstSXp z)n68+`*7WfPnGOKs7$}Gg<9G`!WW`tE1)I&qA@SsDS82>cngn1Y@7BfX?7kv=FB)> za5_bazK{KQ)22WGe{l8pzSq@-KmK>6km7?S2mcJq`-=?Ci&--?uk(ewS!7_7Hp=pK zeXqE&6hZ5T#Joabl(TuQMjn6)OVA$xZ?t-C)V8Q0<7ul4VybVa?q$+p?5ak^`3 z_m$6X+5P)FF8IcE>syu$1`NbZBuDb6M?P`nz_#usRzu92>F8NqdyYeRNh@3NT+aBk z!7~?zzmk}F;N3%){@~hKL)Yw|yXC>4IViVFURU?JPyFUHdq4Nin(oN1GaCMHbMFBk zM{)NL@649#dw09nPr6=IPnJ%1r>;|RZ*sS>v4w4Hxqv&iF*b*7FgDE?Fs233tAPYe zNu1=8Kte*O4?Jm*h$n=H5L(DXAXvA4XJ)VIBxCZt@BjaK!Mbg;voo`^Gr#$j@3*0Q z^SsIR($Wd*7K2Ov`nqfdD%5RSk=&oFoq#F_^OcjSoW7}YIov0PI8$e;=UG)X<~406 z{xV_L(`yG#>^`S@=5(EzQL~(};nfFjdf>p?He5MNtiFAoZMn_(48D!TB_K)g;)TA) z!%ZOkUvux+Ik~xi*X7--ZuhWizQ$-3I~E>&>+Z`Q{AfX&Z`%TQeb=Trlj^1AD{qyh zN2)ls#ERB6QED}oZ4?-n28ZfcT`IsSh^-lwT$Gg)*;pPqQWsA$3}HgWzWd>50((Z~ zm1Ts*(~E>~c)wcOzw8#L?VJk-5*{O0Z>$vqM!Q-i{o%u#S3m3tnLk=^UUW%voOSiN z-D^8M^cxRtmukW_J=1$?BHdk)SUqP@Y1jh?q^XDAns)adT>8@#4*I52%^~lm#kE~N z9x^_y&*-xUykRg!F#~+}BDUS$1CFoU**IrlpsxSW>^)bwGM?=ZO`hAmY4Z4nR#za| zI$`UP>m!_+<<-gQ%l16>(Dr`pAw+V{@lnY0MHy9#=HLxzj%bW1u^58iHYV!sfOKQl zWdXY!$7!#^kHhQ8br#RKUeaoq-az)r&bnwP;z;_#O%%gTM6Xw=?Z$vuYpmyt-uS@A zx$%ix_9R=^Eluq3wy*0xca?Qqa!K^O1^d8>0|zF~h;(;Hys>05=Dqru^gpdTcP(uT zdQx}aI4#L=YFOdA>8&4KwUk+(Yo&?ius2{w&7<`(kPkF1ZR=gv?y|?0(s#5S*faZ3 zf8D^qoW`B7b7t+`3#V+E(ApVrG(;NOC$4B7ym+6fZu|v3?NgHH)?4A6ZmreeRI<kJ9C$ZV1K#Dh5M|QW7JICPhN*M4veQf4^f3LWQY8=ySawY_GCrQOv{i+Yb{g5np^|3%eNjt{ z(T3zX=y7L#cOx>&-b+*2GM?q#(WTEV#3nm1LULi%Zm}{}7i@*ZFCZAl@Me^PXR09y zUI-8icb3vhHX_tCgS7{mCtefr7M@HyQ#BDBF%0ILmlv%{Ul@)oGU#ImVwoC;p~;G z?_bGWCp|N3e&;;1MtTMxRAbpFqRp<;y2eIq$sTcQP+RVa@jO zQCBqc8*m-?Y}~lRo^eg?Kab=BXe9Ci4($$vLl{aRiZzmWXq87+MTrRngAg(nj=K02 z>Al+@m40=B0w@ov^#;Y{H@6S`@X)MThkiJ){HX~Ci>wxV*8%Z{+d zaR?4wMVT~ErczlnF4`4R8;oirXM#KrmW-7Y92+C)9za!N4c@w7EVw=x1lVd=4bZcA zXyQ;JgF1w6&{$L|qD9o9tTaxPsS;&whUhWqS)-GpQjL*x&uOX})g?^j@jztXYRqVh ztv*u=aoTx7SByshj)*6|FqmICP?93&EeH$>*(PRel);n*AY%&wjlB8te9qYrQJmkl z)L`nn^^nO>1DBI485w*CX474Djp+aS3cq*_M%)7H!L-k=1v1hQ%u+_*3HCT@d8b3# z%T8~beyE~vdfR4RPVo}iY?ITarBi<_FMkJcPvcCk{Y-i)H!jGyU=}?8QAmhIav_Gz zSHxw+{6O3gVhVs^7|LKIVi*Cko+b@Qcf5Yx-UUuuo5n`WZAP zqOomdaV_$7Xbj=E@C}Fz;G3}+kZ4RVl3tPidB@uR^ZdTDn%In~w*d7WcVxbUF&Ivs z1*w5;`Bn%G*D|Sr@2#4Btf^_PNp!3Ef$#nLdmkM9=q#`er@lHnV#BT-ucPq+oTlhY z&=}^GZPc=HCLyx2;U*gxfJO;Ah(39Go1n?Orz>aFMkDirw3bl{I)VKqV>5tBqJw<| zT&-k8`d22~sa($ zB+*AT5=XO0hYG5xLJnQ*mnfpG9`k5gBb1LxfMZ2J#OQ(*O~ql4>2xmj7)OoM(z$!_ z+4Qu=bW=e#Nu!niOlnb9F3P$8V-y}^yg}B$;w2@QGm~LYJ5X{+CNml5AWq>~1Dnf$ zIpkB2?C8|7*N%l6Lo-&+@OIE%QK!+?FKp@EQLQjD8l#|L%!=ymS8gYVf{`5V=xte8 zuhr;8P)nT#^L}(S&<)+^1sSTUrV6`7Kc6`{aO~Is7GWA@%xHkUnvhOZMgl})l|WtJ+mIq1u1Oi0E57j$Ft2` zfYQ&)kas>Pn=r81NvB8iL4RJZB)l~Ss)AZV?6xFKUAC*@U`#Zn9%lounn|D-d2_ix>}ww*O9u#tM2EP(5tplB#ni#^8x9;guwi_!x>B9ey{Ai| zZEtFIZEG7-XSdhtIwPjOrG2JIr>@p+uVdO;YgaG2{+S;=bNwQkXr&_!C^yfv#z~jV ztgW4S$)xjVYHBpMTz~y7XfyNt+cwot+tN@L4?3N}#&WAI(ooabSkn-(S<4&oxp-N_ zmTC2yZd>ulrmn6{kC5?S#>aJ#cpRd_FWAjw&P(D-VkpAS3>5<3Wr#K1*Mp)?tCfDD zQh_9)wd}{ljRXnv>p_A<+%F?tf__vB^iPe_VRpzQMzIv3HwS1*)b4rM${cPX;Zcf_ zSmWw~bu4G+!(@i+H`v@+O5le`#zUAmvmX;@E>pvtCI0G*uqFO>K(|g@w)SY{-Unbm zFMxhx0~;i4or9=a%d~G2`~2Rw6E5AGpysi|9Y@zr>u|q5x{P7s)Ggy(6O>-7NKa1!bpZVJ=8)0CWH=ge911sL|5O)~cY2Y{;7mw%Y0(5*26`TB{$8<)XLt0mY_yTXI)%=Pt5zfcOE*lvv<$YEsOPyy)T(o zw)bt^*w?<&^iqd=V8GpxJi2yKc@_S+tI8K){EfmKAW0x`+O4*4ZT= z!!EbQ^n#?9K+7MaiSYz5sY;d(m6*iH7lGcTCoab+5Pg~a_HanDS-wIfiH3Yg$HZnC z;`-jVLk>=DZ1dxg0I&NbP@Z&q@xH&!sOB7@x9`QLnkS;xp=F1RWXE!|wC&D!-@S9c z>9>aoM29PYq&PvkkZ3lK2(g$)g-m+WV$ z{jw~XjhCw}iI)4;F>-YBtf6sd3x|{C!DLpR_mQ_tDhRxCM@OBsx`YpwOKt2+Cj0*N znSwgH_7t`Ds3Q69oyq-6FzO~&yxd8T8{8i zG=-;mDOIio&04iIFq|s#Pk50`?4}~j{Lyx^$EhDvuTp=aK1C9d9=Jg*Xdlg)9Vj>2lfXr_6wtAG(s74}aT?bByCfBOGodU%HO zBg+g@r&73X1UQQ-W}Y9)*YqEwD_(Ri^N%r3{^S2(Lg^phShBBgz<{JfvOrek`iwP- z-|)>mL;ZpJ;{X0v^1tb&`Jt+)zuG~L#q=~>kdqUO<<`cZFwMe={7cYoX7cN(v3 z(a0v_1%uqBqVlA&`Q`d1NTSgZbMGYoKkK7s=~2TsFewinf<32Fq+ii#xuE_1c_%V? zzqauC0CI;kgy)}RoNk?UiCJI9>(A|Ce#~^vHch@8hxl_b=@^u)GFg=z zTCqaK&$Q~yaTyHUGb$gv3nSQ^le1D||J6Z966HpG^Fuk@3>hmwOx2@rak3mSde*9c zD=CkxhQ_F3Mwb3kM6zMhr_zH3>Cb~sg2AzC^T{^~g*ogIf<2Ed51bAt{IW=0O~;}} zzrr7mMbZD^SR&>}|0kkWbT-xsWxr++wX%%WqDTShU1@MADg9wQZvOtkWO6Xw@A0J4 z>6FLQpT@^T&>0VcNz8V^Isi<1(En&%#j8AEaLAMPC~Ya55^aaTphtyQc1cf*pT;s= zGV5!@pwE&}mN+$CjL?VpFAL zI-P#^PLNEdQfbfd&p_P7gg}%QROJtQMtxA3FqL4%lRHePav6sH&D68It{1GWhF-k!NF{a zBkHkF<8n=>u3@6goDuD%DsnQytS4ifWTI!Q^@!6Sk18sDKDcPi)0AAU#yE|~BGkX&7V;i(sdDVjh2DfZQa1I7enWpec4Lw8 z4fPE;C!goH?gVFg+a%BFK*vPsIdY!=#tQ@&oavq5JZn*&TMFg;mW@x>o}oFjc4b*^ ztdsFnNAn<o7|c8Lb)Om(bqsm@ zsWet>4$6>JgY-s&VbEXzl#DJaqvO*31%iPd8>$WU`W;w591QhFOP6aWaI)6orqQTyg$>^A!&kEP)ctAUL#;n z)M+HuQKXLOH;tQM5R9AFC{eOzp>f(W854>$fvmr$r+Yk}VUmEszs2*9hA`=5*>O97 zY;4RkOW&9$!aZ_i6csKrSVWZj!?AEJvU9qZXf+D;>42>uN3NWwJ}age8an|^ZS0d$ zeH*dKp3G*+wMUyOhWa+rsWV)FNql-^A53FYKbiWDu0_JHoP3P))R^VwVbL-N$$Dg- zE~ZBM<^(h~s$d)YKnj=p3>TPmCRtiyKuUau^HdQAZJJV1M#`SIq<0Zbb5?1ZkB&UU zHc)b$i@+{DaY6r3%FmBoS460%HBS=-Hw0Y zE&1K&4qa4v>%>PV9;?3SP;&W^D`r19`-&sWlSA#H12_ES=#m+!2M%4i*4uHVGrIoX zbvN976w=(>J#HRh(Ga zv9fE|Yaib^d*RkqGw1p}vuCW@x?tAe$nVIC-$Hhr!(Yiaj_XY8wH&$9Ov`}RWY)-}HA{K9} zh5I6QDqXSIA^l#6G0BQ0b`TOyU4?a{G7cjyG@xn@v&|9dchyIFPNnnZMk~2={2YrO zp6jo6OE=jJ{u(z}XL)L{P?bkOYi#^I9WByLvGIkx`+)}!*p=fN zY?4~`E0TH2z|>Wbd@K!r{KzV_12ANS26~UT{jDXca(h}u=fcbdj5^NDQykovbCzSJ8Vi^S1IxD)h%kTGvunJ zMA@LKLe>AaZW_!KY5kukYln9NotyOG{}GkxUkBk4D#H$lyt zbm~oz9(51iT}`T!^>%wxS}47lN`V^iAi%8i`n*mF&uf14CAU%&sX5d#Y8|zm+DEk3 z_fSugu?f`)eY&U~iK6{*(LPFp-W%FSwFsU$%~{W%X`e0LH|Fui^utnK!#5ep4i6~QJ|00;G7+Do;Bq=^C z`ptYc>XbCbL3RV=P4=HONYWW_oHC}f8zv8;@vl4H>c` z8G+0FsBf`pzgqG8n-@+fOHSC>vP$}5nO-m$JZ}GjYwn%A@uwR@(Th)7RBpE${0$B) z_S7dX%{;V8AGAAp3%$wTVm!r@G5>R83pVg?%dlaAWw!cxud8ffi%Ka5;ro7*xw<{n zkq|d(S%YB0F=Dy8v#1AGQ4Q1tYBT;0IfXecl3%nRj-jDag_^@mDrGgJdZCM`u4c>s zt7f5-CtiB_$w%M(4gJ@@-DDEkCS8LVan$&0ELMlO>cl$HR8_y@_(KP4y*HkE^ncY> z(3Uow|6D(K;sxbJKinWSJ-fAbh*QyJoJ}Ee8it|&*b-B5Cyh|?!^O(ytH3A!yN1Mi zIV9r|-Ae$+*p1S?SWKnnY&dx=WsI7s75HH?HPd+1svKJbCDj&1XyQIxd-?{&9Oh&4 z{AMI&Dn_X$EhZJ3(J}cP23)`};$s#Qt{F>HsfOdFs~D@cL#JcFHhBkLGiC)2j;+OG zykCETZZ^c@T`WmtMo&P? z0)liTFI~zj!_pQ}=Zv<+Ki(j zrnlU@dv}x82$T+R_`ZoVb*Dz?gzn&ZV;2cBWb-s?MEMJgI>%-F4j&hC@q3Jn+l-kvrxtWjLW%!8 z_QR6-cgg`#9?C&zxpB^n$37$$v$5<6;2|r1`5$~%Uj8@Mz@gp)sW~-`XnEgQlikEu zCc36og^lFUMs8uAC7Vg)x4&_bU3&M@P<2Jec!zyaBUXB#Q*>itU(!3=MtiWTZD#gl zPWOTJpgiTELR1%ZF13c*h9r^fTh6L&Ehek%AWWQpLPY{2n-ACsV-z+tD&R$Dn`3Q+j<4az)LLq$>3ER?~Lr0|3TmFGS zb($i50gz3!C~$j-q#xXY0hPc^vtN)taRM2J35cJX(WBTYbfh=$ozdEGZhKd?f09nn>h9IC%0V!$@9w>`fh~7~4Ni(LZEbT} ztaI%~cTlXIbA#X6QdgBMx1VEB?pC{WK;1ELb53^w@i**CxbM)nCCna+L$)I(4h!l{@8WuC@5VMLH=Hwu0NG(S{t~}RE$wNe1)=z}# zP&VGbID1za2;;*rC<8%k*$x8F5Wa|i7%oE+(gZvYk6IKfvFj)w#$XAW{TK!&W9mY_d);DO;PmDX&s zefqLLcI(?Lp7R!{+ z(i`q0^#N$Tbtx-j5mG_y!*9WAEYbr)WbPtb9MG4cq$jv9^cwqcD%6spLY)S*PosSr z?Gp?}Cgz)3HcZu2`p}j^TUlTFHW@z$Wc)OOtd6mU%{~PWWn}PtTson0m*>tp;0ya= zMvR|=g7kBSwf3~MKdcW*Y*Z4^Z<*-cj-W+eXhUKzkb%- zi(ElhB-pp?s4A$^0SKWxNFQC+7mT3u7tQNik5bKTPkvAbSQgm)HMN%J`o8Mfi^0>g z@TE(_$HFWUHPo@@U~lc@%9)E6&#vyPZ?@Fd_-&AZ5CDcMxiwpo=9sJGX<1o}NfB)>834+opiQ0ei^Uq@+|#ChMND-zDs6Lb|^Sb;g~%8l6?=&mj}W^41X3o#E-{AtJmlamUxSd zJ}!xv$_jVI8dx-$e2qT8g8GrB3j3J+9lD%tC$!BRJGc=JU#xI}yV;1=-IU$K~Z6#J%WZ zkU$AR*|VO$U#rwIw3O8Fr>PCs%ah&i6`t0O6WdLUvBIFU8nvw0)U~F`zI6Xm9z=Kz zNYf0ui0jdg=WI0d$wzc*{M3Gz}( zq0(xSI(DA)-_l1k$E%V??U334cJ=q21akq)n;2P21*v~YH$B4>2nI(oDcU z52%u&38Z*v+C1wA*NSjNS?Z##MRr>};84Ltyb-Ocay$kc ziN+~5mC@I%5=H4{5EaE$coo+ois0vBBfO$SlX(rk3Zf`oqloWlkrTt;oDq9pem;71 zI7?PwRb`0*ik}Z(Mvs%TL)n6;^fD<3J)!jZxKy}kaxq^<>F^zAdp=0SbJ0FBJ%Xy_ z`OGy%wGj)I1f>lCG+s9~w zB#E6d;#Dk2pk9UHiu@uQjRi$-7F7;q4{q3!nijZ@B9&Fb7orINMeRh0NzNujpHq z$DumFp;iiy!YFnDYtd4+94=!ssB1(Uv@_+O!h7kCn3}<{E=y(_359j7@t;y^;t2Kw{P>{%; zq6>Dxv-p~i@;y&ARgiW{V~^Rf_i0aVZ_J;(eG(Kf-$s?gc$VYha*Xu@3S|Jl9c#B3 zXGuXhsTj6e=Y54RnJKXi5&jH7WRDPxfB@+!5U`!!hdx`JF#Yk<4hlT=1D@O=O#>3|7c7l7vNTXja0 z?pEOb>vvbNK&>Wc6|YP8{#qxfRrJfH{-p)GowI};g$(6{xQVPKMloo754)tfy&jLj zVAPLdRmj{dOc6j*6vSXA6%>^!^e*G4W86#ZuZS#%-ld8y%occ%mes&<)V7LnP68&{ zFRR6b77A^d=cVVt8n_k>$e5QVa}@gGDCD~Nm<#kvc9qE-Sr)B%|f<%WQk z!-7+*3zu~Jet;Gc;mUHHjwuvV&GjTok4A!iY$6#9cP{I{ z`24mLf6~$_8(6-*v2L)+$ino9#wv{e5WQJ}auFK}Fajf*yg}Aea|A^hB#>$#B~i4e z$R%@>!zM_lQebB0zfMzVMg9(P>XcK%WhGN`fyW9Xe${62O5~3QHACr0QQAt(PQfar z#cokbTLmKyDm|9>zRWG8ro} zsS2ZDMYBY=2$I%qXD$=C$M5&MLE7n*l5Xku-@Z)5uUoeH#;xG2WlG}w{qnQ^P;CD! z>D+e}HKh@^ZRR7IjKt&)`jz4`5&4t;2P#uP8j;XaQxABB-$#Y>B6TQ{-;Gm*5giHL z#6-$s5ENMmM+N1q@-9|16O1jU6B`)m*Zj0r!!kP2=0q<*{7|~Pa~W=+Zb)J=~5x!E;Ab# zR;Sbcf7>GBgY;5DEcPgC?8X#KEU=CaR=nAi)n69Zpa z$I0-`Sl>#ABT8(X%j=pj4|=v5S*B48twg`^i#rAWfKKe*)z@ohjr!FJgI)zU?F|NJ z?Q#YC8sp*G8Fk&25xepEJ4D?9UT9v|(y*kvueqMW5aLg8 zK5vzQ6HG_+fL7CjzuY>%*HII8`bEKHtqXN@EzG{Nz382Fx#iXSV@KQ^jWO6eEBA${(Tz$b4}RlpR1U#%183H*Rggxv;%L68=N7T6XV z!M&n^H)eh)>IQgWo~T>R3)0g%5zRL4)BjEMYSRcBk2#Nwz$^2Z=>&qOLzVEBHg!It zw-7r#f;S*_a(`<7$suSDw8v&QFRrU%%9M;nIgwRs6%N+zZt+H4VT)A*PE*7Sg^X@P zM2;l}Z7DTkcYVn9+K#D9Hg^j=@e3Wq z=+(p^hlk70bLRwV1n-rS(jrO9jz;neQT;`~XfatE<6^>V^+v;fd;%@7}yVIt)|MdsZR%3*Nui)rNx(_8hSKJcVtKO|cwYa4zdO zXi%%!#T#&v>wQn6mYWBv(bAm3%yN&WQmG7Drb}<319a+mD&;{9lsRUz!2$HktKk5V z<7KTiSg6-&ZPGC?V3U8fI=%E@HUVBcH=U-K4^TTssY#>k@ezR6h7JxNplJskba2dd!cE(@>J-r#TQ8k` zYhTr^!X)uU_l5?gfm7?IZFn>3y>)iQturqkXn);RGqG)9!%U^JCDdEr6{&ZL6YYVv zhRM}k3bxhPUDFy02z2V{X=O*Rnz(*KorO7l3Jg=H!81{C1ORvMy#Ne<3BMRtxLeQ5 z+!1IB*tHy#9s@M1H8^|`@Rc{}wW>J)q?gguqvWmbNRf@gD95gjh-60-f6$AOwU8*A z2id?}EaehCy8$#c(A4ly4nqT@YNbF%-ypr%Aj^SyY>;~FS#nm)`7=HH%y1xJ>{1Qp zmvDeD>|S_=qN1|;PE*`&4x{D=sBUUDYKJJMn(`~q1O{a6s@#%G9wEp|jK#!h@lJp# zF|fA`X2k$VU@_x_F%dIfg#C&r-ilF?dEmQ~w3u3v$$X}keu6zJq%_vvrO6P1-D7$) z&w@=_6(-@+3Lor%3F$gcui;hZuilV`rq=zVZmRU|g!k`$pBealoq;g{pZ1h12b^UP zO>94|>(_(A<$pZ~8U>Y#2K1J{EXsVM6f_XR?et}9*B(B+b}c-bSu5L%itF8o>m4lA zn>}N_K}pT%Z)}HeQSUoO)J{BOE99&FUt`r;8ZK0ixpY($sFBRJ9j!ZkS*$s{mTRUa zW8A&qH@xDJGXec?9>bxrtIT+cwGmi7kRp9LMGhpHxFbyt`T|_1D`B`>l zeQU1%`a=CnYZ?58S6`xaImBxKn&;m16eS?qiK0br1bc0imoFux7ky|A^hV{&i9 zgv@u&Q0Y$`O?}(OcSLMLSZ@f1=ALhW=2q2+aIzwm%xFT4~J5NB$J1Gd0AT1lTk~`WvI35P)ij(+#JM-xzF04L8k$k^6J{4;8UJRa5P#HC9rWQdd*o zp}t4`l*laDgC1+vq8N@Yhy+3Oe~d+cS;Jp6tMWIpS-&Eb1dD}OGhsI6SclMnNStNM zf!}OGsT<>sm?H}Zb2NZPLUZW#5JcB3V5o=mGbFYv!hQlEYK~&!T;kt_Bqmwehrv#a z*>d=^W&ch1ykY=+XK z@N1?3uerQF>NK03(fV@piJl$;0p7!DQ10N%Vx`bu?`SX#86NRPqaRF=7J&yQ?2)do zs4X*ufKU3|2K8=W+i;}OTvZtWAKz6`Wqw*!&Rc|vkhAr&R%a+w)-tUt>Hu1^hHkn& z8oj+SLw|QpO)IO{v#m7?jz2NCx()BQRnMhcLB-F0W?f=ko%rRBy)EUTPEsfb<`_7q=$eg zjdI7{8BsCU_vC(t`(AL29!kFywpuLKFqnPLIm0dMq!-t$1fE5UTuy-oix7U~%vECVwa#~LC!fyUdz#iG*{GE~*ZUU$A;+Fd7ZcJdQRo zr&C4$^o{Z3-XP{4`R$D%;vPs7U2<+j%Tj=uzX-dS0xgO9f z)az@(N`ra$9FV!iWYpKf3qAC;wFTY^JT{4hUl1e1VjU5-I+$tBiuDxl!zx6+@b*8nelF8y8l2`H!cNI#K22jd8D0LAVhzIyt6Y5dsRmyH3V z!t4!WQctf@2NXe(MSnn{f(j566*N7VX{Vn8r*8Cvo%G=FZ(&-O>6{H831{a03Z6GT zb0;_fuDwLs1iN?MwDZ8t;AXHm)8j|w8Oj`mYZrDM?E-H+bL1KDsdQ{F7yvJ4o|y+H z{WUYu0iP?f-utO}Sbw}fmKPwkddC9R5`YCJC5~b4A>;tCM+k0P-J}_P5 zcQCc~fb`yp)TJj*T$%!}SCl_iUO|2y+dAvip;=qE&SEZ_we>=HWoPf6w=MztbZ=*7 zhr{m&Pk#0I<6k`vZ@90lva;+xbkoO$X*`mFuqiZNwK8^Pz_F% zqCOmvUKxTTX+nuo`^ObsCO4p1h7*o?Y)!RySi1GABYLxrRX~;B>`>9=zNUa{_ern|RNmHR0Pw!fX&&S3*+xOz zYFxLurflc<#VMuo7`)i&S1If26>6WO%&$_EmnoJ0VZm{J&t%iMI@+i-`C|V5=MAbG zZ{&PU^s^60HdkYraZkv(QCnW=Y*aP8xa-kLj#`&XuZal31(9i{4#LwazbhpfMO)BX zm#~nB2xW9ULBh#NsJw{V2TQeBs7I2n*ccCm(LkjKgliHvEOCTnIfdNTE*hO@@ESlE zC2;l44pf8c@Z2fNh5OgiFi|_+bm1lRlUJfXZ0C@wd|7_b&}qM;WChzyT#E=+-<5=o2=#n;8cxMp)Kvt&UhsYXob& zz57D#lAij7CiiU6Vs>z>$;2t_Cefxq0z0d)XJ|#(&a7R_X>V#J*(;p+; zaNvqRpy~WZUKeiY*|ufXwCVk8X3c18FiRm-Oz?uujvQLQ-HZi}<>uHV}O$7?nQFh7|3+G3J%G)ytg3GBn99_|Iu>uBx!!BdwoNT@?tLOuUX^N3{uk zIteoz@t376V=tlM7Y3blw_3-mr8{&=l_`sXh!#l(DWz6}ltC03;vju0=l4Ou44WoC zxUz3a9_BfbjopHod_HD_4lKpFgB3bP6i*Q+Yi1~904Q@QWytbx0a`)P8IorXsXvF) zZs)^f|Ha5=mcO8=6Eq8UsXat{jb`qy-MgRnc)UJzz<&PT zk;5*R&({@5_C%L%y5#4~#qCq4cE$w_chmZHm9&9ow8gx6G@8>jGOKmaNEoNGTljEh zKK|oU!`ra?6%;btmcm;2-RChSin0T ztJPxxCp{L6$2xqfs;zZ?TN^VoSv$3De%qn8>Z&#{C6a`XtxFBBNUfi!(CQSEmc6-b zl0v6dfTQ?&TUB)%Q*Ooi$p2n#tCD6{x3yJ+$Ew=I%&JK8&-m!i@^3N%Zv{6cUf8zn zg~UFcg46D=s@kvR6uQh!xx1=cThaWgL2dCb!V99Od_VzAAOPyYMDQuWIq_rKsRk<- zQlLtK5Ed;J93Iy@=r#~S0&@o)YQ)M45XNc=bP>y)WCjeyv+4^x_@mh%ftKUwG-oyW zBd8mrt04~aG~rQ9L4uU54Hk|Bm6EBK#&ZIVrwSnRu%Ou^B+nFRTEzh#Jl2q4@fQiR zR-D3uli>HD2b?VNlAB%797humn#$45B)%SJMr^EcJT*l-kbIBJW42fu6dYP=;uI!gq5wyRK2s-X#7jg!kCrFskrtdmLmapuE({=mDKvp+Qt)(GZU~$|ZUQ2R$4CKD zZZ2A3!g=BXVl5ZZeTDEvqV+hD3L^j}o6!V-MWqY_9joRo zYNw?x0jr!IR;6KSmDV&_RpYS7)c_dmRmPCd>$K<~alN$~1`T|IOQ8%}LZ%COEdv|-!dQ#&ivMj^V3c$BHw3-gLidNV=$Mu$T4>k*{ zls2=wv#d-6Y}ff(4`V%`(nl(2eQSNh)~hrqA*)g}8uXJwN-kpWv6cgItH-=%kwXZ2 zG<22G0ilWodecvp3YwwSoB}{Yf&s#i#;62<1AuYT>_?DOLOsywI7Y{EG-@`$eEp)< zZnap9CY`{DQ=A5cpenbZZj4@1na2)5n+|nrtx;oLpfQXK22@%`E%8m)K z)}qn(@SHC@-Z@#p94sy2giXVsm(%eHS? z)B4(i`iT_~`huv@m7=zs4f1mn6Lxn^WWDu%JF1plqnR>M>yEmd8hrt;FGcZ`2g%kE zs)6dD=3}p)V2Ji(!#Un zezBl(!;Qm#M-w`n`P^62X71ZE{^E&k`uFG~KxOKgx_i7`gep2PeL` zz;|-y=?ku%t~m;CsP8ye!C&(3qD8kY?d5fV{m-}V>-zlWPutv|zCZOZ^aTK1f3NuP zn~w4EHnZgW;Cn!8Pc~03i&b$})V*l5VqoEmW8q6?+pmLKiq|9&x(;B5;b;RP*Uhp> zLmaQ_#)}ZMOiG-yS#&^|7!3UdFp*wDR^MZEJ;ownY(3_taLdB!^#iW5DnWm^y0;=w zn2Yh*ef4Mr|?0(4HzQZx5@Y`IrI~&3QuJ@*aC|iM2VBF3C+92 zOjVB;0a^SLH$Xq^OPLdmH^(w3Vlg;1b~FZ5(&m#@&8?L?s;aX^i}#y zNDrVE9Mf0vJM{Wt*r^|(e;~fh!BO6mXTfR3c3&bRgQ2WNG=DT0a(qop9xVDzGsK=c zOc5e^NGzqqUP|+YM4>!CBTKPE1W8l2@`P!>S+tlDV%{JYmj)yW`$e-8Mbnp z<#E!eroN_R_mXb%hxRx2!BpQyX^51DPD(O&U;pq%Qj*uCad=A~mI!Vk80_1)5xiU| zM^69c#Xj*JSVfRy+Ji`pvRDJfiXIj$H5kk5D(1J_0&T4UTl@UVNV(C#EG!vRJ_NtB zOzC$!kc3iEQRV{_y`TE9-F06F(ioc@T#Gg*z*Csvoo4p@DvTE1QUi!zyuYj`KZvoa{@8)1- zrF+J!TWpL(LbQOZioalVZT@<=(uXM;Kd^$?gl)AO_II{tjp0sc7iN% zMJq6d@%P~-NIhAg9^l2n{ak;@G1T*#C<<}m=d3B&y?k6Mdj8~AUjK}#%qEJo@mDP} zF^)F>XOryUm?L*nrvhcqFR`T zNG7nF2$6@M!*z_%XkkSVY>=daXGZ+%q8kz&3_)}tODx=1&^pFMP+73H4q&|=T8khV z1X_b=-J;lSJ#MRlTz$=5Hd<{H^+3Tef`7}zqnpmP z+138_1J|^1G^4Kqg4V*a2BoP{ZzzvfSCr`>C#cjc1gy@iwZ(CSj#sX!aWngkew@&L*L5rwy zK%ixfZf{HDqL8M;SLaqi#!IRPtySXgREX9a~MC&eaTLx)MV7Fqvla-s7uio znO_HEzGAYA7M<1{_9kl9U<3rv`VD`KiFhE0*1Bk9#4)b|I>d`W7j_K8hHv!gk_9Dn zfh>4u9IYwkg=CPNBd5Z6K`SrI;XT;AI>T%cdS`7_s&st0!sy~%Cu;v|!@5~@b+518 zunesX2c^?T{v`c@R}BJi zEU(r!FX`Pn*Dflnt*Bt8g`Ku4hIQE5z`O;~u&N>MP?iNcIv!n6Hcsm<+x7XdZ-Sn8 zczxqN&f9cOmeuIoJgZr{sz2a+ZrQm@oaHCl`fr@TTR%P`Z?5gVZr?yh&-Q25Zvjl| zp(~~&ujjR>8^G4~&Mi7#gL+iU8n|rft|s(!REExe9eTR0lGV-Z&unozga+sAr+UZ7 z1kT-5$2q3v{CxWrDdrfZLZf9F6+$Csi#%qA(JI>oXrl=#Ff$~JMJ6<68ZBVt#d-`1 zh24C}MT!nyeAP8OmLIa)4@pm6e;J_R4^pY?pM0LKD4c)#$mN$`Mt5Cy{gXch^gTU2 z?N6*;{RI82^x%`y?&u{aUft#HH1kT>Gxd@~G|Nqax-oOUpaxgG~C;(^V z4C(*?0C?JCU}RumWB7NMfq}i@KM=4tFaSl60b>gQsZ$4Y0C?JkRJ~5bFbsB^q>+FM z78V#lh=GAy_!DDa05(P>!~-BC!~j#olkrgO@cCjlPVP=r`sCKJ9s9Fgm*|!7^bbVc zcSfXDIAAcc2f74M2C?rY-H!JP3sBd{*jXTS&aFKRQW4`qAk4uX8c z_d;#ff&F}rJ+YmW@A>W$hjm*)^E5Wz+#mmgnt# zCW&*+h($k!G;{Z9xd}Dzd!gw?6)%}OGMAIBd1!br_mfM8htiX|ZYwp{P|nYt$_Ij`81qnciKw zFGz>^NOZKE6{6cfGP8+J7|<^YE z5bV!IavzRk`u(+gnx8)a?q!Jp0C?JCU|d*uHqm?`8btWbEQsHRw^cuet+l7v!$(jH|s0V!#$3sKlSP2V1IrrAQ&wVDNmd(d z_u28;<=9QLdte`Af5RciVV1)c$4yQWP8Cj%oEe;5oY%QTxx90o=2ql(#ofhylZTwg zI!`yxMV<#d?|J_5lJfHLYVexpwZ~h;JH~sRkC)F0UoGE#zCZjj{NDJx`JV`o2*?W9 z7w8hWDezs8QBYRUiD09UGhrNIlfr(5`-E47ABhl%h>2Jc@g>qBGAnXQw4auvL z|E1)l+N4fNy_Uw6R+4rnohN--`m>CPj0qWEGLtelWj@GK$V$jsl=UcEDBB`?Q}(MI zpPUIfmvS9)%W}`;{>yXAtH@iC_blHgzajrpfk;7I!HR-Ug;j-@ib9Ik6!R5#mFShM zD!EpwQ@Wx|scccXQu%@kxr!x~8dVn62GwQN7itu0(rPx<^3^)kmefhq9jNC z0C?JCU}RumY-f^W5MclTCLm@6LIws0FrNVc6$1eM0C?JMkjqZOKoo}m5xfwiD??m1 z#<*~SZH+Nu2P$4dgdjn;(4oc@C>M(VW5t8k*DC!lUMSY~n@p0`Ilnm=KxA6(!RWf-Vnhz>kb2?MSnsf-?4q6UlxEaW(o{Q@4S2F&_g zYn<1(!z~>6JX66r>U1ceh&;18wIf`iO0G#Z%fgG2%{-b-VKJ=uV52RCT%f6L;M44~5hnw5j%`-y3QU z)lmGJe8-=Q$2HVH8t@GzagAK2J3pkuz0^4-d2}C1Um^R!iEW zo%zhnOyhyxow=Qvo*R&~3ZoNq9EX{inVH#PW(J2jajJV}1uxN)x~h5_s;htfYE`JB ze;!<}TwnP=Ke$yj6{=K0mAfjpS8l7^S-A&Q7^tC+2AXK0jSjl#VFHttJ1X~9?#2|R zu>reaSL}w}u?P0VUf3J^U|;Nq{c!*uf&+074#puk6o=t(9DyTo6pqF*I2Om@c+6lU zW-*6N*o-Zh$5w2^2{;ia;bfeGQ*j!$<8+*XGjSHq#yL0_=iz)@fD3UEF2*Ie6qn(0 zT!AZb6|TlLxE9ypdfb2;aT9KaiCbX7h65J@eGK5i#|{h;AVdU-7&|Kyl?N(4BuJ4V z#{w3ygb|kUP&^C|$0P7aJPMD-WAIo!4v)tZa4VjOC*d~SjyrHC?!w);2T#Vmcna>r zQ}HxB9nZis@hm(W&%tx?JUkySzzgvrycjRROYt(i9IwDD@hZF;ufc2aI=milz#H)< zycuu7Tk$r$9q+(9@h-d@@49|WNAWRy9G}1^@hN;7pTTGGIeZ>p zz!z~pzJxF1EBGqDhOgrr_$I!EZ{s`oF20BF;|KU5euN+6C-^CThM(gX_$7XYU*k9U zEgrz{@O%6Lf5e~gXZ!_!#ozFE`~&~QzwmGT2MCkIF%`C+$Uh(>}B>?MM650rU_$kPf1Q=@2@U4x_{A2s)CEqNC{; zI+l*3<7tLA(k#uIjC>7 z-w(oO=9z(&3%(JTO_v@)Yh^(OM$U!Yjtkg3+ z8Hy&aCQK{HjLZ*(kx0w!x^giJSW(^0u~E-sC2D?T%cV{nSR>Q%6DJV7XDqC&k%)dG zQm?68(F+FB85;e-8npQ^ZtTfOr0oS6`P35ad>Xxe(RE}XIiBDMsSE3+nTSo>a)ygm;`aI$hj45) z$BLnXUW+XT0RuzEjlN7&e^(D58+xVEsEHlI$-2DHLL!Tk_r``kLMsmP)KtJ|hkjJ5 zodQH!Z^)sRy`8z>knlWZwfv|ri)pEo2oa^8%zEXt0u?QuSZHnAipHvyByv&v(J55z zMYGWJxcsgWp+lr_#O|d2vM~F35OhmD4Xq%U5=%~Ch1QB&#=!40?1a_l97#k|j2LKq z8!e?cflNi0qZ0YiKo75RJR{L`tUyGrmDCd}a%I?XWEk=t*F$R%iL5=2S01m#QTfMk z&lZKqdVKUaR!cgZu-!hRP$b1>ozhS)OqPx>h$QoQ$LZ4cWa2L~e666xh<iEs`zz z8RN1DyaJhmy|%gq;!WN>k=3CX8Jx{&vvfJ_WnLcIDf_AdH(6TBU1hg4k$6_n?`U=@ zIHjT1Ws2wpel%oo7NKm!dFt`8dYnBXVcIa&XH6k~ROiiOZ`2w1yn|ifpkN2JO)X#? zaBx+=cQnL{jV8v)TbOMD!^_vNz;E;NopD9aA}MB zV!}D^)iNs`rgdgiK1|C_e9?ETRJ0Xxi#(|f5}C(_ie-&4lDlR1Fw}cFD1OJU?1#2)EKjPaTY=GG=- zJK?*xm=T%t+JSPyWLVfu<^{gzftb)CHpdmLTbKn>8>*C=q1)lPnI}^YzG$YopQ#&b zDp08%>kbzxA-KXwW@S|=bvaQ-uya4)6AYR>IaYP2Wre)E6*;0F3U}ydoxXC3ciAD> zb-{JOD`=`e(-+gO%xwjwNJU)ZZ(UD;zja-Vzjd}cS9^7SXU)Xsct(45Xu}ohkjq9r zuwo@NP_k|)ZFMf4jolL88gK2Lxy;I?3$?gsK5Z27VT!ReuKvNOT~YxDW@;@3Y8qNY zgUW7;rC4QQal3qhaWSrzhU`eKtvL*X?B%yqHlHksx$E}H5sp+-(gw+oGjZJq1J`SP-goi7~01yn7l!Z@+2n)>18`66&9#)YQvW?GdflhMQ&%Kg;i zh$c*SLKU7R$7O;lt4%t7v}{<{QxeqLE=5plZB0;K76zLQCr#(-j7_G@cEPG8h?$wV zI_|=F_v6%0*A%4bmA-M&GR(P|xt4zVsrBpJ$^K5Pz8rM9E+}7jHUq&)uV7dx8nMN9 z{fyAGu2aIC+c?`UO1`cLoc5g7sW+9+b)r#q zm@HQ9%u&x|(OSvbDa}K+0!HjvHfN+cH@j`aN^iz=YUi0qcmLlmb*$dFTXXRAI!kkt zIXAaSHJiI5uBN$N9;7skCBEj?()j7IGDZcn;WAkGQO%UjFTF8&@f(ZnL1KmVKEG*) zN!4=d%TedXR wKR5n@sM`5}7KXJ&;oFk`aftYr2h7i^W==Jm{tIe%siXh^0003|xQtN%02oC%ivR!s literal 41752 zcmY&kVmq1GwlT47+jjEAp4isJwrx&q+nLz8dB1!A+^$-+Yp=6*@2)aLk9o=6#Scq{BKuRL3xRQ zg{h$l0FX)at@-8v?4L<@ZWiCdLL|HqTU=Ru)b*t&Rpb1vUGl)iI~cP|2FZ0wD{ zby=g|T>m%Duq#(yZ4EuX^X5eVzgQwrJn&vSLtE2tuJW5(`qt$T>Iuy_*gJpsl^gus zmks~`BNZpw&*k7``W;)a^R1)*54E>6Xzr#)-(xOB`t~9J18K1Q)VKZL?2kp*|2Jm9 zgz9|l|LpA|n8%v2fr){^4ww-PB$9!V0eJt6;3VkLw+^8Lgd70)@4A_?SypfFcyB*< z)M8pdfFgk~i@u43v5_Doyr2*WBqSnMPhNd#T3(wJIlAvQ}$Cw>f^9B6}GdQfKWQ8hP zsie93%Ll|A(`I2G|!UB%*SZgwg^Zck7}II zA;>jOQ78&dk(r~*%IpT3MXf57AP6;$V^D3KV+{A!8H8BR>A04s&!Cdmad|2zDhNW# zyxMU{%(ih^JLgnef`3Vv(fANCM)!&}F7nHbeiug#n!6v_96kM0C-*MO|oEm0r7hXHuEX`hb$Uu)D| zm_gfiU4Yp&?V|5nK?iUGSb{JDvH^YoZ-5&h4Uh})0Js1Y0rCJlfbM^DuB+G~r!9oE z36BUCFt|d*wT9M^9yjcr4*@f{_}j>YC*%;?lEW!J$`OQ6FhCT3tp+t@;Uns8~XN6c*ld)$U1+&zzuUs41Sd9C>?Z- zJ=H#e_!_vlYsAP{lvcb)FHo%X*}{5kHBs9XKie6^g8VYZDyVF23!d@0K)iV8h$bC3 zQC!EKmRA2sirN=4=Ax?HH2J*Nr(54}Vh}_<6#%s|pyv6500EI4ZLWoMoE9GW(Wqh& z8aWXUmg{h1?6XMlMFM5GQ&Ng&KeP#QIDWY|k6pgui#Jo&)*iqASrf0%y$4&G`*}2U z4GYiy76j7lsC1>6@f_&+RJZ!<8~sl zL#=H(O4!}L+^TerYU)jIx_bmHhX8Is$ha?a=Iv7|;FXuQn$-dUT*QmR>#LyYEWDx< zlfRx~zNb#>zn2LF0P^((K=fGa?1J~eT})==b!R0Q+yCdm`iebqt3fa^C#rZ5K{^q+ z_e{~e&lzDX!&t^-CnX|*CxIi(NR?S{sW(0sH?H=wzy=o@0T7xB9x7A{bbklF)TNj|M zuWkK;M%0)X(6+vGR{f>D-b)O=J%S?>2J+oU#XjnoyQ4iKb{z^nmTe@o=b0qJ#A2D=apVBjVjjz2uWp zJEi)pC^eh{Ue0b!x)zAMd9uDn(}%Jaw?!jiHY+ryAfz9(xUOXMQU2M?8HTp({w)hvqva(I20(t_w8XC@e^aV{gC}a&OSXB)$xle=TCBTBXfHx>~-@84XeG+Y(5vEUHIN z_Jmr6&IPyxVv;mi_KJl8JS&di3OQZA&W2#Z&>@)K;pwnL(4W7@fHF1KfXG%2h}>0;%-NX*E^SLTWpN)G_i22I2+*>bGQTi6JN)%2F+s@QNtbvYR(E^a=y07l_BPY& zV%nI?nhbU8Y#r#al64O^71`W;0hoxa7P-Z6Da@N7z^5O7LR4$(q9SiUtCPF80vZH`k|Zg6^m!SsF=A0icYU<^$d)Zh%Z; zk`k`s>wGU+Rd6!%K2SN3j)E@x?FuWf9$2 zsas!@ySpnHQ=xU9vNq2*EN@W!zHeI#?*rxIS2CA;9^h|6TOSZW#QVZ{!n54 zUpBfySs$UT@Wq>dov|KCXk1UIUuV7YqisoZR@*I$#^e`lZtnf}Hcej(uFNy`q~@qF zJT37v=Z^!;6zHnJJ6yJmpZ1CPoR_q^A|pF|l6iVRs!!8uQg^6_TNF(mU+`syTH2|~ zCSN3=%808qen$R2G!OKK_C!^~3NY@raO1YBC9w`GGX_ znMjf2kgbT0z)cx4fZ`IbtU^U2dQ9N?Ue##c0t- zYXid#@`*Q8Lkv}wVAex&MGrV;=Y9F220fdU3sm@k8PTk-5a^z^4h&qUVn3M<<`O^? zJF+U=zuE_Cj81c!j$UxuU)_lqa-?0nVBFQ)J-Eaj5&yYiY%I(i%Di}h=g|gEbh#!1 zhPbNiaih$_J75DlbB&qk20mfb_3NQ~Odt~GAebqg{|NTTc#{8!@ebmMW>TL?zr0dXzs+MYKn9YdT||>ctNChDgJyECX{270 zMw?y_D6mk)R3$K>6=ZteV_vD);4%LNW;y__t) zqHT+Q`+=x0>orHDe8DxQdmnySVHH1uEzR2^pha3g{tZ#Q*oYUBKob{8{-uEyW*6c! zPAdmQxV=2w8#HGIWHbD9iFB%H0LMu+r3{V>zmFAZSD=rP*{jj%L>RaGWG!+}jmmwu zAy@9aPKdiZ%IXxOM@;xyyj131jX-LUCqiP#Hj^*X8l%tPsjl(pVfB7@%3%{D&C+!x&KeV zjjb4+j!Z#3SLS>p{+b3$EvmhBCUMy+Ub^$RP3)9)W+OfYyY(P>PmPLqUcU0w+E111 z1=ib`%TVS}O=_S8QHtIe@300j>eB&@jJ594cyiU2%xNSZGoHE)=oX1P1i3Q=5{ps{ zZGDK+MoRtSPfU)&h19yG)T$gA%MUY~c0a(?S|>qbCX2(eS6k~OvRpMNsZI~JN2&s= zYEZ!#a}7E;$gg}*DOPY$Sd$t-&!KUUu=)Dvw%|C>oA}YUamu!7yPd!V+C3BYAdhrW zKP2*+FcpZD?OaE24AV>?`Y4U@%$3g1nhl^a@ay-JvgaZFhof&58t0$4BIVD}rq}%h zdquO=mkqNxO|_R6s=;{8=}y;+pXrCa0A7E}x&2rF0|By^d*#ol-R%(_?GRvWL~l)R zD-b4{=5J7TWozY7MHWn`6>~+3gqv#b!#f2C6kJPti~woc=r&mR#X=YqBIvOG?y$`2ZJAfWXls?q6wqYXB%f5A zq9}FHAEhzu2=&^XvG*u!rQq+hGr!i?_H8DkGQOYuU2foQFeS|uRUgR~r}q%w%=9Gh zQyY!lI$d2BBb8_os{C|L6VQDx_+#nGT+?9u6VDT~wU&WTI@BCI2K5?^q<=J1+$@KO zo8Rw#byIu`51F*>Q!f5#a%F}ejw2^K8^Y*;=F!u{|LAQOq?O$o!=h)f(ckCqgpG+C zSJIaY=PKV^_0Jau$A{KdPJKGP!uyOr>KdMdYobDs8%S{2;e&f+?L6DqsMs| z^M7OT*t#uuzJdo(yyev3l?uj~#)Wf=h%$yN&MA^&7a4VxnWLSJA&0Vo2XLLklg#4j zU^14lj>ihC?Gufxy?Nf0oOU$YEsE2%&z4v&@@*bJ5?Yvu-l6yrH0ICv8ZM20hh6on zK3M)?tz*-o+zF%}uA%LPnoHOOZ>b)5u#)T$C(9|6H%B zdV8RF`M{%!r$37SABWO!$^|jlshnxM#AENU+gX#q`Q&>&0el{M?R(=q;mlT4YC8ckf|*bkb{ zFmrD;+tr1gQ|##xB^Wsb=)K|DtaTRauS9Skh>tELHGovSb5DZP;l=sM8b`5&qrHs3*&t zb{1(PwdwssR$FVYE8=Nn5LUHWe>n0=GqIFRexpP7mAo=uBUG{J^v}#9nF{j@no)`p zP_VFs4m)K18bJRWqw>7-&&eV@#9)C1EOly0{_Po)1jI);uamhQe0j|6KiD!ma>_Pq z@B_C&*xZ&7m&EGF_mEra@l+N5`)4+jOjxEVQZ`K!j!Gj^lb zn;E7}_#G`FM)KXyzg1uCyPribrbX=Wt@wmjND_VT>bk9Sp+_O<*+mdK2kZ4abBzm) zXIG9+8n?CSC}s`Vs+`=1O#bM`J7l!Tl$^bs3=`MY&>i7mZ|JkV-yW2Hs4EscSm z#~r~8{ZF{yzvH!;n)1Vvy#tW>X-nv#H{ zqTs z{-k}wdc$HYRDLXcOv-U#`*pT*{UW);4w3XB5iO1)dw#zzN+$4d<)xvUanATD!t zY(NDCO=ajI9rhVF8*2kV7I+HCGd- zAb~*cixTi~)X_nnhgqVRv^CfZFHQMu2mBW2c=Sj7mRk84d!yXuFG8oVuqHxd+}1iA zr0V;;56m-iUpq{P1MgK9B1E6BcY#eWns@{}q9n4~69jTh(kTg9IIHog3IX>y(-_fY-T4K1aLL|MB7-5-bA^%EJ`{Hng6%T%;8+ox= zExyyKE=itR&6u_R(GmXq2`hu~*n3d`?J{ys>UD-@`8Hd^|3LCaD3@Ko?eh_{Ez1v$ z`}stek>zu8QPp5hm_<4w}MhB`EWy7);5uG$WW?V8btI3Dl?#*z1Z-R_Jdf=D~tDB-hbbJg9bwPGR z6Kt`#m;9G2<~tZR!+B)=1qT05;QF1(Wy>LSrKw)Rab~6s4{yyFeD%T1I}pFhQw^5) zUvSUvMlD)zB12C_$~%{`Zl>m137RvyGOSUq)xj0} zNb=BSQeU@7|EP%H-OJw-D!cJ8z>Do;d!a%l zclRljm4Zm)tv>>h{L=f+uKQCVa!=!gi^2Q&{{#y^iiE3}9Q8jSgISJfHq>fmvdGn! z*)*l6KmpJ>=x(h-oJhXtQ==gLDL|9jv8?D-##reOq9mK-)gL+uu35w7JbIMmGlo9H z&yVB%kd?Ys4)BROd&u0kgb`*Ed}-h4SUMJbF49AMz?Fo&SBe2 z>o`p#Io!kHRkZ;vS5- z`n$C$-P#32W(yM5Xr3>|@pU;Uv*l#RJD=1SsKx(_IyeJ37kG^Put)r>s2ck6?{uU9 zWM1xENQkvipXy!>s_mbIWr+?&tsgz<_SaQI$3MRC%=eD33;t0Ku#&m}WNaf_)~L)A zJ7h@yGU+OzE9gT^uf5azq;T*&xyd| zrns8om4heeC%H@SyO1~IPI3WKX`d_fx0c6kUY{o#-0`tNnl|-t;U!+DW$U!WQ{Bg5 zw9IF}N4P}ktDl~?jr5T@3=@{FBP*XNY4w)}{F(>#3Lm2k*9gaxC3f5SVyi8LpAW+1 zruH7W+6INfq@mfNRg4T>`#!fQ_=?5DY^WeIu{ zCkP8z=kVnz)>UFItmyw6Qh46zNrA5ZNXs_zegwa66Bqe3lB z^9iy3p~xU4oDugvfb*adxG1VfOAwWRGz5F-h6U7uukJYp%d8s3Ef;o_?1XI2tJZqh zGa=D(w%5{+*bQ{mez+nD(-}$-4CZ2}!I$^ZhcV~3Pln^-S5vZi?(8dn_$o(OC=euq z&61ActWEA)hjxTMUUybE*iYPWJX&AY9er$LZOx^AJWqd!ytr!4B^Z zK+uWs`Qpy{5_}ZKcPX|pJ=lY$Ze(6st8Y@H4<#z}S4gT$g1et4!S)~5$j8!xo7YVQ zCH6@NrJ{;S@U+4w#m?XPdx}n)i41cg3QwzWDu`}^5c{W(@GnPULr^165>Mc|{gtq- z2I85W4ErZ|{Mb@S&QC((TU6uSl73)Y&n!<206SGAQC|v+yY24KJzXSh%lBnkjpW}S z$x3+0I`$sxPNGlMd91hBMADD>j;q(QkAafz*XNAlbZ-a2 z=F2(`gejReadLRtTzTV6(Mllma^sQXap!>3rY_60$G^_PzI>TT&3nbQtE@F7^Va}l zi>L}_F3F`oVaui$#}}5Grck3L2A2rtnc_!-@kg}S2x=FMSWyk9&igX!{fY4Numw#h za)8<^_|i*@Unkv9vO2um$>*$l;l9*Ym#t0u?_P2$2N5uuvyJ@MlhIbMzNsgFoj=xm z5e0m5ml!7M9~Uw8xf79Sj>phqS=UAgjz}i?i(S}^l>am&CQlbwsyYSW;|DLGAMUaF zb5{wSeAOeYOeE@6;I1egy6Au1cpXSVbqzJClR&cRz!z!Xw=i7mMIB~6$<#Jk-@uM< z=p5w*DV!u$guwn)Sy-4iB3mA#S9{j93U|R)c#SC9kmj$E$XKeeX***GX+=@;qow9? zo7u<<*YMa`TGg&y0D9i|I0?Qn?ZSK++X{x3Y*~KI!@N~~H1DD2Vp(ttHRo`NH1ii# zsUEc7C_nBxt@6JY?FI2A%7M?QT+p1KOqVk&=3Ppz=r_pZyi^-IYg*~drcap#ywMdq z)e7|U!_CnmdDyR(i)c?8Ndy`FEF2GFsd}s=Q!2mas7ltPQD~mS&RRayY&4AyC~6yL z+MMhqp+l~AQVdOh77w$f!)ChV%EU52-d zcgFWF8M(Fj=chLB>#kH@vCqA`k&9E~k#e??ot_zEyOoftu;b;vcL6cE9N@*4x9)ii zJ`XU#_i=^kt#IVRRxZf+;DD<&EOWTscqC=*oHjd*5w&b`h;N$q9&UoS;KJU<&h~h1 zk+x1vfe17hz>DWUqT9UTGz(V7orc*)DO{d!!^YVQG5Shbv%eCiG^Attbn{s}a-%#~IOdspNvR9BYbMUb<3A(tN|9LDQ`3`5_MA=LpeyZAzf0i9x zmsZ1HE-Q3|9^@y(8h$z{>I>808&1g1%ya);pv^pWN(k(~B#}*mi`5E)5H84H4)UA(NmAKV<@xRGm!JLQ#T4(5=&41NW zsA&)HnT+2F0t5ZKoS49nq&a0|A;TB2>$=;fTr@_c1PrZ#xiKi>m-{2!iE;GhqXS!E zuoVr=Z{hP_x>YM*_BGOAB}T=|b*S>Dh)wmeqJ?)oVRaF-xMa3>>m(f9V5lOcp-DdEDKn z^{zpdmsHvf7V{D1-U|(d`Hrz)`oQSW;RH5X?ekm)y}oYa-+VJ!1bPB)5KX9h68XuD z%2|5wDp?Pp=skVfHV7bKj2%!?YaDys2LoW4oNRmGF{6^LTbT-*sw6hl-2uU1a|jvU z`OtRYnAF_o(INkkfg?G`p73zdF7DcUW7h1LaE{R#E@I{tS;U7 z;gn>h%wyrx55j%Z@R&xExMtV4ws;KJN}@4u3`pdfMC|MAMU@`o@8fjIV-p7+k&i%m zj*+6R=*ESqW2lAcAO(*kIhSa_lIU5JtH_TJ2DtWYOD-6lScYQAvD9Vzv<~UWf7bq3 zLzf1fCR-1x$b(rDvF)!&;)Fr0C`XNVXO%{-Uw}MGFx#CzB`47AV-%>Opt9Sx!^g(wGqT;*<7M{x$>Zr@and|S`;LHspEXIaQ-5@WKbDhofIo2b z!YsqoVK}1f9uu?mvVhPDV%JHq&h;c~+Mo=Dj~%fMcheTRI_wi!CpI--CpyBJlWb3k zsf%|p2Ox`^6aZCtO_M}?@b{BIW#EmxAK2q2je>aH^(q<00d5%`&eNydk?H=3Lv!KS zsm3zbRdomRU#1j<>5Xj9hS#fTGN@9F{KN>>T#GMhzvZ8kRmpX}k6J@{jU~^B$kd7x zPfdhuMjZoTy=D#g8Cd$~HCwC~Ntnds*56I}1Ll1OHk2Kn<}Q`AmRSACx2r{y#kb%} z9W`I;Yh0l{ouc}n*~X6B5aC&$w)P@EkO-xP%M>v@Jy^=5jD;M&VV2@rl41n4^66>> zhmGuyC6#B^or6?RZN}zU_g;(k@D(9;8`~e-F?g9GKG+#{Xr_<~D3l?`%HCIa{X~`H zf0DNWxwUJ#7w2%nruhNKyqiwh3hL*(s|)~B6Kx@$xvx+O|`WIv1T@ zj~C*S%>%}HN1mqw7hQTA)p%3Moo@06;J_D?FL4BDOD-92qYmjdGyboerDb%muv2IE zI2%YFVNCqb7>>gVtsXn4DF{4?r_=Vag-igHxI-LBA*|JMxycV||nm3M^ z>Ga2*F~e-qX!yFa_s@J=c}-i zUNy%qe8oAJz9&^*0sP`6WLk<99vGdm7-u)w@b`9}mLz8>!LEA8k|kTO5VpE;@+ELI z`L3aQJpZ(4EAKV9UR=zp!L9-@xM+1-k6kcrGfI|KJ?Ml=Qd@Zz(P@#hbEFg^UVK3Q zvFX+_Llkf8(=0^5*Q=jutS0NLmZr{Od(4o1lB8}g7)HO&Vg;;6o?O!{Rr+s}|5@qu z3CJUsJtyH8o#$6aP!r_MsDbGR6`Y(>s!4|bBG=%akj&_-Z@o3_?OG1k>bJF+QM{K>GE%}J zWSh`TSc<1R?}};9{b-G{;5sj;`T$kNC=}q1D;7$V!A$5Y1!T=NoNKzXS0i(3k4+!^ z#l?1YJY#9f!e4v*HU9g*vqm=MUDFD)AIuXLj60XHDqXz_msv1hs=~b1>H)ejBR_13 zg)l^|B74A7oZJgZNqk~R01T(u3({icS+yfBl+9DR54|ugl5&W1GU_3(#bYG5|61{n z$3ax7uSS$uvbwLyx~s%w{gz+;Z_Uqt9kE+?hhZ_s5&Be-+^Tk5^Xaao7?TFgv8CK( zLcS(!Xt&g7F^NzieJ-74j5&9EXpyZvSw*a=7^P^-|j5V}pQ^ zWb7mvGKPv?{f7@hMeDJl<7N{@)Ru3)7UVX@@AoAEd(v2H0LKDJa*) zXRlPTF|_=q8ak)H?|sNSoZx1kU44jFG*-re?MC3mZqERNlyxcgzOSzgp&oCQuyOpp z?W3`4fTAxE)T3Jc7gb@H3S)Ug1*+^WUa(DJsB^dy!YDm>p-HeufcBx`04NXV%j}Uz zH=p@fA(x_wH76K!*cJ+G*rpMfK)tWM(gOMh*)OKP(+o6W+WD3TcwXY)@WI-Al>!`1 zS%sXvw>H_VY)82(+>;by9}iah49TxGZ$meiEn&YrdgKGTq1XC?{AFe$s-4%W5)E~c zG*M5m7#f`ek8$^@kWb`gZSruDz;jA10{J{@Df;gS2#{1B9kWgX@UhQK=yw7}AbI;B zO`kRq@m9w@t>Vf+bBG#sQGHTx;v>|ji#e^(4@xKqE>(n2iqsm>1=0wd^1D8V9^ZhJ zxpOc37RUi3BUITFO6Tv)#hxRFX?=}R%|h!rbzt%6Whr0^5_+8w6?U2#GUQ`VW_72u zjqQ!sGYO7dBu-*aVZ({AyhcDCqgjfgT1xi|Nm&-917%poGqSXAQ$r%J{Qb z8N)Qv!%%v0Hz(=>ra9un&}w`iGLSmzNT3Cj<;HTsHOXXww9s6x%yE@k0zHL8y)rH$Ed;Q=v-(zlY`@cv6A6fFP<%K2nA8sW~R=rdpxio-#76=^k~C=y$oH; zh&*&Is_)9yFQV@C^x6H2GUV zytDXB$+nynpQ>$UR0Llt1-4kZ4BEjeoKWQR`pU1h)%d-i$;db(h@rpb7oTzlnY*63EAs}vo(Et%Jv+z(Ne6RU^=aNn;BH{e_r@8`hk>eu<;!Mb*PM+^9iLc`In z59~FJHL;%QVih97iMu8c=&W+g$=Ck%)qFJvMX;fjjwt`6s=Y+2&F59#uzC$z$DC zrPT&qF8(CwR$)>j{&d7?%i5JLU$URqk2TdW{76Op(V;@zEMSL zy-1d!sZMLS(%jBK>Jt4rQjgb>_Muu7WhpA(jKJ=b|* zb5C^F5^oSplf%Y!VX_kQrn88w15P@evj*9ZYS0V%%n-wWX)AreG%l*x1!X@dYmFv{a)zNy$~Hy<)JlHK_S13q*Z=Dl$? zpo6j@1KU&zIXGL`mhBm$LSuxPNFoj=&)0@&1#r;a%y){lvq%+Zts~}a(U@|k(LPgl z9i}uHc-**u03#@*jt`aHpMQKrP9Gq95Z7XznP)S zo4vWaJErb6khb2HTl7o#__^W2#|vh!(voN_^Wc*>*Uex2T>ucJM3b2qEjTKkg;9zJ zF5dplLn}v3DhQX_GJ3!i}aFyKKqdlhuHSffGW9THRiIGB#|a#GYY6JQ8|V8Z#$HnrXVdDVY0!;S92&p`I?#R;zS zW-m}Gx-DZjduWXOAsP>Vft{IOxTqGTECRhp$Htk{SoUx@{4<^z8jr!MoDY zuZ!rJ#=LCtvqjyb>xi}~P}5;0K0CQmpE*$UqQFO(q({^pRC^Jn+F088#!n{a4Not% zsG{zU`Xijq0=2wnFags`S*-dNWmDsIa2Jk158HSO55F*%Dk92Q2M-lO2i>kN>ee6c z;@H&l6N3x9bkB%>@@e5cB41+a&Q~fG6jM%4N9TqBPj4+M*^J3ovnyOT_=#|X2D2gj z3D_D|fx!ga#WOLq_0Hb%L+bq$T;|WC!R&0~R`=fR!V$Iv0mDeUeX^t4FHp5@?c949`Z;k*&thnhXPvCy5%mqIRv&197DH(X!#KGMwnQNNO)10!4AY9zV+~6K}-B{ zAYl1odPTq)GN!7@HiM+;bW>iH;_h@agQ?j(x>?h7;nO&1N|YVlfxu?7>#PBjn~Yte zd$Ae5p-=1b;MtsQ_E)!u(}{$m&~{P!D}NSTi2(*O`>A&>x#_3aLn_~`+CsQ2Nt1pr z87slh3}N|}z`>=G#$#jAQxy@lflrP-++Vc9^i-o z*wZ~Pr@lPgArSC+_ILXtaB@k>%}+!{B(PI~qG<*uDT-_3U71er&|0(w_@3xLrP2*uHaUy7$w(7yc&q zgX9hBG1kKAkw@0G1-9sFdmC-1d6?r<#FiHc_M z9YNyxW$LeMzuaf|*$Q8gdtIEL(Pr1Tks}VZBdl&!C(38?21iLp=&3hann(MbXW%j1 z#wl9dPz|hu+LD_dvXDWowj5Ol6=cLfHUj*?aWeaDECPI;*!^kJ&d6l<#zi8S`}SK^ z!di?}REV)$(u4`!-vJA|%mubyaEh36NM4fsYbhnG2u3RF0dbnHR_cd|<0-391#gbVRcuX%PFdqM41Wr$Yo*Y&;%=qt_e?e5~x zURIE}27K%aIHE%{6HbyJ-v1V;6gxHN<+A58p5_T{drFPV^niDVT&4W`te6!o)>HR} zKYj20j`$dHTEU|sx8Vx&pMn&dkLwN5iYnoIhYd6F&YgLS+GTEJ2Aa{)r82~-(F$B! zdeuy>QBb$E4-WU*CP1f`3va-8Whh0-!Cz^;ODHGyes#ZL@ifCGQvOc%XVi35e1;Bq zB|%H&VzjjR!w4fzC9`k<)k|8crsG{Un~UmsmN3APNbk1O2Xj^-gUSfa;&>V$$J@9x zL@tZ9|DF#1IVn7b;t69bb{{D=Z?EMV741}q@In&GNoP}hWOy)tAhkhyAJv|Q9wYLk zux;New!3;i^q0)U*Ro|arHw@_#}`8n{-dA)aYK`yJ4&NH<0%`T*w{vOQRpse(A z&=1YD(YtK76h&PO0_4&kEC7N+at$8?>cYhk%3<#@(Q`j4B8$ZeHsrh_2CTj30TGZQq3e*OC z^pKv$Q`gut+@q7VNk0VWw2#2)hF3)C8UTS21QhSP=0@mc9U8^=(5C6iW92ET@D1^X&d?f(p(vKr{vR-t0>-j=H-_Qjz-q$?Q*i={sOy80ZyZ_WCriRlo?@TH3r$#aTRG|? zZ6ae{!#<=I_+{C}efcZvbM+upJ>Pz){HByjie4pKrok=D4SYQwGlUHum=PH&DZu?; z=-jDUSP`cbjp4n1Qn#XCDO^jJI~pG+XsV2+r=kA+6b#29?p}^{JAg$9ZhRcfR4Z84 zYzN^KhV>{FP6s{I{@V9mH#58P{C5<=mYqS`%|m6cKQz+~ekOcN z`bz(z@GgUVxj_I~6tN6_<_nZ-uLO@N&&e!=sjJ}l?-TeiGcY7lwKP^65 zcfbqP;Zdo_C8F6;ON29w89R^?Wn<}D_uEv{;W6!2(q!y5>e|ii*GXbUpYAc-{`v&i z3M&V%x}G`+QZf)9+pLd#+P#}A zYcN-~^r7aLP5wTcxJV#g!)pYwnmQk}joi3<7i(ldmHIgPU0kk&L8#i_{-}FPWF)js zmu##!9c}{{`nBq4aYZv~xBb}hN=8MxrnY+C2n0XEY2f@NQ1$mxlndt(142Dt;a(rY z6T-h`$4q z7_x*c180Sit1sjuUc=(7g5hI7+bhFVdG_tHO~0#t|7s(=m|mHw(rECDGG5P{vkZo| z1WWPj79;npXTtB2iiZ_gIx(-oU~Mxf5osk8SsP$Bg-WumgR3IpahyuN&NaPINIp^G zmXlTG=Y5D)1KI>h;F2cgcW8Ao-R@Kt1Ka9q4btl>cXOl|?WzUUs(EgAgP_dL$`YOV zur{7hJiQB`wpxc*a6Rn!dpgK~%$qKjn-tmR)|(3jT@UE=A%iU!je~ZH8+Zes7r8tO z+6_-v8%Er$4}ph(;J`%AR2%V1$PdTbD^gW-z8qM;W7-_34gGjar1;)6 z^&oe9LEOJhdKalfxY_OP%}Sm_)VKXHbAx^Uek2mPGnGKj{W z!gp*nQ-C^3FC^8zaht302}pp0!+ozZ|sx~oXIP&`$mbGxklc^FTZ^sf?kx5`mfo_f6TWwBOX-1CmeXve0(Zmkj z^eBMC&B(PJi(?6?VI`$mCF8QFyE{1_w+jmYWsP5A8fw{e+*-Z(C^)NIh(taKQqf$3^7E@ehu&c z06##$ztZ(k&%P^GvZp4EJHB_%`t_gv-eF@hcKF4+*RMbN;vHvipZTA+4Gi4&fqiJqtlNLz#Kekn+J%- zamleg?B4@qUp%^A5+0E_-ZScnNav1A9Lr(qz|flyY`OEh-7|eJ%#Pi=rswPW1wfs5 zeI@j}Z$7dA=)mJMFe|qGuS6lX-%vN+^@*)j`=Q@a+nshMi(ipa7Gu_gsQ0Ox>VX{% zuoHfSZpgVx46jNEuZo3RHIk>#*@2y`k*n;-Vx5bTOqb^nqNXMi= zLqIwu`}lx#B1#nbgcO+e$K{%AIGGHeE6cG!I+^6m`Mae+Kw@u)>s-I=i{6iZsFkzq zpYYuVbsz`LRk4u5rYB<7blk9?WL_{P<08y9V~3tPU>9}Py-C};S~_HQ*- z<04I3h_J1FUl=DZh1$4CxS(?O8xIVR$COpk(XXz1Xzoo>(nEz17iKq(>@n=03pzZ3 z3lsT=AsCOm@V%8TW;N3bqZ(z#nF-j_b}~0IpI~lbZe#w4`D5m@#AHgHIAg##Y~FPM zb#1H7(iOXBQ5)A?E?s%kK`iSvOIPi^9n1R4rK|TH!m_ny=_C8^z_NAa;`9+H*=QE8 z{}ag9m5Yrr)Zrbaq&;6QcK2m6r)%;I@F1gQD=$;;{Wbk?&*pOR%B$gb1f3bZWoxsH z2f5bHvb9q#jzOy}TcLJWxp>n){B^?9Iw8VmpmxvAPIMq@9ErNC#3Ix}d~wAd_?MtU3G$X|n&N`ghAH{P#nm**~fN z{Yz^i5sfAit=mYm{nLfNK@zrqR{isij*?BIv)mzbU45i49f_p-Tk0>BT4$cW3*I|< zES%tz+3x)G3ClhH3xBOIV)|x8?b1y7uMEU-AK}NTk6~J+Q3?vzAxoJ&Nu6GmV zbX&6cS*r&6jR*SuhGHMg$Jgq@v99ic5hvD6#gLpbQ`C5Q!E&gFYNMPG(`Zhs(p`@F zdUa6s9B~*iJYTu^z7AHE-^hM^YATgKc=w|_&Za@W!LJ;YqUp1_ZPVAL^0Rk8w*3uR zHQpGyZTD2NXB8)K!^g&<#3g8XjT13Yl5|bl%#8Z8{q5R3C6RK{5v{mM;>e$m4Ri$9k^XX&0yaUHB*ABIeAT@w2P*Ih+5>+P)MtE}F|AL_WsY(ten zgb1a!99Ta*yCr3yJaOn1`zMc`w14`_A*V7#B?)e0(2KPwR~YPG(n@2f{*%_5k4E#o z8fi5!d-rdxUAwH`Kz*etUKi6;U-#!c!`(p7+ff}Ctf=GS7y=@Gkrr;O+2(8!6>y|? zlg2)#k>>er+Gz7GND$iwqSL&K>O>yk2{-MW;V=2j24z#?RgKzQ<+~YdRh#D8Pjzdy zi-5GcQ`@A$vq>}i7?p`wz^y~{`(|n8I;Iq>XwvG-rFtKAO~=XWFsb8uh6a|ZFI)9A zh!7eE;wgN6(6J|7;XPfegc6nDrZFI~9ra%2={mI$NGx5<%0lQ;>M{vTlFyMQop20} z4Op~l0~Q5-t09yiM?!HUM2;jv`EyV4V%^;Q2Hkvz{Wtb&ddInZC}AJQdi$_bU+;1K zt|vtvhw)CPdgdnupJ4wSB*BM3REf^r*psp+HH|!;>S0d_0bwy71;!liWcpz*y_+fZ z(lgL3hMXA6VARqujYnNion&1AiOrNf?=D;2GM?61>&v*Gp`Z5)``^05ap*Q>tK<2i zSo4n6_yez?F?yfx63(1p<|Kor98 zS-KOSrQ#K!Q6a4 zZ=I174ZPeSu&+Vs69zjxXkrK-bC5kYxRQn{8LGK=)Bs^B&=mIE5e~P`e>2qfxExS1 zjGmikgW<5p^|tIkUvI8kXQFv}<+rMh|58_Hi_mV#UNTh(}NF{ zep_=1g>kx}5gqpy7k-0J#}GKx{*dR)!SkK5;ht3eb^pPq)tc|vbMQkBaZ0s!Z-$cH z(Ye>zx7F5pL2W}_-n&0`Y4rOjI#X(@>dalQV*EzbnfqKoy6c)M0o>`i?u83wVO@Cq z=Gn8RKT7)4mWWE$>H+in-!}tM`vo-;3EJNxQz`bX6jrPD3(?fPl)@^N^f`Pm*~Is7 zGtiHwiWlzUF^0Pei3O9*3-`>5K_)yZimzxR{kZWxA6-#-2m5*?NCtGDSw3q9bo-mo zzo7k1=pXhMTVLRdvlyl8wnhI7zgcQ*ZbhauP%Z_i6M7(op8*MI^s3h;tKJ#y7sepH zthihiZ;jZcznX{67#Bt18aDY+ihXCyVaF5W?6H@=aQ5igi~TPiBRAO(xIA-jv*YuY z>%`p7C1(HuW*>~xiEtk(mqK0|n}XZf3-7?xp`p07})0=vY{Ai#NAQnhkmUS zJ=1|OqQ1%Kpl>OOE3>o@WD%EGO278d=HPJ*Gv2 zJ)hkw2|^7UXb#ngtLi0zOC@=h*JBe~$6GwAM}2|&V`C&6**|{%za@sV5qK|oaNn)D zZFi3GS;?ok)SzFKL=NK) z)fJapJQLm#twLLy%f)%GMg^ zRGHe*Qs)8F3S?1TT5OT=AP_%9oADN#!|*$-6xBxfy~=w!m0ugB3Yo1NyvpfinKdo% z^O@QltjnD4)-m;m;xy$K)G@iL68b&PR6H{`D9xX}nXIwDL!yQ2?;0Kb3CCdal8c=;yAWUgQs1^ICnws@9zle~dCCOpe=4sJ~1R%tkD zgGi{{RA@{ACmcl(qXhN)v#wrgop| zcb6cB)Knvv$eBEg-yBMsyr*6$c^W)Cn@U9bG!JKXCc}D!Q)Qv6kV+L+c_dX$hS@|H zy~W^xSPKmvdP^!9>Cptv%qE(2t#SuBsig;Fv4M1Rb9x{)dL#SQaI}@@>I6>lNwIW_ z_i&-65Eo6bl27KjHG^GsoE#EDY1QLz5W=lGUn{XbWl7T*H1*0nzj`nyU{f^}^whJg z*dUCB+H_tBuwuQC%&!FTQ&l)gYmivQCv#k9x9RcJvVLE-Lu9!SJh@)MyHfd;Ea$H@ zqI&eg#@m?1Wi zTM0mgdy-ieCgQp(*kXfe?Z$bFmw>HSTLWB^7Uno38RI!`Fu;kh7q^5YwXsfJsfwD+ zvbmw2T3!rGvC>ohRRuaUJGG568khhnrOn_TFYC6vU`z z0P%pTHS?URHF2RR$452{gJi_9?O`sYHL`p(ruiCGr)k(9)HI$AHHSI1o#i7N=Uz;Y ztm{m#TjvUzeF(jN$3~XwAYwqbK7nzAtYo>Wix^+fML6HI%aw~);$bapq@{RrBOXbt z^p;i)4Pz>&obKuCUrVWfahAgH@dr6F2E%S>@FTl5QM`+m&KnK|doIsZRQ?_y6nnET#ke?~-eXta^gFCrOf24rDHBh1Fx zi+Y=h)aKn3tUVohm#n{Vfpot6;DhfLe|*8SPJZGWR-b6J(6p&Wkm^OlV=qvTGG<0q zzeP@5f1H`w_rhZayUQ)GW}31YMW1!%#X)(U=ds`FethVibCZ+j-Z?b?*XJe~dVeb@ zOgsy%Q}6`)g6W?xy@=ErX8*TH_N>pJeq-OMpQq7&kHF%y0LI5U8l{<3#TwqO$)2F8iKBwuggYH;CLF!k$qyn&@b&IfB90+zJL2bvwF=K-E4unntk{(+F0bw z071sX^3pFZy>Yb+Hr5r3qCFpc>B|4Ydxp8ik>Rw(pBqja(As)*&3f3r)T{f=U*R(r zxW!`&52O8`fn^?De*79;wM(PMxe)-|&J;m<7G3@m0Y9f}Q) ztWV!^v;-%X8%k>4jr;kF23yCf4LE&N$hq!CZF!u}HSR>eK_NdmbvF+D-r3I!uX=)O z$3K4x&TQlt>FRwaVfC=ESX+PKkqSkpjK&x3sVWaTL?9$7@Da3r_;-+5IN;+v~ZFjWkk+YW0Jbn?rkYWcE~9?x?@ab zS;5CP`RK7DPoxGPPo+++D?S=Z{bHpIbL#R+l1M#r^2tnK*PXo-C3|eE9VX5pt3CCB zEdh6TL!;uhdAmHci8i4A-R5#l`dlskPA_$ZIv!eMl0>V=A`kdnYX_4Nx0=}(i|_8F zs%)W5!qw&S2h)A=LxJ&q15TS@ZCi6fUKwaYkG)^=NJiga97zs0Da_&H($=R8m?wrE?@fKude(J?5@i0Xv6zE`m2|IQGDYcaMKsKMT=ksVKDu>5$|c`7JaQP7C*Y-;>4!SAW88n znr!Xh7Uy{@PqDFu@jwGAv|+PWLRO7rN!4ev3YKLrMT3h-B!GR z+uZgY9~YIqEb8#@|MU^)=0kig+K+xmgj`1w{m$|i%{FP}PLPC$F{NoPdI!?|y`iBg z*w@c5x|-JB1*@~dMS|VBccIkzcSgODj;Ob@G&8IDzcdS>qFI-P7c<@Oi2y0TOhR8!`TnrWe*x4v>l10kc z9Y#m*NcXliid-kJk)u1u)I+k`?F>#JQE*Ah3ab+J&}K~(8bB0$e$__}9zXd+Ca`;| z4+&7SHC|`t9CRGXRv>_6jEuNqAPBwj2Lj`Jll4}MHIND|9Sx;SlHKYRcfHvPW)Yi9n={4puX#UYYEDXxD_>J-O>}V&auknKk1> z)Y92{w`5=XLwfCa>bYpr)j)-)kjpg?jnB+SBYS2>1c%2{C#;{@qsHcE;&kZIZ_KOy zzL6E~;Xc1Q|BXkdUpSVgm!1(tYK}@Ddto~H@I5PBOW&n}t`+wj8`$yLbxw6~#O`*B z!-J}G-NJIdA#)CMWQB-MEhZGq>L6x+sn#;8v@Ew;>{TanoCTAHe_{U?#GSVh8;OTXJ}$YC3-^b^ zP}TZE)(=y*8!)kuUh^r8moX`A2Y^A-ZpPHif8Ikgj_)=JR`ZZ+kjA1=Ac zK0CVqozZA)bTk$nWrUh<8+q5aSqr&OVBa$Gk&(EMt9_fbTsRrs>0|6~vcfHXoBed@ z+R^JgYY}RwH(b1NsRvfcW63SCNO2Ue|M0PsD}0=XH$v8C()7MY!eJeu4#Xf4Vpk{WAs!@y?fLfiPfr*9pO?4zK+qcC1?RS$R&PyS4euXwN>cKOE7(f&3SG1vV<}msy5+E)*aTEk`%LzJIGTcya@0l~FIwC#;8QAyN zBTPHlvL-EL|J=QI9i7A8@Z3TI*&Rqe-esKVUR9u}FmP zHJGi)&@vVOgp!6wIzv0WqT^oHt>7BU2AJrcG;6XXrnyAqW^8Ya?3TE&}y zB36*%4Im9K&M4?6y`^|!;9-%MBm4m}f=W>|vvjEp8R6U7Sph-vD#`1p;;$Wzlw3#k zK~PY}Azi=Dh4>9+)CiN4n-Cq#$Pwf2W~%saCG3c$FsGv>M+RS5v^$z8sg5*WFLK=I zO?{n1>+9-E^D>%mu{ns7D8o2vdu6Gwa{`n*AIo`~G5L9UKIV448X1vF(kewtQ1+-) zpjShq8s+0i9(pwc=Yd{LcaD5Jm>g&?c93tQmk&c3P=lY;tu1{Y^?tf@(EFhhygmn? zTaJT*@4186LTn>W5cw#4(UxF#D-LE5!+ClOjz>2`Lzu%2VXTlH<6v|{!(G042o5*f ztNr<*W>_84L&F(LBE1m}g?ED^x{%wBn#Rx=662~^e|i%{>)s8tds4>~wk)zJP&P|>RP8>};6jSj!ZA~AY2o^swDzxx5$#1N$p(81Ur5vNLPZytX zq}C;^d!}E%3149=@g$L-Da`?FDuDjcU&tr>q12OW@mzM!w^CJ0$TyKfRz`}+Jvf&c zjXlWV?!qIGmWd67WPqO(1l>N@vjL4bBjd4Hu94)0*LbVwiuX@zO3Nm6$O?zrW>7UX z2D>2KIve40Euq_uP^k9sBu?3A^C~h>3Tp7fZOBN23e*(S66myy^;N8-LiA?T3affl zsg*-j@z3ZQZ`;@34g?t5VmJB+`?_VRUqXL!ci-BTMp2-dfdBPNiqGf_G(;1T)gf9^ zjEd|Z%g6zWri*Wm?!RUDawzv7oVHjmek<`%hqzMo&B~Om$!7sfV4=0iM#-~2F<@68 z?!R);&Lw>Yb1WI7Sy5o!qw6|qSl;03cJ2QdkM8FGoJZGxJ04v>XhV)zwwcd0z~lmp zLqs$-U8UuBvgwwyqO^n$EskCK7@O{l(N6wW>=((8M6u2=yODW*z#@38Wr*J1fkNioZ@sc_uZ32J{bY4Se|}iUl0n1hx(8 z*Fh!0@YG(-?+?JaG#Y}X25Z>G+H1v?PA979HJ((43XCeqD)3E&DA$1G@EJv>iZ(E` z*?<;8m2WWM8J|5oH1a1S?j5hr(ek*D^2AKmDwZW{fW&6NCl9$24@G^Wipj=`0jpKw zIj6~Gr;Ig1jlskkE$%yHd9YcOtinp`j<1|Q)f>7yv&P{x(GqG54tdz^UOPHgi6Jxu zGoU!8!c)k5dXOj*o>u58hl3CXPH0Mg)ZU5peDK?0*EnwKP#Bs8Z?-0TX)!xB6G-6w^pD8{>co$SV$Nse31QVeTigpG5%mC+{# zkNn{47kVAhpqqX?dT7st0}zSzG*jntv%+1o8P?Mi3EHiz_{ZNFXXU>2eSv6~fpuFM zp7RBKW~D#iR9%5Tc*5BboZRCPA7`tIW8wi$h;xx`02iRvN z)*6`kgE{s33RnYCn=5xBfwK`f%ONZBS#vB~Eo6;I+(3iLnQgJyClK63t4Ut^ILpm> z@_Xd>u4g_@cJn3jy`qnPsbb#TLd*bC4z?*aYXx|BnYaq0n{EbH$mZKC|I0)rC0Xh$ z4Sa1SU$6$qttAkE0$iED0e=)Dx63Botwz8Vs-EX$Zm4j?y-x9sE4}yloZTjxHB?p6 zKF%LgxE4VSnv5aQ!8&twa5{+u-$jYK+zzN28r}Mmf_eimI!LpPS|Uyx=x*t#)pu)t~TlA%WUivTGg`a7K2P z#151ADqg46#2I%SOB4!XszD(BKHzt(}R{kbx7bIhA*r+^Tct zn3LgyW1QerOrkfE8n*c_eo*|yqdzDXJi9_2*c^mjPN z963k2S?Mo0WR4gNk~(2xEd|bU{R4<8)B#8UgZ(SO*Bl`>AWd{H@gVUz;?IeE2)-^} z$li+-(gFy}!)kV8A^S);djQPu2MWOQuyzRPJa+WWC$X4ooRFhP%rk{-hRf|kYx9Nd zJeNCy))orc1rBf%K|%jL)Cpupf&Y0uf9cbTz zkaMg>zX={<*mCzm#uUFnXIFrgh5ceWEs(OW$yJqor68^j76XrUP#Goj8j~zS({5saPKxL6TEL z8!aY7_dS#2q0IlBoc!uUFf(yaHyZ7X$Wo<7)}8oG@#VjIr})yZPJFcR)-U%Aefg=A zv#UF2PK>6%oKBxlU-7`>t2wH z7$ka#Jw!f$bKeR85n2UQH4unhF+yb`(+}^`lt}v*HUlRwjZf zI2Z0g)mqn#gYAi2RTpT&XlS?@_x48oe3?+TB>B=vt} zrX6C_c~^io?$7`1gxiOX(PV()$lw1ro_30j=iLFybh-FOar&2T|1T=<;_1y$htJD) zkuqHFh$m26+e}&YGO|mqW~(k=dNZKyuFCq+{*{+=wP?TbGVv;1WvpGPmL^!f0$Z*A z@^*>Os6^v!(U|Lig>6~Uxm8PyO1d_U$MKV5fsM?+SobA#FD3R`|AjHS)wRk;>Cye? z?0i)o1{y&5j#oYUb=u8c&v5Q4>Wfhy^lH8+sg~ESkPnLik$SIpbhLK~nSNqX(_lt1 z<=?}wyh0@a@aB52c18KhDDH-c?xZtPMjk0#>gLh%MQ=SnNj1d^04} zA_>xF_Cb(P3p7!75!@Tti%E4v;Zu?Ez$3G1vXA`rL6ZLHhamyhPrR}ZqX@o-+k+~p^=MkeRq!f)sK6(4D3HWGTB%BqVbMM zWYkzZ-8-55%`Lm`n5c?<1K6 zrqd*F!(nWSRXA%&RDtEUi33N&0FJu@;N3MroZ*QYPw&@1YSHEibsTCnxeoSfHhdXv zEYi9vi$B}JEvg-1i$9MxE9UReKJ-JpS{2sOYDcLp-L$3gVm0+3k+%|27=;JisJrfu zWdoqq1CNrf9QlMw5aP`7h^gT23Y%G_TpOJ780k=udeb2{?fAVhZ#6S}=9ST*{Mnt1 zfBfVuy(3xl3k#XdaZAyk-0{y|dSEyC#jPnph>TdQWOw=- z-~0KI@u%)fB=$Zze)yN)e|;pid2ILYvB@==H^2LX{n4#MK7VRP-S__YzV$|GtJO*l zMXVLJL*# zB(Z&obrIB=iKkDCQr(-3MKJkS2&;PHLWpUtlZD?uC9ZJ#n2@l#dzIh{m@ESG2GY|X ze_SLR9d9s##pHJjtGeTs5aV-5_EWzv$c`3$NQn2uEbdm5U}4^LG*aD?c6+a?|+C}Jo31qtb5AbAI##+l)>TVmN=!eY~BPkat`IQcwXeGIhl`-MDPx2J;Hv|@6*973X2 zl?HM@GF0q1HWGUg|4X4H;pMF6X8CtUlB}>Gn^+zf9o3HBG{lj(#m|usgf_!?JrVvk z>tbakHhnaee(d?e4%1|IQcd)Cyj;w_BzfF6 zPqZSAWI~H0sk%9iq&yWK*&d|izKj~m^vdz}_8218PDzAJ4r4il#Al+q z)kq)piQyxa@`J1`^8Y0AevqG5Y+;Ru7rh((NPZMGJ5k7OdKjr!ok0+#Ll{|ocQ9+d zMS>taE?t0tD)4FESIFPTf&|?+k0j_m4gfo{M+(^^9MI@gNKmc*$|fv9<84``Ej!NP z7!rlcZ8BWF#Qpgj-Ei>Il{GJe*%WoZF`jeMl%ff7?&e=;=)vmp1en7<}F!Cy2xz5b2Z z;1sehBrTm2NLt!cX^5)I_VC$cEPF`E6PqXD77TyU;aV|$5RUB@7TLPH@4FFE;8EL_ zGktG(if*XsB}{}iG79i9rQmYAS{W%~E5#G5yxexfw^U+ugM+pvS_4P9VRj;kARqXg z=vGp*J?Y-MnmTbD2@fZ@o#a#~l?oLf?LK<^v2^O_bWD+v=zJUG=x~1rk_(d~ZuQ6% zR4CnF`Kz z#`a~@b=Q>%R_pKlT`~&GJUUt-8t5YU zK_^s*(r7G?ZVzh`k{VNAqtqlvyJG!`^oG$pZskB_`=lm(aKq>=Qe$`!qG!Tua67+` z&#erhwm&B<4w^@XL3|c$=y?66yN=+As`ZZ`VG6{u^ZZ3O(cC_!McZZ#v0VKobl#nJ z-8~DtcJX=J_B|D>D|RtrSvKMAzz$LxTWrhju4M^m({(Zx4p^ONlRB2e?(rO#-mBnP zi?XSYM5PpsRVgjY-Fh$T);FPUJsAHqbn8uxigZ&zlr{<+zD>}RN8*)!)aBRS2zsKr zJ0iW*a-pJE%W)(xL`hz@7g*4dWb$>r*hU^tQRA;EZ~`(Ib#A?6LSBq4R&qNC1k6wn2+NtGR(2>!$c~Kei<7_7tv;5!4Y2S^{s-foNyGuJlL=i zErVmCYb2XCfv5ddHtcd2?6HZBrc?;&GpGx0Y)b7L4$Q9(#!-6@t4NKZg4-j|V;`cV zNWT;s8$lgyZ$#~(Og<5H&R)+DXLOiD{R)rT`O?uFo%3pgfv#xRgXvxe`(GMqD#xc$ zG@e8~XgrZ#DrR2>t?V{~P^#+YL5SL^sdjC*V!BuGCj~1p-L-CAzJcj3+m<2Tg1?(T z3Ba>4f_O)eTn0do!WO`2-xizHO8&DoW*f3vKcr>>D}U*k53SZAYnQ!fzb(Mqo2#rv zyLQHhiff0<_n~%q(SGaql~JDEI5_K8%=*gj(~wua8X%G4{!b{P?5c!Xj~jg`AnGU> z8638yPk^xdz}G-+`_M|Fw~UJ9&(KOyw5~#5K-xZBdfL@;+s{0>{9&kkR>7kD$;7SS z*>~eRZ&Q!{8{g^I;LzK!RTFgoCpGEDHMty%hmqm6&;6vD)LyV*r_1;6)>XE3LJ4sq#G!Dpat+o;W415N1{Oz)B`=B=%F4LnWsuG zkd#G5duK$6ict|>m%$1AVbCj-cIcQPX)v-12iSNO$efHa_FmG3=)lo^L62d)5wVxT1rgCEQ}MfcWxbWLwaa=h z<0tiDwAtkCfndsriasbvFqM8f+ZdY&elWe&E-Rq4>BS~SL?uQ7`JTWxcFNuZgZ? z^rD%vHn}K$1duyXdl9{iixh1lqmP&=vE8Pi``Gm&6tf#xB&?`|JoW=pdj100^n+u^ zeo*|o3(ptd|G}|KG|e+Wc}}wwT|?89kw#XMXksAkt(IaaqmE+rXx+u2feW$>1B{`L zr&yY!Yth;0JgW^|&j<|dHXbvo?liYgvY77>I~6@pT5u zLYu6##2DyW9Y+hiF<`2u>p2rVk)lj(3`esDg|gUbLzR_gYzCI%^hlFr&`ZEg;GY@2 zEQ=n^T3877F`D!OBg1#l+8KgL2v(Z}orM-G##*D;Dl$e&q&Yi9Gftq~Hi)#Dra8)J zL6z(BKPtr4jZw8elv7`-k9 z2qK)GCTrnp^btS^Z)Pb!g-Xa`^)p6PVn*~tJNihbma!OW}0li{9MYXf2?O6P@fi^%D*l00;+5t`L={lO>DFZ9H9Te4|LpvNREa-Jv zu8X5goP}XUgNfp70>zr?6=p`L5g1c7dJ|Lxv@b@pRY0w71&men$~?!gMouw{Eh1`y zsE`@H7JUzmO4!8GHlz(Q{(9Q#wKA-kGH^8Qj zP?(^-+Q?fC=o@qfmW7Y3W}t*vriMZd3JM1j9HH&A4s;Ohs7LPwl|uuU&yrIZQ9eM)v zF{t$53#!q_!Ukb`evQ53*dO27omjdM>`w;8Xh?b!*$r*MMmg{+DUME0bZyNoj12Z)_{G_0r_SG> z;Fta=7!*U%9?!D2|8cHmm535?Km)@}U>!K$t_ssFw__Y7q!}YSx2pi8iVzXL8Zeb| zp%`Wp&(*br!}&-xSiKPd@a7uB;avCsFP?R>gtiC&0&WH~bzQ|I)VE)!KG6N-x`R}y zi%TP12W-r!DjV_c#LkvEm_j2WL(PzXeM(i@Pfj!OY?={o^Qvj0LP zm%bxb<>93z`_gx={|p`axhSD7IU-i@9E*e>)kPfgb8Ju#hC+5#Fsl}Fq!|@71UM9O z-j!$-H84r51sBBS=Upo?B@IAL*M+kyHP>|%13U&uXp?zw0M798=!{leH@WteNFPRG z12c?)C{l-w=9m@&Au$!CK1we9_-XZI=S%3&DYF3y|7$!gf|5EoZF#R{y%-;9zEyvZfn zYV=jTXuFJ&ACfPS_u7hfUM7tlQ&+BN7N#q4wV8rh2O`2sl# z_Xs(x%lKv!xKH^M@c>}KY{c?J!-jXH>|2Ms`+j%mqEwx3TF=#vOB}M2T?OXks?H2OE_CDB? z;d6-r^m{;9OpZ<6i_PFh)Npce82D1v?h=^>>dbC9>0v?(J0DFr7utfEip$=cn@_8V z{j@%9h0L0k58aY7NPi6&h`hB5!NjTZT9ZZCnonK?|)`u z;+gxC_ijl%+9R&C2ySCy*vQ%H#gAT;75YQk;%g2>(TxKBbXXYZCvrIf<-re zMu>MRt~*!3A$V47+NE^Hg);`5?fNgt}}kafF1h|RQoj=nYH z*TK&18PusgfSSVgMqXG9b#^CkHFwUUYF@V;RkM%JfhRA!Psn-q;DEtgvj_b;g=OYg zZ79=_zV#YKa5-al1?9#pG@UmhmAt?PURAn?ETdXOq!L6a;qYD+&vSNyZw~dSN)x^z zs?f>Ib8&;yfs_VIa4bL@jZQfv$-Mz5&e$3A4^B@zGGFc~ez!Y8CDy{m zb8#}*ofw!uKaqKMwZU0usbvIo3uBeh+0@=NxV5P>?#xG0{y1-p#QZd>()nZ}Zg4p2 zjY2KbvK#V;RB4vLxwjBG4<=uxyU=7jHTDbYQ7WMS4xE=u|tpI)-B3Fya z6&&T#UluB{5);Q(j!+Md?dzACL*oY$`!@=k4m~kG^YXEwdU5{r(85bwuQQ{kcXyK~ zQ%C1goNsFvMBxpN9G~eNI`;BRY-ce3caLs;XLW>=Dx3)yh3Z!UFW#$)0cCJ+N;^#%a?xhLV5RbF8kTbxi%9-6fFkZ!WRExJ6?uh zd8sCU#fts<32w13(Tn!?!!nPS6^{JASRP$kv7rdP= zbM-q8Vu%01oxJcW$Bfp^Z2^ycHLwUC{T%8G9^)?_d*q~sqw$2Wxb`#B0`5f~*b7ki z!@xYAt>Rx@J9zZi!dbZVi%;>wMMKSru4mv9j?bGOISD6i5ngSSJfG9D5&rrir=vuHpL~pT* zVS6d4BBCL~+r_9zDx|20=y}Rb!O9{TB_~e3G+ryD>x`0Tg<(8*dh+Pjv6oM6)=`5aXW60%q%>`u%&lOytK6-h{cQNz) zLfWxbG$JESavPcSi5JJW?oTf~pJ7FI1XcV{dZgFK7|3eYNYMe8Uo1L{PSNiQARCB9 zW*+&<2s#t)vY);#MnXQ5OQji64f$c^+6*$@LPJx2u)5GM`KV*%jFWoZT{IngQ+Cyv zJb`R!cI>(05jXjv7Qcz-$QqGd6e3m;-AJ~yjOcIyf|n(%*TxG#Bf}LIgIvVm2Lel< z7RA|vr3;-TX^L!XA=|1^$u@*bA)N}&$pLKJ)gV(iKwiZY&$(XEZ6&0h2V*&975a^X zPaAkG6{M@=IKXVJg+UETgOyn+M#F0kw z9e03JZ0HA>8`s~E0!u%Y0_VuLZSu3le-5~duQ$F+9;BWx{w%Pf_)Y0ua)EkN8Wz!| zjRE&ZhMIu;S^>JU9|!i3p1^qH1u|58-5ogh?zM5WGz1B= z?hX|4{s9=u{at|GthvFpkrs!d#ic-@Kyhc$0*e)AaSAN%4hxH0 zaV_q}inF-87I!c1?heO4m&;vpzZa9w%#+NE$w;2D@6&Q0008SS$DF<)jB|#AzRsdj6V< zl-FCH?_bhezbN^V?W{0C^XOUBOmh(N6KzDYFd8%CUmL9}{XTj87`g1{=A;u&$I`8j zRz*|7Sw6o&%)+9RguFs zrLc9R#{hckKqL3W?_Z2D1%XHXca`>>gD`S~Q}ubt#O<$NjcI;)%M4_7 zwy?lW8Z-+97u^~ysMZ?`u5|opTjw;_HSIwX@gwLT;2~t>>v?Ui^AQD)cExzP0HnK* z=cZ0OQ%xsdMW}2m|5TpHwPA`?s6V3@(|^FBnZ-#9&FFEZZsz&(N!_@FO0rAW*F2Hy zz{EiAt8qPY^;G^9s>nlx9v_DOnWf^4rJa=3znkd( zE$F?D_?6uP9nEVihkuyLtin{Yl2+Xws5|mwbXAZEEr1PbE7}JucKD z+4lo*m`3O~9P2M+_CHA3+LICct4>&qF|m!_O$(4x-EgT@`8n;cSY?>NkqiIK%+3Hwb6~q4E)2jLAMvC$S{)d0&20rT5!-v?%m@?PNtIR zf#AS}-0Pyu+$54w^$;`kq_=Hhylp_t6hzCxGM!v}GeR(Sbrti=&nda0_O+0?Y}i6H z+d)~X<~Qsdhq}FdtCv>kXT$=iq!vCFNe2Qei{&w(B{fFvSE`o&SmheyAx4S;D<6*w zhL7^8)!yGb={y!4ud)El<{XemnxJ}5P#(dnVNX}nG^g%NuT?riy(D@Cm@2T@%w2eJAN0+!o=8YzXgX6FM_ZapqwcwZ|Frpjtq320Y}p zlqS7?%plOMZ80kg)_s5hVcEBzEzjQ@5S5D8k9Mb-I~>oMSzm5VJ$Al7volJK&9m1U z+t!`5=LSITCry^FnY1N-Ehnl9BJpvVx24Me7B8E-F|r!$X6At!qojG=cMn0LyO=!) zqTkoT**eHOViT({wCKKt%UM)46v_uL)WQS>$iavcUNw6Qzm|{A83(zokeSN<98CA$ zfDZ?S5yks6{+P%-NvhgZdf|mfg)jbuMq}3$jI3GjOj zaMR-?9uQ4$c2mxwjMPUI<>IhA3etN!Q`_-u@iS@2yvps>_j(BpKfgZ`JKXA|0R&^< zHuVzOfEjYT&9{hC2{H;iIH!De|E1(;j}WHqBt1hQYKXJ{PP_h9NE?Mw^MK zBg?7s#$rXz!9lNO<5kVo9OF$@*5%qWCo9ru3G^&hdhf~<8lymh3Uf23S{W38rO6}O zPdFQ>mBlwur8}?D}m8J$>Lzn;i-=9fsOg;}&9E$<&g0GuWcT2wgPC}D!uIb+_ zn|B^xQKTraOnD9Ku#Npm(A{Z*p&S=$%o#lo(3(o3s5tXL={3|}Vg~a2UDp_(BP|6q zqJ9h{_g%haxaG1&W>MpW4)*58^BQ1CJn4^sE4ZH;%76nHtdiOt^M zSCxJwz(Bs;Ix#gG2>BpTDXApytuSGf1X->h!4)4yRQEdI<`$ku4F-27U76^LTprUO zO96Ur^8=ti5q9AJ1|Z9=VSd^jpeK)&4tWHO+EhF{3C8TMFkRa-FN^yaF^m3FJlQSw zF+Z#B^*9zb*@^WF^Q_?C&>jSS+w3ATmA|s=+jsqH=xy8zMyon1L|agF=txBg${Yv6 z=eeAIF?1AuE~&80@CG1K6w(Tuz2rlI|E zHwP<>5XKt1jR_R0IzvNiW>H<2!($zp+*#S3nE8>K->FJ8(yzg?IvAJaL`BYsuf;P{ zdb}--YBmbGHVOvem8(S{om$Pg`Nd#Ho8pKYXuQqSAgDn8?Uwsejk1EXS=}T;uch~I z+e<-pmKm|~o3k@4=$37_*TajI{?bk7$ zAayiGCNCZmlBcVW6DPMqH@L+m)0=+JpG7GA`sY}{$qnK2@=wumwkv-u+Xpgd8>;IK ze*GZWRXZNAxm3sL|#U!1lyW2oSqN^35KT)dOUK21Xq&iS6oF@|dW@0=Pi@iC!|BabKGXXnP*u<=X%82PD#Zvu@O8 z6?9;!Tw6w+YhuiTdC*>ED`pdB9-Q(Um`?|s%S8;95!~^U+es|G{$l`>+zPRd&+VrV zG{qw3h$3H2E-qcne`T0`#Op@&arC4TvVW3r@LYein3``BXWZQpG?Ho0pJ#6{Q^CLr zj;n69?aV^^Y^q9e5O90j68$oOaj(q*4F54vKPnG(h6SZrx(Ozy%DK4#^ORoqa>(~D zUt&A0&|%IUK>pl8cJ4pcGtap`EgHmtD|4=xsG)sCddt_B)6?gPXq4Yv!W#mh&`;p7 zd3es@;TEJR{j4y#c-%Gs z*>#r=IPu5AqUA7i;dp4)DRd~oLYq!sw7c-ftmh+-)#t_m%!?3}f!y9E!7P+C5W#iB zYtWFzgsRn=vGD!4ng-;ltt}Mw;w=Uql4|J0OQ;@RwOKn)>|J-zxrPcL3OKWp64K6l z%-$#ule)ng9UN?ingMlJ+^&&T-=6K=wyvD!h{UCM83#x-stCgt6p%SD0|t>#w2VFm zKPg5loXXuIA&SRKou)uH%6$Q~x0;RxOANriW^uPGAUXbai2UIWHTvT$`JhD9ScTmQ zF}craYsTv93x{H3!6l=#73urH?nT@k6E2jKs0pgAYaR=VK>%Yzk~WtcN^w07E_9=t zjPLWC3c2{q3<4QjT>;UZNL2|u#sjzp5Yt1j^N!9DU`kCHtb{}VQ-O4wFd@;t+h)+< zD-~yqbYM;z4Xzr7d-zu^2}~V%$yr!rl8uVQ&bF*RWnbNNMsMn{AE0ZlKHx-*rN_${+HxJe+-SFpz}gL~vvP+h^u&4}TAnP`m7hQH`#ZT)??Hc?Ux3R(FeTU0a=0 zN4OJZ{$hf{!t#2hi$E0YOU!CKKE5tA!(q`w$r&f6W3X52m%2Bnn)Uz%RVdL&3vn`e z)s?II>yWYn&gw3|a~3h=X9&_*k#ZozkE^CV{K>W}qpO~*aq>?kwZyGHxuiGqrM&kZ zopsuv&ZnSt&{1l>n#M#MM6ey57@wyM#4kL7Ky6p+NaZP4pQ){@?Zc@**HvqD^^ITH zpM@$Tj)oSKp#6BQW`!JWxxMdeN)e=N&KQwEm)q;&bHFKoPJ2ryM#hDFM zJd$dE`To*L=u!2SU_p_&k4kJx;QbWG>L&0+uM~Zw_Knm6Zi@Hf^U48Q9)xwI@i z3D0b2EY|S12RtkR>!_{I;z#FKystRN9$9#~o3Ub)h2-U_%3LA>ZMZA@xgVTQouUL@ zn%=qjx_}~TT3>eMsw?H?BP0Hv!`5({rj@Jm;iSF-J;Mg1YSiIWJ=r8-XmVK;XHBrH zT0%z$wJ#oLs=R|EY-blwl0Vpp;HqDUk52zFexJYFi zksHZPI+F^E(%SrX_z?nAv-ItamupLAbabQmSl?e47R^kcl|&oq+*lm6`t#xk-jrHj zQa_*5D-!rzx3VfJGDIYRF%uh~y2g7_+S9XMhdA+8N-`4yfU_`vPkQrs*6%A`-52xj zMVg&O&E*lXyCBiL--fWja5tI|X;`@Ln~uP_tn&^Pj6^fUpBU*Z>JuojG|%sQn#Aau zCOdANF8=4)C6c8>T4M6~`ws<3sy$LK9h<9-EKOB=GN9*8mU#2x&^R7`C3-+o*rx+E z^JQCHOtSl&gwl^)C*#TacesR({Qe`qQRuT?#Zz4g+P8IAd1|`l`vNx2Ms+Y{>uJ_t z=*B>5Su%UP&9PN>^Zf=yOAPEphKk>WUNG%(X2t>(z`}qtJ`e z>qBJP>0$wUtxI+*FwxxH!b&zu!DagAyeu&T3H{(Js$FW}fJKEd7V5 zNb;kziQhWq^#i|WM$#n^Hc8}zeW$s8(Y7Z|&Z?|_3x{ujcR7>4P^CTJihmWu*Y}|D zT2GmBNMiDSNI|#o+~|P2M_48+(|z5U_d_(waY(YT9?NO`1hg)$#wY&;h?{IJU17RE zoaB~kXD<8Nzq!ssDB%Jt>WS0+DI?8eu8c;k`{{Tfs#BQSp3oNIRS^IeMrG$o$wR)w=L|+zfJC|cCh5yR(z%~)RW@dD1>hlv+8)mCM#=L%dH46g%#wD^ z?6t~id9Z(muwvf}DWzVDb!=k?73QN|$MF zZb`fX5e+B(`}WG4KIrKv^D*1`bi--M%`dgdfdbV12l{dJZ|_Yu7VLcsBJ7Cjm4uK^ zfWGkLA&}AFZ#rn3gldS}-fBImQpP2D1npF<##S2Ll38)V!dN|*{>N~HC%=$~H|^!d zIVNdTdourRx>?z7k=!g#^90ybtsT|ZAnPzwn5b5ErF`xC+19t)Zl}6Q-*NTeYo5@^ZqugE_ zz0kTgh-V*x@m>J4b7XJNZz*}Kzf;J7Vh>cCXhtVx$!ncuBo5b=^Noqgl~$oxC=D2fpA-O=q2^I z3JU5JuGq}I_5r1|rQ@wOWa+7Cdq$-Sj0V}xV@^DU3G91G-r_n3x~|nzmeW30iYztJ zv(NB0B~JX`%eOV<#*28m$=2z{g|r_lhhD*|4OVO`U%{vLg=jEnx&18BumC8%Q6zL} zyRQp81I#9nC9ERlMq+g$5>y96U?l*HagK)ot&hz~q+Qr{E5X%|gvugTaQW{Y8B)>K zzR>+$o0~@^>kNeBZ45XsJsuH271oKhrd(y>UU9Y+6<{aHPmVW0iAApzlwqGxZqXB@ zt9>B#8LPWew!owO@i5?l`_$L_o*{-VTE?$>;)=;zrkO}@!^gyHPV3lSw5$L9#rEIh zB0~sy=(-8kOV5mzKai8J1-X^ zv6y3Gmcve4VLl#fN)*9Ewt!KLf}C6l5zaE3IbuW@B*N1Ly2D?E;Q0PLMux z!xD0VgNZCtw;3Q61`BvO<9R=q15k-Fr^vI&K>vdRd_J?ViptAC03R03G0 z<8J&CBsaK4T~)p1arem8Lws>S)%7=iS=4tH+S~mKAJupiSPaLz$jXpjkYv~B1NiKFS(v{ z%64P-qw5#d+GJ*~+>D#8Uq$Lr3Fmv4F(Hmt9$5;nW-Sxz6flNxQ0F;q-sr)v{GL*} zv6amo_c!|VQBhx(=f~{%0Ip}vZJ#Y1VfX9!_&}QT{Ey<0!0XSaXM@JM`pM*1S4bJ7 z1{G3gXTb8{6U&F^BAZY|GmaEaWZb2KQS>OUKt;1raex;mK2xNx&%-pG#mLk1Tf29yNaBjTsxDdn_tJ{mEx z3atn|Kk!l*px^OJ>V}lQi1Bv=lC+vQeK$~X-r0*bO1Lw{fd}l)Gac7hJvUa-3^=5| zpFbhIM*x@AQBV(fA@o*Z-gm#xB;69C6Yg&V?d)>ia4(3`uJ|yWB0WNY&l;n@0*;1# z0v-V0r}Q@5B`9b24t1wA%ZzFtp+(&ySDwaJE9h3o1RU)e`tI18c8DDzqkI_=B_kvE zKRVCTNm3LcRx>xbf-aea8F;HeQ=2bV+kf5Ddx=Zy95LUYdKG#x5*{`$Lt94EYtXBc zcE1p6-@XN+*ho5QOLD@O`?GjHylU>*{V>eeCFRDNQIFc)igg1Cl(vVG4GS;e@|`fY zf|f#CRF{S_>@{L;nO7+>U!|%4cRv}7Q{$1atFfoD{{zb!Xm>dWEJV0t4Y8{e^6=JC z9?>0{keQMp^Xc)OI_Pb-b#8V$1@i{G5oZyta(HvTSRi~uVD`86rw{ZDR6r#}8N>0W zuM(?~h>#hUx6ZmlI+w!r#=WJTld*|gk9CO;j{#8IQHdz}$*m`X!{bs^qB-KL!Y`<| z?HGv}U)6U1F#KUwX)Y-LO_BTWxA(W_wBVq=cafZ_WT{B0IH~DwLVWm-8PFhec%1Vandn0Jy=$Kgdda!C*_^TcfcQuHI z`^lx_#p3qJHu>iBSYhXG0_D$D{C33`a(H2QC<3~_rhii4Vvt_Aeb_vH(MNuoFs2)Y zbkK4eB>0X2)jITh=xbb8oNK;uURd4_8C7X?8J*b71Q-=3wUt7h{Fr`euDkxLr=j@7?#+Q#?{iVmBz^s3X7n`l*=PAuW*|am=X*$k*B2~j z{rim!Gin6w19`Eq_n@BAgF78mI9M;_2tg0K{+&q#ZKG)nFj%rq=F}n50DKJrKzW2l_Ktk}m zdJhOA>N_)saK$bBW|-(P|Hj3iN-|>Lx?}LpiG$FI^TQ}82BcOev<_%h{^N@ zTle%?cNJLo?Mz>po9`1Dqt_WT)tQpknE>j{kX?=GfmNK%l}ybr0JM@G3gdmOWPOB* zAlp+RJFxw<|B_2IVi>V*AGIbO1^z1KgwgLv*6)O{$rl^Xm!is-FvXX_$rpc~-n)?A z-I(5guiFu%+td5qfI2>T7@x(EF^MB`s3D!HA+Dq$)v6)!upyJQAvUccMW-QQsUZW< z5Z~O825m@sY{)`}#QcOLOF@41L(=IXafOgnGf3htB$E&lyWi3?)Y4Vb(s$U>nby*~ z)Y9ENye9N-7g2bNMtBELc$-sr7rkwZscna}Z5zr`{8A)0%x-? zia6QbddW`cio7LjVIC=Me%h3$K8V@IU(W z0|jaOrcEif|A9u^^0dR9rvJdlrXbrKoxT6UL1I(BZIRA@AYW%+y(z)=KTvC1rgJ#k z^dGo!hBgVU^gZ@Hn$EUDNp87LES9Gl3LO+TGy8-h|BvCIuBptnWa&RpxU}!ulwte- zz>D|B3$;zE^Y+Uf#rxGzl6>1~mLR~(@YfP?#AjzE}8 From 6b1e6417c634ce993507e306fc0efb54f089a8e9 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 18 Oct 2013 16:48:11 -0400 Subject: [PATCH 134/369] Allow nodes columns to be customizable --- NEWS.asciidoc | 1 + .../pfappserver/Base/Action/SimpleSearch.pm | 11 ++- .../lib/pfappserver/Base/Controller.pm | 16 +-- .../lib/pfappserver/Controller/Node.pm | 20 ++++ .../pfappserver/lib/pfappserver/Model/Node.pm | 6 +- .../lib/pfappserver/Model/Search/Node.pm | 32 +++--- html/pfappserver/root/node/advanced_search.tt | 98 +++++++++++++----- html/pfappserver/root/node/simple_search.tt | 99 +++++++++++++++---- html/pfappserver/root/static/admin/nodes.js | 31 +++++- .../root/static/app/application.js | 5 + html/pfappserver/root/static/js/node.js | 66 ++++++------- lib/pf/node.pm | 5 +- 12 files changed, 285 insertions(+), 105 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 60f3df8c0193..79a3284ba67f 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -21,6 +21,7 @@ New Features * Proxy interception * New pfcmd command fixpermissions * Added a Null Authenication Source +* Displayed columns of nodes are now customizable Enhancements ++++++++++++ diff --git a/html/pfappserver/lib/pfappserver/Base/Action/SimpleSearch.pm b/html/pfappserver/lib/pfappserver/Base/Action/SimpleSearch.pm index 72e84b4d1f4a..073f353acad9 100644 --- a/html/pfappserver/lib/pfappserver/Base/Action/SimpleSearch.pm +++ b/html/pfappserver/lib/pfappserver/Base/Action/SimpleSearch.pm @@ -21,7 +21,16 @@ after execute => sub { my ( $self, $controller, $c, %args ) = @_; %args = map { $_ => $args{$_} } grep { $controller->valid_param($_) } keys %args; $c->stash(%args); - $controller->_list_items( $c, $self->attributes->{SimpleSearch}[0] ); + my $model_name = $self->attributes->{SimpleSearch}[0]; + if ($c->request->method eq 'POST') { + # Store columns in the session + my $columns = $c->request->params->{'column'}; + $columns = [$columns] if (ref($columns) ne 'ARRAY'); + my %columns_hash = map { $_ => 1 } @{$columns}; + my %params = ( lc($model_name) . 'columns' => \%columns_hash ); + $c->session(%params); + } + $controller->_list_items( $c, $model_name ); }; =head1 COPYRIGHT diff --git a/html/pfappserver/lib/pfappserver/Base/Controller.pm b/html/pfappserver/lib/pfappserver/Base/Controller.pm index b89d69270736..585fa82ebe97 100644 --- a/html/pfappserver/lib/pfappserver/Base/Controller.pm +++ b/html/pfappserver/lib/pfappserver/Base/Controller.pm @@ -38,13 +38,15 @@ use File::Spec::Functions; BEGIN { extends 'Catalyst::Controller'; } -our %VALID_PARAMS = ( - page_num => 1, - by => 1, - direction => 1, - filter => 1, - start => 1, - end => 1, +our %VALID_PARAMS = + ( + page_num => 1, + by => 1, + direction => 1, + filter => 1, + start => 1, + end => 1, + column => 1, ); =head1 METHODS diff --git a/html/pfappserver/lib/pfappserver/Controller/Node.pm b/html/pfappserver/lib/pfappserver/Controller/Node.pm index 138e6ce203a6..51234015a6f3 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Node.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Node.pm @@ -56,11 +56,18 @@ after _list_items => sub { my ($status,$roles) = $c->model('Roles')->list(); $c->stash(roles => $roles); + unless ($c->session->{'nodecolumns'}) { + # Set default visible columns + my %default_columns = map { $_ => 1 } qw/status mac computername pid last_ip dhcp_fingerprint category/; + $c->session( nodecolumns => \%default_columns ); + } }; =head2 advanced_search +Perform an advanced search using the Search::Node model + =cut sub advanced_search :Local :Args() { @@ -69,6 +76,16 @@ sub advanced_search :Local :Args() { my %search_results; my $model = $self->getModel($c); my $form = $self->getForm($c); + + # Store columns in the session + my $columns = $c->request->params->{'column'}; + if ($columns) { + $columns = [$columns] if (ref($columns) ne 'ARRAY'); + my %columns_hash = map { $_ => 1 } @{$columns}; + my %params = ( 'nodecolumns' => \%columns_hash ); + $c->session(%params); + } + $form->process(params => $c->request->params); if ($form->has_errors) { $status = HTTP_BAD_REQUEST; @@ -77,12 +94,15 @@ sub advanced_search :Local :Args() { } else { my $query = $form->value; + $query->{by} = 'mac' unless ($query->{by}); + $query->{direction} = 'asc' unless ($query->{direction}); ($status, $result) = $model->search($query); if (is_success($status)) { $c->stash(form => $form); $c->stash($result); } } + (undef, $result) = $c->model('Roles')->list(); $c->stash( status_msg => $status_msg, diff --git a/html/pfappserver/lib/pfappserver/Model/Node.pm b/html/pfappserver/lib/pfappserver/Model/Node.pm index 92149aadc15e..b31e1bc95c84 100644 --- a/html/pfappserver/lib/pfappserver/Model/Node.pm +++ b/html/pfappserver/lib/pfappserver/Model/Node.pm @@ -72,7 +72,7 @@ Field names to be displayed. The first one is the default sort field. =cut sub field_names { - return [qw(mac regdate computername pid last_ip status dhcp_fingerprint)]; + return [qw(mac detect_date regdate unregdate computername pid last_ip status dhcp_fingerprint category)]; } =head2 countAll @@ -146,8 +146,8 @@ sub view { $node->{$date} = POSIX::strftime("%Y-%m-%d %H:%M", @date_data); } } - foreach (qw[regdate unregdate]) { - $node->{$_} = '' if exists $node->{$_} && $node->{$_} eq '0000-00-00 00:00:00'; + foreach (qw[detect_date regdate unregdate]) { + $node->{$_} = '' if exists $node->{$_} && $node->{$_} eq '0000-00-00 00:00:00'; } # Show 802.1X username only if connection is of type EAP diff --git a/html/pfappserver/lib/pfappserver/Model/Search/Node.pm b/html/pfappserver/lib/pfappserver/Model/Search/Node.pm index baf1cb817cab..b38fd065f21a 100644 --- a/html/pfappserver/lib/pfappserver/Model/Search/Node.pm +++ b/html/pfappserver/lib/pfappserver/Model/Search/Node.pm @@ -33,7 +33,7 @@ sub search { my $builder = $self->make_builder; $self->setup_query($builder, $params); my $results = $self->do_query($builder, $params); - return(HTTP_OK, $results); + return (HTTP_OK, $results); } sub setup_query { @@ -85,12 +85,12 @@ sub make_builder { return pf::SearchBuilder->new ->select(qw( mac pid voip bypass_vlan status category_id - detect_date unregdate lastskip - user_agent computername - last_arp last_dhcp notes), + user_agent computername last_arp last_dhcp notes), + L_("IF(lastskip = '0000-00-00 00:00:00', '', lastskip)", 'lastskip'), + L_("IF(detect_date = '0000-00-00 00:00:00', '', detect_date)", 'detect_date'), L_("IF(regdate = '0000-00-00 00:00:00', '', regdate)", 'regdate'), - L_('iplog.ip', 'last_ip'), - L_("IF(ISNULL(node_category.name), '', node_category.name)", 'category'), + L_("IF(unregdate = '0000-00-00 00:00:00', '', unregdate)", 'unregdate'), + L_("IFNULL(node_category.name, '')", 'category'), L_("IFNULL(os_type.description, ' ')", 'dhcp_fingerprint') )->from('node', { @@ -164,18 +164,9 @@ sub make_builder { ); } -sub add_order_by { - my ($self, $builder, $params) = @_; - my ($by, $direction) = @$params{qw(by direction)}; - if ($by && $direction) { - $builder->order_by($by, $direction); - } -} - - my %COLUMN_MAP = ( person_name => 'pid', - node_category => { + category => { table => 'node_category', name => 'name', }, @@ -264,6 +255,15 @@ my %COLUMN_MAP = ( }, ); +sub add_order_by { + my ($self, $builder, $params) = @_; + my ($by, $direction) = @$params{qw(by direction)}; + if ($by && $direction) { + $by = $COLUMN_MAP{$by} if (exists $COLUMN_MAP{$by}); + $builder->order_by($by, $direction); + } +} + sub add_date_range { my ($self, $builder, $params, $start, $end) = @_; if ($start || $end) { diff --git a/html/pfappserver/root/node/advanced_search.tt b/html/pfappserver/root/node/advanced_search.tt index d150462a8e06..d8457ec15d18 100644 --- a/html/pfappserver/root/node/advanced_search.tt +++ b/html/pfappserver/root/node/advanced_search.tt @@ -1,33 +1,61 @@ [% MACRO header(column, title, class) BLOCK -%] -[% params = { by => column, filter => filter, per_page => per_page }; - new_direction = 'asc'; +[% new_direction = 'asc'; IF by == column && direction == 'asc'; new_direction = 'desc'; END; - params.direction = new_direction; - %] - [% title %][% IF by == column %] [% END %] + params = { by => column, filter => filter, direction => new_direction }; + IF c.session.nodecolumns.$column %] + [% title %][% IF by == column %] [% END %] + [%- END %] [% END -%] + +[% MACRO column_checkbox(column, title) BLOCK -%] +

      • +[% END -%] +

      [% l('Results') %] -
      - - -

      +
      + + [% l('Action') %] + + + +
      +
      +
      + + [% l('Columns') %] + + +
        + [% column_checkbox('status', 'Status') %] + [% column_checkbox('mac', 'MAC') %] + [% column_checkbox('detect_date', 'Detected Date') %] + [% column_checkbox('regdate', 'Registration Date') %] + [% column_checkbox('unregdate', 'Unregistration Date') %] + [% column_checkbox('computername', 'Computer Name') %] + [% column_checkbox('pid', 'Owner') %] + [% column_checkbox('last_ip', 'IP Address') %] + [% column_checkbox('dhcp_fingerprint', 'OS (DHCP)') %] + [% column_checkbox('category', 'Role') %] +
      +
      +
      [% pagination = BLOCK %] [% INCLUDE pagination.inc section = 'node/advanced_search' IF items.size > 0 %] [% END %] @@ -39,6 +67,9 @@ [% header('status', 'Status') %] [% header('mac', 'MAC') %] + [% header('detect_date', 'Detect Date') %] + [% header('regdate', 'Registration Date') %] + [% header('unregdate', 'Unregistration Date') %] [% header('computername', 'Computer Name', 'hidden-phone') %] [% header('pid', 'Owner', 'hidden-phone') %] [% header('last_ip', 'IP Address') %] @@ -50,13 +81,36 @@ [%- FOREACH node IN items -%] + [%- IF c.session.nodecolumns.status %] [% l(node.status) %] + [%- END %] + [%- IF c.session.nodecolumns.mac %] [% node.mac %] + [%- END %] + [%- IF c.session.nodecolumns.detect_date %] + [% node.detect_date %] + [%- END %] + [%- IF c.session.nodecolumns.regdate %] + [% node.regdate %] + [%- END %] + [%- IF c.session.nodecolumns.unregdate %] + [% node.unregdate %] + [%- END %] + [%- IF c.session.nodecolumns.computername %] [% node.computername %] + [%- END %] + [%- IF c.session.nodecolumns.pid %] [% node.pid %] + [%- END %] + [%- IF c.session.nodecolumns.last_ip %] [% IF node.last_ssid %] [% END %][% node.last_ip %] + [%- END %] + [%- IF c.session.nodecolumns.dhcp_fingerprint %] [% node.dhcp_fingerprint %] + [%- END %] + [%- IF c.session.nodecolumns.category %] [% node.category %] + [%- END %] [%- END -%] diff --git a/html/pfappserver/root/node/simple_search.tt b/html/pfappserver/root/node/simple_search.tt index a94b0ca5b8a9..9168ad2b877b 100644 --- a/html/pfappserver/root/node/simple_search.tt +++ b/html/pfappserver/root/node/simple_search.tt @@ -1,30 +1,61 @@ [% MACRO header(column, title, class) BLOCK -%] -[% params = { by => column, filter => filter }; +[% new_direction = 'asc'; IF by == column && direction == 'asc'; new_direction = 'desc'; - END %] - [% title %][% IF by == column %]  [% END %] + END; + params = { by => column, filter => filter, direction => new_direction }; + IF c.session.nodecolumns.$column %] + [% l(title) %][% IF by == column %] [% END %] + [%- END %] [% END -%] + +[% MACRO column_checkbox(column, title) BLOCK -%] +
      • +[% END -%] +

      [% l('Results') %] -
      - - -

      +
      + + [% l('Action') %] + + + +
      +
      +
      + + [% l('Columns') %] + + +
        + [% column_checkbox('status', 'Status') %] + [% column_checkbox('mac', 'MAC') %] + [% column_checkbox('detect_date', 'Detected Date') %] + [% column_checkbox('regdate', 'Registration Date') %] + [% column_checkbox('unregdate', 'Unregistration Date') %] + [% column_checkbox('computername', 'Computer Name') %] + [% column_checkbox('pid', 'Owner') %] + [% column_checkbox('last_ip', 'IP Address') %] + [% column_checkbox('dhcp_fingerprint', 'OS (DHCP)') %] + [% column_checkbox('category', 'Role') %] +
      +
      +
      [% pagination = BLOCK %] [% INCLUDE pagination.inc section = 'node/simple_search' IF items.size > 0 %] [% END %] @@ -36,6 +67,9 @@ [% header('status', 'Status') %] [% header('mac', 'MAC') %] + [% header('detect_date', 'Detect Date') %] + [% header('regdate', 'Registration Date') %] + [% header('unregdate', 'Unregistration Date') %] [% header('computername', 'Computer Name', 'hidden-phone') %] [% header('pid', 'Owner', 'hidden-phone') %] [% header('last_ip', 'IP Address') %] @@ -47,13 +81,36 @@ [%- FOREACH node IN items -%] + [%- IF c.session.nodecolumns.status %] [% l(node.status) %] + [%- END %] + [%- IF c.session.nodecolumns.mac %] [% node.mac %] + [%- END %] + [%- IF c.session.nodecolumns.detect_date %] + [% node.detect_date %] + [%- END %] + [%- IF c.session.nodecolumns.regdate %] + [% node.regdate %] + [%- END %] + [%- IF c.session.nodecolumns.unregdate %] + [% node.unregdate %] + [%- END %] + [%- IF c.session.nodecolumns.computername %] [% node.computername %] + [%- END %] + [%- IF c.session.nodecolumns.pid %] [% node.pid %] + [%- END %] + [%- IF c.session.nodecolumns.last_ip %] [% IF node.last_ssid %] [% END %][% node.last_ip %] + [%- END %] + [%- IF c.session.nodecolumns.dhcp_fingerprint %] [% node.dhcp_fingerprint %] + [%- END %] + [%- IF c.session.nodecolumns.category %] [% node.category %] + [%- END %] [%- END -%] @@ -61,5 +118,5 @@ [% pagination %]
      -  

      [% l('No node found') %]

      +

      [% l('No node found') %]

      diff --git a/html/pfappserver/root/static/admin/nodes.js b/html/pfappserver/root/static/admin/nodes.js index 67ca9a8b70cf..153a4532be40 100644 --- a/html/pfappserver/root/static/admin/nodes.js +++ b/html/pfappserver/root/static/admin/nodes.js @@ -14,7 +14,36 @@ function init() { var today = new Date(); $('.tab-content .datepicker input').each(function() { $(this).data('datepicker').setEndDate(today) }); - /* Register clicks on pre-defined periods */ + /* Submit dropdown menu form when hiding the dropdown menu; + Used to show or hide columns */ + $('body').on('change', '.dropdown-menu-form input[type="checkbox"]', function(event) { + var checkbox = $(this); + if (checkbox.data('dirty')) + checkbox.removeData('dirty'); + else + checkbox.data('dirty', 1); + }); + + $('html').on('click.dropdown.data-api', function(event) { + $('.dropdown-menu-form').each(function() { + if ($.grep($(this).find('input'), function(n) { + return typeof $(n).data('dirty') != 'undefined' + }).length > 0) { + var parent = this.parentNode; + if (parent.tagName == 'FORM' && $(parent).hasClass('open')) { + $(parent).removeClass('open'); + if (parent.id == 'columns') + // Showing the results of an advanced search; + // To refresh the page, trigger a click on the active page of the pagination + $('.pagination .disabled a[href*="#node/advanced_search"]').first().click(); + else + // Showing the results of a simple search; + // To refresh the page, submit the current form which contains the filter + updateSectionFromForm($(parent)); + } + } + }); + }); /* Hash change handlder */ $(window).hashchange(pfOnHashChange(updateSection,'/node/')); diff --git a/html/pfappserver/root/static/app/application.js b/html/pfappserver/root/static/app/application.js index a58a199a0e58..fdecf0944570 100644 --- a/html/pfappserver/root/static/app/application.js +++ b/html/pfappserver/root/static/app/application.js @@ -44,6 +44,11 @@ $(function () { input.val(btn.attr('value')); }); + /* Don't hide special "form" dropdown menu */ + $('body').on('click', '.dropdown-menu-form', function(event) { + event.stopPropagation(); + }); + /* Live validation for required fields */ $('body').on('blur', 'input[data-required]', function() { isFormInputEmpty($(this)); diff --git a/html/pfappserver/root/static/js/node.js b/html/pfappserver/root/static/js/node.js index 73d6f8341eef..203751fac60b 100644 --- a/html/pfappserver/root/static/js/node.js +++ b/html/pfappserver/root/static/js/node.js @@ -6,7 +6,7 @@ var Nodes = function() { }; -Nodes.prototype.doAjax = function(url_data,options) { +Nodes.prototype.doAjax = function(url_data, options) { $.ajax(url_data) .always(options.always) .done(options.success) @@ -17,15 +17,15 @@ Nodes.prototype.doAjax = function(url_data,options) { }; Nodes.prototype.get = function(options) { - this.doAjax(options.url,options); + this.doAjax(options.url, options); }; Nodes.prototype.post = function(options) { this.doAjax( { - url: options.url, - type: 'POST', - data: options.data + url: options.url, + type: 'POST', + data: options.data }, options ); @@ -40,27 +40,19 @@ var NodeView = function(options) { var read = $.proxy(this.readNode, this); options.parent.on('click', '#nodes [href*="node"][href$="/read"]', read); - var show = $.proxy(this.showNode, this); - $('body').on('show', '#modalNode', show); + this.proxyFor($('body'), 'show', '#modalNode', this.showNode); - var update = $.proxy(this.updateNode, this); - $('body').on('submit', '#modalNode form[name="modalNode"]', update); + this.proxyFor($('body'), 'submit', '#modalNode form[name="modalNode"]', this.updateNode); - var delete_node = $.proxy(this.deleteNode, this); - $('body').on('click', '#modalNode [href$="/delete"]', delete_node); + this.proxyClick($('body'), '#modalNode [href$="/delete"]', this.deleteNode); - var read_violations = $.proxy(this.readViolations, this); - $('body').on('show', 'a[data-toggle="tab"][href="#nodeViolations"]', read_violations); + this.proxyFor($('body'), 'show', 'a[data-toggle="tab"][href="#nodeViolations"]', this.readViolations); - var close_violation = $.proxy(this.closeViolation, this); - $('body').on('click', '#modalNode [href*="/close/"]', close_violation); + this.proxyClick($('body'), '#modalNode [href*="/close/"]', this.closeViolation); - var trigger_violation = $.proxy(this.triggerViolation, this); - $('body').on('click', '#modalNode #addViolation', trigger_violation); + this.proxyClick($('body'), '#modalNode #addViolation', this.triggerViolation); /* Update the advanced search form to the next page or resort the query */ - $('body').on('click', 'a[href*="#node/advanced_search"]', $.proxy(this.advancedSearchUpdater, this)); - this.proxyClick($('body'), 'a[href*="#node/advanced_search"]',this.advancedSearchUpdater); this.proxyClick($('body'), '#toggle_all_items', this.toggleAllItems); @@ -268,25 +260,30 @@ NodeView.prototype.advancedSearchUpdater = function(e) { var form = $('#advancedSearch'); var href = link.attr("href"); if (href) { - href = href.replace(/^.*#node\/advanced_search\//,''); + href = href.replace(/^.*#node\/advanced_search\//, ''); var values = href.split("/"); - for (var i =0;i', { type: 'checkbox', checked: 'checked', name: 'column', class: 'hidden', value: $(this).val()})); + }); form.submit(); } return false; }; NodeView.prototype.toggleActionsButton = function(e) { - var button = $('#bulk_actions'); + var dropdown = $('#bulk_actions + ul'); var checked = $('[name="items"]:checked').length > 0; if (checked) - button.removeClass('disabled'); + dropdown.find('li.disabled').removeClass('disabled'); else - button.addClass('disabled'); + dropdown.find('li[class!="dropdown-submenu"]').addClass('disabled'); }; NodeView.prototype.toggleAllItems = function(e) { @@ -299,13 +296,16 @@ NodeView.prototype.toggleAllItems = function(e) { NodeView.prototype.submitItems = function(e) { var target = $(e.currentTarget); var status_container = $("#section").find('h2').first(); - this.nodes.post({ - url: target.attr("data-target"), - data: $("#items").serialize(), - success: function(data) { - showSuccess(status_container, data.status_msg); - $(window).hashchange(); - }, - errorSibling: status_container - }); + var items = $("#items").serialize(); + if (items.length) { + this.nodes.post({ + url: target.attr("data-target"), + data: items, + success: function(data) { + showSuccess(status_container, data.status_msg); + $(window).hashchange(); + }, + errorSibling: status_container + }); + } }; diff --git a/lib/pf/node.pm b/lib/pf/node.pm index 138eaa537417..21be7927787c 100644 --- a/lib/pf/node.pm +++ b/lib/pf/node.pm @@ -228,7 +228,10 @@ sub node_db_prepare { $node_statements->{'node_view_all_sql'} = qq[ SELECT node.mac, node.pid, node.voip, node.bypass_vlan, node.status, IF(ISNULL(node_category.name), '', node_category.name) as category, - node.detect_date, IF(node.regdate = '0000-00-00 00:00:00', '', node.regdate) as regdate, node.unregdate, node.lastskip, + IF(node.detect_date = '0000-00-00 00:00:00', '', node.detect_date) as detect_date, + IF(node.regdate = '0000-00-00 00:00:00', '', node.regdate) as regdate, + IF(node.unregdate = '0000-00-00 00:00:00', '', node.unregdate) as unregdate, + IF(node.lastskip = '0000-00-00 00:00:00', '', node.lastskip) as lastskip, node.user_agent, node.computername, IFNULL(os_type.description, ' ') as dhcp_fingerprint, node.last_arp, node.last_dhcp, locationlog.switch as last_switch, locationlog.port as last_port, locationlog.vlan as last_vlan, From 763b62c84dcfdf0a4c83fd141d5d95aba3612888 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 21 Oct 2013 09:17:17 -0400 Subject: [PATCH 135/369] Removed useless logging entries --- html/captive-portal/guest-selfregistration.cgi | 1 - html/captive-portal/register-gaming-device.cgi | 2 +- html/captive-portal/register.cgi | 3 --- 3 files changed, 1 insertion(+), 5 deletions(-) diff --git a/html/captive-portal/guest-selfregistration.cgi b/html/captive-portal/guest-selfregistration.cgi index c7b8f61c8062..1248b5bcfd01 100755 --- a/html/captive-portal/guest-selfregistration.cgi +++ b/html/captive-portal/guest-selfregistration.cgi @@ -289,7 +289,6 @@ if (defined($cgi->url_param('mode')) && $cgi->url_param('mode') eq $pf::web::gue # Registration form was invalid, return to guest self-registration page and show error message if ($auth_return != $TRUE) { - $logger->info("Missing information for self-registration"); pf::web::guest::generate_selfregistration_page($portalSession, $err, $errargs_ref); exit(0); } diff --git a/html/captive-portal/register-gaming-device.cgi b/html/captive-portal/register-gaming-device.cgi index b8465d5ffa08..35ecfe39cf0d 100755 --- a/html/captive-portal/register-gaming-device.cgi +++ b/html/captive-portal/register-gaming-device.cgi @@ -87,7 +87,7 @@ elsif (exists $params{'device_mac'}) { else { # Use role of user $role = &pf::authentication::match(&pf::authentication::getInternalAuthenticationSources(), {username => $pid}, $Actions::SET_ROLE); - $logger->trace("Gaming devices role is $role (from username $pid)"); + $logger->trace("Gaming devices role is $role (from username $pid)") if ($role); } $info{'category'} = $role if (defined $role); diff --git a/html/captive-portal/register.cgi b/html/captive-portal/register.cgi index 3c554bcc0888..159937213124 100755 --- a/html/captive-portal/register.cgi +++ b/html/captive-portal/register.cgi @@ -150,8 +150,6 @@ elsif ( (defined($cgi->param('username') ) || $no_username_needed ) && ($cgi->pa # as web_node_register() might not work if we've reached the limit my $value = &pf::authentication::match($source_id, $params, $Actions::SET_ROLE); - $logger->trace("Got role '$value' for username $pid"); - # This appends the hashes to one another. values returned by authenticator wins on key collision if (defined $value) { %info = (%info, (category => $value)); @@ -168,7 +166,6 @@ elsif ( (defined($cgi->param('username') ) || $no_username_needed ) && ($cgi->pa $value = &pf::authentication::match($source_id, $params, $Actions::SET_UNREG_DATE); } if (defined $value) { - $logger->trace("Got unregdate $value for username $pid"); %info = (%info, (unregdate => $value)); } From fdd8bb79d3b3915dbb201ea7392b31847210b374 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 21 Oct 2013 09:19:36 -0400 Subject: [PATCH 136/369] Syntax cleanup --- .../lib/pfappserver/Base/Model/Search.pm | 14 +++++++------- html/pfappserver/root/static/admin/searches.js | 12 ++++++------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Base/Model/Search.pm b/html/pfappserver/lib/pfappserver/Base/Model/Search.pm index 5b892016bbcb..1e46dfa2b243 100644 --- a/html/pfappserver/lib/pfappserver/Base/Model/Search.pm +++ b/html/pfappserver/lib/pfappserver/Base/Model/Search.pm @@ -41,14 +41,14 @@ To create where arguements for the sql builder =cut sub process_query { - my ($self,$query) = (@_); + my ($self, $query) = (@_); $self->_pre_process_query($query); my $op = $query->{op}; die "$op is not a supported search operation" unless exists $OP_MAP{$op}; my $sql_op = $OP_MAP{$op}; my @escape; - my @where_args = ($query->{name},$sql_op); + my @where_args = ($query->{name}, $sql_op); my $value = $query->{value}; if($sql_op eq 'LIKE' || $sql_op eq 'NOT LIKE') { #escaping the % and _ charcaters @@ -63,12 +63,12 @@ sub process_query { $value = "\%$value"; } } - push @where_args,$value,@escape; + push @where_args, $value, @escape; return \@where_args; } sub _pre_process_query { - my ($self,$query) = @_; + my ($self, $query) = @_; if( $query->{name} eq 'mac' && $query->{op} eq 'equal' ) { my $value = $query->{value}; $value =~ s/^ *//; @@ -86,11 +86,11 @@ add limits to the sql builder =cut sub add_limit { - my ($self,$builder,$params) = @_; + my ($self, $builder, $params) = @_; my $page_num = $params->{page_num} || 1; my $limit = $params->{per_page} || 25; - my $offset = (( $page_num - 1 ) * $limit ); - $builder->limit($limit,$offset); + my $offset = (( $page_num - 1 ) * $limit); + $builder->limit($limit, $offset); } =item add_joins diff --git a/html/pfappserver/root/static/admin/searches.js b/html/pfappserver/root/static/admin/searches.js index e19efc752bb2..f306a0ba323c 100644 --- a/html/pfappserver/root/static/admin/searches.js +++ b/html/pfappserver/root/static/admin/searches.js @@ -73,31 +73,31 @@ $(function() { return false; }); - $('#advancedSearch').on('submit',function(event) { + $('#advancedSearch').on('submit', function(event) { updateSectionFromForm($('#advancedSearch')); return false; }); - $('#advancedSearch').on('admin.added','tr', function(event) { + $('#advancedSearch').on('admin.added', 'tr', function(event) { var that = $(this); that.find(':input').removeAttr('disabled'); }); - $('body').on('click','[data-toggle="pf-search-form"][data-target]',function(event) { + $('body').on('click', '[data-toggle="pf-search-form"][data-target]', function(event) { var that = $(this); var target = that.attr('data-target'); var from_form = that.next(); - var to_form = $("#" +target +"Search" ); + var to_form = $("#" + target + "Search" ); var first_row = to_form.find('tbody tr.dynamic-row:not(.hidden)').first(); first_row.nextAll("tr.dynamic-row:not(.hidden)").remove(); var new_searches = from_form.find('[name^="searches."]').length / 3 - 1; - for(var i=0;i Date: Mon, 21 Oct 2013 09:53:45 -0400 Subject: [PATCH 137/369] modified way to chgrp for centos --- docs/PacketFence_Administration_Guide.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/PacketFence_Administration_Guide.asciidoc b/docs/PacketFence_Administration_Guide.asciidoc index bdac76fff5d5..4c0d28150515 100644 --- a/docs/PacketFence_Administration_Guide.asciidoc +++ b/docs/PacketFence_Administration_Guide.asciidoc @@ -1036,7 +1036,7 @@ Finally, start `winbind`, and test the setup using `ntlm_auth` and `radtest`: For Centos/RHEL: - # chgrp pf /var/lib/samba/winbindd_privileged/ + # usermod -a -G wbpriv pf For Debian and Ubuntu: From 0c169d02477558768ce2ab602a2a11ee081416fa Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 21 Oct 2013 14:05:23 -0400 Subject: [PATCH 138/369] Set the redirect URL per portal profile --- NEWS.asciidoc | 1 + UPGRADE.asciidoc | 9 ++++- conf/documentation.conf | 16 --------- conf/pf.conf.defaults | 14 -------- conf/profiles.conf | 2 ++ html/captive-portal/email_activation.cgi | 12 +++---- html/captive-portal/mobile-confirmation.cgi | 4 +-- html/captive-portal/oauth2.cgi | 4 +-- .../Controller/Portal/Profile/Default.pm | 3 +- .../lib/pfappserver/Form/Portal/Common.pm | 33 +++++++++++++++++-- .../lib/pfappserver/Form/Portal/Profile.pm | 7 ++-- .../Form/Portal/Profile/Default.pm | 17 +++++++++- lib/pf/Portal/Profile.pm | 14 ++++++++ lib/pf/Portal/ProfileFactory.pm | 13 ++++---- lib/pf/Portal/Session.pm | 10 +++--- lib/pf/web.pm | 14 ++++---- 16 files changed, 107 insertions(+), 66 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 79a3284ba67f..e7533f8af433 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -34,6 +34,7 @@ Enhancements * Added CoA support for Xirrus access point * Improved validation of VLAN management * Updated FontAwesome to version 3.2.1 +* Each portal profile can now have a different redirection URL Bug Fixes +++++++++ diff --git a/UPGRADE.asciidoc b/UPGRADE.asciidoc index c553b829df23..eedb7308e656 100644 --- a/UPGRADE.asciidoc +++ b/UPGRADE.asciidoc @@ -10,10 +10,17 @@ Upgrading from a version prior to 4.1.0 Database schema update ^^^^^^^^^^^^^^^^^^^^^^ + The category column in the temporary_password should not be mandatory. Make sure you run the following to update your schema: -mysql -u root -p pf -v < db/upgrade-4.0.0-4.1.0.sql + mysql -u root -p pf -v < db/upgrade-4.0.0-4.1.0.sql + +Configuration changes +^^^^^^^^^^^^^^^^^^^^^ + +The parameters `trapping.redirecturl` and `trapping.always_use_redirecturl` from `pf.conf` (or `pf.conf.defaults`) +were moved to the default portal profile in `profiles.conf`. Adjust your configuration accordingly. Upgrading from a version prior to 4.0.6 --------------------------------------- diff --git a/conf/documentation.conf b/conf/documentation.conf index a63cf273b5c9..88e9206cea79 100644 --- a/conf/documentation.conf +++ b/conf/documentation.conf @@ -188,22 +188,6 @@ Location of the memcached binary. Only necessary to change if you are not running the pre-packaged version. EOT -[trapping.redirecturl] -type=text -description=<url_param('code'))) { pf::email_activation::set_status_verified($cgi->url_param('code')); } else { - $logger->warn("No active email source for profile ".$portalSession->getProfile->getName.", redirecting to ".$Config{'trapping'}{'redirecturl'}); - print $cgi->redirect($Config{'trapping'}{'redirecturl'}); + $logger->warn("No active email source for profile ".$portalSession->getProfile->getName.", redirecting to ".$portalSession->getProfile->getRedirectURL); + print $cgi->redirect($portalSession->getProfile->getRedirectURL); } } @@ -255,14 +255,14 @@ if (defined($cgi->url_param('code'))) { exit(0); } else { - $logger->warn("No active sponsor source for profile ".$portalSession->getProfile->getName.", redirecting to ".$Config{'trapping'}{'redirecturl'}); - print $cgi->redirect($Config{'trapping'}{'redirecturl'}); + $logger->warn("No active sponsor source for profile ".$portalSession->getProfile->getName.", redirecting to ".$portalSession->getProfile->getRedirectURL); + print $cgi->redirect($portalSession->getProfile->getRedirectURL); } } } else { - $logger->info("User has nothing to do here, redirecting to ".$Config{'trapping'}{'redirecturl'}); - print $cgi->redirect($Config{'trapping'}{'redirecturl'}); + $logger->info("User has nothing to do here, redirecting to ".$portalSession->getProfile->getRedirectURL); + print $cgi->redirect($portalSession->getProfile->getRedirectURL); } diff --git a/html/captive-portal/mobile-confirmation.cgi b/html/captive-portal/mobile-confirmation.cgi index 8839131e5ef6..8cc2c15d268f 100755 --- a/html/captive-portal/mobile-confirmation.cgi +++ b/html/captive-portal/mobile-confirmation.cgi @@ -92,8 +92,8 @@ if ( $portalSession->getCgi->param("pin") ) { pf::web::end_portal_session($portalSession); } else { - $logger->warn("No active sms source for profile ".$portalSession->getProfile->getName.", redirecting to ".$Config{'trapping'}{'redirecturl'}); - print $portalSession->getCgi->redirect($Config{'trapping'}{'redirecturl'}); + $logger->warn("No active sms source for profile ".$portalSession->getProfile->getName.", redirecting to ".$portalSession->getProfile->getRedirectURL); + print $portalSession->getCgi->redirect($portalSession->getProfile->getRedirectURL); } } elsif ($portalSession->getCgi->param("action_confirm")) { diff --git a/html/captive-portal/oauth2.cgi b/html/captive-portal/oauth2.cgi index 295aa49fd651..4abe771c5dc9 100755 --- a/html/captive-portal/oauth2.cgi +++ b/html/captive-portal/oauth2.cgi @@ -112,8 +112,8 @@ if ($source) { pf::web::end_portal_session($portalSession); } else { - $logger->warn("No active $source_type source for profile ".$portalSession->getProfile->getName.", redirecting to ".$Config{'trapping'}{'redirecturl'}); - print $cgi->redirect($Config{'trapping'}{'redirecturl'}); + $logger->warn("No active $source_type source for profile ".$portalSession->getProfile->getName.", redirecting to ".$portalSession->getProfile->getRedirectURL); + print $cgi->redirect($portalSession->getProfile->getRedirectURL); } =head1 AUTHOR diff --git a/html/pfappserver/lib/pfappserver/Controller/Portal/Profile/Default.pm b/html/pfappserver/lib/pfappserver/Controller/Portal/Profile/Default.pm index 1a3c0d3a0898..fe7c5ca1d71c 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Portal/Profile/Default.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Portal/Profile/Default.pm @@ -1,4 +1,5 @@ package pfappserver::Controller::Portal::Profile::Default; + =head1 NAME pfappserver::Controller::PortalProfile add documentation @@ -28,7 +29,7 @@ use Readonly; BEGIN { extends 'pfappserver::Controller::Portal::Profile'; } __PACKAGE__->config( -#Reconfiguring the models and forms for actions + # Configure the model and the form for actions action_args => { '*' => { model => "Config::Profile", form => 'Portal::Profile::Default'}, } diff --git a/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm b/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm index 4c7a92e4a5e9..e10affd7caa5 100644 --- a/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm +++ b/html/pfappserver/lib/pfappserver/Form/Portal/Common.pm @@ -45,12 +45,41 @@ has_field 'description' => ( type => 'Text', label => 'Profile Description', - required => 1, + ); + +=head2 redirecturl + +Redirection URL + +=cut + +has_field 'redirecturl' => + ( + type => 'Text', + label => 'Redirection URL', + tags => { after_element => \&help, + help => 'Default URL to redirect to on registration/mitigation release. This is only used if a per-violation redirect URL is not defined.' }, + ); + +=head2 always_use_redirecturl + +Controls whether or not we always use the redirection URL + +=cut + +has_field 'always_use_redirecturl' => + ( + type => 'Toggle', + label => 'Force redirection URL', + checkbox_value => 'enabled', + unchecked_value => 'disabled', + tags => { after_element => \&help, + help => 'Under most circumstances we can redirect the user to the URL he originally intended to visit. However, you may prefer to force the captive portal to redirect the user to the redirection URL.' }, ); =head2 billing_engine -Has the billing engine enabled +Controls whether or not the billing engine is enabled =cut diff --git a/html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm b/html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm index e51a96e8c167..f99bb09662ad 100644 --- a/html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm +++ b/html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm @@ -20,7 +20,7 @@ with 'pfappserver::Form::Portal::Common'; use pf::config; use List::MoreUtils qw(uniq); -=head1 Blocks +=head1 BLOCKS =head2 definition @@ -30,10 +30,10 @@ The main definition block has_block 'definition' => ( - render_list => [ qw(id description billing_engine) ], + render_list => [ qw(id description redirecturl always_use_redirecturl billing_engine) ], ); -=head1 Fields +=head1 FIELDS =head2 filter @@ -67,7 +67,6 @@ has_field 'filter.contains' => widget_wrapper => 'DynamicTableRow', ); - =head1 COPYRIGHT Copyright (C) 2012-2013 Inverse inc. diff --git a/html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm b/html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm index d7811d380376..dcec656b2dcc 100644 --- a/html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm +++ b/html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm @@ -26,7 +26,7 @@ The main definition block has_block 'definition' => ( - render_list => [ qw(id description logo billing_engine) ], + render_list => [ qw(id description logo redirecturl always_use_redirecturl billing_engine) ], ); @@ -48,6 +48,21 @@ has_field 'logo' => =head1 METHODS +=head2 update_fields + +The redirection URL is mandatory for the default profile. + +=cut + +sub update_fields { + my $self = shift; + + $self->field('redirecturl')->required(1); + + # Call the theme implementation of the method + $self->SUPER::update_fields(); +} + =head1 COPYRIGHT diff --git a/lib/pf/Portal/Profile.pm b/lib/pf/Portal/Profile.pm index 845e29a0c605..896dafd6576e 100644 --- a/lib/pf/Portal/Profile.pm +++ b/lib/pf/Portal/Profile.pm @@ -129,6 +129,20 @@ sub getDescripton { *description = \&getDescripton; +sub getRedirectURL { + my ($self) = @_; + return $self->{'_redirecturl'}; +} + +*redirecturl = \&getRedirectURL; + +sub forceRedirectURL { + my ($self) = @_; + return $self->{'_always_use_redirecturl'}; +} + +*always_use_redirecturl = \&forceRedirectURL; + =item getSources Returns the authentication sources IDs for the current captive portal profile. diff --git a/lib/pf/Portal/ProfileFactory.pm b/lib/pf/Portal/ProfileFactory.pm index f16abad537de..ff9e91699bef 100644 --- a/lib/pf/Portal/ProfileFactory.pm +++ b/lib/pf/Portal/ProfileFactory.pm @@ -37,14 +37,15 @@ sub instantiate { my ( $self, $mac ) = @_; my $logger = Log::Log4perl::get_logger(__PACKAGE__); - # We apply portal profiles based on the SSID and VLAN, we check the last_ssid for the given MAC and try to match - # a portal profile using the previously fetched filters. If no match, we instantiate the default portal profile. + # We apply portal profiles based on the SSID, VLAN and switch. We check the last_(ssid|vlan|switch) for the given MAC + # and try to match a portal profile using the previously fetched filters. + # If no match, we instantiate the default portal profile. my $node_info = node_view($mac); my @filter_ids = ((map { "$_:" . $node_info->{"last_$_"} } qw(ssid vlan switch)), @{$node_info}{'last_ssid','last_vlan','last_switch'}); my $filtered_profile = - first {exists $Profiles_Config{$_}} - map { $Profile_Filters{$_} } - grep { defined $_ && exists $Profile_Filters{$_} } # + first { exists $Profiles_Config{$_} } + map { $Profile_Filters{$_} } + grep { defined $_ && exists $Profile_Filters{$_} } @filter_ids; return _from_custom_profile($filtered_profile) if $filtered_profile; @@ -87,7 +88,7 @@ sub _custom_profile { 'name' => $name, 'template_path' => $name, 'description' => $profile->{'description'} || '', - map { $_ => ($profile->{$_} || $defaults->{$_}) } qw (logo guest_modes sources billing_engine filter) + map { $_ => ($profile->{$_} || $defaults->{$_}) } qw (logo guest_modes sources redirecturl always_use_redirecturl billing_engine filter) ); $results{guest_modes} = _guest_modes_from_sources($results{sources}); return \%results; diff --git a/lib/pf/Portal/Session.pm b/lib/pf/Portal/Session.pm index 945199fc1ab7..eafe435be413 100644 --- a/lib/pf/Portal/Session.pm +++ b/lib/pf/Portal/Session.pm @@ -80,12 +80,12 @@ sub _initialize { $self->{'_client_ip'} = $self->_resolveIp(); $self->{'_client_mac'} = ip2mac($self->getClientIp); - $self->{'_destination_url'} = $self->_getDestinationUrl(); - $self->{'_guest_node_mac'} = undef; $self->{'_profile'} = pf::Portal::ProfileFactory->instantiate($self->getClientMac); + $self->{'_destination_url'} = $self->_getDestinationUrl(); + $self->_initializeStash(); $self->_initializeI18n(); } @@ -153,8 +153,10 @@ Returns destination_url properly parsed, defended against XSS and with configure sub _getDestinationUrl { my ($self) = @_; - # set default if destination_url not set - return $Config{'trapping'}{'redirecturl'} if (!defined($self->cgi->param("destination_url"))); + # Set default if destination_url not set + unless (defined($self->cgi->param("destination_url"))) { + return $self->getProfile->getRedirectURL; + } return decode_entities(uri_unescape($self->cgi->param("destination_url"))); } diff --git a/lib/pf/web.pm b/lib/pf/web.pm index 5b1151c7eeba..6e37fb03db99 100644 --- a/lib/pf/web.pm +++ b/lib/pf/web.pm @@ -169,8 +169,8 @@ sub generate_release_page { my ( $portalSession, $r ) = @_; $portalSession->stash({ - timer => $Config{'trapping'}{'redirtimer'}, - redirect_url => $Config{'trapping'}{'redirecturl'}, + timer => $Config{'trapping'}{'redirtimer'}, + redirect_url => $portalSession->getProfile->getRedirectURL, initial_delay => $CAPTIVE_PORTAL{'NET_DETECT_INITIAL_DELAY'}, retry_delay => $CAPTIVE_PORTAL{'NET_DETECT_RETRY_DELAY'}, external_ip => $Config{'captive_portal'}{'network_detection_ip'}, @@ -178,8 +178,8 @@ sub generate_release_page { }); # override destination_url if we enabled the always_use_redirecturl option - if (isenabled($Config{'trapping'}{'always_use_redirecturl'})) { - $portalSession->stash->{'destination_url'} = $Config{'trapping'}{'redirecturl'}; + if (isenabled($portalSession->getProfile->forceRedirectURL)) { + $portalSession->stash->{'destination_url'} = $portalSession->getProfile->getRedirectURL; } render_template($portalSession, 'release.html', $r); @@ -650,15 +650,15 @@ sub generate_pending_page { my ( $portalSession ) = @_; $portalSession->stash({ - redirect_url => $Config{'trapping'}{'redirecturl'}, + redirect_url => $portalSession->getProfile->getRedirectURL, initial_delay => $CAPTIVE_PORTAL{'NET_DETECT_PENDING_INITIAL_DELAY'}, retry_delay => $CAPTIVE_PORTAL{'NET_DETECT_PENDING_RETRY_DELAY'}, external_ip => $Config{'captive_portal'}{'network_detection_ip'}, }); # override destination_url if we enabled the always_use_redirecturl option - if (isenabled($Config{'trapping'}{'always_use_redirecturl'})) { - $portalSession->stash->{'destination_url'} = $Config{'trapping'}{'redirecturl'}; + if (isenabled($portalSession->getProfile->forceRedirectURL)) { + $portalSession->stash->{'destination_url'} = $portalSession->getProfile->getRedirectURL; } render_template($portalSession, 'pending.html'); From fe813adc469088bc524fe5a29b5d429ed4fe1b33 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 24 Oct 2013 16:28:21 -0400 Subject: [PATCH 139/369] Changed log level from error to debug --- lib/pf/util.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/util.pm b/lib/pf/util.pm index cd83c26aab52..574df8a5ac78 100644 --- a/lib/pf/util.pm +++ b/lib/pf/util.pm @@ -93,7 +93,7 @@ sub valid_ip { { my $caller = ( caller(1) )[3] || basename($0); $caller =~ s/^(pf::\w+|main):://; - $logger->error("invalid IP: $ip from $caller"); + $logger->debug("invalid IP: $ip from $caller"); return (0); } else { return (1); From 523f11a7f9372740e521564f1e01b933df7a42f7 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Thu, 24 Oct 2013 19:46:16 -0400 Subject: [PATCH 140/369] Fix wispr authentication (http://www.packetfence.org/bugs/view.php?id=1742) --- lib/pf/web.pm | 9 ++++++--- lib/pf/web/wispr.pm | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/pf/web.pm b/lib/pf/web.pm index 6e37fb03db99..8562467a72a2 100644 --- a/lib/pf/web.pm +++ b/lib/pf/web.pm @@ -588,14 +588,17 @@ sub validate_form { =cut sub web_user_authenticate { - my ( $portalSession ) = @_; + my ( $portalSession ,$username, $password) = @_; my $logger = Log::Log4perl::get_logger('pf::web'); $logger->trace("authentication attempt"); my $session = $portalSession->getSession(); my @sources = ($portalSession->getProfile->getInternalSources, $portalSession->getProfile->getExclusiveSources); - my $username = $portalSession->cgi->param("username"); - my $password = $portalSession->cgi->param("password"); + + if (!defined($username)) { + $username = $portalSession->cgi->param("username"); + $password = $portalSession->cgi->param("password"); + } # validate login and password my ($return, $message, $source_id) = pf::authentication::authenticate($username, $password, @sources); diff --git a/lib/pf/web/wispr.pm b/lib/pf/web/wispr.pm index 47b5e8513d1c..a8c991d17b9a 100644 --- a/lib/pf/web/wispr.pm +++ b/lib/pf/web/wispr.pm @@ -74,7 +74,7 @@ sub handler { # Trace the user in the apache log $r->user($req->param("username")); - my ($return, $message, $source_id) = &pf::web::web_user_authenticate($portalSession); + my ($return, $message, $source_id) = &pf::web::web_user_authenticate($portalSession,$req->param("username"),$req->param("password")); if ($return) { $logger->info("Authentification success for wispr client"); $stash = { From 73d79d59eea1d33a7b252ae5b6d06c6cd59e42ff Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 25 Oct 2013 18:15:08 -0400 Subject: [PATCH 141/369] Flush ipset before starting packetfence --- packetfence.init | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packetfence.init b/packetfence.init index 0533f872dec5..cc91206fe45a 100755 --- a/packetfence.init +++ b/packetfence.init @@ -21,6 +21,8 @@ start() { IPSET=`command -v ipset` if [ $IPSET ]; then modprobe ip_set + #flush any previous ipset rules + /usr/sbin/ipset destroy fi /sbin/vconfig set_name_type DEV_PLUS_VID_NO_PAD /usr/local/pf/bin/pfcmd service pf start From c8cbf13d89ee33240505cad2052d67d8ffb12357 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 29 Oct 2013 11:52:03 -0400 Subject: [PATCH 142/369] Fix indent --- packetfence.init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packetfence.init b/packetfence.init index cc91206fe45a..f86cdfdc6ab6 100755 --- a/packetfence.init +++ b/packetfence.init @@ -21,7 +21,7 @@ start() { IPSET=`command -v ipset` if [ $IPSET ]; then modprobe ip_set - #flush any previous ipset rules + #flush any previous ipset rules /usr/sbin/ipset destroy fi /sbin/vconfig set_name_type DEV_PLUS_VID_NO_PAD From 76f0cb6f75788ebc98e655ff5e1e14717ffab5a8 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 24 Oct 2013 16:25:03 -0400 Subject: [PATCH 143/369] Fix display of profiles table --- html/pfappserver/root/portal/profile/index.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/pfappserver/root/portal/profile/index.tt b/html/pfappserver/root/portal/profile/index.tt index f8e78a5a9521..747a9c445275 100644 --- a/html/pfappserver/root/portal/profile/index.tt +++ b/html/pfappserver/root/portal/profile/index.tt @@ -59,7 +59,7 @@ [% END %] [% END -%] - + From 7daf8f821bb9a3b30f626475ff80e8086e799a5b Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 29 Oct 2013 15:19:16 -0400 Subject: [PATCH 144/369] Allow Htpasswd sources to validatate sponsors A sponsor is validated by her/his email address and consequently, the authentication source must implement the method "username_from_email". --- NEWS.asciidoc | 1 + .../Authentication/Source/HtpasswdSource.pm | 20 +++++++++++++++++++ lib/pf/authentication.pm | 16 +++++++++------ lib/pf/file_paths.pm | 1 + t/authentication.t | 7 ++++--- t/data/htpasswd.conf | 2 ++ 6 files changed, 38 insertions(+), 9 deletions(-) create mode 100644 t/data/htpasswd.conf diff --git a/NEWS.asciidoc b/NEWS.asciidoc index e7533f8af433..0029a5126d06 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -35,6 +35,7 @@ Enhancements * Improved validation of VLAN management * Updated FontAwesome to version 3.2.1 * Each portal profile can now have a different redirection URL +* An Htpasswd source can now define sponsors Bug Fixes +++++++++ diff --git a/lib/pf/Authentication/Source/HtpasswdSource.pm b/lib/pf/Authentication/Source/HtpasswdSource.pm index c6a576bbf6e5..a8c0f8556ff8 100644 --- a/lib/pf/Authentication/Source/HtpasswdSource.pm +++ b/lib/pf/Authentication/Source/HtpasswdSource.pm @@ -90,6 +90,26 @@ sub match_in_subclass { return undef; } +=head2 username_from_email + +=cut + +sub username_from_email { + my ( $self, $email ) = @_; + + # First check if the username is found in the htpasswd file + my $password_file = $self->{'path'}; + if (-r $password_file) { + my $htpasswd = new Apache::Htpasswd({ passwdFile => $password_file, ReadOnly => 1}); + if ( $htpasswd->fetchPass($email) ) { + # Username is defined in the htpasswd file + return $email; + } + } + + return undef; +} + =head1 AUTHOR Inverse inc. diff --git a/lib/pf/authentication.pm b/lib/pf/authentication.pm index a34d8cb94786..bc4ad2586604 100644 --- a/lib/pf/authentication.pm +++ b/lib/pf/authentication.pm @@ -430,6 +430,13 @@ sub deleteAuthenticationSource { =item username_from_email +Return the username associated to an email address if it exists in any of the +authentication sources. + +This subroutine is used to validate a sponsor's email address. + +See pf::web::guest::validate_sponsor. + =cut sub username_from_email { @@ -439,19 +446,16 @@ sub username_from_email { $logger->info("Looking up username for email: $email"); foreach my $source ( @authentication_sources ) { - - if ($source->isa('pf::Authentication::Source::LDAPSource') || - $source->isa('pf::Authentication::Source::SQLSource' )) { - + if ($source->can("username_from_email")) { my $username = $source->username_from_email($email); if (defined $username) { - return ($username,$source->id); + return ($username, $source->id); } } } - return ; + return; } =item authenticate diff --git a/lib/pf/file_paths.pm b/lib/pf/file_paths.pm index 640bf4dd6ae1..fdc3b49eb139 100644 --- a/lib/pf/file_paths.pm +++ b/lib/pf/file_paths.pm @@ -1,4 +1,5 @@ package pf::file_paths; + =head1 NAME pf::file_paths add documentation diff --git a/t/authentication.t b/t/authentication.t index 3e7d8a50fbf7..c15a97fa4569 100755 --- a/t/authentication.t +++ b/t/authentication.t @@ -28,10 +28,10 @@ BEGIN { use_ok("pf::authentication"); -is(pf::authentication::match("bad_source_name",{ username => 'test' }),undef,"Return undef for an invalid name of source"); +is(pf::authentication::match("bad_source_name",{ username => 'test' }), undef, "Return undef for an invalid name of source"); is_deeply( - pf::authentication::match("email",{ username => 'test' }), + pf::authentication::match("email", { username => 'user_manager' }), [ pf::Authentication::Action->new({ 'value' => 'guest', @@ -46,7 +46,7 @@ is_deeply( ); is_deeply( - pf::authentication::match("htpasswd1",{ username => 'user_manager' }), + pf::authentication::match("htpasswd1", { username => 'user_manager' }), [ pf::Authentication::Action->new({ 'value' => 'User Manager', @@ -56,6 +56,7 @@ is_deeply( "match htpasswd1 by username" ); +is(pf::authentication::username_from_email('user@domain.com'), 'htpasswd1', "Found username associated to an email"); =head1 AUTHOR diff --git a/t/data/htpasswd.conf b/t/data/htpasswd.conf new file mode 100644 index 000000000000..ebba19117c55 --- /dev/null +++ b/t/data/htpasswd.conf @@ -0,0 +1,2 @@ +user_manager:$apr1$CYNkFc.W$gj5HwGwy3B.96AUVeuCZb/ +user@domain.com:$apr1$emloI7Hp$LqDlGeE4dX0CsAEItXFBo/ From ac220c8bb9a2602c5d1d47f5c8a08701ead4d290 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 4 Nov 2013 13:20:50 -0500 Subject: [PATCH 145/369] Cleanup Form::User --- html/pfappserver/lib/pfappserver/Form/User.pm | 61 ------------------- 1 file changed, 61 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Form/User.pm b/html/pfappserver/lib/pfappserver/Form/User.pm index 5bfe76e04fc5..472cec50951f 100644 --- a/html/pfappserver/lib/pfappserver/Form/User.pm +++ b/html/pfappserver/lib/pfappserver/Form/User.pm @@ -191,67 +191,6 @@ sub update_fields { $self->SUPER::update_fields(); } -=head2 options_access_level - -Populate the select field for the 'access level' template action. - -=cut - -sub options_access_level { - my $self = shift; - - return - ( - { - label => $self->_localize('None'), - value => $WEB_ADMIN_NONE, - }, - { - label => $self->_localize('All'), - value => $WEB_ADMIN_ALL, - }, - ); -} - -=head2 options_roles - -Populate the select field for the roles template action. - -=cut - -sub options_roles { - my $self = shift; - - my @roles; - - # Build a list of existing roles - my ($status, $result) = $self->form->ctx->model('Roles')->list(); - if (is_success($status)) { - @roles = map { $_->{name} => $_->{name} } @$result; - } - - return @roles; -} - -=head2 options_durations - -Populate the access duration select field with the available values defined -in the pf.conf configuration file. - -=cut - -sub options_durations { - my $self = shift; - - my $durations = pf::web::util::get_translated_time_hash( - [ split (/\s*,\s*/, $Config{'guests_admin_registration'}{'access_duration_choices'}) ], - $self->form->ctx->languages()->[0] - ); - my @options = map { get_abbr_time($_) => $durations->{$_} } sort { $a <=> $b } keys %$durations; - - return \@options; -} - =head1 COPYRIGHT Copyright (C) 2012-2013 Inverse inc. From 8fc21fff21379d44a657078fc7833fa26a7db79a Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 5 Nov 2013 10:41:50 -0500 Subject: [PATCH 146/369] Added compression to chi for memcached --- conf/chi.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/conf/chi.conf b/conf/chi.conf index 616541b9c3be..b9bd18a73c63 100644 --- a/conf/chi.conf +++ b/conf/chi.conf @@ -5,6 +5,7 @@ storage=configfiles driver=Memcached servers=127.0.0.1:11211 global=1 +compress_threshold=10000 [storage configfiles l1_cache] storage=raw From f5424f979ab0d5b21ab451a62549b19fa5d2d89b Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 5 Nov 2013 13:36:55 -0500 Subject: [PATCH 147/369] Code cleanup --- html/captive-portal/templates/login.html | 2 -- 1 file changed, 2 deletions(-) diff --git a/html/captive-portal/templates/login.html b/html/captive-portal/templates/login.html index 9f01e61f7a0f..35c4e3ceacb9 100644 --- a/html/captive-portal/templates/login.html +++ b/html/captive-portal/templates/login.html @@ -65,8 +65,6 @@ [% IF null_source %][% i18n("Email") %] [% ELSE %] [% i18n("Username") %][% END %]
      - [% ELSE %] - [% END %] [% UNLESS null_source %]
      From a93c41a42a034703e2cd39d724e3c9744c77afc6 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 4 Nov 2013 16:24:23 -0500 Subject: [PATCH 148/369] Improve saved search on users page --- NEWS.asciidoc | 2 ++ .../lib/pfappserver/Controller/Admin.pm | 2 +- .../Controller/SavedSearch/Node.pm | 9 +++--- .../Controller/SavedSearch/User.pm | 10 +++---- .../lib/pfappserver/Form/SavedSearch.pm | 11 +++++++ .../lib/pfappserver/Model/SavedSearch/Node.pm | 1 + .../lib/pfappserver/Model/SavedSearch/User.pm | 2 ++ html/pfappserver/root/admin/users.tt | 30 +++++++++++-------- .../pfappserver/root/static/admin/searches.js | 30 ++++++++++--------- html/pfappserver/root/static/js/user.js | 3 +- lib/pf/savedsearch.pm | 1 - 11 files changed, 62 insertions(+), 39 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 0029a5126d06..3c8c67a003e3 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -50,6 +50,8 @@ Bug Fixes * Removed references to unavailable snort rules (#1715) * Fixed LDAP regexp condition not considering all attribute values (#1737) * Fixed sort by phone number and nodes count when performing an advanced search on users (#1738) +* Fixed users searches not being saved in the proper namespace +* Fixed handling of form submit when saving a user search Version 4.0.6-2 released on 2013-09-13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/html/pfappserver/lib/pfappserver/Controller/Admin.pm b/html/pfappserver/lib/pfappserver/Controller/Admin.pm index eaabbd45247f..dec2589dc56f 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Admin.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Admin.pm @@ -174,7 +174,7 @@ sub nodes :Chained('object') :PathPart('nodes') :Args(0) { sub users :Chained('object') :PathPart('users') :Args(0) { my ( $self, $c ) = @_; my $id = $c->user->id; - my ($status,$saved_searches) = $c->model("SavedSearch::User")->read_all($id); + my ($status, $saved_searches) = $c->model("SavedSearch::User")->read_all($id); $c->stash( saved_searches => $saved_searches, saved_search_form => $c->form("SavedSearch") diff --git a/html/pfappserver/lib/pfappserver/Controller/SavedSearch/Node.pm b/html/pfappserver/lib/pfappserver/Controller/SavedSearch/Node.pm index f80d1978ad82..79d50a8f9b94 100644 --- a/html/pfappserver/lib/pfappserver/Controller/SavedSearch/Node.pm +++ b/html/pfappserver/lib/pfappserver/Controller/SavedSearch/Node.pm @@ -1,4 +1,5 @@ package pfappserver::Controller::SavedSearch::Node; + =head1 NAME pfappserver::Controller::SavedSearch::Node add documentation @@ -23,19 +24,19 @@ BEGIN { __PACKAGE__->config( action => { -#Reconfigure the object dispatcher from pfappserver::Base::Controller::Crud + # Reconfigure the object dispatcher from pfappserver::Base::Controller::Crud object => { Chained => '/', PathPart => 'savedsearch/node', CaptureArgs => 1 } }, action_args => { - '*' => { model=> 'SavedSearch::Node', form => 'SavedSearch'} + '*' => { model => 'SavedSearch::Node', form => 'SavedSearch'} } ); -=head2 Methods +=head1 METHODS =over -=item create +=head2 before create =cut diff --git a/html/pfappserver/lib/pfappserver/Controller/SavedSearch/User.pm b/html/pfappserver/lib/pfappserver/Controller/SavedSearch/User.pm index 6ecf84cc779d..51be284cfe3b 100644 --- a/html/pfappserver/lib/pfappserver/Controller/SavedSearch/User.pm +++ b/html/pfappserver/lib/pfappserver/Controller/SavedSearch/User.pm @@ -1,4 +1,5 @@ package pfappserver::Controller::SavedSearch::User; + =head1 NAME pfappserver::Controller::SavedSearch::User add documentation @@ -23,20 +24,19 @@ BEGIN { __PACKAGE__->config( action => { -#Reconfigure the object dispatcher from pfappserver::Base::Controller::Crud + # Reconfigure the object dispatcher from pfappserver::Base::Controller::Crud object => { Chained => '/', PathPart => 'savedsearch/user', CaptureArgs => 1 } }, action_args => { - '*' => { model=> 'SavedSearch::Node', form => 'SavedSearch'} + '*' => { model => 'SavedSearch::User', form => 'SavedSearch'} } ); - -=head2 Methods +=head1 METHODS =over -=item create +=head2 before create =cut diff --git a/html/pfappserver/lib/pfappserver/Form/SavedSearch.pm b/html/pfappserver/lib/pfappserver/Form/SavedSearch.pm index 1ccbe9b4a44c..f9d92d5a862c 100644 --- a/html/pfappserver/lib/pfappserver/Form/SavedSearch.pm +++ b/html/pfappserver/lib/pfappserver/Form/SavedSearch.pm @@ -61,6 +61,17 @@ has_field 'namespace' => ( widget => 'NoRender', ); +=head2 Blocks + +=item search + +=cut + +has_block 'search' => + ( + render_list => [qw(name query)], + ); + =back diff --git a/html/pfappserver/lib/pfappserver/Model/SavedSearch/Node.pm b/html/pfappserver/lib/pfappserver/Model/SavedSearch/Node.pm index 8c7878258220..65424c26b0bb 100644 --- a/html/pfappserver/lib/pfappserver/Model/SavedSearch/Node.pm +++ b/html/pfappserver/lib/pfappserver/Model/SavedSearch/Node.pm @@ -1,4 +1,5 @@ package pfappserver::Model::SavedSearch::Node; + =head1 NAME package pfappserver::Model::SavedSearch add documentation diff --git a/html/pfappserver/lib/pfappserver/Model/SavedSearch/User.pm b/html/pfappserver/lib/pfappserver/Model/SavedSearch/User.pm index 0caa335eed4f..440056ff8782 100644 --- a/html/pfappserver/lib/pfappserver/Model/SavedSearch/User.pm +++ b/html/pfappserver/lib/pfappserver/Model/SavedSearch/User.pm @@ -1,4 +1,5 @@ package pfappserver::Model::SavedSearch::User; + =head1 NAME package pfappserver::Model::SavedSearch add documentation @@ -19,6 +20,7 @@ use Moose; extends 'pfappserver::Base::Model::SavedSearch'; + __PACKAGE__->meta->make_immutable; =back diff --git a/html/pfappserver/root/admin/users.tt b/html/pfappserver/root/admin/users.tt index d3369f954b2f..7e1a01bacea6 100644 --- a/html/pfappserver/root/admin/users.tt +++ b/html/pfappserver/root/admin/users.tt @@ -38,19 +38,23 @@ form {
      diff --git a/html/pfappserver/root/static/admin/searches.js b/html/pfappserver/root/static/admin/searches.js index f306a0ba323c..dbc052527351 100644 --- a/html/pfappserver/root/static/admin/searches.js +++ b/html/pfappserver/root/static/admin/searches.js @@ -1,10 +1,8 @@ function saveSearchFromForm(form_id) { var modal = $("#savedSearch"); - var button = modal.find('a.btn-primary').first(); var saved_search_form = $("#savedSearchForm"); var search_form = $(form_id); - button.off('click'); - button.on('click',function(event) { + saved_search_form.one('submit', function(event) { modal.modal('hide'); var uri = new URI(search_form.attr('action')); var query = uri.resource() @@ -41,31 +39,33 @@ function saveSearchFromForm(form_id) { } $(function() { - $('#advancedSavedSearchBtn').on('click', function(event) { - return saveSearchFromForm("#advancedSearch"); - }); - + /* Save a simple search */ $('#simpleSavedSearchBtn').on('click', function(event) { return saveSearchFromForm('#simpleSearch'); }); - /* For simpleSearch */ - $('body').on('submit','#simpleSearch', function(event) { + /* Save an advanced search */ + $('#advancedSavedSearchBtn').on('click', function(event) { + return saveSearchFromForm("#advancedSearch"); + }); + + /* Perform a simple search */ + $('body').on('submit', '#simpleSearch', function(event) { var form = $(this); var section = $('#section'); section.fadeTo('fast', 0.5); var url = form.attr('action'); var inputs = form.serializeArray(); var length = inputs.length; - if(length > 0) { - for(var i =0;i 0) { + for (var i = 0; i < length; i++) { var input = inputs[i]; - if(input.value) { + if (input.value) { url+= "/" + encodeURIComponent(input.name) + "/" + encodeURIComponent(input.value); } } } - if(location.hash == url) { + if (location.hash == url) { $(window).hashchange(); } else { location.hash = url; @@ -73,6 +73,7 @@ $(function() { return false; }); + /* Perfom an advanced search */ $('#advancedSearch').on('submit', function(event) { updateSectionFromForm($('#advancedSearch')); return false; @@ -83,6 +84,7 @@ $(function() { that.find(':input').removeAttr('disabled'); }); + /* Perform a saved search */ $('body').on('click', '[data-toggle="pf-search-form"][data-target]', function(event) { var that = $(this); var target = that.attr('data-target'); @@ -102,7 +104,7 @@ $(function() { return false; }); - + /* Delete a saved search */ $('.saved_search_trash').on('click',function(event) { event.stopPropagation(); var that = $(this); diff --git a/html/pfappserver/root/static/js/user.js b/html/pfappserver/root/static/js/user.js index 1733e9bf14b6..c1d2f9889270 100644 --- a/html/pfappserver/root/static/js/user.js +++ b/html/pfappserver/root/static/js/user.js @@ -85,7 +85,8 @@ var UserView = function(options) { var type = tr.find('select[name$=type]').first(); updateAction(type); }); - /* Update the advanced search form to the next page or resort the query*/ + + /* Update the advanced search form to the next page or resort the query */ var advanced_search_updater = $.proxy(this.advancedSearchUpdater, this); $('body').on('click', '[href*="#user/advanced_search"]', advanced_search_updater); diff --git a/lib/pf/savedsearch.pm b/lib/pf/savedsearch.pm index 8c6f0a076dcc..5514f16816b7 100644 --- a/lib/pf/savedsearch.pm +++ b/lib/pf/savedsearch.pm @@ -114,7 +114,6 @@ BEGIN { *{$sub_name} = sub { my (@args) = @_; my $logger = Log::Log4perl::get_logger(__PACKAGE__); - $logger->debug("Executing $statement_name with " . join(" ",@args)); my $sth = db_query_execute(USERPREF, $savedsearch_statements, $statement_name, @args); if($sth) { return $sth->rows; From 32b5e9281d9c99468e28a2131e1f500f20a310af Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 5 Nov 2013 15:30:00 -0500 Subject: [PATCH 149/369] Fix self-reg of multiple unverified devices --- NEWS.asciidoc | 1 + ...mails-guest_sponsor_preregistration.txt.tt | 2 +- html/captive-portal/email_activation.cgi | 2 +- lib/pf/email_activation.pm | 29 ++++++++++--------- 4 files changed, 19 insertions(+), 15 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 3c8c67a003e3..c4f3735c7bd9 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -52,6 +52,7 @@ Bug Fixes * Fixed sort by phone number and nodes count when performing an advanced search on users (#1738) * Fixed users searches not being saved in the proper namespace * Fixed handling of form submit when saving a user search +* Fixed self-registration of multiple unverified devices Version 4.0.6-2 released on 2013-09-13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/conf/templates/emails-guest_sponsor_preregistration.txt.tt b/conf/templates/emails-guest_sponsor_preregistration.txt.tt index 5ae0ed42c113..40e45a7ceea4 100644 --- a/conf/templates/emails-guest_sponsor_preregistration.txt.tt +++ b/conf/templates/emails-guest_sponsor_preregistration.txt.tt @@ -2,7 +2,7 @@ Hi, Your guest access to the network was authorized. -Once on site, select guest access on the captive portal and use the following username and password to authenticate: +Once on site, use the following username and password to authenticate: Username: [% pid %] Password: [% password %] diff --git a/html/captive-portal/email_activation.cgi b/html/captive-portal/email_activation.cgi index 657799c12b09..b3167c584b68 100755 --- a/html/captive-portal/email_activation.cgi +++ b/html/captive-portal/email_activation.cgi @@ -187,7 +187,7 @@ if (defined($cgi->url_param('code'))) { my (%info, $template); if ( defined($node_mac) ) { - # If MAC is defined, it's a guest already here that we need to register + # If MAC is defined, it's a guest already on-site that we need to register my $node_info = node_attributes($node_mac); $pid = $node_info->{'pid'}; diff --git a/lib/pf/email_activation.pm b/lib/pf/email_activation.pm index 985da3ad48ab..3812e51be1cd 100644 --- a/lib/pf/email_activation.pm +++ b/lib/pf/email_activation.pm @@ -166,12 +166,12 @@ sub email_activation_db_prepare { qq [ DELETE FROM email_activation WHERE code_id = ? ] ); - $email_activation_statements->{'email_activation_change_status_old_same_mac_email_sql'} = get_db_handle()->prepare( - qq [ UPDATE email_activation SET status=? WHERE mac = ? AND email = ? AND status = ? ] + $email_activation_statements->{'email_activation_change_status_old_same_mac_pid_email_sql'} = get_db_handle()->prepare( + qq [ UPDATE email_activation SET status = ? WHERE mac = ? AND pid = ? AND email = ? AND status = ? ] ); $email_activation_statements->{'email_activation_change_status_old_same_pid_email_sql'} = get_db_handle()->prepare( - qq [ UPDATE email_activation SET status=? WHERE pid = ? AND email = ? AND status = ? ] + qq [ UPDATE email_activation SET status = ? WHERE mac IS NULL AND pid = ? AND email = ? AND status = ? ] ); $email_activation_db_prepared = 1; @@ -279,13 +279,17 @@ sub invalidate_codes { my ($mac, $pid, $email) = @_; my $logger = Log::Log4perl::get_logger('pf::email_activation'); - db_query_execute(EMAIL_ACTIVATION, $email_activation_statements, - 'email_activation_change_status_old_same_pid_email_sql', $INVALIDATED, $pid, $email, $UNVERIFIED - ) || $logger->warn("problems trying to invalidate activation codes using pid $pid"); - - db_query_execute(EMAIL_ACTIVATION, $email_activation_statements, - 'email_activation_change_status_old_same_mac_email_sql', $INVALIDATED, $mac, $email, $UNVERIFIED - ) || $logger->warn("problems trying to invalidate activation codes using mac $mac"); + if ($mac) { + # Invalidate previous activation codes matching MAC, pid (user or sponsor email) and email + db_query_execute(EMAIL_ACTIVATION, $email_activation_statements, + 'email_activation_change_status_old_same_mac_pid_email_sql', $INVALIDATED, $mac, $pid, $email, $UNVERIFIED + ) || $logger->warn("problems trying to invalidate activation codes using mac $mac"); + } else { + # Invalidate previous activation with no MAC address (pre-registration) + db_query_execute(EMAIL_ACTIVATION, $email_activation_statements, + 'email_activation_change_status_old_same_pid_email_sql', $INVALIDATED, $pid, $email, $UNVERIFIED + ) || $logger->warn("problems trying to invalidate activation codes using pid $pid"); + } return; } @@ -455,9 +459,8 @@ sub validate_code { } # At this point, code is validated: return the activation record - $logger->info("Activation code sent to email $activation_record->{email} successfully verified! " - . "Node authorized: $activation_record->{mac} of activation type: $activation_record->{type}" - ); + $logger->info("Activation code sent to email $activation_record->{email} from $activation_record->{pid} successfully verified. " + . "Node authorized: " . ($activation_record->{mac}?$activation_record->{mac}:"") . " of activation type: $activation_record->{type}"); return $activation_record; } From 1ca425d43814401d459cf7d817b97add246d02c8 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 8 Nov 2013 12:03:38 -0500 Subject: [PATCH 150/369] Limit pie charts to 10 lengend labels --- html/pfappserver/root/static/app/graphs.js | 1 + 1 file changed, 1 insertion(+) diff --git a/html/pfappserver/root/static/app/graphs.js b/html/pfappserver/root/static/app/graphs.js index 2bdc818b73e0..fd714bb9d672 100644 --- a/html/pfappserver/root/static/app/graphs.js +++ b/html/pfappserver/root/static/app/graphs.js @@ -216,6 +216,7 @@ function graphPieData(holder, labels, series) { ray, values, { + maxSlices: 10, legend: labels_formatted, legendpos: "west" } From bb2d386107c3db133e2a35490b437cef4f3124a9 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 8 Nov 2013 13:43:35 -0500 Subject: [PATCH 151/369] Highlight corresponding rows of pie chart segments --- NEWS.asciidoc | 1 + html/pfappserver/root/graph/pie.tt | 2 +- html/pfappserver/root/static/admin/common.css | 10 ++++++++++ html/pfappserver/root/static/app/application.js | 4 ++++ html/pfappserver/root/static/app/graphs.js | 5 +++++ 5 files changed, 21 insertions(+), 1 deletion(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index c4f3735c7bd9..b854d5d1c041 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -36,6 +36,7 @@ Enhancements * Updated FontAwesome to version 3.2.1 * Each portal profile can now have a different redirection URL * An Htpasswd source can now define sponsors +* Improved display of pie charts (limit of legend labels and highlight of table rows) Bug Fixes +++++++++ diff --git a/html/pfappserver/root/graph/pie.tt b/html/pfappserver/root/graph/pie.tt index ed419569a540..ae37b8d1ca3a 100644 --- a/html/pfappserver/root/graph/pie.tt +++ b/html/pfappserver/root/graph/pie.tt @@ -35,7 +35,7 @@ graphs.charts['[% id %]'] = { [% FOREACH label IN labels -%] - piecut %] class="muted"[% END %]> + piecut %] class="muted"[% END %]> [% label %] [% i = loop.index %][% values.$i %] diff --git a/html/pfappserver/root/static/admin/common.css b/html/pfappserver/root/static/admin/common.css index fbe7cc6a2627..fef48dfbddb8 100644 --- a/html/pfappserver/root/static/admin/common.css +++ b/html/pfappserver/root/static/admin/common.css @@ -128,4 +128,14 @@ li.drop-row, .qq-upload-list li, .qq-upload-drop-area span, .qq-upload-file, .qq-upload-spinner, .qq-upload-size, .qq-upload-cancel, .qq-upload-retry, .qq-upload-failed-text, .qq-upload-finished { font-size: inherit; +} +/* highlighted table row */ +.table tbody tr.active td { + background-color: #0088cc !important; + background-color: #333 !important; + color: #fff; + -webkit-transition: all 0.5s ease; + -moz-transition: all 0.5s ease; + -o-transition: all 0.5s ease; + transition: all 0.5s ease; } \ No newline at end of file diff --git a/html/pfappserver/root/static/app/application.js b/html/pfappserver/root/static/app/application.js index fdecf0944570..176c57fbb5da 100644 --- a/html/pfappserver/root/static/app/application.js +++ b/html/pfappserver/root/static/app/application.js @@ -230,3 +230,7 @@ function _(key) { return value; } + +String.prototype.asCSSIdentifier = function() { + return this.replace(/[^_a-zA-Z0-9]/g, '_'); +}; diff --git a/html/pfappserver/root/static/app/graphs.js b/html/pfappserver/root/static/app/graphs.js index fd714bb9d672..446c1bab4daf 100644 --- a/html/pfappserver/root/static/app/graphs.js +++ b/html/pfappserver/root/static/app/graphs.js @@ -222,6 +222,7 @@ function graphPieData(holder, labels, series) { } ); + chart.hover(function () { this.sector.stop(); this.sector.scale(1.1, 1.1, this.cx, this.cy); @@ -230,6 +231,8 @@ function graphPieData(holder, labels, series) { this.label[0].stop(); this.label[0].attr({ r: 7.5 }); this.label[1].attr({ "font-weight": 800 }); + var e = $('#'+this.label[1].attr("text").replace(/ - [0-9\.]+%$/, '').asCSSIdentifier()); + if (e) e.addClass('active'); } }, function () { this.sector.animate({ transform: 's1 1 ' + this.cx + ' ' + this.cy }, 500, "bounce"); @@ -237,6 +240,8 @@ function graphPieData(holder, labels, series) { if (this.label) { this.label[0].animate({ r: 5 }, 500, "bounce"); this.label[1].attr({ "font-weight": 400 }); + var e = $('#'+this.label[1].attr("text").replace(/ - [0-9\.]+%$/, '').asCSSIdentifier()); + if (e) e.removeClass('active'); } }); } From dc3d9971f4d3065ea4434a7dc2e982de0300d1cd Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 12 Nov 2013 09:41:00 -0500 Subject: [PATCH 152/369] Move users creation to users page Users creation was previously accessible from the configuration page. --- NEWS.asciidoc | 1 + .../lib/pfappserver/Controller/User.pm | 2 - html/pfappserver/root/admin/configuration.tt | 2 - html/pfappserver/root/admin/users.tt | 5 +- .../root/static/admin/configuration.js | 4 +- .../admin/configuration/authentication.js | 1 + .../root/static/admin/configuration/users.js | 104 ------------ html/pfappserver/root/static/js/user.js | 154 +++++++++++++++--- .../users.tt => user/create.tt} | 2 +- html/pfappserver/root/user/view.tt | 2 +- 10 files changed, 143 insertions(+), 134 deletions(-) delete mode 100644 html/pfappserver/root/static/admin/configuration/users.js rename html/pfappserver/root/{configuration/users.tt => user/create.tt} (99%) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index b854d5d1c041..690ae3fa9ab5 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -37,6 +37,7 @@ Enhancements * Each portal profile can now have a different redirection URL * An Htpasswd source can now define sponsors * Improved display of pie charts (limit of legend labels and highlight of table rows) +* Creation of users is now performed from the users page (was on the configuration page) Bug Fixes +++++++++ diff --git a/html/pfappserver/lib/pfappserver/Controller/User.pm b/html/pfappserver/lib/pfappserver/Controller/User.pm index 90c7d1bdb42f..70b19382176b 100644 --- a/html/pfappserver/lib/pfappserver/Controller/User.pm +++ b/html/pfappserver/lib/pfappserver/Controller/User.pm @@ -23,7 +23,6 @@ use pfappserver::Form::User::Create; use pfappserver::Form::User::Create::Single; use pfappserver::Form::User::Create::Multiple; use pfappserver::Form::User::Create::Import; -use pfappserver::Form::AdvancedSearch; BEGIN { extends 'pfappserver::Base::Controller'; } @@ -277,7 +276,6 @@ sub create :Local { $c->stash->{form_single} = $form_single; $c->stash->{form_multiple} = $form_multiple; $c->stash->{form_import} = $form_import; - $c->stash->{template} = 'configuration/users.tt'; } } diff --git a/html/pfappserver/root/admin/configuration.tt b/html/pfappserver/root/admin/configuration.tt index 909312b5ae0b..e0115a1f8d43 100644 --- a/html/pfappserver/root/admin/configuration.tt +++ b/html/pfappserver/root/admin/configuration.tt @@ -15,7 +15,6 @@ 'admin/configuration/floatingdevices', 'admin/configuration/authentication', 'admin/configuration/portal_profile', - 'admin/configuration/users', 'admin/configuration/violations', 'admin/configuration/soh', 'admin/configuration/roles', @@ -96,7 +95,6 @@ table.sources {
    • [% l('Users') %]
      • [% pf_section_entry( 'roles', 'Roles') %] [% list_entry('Authentication', 'index', 'Sources') %] - [% list_entry('User', 'create', 'Create') %]
    • [% l('Compliance') %]
      • [% list_entry('Violation', 'index', 'Violations') %] [% pf_section_entry( 'soh', 'Statement of Health') %] diff --git a/html/pfappserver/root/admin/users.tt b/html/pfappserver/root/admin/users.tt index 7e1a01bacea6..b8134e092530 100644 --- a/html/pfappserver/root/admin/users.tt +++ b/html/pfappserver/root/admin/users.tt @@ -66,15 +66,16 @@ form {
      • [% l('Users') %]
      • [% l('Search') %]
        • +
      • [% l('Create') %]
      • [% l('Saved Searches') %]
        • - [%FOR ss IN saved_searches%] + [% FOR ss IN saved_searches %] [% form = ss.form %] [% IF ss.path == 'user/advanced_search'; tab = 'advanced'; ELSE; tab ='simple'; - END%] + END %]
      • [% ss.name %]
        diff --git a/html/pfappserver/root/static/admin/configuration.js b/html/pfappserver/root/static/admin/configuration.js index e81bd4ca1c1f..b0be938280da 100644 --- a/html/pfappserver/root/static/admin/configuration.js +++ b/html/pfappserver/root/static/admin/configuration.js @@ -31,8 +31,8 @@ function init() { $('#section').on('section.loaded', function(event) { /* Set the focus on the first editable and visible field */ $(':input:visible:enabled:first[name]').focus(); - /* Set the default value for compound controls*/ - $('.compound-input-btn-group .btn-group input').each(function (i,input) { + /* Set the default value for compound controls */ + $('.compound-input-btn-group .btn-group input').each(function (i, input) { var value = $(input).attr('value'); var a = $(input).siblings('a[value="' + value + '"]'); a.attr('default-value','yes'); diff --git a/html/pfappserver/root/static/admin/configuration/authentication.js b/html/pfappserver/root/static/admin/configuration/authentication.js index 4e31a98f570d..80ad954bbf98 100644 --- a/html/pfappserver/root/static/admin/configuration/authentication.js +++ b/html/pfappserver/root/static/admin/configuration/authentication.js @@ -78,6 +78,7 @@ $(function() { // DOM ready // location.hash = 'authentication'; } }); + /* Save a source */ $('#section').on('submit', 'form[name="source"]', function(e) { e.preventDefault(); diff --git a/html/pfappserver/root/static/admin/configuration/users.js b/html/pfappserver/root/static/admin/configuration/users.js deleted file mode 100644 index b0728aa92cdb..000000000000 --- a/html/pfappserver/root/static/admin/configuration/users.js +++ /dev/null @@ -1,104 +0,0 @@ - /* Section ready */ - $('#section').on('section.loaded', function(event) { - /* Initialize the action field */ - $('#ruleActions tr:not(.hidden) select[name$=type]').each(function() { - updateAction($(this)); - }); - /* Disable checked columns from import tab since they are required */ - $('#columns :checked').attr('disabled', 'disabled'); - }); - - /* Create user(s) */ - $('#section').on('submit', 'form[name="users"]', function(event) { - var form = $(this), - btn = form.find('[type="submit"]'), - href = $('.nav-tabs .active a').attr('href'), - pos = href.lastIndexOf('#'), - disabled_inputs = form.find('.hidden :input, .tab-pane:not(.active) :input'), - valid; - - // Don't submit inputs from hidden rows and tabs. - // The functions isFormValid and serialize will ignore disabled inputs. - disabled_inputs.attr('disabled', 'disabled'); - - // Identify the type of creation (single, multiple or import) from the selected tab - form.find('input[name="type"]').val(href.substr(++pos)); - valid = isFormValid(form); - - if (valid) { - btn.button('loading'); - resetAlert($('#section')); - - // Since we can be uploading a file, the form target is an iframe from which - // we read the JSON returned by the server. - var iform = $("#iframe_form"); - iform.one('load', function(event) { - // Restore disabled inputs - disabled_inputs.removeAttr('disabled'); - - $("body,html").animate({scrollTop:0}, 'fast'); - btn.button('reset'); - var body = $(this).contents().find('body'); - if (body.find('form').length) { - // We received a HTML form - var modal = $('#modalPasswords'); - modal.empty(); - modal.append(body.children()); - modal.modal({ backdrop: 'static', shown: true }); - } - else { - // We received JSON - var data = $.parseJSON(body.text()); - if (data.status < 300) - showPermanentSuccess(form, data.status_msg); - else - showPermanentError(form, data.status_msg); - } - }); - } - else { - // Restore disabled inputs - disabled_inputs.removeAttr('disabled'); - } - - return valid; - }); - - /* Print passwords */ - $('#section').on('click', '#modalPasswords a[href$="print"]', function(event) { - var btn = $(this); - var form = btn.closest('form'); - form.attr('action', btn.attr('href')); - form.attr('target', '_blank'); - form.submit(); - - return false; - }); - - /* Send passwords by email */ - $('#section').on('click', '#modalPasswords a[href$="mail"]', function(event) { - var btn = $(this); - var form = btn.closest('form'); - var modal_body = form.find('.modal-body'); - - btn.button('loading'); - $.ajax({ - type: 'POST', - url: btn.attr('href'), - data: form.serialize() - }) - .always(function() { - $("body,html").animate({scrollTop:0}, 'fast'); - btn.button('reset'); - resetAlert(modal_body); - }) - .done(function(data) { - showSuccess(modal_body.children().first(), data.status_msg); - }) - .fail(function(jqXHR) { - var status_msg = getStatusMsg(jqXHR); - showPermanentError(modal_body.children().first(), status_msg); - }); - - return false; - }); diff --git a/html/pfappserver/root/static/js/user.js b/html/pfappserver/root/static/js/user.js index c1d2f9889270..d84ef6a30e45 100644 --- a/html/pfappserver/root/static/js/user.js +++ b/html/pfappserver/root/static/js/user.js @@ -24,6 +24,7 @@ Users.prototype.post = function(options) { type: 'POST', data: options.data }) + .always(options.always) .done(options.success) .fail(function(jqXHR) { var status_msg = getStatusMsg(jqXHR); @@ -52,33 +53,35 @@ var UserView = function(options) { var read = $.proxy(this.readUser, this); options.parent.on('click', '[href*="user"][href$="/read"]', read); - var update = $.proxy(this.updateUser, this); - $('body').on('submit', '#modalUser form[name="modalUser"]', update); + this.proxyFor($('body'), 'submit', 'form[name="users"]', this.createUser); + + this.proxyFor($('body'), 'submit', '#modalUser form[name="modalUser"]', this.updateUser); + + this.proxyClick($('body'), '#modalUser [href$="/delete"]', this.deleteUser); - var delete_user = $.proxy(this.deleteUser, this); - $('body').on('click', '#modalUser [href$="/delete"]', delete_user); + this.proxyClick($('body'), '#modalUser #resetPassword', this.resetPassword); - var reset_password = $.proxy(this.resetPassword, this); - $('body').on('click', '#modalUser #resetPassword', reset_password); + this.proxyClick($('body'), '#modalUser #mailPassword', this.mailPassword); - var mail_password = $.proxy(this.mailPassword, this); - $('body').on('click', '#modalUser #mailPassword', mail_password); + this.proxyFor($('body'), 'show', 'a[data-toggle="tab"][href="#userViolations"]', this.readViolations); - var read_violations = $.proxy(this.readViolations, this); - $('body').on('show', 'a[data-toggle="tab"][href="#userViolations"]', read_violations); + this.proxyClick($('body'), '#modalUser [href$="/read"]', this.readNode); + + this.proxyFor($('body'), 'switch-change', '#modalUser .switch', this.toggleViolation); + + /* Update the advanced search form to the next page or resort the query */ + this.proxyClick($('body'), '[href*="#user/advanced_search"]', this.advancedSearchUpdater); - var read_node = $.proxy(this.readNode, this); - $('body').on('click', '#modalUser [href$="/read"]', read_node); + this.proxyClick($('body'), '#modalPasswords a[href$="mail"]', this.mailPasswordFromForm); - var toggle_violation = $.proxy(this.toggleViolation, this); - $('body').on('switch-change', '#modalUser .switch', toggle_violation); + this.proxyClick($('body'), '#modalPasswords a[href$="print"]', this.printPasswordFromForm); - $('body').on('change', '#modalUser #ruleActions select[name$=type]', function(event) { + $('body').on('change', '#ruleActions select[name$=type]', function(event) { /* Update the rule action fields when changing an action type */ updateAction($(this)); }); - $('body').on('admin.added', '#modalUser tr', function(event) { + $('body').on('admin.added', '#ruleActions tr', function(event) { /* Update the rule action fields when adding an action */ var tr = $(this); tr.find(':input').removeAttr('disabled'); @@ -86,10 +89,22 @@ var UserView = function(options) { updateAction(type); }); - /* Update the advanced search form to the next page or resort the query */ - var advanced_search_updater = $.proxy(this.advancedSearchUpdater, this); - $('body').on('click', '[href*="#user/advanced_search"]', advanced_search_updater); + $('body').on('section.loaded', '#section', function(e) { + /* Initialize the action field */ + $('#ruleActions tr:not(.hidden) select[name$=type]').each(function() { + updateAction($(this)); + }); + /* Disable checked columns from import tab since they are required */ + $('#columns :checked').attr('disabled', 'disabled'); + }); +}; + +UserView.prototype.proxyFor = function(obj, action, target, method) { + obj.on(action, target, $.proxy(method, this)); +}; +UserView.prototype.proxyClick = function(obj, target, method) { + this.proxyFor(obj, 'click', target, method); }; UserView.prototype.readUser = function(e) { @@ -124,6 +139,61 @@ UserView.prototype.readUser = function(e) { }); }; +UserView.prototype.createUser = function(e) { + var form = $(e.target), + btn = form.find('[type="submit"]').first(), + href = $('#section .nav-tabs .active a').attr('href'), + pos = href.lastIndexOf('#'), + disabled_inputs = form.find('.hidden :input, .tab-pane:not(.active) :input'), + valid; + + // Don't submit inputs from hidden rows and tabs. + // The functions isFormValid and serialize will ignore disabled inputs. + disabled_inputs.attr('disabled', 'disabled'); + + // Identify the type of creation (single, multiple or import) from the selected tab + form.find('input[name="type"]').val(href.substr(++pos)); + valid = isFormValid(form); + + if (valid) { + btn.button('loading'); + resetAlert($('#section')); + + // Since we can be uploading a file, the form target is an iframe from which + // we read the JSON returned by the server. + var iform = $("#iframe_form"); + iform.one('load', function(event) { + // Restore disabled inputs + disabled_inputs.removeAttr('disabled'); + + $("body,html").animate({scrollTop:0}, 'fast'); + btn.button('reset'); + var body = $(this).contents().find('body'); + if (body.find('form').length) { + // We received a HTML form + var modal = $('#modalPasswords'); + modal.empty(); + modal.append(body.children()); + modal.modal({ backdrop: 'static', shown: true }); + } + else { + // We received JSON + var data = $.parseJSON(body.text()); + if (data.status < 300) + showPermanentSuccess(form, data.status_msg); + else + showPermanentError(form, data.status_msg); + } + }); + } + else { + // Restore disabled inputs + disabled_inputs.removeAttr('disabled'); + } + + return valid; +}; + UserView.prototype.updateUser = function(e) { e.preventDefault(); @@ -204,14 +274,22 @@ UserView.prototype.resetPassword = function(e) { } }; +/* See root/user/view.tt */ UserView.prototype.mailPassword = function(e) { e.preventDefault(); var btn = $(e.target); - var url = btn.attr('href'); + var url = btn.attr('href'); // pid is in the URL + var modal_body = btn.closest('.modal').find('.modal-body'); var control = $('#userPassword .control-group').first(); + + btn.button('loading'); this.users.get({ url: url, + always: function() { + btn.button('reset'); + resetAlert(modal_body); + }, success: function(data) { showSuccess(control, data.status_msg); }, @@ -219,6 +297,42 @@ UserView.prototype.mailPassword = function(e) { }); }; +/* See root/user/list_password.tt */ +UserView.prototype.mailPasswordFromForm = function(e) { + e.preventDefault(); + + var btn = $(e.target); + var url = btn.attr('href'); + var form = btn.closest('form'); // pids are specified in the form + var modal_body = form.closest('.modal').find('.modal-body'); + + btn.button('loading'); + this.users.post({ + url: url, + data: form.serialize(), + always: function() { + $("body,html").animate({scrollTop:0}, 'fast'); + btn.button('reset'); + resetAlert(modal_body); + }, + success: function(data) { + showSuccess(modal_body.children().first(), data.status_msg); + }, + errorSibling: modal_body.children().first() + }); +}; + +/* See root/user/list_password.tt */ +UserView.prototype.printPasswordFromForm = function(e) { + e.preventDefault(); + + var btn = $(e.target); + var form = btn.closest('form'); // pids are specified in the form + form.attr('action', btn.attr('href')); + form.attr('target', '_blank'); // open a new page + form.submit(); +}; + UserView.prototype.readViolations = function(e) { var btn = $(e.target); var target = $(btn.attr("href")); diff --git a/html/pfappserver/root/configuration/users.tt b/html/pfappserver/root/user/create.tt similarity index 99% rename from html/pfappserver/root/configuration/users.tt rename to html/pfappserver/root/user/create.tt index c29cbab82159..ffac49106e05 100644 --- a/html/pfappserver/root/configuration/users.tt +++ b/html/pfappserver/root/user/create.tt @@ -101,7 +101,7 @@ [% END -%] - +
      diff --git a/html/pfappserver/root/user/view.tt b/html/pfappserver/root/user/view.tt index 666902d16a45..ffe8af18151c 100644 --- a/html/pfappserver/root/user/view.tt +++ b/html/pfappserver/root/user/view.tt @@ -53,7 +53,7 @@
      [% l('Print') %] - [% l('mail') %] + [% l('mail') %]
      From dca5224926175b845cef9b0571382f35acb26571 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 12 Nov 2013 16:24:53 -0500 Subject: [PATCH 153/369] Create a node or import nodes from a CSV file --- NEWS.asciidoc | 1 + .../lib/pfappserver/Controller/Node.pm | 95 +++++++++-- html/pfappserver/lib/pfappserver/Form/Node.pm | 11 +- .../pfappserver/Form/Node/Create/Import.pm | 153 ++++++++++++++++++ .../pfappserver/lib/pfappserver/Model/Node.pm | 145 ++++++++++++++++- html/pfappserver/root/admin/nodes.tt | 4 +- html/pfappserver/root/node/create.tt | 61 +++++++ html/pfappserver/root/static/admin/common.js | 15 +- html/pfappserver/root/static/js/node.js | 60 +++++++ html/pfappserver/root/user/create.tt | 2 +- lib/pf/node.pm | 1 + 11 files changed, 528 insertions(+), 20 deletions(-) create mode 100644 html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm create mode 100644 html/pfappserver/root/node/create.tt diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 690ae3fa9ab5..9ea0996e8bcc 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -22,6 +22,7 @@ New Features * New pfcmd command fixpermissions * Added a Null Authenication Source * Displayed columns of nodes are now customizable +* Create a single node or import multiple nodes from a CSV file from the Web admin Enhancements ++++++++++++ diff --git a/html/pfappserver/lib/pfappserver/Controller/Node.pm b/html/pfappserver/lib/pfappserver/Controller/Node.pm index 51234015a6f3..71f17db2bcc9 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Node.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Node.pm @@ -18,6 +18,9 @@ use Moose; use namespace::autoclean; use POSIX; +use pfappserver::Form::Node; +use pfappserver::Form::Node::Create::Import; + BEGIN { extends 'pfappserver::Base::Controller'; } __PACKAGE__->config( @@ -111,6 +114,80 @@ sub advanced_search :Local :Args() { $c->response->status($status); } +=head2 create + +Create one node or import a CSV file. + +=cut + +sub create :Local { + my ($self, $c) = @_; + + my ($roles, $node_status, $form_single, $form_import, $params, $type); + my ($status, $result, $message); + + ($status, $result) = $c->model('Roles')->list(); + if (is_success($status)) { + $roles = $result; + } + $node_status = $c->model('Node')->availableStatus(); + + $form_single = pfappserver::Form::Node->new(ctx => $c, status => $node_status, roles => $roles); + $form_import = pfappserver::Form::Node::Create::Import->new(ctx => $c, roles => $roles); + + if (scalar(keys %{$c->request->params}) > 1) { + # We consider the request parameters only if we have at least two entries. + # This is the result of setuping jQuery in "no Ajax cache" mode. See admin/common.js. + $params = $c->request->params; + } else { + $params = {}; + } + $form_single->process(params => $params); + + if ($c->request->method eq 'POST') { + # Create new nodes + $type = $c->request->param('type'); + if ($type eq 'single') { + if ($form_single->has_errors) { + $status = HTTP_BAD_REQUEST; + $message = $form_single->field_errors; + } + else { + ($status, $message) = $c->model('Node')->create($form_single->value); + } + } + elsif ($type eq 'import') { + my $params = $c->request->params; + $params->{nodes_file} = $c->req->upload('nodes_file'); + $form_import->process(params => $params); + if ($form_import->has_errors) { + $status = HTTP_BAD_REQUEST; + $message = $form_import->field_errors; + } + else { + ($status, $message) = $c->model('Node')->importCSV($form_import->value, $c->user); + if (is_success($status)) { + $message = $c->loc("[_1] nodes imported, [_2] skipped", $message->{count}, $message->{skipped}); + } + } + } + else { + $status = $STATUS::INTERNAL_SERVER_ERROR; + } + + $c->response->status($status); + $c->stash->{status} = $status; + $c->stash->{status_msg} = $message; # TODO: localize error message + $c->stash->{current_view} = 'JSON'; + } + else { + # Initial display of the page + $form_import->process(); + + $c->stash->{form_single} = $form_single; + $c->stash->{form_import} = $form_import; + } +} =head2 object @@ -146,7 +223,7 @@ sub view :Chained('object') :PathPart('read') :Args(0) { my ($self, $c) = @_; my ($nodeStatus, $result); - my ($form, $status, $roles); + my ($form, $status); # Form initialization : # Retrieve node details and status @@ -162,10 +239,10 @@ sub view :Chained('object') :PathPart('read') :Args(0) { $c->stash->{switches} = \%switches; } $nodeStatus = $c->model('Node')->availableStatus(); - $form = $c->form("Node" , - init_object => $c->stash->{node}, - status => $nodeStatus, - roles => $c->stash->{roles} + $form = $c->form("Node", + init_object => $c->stash->{node}, + status => $nodeStatus, + roles => $c->stash->{roles} ); $form->process(); $c->stash->{form} = $form; @@ -186,11 +263,11 @@ sub update :Chained('object') :PathPart('update') :Args(0) { my ($form, $nodeStatus); $nodeStatus = $c->model('Node')->availableStatus(); - $form = $c->form("Node" , - status => $nodeStatus, - roles => $c->stash->{roles} + $form = $c->form("Node", + status => $nodeStatus, + roles => $c->stash->{roles} ); - $form->process(params => $c->request->params); + $form->process(params => { mac => $c->stash->{mac}, %{$c->request->params} }); if ($form->has_errors) { $status = HTTP_BAD_REQUEST; $message = $form->field_errors; diff --git a/html/pfappserver/lib/pfappserver/Form/Node.pm b/html/pfappserver/lib/pfappserver/Form/Node.pm index 14bbe07d2e7f..7a06f433f4dc 100644 --- a/html/pfappserver/lib/pfappserver/Form/Node.pm +++ b/html/pfappserver/lib/pfappserver/Form/Node.pm @@ -14,18 +14,25 @@ use HTML::FormHandler::Moose; extends 'pfappserver::Base::Form'; use HTTP::Status qw(is_error); +use pf::config; # Form select options has 'roles' => ( is => 'ro' ); has 'status' => ( is => 'ro' ); # Form fields +has_field 'mac' => + ( + type => 'MACAddress', + label => 'MAC', + required => 1, + ); has_field 'pid' => ( type => 'Text', label => 'Owner', - required => 1, - element_attr => {'data-provide' => 'typeahead'}, + element_attr => {'data-provide' => 'typeahead', + 'placeholder' => $Config{node_import}{pid}}, ); has_field 'status' => ( diff --git a/html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm b/html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm new file mode 100644 index 000000000000..5a305b03522c --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm @@ -0,0 +1,153 @@ +package pfappserver::Form::Node::Create::Import; + +=head1 NAME + +pfappserver::Form::Node::Create::Import - CSV file import + +=head1 DESCRIPTION + +Form to import multiple nodes from a CSV file. + +=cut + +use HTML::FormHandler::Moose; +extends 'pfappserver::Base::Form'; + +use pf::config; + +has '+enctype' => ( default => 'multipart/form-data'); + +# Form select options +has 'roles' => ( is => 'ro' ); + +=head2 FIELDS + +=cut + +has_field 'nodes_file' => + ( + type => 'Upload', + label => 'CSV File', + required => 1, + ); +has_field 'delimiter' => + ( + type => 'Select', + label => 'Column Delimiter', + required => 1, + options => + [ + { value => 'comma', label => 'Comma' }, + { value => 'semicolon', label => 'Semicolon' }, + { value => 'tab', label => 'Tab' }, + ], + ); + +has_field 'default_pid' => + ( + type => 'Text', + label => 'Default Owner', + element_attr => {'data-provide' => 'typeahead', + 'placeholder' => $Config{node_import}{pid}}, + ); +has_field 'default_category_id' => + ( + type => 'Select', + label => 'Default Role', + element_class => ['chzn-select'], + element_attr => {'data-placeholder' => 'No role'}, + ); +has_field 'default_voip' => + ( + type => 'Checkbox', + label => 'Default Voice Over IP', + checkbox_value => 'yes', + default => $Config{node_import}{voip}, + ); + +has_field 'columns' => + ( + type => 'Repeatable', + ); +has_field 'columns.enabled' => + ( + type => 'Checkbox', + ); +has_field 'columns.name' => + ( + type => 'Hidden', + ); +has_field 'columns.label' => + ( + type => 'Uneditable', + ); + +sub init_object { + my $self = shift; + + my $object = + { + 'columns' => + [ + { 'enabled' => 1, name => 'mac', label => 'MAC Address' }, + { 'enabled' => 0, name => 'pid', label => 'Owner' }, + { 'enabled' => 0, name => 'category', label => 'Role' }, + { 'enabled' => 0, name => 'unregdate', label => 'Unregistration Date' }, + { 'enabled' => 0, name => 'voip', label => 'Voice Over IP (yes/no)' }, + { 'enabled' => 0, name => 'notes', label => 'Notes' }, + ] + }; + + return $object; +} + +=head2 options_default_category_id + +=cut + +sub options_default_category_id { + my $self = shift; + + # $self->roles comes from pfappserver::Model::Roles + my @roles = map { $_->{category_id} => $_->{name} } @{$self->roles} if ($self->roles); + + return ('' => '', @roles); +} + +=head2 default_default_category_id + +=cut + +sub default_default_category_id { + my $self = shift; + + foreach my $role (@{$self->roles}) { + return $role->{category_id} if ($role->{name} eq $Config{node_import}{category}); + } +} + +=head1 COPYRIGHT + +Copyright (C) 2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +__PACKAGE__->meta->make_immutable; +1; diff --git a/html/pfappserver/lib/pfappserver/Model/Node.pm b/html/pfappserver/lib/pfappserver/Model/Node.pm index b31e1bc95c84..0d962fcfcd59 100644 --- a/html/pfappserver/lib/pfappserver/Model/Node.pm +++ b/html/pfappserver/lib/pfappserver/Model/Node.pm @@ -31,6 +31,7 @@ use pf::locationlog; use Log::Log4perl qw(get_logger); use pf::node; use pf::os; +use pf::person; use pf::enforcement qw(reevaluate_access); use pf::useragent qw(node_useragent_view); use pf::util; @@ -219,6 +220,33 @@ sub view { return ($STATUS::OK, $node); } +=head2 create + +Create and register a node + +=cut + +sub create { + my ($self, $data) = @_; + + my $logger = Log::Log4perl::get_logger(__PACKAGE__); + my ($status, $result) = ($STATUS::CREATED); + my $mac = $data->{mac}; + my $pid = $data->{pid} || $default_pid; + + # Adding person (using modify in case person already exists) + $result = node_register($mac, $pid, %{$data}); + if ($result) { + $logger->info("Created node $mac"); + } + else { + return ($STATUS::INTERNAL_SERVER_ERROR, 'Unexpected error. See server-side logs for details.'); + } + + return ($status); +} + + =head2 update See subroutine manage of pfcmd.pl @@ -232,7 +260,7 @@ sub update { my ($status, $result) = ($STATUS::OK); my $previous_node_ref; - $previous_node_ref = node_attributes($mac); + $previous_node_ref = node_view($mac); if ($previous_node_ref->{status} ne $node_ref->{status}) { # Status was modified my $option; @@ -246,11 +274,15 @@ sub update { } } unless (defined $result) { + $node_ref->{pid} ||= $default_pid; $result = node_modify($mac, %{$node_ref}); } if ($result) { - if ($previous_node_ref->{status} ne $node_ref->{status}) { + my $isDot1x = defined($previous_node_ref->{last_dot1x_username}) && length($previous_node_ref->{last_dot1x_username}) > 0; + if ($previous_node_ref->{status} ne $node_ref->{status} || + $previous_node_ref->{category_id} ne $node_ref->{category_id} && !$isDot1x) { # Node has been registered or deregistered + # or the role has changed and is not currently using 802.1X reevaluate_access($mac, "node_modify"); } } @@ -262,6 +294,115 @@ sub update { return ($status, $result); } +=head2 import + +See pf::import::nodes + +=cut + +sub importCSV { + my ($self, $data, $user) = @_; + + my $logger = Log::Log4perl::get_logger(__PACKAGE__); + my ($status, $message); + my $filename = $data->{nodes_file}->filename; + my $tmpfilename = $data->{nodes_file}->tempname; + my $delimiter = $data->{delimiter}; + my $default_node_pid = $data->{default_pid}; + my $default_category_id = $data->{default_category_id}; + my $default_voip = $data->{default_voip}; + + $logger->debug("CSV file import nodes from $tmpfilename ($filename, \"$delimiter\")"); + + # Build hash table for columns order + my $count = 0; + my $skipped = 0; + my %index = (); + foreach my $column (@{$data->{columns}}) { + if ($column->{enabled} || $column->{name} eq 'mac') { + # Add checked columns and mandatory columns + $index{$column->{name}} = $count; + $count++; + } + } + + # Map delimiter to its actual character + if ($delimiter eq 'comma') { + $delimiter = ','; + } elsif ($delimiter eq 'semicolon') { + $delimiter = ';'; + } elsif ($delimiter eq 'colon') { + $delimiter = ':'; + } elsif ($delimiter eq 'tab') { + $delimiter = "\t"; + } + + # Read CSV file + $count = 0; + if (open (my $import_fh, "<", $tmpfilename)) { + my $csv = Text::CSV->new({ binary => 1, sep_char => $delimiter }); + while (my $row = $csv->getline($import_fh)) { + my ($pid, $mac, $node, %data, $result); + + $pid = $row->[$index{'pid'}] || undef; + if ($pid && ($pid !~ /$pf::person::PID_RE/ || !person_exist($pid))) { + $logger->debug("Ignored unknown PID ($pid)"); + $skipped++; + next; + } + $mac = $row->[$index{'mac'}] || undef; + if (!$mac || !valid_mac($mac)) { + $logger->debug("Ignored invalid MAC ($mac)"); + $skipped++; + next; + } + $mac = clean_mac($mac); + $pid ||= $default_node_pid || $default_pid; + $node = node_view($mac); + %data = + ( + 'mac' => $mac, + 'pid' => $pid, + 'category' => $index{'category'} ? $row->[$index{'category'}] : undef, + 'category_id' => $index{'category'} ? undef : $default_category_id, + 'unregdate' => $index{'unregdate'} ? $row->[$index{'unregdate'}] : undef, + 'voip' => $index{'voip'} ? $row->[$index{'voip'}] : $default_voip, + 'notes' => $index{'notes'} ? $row->[$index{'notes'}] : undef, + ); + if (!defined($node) || (ref($node) eq 'HASH' && $node->{'status'} ne $pf::node::STATUS_REGISTERED)) { + $logger->debug("Register MAC $mac ($pid)"); + $result = node_register($mac, $pid, %data); + } + else { + $logger->debug("Modify already registered MAC $mac ($pid)"); + $result = node_modify($mac, %data); + } + if ($result) { + $count++; + } + else { + $skipped++; + } + } + unless ($csv->eof) { + $logger->warn("Problem with CSV file importation: " . $csv->error_diag()); + ($status, $message) = ($STATUS::INTERNAL_SERVER_ERROR, ["Problem with importation: [_1]" , $csv->error_diag()]); + } + else { + ($status, $message) = ($STATUS::CREATED, { count => $count, skipped => $skipped }); + } + close $import_fh; + } + else { + $logger->warn("Can't open CSV file $filename: $@"); + ($status, $message) = ($STATUS::INTERNAL_SERVER_ERROR, "Can't read CSV file."); + } + + $logger->info("CSV file ($filename) import $count nodes, skip $skipped nodes"); + + return ($status, $message); +} + =head2 delete =cut diff --git a/html/pfappserver/root/admin/nodes.tt b/html/pfappserver/root/admin/nodes.tt index c4039d1ac524..504f1afb68ff 100644 --- a/html/pfappserver/root/admin/nodes.tt +++ b/html/pfappserver/root/admin/nodes.tt @@ -1,4 +1,5 @@ [% jsFiles = [ + 'app/jquery-ui', 'app/bootstrap-datepicker', 'app/bootstrap-timepicker', 'app/chosen.jquery.min', @@ -58,8 +59,7 @@ form {
      • [% l('Nodes') %]
      • [% l('Search') %]
        • - +
      • [% l('Create') %]
      • [% l('Saved Searches') %]
        • [%FOR ss IN saved_searches%] [% form = ss.form %] diff --git a/html/pfappserver/root/node/create.tt b/html/pfappserver/root/node/create.tt new file mode 100644 index 000000000000..78e1ec604bd7 --- /dev/null +++ b/html/pfappserver/root/node/create.tt @@ -0,0 +1,61 @@ +

        [% l('Create Nodes') %]

        +[% IF error %]
        + + [% l('Error!') %] [% error %] +
        [% END %] +

        [% l('Manually add nodes to the system.') %]

        + + + + + + + + +
        + +
        +
        [% l('The node will be automatically registered. If the MAC matches an existing node, it will also be modified and registered.') %]
        + [% form_single.field('mac').render %] + [% form_single.field('pid').render %] + [% form_single.field('category_id').render %] + [% form_single.field('unregdate').render %] + [% form_single.field('notes').render %] +
        + +
        +
        [% l('All imported nodes will be registered. If a MAC matches an existing node, it will also be registered.') %]
        + [% form_import.field('nodes_file').render %] + [% form_import.field('delimiter').render %] + [% form_import.field('default_pid').render %] + [% form_import.field('default_category_id').render %] + [% form_import.field('default_voip').render %] +
        + +
        + + + [% FOREACH column IN form_import.field('columns').fields -%] + + + + + [% END %] + +
        [% loop.index + 1 %] + [% column.field('name').render_element %] + [% column.field('enabled').render_element %]  + [% column.field('label').render_element %] +
        +
        +
        + +
        + +
        + +
        + diff --git a/html/pfappserver/root/static/admin/common.js b/html/pfappserver/root/static/admin/common.js index 67a03884da89..bc8b40e4cb49 100644 --- a/html/pfappserver/root/static/admin/common.js +++ b/html/pfappserver/root/static/admin/common.js @@ -26,14 +26,16 @@ function updateAction(type, keep_value) { * Initialize the rendering widgets of some elements */ function initWidgets(elements) { - elements.filter('.chzn-select').chosen(); - elements.filter('.chzn-deselect').chosen({allow_single_deselect: true}); + elements.filter('.chzn-select:visible').chosen(); + elements.filter('.chzn-deselect:visible').chosen({allow_single_deselect: true}); elements.filter('.timepicker-default').each(function() { // Keep the placeholder visible if the input has no value var defaultTime = $(this).val().length? 'value' : false; $(this).timepicker({ defaultTime: defaultTime, showSeconds: false, showMeridian: false }); }); elements.filter('.datepicker').datepicker({ autoclose: true }); + if (elements.bootstrapSwitch) + elements.filter('.switch').bootstrapSwitch(); } function submitFormHideModal(modal,form) { @@ -97,9 +99,14 @@ function updateSection(ajax_data) { .done(function(data) { section.html(data); section.find('.datepicker').datepicker({ autoclose: true }); + section.find('.timepicker-default').each(function() { + // Keep the placeholder visible if the input has no value + var defaultTime = $(this).val().length? 'value' : false; + $(this).timepicker({ defaultTime: defaultTime, showSeconds: false, showMeridian: false }); + }); if (section.chosen) { - section.find('.chzn-select:visible').chosen(); - section.find('.chzn-deselect:visible').chosen({allow_single_deselect: true}); + section.find('.chzn-select').chosen(); + section.find('.chzn-deselect').chosen({allow_single_deselect: true}); } if (section.bootstrapSwitch) section.find('.switch').bootstrapSwitch(); diff --git a/html/pfappserver/root/static/js/node.js b/html/pfappserver/root/static/js/node.js index 203751fac60b..a8d9b362cac5 100644 --- a/html/pfappserver/root/static/js/node.js +++ b/html/pfappserver/root/static/js/node.js @@ -42,6 +42,8 @@ var NodeView = function(options) { this.proxyFor($('body'), 'show', '#modalNode', this.showNode); + this.proxyFor($('body'), 'submit', 'form[name="nodes"]', this.createNode); + this.proxyFor($('body'), 'submit', '#modalNode form[name="modalNode"]', this.updateNode); this.proxyClick($('body'), '#modalNode [href$="/delete"]', this.deleteNode); @@ -60,6 +62,18 @@ var NodeView = function(options) { this.proxyClick($('body'), '[name="items"]', this.toggleActionsButton); this.proxyClick($('body'), '#clear_violations, #bulk_register, #bulk_deregister, #apply_roles a', this.submitItems); + + this.proxyFor($('body'), 'section.loaded', '#section', function(e) { + /* Enable autocompletion of owner on tab of single node creation */ + $('[data-provide="typeahead"]').typeahead({ + source: $.proxy(this.searchUser, this), + minLength: 2, + items: 11, + matcher: function(item) { return true; }, + }); + /* Disable checked columns from import tab since they are required */ + $('#columns :checked').attr('disabled', 'disabled'); + }); }; NodeView.prototype.proxyFor = function(obj, action, target, method) { @@ -167,6 +181,52 @@ NodeView.prototype.readViolations = function(e) { return true; }; +NodeView.prototype.createNode = function(e) { + var form = $(e.target), + btn = form.find('[type="submit"]').first(), + href = $('#section .nav-tabs .active a').attr('href'), + pos = href.lastIndexOf('#'), + disabled_inputs = form.find('.hidden :input, .tab-pane:not(.active) :input'), + valid; + + // Don't submit inputs from hidden rows and tabs. + // The functions isFormValid and serialize will ignore disabled inputs. + disabled_inputs.attr('disabled', 'disabled'); + + // Identify the type of creation (single, multiple or import) from the selected tab + form.find('input[name="type"]').val(href.substr(++pos)); + valid = isFormValid(form); + + if (valid) { + btn.button('loading'); + resetAlert($('#section')); + + // Since we can be uploading a file, the form target is an iframe from which + // we read the JSON returned by the server. + var iform = $("#iframe_form"); + iform.one('load', function(event) { + // Restore disabled inputs + disabled_inputs.removeAttr('disabled'); + + $("body,html").animate({scrollTop:0}, 'fast'); + btn.button('reset'); + var body = $(this).contents().find('body'); + // We received JSON + var data = $.parseJSON(body.text()); + if (data.status < 300) + showPermanentSuccess(form, data.status_msg); + else + showPermanentError(form, data.status_msg); + }); + } + else { + // Restore disabled inputs + disabled_inputs.removeAttr('disabled'); + } + + return valid; +}; + NodeView.prototype.updateNode = function(e) { e.preventDefault(); diff --git a/html/pfappserver/root/user/create.tt b/html/pfappserver/root/user/create.tt index ffac49106e05..3aabfca8cb15 100644 --- a/html/pfappserver/root/user/create.tt +++ b/html/pfappserver/root/user/create.tt @@ -35,7 +35,7 @@
        -

        [% l('The usernames are constructed from the prefix and the quantity. For example, setting the prefix to guest and the quantity to 3 creates usernames guest1, guest2 and guest3. Random passwords will be created.') %]

        +
        [% l('The usernames are constructed from the prefix and the quantity. For example, setting the prefix to guest and the quantity to 3 creates usernames guest1, guest2 and guest3. Random passwords will be created.') %]
        [% form_multiple.field('prefix').render %] [% form_multiple.field('quantity').render %] [% form_multiple.field('firstname').render %] diff --git a/lib/pf/node.pm b/lib/pf/node.pm index 21be7927787c..06d16b1485f5 100644 --- a/lib/pf/node.pm +++ b/lib/pf/node.pm @@ -1071,6 +1071,7 @@ sub _node_category_handling { # if no category is specified then we set to undef so that DBI will insert a NULL $data{'category_id'} = undef; } + return $data{'category_id'}; } From 5d63ea12f5fc010bfa2f1ae76f732bcbf56bf355 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 12 Nov 2013 16:25:40 -0500 Subject: [PATCH 154/369] Users CSV importation: use only checked columns --- html/pfappserver/lib/pfappserver/Model/User.pm | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Model/User.pm b/html/pfappserver/lib/pfappserver/Model/User.pm index 2f4bffb1e084..a373232f9460 100644 --- a/html/pfappserver/lib/pfappserver/Model/User.pm +++ b/html/pfappserver/lib/pfappserver/Model/User.pm @@ -440,8 +440,11 @@ sub importCSV { my $skipped = 0; my %index = (); foreach my $column (@{$data->{columns}}) { - $index{$column->{name}} = $count; - $count++; + if ($column->{enabled} || $column->{name} eq 'c_username' || $column->{name} eq 'c_password') { + # Add checked columns and mandatory columns + $index{$column->{name}} = $count; + $count++; + } } # Map delimiter to its actual character From d1dbad37f53a74177f34e72fba4dc4e6cd0d5982 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 13 Nov 2013 16:10:54 -0500 Subject: [PATCH 155/369] LDAP source: filter by group membership --- NEWS.asciidoc | 1 + .../pfappserver/Form/Authentication/Rule.pm | 16 ++++++ lib/pf/Authentication/Source/LDAPSource.pm | 51 ++++++++++++++++--- lib/pf/Authentication/constants.pm | 3 ++ 4 files changed, 63 insertions(+), 8 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 9ea0996e8bcc..58f830d2901b 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -23,6 +23,7 @@ New Features * Added a Null Authenication Source * Displayed columns of nodes are now customizable * Create a single node or import multiple nodes from a CSV file from the Web admin +* LDAP authentication sources can now filter by group membership using a second LDAP query Enhancements ++++++++++++ diff --git a/html/pfappserver/lib/pfappserver/Form/Authentication/Rule.pm b/html/pfappserver/lib/pfappserver/Form/Authentication/Rule.pm index eecf67cb81d5..4960083198f0 100644 --- a/html/pfappserver/lib/pfappserver/Form/Authentication/Rule.pm +++ b/html/pfappserver/lib/pfappserver/Form/Authentication/Rule.pm @@ -174,6 +174,22 @@ has_field "${Conditions::CONNECTION}_value" => options_method => \&options_connection, element_class => ['span5'], ); +has_field "${Conditions::LDAP_ATTRIBUTE}_operator" => + ( + type => 'Select', + do_label => 0, + wrapper => 0, + localize_labels => 1, + options_method => \&operators, + element_class => ['span3'], + ); +has_field "${Conditions::LDAP_ATTRIBUTE}_value" => + ( + type => 'Text', + do_label => 0, + wrapper => 0, + element_class => ['span5'], + ); =head2 options_attributes diff --git a/lib/pf/Authentication/Source/LDAPSource.pm b/lib/pf/Authentication/Source/LDAPSource.pm index 7f181bf8f813..d147068e19f8 100644 --- a/lib/pf/Authentication/Source/LDAPSource.pm +++ b/lib/pf/Authentication/Source/LDAPSource.pm @@ -47,15 +47,15 @@ sub available_attributes { my $self = shift; my $super_attributes = $self->SUPER::available_attributes; - my @ldap_attributes = map { { value => $_, type => $Conditions::SUBSTRING } } - ("cn", "department", "displayName", "distinguishedName", "givenName", "memberOf", "sn", "eduPersonPrimaryAffiliation", "mail"); + my @ldap_attributes = map { { value => $_, type => $Conditions::LDAP_ATTRIBUTE } } + ("uid", "cn", "department", "displayName", "distinguishedName", "givenName", "memberOf", "sn", "eduPersonPrimaryAffiliation", "mail"); # We check if our username attribute is present, if not we add it. if (not grep {$_->{value} eq $self->{'usernameattribute'} } @ldap_attributes ) { - push (@ldap_attributes, { value => $self->{'usernameattribute'}, type => $Conditions::SUBSTRING }); + push (@ldap_attributes, { value => $self->{'usernameattribute'}, type => $Conditions::LDAP_ATTRIBUTE }); } - return [@$super_attributes, @ldap_attributes]; + return [@$super_attributes, sort { $a->{value} cmp $b->{value} } @ldap_attributes]; } =head2 authenticate @@ -218,12 +218,12 @@ sub match_in_subclass { my $entry = $result->pop_entry(); my $dn = $entry->dn; my $entry_matches = 1; - $connection->unbind; + my ($condition, $attribute, $value); # Perform match on regexp conditions since they were not included in the LDAP filter - foreach my $condition (grep { $_->{'operator'} eq $Conditions::MATCHES } @{$own_conditions}) { - my $attribute = $condition->{'attribute'}; - my $value = $condition->{'value'}; + foreach $condition (grep { $_->{'operator'} eq $Conditions::MATCHES } @{$own_conditions}) { + $attribute = $condition->{'attribute'}; + $value = $condition->{'value'}; my @attributes = $entry->get_value($attribute); if (scalar @attributes > 0 && grep /$value/, @attributes) { $entry_matches = 1; @@ -238,6 +238,41 @@ sub match_in_subclass { } } + # Perform match on a static group condition since they require a second LDAP search + foreach $condition (grep { $_->{'operator'} eq $Conditions::IS_MEMBER } @{$own_conditions}) { + $value = escape_filter_value($condition->{'value'}); + $attribute = $entry->get_value($condition->{'attribute'}); + # Search for any type of group definition: + # - groupOfNames => member (dn) + # - groupOfUniqueNames => uniqueMember (dn) + # - posixGroup => memberUid (uid) + $filter = "(|(member=${dn})(uniqueMember=$dn)(memberUid=${attribute}))"; + $result = $connection->search + ( + base => $value, + filter => $filter, + scope => $self->{ 'scope'}, + attrs => ['dn'] + ); + if ($result->is_error) { + $logger->error("[$self->{'id'}] Unable to execute search $filter from $value on $LDAPServer:$LDAPServerPort, we skip the condition (".$result->error.")."); + next; + } + if ($result->count == 1) { + $entry_matches = 1; + $logger->debug("[$self->{'id'} $rule->{'id'}] Group $value has member $attribute ($dn)"); + last if ($rule->match eq $Rules::ANY); + } + else { + $entry_matches = 0; + if ($rule->match eq $Rules::ALL) { + last; + } + } + } + + $connection->unbind; + if ($entry_matches) { # If we found a result, we push all conditions as matched ones. # That is normal, as we used them all to build our LDAP filter. diff --git a/lib/pf/Authentication/constants.pm b/lib/pf/Authentication/constants.pm index e78923c58d32..67746c2a9808 100644 --- a/lib/pf/Authentication/constants.pm +++ b/lib/pf/Authentication/constants.pm @@ -50,6 +50,7 @@ Readonly::Scalar our $IS_BEFORE => 'is before'; Readonly::Scalar our $IS => 'is'; Readonly::Scalar our $IS_NOT => 'is not'; Readonly::Scalar our $IS_AFTER => 'is after'; +Readonly::Scalar our $IS_MEMBER => 'is member of'; =item SUBSTRING, NUMBER, DATE, TIME @@ -62,6 +63,7 @@ Readonly::Scalar our $NUMBER => 'number'; Readonly::Scalar our $DATE => 'date'; Readonly::Scalar our $TIME => 'time'; Readonly::Scalar our $CONNECTION => 'connection'; +Readonly::Scalar our $LDAP_ATTRIBUTE => 'ldapattribute'; =item OPERATORS @@ -76,6 +78,7 @@ Readonly::Hash our %OPERATORS => $DATE => [$IS_BEFORE, $IS, $IS_AFTER], $TIME => [$IS_BEFORE, $IS_AFTER], $CONNECTION => [$IS, $IS_NOT], + $LDAP_ATTRIBUTE => [$STARTS, $EQUALS, $CONTAINS, $ENDS, $MATCHES, $IS_MEMBER], ); =back From de27c133546ffdd10d2090380d6e4aca42761ca7 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 13 Nov 2013 16:14:33 -0500 Subject: [PATCH 156/369] Localization --- html/pfappserver/lib/pfappserver/I18N/en.po | 227 ++++++++++++++------ html/pfappserver/root/user/list_password.tt | 2 +- html/pfappserver/root/user/view.tt | 2 +- 3 files changed, 164 insertions(+), 67 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/I18N/en.po b/html/pfappserver/lib/pfappserver/I18N/en.po index 886f6f04b24f..45ca351f995a 100644 --- a/html/pfappserver/lib/pfappserver/I18N/en.po +++ b/html/pfappserver/lib/pfappserver/I18N/en.po @@ -4,9 +4,9 @@ # msgid "" msgstr "" -"Project-Id-Version: 4.0.5\n" +"Project-Id-Version: 4.0.7\n" "POT-Creation-Date: YEAR-MO-DA HO:MI+ZONE\n" -"PO-Revision-Date: 2013-08-30 14:43-0400\n" +"PO-Revision-Date: 2013-11-13 15:40-0400\n" "Last-Translator: Inverse inc. \n" "Language-Team: English\n" "Language: en\n" @@ -94,6 +94,8 @@ msgid "Accounting" msgstr "" # html/pfappserver/lib/pfappserver/Form/SoH.pm +# html/pfappserver/root/node/advanced_search.tt +# html/pfappserver/root/node/simple_search.tt # html/pfappserver/root/soh/index.tt # html/pfappserver/root/soh/read.tt # html/pfappserver/root/violation/list.tt @@ -109,7 +111,7 @@ msgid "" msgstr "" # html/pfappserver/lib/pfappserver/Form/Violation.pm -# html/pfappserver/root/configuration/users.tt +# html/pfappserver/root/user/create.tt # html/pfappserver/root/user/view.tt # html/pfappserver/root/violation/list.tt msgid "Actions" @@ -225,6 +227,10 @@ msgstr "" msgid "All" msgstr "" +# html/pfappserver/root/node/create.tt +msgid "All imported nodes will be registered. If a MAC matches an existing node, it will also be registered." +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Authentication/Source/Email.pm msgid "Allow Local Domain" msgstr "" @@ -339,6 +345,7 @@ msgstr "" msgid "CLI" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm # html/pfappserver/lib/pfappserver/Form/User/Create/Import.pm msgid "CSV File" msgstr "" @@ -401,14 +408,22 @@ msgstr "" msgid "Close" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm # html/pfappserver/lib/pfappserver/Form/User/Create/Import.pm msgid "Column Delimiter" msgstr "" -# html/pfappserver/root/configuration/users.tt +# html/pfappserver/root/node/advanced_search.tt +# html/pfappserver/root/node/simple_search.tt +msgid "Columns" +msgstr "" + +# html/pfappserver/root/node/create.tt +# html/pfappserver/root/user/create.tt msgid "Columns Order" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm # html/pfappserver/lib/pfappserver/Form/User/Create/Import.pm msgid "Comma" msgstr "" @@ -451,6 +466,10 @@ msgstr "" msgid "Comma-delimited list of memcached servers." msgstr "" +# conf/documentation.conf (trapping.interception_proxy_port) +msgid "Comma-delimited list of port used by proxy interception." +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Config/Switch.pm msgid "Community Read" msgstr "" @@ -524,6 +543,7 @@ msgid "Copy File" msgstr "" # html/pfappserver/root/admin/nodes.tt +# html/pfappserver/root/admin/users.tt # html/pfappserver/root/interface/create.tt # html/pfappserver/root/portal/profile/create.tt msgid "Create" @@ -533,7 +553,11 @@ msgstr "" msgid "Create New File" msgstr "" -# html/pfappserver/root/configuration/users.tt +# html/pfappserver/root/node/create.tt +msgid "Create Nodes" +msgstr "" + +# html/pfappserver/root/user/create.tt msgid "Create Users" msgstr "" @@ -541,7 +565,7 @@ msgstr "" msgid "Create database and tables" msgstr "" -# html/pfappserver/root/configuration/users.tt +# html/pfappserver/root/user/create.tt msgid "Create local users that trigger specific actions." msgstr "" @@ -561,7 +585,11 @@ msgstr "" msgid "Creating" msgstr "" -# html/pfappserver/root/configuration/users.tt +# html/pfappserver/root/node/create.tt +msgid "Creating Nodes .." +msgstr "" + +# html/pfappserver/root/user/create.tt msgid "Creating Users .." msgstr "" @@ -594,14 +622,20 @@ msgstr "" msgid "Default Lease Time" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm +msgid "Default Owner" +msgstr "" + # html/pfappserver/root/portal/profile/index.tt msgid "Default Profile" msgstr "" -# conf/documentation.conf (trapping.redirecturl) -msgid "" - "Default URL to redirect to on registration/mitigation release. This" - "is only used if a per-violation redirecturl is not defined." +# html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm +msgid "Default Role" +msgstr "" + +# html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm +msgid "Default Voice Over IP" msgstr "" # conf/documentation.conf (node_import.category) @@ -695,10 +729,6 @@ msgstr "" msgid "Deregister" msgstr "" -# html/pfappserver/root/portal/profile/index.tt -msgid "Describe portal profiles" -msgstr "" - # conf/documentation.conf (interface.type) msgid "" "Describes \"type\" of named interface. internal describes interfaces" @@ -808,8 +838,7 @@ msgid "" "goes to." msgstr "" -# html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm -# html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm +# html/pfappserver/lib/pfappserver/Form/Portal/Common.pm msgid "Enable Billing Engine" msgstr "" @@ -870,13 +899,22 @@ msgstr "" # html/pfappserver/root/admin/wrapper.tt # html/pfappserver/root/configuration/authentication.tt -# html/pfappserver/root/configuration/users.tt +# html/pfappserver/root/node/create.tt # html/pfappserver/root/portal/profile/index.tt # html/pfappserver/root/roles/index.tt # html/pfappserver/root/soh/index.tt +# html/pfappserver/root/user/create.tt msgid "Error!" msgstr "" +# html/pfappserver/root/configuration/authentication.tt +msgid "Exclusive" +msgstr "" + +# html/pfappserver/root/configuration/authentication.tt +msgid "Exclusive Sources" +msgstr "" + # html/pfappserver/root/user/print.tt msgid "Expiration" msgstr "" @@ -911,6 +949,7 @@ msgid "Files" msgstr "" # html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm +# html/pfappserver/root/portal/profile/create.tt # html/pfappserver/root/portal/profile/view.tt # html/pfappserver/root/soh/read.tt msgid "Filter" @@ -935,6 +974,10 @@ msgstr "" msgid "Floating Device" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Portal/Common.pm +msgid "Force redirection URL" +msgstr "" + # conf/documentation.conf (captive_portal.secure_redirect) msgid "Force the captive portal to use HTTPS when redirecting captured clients." msgstr "" @@ -1066,6 +1109,12 @@ msgstr "" msgid "If enabled, we will act on wirelessIPS traps sent by Wireless controllers." msgstr "" +# conf/documentation.conf (trapping.interception_proxy) +msgid "" + "If enabled, we will intercept proxy request on the specified ports to" + "forward to the captive portal." +msgstr "" + # conf/documentation.conf (captive_portal.loadbalancers_ip) msgid "" "If the captive portal is put behind load-balancer(s) that act at Layer 7" @@ -1094,8 +1143,8 @@ msgid "" "registration is complete." msgstr "" -# html/pfappserver/root/admin/nodes.tt -# html/pfappserver/root/configuration/users.tt +# html/pfappserver/root/node/create.tt +# html/pfappserver/root/user/create.tt msgid "Import" msgstr "" @@ -1199,6 +1248,12 @@ msgid "" "running the RPMed version." msgstr "" +# conf/documentation.conf (services.memcached_binary) +msgid "" + "Location of the memcached binary. Only necessary to change if you are not" + "running the pre-packaged version." +msgstr "" + # conf/documentation.conf (services.snmptrapd_binary) msgid "" "Location of the snmptrapd binary. Only necessary to change if you are" @@ -1243,6 +1298,7 @@ msgstr "" msgid "Logs" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Node.pm # html/pfappserver/root/configuration/floatingdevice/list.tt # html/pfappserver/root/user/view.tt # html/pfappserver/root/user/violations.tt @@ -1250,6 +1306,7 @@ msgid "MAC" msgstr "" # html/pfappserver/lib/pfappserver/Form/Config/FloatingDevice.pm +# html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm msgid "MAC Address" msgstr "" @@ -1269,6 +1326,10 @@ msgstr "" msgid "Main" msgstr "" +# html/pfappserver/root/node/create.tt +msgid "Manually add nodes to the system." +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Violation.pm msgid "Max Enables" msgstr "" @@ -1297,7 +1358,7 @@ msgstr "" msgid "Mode" msgstr "" -# html/pfappserver/root/configuration/users.tt +# html/pfappserver/root/user/create.tt msgid "Multiple" msgstr "" @@ -1463,7 +1524,7 @@ msgid "No violation defined" msgstr "" # html/pfappserver/root/node/violations.tt -msgid "No violation history" +msgid "No violation found" msgstr "" # html/pfappserver/root/admin/nodes.tt @@ -1493,6 +1554,7 @@ msgid "Note" msgstr "" # html/pfappserver/lib/pfappserver/Form/Node.pm +# html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm # html/pfappserver/lib/pfappserver/Form/User.pm # html/pfappserver/lib/pfappserver/Form/User/Create/Multiple.pm # html/pfappserver/lib/pfappserver/Form/User/Create/Single.pm @@ -1526,6 +1588,7 @@ msgid "Overview" msgstr "" # html/pfappserver/lib/pfappserver/Form/Node.pm +# html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm msgid "Owner" msgstr "" @@ -1695,6 +1758,10 @@ msgid "" "Redirecting 53/udp (DNS) seems to have issues and is also not recommended." msgstr "" +# html/pfappserver/root/portal/profile/index.tt +msgid "Present a different captive portal according to the SSID, the VLAN, or the switch IP the client connects to." +msgstr "" + # html/pfappserver/root/portal/profile/edit.tt # html/pfappserver/root/portal/profile/files.tt # html/pfappserver/root/violation/list.tt @@ -1748,13 +1815,11 @@ msgstr "" msgid "Profile" msgstr "" -# html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm -# html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm +# html/pfappserver/lib/pfappserver/Form/Portal/Common.pm msgid "Profile Description" msgstr "" -# html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm -# html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm +# html/pfappserver/lib/pfappserver/Form/Portal/Common.pm msgid "Profile Name" msgstr "" @@ -1822,6 +1887,10 @@ msgstr "" msgid "Reconnecting to the Admin Service in " msgstr "" +# html/pfappserver/lib/pfappserver/Form/Portal/Common.pm +msgid "Redirection URL" +msgstr "" + # html/pfappserver/root/node/advanced_search.tt # html/pfappserver/root/node/simple_search.tt msgid "Register" @@ -1832,7 +1901,7 @@ msgstr "" msgid "Registration" msgstr "" -# html/pfappserver/root/configuration/users.tt +# html/pfappserver/root/user/create.tt # html/pfappserver/root/user/view.tt msgid "Registration Window" msgstr "" @@ -1925,6 +1994,7 @@ msgid "Revert File" msgstr "" # html/pfappserver/lib/pfappserver/Form/Node.pm +# html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm # html/pfappserver/root/roles/read.tt msgid "Role" msgstr "" @@ -1978,6 +2048,10 @@ msgstr "SSID" msgid "SSL" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm +msgid "SWITCH" +msgstr "" + # html/pfappserver/root/admin/nodes.tt # html/pfappserver/root/admin/users.tt # html/pfappserver/root/authentication/source/read.tt @@ -2073,6 +2147,7 @@ msgstr "" msgid "Select a violation" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm # html/pfappserver/lib/pfappserver/Form/User/Create/Import.pm msgid "Semicolon" msgstr "" @@ -2128,7 +2203,11 @@ msgid "Should have to reauthenticate the node if vlan change" msgstr "" # conf/documentation.conf (services.iptables) -msgid "Should iptables be managed by packetfence" +msgid "Should iptables be managed by PacketFence? Keep enabled unless you know what you're doing." +msgstr "" + +# conf/documentation.conf (services.memcached) +msgid "Should memcached be managed by PacketFence? Keep enabled unless you know what you're doing." msgstr "" # conf/documentation.conf (vlan.closelocationlogonstop) @@ -2170,7 +2249,8 @@ msgstr "" msgid "Simple" msgstr "" -# html/pfappserver/root/configuration/users.tt +# html/pfappserver/root/node/create.tt +# html/pfappserver/root/user/create.tt msgid "Single" msgstr "" @@ -2186,6 +2266,7 @@ msgstr "" msgid "Source switch IP" msgstr "" +# html/pfappserver/root/portal/profile/create.tt # html/pfappserver/root/portal/profile/view.tt msgid "Sources" msgstr "" @@ -2293,6 +2374,7 @@ msgid "" "http://www.php.net/manual/en/timezones.php" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm # html/pfappserver/lib/pfappserver/Form/User/Create/Import.pm msgid "Tab" msgstr "" @@ -2344,6 +2426,10 @@ msgstr "" msgid "The merchant's unique Transaction Key (Provided by Authorize.net)" msgstr "" +# html/pfappserver/root/node/create.tt +msgid "The node will be automatically registered. If the MAC matches an existing node, it will also be modified and registered." +msgstr "" + # conf/documentation.conf (registration.nbregpages) msgid "" "The number of registration pages to show to the user. If higher than" @@ -2365,7 +2451,7 @@ msgstr "" msgid "The role to assign to gaming devices. If none is selected, the role of the registrant is used." msgstr "" -# html/pfappserver/root/configuration/users.tt +# html/pfappserver/root/user/create.tt msgid "The usernames are constructed from the prefix and the quantity. For example, setting the prefix to guest and the quantity to 3 creates usernames guest1, guest2 and guest3. Random passwords will be created." msgstr "" @@ -2483,17 +2569,14 @@ msgstr "" msgid "Type" msgstr "" -# conf/documentation.conf (trapping.always_use_redirecturl) -msgid "" - "Under most circumstances we can redirect the user to the URL he originally " - "intended to visit. When enabled, always_use_redirecturl forces the captive " - "portal to redirect the user to the URL defined in trapping.redirecturl instead." -msgstr "" - # html/pfappserver/lib/pfappserver/Form/Node.pm msgid "Unregistration" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm +msgid "Unregistration Date" +msgstr "" + # html/pfappserver/root/configuration/fingerprints/simple_search.tt msgid "Update Fingerprints" msgstr "" @@ -2633,6 +2716,10 @@ msgstr "" msgid "Voice Over IP" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm +msgid "Voice Over IP (yes/no)" +msgstr "" + # conf/documentation.conf (alerting.wins_server) msgid "" "WINS server to resolve NetBIOS name of administrative workstation to" @@ -2692,14 +2779,11 @@ msgstr "" msgid "With no condition, the inline mode will never be activated." msgstr "" -# html/pfappserver/root/portal/profile/create.tt -msgid "With no source selected, the sources of the default profile will be used." -msgstr "" - # html/pfappserver/root/portal/profile/view.tt msgid "With no source specified, all internal sources will be used." msgstr "" +# html/pfappserver/root/portal/profile/create.tt # html/pfappserver/root/portal/profile/view.tt msgid "With no source specified, the sources of the default profile will be used." msgstr "" @@ -2937,12 +3021,13 @@ msgstr "" # conf/documentation.conf (scan.registration options) # conf/documentation.conf (services.dhcpd options) # conf/documentation.conf (services.iptables options) +# conf/documentation.conf (services.memcached options) # conf/documentation.conf (services.pfdns options) # conf/documentation.conf (services.radiusd options) # conf/documentation.conf (servicewatch.email options) # conf/documentation.conf (servicewatch.restart options) -# conf/documentation.conf (trapping.always_use_redirecturl options) # conf/documentation.conf (trapping.detection options) +# conf/documentation.conf (trapping.interception_proxy options) # conf/documentation.conf (trapping.passthrough options) # conf/documentation.conf (trapping.registration options) # conf/documentation.conf (trapping.wireless_ips options) @@ -2993,12 +3078,13 @@ msgstr "" # conf/documentation.conf (scan.registration options) # conf/documentation.conf (services.dhcpd options) # conf/documentation.conf (services.iptables options) +# conf/documentation.conf (services.memcached options) # conf/documentation.conf (services.pfdns options) # conf/documentation.conf (services.radiusd options) # conf/documentation.conf (servicewatch.email options) # conf/documentation.conf (servicewatch.restart options) -# conf/documentation.conf (trapping.always_use_redirecturl options) # conf/documentation.conf (trapping.detection options) +# conf/documentation.conf (trapping.interception_proxy options) # conf/documentation.conf (trapping.passthrough options) # conf/documentation.conf (trapping.registration options) # conf/documentation.conf (trapping.wireless_ips options) @@ -3097,10 +3183,6 @@ msgstr "Timezone" msgid "givenName" msgstr "" -# pfappserver::Model::Node (availableStatus) -msgid "grace" -msgstr "grace" - # conf/documentation.conf msgid "guests_admin_registration" msgstr "Admin Registration" @@ -3209,6 +3291,10 @@ msgstr "" msgid "is before" msgstr "" +# pf::Authentication::constants (Conditions) +msgid "is member of" +msgstr "" + # html/pfappserver/root/admin/nodes.tt # html/pfappserver/root/admin/users.tt # pf::Authentication::constants (Conditions) @@ -3240,13 +3326,17 @@ msgstr "" msgid "mac" msgstr "MAC Address" -# html/pfappserver/root/user/view.tt # pf::Authentication::Source::ADSource (available_attributes) # pf::Authentication::Source::LDAPSource (available_attributes) msgid "mail" +msgstr "" + +# html/pfappserver/root/user/view.tt +msgid "mail_btn" msgstr "Send Email" # html/pfappserver/root/user/list_password.tt (options) +# html/pfappserver/root/user/view.tt msgid "mail_loading" msgstr "Sending .." @@ -3583,6 +3673,14 @@ msgstr "httpd path" msgid "services.iptables" msgstr "iptables" +# conf/documentation.conf +msgid "services.memcached" +msgstr "" + +# conf/documentation.conf +msgid "services.memcached_binary" +msgstr "" + # conf/documentation.conf msgid "services.pfdns" msgstr "pfdns" @@ -3685,10 +3783,6 @@ msgstr "Trap" msgid "trapping" msgstr "Trapping" -# conf/documentation.conf -msgid "trapping.always_use_redirecturl" -msgstr "Force redirect URL" - # conf/documentation.conf msgid "trapping.detection" msgstr "Detection" @@ -3697,6 +3791,14 @@ msgstr "Detection" msgid "trapping.detection_engine" msgstr "Detection engine" +# conf/documentation.conf +msgid "trapping.interception_proxy" +msgstr "Proxy Interception" + +# conf/documentation.conf +msgid "trapping.interception_proxy_port" +msgstr "Proxy Interception Port" + # conf/documentation.conf msgid "trapping.passthrough" msgstr "Passthrough" @@ -3709,22 +3811,10 @@ msgstr "Passthroughs" msgid "trapping.proxy_passthroughs" msgstr "Proxy Passthroughs" -# conf/documentation.conf -msgid "trapping.interception_proxy" -msgstr "Proxy Interception" - -# conf/documentation.conf -msgid "trapping.interception_proxy_port" -msgstr "Proxy Interception Port" - # conf/documentation.conf msgid "trapping.range" msgstr "Addresses ranges" -# conf/documentation.conf -msgid "trapping.redirecturl" -msgstr "Redirect URL" - # conf/documentation.conf msgid "trapping.redirtimer" msgstr "Redirection delay" @@ -3745,6 +3835,11 @@ msgstr "Wireless IPS" msgid "trapping.wireless_ips_threshold" msgstr "Wireless IPS threshold" +# pf::Authentication::Source::ADSource (available_attributes) +# pf::Authentication::Source::LDAPSource (available_attributes) +msgid "uid" +msgstr "" + # pfappserver::Model::Node (availableStatus) msgid "unreg" msgstr "unregistered" @@ -3766,7 +3861,9 @@ msgstr "" msgid "useragent" msgstr "UserAgent" -# pf::Authentication::Source (common_attributes) +# pf::Authentication::Source::HtpasswdSource (available_attributes) +# pf::Authentication::Source::KerberosSource (available_attributes) +# pf::Authentication::Source::RADIUSSource (available_attributes) msgid "username" msgstr "" diff --git a/html/pfappserver/root/user/list_password.tt b/html/pfappserver/root/user/list_password.tt index 8b6b3b009eef..e97c5b689a93 100644 --- a/html/pfappserver/root/user/list_password.tt +++ b/html/pfappserver/root/user/list_password.tt @@ -30,7 +30,7 @@ [% l('Close') %] [% l('Print') %] - [% FOREACH option IN options %][% l(option) %] [% END %] + [% FOREACH option IN options %][% l("${option}_btn") %] [% END %]
        diff --git a/html/pfappserver/root/user/view.tt b/html/pfappserver/root/user/view.tt index ffe8af18151c..c30750618719 100644 --- a/html/pfappserver/root/user/view.tt +++ b/html/pfappserver/root/user/view.tt @@ -53,7 +53,7 @@
        [% l('Print') %] - [% l('mail') %] + [% l('mail_btn') %]
      From 7e609d080c19b4c3c9835b3c6dc34ee54d2b9a14 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 14 Nov 2013 13:59:40 -0500 Subject: [PATCH 157/369] Fix duplicate entries in advanced search of nodes --- NEWS.asciidoc | 1 + html/pfappserver/lib/pfappserver/Model/Search/Node.pm | 11 ++++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 58f830d2901b..ba67714e3c03 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -57,6 +57,7 @@ Bug Fixes * Fixed users searches not being saved in the proper namespace * Fixed handling of form submit when saving a user search * Fixed self-registration of multiple unverified devices +* Fixed duplicate entries in advanced search of nodes Version 4.0.6-2 released on 2013-09-13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/html/pfappserver/lib/pfappserver/Model/Search/Node.pm b/html/pfappserver/lib/pfappserver/Model/Search/Node.pm index b38fd065f21a..01e71b308419 100644 --- a/html/pfappserver/lib/pfappserver/Model/Search/Node.pm +++ b/html/pfappserver/lib/pfappserver/Model/Search/Node.pm @@ -91,7 +91,8 @@ sub make_builder { L_("IF(regdate = '0000-00-00 00:00:00', '', regdate)", 'regdate'), L_("IF(unregdate = '0000-00-00 00:00:00', '', unregdate)", 'unregdate'), L_("IFNULL(node_category.name, '')", 'category'), - L_("IFNULL(os_type.description, ' ')", 'dhcp_fingerprint') + L_("IFNULL(os_type.description, ' ')", 'dhcp_fingerprint'), + { table => 'iplog', name => 'ip', as => 'last_ip' } )->from('node', { 'table' => 'node_category', @@ -161,7 +162,7 @@ sub make_builder { 'join' => 'LEFT', 'using' => 'os_id', }, - ); + )->distinct(); } my %COLUMN_MAP = ( @@ -193,7 +194,7 @@ my %COLUMN_MAP = ( 'table' => 'node', 'name' => 'mac', } - ] + ], ], }, ] @@ -201,7 +202,7 @@ my %COLUMN_MAP = ( last_ip => { table => 'iplog', name => 'ip', - }, + }, # BUG : retrieves the last IP address, no mather if a period range is defined violation => { table => 'class', name => 'description', @@ -271,7 +272,7 @@ sub add_date_range { $builder->from(@{$COLUMN_MAP{switch_ip}{'joins'}}) } if ($start) { - $builder->where({ table =>'locationlog', name => 'start_time' }, '>=' ,$start); + $builder->where({ table =>'locationlog', name => 'start_time' }, '>=', $start); } if ($end) { $builder From 76a0166260ce1788ab9720a5856bf01dfa9dcc0c Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 14 Nov 2013 14:15:53 -0500 Subject: [PATCH 158/369] Validate file path when saving an Htpasswd source --- NEWS.asciidoc | 1 + .../Form/Authentication/Source/Htpasswd.pm | 18 +++++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index ba67714e3c03..93b38df49e51 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -40,6 +40,7 @@ Enhancements * An Htpasswd source can now define sponsors * Improved display of pie charts (limit of legend labels and highlight of table rows) * Creation of users is now performed from the users page (was on the configuration page) +* Validate file path when saving an Htpasswd authentication source Bug Fixes +++++++++ diff --git a/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Htpasswd.pm b/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Htpasswd.pm index 5d570ff3c729..4042a80f1dbf 100644 --- a/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Htpasswd.pm +++ b/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Htpasswd.pm @@ -22,9 +22,25 @@ has_field 'path' => element_class => ['input-xxlarge'], ); +=head2 validate + +Make sure the htpasswd file is readable. + +=cut + +sub validate { + my $self = shift; + + $self->SUPER::validate(); + + unless (-r $self->value->{path}) { + $self->field('path')->add_error("The file is not readable."); + } +} + =head1 COPYRIGHT -Copyright (C) 2012 Inverse inc. +Copyright (C) 2012-2013 Inverse inc. =head1 LICENSE From a29ba04aac2b642e09df1a475a4333fe272a3846 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 14 Nov 2013 14:29:18 -0500 Subject: [PATCH 159/369] Fix checkboxes of displayed columns (nodes/users) --- html/pfappserver/root/node/create.tt | 2 +- html/pfappserver/root/node/simple_search.tt | 2 +- html/pfappserver/root/static/js/node.js | 2 +- html/pfappserver/root/static/js/user.js | 2 +- html/pfappserver/root/user/create.tt | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/html/pfappserver/root/node/create.tt b/html/pfappserver/root/node/create.tt index 78e1ec604bd7..af9e4c0246f3 100644 --- a/html/pfappserver/root/node/create.tt +++ b/html/pfappserver/root/node/create.tt @@ -36,7 +36,7 @@
      - +
      [% FOREACH column IN form_import.field('columns').fields -%] diff --git a/html/pfappserver/root/node/simple_search.tt b/html/pfappserver/root/node/simple_search.tt index 9168ad2b877b..fe4cf66b57c4 100644 --- a/html/pfappserver/root/node/simple_search.tt +++ b/html/pfappserver/root/node/simple_search.tt @@ -30,7 +30,7 @@ [% l('Apply Role') %] diff --git a/html/pfappserver/root/static/js/node.js b/html/pfappserver/root/static/js/node.js index a8d9b362cac5..3264f4ca112b 100644 --- a/html/pfappserver/root/static/js/node.js +++ b/html/pfappserver/root/static/js/node.js @@ -72,7 +72,7 @@ var NodeView = function(options) { matcher: function(item) { return true; }, }); /* Disable checked columns from import tab since they are required */ - $('#columns :checked').attr('disabled', 'disabled'); + $('form["nodes"] .columns :checked').attr('disabled', 'disabled'); }); }; diff --git a/html/pfappserver/root/static/js/user.js b/html/pfappserver/root/static/js/user.js index d84ef6a30e45..28a132d1e3ee 100644 --- a/html/pfappserver/root/static/js/user.js +++ b/html/pfappserver/root/static/js/user.js @@ -95,7 +95,7 @@ var UserView = function(options) { updateAction($(this)); }); /* Disable checked columns from import tab since they are required */ - $('#columns :checked').attr('disabled', 'disabled'); + $('form[name="users"] .columns :checked').attr('disabled', 'disabled'); }); }; diff --git a/html/pfappserver/root/user/create.tt b/html/pfappserver/root/user/create.tt index 3aabfca8cb15..5ecc6681f9a9 100644 --- a/html/pfappserver/root/user/create.tt +++ b/html/pfappserver/root/user/create.tt @@ -50,7 +50,7 @@
      -
      +
      [% FOREACH column IN form_import.field('columns').fields -%] From 25781a0d142722ceef7403b83f2e90db3f388487 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 18 Nov 2013 10:18:28 -0500 Subject: [PATCH 160/369] Initialize JS widgets that are not visible This is required for multi-values chosen select widget. --- html/pfappserver/root/static/admin/common.js | 4 ++-- html/pfappserver/root/static/js/user.js | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/html/pfappserver/root/static/admin/common.js b/html/pfappserver/root/static/admin/common.js index bc8b40e4cb49..ef9e83bbb8bc 100644 --- a/html/pfappserver/root/static/admin/common.js +++ b/html/pfappserver/root/static/admin/common.js @@ -26,8 +26,8 @@ function updateAction(type, keep_value) { * Initialize the rendering widgets of some elements */ function initWidgets(elements) { - elements.filter('.chzn-select:visible').chosen(); - elements.filter('.chzn-deselect:visible').chosen({allow_single_deselect: true}); + elements.filter('.chzn-select').chosen(); + elements.filter('.chzn-deselect').chosen({allow_single_deselect: true}); elements.filter('.timepicker-default').each(function() { // Keep the placeholder visible if the input has no value var defaultTime = $(this).val().length? 'value' : false; diff --git a/html/pfappserver/root/static/js/user.js b/html/pfappserver/root/static/js/user.js index 28a132d1e3ee..d46439084730 100644 --- a/html/pfappserver/root/static/js/user.js +++ b/html/pfappserver/root/static/js/user.js @@ -127,7 +127,7 @@ UserView.prototype.readUser = function(e) { var modal = $("#modalUser"); modal.find('.datepicker').datepicker({ autoclose: true }); modal.find('#ruleActions tr:not(.hidden) select[name$=type]').each(function() { - updateAction($(this),true); + updateAction($(this), true); }); modal.on('shown', function() { modal.find(':input:visible').first().focus(); From 9f0e78831878a85c8ec35aaedc0246f05f3cc8bb Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Wed, 20 Nov 2013 13:02:10 -0500 Subject: [PATCH 161/369] Remove duplicate entry --- conf/documentation.conf | 8 -------- 1 file changed, 8 deletions(-) diff --git a/conf/documentation.conf b/conf/documentation.conf index 88e9206cea79..a9c07ba80a70 100644 --- a/conf/documentation.conf +++ b/conf/documentation.conf @@ -279,14 +279,6 @@ The configuration parameter "passthrough" must be enabled for passthroughs to be effective. EOT -[trapping.proxy_passthroughs] -type=list -description=< Date: Wed, 20 Nov 2013 16:37:40 -0500 Subject: [PATCH 162/369] Fixed WARNING - invalid parameter with profile --- lib/pf/pfcmd/checkup.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/pfcmd/checkup.pm b/lib/pf/pfcmd/checkup.pm index a86e10ca2b15..54e76b719229 100644 --- a/lib/pf/pfcmd/checkup.pm +++ b/lib/pf/pfcmd/checkup.pm @@ -961,7 +961,7 @@ Make sure only one external authentication source is selected for each type. # TODO: We might want to check if specified auth module(s) are valid... to do so, we'll have to separate the auth thing from the extension check. sub portal_profiles { - my $profile_params = qr/(?:filter|logo|guest_self_reg|guest_modes|template_path|billing_engine|description|sources)/; + my $profile_params = qr/(?:filter|logo|guest_self_reg|guest_modes|template_path|billing_engine|description|sources|redirecturl|always_use_redirecturl)/; foreach my $portal_profile ( $cached_profiles_config->Sections) { From acdbb803ba8f592dc45397cdecb5de1010192762 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Tue, 26 Nov 2013 10:44:27 -0500 Subject: [PATCH 163/369] Unreg a node if it try to connect to a open SSID and was autoregistered on a secure ssid --- lib/pf/vlan.pm | 35 ++++++++++++++++++++++++++++++++--- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/lib/pf/vlan.pm b/lib/pf/vlan.pm index d51d2ca7d8b3..c21abf39e9d4 100644 --- a/lib/pf/vlan.pm +++ b/lib/pf/vlan.pm @@ -19,7 +19,7 @@ use threads; use threads::shared; use pf::config; -use pf::node qw(node_attributes node_exist); +use pf::node qw(node_attributes node_exist node_modify); use pf::SNMP::constants; use pf::util; use pf::violation qw(violation_count_trap violation_exist_open violation_view_top); @@ -79,7 +79,7 @@ sub fetchVlanForNode { # violation handling my $violation = $this->getViolationVlan($switch, $ifIndex, $mac, $connection_type, $user_name, $ssid); if (defined($violation) && $violation != 0) { - return ( $violation, 0 ); + return ( $violation, 0 "isolation"); } elsif (!defined($violation)) { $logger->warn("There was a problem identifying vlan for violation. Will act as if there was no violation."); } @@ -87,7 +87,20 @@ sub fetchVlanForNode { # there were no violation, now onto registration handling my $registration = $this->getRegistrationVlan($switch, $ifIndex, $mac, $node_info, $connection_type, $user_name, $ssid); if (defined($registration) && $registration != 0) { - return ( $registration , 0 ); + + if ( ($connection_type & $WIRELESS_MAC_AUTH) == $WIRELESS_MAC_AUTH ) { + + + my $notes = $node_info->{'notes'}; + if ($notes eq 'AUTO-REGISTERED') { + $logger->info("Connection type is WIRELESS_MAC_AUTH and the device was comming from a secure SSID with auto registration" ); + my %info = ( + 'notes' => '', + ); + node_modify($mac,%info); + } + } + return ( $registration , 0, "registration"); } # no violation, not unregistered, we are now handling a normal vlan @@ -333,7 +346,22 @@ sub getNormalVlan { if ( ($connection_type & $WIRED_MAC_AUTH) == $WIRED_MAC_AUTH ) { $logger->info("Connection type is WIRED_MAC_AUTH. Getting role from node_info" ); $role = $node_info->{'category'}; + } elsif ( ($connection_type & $WIRELESS_MAC_AUTH) == $WIRELESS_MAC_AUTH ) { + $logger->info("Connection type is WIRELESS_MAC_AUTH. Getting role from node_info" ); + $role = $node_info->{'category'}; + + my $notes = $node_info->{'notes'}; + if ($notes eq 'AUTO-REGISTERED') { + $logger->info("Device is comming from a secure connection and has been auto registered, we unreg it and forward it to the portal" ); + $role = 'registration'; + my %info = ( + 'status' => 'unreg', + 'notes' => '', + ); + node_modify($mac,%info); + } } + # If it's an EAP connection with a username, we try to match that username with authentication sources to calculate # the role based on the rules defined in the different authentication sources. # FIRST HIT MATCH @@ -569,3 +597,4 @@ USA. # vim: set shiftwidth=4: # vim: set expandtab: # vim: set backspace=indent,eol,start: + From 339a17c0de1af5b8b9537d27878a7846e6adf11a Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Tue, 26 Nov 2013 11:16:08 -0500 Subject: [PATCH 164/369] Missing comma --- lib/pf/vlan.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/vlan.pm b/lib/pf/vlan.pm index c21abf39e9d4..ba9e3d8e656b 100644 --- a/lib/pf/vlan.pm +++ b/lib/pf/vlan.pm @@ -79,7 +79,7 @@ sub fetchVlanForNode { # violation handling my $violation = $this->getViolationVlan($switch, $ifIndex, $mac, $connection_type, $user_name, $ssid); if (defined($violation) && $violation != 0) { - return ( $violation, 0 "isolation"); + return ( $violation, 0, "isolation"); } elsif (!defined($violation)) { $logger->warn("There was a problem identifying vlan for violation. Will act as if there was no violation."); } From 29c9bcddfe7abeed15c403049a85e4cddff5bcf6 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 26 Nov 2013 15:41:33 -0500 Subject: [PATCH 165/369] Fix advanced search by node category --- NEWS.asciidoc | 1 + html/pfappserver/lib/pfappserver/Model/Node.pm | 2 ++ html/pfappserver/root/admin/nodes.tt | 3 ++- lib/pf/node.pm | 1 - 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 93b38df49e51..71117e4619f3 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -59,6 +59,7 @@ Bug Fixes * Fixed handling of form submit when saving a user search * Fixed self-registration of multiple unverified devices * Fixed duplicate entries in advanced search of nodes +* Fixed advanced search by node category Version 4.0.6-2 released on 2013-09-13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/html/pfappserver/lib/pfappserver/Model/Node.pm b/html/pfappserver/lib/pfappserver/Model/Node.pm index 0d962fcfcd59..11992f492574 100644 --- a/html/pfappserver/lib/pfappserver/Model/Node.pm +++ b/html/pfappserver/lib/pfappserver/Model/Node.pm @@ -102,6 +102,8 @@ sub countAll { =head2 search +Used to perform a simple search + =cut sub search { diff --git a/html/pfappserver/root/admin/nodes.tt b/html/pfappserver/root/admin/nodes.tt index 504f1afb68ff..b3e8690f817c 100644 --- a/html/pfappserver/root/admin/nodes.tt +++ b/html/pfappserver/root/admin/nodes.tt @@ -15,6 +15,7 @@ 'admin/nodes', 'admin/searches', 'js/bootstrapSwitch', + 'js/moment.min', 'js/node', 'js/user', ] @@ -154,7 +155,7 @@ form { @@ -62,26 +64,28 @@ td a.btn { margin-left: 5px; } %] diff --git a/html/pfappserver/root/portal/profile/index.tt b/html/pfappserver/root/portal/profile/index.tt index 747a9c445275..df6ddd545779 100644 --- a/html/pfappserver/root/portal/profile/index.tt +++ b/html/pfappserver/root/portal/profile/index.tt @@ -55,7 +55,7 @@ [% profile_id %] - + [% END %] [% END -%] @@ -64,7 +64,9 @@
      [% IF loop.last %] - [% CALL condition.field('attribute').set_element_attr("disabled","disabled") %] - [% CALL condition.field('operator').set_element_attr("disabled","disabled") %] - [% CALL condition.field('value').set_element_attr("disabled","disabled") %] + [% CALL condition.field('attribute').set_element_attr("disabled", "disabled") %] + [% CALL condition.field('operator').set_element_attr("disabled", "disabled") %] + [% CALL condition.field('value').set_element_attr("disabled", "disabled") %] [% END %] [% condition.field('attribute').render_element %] [% condition.field('operator').render_element %] @@ -59,8 +59,8 @@ [% IF is_last %] - [% CALL action.field('type').set_element_attr("disabled","disabled")%] - [% CALL action.field('value').set_element_attr("disabled","disabled")%] + [% CALL action.field('type').set_element_attr("disabled", "disabled") %] + [% CALL action.field('value').set_element_attr("disabled", "disabled") %] [% END %] [% action.field('type').render_element %] [% action.field('value').render_element %] diff --git a/lib/pf/Authentication/Source/EmailSource.pm b/lib/pf/Authentication/Source/EmailSource.pm index 0368c05c7333..dd0d34c7a5eb 100644 --- a/lib/pf/Authentication/Source/EmailSource.pm +++ b/lib/pf/Authentication/Source/EmailSource.pm @@ -35,6 +35,16 @@ sub available_attributes { return [@$super_attributes, @$own_attributes]; } +=head2 available_actions + +For an Email source, we don't allow the B action. + +=cut + +sub available_actions { + return [ grep { $_ ne $Actions::MARK_AS_SPONSOR } @Actions::ACTIONS ]; +} + =head2 match_in_subclass =cut diff --git a/lib/pf/Authentication/Source/NullSource.pm b/lib/pf/Authentication/Source/NullSource.pm index 1d73c95a81bc..72221ae216ce 100644 --- a/lib/pf/Authentication/Source/NullSource.pm +++ b/lib/pf/Authentication/Source/NullSource.pm @@ -25,6 +25,20 @@ has '+type' => (default => 'Null'); has '+unique' => (default => 1); has 'email_required' => ( is=> 'rw', default => 'disabled'); +=head2 available_actions + +For an Null source, we limit the available actions to B, B, and B. + +=cut + +sub available_actions { + return [ + $Actions::SET_ROLE, + $Actions::SET_ACCESS_DURATION, + $Actions::SET_UNREG_DATE, + ]; +} + =head2 match_in_subclass =cut diff --git a/lib/pf/Authentication/Source/SMSSource.pm b/lib/pf/Authentication/Source/SMSSource.pm index 4efbb037baec..0d709d54effd 100644 --- a/lib/pf/Authentication/Source/SMSSource.pm +++ b/lib/pf/Authentication/Source/SMSSource.pm @@ -54,6 +54,20 @@ sub available_attributes { return [@$super_attributes, @$own_attributes]; } +=head2 available_actions + +For a SMS source, we don't allow the B action. + +=cut + +sub available_actions { + return [ grep { $_ ne $Actions::MARK_AS_SPONSOR } @Actions::ACTIONS ]; +} + +=head2 match_in_subclass + +=cut + sub match_in_subclass { my ($self, $params, $rule, $own_conditions, $matching_conditions) = @_; return $params->{'username'}; diff --git a/lib/pf/Authentication/Source/SponsorEmailSource.pm b/lib/pf/Authentication/Source/SponsorEmailSource.pm index 5f834c2aebb4..067cf2b66900 100644 --- a/lib/pf/Authentication/Source/SponsorEmailSource.pm +++ b/lib/pf/Authentication/Source/SponsorEmailSource.pm @@ -32,6 +32,16 @@ sub available_attributes { return [@$super_attributes, @$own_attributes]; } +=head2 available_actions + +For a SponsorEmail source, we don't allow the B action. + +=cut + +sub available_actions { + return [ grep { $_ ne $Actions::MARK_AS_SPONSOR } @Actions::ACTIONS ]; +} + =head2 match_in_subclass =cut From 30256fb88720e15cd9af48677e076e49d7501a94 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 28 Nov 2013 13:23:11 -0500 Subject: [PATCH 171/369] Comments cleanup --- sbin/pfdns | 8 -------- 1 file changed, 8 deletions(-) diff --git a/sbin/pfdns b/sbin/pfdns index b7d1eda6273e..430397a7a8ba 100755 --- a/sbin/pfdns +++ b/sbin/pfdns @@ -242,14 +242,6 @@ sub normal_sighandler { =back -=head1 BUGS AND LIMITATIONS - -Probably - -=head1 AUTHOR - -Fabrice Durand - =head1 COPYRIGHT Copyright (C) 2007-2013 Inverse inc. From 21315589058765053e4110609792ac8188d62b1b Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Thu, 6 Jun 2013 10:13:34 -0400 Subject: [PATCH 172/369] Rewrite feature for packetfence 4, missing admin gui stuff --- html/captive-portal/email_activation.cgi | 5 +- html/captive-portal/mobile-confirmation.cgi | 2 +- html/captive-portal/oauth2.cgi | 3 +- html/captive-portal/register.cgi | 4 +- lib/pf/config.pm | 110 +++++++++++++++++++- lib/pf/web/wispr.pm | 2 +- 6 files changed, 118 insertions(+), 8 deletions(-) diff --git a/html/captive-portal/email_activation.cgi b/html/captive-portal/email_activation.cgi index b3167c584b68..491f18b1aeb3 100755 --- a/html/captive-portal/email_activation.cgi +++ b/html/captive-portal/email_activation.cgi @@ -79,12 +79,13 @@ if (defined($cgi->url_param('code'))) { my $expiration = &pf::authentication::match($source->{id}, $auth_params, $Actions::SET_ACCESS_DURATION); if (defined $expiration) { - $expiration = POSIX::strftime("%Y-%m-%d %H:%M:%S", localtime(time + normalize_time($expiration))); + $expiration = access_duration($expiration); } else { - $expiration = &pf::authentication::match($source->{id}, $auth_params, $Actions::SET_UNREG_DATE); + $expiration = &pf::authentication::match($source_id, $auth_params, $Actions::SET_UNREG_DATE); } + my $category = &pf::authentication::match($source->{id}, $auth_params, $Actions::SET_ROLE); $logger->debug("Determined unregdate $expiration and category $category for email $email"); diff --git a/html/captive-portal/mobile-confirmation.cgi b/html/captive-portal/mobile-confirmation.cgi index 8cc2c15d268f..baaa4cc93ed4 100755 --- a/html/captive-portal/mobile-confirmation.cgi +++ b/html/captive-portal/mobile-confirmation.cgi @@ -76,7 +76,7 @@ if ( $portalSession->getCgi->param("pin") ) { $info{'unregdate'} = &pf::authentication::match($source->{id}, $auth_params, $Actions::SET_ACCESS_DURATION); if (defined $info{'unregdate'}) { - $info{'unregdate'} = POSIX::strftime("%Y-%m-%d %H:%M:%S", localtime(time + normalize_time($info{'unregdate'}))); + $info{'unregdate'} = access_duration($info{'unregdate'}); } else { $info{'unregdate'} = &pf::authentication::match($source->{id}, $auth_params, $Actions::SET_UNREG_DATE); diff --git a/html/captive-portal/oauth2.cgi b/html/captive-portal/oauth2.cgi index 4abe771c5dc9..37708bb5c22c 100755 --- a/html/captive-portal/oauth2.cgi +++ b/html/captive-portal/oauth2.cgi @@ -99,8 +99,9 @@ if ($source) { # Setting access timeout and role (category) dynamically $info{'unregdate'} = &pf::authentication::match($source->{id}, {username => $pid}, $Actions::SET_ACCESS_DURATION); +<<<<<<< HEAD if (defined $info{'unregdate'}) { - $info{'unregdate'} = POSIX::strftime("%Y-%m-%d %H:%M:%S", localtime(time + normalize_time($info{'unregdate'}))); + $info{'unregdate'} = access_duration($info{'unregdate'}); } else { $info{'unregdate'} = &pf::authentication::match($source->{id}, {username => $pid}, $Actions::SET_UNREG_DATE); diff --git a/html/captive-portal/register.cgi b/html/captive-portal/register.cgi index 159937213124..eefae325ca0d 100755 --- a/html/captive-portal/register.cgi +++ b/html/captive-portal/register.cgi @@ -159,8 +159,8 @@ elsif ( (defined($cgi->param('username') ) || $no_username_needed ) && ($cgi->pa # otherwise, use the unregdate when defined. $value = &pf::authentication::match($source_id, $params, $Actions::SET_ACCESS_DURATION); if (defined $value) { - $value = POSIX::strftime("%Y-%m-%d %H:%M:%S", localtime(time + normalize_time($value))); - $logger->trace("Computed unrege date from access duration: $value"); + $logger->trace("No unregdate found - computing it from access duration"); + $value = access_duration($value); } else { $value = &pf::authentication::match($source_id, $params, $Actions::SET_UNREG_DATE); diff --git a/lib/pf/config.pm b/lib/pf/config.pm index 0c85f4ab72a1..463ac9fc5371 100644 --- a/lib/pf/config.pm +++ b/lib/pf/config.pm @@ -38,6 +38,7 @@ use Try::Tiny; use File::Which; use Socket; use List::MoreUtils qw(any); +use Time::Local; # Categorized by feature, pay attention when modifying our ( @@ -97,7 +98,7 @@ BEGIN { $SELFREG_MODE_EMAIL $SELFREG_MODE_SMS $SELFREG_MODE_SPONSOR $SELFREG_MODE_GOOGLE $SELFREG_MODE_FACEBOOK $SELFREG_MODE_GITHUB $SELFREG_MODE_NULL %CAPTIVE_PORTAL $HTTP $HTTPS - normalize_time $TIME_MODIFIER_RE $ACCT_TIME_MODIFIER_RE + normalize_time $TIME_MODIFIER_RE $ACCT_TIME_MODIFIER_RE $DEADLINE_UNIT access_duration $BANDWIDTH_DIRECTION_RE $BANDWIDTH_UNITS_RE is_vlan_enforcement_enabled is_inline_enforcement_enabled is_in_list @@ -345,6 +346,7 @@ my $cache_inline_enforcement_enabled; # html/admin/common/helpers.inc's get_time_units_for_dropdown and get_time_regexp() our $TIME_MODIFIER_RE = qr/[smhDWMY]/; our $ACCT_TIME_MODIFIER_RE = qr/[DWMY]/; +our $DEADLINE_UNIT = qr/[RF]/; # Bandwdith accounting values our $BANDWIDTH_DIRECTION_RE = qr/IN|OUT|TOT/; @@ -696,6 +698,112 @@ sub normalize_time { } } +=item access_duration + +Calculate the unregdate from from specific trigger + +=cut + +sub access_duration { + my ($trigger) =@_; + if ( $trigger =~ /^(\d+)($TIME_MODIFIER_RE)$/i ) { + return POSIX::strftime("%Y-%m-%d %H:%M:%S", localtime(time + normalize_time($trigger))); + } + elsif ($trigger =~ /^(\d+)($TIME_MODIFIER_RE)($DEADLINE_UNIT)([-+])(\d+)($TIME_MODIFIER_RE)$/i) { + my ($tvalue,$sort,$advance_type,$sign,$delta_value,$delta_type) = ($1,$2,$3,$4,$5,$6); + my $delta = normalize_time($delta_value.$delta_type); + if ($sign eq "-") { + $delta *= -1; + } + if ($advance_type eq 'R') { + return POSIX::strftime("%Y-%m-%d %H:%M:%S",localtime( start_date($tvalue.$sort) + end_date($tvalue.$sort) + $delta ) ); + } + elsif ($advance_type eq 'F') { + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); + my $today_sec = ($hour * 3600) + ($min * 60) + $sec; + return POSIX::strftime("%Y-%m-%d %H:%M:%S",localtime( (time + normalize_time($tvalue.$sort) ) - $today_sec + $delta ) ); + } + else { + return $FALSE; + } + } +} + +=item start_date + +Function that calculate the starting date in second of the current day (at midnight), +week (on monday midnight), month (first of the month at midnight), year (first january at midnight). + +=cut + +sub start_date { + my ($date) = @_; + + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); + my ( $num, $modifier ) = $date =~ /^(\d+)($TIME_MODIFIER_RE)$/i or return (0); + if ( $modifier eq "D" ) { + return (time - (($hour * 3600) + ($min * 60) + $sec)); + } elsif ( $modifier eq "W" ) { + if ($wday eq '0') { + $wday = 6; + } else { + $wday = ($wday -1); + } + return (time - (($wday * 86400) + ($hour * 3600) + ($min * 60) + $sec)); + } elsif ( $modifier eq "M" ) { + return ( mktime (0,0,0,1,$mon,$year)); + } elsif ( $modifier eq "Y" ) { + return ( mktime (0,0,0,0,0,$year)); + } +} + +=item end_date + +Function that calculate the ending timestamp of the current day,week,month,year +(exemple 15 Jan 2012 will calculate the 31 Jan 2012 if the arg of the function is 1M) + +=cut + +sub end_date { + my ($date) =@_; + my $logger = Log::Log4perl::get_logger('pf::config'); + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); + my ( $num, $modifier ) = $date =~ /^(\d+)($TIME_MODIFIER_RE)$/i or return (0); + if ( $modifier eq "D" ) { + return ( $num * 86400 ); + } elsif ( $modifier eq "W" ) { + return ($num * 604800); + } elsif ( $modifier eq "M" ) { + # We have to calculate the number of days in the next month(s) + my $days_month = 0; + while ($num != 0) { + if ($mon eq 11) { + $mon = 0; + $year ++; + } + my $next_month = timelocal(0, 0, 0, 1, $mon + 1 , $year); + $days_month += (localtime($next_month - 86_400))[3]; + $mon ++; + $num --; + } + return (($days_month + 1) * 86400); + } elsif ( $modifier eq "Y" ) { + # We have to calculate the number of days in the next year(s) + my $days_year = 0; + $year = $year + 1900; + while ($num != 0) { + if ((($year & 3) == 0) && (($year % 100 != 0) || ($year % 400 == 0))) { + $days_year += 366; + } else { + $days_year += 365; + } + $num --; + $year ++; + } + return (($days_year + 1 ) * 86400); + } +} + =item is_vlan_enforcement_enabled Returns true or false based on if vlan enforcement is enabled or not diff --git a/lib/pf/web/wispr.pm b/lib/pf/web/wispr.pm index a8c991d17b9a..7cc44f974738 100644 --- a/lib/pf/web/wispr.pm +++ b/lib/pf/web/wispr.pm @@ -120,7 +120,7 @@ sub handler { if (defined $value) { $logger->trace("No unregdate found - computing it from access duration"); - $value = POSIX::strftime("%Y-%m-%d %H:%M:%S", localtime(time + normalize_time($value))); + $value = access_duration($value); } else { $logger->trace("Unregdate found, we use it right away"); From 96cbf1c70ced9aaa03956a279fecf67962f61989 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 22 Oct 2013 14:00:50 -0400 Subject: [PATCH 173/369] Fix oauth2.cgi --- html/captive-portal/oauth2.cgi | 1 - 1 file changed, 1 deletion(-) diff --git a/html/captive-portal/oauth2.cgi b/html/captive-portal/oauth2.cgi index 37708bb5c22c..921d41f9f533 100755 --- a/html/captive-portal/oauth2.cgi +++ b/html/captive-portal/oauth2.cgi @@ -99,7 +99,6 @@ if ($source) { # Setting access timeout and role (category) dynamically $info{'unregdate'} = &pf::authentication::match($source->{id}, {username => $pid}, $Actions::SET_ACCESS_DURATION); -<<<<<<< HEAD if (defined $info{'unregdate'}) { $info{'unregdate'} = access_duration($info{'unregdate'}); } From 266944d6d2a80fe0b5d4b5187cd93d97949471d7 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 22 Oct 2013 16:10:05 -0400 Subject: [PATCH 174/369] Handle advanced deadline in self-registration CGI --- html/captive-portal/guest-selfregistration.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/captive-portal/guest-selfregistration.cgi b/html/captive-portal/guest-selfregistration.cgi index 1248b5bcfd01..bc209b613241 100755 --- a/html/captive-portal/guest-selfregistration.cgi +++ b/html/captive-portal/guest-selfregistration.cgi @@ -246,7 +246,7 @@ if (defined($cgi->url_param('mode')) && $cgi->url_param('mode') eq $pf::web::gue $info{'unregdate'} = &pf::authentication::match($source->{id}, $auth_params, $Actions::SET_ACCESS_DURATION); if (defined $info{'unregdate'}) { - $info{'unregdate'} = POSIX::strftime("%Y-%m-%d %H:%M:%S", localtime(time + normalize_time($info{'unregdate'}))); + $info{'unregdate'} = access_duration($info{'unregdate'}); } else { $info{'unregdate'} = &pf::authentication::match($source->{id}, $auth_params, $Actions::SET_UNREG_DATE); From 34525526dba5651ca7d453ce84500086c8642bf6 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 23 Oct 2013 10:34:08 -0400 Subject: [PATCH 175/369] Fix calculation of duration for months and years --- lib/pf/config.pm | 102 +++++++++++++++++++++++++++++++---------------- 1 file changed, 68 insertions(+), 34 deletions(-) diff --git a/lib/pf/config.pm b/lib/pf/config.pm index 463ac9fc5371..ba62461c891f 100644 --- a/lib/pf/config.pm +++ b/lib/pf/config.pm @@ -700,28 +700,37 @@ sub normalize_time { =item access_duration -Calculate the unregdate from from specific trigger +Calculate the unregdate from from specific trigger. + +Returns a formatted date (YYYY-MM-DD HH:MM:SS). =cut sub access_duration { - my ($trigger) =@_; + my $trigger = shift; + my $refdate = shift || time; if ( $trigger =~ /^(\d+)($TIME_MODIFIER_RE)$/i ) { - return POSIX::strftime("%Y-%m-%d %H:%M:%S", localtime(time + normalize_time($trigger))); + # absolute value with respect to the reference date + # ex: access_duration(1W, 2001-01-01 12:00, 2001-08-01 12:00) + return POSIX::strftime("%Y-%m-%d %H:%M:%S", localtime($refdate + normalize_time($trigger))); } elsif ($trigger =~ /^(\d+)($TIME_MODIFIER_RE)($DEADLINE_UNIT)([-+])(\d+)($TIME_MODIFIER_RE)$/i) { - my ($tvalue,$sort,$advance_type,$sign,$delta_value,$delta_type) = ($1,$2,$3,$4,$5,$6); + # we match the beginning of the period + my ($tvalue,$modifier,$advance_type,$sign,$delta_value,$delta_type) = ($1,$2,$3,$4,$5,$6); my $delta = normalize_time($delta_value.$delta_type); if ($sign eq "-") { $delta *= -1; } - if ($advance_type eq 'R') { - return POSIX::strftime("%Y-%m-%d %H:%M:%S",localtime( start_date($tvalue.$sort) + end_date($tvalue.$sort) + $delta ) ); + if ($advance_type eq 'R') { # relative + # ex: access_duration(1WR+1D, 2001-01-01 12:00, 2001-08-02 00:00) (week starts on Monday) + return POSIX::strftime("%Y-%m-%d %H:%M:%S", + localtime( start_date($modifier, $refdate) + duration($tvalue.$modifier, $refdate) + $delta )); } - elsif ($advance_type eq 'F') { - my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); + elsif ($advance_type eq 'F') { # fixed + # ex: access_duration(1WF+1D, 2001-01-01 12:00, 2001-09-01 00:00) + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($refdate); my $today_sec = ($hour * 3600) + ($min * 60) + $sec; - return POSIX::strftime("%Y-%m-%d %H:%M:%S",localtime( (time + normalize_time($tvalue.$sort) ) - $today_sec + $delta ) ); + return POSIX::strftime("%Y-%m-%d %H:%M:%S", localtime( ($refdate + normalize_time($tvalue.$modifier)) - $today_sec + $delta )); } else { return $FALSE; @@ -731,49 +740,74 @@ sub access_duration { =item start_date -Function that calculate the starting date in second of the current day (at midnight), -week (on monday midnight), month (first of the month at midnight), year (first january at midnight). +Calculate the beginning of the period. + +=over + +=item The beginning of a day is at midnight + +=item The beginning of the week is on Monday at midnight + +=item The beginning of the month is on the first at midnight + +=item The beginning of the year is on Januaray 1st at midnight + +=back + +Returns the number of seconds since the Epoch. =cut sub start_date { - my ($date) = @_; + my $date = shift; + my $refdate = shift || time; - my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); - my ( $num, $modifier ) = $date =~ /^(\d+)($TIME_MODIFIER_RE)$/i or return (0); + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($refdate); + my ($modifier) = $date =~ /^($TIME_MODIFIER_RE)$/i or return (0); if ( $modifier eq "D" ) { - return (time - (($hour * 3600) + ($min * 60) + $sec)); + return ($refdate - (($hour * 3600) + ($min * 60) + $sec)); } elsif ( $modifier eq "W" ) { if ($wday eq '0') { $wday = 6; } else { $wday = ($wday -1); } - return (time - (($wday * 86400) + ($hour * 3600) + ($min * 60) + $sec)); + return ($refdate - (($wday * 86400) + ($hour * 3600) + ($min * 60) + $sec)); } elsif ( $modifier eq "M" ) { - return ( mktime (0,0,0,1,$mon,$year)); + return (mktime(0,0,0,1,$mon,$year)); } elsif ( $modifier eq "Y" ) { - return ( mktime (0,0,0,0,0,$year)); + return (mktime(0,0,0,1,0,$year)); } } -=item end_date +=item duration + +Calculate the number of seconds to reach the end of the period from the beginning +of the period. -Function that calculate the ending timestamp of the current day,week,month,year -(exemple 15 Jan 2012 will calculate the 31 Jan 2012 if the arg of the function is 1M) +=over + +=item Example: duration(1D, 2001-01-02 12:00:00) returns 1 * 24 * 60 * 60 + +=item Example: duration(2W, 2001-01-02 12:00:00) returns 2 * 7 * 24 * 60 * 60 + +=item Example: duration(2M, 2001-01-02 12:00:00) returns (31+28) * 24 * 60 * 60 + +=back =cut -sub end_date { - my ($date) =@_; - my $logger = Log::Log4perl::get_logger('pf::config'); - my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); - my ( $num, $modifier ) = $date =~ /^(\d+)($TIME_MODIFIER_RE)$/i or return (0); - if ( $modifier eq "D" ) { - return ( $num * 86400 ); - } elsif ( $modifier eq "W" ) { +sub duration { + my $date = shift; + my $refdate = shift || time; + + my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($refdate); + my ($num, $modifier) = $date =~ /^(\d+)($TIME_MODIFIER_RE)$/i or return (0); + if ($modifier eq "D") { + return ($num * 86400); + } elsif ($modifier eq "W") { return ($num * 604800); - } elsif ( $modifier eq "M" ) { + } elsif ($modifier eq "M") { # We have to calculate the number of days in the next month(s) my $days_month = 0; while ($num != 0) { @@ -782,12 +816,12 @@ sub end_date { $year ++; } my $next_month = timelocal(0, 0, 0, 1, $mon + 1 , $year); - $days_month += (localtime($next_month - 86_400))[3]; + $days_month += (localtime($next_month - 86400))[3]; $mon ++; $num --; } - return (($days_month + 1) * 86400); - } elsif ( $modifier eq "Y" ) { + return ($days_month * 86400); + } elsif ($modifier eq "Y") { # We have to calculate the number of days in the next year(s) my $days_year = 0; $year = $year + 1900; @@ -800,7 +834,7 @@ sub end_date { $num --; $year ++; } - return (($days_year + 1 ) * 86400); + return ($days_year * 86400); } } From 4b0b1fb9b5856dac358a9e8fe532731e1c151c0f Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 23 Oct 2013 10:40:33 -0400 Subject: [PATCH 176/369] Tests for pf::config::access_duration --- t/config.t | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/t/config.t b/t/config.t index dbb9f509665e..1173ec99d8f5 100755 --- a/t/config.t +++ b/t/config.t @@ -44,7 +44,8 @@ foreach my $section ( tied(%doc)->Sections ) { # +2 NoWarnings, use_ok # +4 is_in_list # +9 normalize_time -plan tests => $testNb + 2 + 4 + 9; +# +15 access_duration +plan tests => $testNb + 2 + 4 + 9 + 15; use_ok('pf::config'); @@ -92,6 +93,26 @@ is(normalize_time("2W"), 2 * 7 * 24 * 60 * 60, "normalizing weeks"); is(normalize_time("2M"), 2 * 30 * 24 * 60 * 60, "normalizing months"); is(normalize_time("2Y"), 2 * 365 * 24 * 60 * 60, "normalizing years"); +my $tsformat = "%Y-%m-%d %H:%M:%S"; +my $refdate = POSIX::mktime(0,0,12,2,0,101); # 2001-01-02 12:00:00 (Tuesday) +# print POSIX::strftime("$tsformat (%A)", localtime($refdate)),"\n"; +is(access_duration("2D", $refdate), POSIX::strftime($tsformat, localtime($refdate + 2 * 24 * 60 * 60)), "access duration in days"); +is(access_duration("2M", $refdate), POSIX::strftime($tsformat, localtime($refdate + 2 * 30 * 24 * 60 * 60)), "access duration in months"); +is(access_duration("2Y", $refdate), POSIX::strftime($tsformat, localtime($refdate + 2 * 365 * 24 * 60 * 60)), "access duration in years"); +# duration relative to the beggining of the day +is(access_duration("1DR+0D", $refdate), POSIX::strftime($tsformat, localtime($refdate + 1 * 24 * 60 * 60 - 12 * 60 * 60)), "relative duration by day"); +is(access_duration("1DR+2D", $refdate), POSIX::strftime($tsformat, localtime($refdate + (1+2) * 24 * 60 * 60 - 12 * 60 * 60)), "relative duration by day"); +is(access_duration("2DR-0D", $refdate), POSIX::strftime($tsformat, localtime($refdate + 2 * 24 * 60 * 60 - 12 * 60 * 60)), "negative relative duration by day"); +is(access_duration("1WR+1D", $refdate), POSIX::strftime($tsformat, localtime($refdate + (7-1+1) * 24 * 60 * 60 - 12 * 60 * 60)), "relative duration by week"); +is(access_duration("2WR+1D", $refdate), POSIX::strftime($tsformat, localtime($refdate + (7-1+7+1) * 24 * 60 * 60 - 12 * 60 * 60)), "relative duration by two week"); +is(access_duration("1WR-1D", $refdate), POSIX::strftime($tsformat, localtime($refdate + (7-1-1) * 24 * 60 * 60 - 12 * 60 * 60)), "negative relative duration by week"); +is(access_duration("2MR+1D", $refdate), POSIX::strftime($tsformat, localtime($refdate + (31-1+28+1) * 24 * 60 * 60 - 12 * 60 * 60)), "relative duration by month"); +is(access_duration("1YR+2M", $refdate), POSIX::strftime($tsformat, localtime(POSIX::mktime(0,0,0,1,0,102,0,0,0) + 2 * 30 * 24 * 60 * 60)), "relative duration by year"); +is(access_duration("1DF+2D", $refdate), POSIX::strftime($tsformat, localtime($refdate + (1+2) * 24 * 60 * 60 - 12 * 60 * 60)), "fixed duration by day"); +is(access_duration("1WF+1D", $refdate), POSIX::strftime($tsformat, localtime($refdate + (7+1) * 24 * 60 * 60 - 12 * 60 * 60)), "fixed duration by week"); +is(access_duration("1MF+1D", $refdate), POSIX::strftime($tsformat, localtime($refdate + (30+1) * 24 * 60 * 60 - 12 * 60 * 60)), "fixed duration by month"); +is(access_duration("1YF+1D", $refdate), POSIX::strftime($tsformat, localtime($refdate + (365+1) * 24 * 60 * 60 - 12 * 60 * 60)), "fixed duration by year"); + # TODO add tests for configfile import / export =head1 AUTHOR From 55fea9b0d3bb112f9ab40228116ac6d91a095999 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 1 Nov 2013 09:22:17 -0400 Subject: [PATCH 177/369] Improve pf::web::util::get_translated_time_hash --- .../lib/pfappserver/Base/Form/Authentication/Action.pm | 2 +- lib/pf/web/util.pm | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm b/html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm index 538f30be8712..b5be6756fc2a 100644 --- a/html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm +++ b/html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm @@ -218,7 +218,7 @@ sub options_durations { [ split (/\s*,\s*/, $choices) ], $self->form->ctx->languages()->[0] ); - my @options = map { get_abbr_time($_) => $durations->{$_} } sort { $a <=> $b } keys %$durations; + my @options = map { $durations->{$_}[0] => $durations->{$_}[1] } sort { $a <=> $b } keys %$durations; return \@options; } diff --git a/lib/pf/web/util.pm b/lib/pf/web/util.pm index 7e60c2ee52e6..99acb3e04b2a 100644 --- a/lib/pf/web/util.pm +++ b/lib/pf/web/util.pm @@ -186,13 +186,13 @@ sub get_translated_time_hash { my ($to_translate, $locale) = @_; my %time; - foreach my $keys (@{$to_translate}) { - my ($unit, $unit_plural, $value) = get_translatable_time($keys); + foreach my $key (@{$to_translate}) { + my ($unit, $unit_plural, $value) = get_translatable_time($key); # we normalize time so we can present the hash in a sorted fashion - my $unix_timestamp = normalize_time($keys); + my $unix_timestamp = normalize_time($key); - $time{$unix_timestamp} = $value . " " . ni18n($unit, $unit_plural, $value); + $time{$unix_timestamp} = [$key, $value . " " . ni18n($unit, $unit_plural, $value)]; } return \%time; } From be449f2418b3b045952ad4bfc14ceaffa3532ade Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 1 Nov 2013 09:33:36 -0400 Subject: [PATCH 178/369] Improve update of compound fields in Base::Form --- html/pfappserver/lib/pfappserver/Base/Form.pm | 49 ++++++++++--------- 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Base/Form.pm b/html/pfappserver/lib/pfappserver/Base/Form.pm index d1e539f7b3c6..b6bc71f3b863 100644 --- a/html/pfappserver/lib/pfappserver/Base/Form.pm +++ b/html/pfappserver/lib/pfappserver/Base/Form.pm @@ -1,4 +1,5 @@ package pfappserver::Base::Form; + =head1 NAME pfappserver::Base::Form @@ -97,32 +98,32 @@ sub update_fields { my $self = shift; foreach my $field (@{$self->fields}) { - if ($field->required) { - $field->set_element_attr('data-required' => 'required'); - $field->tags->{label_after} = ' '; - } - if ($field->type eq 'PosInteger') { - $field->type_attr($field->html5_type_attr); - $field->set_element_attr('data-type' => 'number'); + $self->update_field($field); + } +} + +sub update_field { + my ($self, $field) = @_; + + if ($field->required) { + $field->set_element_attr('data-required' => 'required'); + $field->tags->{label_after} = ' '; + } + if ($field->type eq 'PosInteger') { + $field->type_attr($field->html5_type_attr); + $field->set_element_attr('data-type' => 'number'); + } + elsif ($field->type eq 'DatePicker') { + if ($field->start) { + $field->set_element_attr('data-date-startdate' => $field->start); } - elsif ($field->type eq 'DatePicker') { - if ($field->start) { - $field->set_element_attr('data-date-startdate' => $field->start); - } - if ($field->end) { - $field->set_element_attr('data-date-enddate' => $field->end); - } + if ($field->end) { + $field->set_element_attr('data-date-enddate' => $field->end); } - elsif ($field->{is_compound}) { - foreach my $subfield (@{$field->fields}) { - if ($subfield->type eq 'PosInteger') { - $subfield->type_attr($subfield->html5_type_attr); - $subfield->set_element_attr('data-type' => 'number'); - } - if ($field->required) { - $subfield->set_element_attr('data-required' => 'required'); - } - } + } + elsif ($field->can('fields')) { + foreach my $subfield (@{$field->fields}) { + $self->update_field($subfield); } } } From 8fd328beef3be8fe1274bc42d019503147e56660 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 1 Nov 2013 09:46:51 -0400 Subject: [PATCH 179/369] Improve Form::Field::Duration Added attributes "with_operator" (show a select input with 'add' and 'subtract' options) and "with_time" (optionally hide time units). Also added support to disable the entire widget. --- .../lib/pfappserver/Form/Field/Duration.pm | 137 ++++++++++++++++-- 1 file changed, 124 insertions(+), 13 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Form/Field/Duration.pm b/html/pfappserver/lib/pfappserver/Form/Field/Duration.pm index 75ce818e1e93..370f239cd691 100644 --- a/html/pfappserver/lib/pfappserver/Form/Field/Duration.pm +++ b/html/pfappserver/lib/pfappserver/Form/Field/Duration.pm @@ -19,6 +19,25 @@ use namespace::autoclean; use pf::config; +=head1 ATTRIBUTES + +=head2 with_operator (default: disabled) + +If this boolean attribute is enabled, an operator select input will be printed with the options +B and B. + +=cut + +has 'with_operator' => (isa => 'Bool', is => 'ro', default => 0); + +=head2 with_time (default: enabled) + +If this boolean attribute is enabled, the time units will include hours, minutes and seconds. + +=cut + +has 'with_time' => (isa => 'Bool', is => 'ro', default => 1); + has '+do_wrapper' => ( default => 1 ); has '+do_label' => ( default => 1 ); has '+inflate_default_method'=> ( default => sub { \&duration_inflate } ); @@ -43,24 +62,111 @@ has_field 'unit' => tags => { no_errors => 1 }, wrapper_class => ['btn-group'], wrapper_attr => {'data-toggle' => 'buttons-radio'}, - options => [ - {value => 's', label => 'seconds'}, - {value => 'm', label => 'minutes'}, - {value => 'h', label => 'hours'}, - {value => 'D', label => 'days'}, - {value => 'W', label => 'weeks'}, - {value => 'M', label => 'months'}, - {value => "Y", label => 'years'}, - ], + options_method => \&options_unit, apply => [ { check => $TIME_MODIFIER_RE } ], ); +=head1 METHODS + +=head2 BUILD + +Propagate the 'disabled' attribute to all subfields. + +=cut + +sub BUILD { + my ($self) = @_; + + if ($self->element_attr->{"disabled"}) { + foreach my $subfield ( $self->sorted_fields ) { + $self->set_disabled($subfield); + } + } +} + +=head2 field_list + +Dynamically build the 'operator' field. + +=cut + +sub field_list { + my $self = shift; + + my $list = []; + + if ($self->{with_operator}) { + my $field = + { + name => 'operator', + order => 1, # place it before all other fields + type => 'Select', + do_label => 0, + widget_wrapper => 'None', + element_class => ['input-small'], + options => + [ + {value => 'add', label => 'add'}, + {value => 'subtract', label => 'subtract'}, + ], + }; + push(@$list, $field); + } + + return $list; +} + +=head2 set_disabled + +Set the 'disable' attribute of a field. + +=cut + +sub set_disabled { + my ($self, $field) = @_; + if ($field->can("fields")) { + foreach my $subfield ($field->fields) { + set_disabled($subfield); + } + } + $field->set_element_attr("disabled" => "disabled"); +} + +=head2 options_unit + +Dynamically define the unit options based on the 'with_time' class attribute. + +=cut + +sub options_unit { + my $self = shift; + + my @options; + if ($self->parent->{with_time}) { + @options = + ( + {value => 's', label => 'seconds'}, + {value => 'm', label => 'minutes'}, + {value => 'h', label => 'hours'}, + ); + } + push(@options, + {value => 'D', label => 'days'}, + {value => 'W', label => 'weeks'}, + {value => 'M', label => 'months'}, + {value => "Y", label => 'years'}, + ); + + return @options; +} + sub duration_inflate { my ($self, $value) = @_; - return {} unless (defined $value && $value =~ m/(\d+)($TIME_MODIFIER_RE)/); - my $hash = {interval => $1, - unit => $2}; + return {} unless (defined $value && $value =~ m/([+\-])?(\d+)($TIME_MODIFIER_RE)/); + my $hash = {operator => ($1 eq '-')? 'subtract':'add', + interval => $2, + unit => $3}; return $hash; } @@ -68,10 +174,15 @@ sub duration_inflate { sub duration_deflate { my ($self, $value) = @_; + my $operator = ''; my $interval = $value->{interval}; my $unit = $value->{unit}; - return $interval.$unit if (defined $interval && defined $unit); + if ($self->{with_operator}) { + $operator = $value->{operator} eq 'add'? '+' : '-'; + } + + return $operator.$interval.$unit if (defined $interval && defined $unit); } =head1 COPYRIGHT From a4864c864a43daf43c69d5f9d991eb2b1fa53023 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 1 Nov 2013 10:05:34 -0400 Subject: [PATCH 180/369] Support 'disabled' attribute in ButtonGroup --- .../lib/pfappserver/Form/Widget/Field/ButtonGroup.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/html/pfappserver/lib/pfappserver/Form/Widget/Field/ButtonGroup.pm b/html/pfappserver/lib/pfappserver/Form/Widget/Field/ButtonGroup.pm index 6b355f298cda..c6351bcdbba4 100644 --- a/html/pfappserver/lib/pfappserver/Form/Widget/Field/ButtonGroup.pm +++ b/html/pfappserver/lib/pfappserver/Form/Widget/Field/ButtonGroup.pm @@ -65,6 +65,8 @@ sub render_radio { . $self->html_name . '" class="btn'; $output .= ' active' if $result->fif eq $value; + $output .= ' disabled' + if $self->element_attr->{'disabled'}; $output .= '" value="' . $self->html_filter($value) . '"'; $output .= process_attrs($option->{attributes}); From d8c036df50b614fdc5ecc7254ce741fa05215688 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 1 Nov 2013 10:10:09 -0400 Subject: [PATCH 181/369] C::Configuration: action to compute duration --- .../pfappserver/Controller/Configuration.pm | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration.pm index a04c2d4bac44..d42adcaf323b 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configuration.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration.pm @@ -123,6 +123,26 @@ sub pf_section :Path :Args(1) { } } +=head2 duration + +Given the number of seconds since the Epoch and a trigger, returns the formatted end date. + +=cut + +sub duration :Local :Args(2) { + my ($self, $c, $time, $trigger) = @_; + + my $status = HTTP_PRECONDITION_FAILED; + if ($time && $trigger) { + my $duration = access_duration($trigger, $time); + if ($duration) { + $status = HTTP_OK; + $c->stash->{status_msg} = $duration; + } + } + $c->stash->{current_view} = 'JSON'; + $c->response->status($status); +} =head2 interfaces From 698b8380efe368125107eb3c3ce703f32a8bce10 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 1 Nov 2013 10:59:54 -0400 Subject: [PATCH 182/369] application.js: trigger change event on btn groups --- html/pfappserver/root/static/app/application.js | 1 + 1 file changed, 1 insertion(+) diff --git a/html/pfappserver/root/static/app/application.js b/html/pfappserver/root/static/app/application.js index 176c57fbb5da..c9d1eae3d711 100644 --- a/html/pfappserver/root/static/app/application.js +++ b/html/pfappserver/root/static/app/application.js @@ -42,6 +42,7 @@ $(function () { var name = btn.attr('name'); var input = btn.siblings('input[name="' + name + '"]'); input.val(btn.attr('value')); + input.trigger('change'); }); /* Don't hide special "form" dropdown menu */ From 874d093d380d1ae54b1abee82a2ae74ad2460ba1 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 1 Nov 2013 11:02:55 -0400 Subject: [PATCH 183/369] Support hours/minutes/seconds in relative duration --- lib/pf/config.pm | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/pf/config.pm b/lib/pf/config.pm index ba62461c891f..e11882e74476 100644 --- a/lib/pf/config.pm +++ b/lib/pf/config.pm @@ -777,7 +777,13 @@ sub start_date { return (mktime(0,0,0,1,$mon,$year)); } elsif ( $modifier eq "Y" ) { return (mktime(0,0,0,1,0,$year)); + } elsif ( $modifier eq "h" ) { + return ($refdate - (($min * 60) + $sec)); + } elsif ( $modifier eq "m" ) { + return ($refdate - $sec); } + + return $refdate; } =item duration From 7f1d9b279ce8fb0e081c02bdfbd04d4600f3e5af Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 1 Nov 2013 11:14:27 -0400 Subject: [PATCH 184/369] New ExtendedDuration field and widget --- .../Form/Field/ExtendedDuration.pm | 161 ++++++++++++++++++ .../Form/Widget/Field/ExtendedDuration.pm | 83 +++++++++ html/pfappserver/root/static/admin/common.css | 3 +- lib/pf/config.pm | 10 +- lib/pf/util.pm | 4 +- 5 files changed, 253 insertions(+), 8 deletions(-) create mode 100644 html/pfappserver/lib/pfappserver/Form/Field/ExtendedDuration.pm create mode 100644 html/pfappserver/lib/pfappserver/Form/Widget/Field/ExtendedDuration.pm diff --git a/html/pfappserver/lib/pfappserver/Form/Field/ExtendedDuration.pm b/html/pfappserver/lib/pfappserver/Form/Field/ExtendedDuration.pm new file mode 100644 index 000000000000..bc18c6e851de --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Form/Field/ExtendedDuration.pm @@ -0,0 +1,161 @@ +package pfappserver::Form::Field::ExtendedDuration; + +=head1 NAME + +pfappserver::Form::Field::ExtendedDuration - extended duration compound + +=head1 DESCRIPTION + +This is a compound field that requires only one value of the form + \d[smhDWMY][RF][+-]\d[DWMY] + +The time units are rendered using the ButtonGroup widget. + +=cut + +use HTML::FormHandler::Moose; +extends 'HTML::FormHandler::Field::Compound'; +use namespace::autoclean; + +use pf::config; + +=head1 ATTRIBUTES + +=head2 no_value (default: 0) + +If this boolean attribute is true, don't return a value to the form. + +=cut + +has 'no_value' => (isa => 'Bool', is => 'ro', default => 0); # when enabled, don't return a value to the form + +has '+do_wrapper' => ( default => 1 ); +has '+do_label' => ( default => 1 ); +has '+inflate_default_method'=> ( default => sub { \&duration_inflate } ); +has '+deflate_value_method'=> ( default => sub { \&duration_deflate } ); +has '+widget' => ( default => 'ExtendedDuration' ); +has '+wrapper_class' => (builder => '_wrapper_class'); + +sub _wrapper_class { [qw(compound-input-btn-group)] } + +=head1 FIELDS + +=cut + +has_field 'duration' => + ( + type => 'Duration', + do_label => 0, + do_wrapper => 0, + with_time => 1, + ); + +has_field 'day_base' => + ( + type => 'Toggle', + label => 'Relative to the beginning of the day', + do_label => 0, + do_wrapper => 0, + ); + +has_field 'period_base' => + ( + type => 'Toggle', + label => 'Relative to the beginning of the period', + do_label => 0, + do_wrapper => 0, + element_attr => { 'disabled' => 'disabled' }, + ); + +has_field 'extended_duration' => + ( + type => 'Duration', + label => 'and', + do_wrapper => 0, + element_attr => { 'disabled' => 'disabled' }, + with_operator => 1, + with_time => 0, + ); + +has_field 'example' => + ( + type => 'Uneditable', + label => 'Example', + do_wrapper => 0, + label_class => ['text-info'], + element_class => ['text-info'], + default => 'YYYY-MM-DD hh:mm:ss YYYY-MM-DD hh:mm:ss', + ); + +=head1 METHODS + +=cut + +sub duration_inflate { + my ($self, $value) = @_; + + my $hash = {}; + if (defined $value) { + if ($value =~ /^(\d+$TIME_MODIFIER_RE)($DEADLINE_UNIT)([-+]\d+$TIME_MODIFIER_RE)$/i) { + $hash = {'duration' => $1, + 'day_base' => 'Y', + 'period_base' => ($2 eq 'R')? 'Y':'N', + 'extended_duration' => $3}; + } + elsif ($value =~ m/(\d+)($TIME_MODIFIER_RE)/) { + $hash = {'duration.interval' => $1, + 'duration.unit' => $2}; + } + } + + return $hash; +} + +sub duration_deflate { + my ($self, $value) = @_; + + return if ($self->{no_value}); + + my $duration = $value->{duration}; + if ($value->{day_base} eq $self->field('day_base')->{checkbox_value}) { + if ($value->{period_base} eq $self->field('day_base')->{checkbox_value}) { + $duration .= 'R'; + } else { + $duration .= 'F'; + } + if ($value->{extended_duration}) { + $duration .= $value->{extended_duration}; + } + else { + $duration .= '+0D'; + } + } + + return $duration; +} + +=head1 COPYRIGHT + +Copyright (C) 2012-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +__PACKAGE__->meta->make_immutable; +1; diff --git a/html/pfappserver/lib/pfappserver/Form/Widget/Field/ExtendedDuration.pm b/html/pfappserver/lib/pfappserver/Form/Widget/Field/ExtendedDuration.pm new file mode 100644 index 000000000000..777215a2b522 --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Form/Widget/Field/ExtendedDuration.pm @@ -0,0 +1,83 @@ +package pfappserver::Form::Widget::Field::ExtendedDuration; + +=head1 NAME + +pfappserver::Form::Widget::Field::ExtendedDuration - extended duration complex widget + +=head1 DESCRIPTION + +This compound field is to be used only with the ExtendedDuration form field. + +=cut + +use Moose::Role; +with 'HTML::FormHandler::Widget::Field::Compound'; + +=head1 METHODS + +=cut + +sub render_element { + my ( $self, $result ) = @_; + $result ||= $self->result; + + my $output = ''; + my $toggle = 0; + + foreach my $subfield ( $self->sorted_fields ) { + if ($subfield->{type} eq 'Toggle') { + if ($toggle) { + $output .= $self->render_subfield( $result, $subfield ); + $output .= ''; + } + else { + $output .= '
      '; + $output .= $self->render_subfield( $result, $subfield ); + $toggle = 1; + } + } + else { + $output .= $self->render_subfield( $result, $subfield ); + } + } + $output =~ s/^\n//; # remove newlines so they're not duplicated + + return $output; +} + +sub set_disabled { + my ($field) = @_; + if ($field->can("fields")) { + foreach my $subfield ($field->fields) { + set_disabled($subfield); + } + } + $field->set_element_attr("disabled" => "disabled"); +} + +use namespace::autoclean; + +=head1 COPYRIGHT + +Copyright (C) 2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; diff --git a/html/pfappserver/root/static/admin/common.css b/html/pfappserver/root/static/admin/common.css index fef48dfbddb8..fc235c3a638a 100644 --- a/html/pfappserver/root/static/admin/common.css +++ b/html/pfappserver/root/static/admin/common.css @@ -27,7 +27,8 @@ table .action { } /* position text input and button group on the same row */ -.row-fluid .compound-input-btn-group input { +.row-fluid .compound-input-btn-group input, +.row-fluid .compound-input-btn-group select { float: left; margin-right: 4px; } diff --git a/lib/pf/config.pm b/lib/pf/config.pm index e11882e74476..4563b0372832 100644 --- a/lib/pf/config.pm +++ b/lib/pf/config.pm @@ -685,7 +685,7 @@ sub normalize_time { return ($date); } else { - my ( $num, $modifier ) = $date =~ /^(\d+)($TIME_MODIFIER_RE)$/i or return (0); + my ( $num, $modifier ) = $date =~ /^(\d+)($TIME_MODIFIER_RE)/ or return (0); if ( $modifier eq "s" ) { return ($num); } elsif ( $modifier eq "m" ) { return ( $num * 60 ); @@ -709,12 +709,12 @@ Returns a formatted date (YYYY-MM-DD HH:MM:SS). sub access_duration { my $trigger = shift; my $refdate = shift || time; - if ( $trigger =~ /^(\d+)($TIME_MODIFIER_RE)$/i ) { + if ( $trigger =~ /^(\d+)($TIME_MODIFIER_RE)$/ ) { # absolute value with respect to the reference date # ex: access_duration(1W, 2001-01-01 12:00, 2001-08-01 12:00) return POSIX::strftime("%Y-%m-%d %H:%M:%S", localtime($refdate + normalize_time($trigger))); } - elsif ($trigger =~ /^(\d+)($TIME_MODIFIER_RE)($DEADLINE_UNIT)([-+])(\d+)($TIME_MODIFIER_RE)$/i) { + elsif ($trigger =~ /^(\d+)($TIME_MODIFIER_RE)($DEADLINE_UNIT)([-+])(\d+)($TIME_MODIFIER_RE)$/) { # we match the beginning of the period my ($tvalue,$modifier,$advance_type,$sign,$delta_value,$delta_type) = ($1,$2,$3,$4,$5,$6); my $delta = normalize_time($delta_value.$delta_type); @@ -763,7 +763,7 @@ sub start_date { my $refdate = shift || time; my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($refdate); - my ($modifier) = $date =~ /^($TIME_MODIFIER_RE)$/i or return (0); + my ($modifier) = $date =~ /^($TIME_MODIFIER_RE)$/ or return (0); if ( $modifier eq "D" ) { return ($refdate - (($hour * 3600) + ($min * 60) + $sec)); } elsif ( $modifier eq "W" ) { @@ -808,7 +808,7 @@ sub duration { my $refdate = shift || time; my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($refdate); - my ($num, $modifier) = $date =~ /^(\d+)($TIME_MODIFIER_RE)$/i or return (0); + my ($num, $modifier) = $date =~ /^(\d+)($TIME_MODIFIER_RE)$/ or return (0); if ($modifier eq "D") { return ($num * 86400); } elsif ($modifier eq "W") { diff --git a/lib/pf/util.pm b/lib/pf/util.pm index 574df8a5ac78..dbbda38d13d0 100644 --- a/lib/pf/util.pm +++ b/lib/pf/util.pm @@ -837,11 +837,11 @@ sub get_translatable_time { my ($time) = @_; # grab time unit - my ( $value, $unit ) = $time =~ /^(\d+)($TIME_MODIFIER_RE)$/i; + my ($value, $unit) = $time =~ /^(\d+)($TIME_MODIFIER_RE)/; unless ($unit) { $time = get_abbr_time($time); - ( $value, $unit ) = $time =~ /^(\d+)($TIME_MODIFIER_RE)$/i; + ($value, $unit) = $time =~ /^(\d+)($TIME_MODIFIER_RE)$/i; } if ($unit eq "s") { return ("second", "seconds", $value); From 37538797417d396b86a152d701b3c174d6ba1a6c Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 1 Nov 2013 14:30:30 -0400 Subject: [PATCH 185/369] Improve formatting of extended duration --- lib/pf/web/util.pm | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/pf/web/util.pm b/lib/pf/web/util.pm index 99acb3e04b2a..082f05acac8c 100644 --- a/lib/pf/web/util.pm +++ b/lib/pf/web/util.pm @@ -188,11 +188,19 @@ sub get_translated_time_hash { my %time; foreach my $key (@{$to_translate}) { my ($unit, $unit_plural, $value) = get_translatable_time($key); - + my $strfmt = $value . " " . ni18n($unit, $unit_plural, $value); + + if ($key =~ /^\d+$TIME_MODIFIER_RE$DEADLINE_UNIT([-+])(\d+$TIME_MODIFIER_RE)$/) { + ($unit, $unit_plural, $value) = get_translatable_time($2); + if ($value > 0) { + $strfmt .= sprintf(" (%s %i %s)", $1, $value, ni18n($unit, $unit_plural, $value)); + } + } + # we normalize time so we can present the hash in a sorted fashion my $unix_timestamp = normalize_time($key); - $time{$unix_timestamp} = [$key, $value . " " . ni18n($unit, $unit_plural, $value)]; + $time{$unix_timestamp} = [$key, $strfmt]; } return \%time; } From efe35c882de938c978358ebc4cad9a0244f4c5fa Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 1 Nov 2013 14:33:31 -0400 Subject: [PATCH 186/369] Set default_access_duration as an extended_time --- conf/documentation.conf | 2 +- .../lib/pfappserver/Form/Config/Pf.pm | 20 +++- html/pfappserver/root/static/admin/common.js | 103 +++++++++++++++++- 3 files changed, 120 insertions(+), 5 deletions(-) diff --git a/conf/documentation.conf b/conf/documentation.conf index a9c07ba80a70..fb80059ec0b0 100644 --- a/conf/documentation.conf +++ b/conf/documentation.conf @@ -364,7 +364,7 @@ authentication source. EOT [guests_admin_registration.default_access_duration] -type=time +type=extended_time description=< { 'placeholder' => $defaults->{$name} }, - tags => { after_element => \&help, # parent method, defined in Theme::Pf + tags => { after_element => \&help, # role method, defined in Base::Form::Role::Help help => $doc_section->{description} }, id => $name, label => $doc_section_name, @@ -108,6 +108,24 @@ sub field_list { $field->{type} = 'Duration'; last; }; + $type eq 'extended_time' && do { + $field->{type} = 'Text'; + push(@$list, $name => $field); + + # We currently have a single "extended_time" parameter and it's [guests_admin_registration.default_access_duration] + $name .= "_add"; + $field = + { + id => $name, + label => 'Duration', + type => 'ExtendedDuration', + no_value => 1, + element_attr => {'foo' => 'bar'}, + wrapper_class => ['compound-input-btn-group', 'extended-duration', 'well'], + tags => { after_element => '
      ' . $self->_localize("Add to Duration Choices") . '
      ' } + }; + last; + }; $type eq 'email' && do { $field->{type} = 'Email'; last; diff --git a/html/pfappserver/root/static/admin/common.js b/html/pfappserver/root/static/admin/common.js index ef9e83bbb8bc..8d61656624c0 100644 --- a/html/pfappserver/root/static/admin/common.js +++ b/html/pfappserver/root/static/admin/common.js @@ -203,6 +203,60 @@ function updateDynamicRowsAfterRemove(table) { } } +function updateExtendedDurationExample(group) { + var fromElement = $('#extendedFrom'); + var fromDate = fromElement.data('date'); + var fromString = fromElement.html(); + var toElement = $('#extendedTo'); + + function padZero(i) { return (i < 10)? '0'+i : i; }; + + if (!fromDate) { + // Initialize the reference date + var now = new Date(); + fromString = + now.getFullYear() + "-" + padZero(now.getMonth() + 1) + "-" + padZero(now.getDate()) + " " + + padZero(now.getHours()) + ":" + padZero(now.getMinutes()) + ":" + padZero(now.getSeconds()); + fromElement.html(fromString); + fromDate = Math.floor(now.getTime()/1000); + fromElement.data('date', fromDate); + } + + // Build duration representation + var interval = group.find('[name$=".duration.interval"]').val(); + var unit = group.find('input[name$=".duration.unit"]').val(); + if (interval && unit) { + var duration = interval + unit; + var day_base = group.find('[name$="day_base"]').is(':checked'); + if (day_base) { + var period_base = group.find('[name$="period_base"]').is(':checked'); + var e_duration = { + operator: group.find('[name$="operator"]').val(), + interval: group.find('[name$="extended_duration.interval"]').val(), + unit: group.find('input[name$="extended_duration.unit"]').val() + }; + duration += period_base? "R" : "F"; + if (e_duration.operator && e_duration.interval && e_duration.unit) { + duration += (e_duration.operator == 'subtract')? "-" : "+"; + duration += e_duration.interval + e_duration.unit; + } + else { + duration += '+0D'; + } + } + + group.data('duration', duration); + + $.ajax(['/configuration', 'duration', fromDate, duration].join('/')) + .done(function(data) { + toElement.html(data.status_msg); + }); + } + else { + toElement.html(fromString); + } +} + $(function () { // DOM ready /* redirect to URL specified in the location header */ @@ -301,6 +355,7 @@ $(function () { // DOM ready showPermanentError(form, status_msg); }); }); + /* Activate sortable tables and lists (rows/items can be re-ordered) */ $('body').on('mousemove', '.table-sortable tbody tr:not(.ui-draggable), .list-sortable li:not(.ui-draggable)', @@ -412,6 +467,7 @@ $(function () { // DOM ready $(this).trigger("deleterow"); return false; }); + $('body').on('deleterow', '.table-dynamic', function(event) { var table = $(this); var row = table.find(event.target).closest('tr'); @@ -426,9 +482,6 @@ $(function () { // DOM ready return false; }); - - - /* Activate links that trigger an ajax request and return a JSON status message */ $('#section').on('click','a.updates_section_status_msg', function() { var that = $(this); @@ -582,7 +635,51 @@ $(function () { // DOM ready }); }); + /* Add an extended duration to a text input field */ + $('#section').on('click', '#addExtendedTime', function(event) { + var btn = $(this); + var group = btn.closest('.extended-duration'); + var duration = group.data('duration'); // set in updateExtendedDurationExample + if (duration) { + var input = $(btn.data('target')); + var str = input.val(); + var found = false; + $.each(str.split(/ *, */), function(index, value) { + if (value == duration) { + found = true; + return false; + } + }); + if (!found) + input.val(str? str + "," + duration : duration); + } + + return false; + }); + + /* Update any extended duration examples when loading section */ + $('body').on('section.loaded', function(event) { + updateExtendedDurationExample($('.extended-duration')); + }); + + /* Update extended duration widget when changing parameters of the duration */ + $('#section').on('change', '.extended-duration', function(event) { + var input = $(event.target); + var group = input.closest('.extended-duration'); + + if (input.is('[name$="day_base"]')) { + // Advanced options are available only if "relative to the beginning of the day" is checked + var enabled = input.is(':checked'); + if (enabled) + group.find('[name*=extended_duration], [name$=period_base]').removeAttr('disabled').removeClass('disabled'); + else { + group.find('input[name*=extended_duration], select[name*=extended_duration], input[name$=period_base]').attr('disabled', 'disabled'); + group.find('a[name*=extended_duration]').addClass('disabled'); + } + } + updateExtendedDurationExample(group); + }); if (typeof init == 'function') init(); if (typeof initModals == 'function') initModals(); From 36dd0b14c424d7d08d855f275e464f28662ef63e Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 18 Nov 2013 11:50:11 -0500 Subject: [PATCH 187/369] Update NEWS and admin guide for extended duration --- NEWS.asciidoc | 1 + .../PacketFence_Administration_Guide.asciidoc | 21 ++++++++++++++----- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index fa2dd806381e..1b0fb6653824 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -24,6 +24,7 @@ New Features * Displayed columns of nodes are now customizable * Create a single node or import multiple nodes from a CSV file from the Web admin * LDAP authentication sources can now filter by group membership using a second LDAP query +* Extended definition of access durations Enhancements ++++++++++++ diff --git a/docs/PacketFence_Administration_Guide.asciidoc b/docs/PacketFence_Administration_Guide.asciidoc index 4c0d28150515..5b5dfdcb6f6f 100644 --- a/docs/PacketFence_Administration_Guide.asciidoc +++ b/docs/PacketFence_Administration_Guide.asciidoc @@ -1889,12 +1889,12 @@ Available registration modes are defined on a per-portal-profile basis. These ar CAUTION: A valid MTA configured in PacketFence is needed to correctly relay emails related to the guest module. If _localhost_ is used as smtpserver, make sure that a MTA is installed and configured on the server. -Self-registered guests are added under the persons tab of the PacketFence web administration interface. +Self-registered guests are added under the persons tab of the PacketFence Web administration interface. Managed guests ++++++++++++++ -It is possible to modify the default values of the guests created by the guest management interface by editing `/usr/local/pf/conf/pf.conf`. +It is possible to modify the default values of the guests created from the Web admin interface by editing `/usr/local/pf/conf/pf.conf`. Default values are located in `/usr/local/pf/conf/pf.conf.defaults` and documentation for every settings is available in `/usr/local/pf/conf/documentations.conf`. @@ -1902,13 +1902,24 @@ Default values are located in `/usr/local/pf/conf/pf.conf.defaults` and document access_duration_choices=1h,3h,12h,1D,2D,3D,5D default_access_duration=12h -These parameters can also be configured from the *Configuration -> Admin Registration* section. +The format of the duration is as follow: -PacketFence administrators automatically have access to the guest management interface. It is also possible to create users that will only have access to the administrative interface by setting the access level to *All* as an action. + [] + +Let's explain the meaning of each parameter: + +[options="compact"] +* `DURATION`: a number corresponding to the period duration +* `DATETIME_UNIT`: a character corresponding to the units of the date or time duration; either s (seconds), m (minutes), h (hours), D (days), W (weeks), M (months), or Y (years). +* `PERIOD_BASE`: either F (fixed) or R (relative). A relative period is computed from the beginning of the period unit. Weeks start on Monday. +* `OPERATOR`: either + or -. The duration following the operator is added or subtracted from the base duration. +* `DATE_UNIT`: a character corresponding to the units of the extended duration. Limited to date units (D (days), W (weeks), M (months), or Y (years)). + +These parameters can also be configured from the *Configuration -> Admin Registration* section of the Web admin interface. CAUTION: A valid MTA configured in PacketFence is needed to correctly relay emails related to the guest module. If _localhost_ is used as smtpserver, make sure that a MTA is installed and configured on the server. -Guests created by the guest management interface are added under the Users tab of the PacketFence web administration interface. From there, it is possible to reset their password, change their role and more. +From the Users page of the PacketFence Web admin interface, it is possible to set the access duration of users, change their password and more. Guest pre-registration ++++++++++++++++++++++ From 0400cc762fd1d981bbb6b0df8e8c620c74eb8b3a Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 18 Nov 2013 13:58:29 -0500 Subject: [PATCH 188/369] Fix argument to pf::authentication::match --- html/captive-portal/email_activation.cgi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/captive-portal/email_activation.cgi b/html/captive-portal/email_activation.cgi index 491f18b1aeb3..e7d7e0577436 100755 --- a/html/captive-portal/email_activation.cgi +++ b/html/captive-portal/email_activation.cgi @@ -82,7 +82,7 @@ if (defined($cgi->url_param('code'))) { $expiration = access_duration($expiration); } else { - $expiration = &pf::authentication::match($source_id, $auth_params, $Actions::SET_UNREG_DATE); + $expiration = &pf::authentication::match($source->{id}, $auth_params, $Actions::SET_UNREG_DATE); } From 852a2a5f14010b8fcfb2f687e728dd19443ef777 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 22 Nov 2013 15:49:36 -0500 Subject: [PATCH 189/369] Remove useless call to get_abbr_time --- .../lib/pfappserver/Base/Form/Authentication/Action.pm | 3 +-- html/pfappserver/lib/pfappserver/Form/Field/Duration.pm | 2 +- html/pfappserver/lib/pfappserver/Form/User.pm | 1 - 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm b/html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm index b5be6756fc2a..f514a5301f51 100644 --- a/html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm +++ b/html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm @@ -17,7 +17,6 @@ extends 'pfappserver::Base::Form'; use HTTP::Status qw(:constants is_success); use pf::config; -use pf::util qw(get_abbr_time); use pf::web::util; use pf::Authentication::constants; use pf::Authentication::Action; @@ -111,7 +110,7 @@ sub field_list { default_method => sub { my $duration = $Config{'guests_admin_registration'}{'default_access_duration'} || $Default_Config{'guests_admin_registration'}{'default_access_duration'}; - return get_abbr_time($duration); + return $duration; }, } ); diff --git a/html/pfappserver/lib/pfappserver/Form/Field/Duration.pm b/html/pfappserver/lib/pfappserver/Form/Field/Duration.pm index 370f239cd691..e2f41fa9d5cf 100644 --- a/html/pfappserver/lib/pfappserver/Form/Field/Duration.pm +++ b/html/pfappserver/lib/pfappserver/Form/Field/Duration.pm @@ -164,7 +164,7 @@ sub duration_inflate { my ($self, $value) = @_; return {} unless (defined $value && $value =~ m/([+\-])?(\d+)($TIME_MODIFIER_RE)/); - my $hash = {operator => ($1 eq '-')? 'subtract':'add', + my $hash = {operator => (defined $1 && $1 eq '-')? 'subtract':'add', interval => $2, unit => $3}; diff --git a/html/pfappserver/lib/pfappserver/Form/User.pm b/html/pfappserver/lib/pfappserver/Form/User.pm index 472cec50951f..f76eae1a111e 100644 --- a/html/pfappserver/lib/pfappserver/Form/User.pm +++ b/html/pfappserver/lib/pfappserver/Form/User.pm @@ -11,7 +11,6 @@ Form definition to update a user. =cut use pf::config; -use pf::util qw(get_abbr_time); use HTTP::Status qw(:constants is_success); use HTML::FormHandler::Moose; From 04906e4f793da80f59ee45af0cd98efad99b683e Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 22 Nov 2013 16:10:03 -0500 Subject: [PATCH 190/369] Improve Administration Guide --- docs/PacketFence_Administration_Guide.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/PacketFence_Administration_Guide.asciidoc b/docs/PacketFence_Administration_Guide.asciidoc index 5b5dfdcb6f6f..e90bf01b345f 100644 --- a/docs/PacketFence_Administration_Guide.asciidoc +++ b/docs/PacketFence_Administration_Guide.asciidoc @@ -1909,7 +1909,7 @@ The format of the duration is as follow: Let's explain the meaning of each parameter: [options="compact"] -* `DURATION`: a number corresponding to the period duration +* `DURATION`: a number corresponding to the period duration. * `DATETIME_UNIT`: a character corresponding to the units of the date or time duration; either s (seconds), m (minutes), h (hours), D (days), W (weeks), M (months), or Y (years). * `PERIOD_BASE`: either F (fixed) or R (relative). A relative period is computed from the beginning of the period unit. Weeks start on Monday. * `OPERATOR`: either + or -. The duration following the operator is added or subtracted from the base duration. From d4049b499df21c79c32cc662580dbd5f90209104 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 31 Jul 2013 22:00:27 -0400 Subject: [PATCH 191/369] Add new module pf::user and exposed_method has_role to templates --- html/pfappserver/lib/pfappserver/View/HTML.pm | 13 ++++- lib/pf/user_roles.pm | 55 +++++++++++++++++++ 2 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 lib/pf/user_roles.pm diff --git a/html/pfappserver/lib/pfappserver/View/HTML.pm b/html/pfappserver/lib/pfappserver/View/HTML.pm index 0d0e2b30d9bd..958842367d4a 100644 --- a/html/pfappserver/lib/pfappserver/View/HTML.pm +++ b/html/pfappserver/lib/pfappserver/View/HTML.pm @@ -2,7 +2,8 @@ package pfappserver::View::HTML; use strict; use warnings; -use pf::config; +use pf::file_paths; +use pf::user_roles; use base 'Catalyst::View::TT'; @@ -14,6 +15,7 @@ __PACKAGE__->config( js => \&js_filter, }, render_die => 1, + expose_methods => [qw(has_role)], COMPILE_DIR => $tt_compile_cache_dir ); @@ -53,6 +55,15 @@ sub js_filter { return $string; } +=head2 has_role + +=cut + +sub has_role { + my ($self, $c, $role) = @_; + return user_has_role($c->user,$role); +} + =head1 COPYRIGHT Copyright (C) 2012-2013 Inverse inc. diff --git a/lib/pf/user_roles.pm b/lib/pf/user_roles.pm new file mode 100644 index 000000000000..5a27ab313913 --- /dev/null +++ b/lib/pf/user_roles.pm @@ -0,0 +1,55 @@ +package pf::user_roles; +=head1 NAME + +pf::user_roles add documentation + +=cut + +=head1 DESCRIPTION + +pf::user_roles + +=cut + +use strict; +use warnings; + +use base qw(Exporter); +our @EXPORT = qw(user_has_role); + +sub user_has_role { + my ($user,$role) = @_; + return $user eq 'admin'; +} + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + From 9bb1c8a11f19e27bc58d928fb64cd15f40aa6958 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 31 Jul 2013 22:49:02 -0400 Subject: [PATCH 192/369] Example restriction for user role --- html/pfappserver/lib/pfappserver/Controller/User.pm | 12 ++++++++++++ html/pfappserver/root/admin/wrapper.tt | 2 ++ 2 files changed, 14 insertions(+) diff --git a/html/pfappserver/lib/pfappserver/Controller/User.pm b/html/pfappserver/lib/pfappserver/Controller/User.pm index 70b19382176b..17dd9325e4d0 100644 --- a/html/pfappserver/lib/pfappserver/Controller/User.pm +++ b/html/pfappserver/lib/pfappserver/Controller/User.pm @@ -23,6 +23,7 @@ use pfappserver::Form::User::Create; use pfappserver::Form::User::Create::Single; use pfappserver::Form::User::Create::Multiple; use pfappserver::Form::User::Create::Import; +use pf::user_roles; BEGIN { extends 'pfappserver::Base::Controller'; } @@ -364,6 +365,17 @@ sub mail :Local { $c->stash->{current_view} = 'JSON'; } +before [qw(delete)] => sub { + my ($self,$c,$role) = @_; + unless(user_has_role($c->user,"USERS")) { + $c->log->info("Here"); + $c->response->status(HTTP_UNAUTHORIZED); + $c->stash->{status_msg} = "You shall not pass"; + $c->stash->{current_view} = 'JSON'; + $c->detach(); + } +}; + =head1 COPYRIGHT Copyright (C) 2012 Inverse inc. diff --git a/html/pfappserver/root/admin/wrapper.tt b/html/pfappserver/root/admin/wrapper.tt index 582281e518a3..02f3567b7de4 100644 --- a/html/pfappserver/root/admin/wrapper.tt +++ b/html/pfappserver/root/admin/wrapper.tt @@ -63,9 +63,11 @@ [% l('Nodes') %] + [% IF has_role("USERS") %] [% l('Users') %] + [% END %] [% l('Configuration') %] From 12fea5e471bc08b30681e06ea823573c12e75a42 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 5 Aug 2013 18:24:42 -0400 Subject: [PATCH 193/369] renamed pf::user_roles to pf::admin_roles --- html/pfappserver/lib/pfappserver/View/HTML.pm | 4 ++-- lib/pf/{user_roles.pm => admin_roles.pm} | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) rename lib/pf/{user_roles.pm => admin_roles.pm} (88%) diff --git a/html/pfappserver/lib/pfappserver/View/HTML.pm b/html/pfappserver/lib/pfappserver/View/HTML.pm index 958842367d4a..45aca9c0fc5b 100644 --- a/html/pfappserver/lib/pfappserver/View/HTML.pm +++ b/html/pfappserver/lib/pfappserver/View/HTML.pm @@ -3,7 +3,7 @@ package pfappserver::View::HTML; use strict; use warnings; use pf::file_paths; -use pf::user_roles; +use pf::admin_roles; use base 'Catalyst::View::TT'; @@ -61,7 +61,7 @@ sub js_filter { sub has_role { my ($self, $c, $role) = @_; - return user_has_role($c->user,$role); + return admin_has_role($c->user,$role); } =head1 COPYRIGHT diff --git a/lib/pf/user_roles.pm b/lib/pf/admin_roles.pm similarity index 88% rename from lib/pf/user_roles.pm rename to lib/pf/admin_roles.pm index 5a27ab313913..da1695f6fbd1 100644 --- a/lib/pf/user_roles.pm +++ b/lib/pf/admin_roles.pm @@ -1,13 +1,13 @@ -package pf::user_roles; +package pf::admin_roles; =head1 NAME -pf::user_roles add documentation +pf::admin_roles add documentation =cut =head1 DESCRIPTION -pf::user_roles +pf::admin_roles =cut @@ -15,9 +15,9 @@ use strict; use warnings; use base qw(Exporter); -our @EXPORT = qw(user_has_role); +our @EXPORT = qw(admin_has_role); -sub user_has_role { +sub admin_has_role { my ($user,$role) = @_; return $user eq 'admin'; } From ba8eb4c38c387bbefc04767492fae32e07210e71 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 6 Aug 2013 10:08:53 -0400 Subject: [PATCH 194/369] New configuartion controller for adminroles --- conf/admin_roles.conf | 0 conf/adminroles.conf | 0 .../Controller/Configuration/AdminRoles.pm | 109 ++++++++++++++ .../lib/pfappserver/Controller/User.pm | 3 +- .../lib/pfappserver/Form/Config/AdminRoles.pm | 75 ++++++++++ .../pfappserver/Model/Config/AdminRoles.pm | 51 +++++++ html/pfappserver/root/admin/configuration.tt | 1 + .../root/configuration/adminroles/index.tt | 24 +++ .../root/configuration/adminroles/list.tt | 19 +++ .../root/configuration/adminroles/view.tt | 21 +++ .../static/admin/configuration/adminroles.js | 141 ++++++++++++++++++ lib/pf/ConfigStore/AdminRoles.pm | 75 ++++++++++ lib/pf/admin_roles.pm | 21 ++- lib/pf/file_paths.pm | 8 +- 14 files changed, 541 insertions(+), 7 deletions(-) create mode 100644 conf/admin_roles.conf create mode 100644 conf/adminroles.conf create mode 100644 html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm create mode 100644 html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm create mode 100644 html/pfappserver/lib/pfappserver/Model/Config/AdminRoles.pm create mode 100644 html/pfappserver/root/configuration/adminroles/index.tt create mode 100644 html/pfappserver/root/configuration/adminroles/list.tt create mode 100644 html/pfappserver/root/configuration/adminroles/view.tt create mode 100644 html/pfappserver/root/static/admin/configuration/adminroles.js create mode 100644 lib/pf/ConfigStore/AdminRoles.pm diff --git a/conf/admin_roles.conf b/conf/admin_roles.conf new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/conf/adminroles.conf b/conf/adminroles.conf new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm new file mode 100644 index 000000000000..40da106a3f93 --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm @@ -0,0 +1,109 @@ +package pfappserver::Controller::Configuration::AdminRoles; + +=head1 NAME + +pfappserver::Controller::Configuration::AdminRoles - Catalyst Controller + +=head1 DESCRIPTION + +Controller for floating device management. + +=cut + +use HTTP::Status qw(:constants is_error is_success); +use Moose; # automatically turns on strict and warnings +use namespace::autoclean; + +use pfappserver::Form::Config::Switch; +use pf::config::cached; + +BEGIN { + extends 'pfappserver::Base::Controller'; + with 'pfappserver::Base::Controller::Crud::Config'; + with 'pfappserver::Base::Controller::Crud::Config::Clone'; +} + +__PACKAGE__->config( + action => { +#Reconfigure the object action from pfappserver::Base::Controller::Crud + object => { Chained => '/', PathPart => 'configuration/adminroles', CaptureArgs => 1 } + }, + action_args => { +#Setting the global model and form for all actions + '*' => { model => "Config::AdminRoles",form => "Config::AdminRoles" }, + }, +); + +=head1 METHODS + +=head2 after list + +Check which floating device is also defined as a switch + +=cut + +=head2 after create clone + +=cut + +after [qw(create clone)] => sub { + my ($self, $c) = @_; + if (!(is_success($c->response->status) && $c->request->method eq 'POST' )) { + $c->stash->{template} = 'configuration/adminroles/view.tt'; + } +}; + +=head2 after view + +=cut + +after view => sub { + my ($self, $c) = @_; + if (!$c->stash->{action_uri}) { + my $id = $c->stash->{id}; + if ($id) { + $c->stash->{action_uri} = $c->uri_for($self->action_for('update'), [$c->stash->{id}]); + } else { + $c->stash->{action_uri} = $c->uri_for($self->action_for('create')); + } + } +}; + +=head2 index + +Usage: /configuration/adminroles/ + +=cut + +sub index :Path :Args(0) { + my ($self, $c) = @_; + + $c->forward('list'); +} + +=head1 COPYRIGHT + +Copyright (C) 2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +__PACKAGE__->meta->make_immutable; + +1; diff --git a/html/pfappserver/lib/pfappserver/Controller/User.pm b/html/pfappserver/lib/pfappserver/Controller/User.pm index 17dd9325e4d0..af743d74c215 100644 --- a/html/pfappserver/lib/pfappserver/Controller/User.pm +++ b/html/pfappserver/lib/pfappserver/Controller/User.pm @@ -23,7 +23,6 @@ use pfappserver::Form::User::Create; use pfappserver::Form::User::Create::Single; use pfappserver::Form::User::Create::Multiple; use pfappserver::Form::User::Create::Import; -use pf::user_roles; BEGIN { extends 'pfappserver::Base::Controller'; } @@ -367,7 +366,7 @@ sub mail :Local { before [qw(delete)] => sub { my ($self,$c,$role) = @_; - unless(user_has_role($c->user,"USERS")) { + unless(admin_can($c->user,"USERS_REMOVE")) { $c->log->info("Here"); $c->response->status(HTTP_UNAUTHORIZED); $c->stash->{status_msg} = "You shall not pass"; diff --git a/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm b/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm new file mode 100644 index 000000000000..49dfe32261df --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm @@ -0,0 +1,75 @@ +package pfappserver::Form::Config::AdminRoles; + +=head1 NAME + +pfappserver::Form::Config::AdminRoles - Web form for a floating device + +=head1 DESCRIPTION + +Form definition to create or update a floating network device. + +=cut + +use HTML::FormHandler::Moose; +extends 'pfappserver::Base::Form'; +with 'pfappserver::Base::Form::Role::Help'; + +use pf::admin_roles; + +## Definition +has_field 'id' => + ( + type => 'Text', + label => 'Role Name', + required => 1, + messages => { required => 'Please specify the name of the admin role.' }, + ); +has_field 'actions' => + ( + type => 'DynamicTable', + label => 'Actions', + 'num_when_empty' => 2, + ); +has_field 'actions.contains' => + ( + type => 'Select', + label => 'Actions', + options_method => \&options_actions, + widget_wrapper => 'DynamicTableRow', + ); +has_block definition => + ( + render_list => [ qw(actions)] + ); +sub build_do_form_wrapper{ 0 } + + +sub options_actions { + return map { {label => $_, value => $_} } @ADMIN_ACTIONS; +}; + +=head1 COPYRIGHT + +Copyright (C) 2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +__PACKAGE__->meta->make_immutable; +1; diff --git a/html/pfappserver/lib/pfappserver/Model/Config/AdminRoles.pm b/html/pfappserver/lib/pfappserver/Model/Config/AdminRoles.pm new file mode 100644 index 000000000000..f1c0d73b2b54 --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Model/Config/AdminRoles.pm @@ -0,0 +1,51 @@ +package pfappserver::Model::Config::AdminRoles; + +=head1 NAME + +pfappserver::Model::Config::AdminRoles add documentation + +=cut + +=head1 DESCRIPTION + +pfappserver::Model::Config::AdminRoles + +=cut + +use HTTP::Status qw(:constants is_error is_success); +use Moose; +use namespace::autoclean; +use pf::ConfigStore::AdminRoles; + +extends 'pfappserver::Base::Model::Config'; + + +sub _buildConfigStore { pf::ConfigStore::AdminRoles->new } + +__PACKAGE__->meta->make_immutable; + +=head1 COPYRIGHT + +Copyright (C) 2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/html/pfappserver/root/admin/configuration.tt b/html/pfappserver/root/admin/configuration.tt index e0115a1f8d43..430ee5dd956c 100644 --- a/html/pfappserver/root/admin/configuration.tt +++ b/html/pfappserver/root/admin/configuration.tt @@ -13,6 +13,7 @@ 'admin/configuration/interfaces', 'admin/configuration/switches', 'admin/configuration/floatingdevices', + 'admin/configuration/adminroles', 'admin/configuration/authentication', 'admin/configuration/portal_profile', 'admin/configuration/violations', diff --git a/html/pfappserver/root/configuration/adminroles/index.tt b/html/pfappserver/root/configuration/adminroles/index.tt new file mode 100644 index 000000000000..604d5804488c --- /dev/null +++ b/html/pfappserver/root/configuration/adminroles/index.tt @@ -0,0 +1,24 @@ + + + + +

      [% l('Admin Roles') %]

      + + [% INCLUDE configuration/adminroles/list.tt %] + +
      + [% l('Add admin role') %] +
      diff --git a/html/pfappserver/root/configuration/adminroles/list.tt b/html/pfappserver/root/configuration/adminroles/list.tt new file mode 100644 index 000000000000..1dc947b745e7 --- /dev/null +++ b/html/pfappserver/root/configuration/adminroles/list.tt @@ -0,0 +1,19 @@ + + + + + + + + + [% FOREACH adminrole IN items %] + + + + + [% END -%] + +
      [% l('Role') %]
      [% adminrole.id %] + [% l('Clone') %] + [% l('Delete') %] +
      diff --git a/html/pfappserver/root/configuration/adminroles/view.tt b/html/pfappserver/root/configuration/adminroles/view.tt new file mode 100644 index 000000000000..ca7aa47028bb --- /dev/null +++ b/html/pfappserver/root/configuration/adminroles/view.tt @@ -0,0 +1,21 @@ +[% UNLESS action_uri %] + [% SET action_uri = c.req.uri %] +[%END %] +
      + [%- IF item.id %][% END %] +
      + × +

      [% IF item %][% l('Admin Role') %] [% item.id %][% ELSE %][% l('New Admin Role') %][% END %]

      +
      + +
      + [% form.field('id').render UNLESS item && item.id.defined %] + [% form.block('definition').render %] +
      + +
      + [% l('Close') %] + +
      + +
      diff --git a/html/pfappserver/root/static/admin/configuration/adminroles.js b/html/pfappserver/root/static/admin/configuration/adminroles.js new file mode 100644 index 000000000000..3bc603ee7996 --- /dev/null +++ b/html/pfappserver/root/static/admin/configuration/adminroles.js @@ -0,0 +1,141 @@ +$(function() { // DOM ready + var adminroles = new AdminRoles(); + var view = new AdminRolesView({ adminroles: adminroles, parent: $('#section') }); +}); + +/* + * The AdminRoles class defines the operations available from the controller. + */ +var AdminRoles = function() { +}; + +AdminRoles.prototype.get = function(options) { + $.ajax({ + url: options.url + }) + .always(options.always) + .done(options.success) + .fail(function(jqXHR) { + var status_msg = getStatusMsg(jqXHR); + showPermanentError(options.errorSibling, status_msg); + }); +}; + +AdminRoles.prototype.post = function(options) { + $.ajax({ + url: options.url, + type: 'POST', + data: options.data + }) + .always(options.always) + .done(options.success) + .fail(function(jqXHR) { + var status_msg = getStatusMsg(jqXHR); + showPermanentError(options.errorSibling, status_msg); + }); +}; + +/* + * The AdminRolesView class defines the DOM operations from the Web interface. + */ +var AdminRolesView = function(options) { + var that = this; + this.parent = options.parent; + this.adminroles = options.adminroles; + + // Display the adminroles in a modal + var read = $.proxy(this.readAdminRoles, this); + options.parent.on('click', '#adminroles [href$="/read"], #adminroles [href$="/clone"], #createAdminRoles', read); + + // Save the modifications from the modal + var update = $.proxy(this.updateAdminRoles, this); + options.parent.on('submit', 'form[name="modalAdminRoles"]', update); + + // Delete the adminroles + var delete_s = $.proxy(this.deleteAdminRoles, this); + options.parent.on('click', '#adminroles [href$="/delete"]', delete_s); + +}; + +AdminRolesView.prototype.readAdminRoles = function(e) { + e.preventDefault(); + + var that = this; + var modal = $('#modalAdminRoles'); + var section = $('#section'); + var loader = section.prev('.loader'); + loader.show(); + section.fadeTo('fast', 0.5); + modal.empty(); + this.adminroles.get({ + url: $(e.target).attr('href'), + always: function() { + loader.hide(); + section.stop(); + section.fadeTo('fast', 1.0); + }, + success: function(data) { + modal.append(data); + modal.one('shown', function() { + modal.find(':input:visible').first().focus(); + }); + modal.modal({ shown: true }); + }, + errorSibling: section.find('h2').first() + }); +}; + +AdminRolesView.prototype.updateAdminRoles = function(e) { + e.preventDefault(); + + var that = this; + var form = $(e.target); + var modal = form.closest('.modal'); + var valid = isFormValid(form); + if (valid) { + var modal_body = modal.find('.modal-body').first(); + resetAlert(modal_body); + form.find('tr.hidden :input').attr('disabled', 'disabled'); + this.adminroles.post({ + url: form.attr('action'), + data: form.serialize(), + always: function() { + // Restore hidden/template rows + form.find('tr.hidden :input').removeAttr('disabled'); + }, + success: function(data) { + modal.modal('toggle'); + showSuccess(that.parent.find('.table.items').first(), data.status_msg); + that.list(); + }, + errorSibling: modal_body.children().first() + }); + } +}; + +AdminRolesView.prototype.list = function() { + this.adminroles.get({ + url: '/configuration/adminroles/list', + success: function(data) { + var table = $('#adminroles'); + table.html(data); + }, + errorSibling: $('#adminroles') + }); +}; + +AdminRolesView.prototype.deleteAdminRoles = function(e) { + e.preventDefault(); + + var btn = $(e.target); + var row = btn.closest('tr'); + var url = btn.attr('href'); + this.adminroles.get({ + url: url, + success: function(data) { + showSuccess($('#adminroles'), data.status_msg); + row.fadeOut('slow', function() { $(this).remove(); }); + }, + errorSibling: $('#adminroles') + }); +}; diff --git a/lib/pf/ConfigStore/AdminRoles.pm b/lib/pf/ConfigStore/AdminRoles.pm new file mode 100644 index 000000000000..5903dc755a7c --- /dev/null +++ b/lib/pf/ConfigStore/AdminRoles.pm @@ -0,0 +1,75 @@ +package pf::ConfigStore::AdminRoles; + +=head1 NAME + +pf::ConfigStore::AdminRoles add documentation + +=cut + +=head1 DESCRIPTION + +pf::ConfigStore::AdminRoles + +=cut + +use HTTP::Status qw(:constants is_error is_success); +use Moo; +use namespace::autoclean; +use pf::file_paths; +extends 'pf::ConfigStore'; + + +sub expandableParams { return (qw(actions)); } + +sub configFile { $pf::file_paths::admin_roles_config_file } +=head2 cleanupAfterRead + +Clean up switch data + +=cut + +sub cleanupAfterRead { + my ($self, $id, $profile) = @_; + $self->expand_list($profile,$self->expandableParams); +} + +=head2 cleanupBeforeCommit + +Clean data before update or creating + +=cut + +sub cleanupBeforeCommit { + my ($self, $id, $profile) = @_; + $self->flatten_list($profile,$self->expandableParams); +} + + + +__PACKAGE__->meta->make_immutable; + +=head1 COPYRIGHT + +Copyright (C) 2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/admin_roles.pm b/lib/pf/admin_roles.pm index da1695f6fbd1..c31611709ac0 100644 --- a/lib/pf/admin_roles.pm +++ b/lib/pf/admin_roles.pm @@ -15,13 +15,30 @@ use strict; use warnings; use base qw(Exporter); -our @EXPORT = qw(admin_has_role); +our @EXPORT = qw(admin_can @ADMIN_ACTIONS); -sub admin_has_role { +sub admin_can { my ($user,$role) = @_; return $user eq 'admin'; } +our @ADMIN_ACTIONS = qw( + SERVICES + REPORTS + USERS_VIEW + USERS_ADD + USERS_MODIFY + USERS_REMOVE + NODES_VIEW + NODES_ADD + NODES_MODIFY + NODES_REMOVE + VIOLATIONS_VIEW + VIOLATIONS_ADD + VIOLATIONS_MODIFY + VIOLATIONS_REMOVE +); + =head1 AUTHOR Inverse inc. diff --git a/lib/pf/file_paths.pm b/lib/pf/file_paths.pm index fdc3b49eb139..3691a24f52a8 100644 --- a/lib/pf/file_paths.pm +++ b/lib/pf/file_paths.pm @@ -47,7 +47,8 @@ our ( #Other configuraton files variables $switches_config_file, $violations_config_file, $authentication_config_file, $chi_config_file, $ui_config_file, $floating_devices_file, $log_config_file, - @stored_config_files, @log_files + @stored_config_files, @log_files, + $admin_roles_config_file ); BEGIN { @@ -72,8 +73,8 @@ BEGIN { $profiles_config_file %Profiles_Config $cached_profiles_config $switches_config_file $violations_config_file $authentication_config_file $chi_config_file $ui_config_file $floating_devices_file $log_config_file - @stored_config_files - @log_files + @stored_config_files @log_files + $admin_roles_config_file ); } @@ -104,6 +105,7 @@ $profiles_config_file = catfile($conf_dir, "profiles.conf"); $floating_devices_file = catfile($conf_dir, "floating_network_device.conf"); # TODO: To be deprecated. See $floating_devices_config_file $violations_config_file = catfile($conf_dir, "violations.conf"); $dhcp_fingerprints_file = catfile($conf_dir, "dhcp_fingerprints.conf"); +$admin_roles_config_file = catfile($conf_dir, "adminroles.conf"); $violations_config_file = catfile($conf_dir, "violations.conf"); $authentication_config_file = catfile($conf_dir, "authentication.conf"); From 1ac91c1006e2e3f66236e2a66e1642e830f6db75 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 6 Aug 2013 10:10:31 -0400 Subject: [PATCH 195/369] renamed administration function --- html/pfappserver/lib/pfappserver/View/HTML.pm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/View/HTML.pm b/html/pfappserver/lib/pfappserver/View/HTML.pm index 45aca9c0fc5b..9040282c63cd 100644 --- a/html/pfappserver/lib/pfappserver/View/HTML.pm +++ b/html/pfappserver/lib/pfappserver/View/HTML.pm @@ -15,7 +15,7 @@ __PACKAGE__->config( js => \&js_filter, }, render_die => 1, - expose_methods => [qw(has_role)], + expose_methods => [qw(can_access)], COMPILE_DIR => $tt_compile_cache_dir ); @@ -55,13 +55,13 @@ sub js_filter { return $string; } -=head2 has_role +=head2 can_access =cut -sub has_role { +sub can_access { my ($self, $c, $role) = @_; - return admin_has_role($c->user,$role); + return admin_can($c->user,$role); } =head1 COPYRIGHT From 0ac61d60cf3988ae7b386d00a3fceb2c64d3351b Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 6 Aug 2013 12:21:16 -0400 Subject: [PATCH 196/369] Added Description for admin role --- .../pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm | 8 +++++++- html/pfappserver/root/configuration/adminroles/list.tt | 4 +++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm b/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm index 49dfe32261df..f25c7d3fedd8 100644 --- a/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm +++ b/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm @@ -24,6 +24,12 @@ has_field 'id' => required => 1, messages => { required => 'Please specify the name of the admin role.' }, ); +has_field 'description' => + ( + type => 'Text', + required => 1, + messages => { required => 'Please specify the description of the admin role.' }, + ); has_field 'actions' => ( type => 'DynamicTable', @@ -39,7 +45,7 @@ has_field 'actions.contains' => ); has_block definition => ( - render_list => [ qw(actions)] + render_list => [ qw( description actions)] ); sub build_do_form_wrapper{ 0 } diff --git a/html/pfappserver/root/configuration/adminroles/list.tt b/html/pfappserver/root/configuration/adminroles/list.tt index 1dc947b745e7..3c44c7c83b47 100644 --- a/html/pfappserver/root/configuration/adminroles/list.tt +++ b/html/pfappserver/root/configuration/adminroles/list.tt @@ -1,7 +1,8 @@ - + + @@ -9,6 +10,7 @@ [% FOREACH adminrole IN items %] + [% END -%] diff --git a/html/pfappserver/root/configuration/floatingdevice/view.tt b/html/pfappserver/root/configuration/floatingdevice/view.tt index 08474284e89e..7d3800e4014a 100644 --- a/html/pfappserver/root/configuration/floatingdevice/view.tt +++ b/html/pfappserver/root/configuration/floatingdevice/view.tt @@ -18,7 +18,7 @@
      [% l('Close') %] - + [% IF can_access("FLOATING_DEVICES_UPDATE") %][% END %]
      From 69d034fff4f6da5cf50f6dab012cb5b7eafd0cd2 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 19 Sep 2013 14:59:55 -0400 Subject: [PATCH 231/369] Add access rights to switches management --- .../lib/pfappserver/Controller/Configuration/Switch.pm | 10 ++++++++-- html/pfappserver/root/configuration/switch/index.tt | 2 ++ html/pfappserver/root/configuration/switch/list.tt | 4 +++- html/pfappserver/root/configuration/switch/view.tt | 2 +- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration/Switch.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration/Switch.pm index e6770a0a7ee6..72cc5f40c94a 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configuration/Switch.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration/Switch.pm @@ -24,9 +24,15 @@ BEGIN { __PACKAGE__->config( action => { -#Reconfigure the object dispatcher from pfappserver::Base::Controller::Crud + # Reconfigure the object dispatcher from pfappserver::Base::Controller::Crud object => { Chained => '/', PathPart => 'configuration/switch', CaptureArgs => 1 }, - view => { Chained => 'object', PathPart => 'read', Args => 0, AdminRole => [qw(SWITCHES_READ)] } + # Configure access rights + view => { AdminRole => 'SWITCHES_READ' }, + list => { AdminRole => 'SWITCHES_READ' }, + create => { AdminRole => 'SWITCHES_CREATE' }, + clone => { AdminRole => 'SWITCHES_CREATE' }, + update => { AdminRole => 'SWITCHES_UPDATE' }, + remove => { AdminRole => 'SWITCHES_DELETE' }, }, ); diff --git a/html/pfappserver/root/configuration/switch/index.tt b/html/pfappserver/root/configuration/switch/index.tt index 0cb5d894f56f..c7620cb4b94f 100644 --- a/html/pfappserver/root/configuration/switch/index.tt +++ b/html/pfappserver/root/configuration/switch/index.tt @@ -19,6 +19,8 @@ [% INCLUDE configuration/switch/list.tt %] + [%- IF can_access("SWITCHES_CREATE") %]
      [% l('Add switch') %]
      + [%- END %] diff --git a/html/pfappserver/root/configuration/switch/list.tt b/html/pfappserver/root/configuration/switch/list.tt index db12e1d69263..8f355b51a522 100644 --- a/html/pfappserver/root/configuration/switch/list.tt +++ b/html/pfappserver/root/configuration/switch/list.tt @@ -17,8 +17,10 @@       [% END -%] diff --git a/html/pfappserver/root/configuration/switch/view.tt b/html/pfappserver/root/configuration/switch/view.tt index daa771ff1b76..d84969ba557e 100644 --- a/html/pfappserver/root/configuration/switch/view.tt +++ b/html/pfappserver/root/configuration/switch/view.tt @@ -90,7 +90,7 @@
      [% l('Close') %] - + [% IF can_access("SWITCHES_UPDATE") %][% END %]
      From 8a4bf7a4e9e6d76df0ae8cd24e1957d86b8dbde9 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 19 Sep 2013 15:14:29 -0400 Subject: [PATCH 232/369] Add access rights to users management --- .../lib/pfappserver/Controller/User.pm | 22 +++++++-------- .../pfappserver/lib/pfappserver/Model/User.pm | 1 + html/pfappserver/root/user/view.tt | 27 ++++++++++++------- html/pfappserver/root/user/violations.tt | 7 ++--- 4 files changed, 33 insertions(+), 24 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/User.pm b/html/pfappserver/lib/pfappserver/Controller/User.pm index e554bd69aff5..1230ab0def22 100644 --- a/html/pfappserver/lib/pfappserver/Controller/User.pm +++ b/html/pfappserver/lib/pfappserver/Controller/User.pm @@ -38,7 +38,7 @@ __PACKAGE__->config( =cut -sub index :Path :Args(0) { +sub index :Path :Args(0) :AdminRole('USERS_READ') { my ( $self, $c ) = @_; $c->go('simple_search'); @@ -48,7 +48,7 @@ sub index :Path :Args(0) { =cut -sub simple_search :SimpleSearch('User') :Local :Args() { } +sub simple_search :SimpleSearch('User') :Local :Args() :AdminRole('USERS_READ') { } =head2 object @@ -82,7 +82,7 @@ sub object :Chained('/') :PathPart('user') :CaptureArgs(1) { =cut -sub view :Chained('object') :PathPart('read') :Args(0) { +sub view :Chained('object') :PathPart('read') :Args(0) :AdminRole('USERS_READ') { my ($self, $c) = @_; my ($form); @@ -97,7 +97,7 @@ sub view :Chained('object') :PathPart('read') :Args(0) { =cut -sub delete :Chained('object') :PathPart('delete') :Args(0) : AdminRole('USERS_DELETE') { +sub delete :Chained('object') :PathPart('delete') :Args(0) :AdminRole('USERS_DELETE') { my ($self, $c) = @_; my ($status, $result) = $c->model('User')->delete($c->stash->{user}->{pid}); @@ -113,7 +113,7 @@ sub delete :Chained('object') :PathPart('delete') :Args(0) : AdminRole('USERS_DE =cut -sub update :Chained('object') :PathPart('update') :Args(0) { +sub update :Chained('object') :PathPart('update') :Args(0) :AdminRole('USERS_UPDATE') { my ($self, $c) = @_; my ($form, $status, $message); @@ -138,7 +138,7 @@ sub update :Chained('object') :PathPart('update') :Args(0) { =cut -sub violations :Chained('object') :PathPart :Args(0) { +sub violations :Chained('object') :PathPart :Args(0) :AdminRole('NODES_READ') { my ($self, $c) = @_; my ($status, $result) = $c->model('User')->violations($c->stash->{user}->{pid}); if (is_success($status)) { @@ -154,7 +154,7 @@ sub violations :Chained('object') :PathPart :Args(0) { =cut -sub reset :Chained('object') :PathPart('reset') :Args(0) { +sub reset :Chained('object') :PathPart('reset') :Args(0) :AdminRole('USERS_UPDATE') { my ($self, $c) = @_; my ($status, $message) = (HTTP_BAD_REQUEST, 'Some required parameters are missing.'); @@ -177,7 +177,7 @@ sub reset :Chained('object') :PathPart('reset') :Args(0) { =cut -sub create :Local { +sub create :Local :AdminRole('USERS_CREATE') { my ($self, $c) = @_; my (@roles, $form, $form_single, $form_multiple, $form_import, $params); @@ -286,7 +286,7 @@ Perform advanced search for user =cut -sub advanced_search :Local :Args() { +sub advanced_search :Local :Args() :AdminRole('USERS_READ') { my ($self, $c, @args) = @_; my ($status,$status_msg,$result); my %search_results; @@ -322,7 +322,7 @@ Display a printable view of users credentials. =cut -sub print :Local { +sub print :Local :AdminRole('USERS_UPDATE') { my ($self, $c) = @_; my ($status, $result); @@ -345,7 +345,7 @@ Send users credentials by email. =cut -sub mail :Local { +sub mail :Local :AdminRole('USERS_UPDATE') { my ($self, $c) = @_; my ($status, $result); diff --git a/html/pfappserver/lib/pfappserver/Model/User.pm b/html/pfappserver/lib/pfappserver/Model/User.pm index a373232f9460..5891153c34be 100644 --- a/html/pfappserver/lib/pfappserver/Model/User.pm +++ b/html/pfappserver/lib/pfappserver/Model/User.pm @@ -193,6 +193,7 @@ sub violations { my @violations; eval { @violations = person_violations($pid); + map { $_->{release_date} = '' if ($_->{release_date} eq '0000-00-00 00:00:00') } @violations; }; if ($@) { $status_msg = "Can't fetch violations from database."; diff --git a/html/pfappserver/root/user/view.tt b/html/pfappserver/root/user/view.tt index 9132d20697b7..12b661326083 100644 --- a/html/pfappserver/root/user/view.tt +++ b/html/pfappserver/root/user/view.tt @@ -12,12 +12,16 @@
      @@ -32,6 +36,7 @@
      [% IF user.password.defined %] + [%- IF can_access("USERS_UPDATE") %]
      @@ -57,6 +62,7 @@
      + [%- END %]
      @@ -102,11 +108,13 @@
      [% END %] + [%- IF can_access("NODES_READ") %]
      [% IF nodes.size %]
      [% l('Role') %][% l('Role Name') %][% l('Description') %]
      [% adminrole.id %][% adminrole.description | html%] [% l('Clone') %] [% l('Delete') %] From 3a5be424b593ce9ddc8caafb89ecdcc1c53d5de8 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 6 Aug 2013 12:22:52 -0400 Subject: [PATCH 197/369] implemented admin_can Added hard coded roles NONE and ALL move the load of the adminroles.conf to here --- lib/pf/admin_roles.pm | 51 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 45 insertions(+), 6 deletions(-) diff --git a/lib/pf/admin_roles.pm b/lib/pf/admin_roles.pm index c31611709ac0..48fbc46ddc5f 100644 --- a/lib/pf/admin_roles.pm +++ b/lib/pf/admin_roles.pm @@ -15,13 +15,12 @@ use strict; use warnings; use base qw(Exporter); -our @EXPORT = qw(admin_can @ADMIN_ACTIONS); - -sub admin_can { - my ($user,$role) = @_; - return $user eq 'admin'; -} +use pf::file_paths; +use List::MoreUtils qw(any); +use pf::config::cached; +our @EXPORT = qw(admin_can @ADMIN_ACTIONS %ADMIN_ROLES $cached_adminroles_config); +our %ADMIN_ROLES; our @ADMIN_ACTIONS = qw( SERVICES REPORTS @@ -39,6 +38,46 @@ our @ADMIN_ACTIONS = qw( VIOLATIONS_REMOVE ); +sub admin_can { + my ($roles,$action) = @_; + return any { exists $ADMIN_ROLES{$_} && exists $ADMIN_ROLES{$_}{$action} } @$roles; +} + +sub reloadConfig { + my ($config,$name) = @_; + my %temp; + $config->toHash(\%temp); + $config->cleanupWhitespace(\%temp); + %ADMIN_ROLES = (); + while(my ($role,$data) = each %temp) { + my $actions = $data->{actions} || ''; + my %action_data = map {$_ => undef} split /\s*,\s*/,$actions; + $ADMIN_ROLES{$role} = \%action_data; + } + $ADMIN_ROLES{NONE} = {}; + $ADMIN_ROLES{ALL} = { map {$_ => undef} @ADMIN_ACTIONS }; + $config->cache->set("ADMIN_ROLES",\%ADMIN_ROLES); +} + +our $cached_adminroles_config = pf::config::cached->new( + -file => $admin_roles_config_file, + -allowempty => 1, + -onfilereload => [ + file_reload_violation_config => \&reloadConfig + ], + -oncachereload => [ + cache_reload_violation_config => sub { + my ($config,$name) = @_; + my $data = $config->cache->get("ADMIN_ROLES"); + if($data) { + %ADMIN_ROLES = %$data; + } else { + reloadConfig($config,$name); + } + } + ], +); + =head1 AUTHOR Inverse inc. From a310c50acfac5bf886a3dc7b1c1d39deef6125b8 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 6 Aug 2013 12:24:21 -0400 Subject: [PATCH 198/369] Refactor use the cached config from pf::admin_roles --- lib/pf/ConfigStore/AdminRoles.pm | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/pf/ConfigStore/AdminRoles.pm b/lib/pf/ConfigStore/AdminRoles.pm index 5903dc755a7c..ee0c17828326 100644 --- a/lib/pf/ConfigStore/AdminRoles.pm +++ b/lib/pf/ConfigStore/AdminRoles.pm @@ -16,12 +16,13 @@ use HTTP::Status qw(:constants is_error is_success); use Moo; use namespace::autoclean; use pf::file_paths; +use pf::admin_roles; extends 'pf::ConfigStore'; - sub expandableParams { return (qw(actions)); } -sub configFile { $pf::file_paths::admin_roles_config_file } +sub _buildCachedConfig { $cached_adminroles_config } + =head2 cleanupAfterRead Clean up switch data @@ -29,8 +30,8 @@ Clean up switch data =cut sub cleanupAfterRead { - my ($self, $id, $profile) = @_; - $self->expand_list($profile,$self->expandableParams); + my ($self, $id, $item) = @_; + $self->expand_list($item,$self->expandableParams); } =head2 cleanupBeforeCommit @@ -40,8 +41,8 @@ Clean data before update or creating =cut sub cleanupBeforeCommit { - my ($self, $id, $profile) = @_; - $self->flatten_list($profile,$self->expandableParams); + my ($self, $id, $item) = @_; + $self->flatten_list($item,$self->expandableParams); } From 63bfc16a2143766b9988b3ab7ffaa5f6b1fb80fa Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 6 Aug 2013 12:25:57 -0400 Subject: [PATCH 199/369] Will use the roles from the defined user --- html/pfappserver/lib/pfappserver/View/HTML.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/View/HTML.pm b/html/pfappserver/lib/pfappserver/View/HTML.pm index 9040282c63cd..9fc1e8f0c6f7 100644 --- a/html/pfappserver/lib/pfappserver/View/HTML.pm +++ b/html/pfappserver/lib/pfappserver/View/HTML.pm @@ -60,8 +60,8 @@ sub js_filter { =cut sub can_access { - my ($self, $c, $role) = @_; - return admin_can($c->user,$role); + my ($self, $c, $action) = @_; + return admin_can([$c->user->roles],$action); } =head1 COPYRIGHT From a965792866bc69241e9215f4270d188f32e0b448 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 6 Aug 2013 12:26:44 -0400 Subject: [PATCH 200/369] default role is ALL --- .../lib/pfappserver/Authentication/Store/PacketFence/User.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm b/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm index 8144fe38f318..b6b7a3811201 100644 --- a/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm +++ b/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm @@ -53,7 +53,7 @@ sub check_password { } sub roles { - return (); + return (qw(ALL)); } *for_session = \&id; From 43e436e50bfb56e34010b564bd55b4e323b07227 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 6 Aug 2013 13:36:36 -0400 Subject: [PATCH 201/369] function admin_can will always fail if has role of NONE --- lib/pf/admin_roles.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/pf/admin_roles.pm b/lib/pf/admin_roles.pm index 48fbc46ddc5f..f43a1bb3e888 100644 --- a/lib/pf/admin_roles.pm +++ b/lib/pf/admin_roles.pm @@ -40,6 +40,7 @@ our @ADMIN_ACTIONS = qw( sub admin_can { my ($roles,$action) = @_; + return 0 if any {$_ eq 'NONE'}; return any { exists $ADMIN_ROLES{$_} && exists $ADMIN_ROLES{$_}{$action} } @$roles; } From 5ada47aafbce43887f1403e3439ea7b7eacd10a8 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 8 Aug 2013 13:28:38 -0400 Subject: [PATCH 202/369] Added the ability to choose multiple roles and pull roles from ADMIN ROLES --- .../Base/Form/Authentication/Action.pm | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm b/html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm index 538f30be8712..6f0c63012de8 100644 --- a/html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm +++ b/html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm @@ -21,6 +21,8 @@ use pf::util qw(get_abbr_time); use pf::web::util; use pf::Authentication::constants; use pf::Authentication::Action; +use pf::admin_roles; +use pf::log; has 'source_type' => ( is => 'ro' ); @@ -42,6 +44,10 @@ has_field 'actions.value' => type => 'Hidden', required => 1, messages => { required => 'Make sure all the actions are properly defined.' }, + deflate_value_method => sub { + my ( $self, $value ) = @_; + return ref($value) ? join(",",@{$value}) : $value ; + }, ); =head2 field_list @@ -83,6 +89,9 @@ sub field_list { type => 'Select', do_label => 0, wrapper => 0, + multiple => 1, + element_class => ['chzn-select'], + element_attr => {'data-placeholder' => 'Click to add a role' }, options_method => \&options_access_level, } ); @@ -169,17 +178,8 @@ Populate the select field for the 'access level' template action. sub options_access_level { my $self = shift; - return - ( - { - label => $self->_localize('None'), - value => $WEB_ADMIN_NONE, - }, - { - label => $self->_localize('All'), - value => $WEB_ADMIN_ALL, - }, - ); + return map { {value => $_, label => $self->_localize($_) } } keys %ADMIN_ROLES; + } =head2 options_roles From 7800b3e505b55fa7ec65e558aa0588f1243174a4 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 8 Aug 2013 13:29:49 -0400 Subject: [PATCH 203/369] Changed the name of the action to match the actions defined in pf::admin_roles --- html/pfappserver/root/admin/wrapper.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/pfappserver/root/admin/wrapper.tt b/html/pfappserver/root/admin/wrapper.tt index 02f3567b7de4..bf7f36efb44d 100644 --- a/html/pfappserver/root/admin/wrapper.tt +++ b/html/pfappserver/root/admin/wrapper.tt @@ -63,7 +63,7 @@ [% l('Nodes') %] - [% IF has_role("USERS") %] + [% IF can_access("USERS_VIEW") %] [% l('Users') %] From 48efc3a27a4cbd91ce9fe87d439bfd7d17f69426 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 8 Aug 2013 13:30:43 -0400 Subject: [PATCH 204/369] If action type allow mulitple values then convert the value to an array --- html/pfappserver/root/static/admin/common.js | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/html/pfappserver/root/static/admin/common.js b/html/pfappserver/root/static/admin/common.js index ef9e83bbb8bc..195a631e5f3f 100644 --- a/html/pfappserver/root/static/admin/common.js +++ b/html/pfappserver/root/static/admin/common.js @@ -13,8 +13,16 @@ function updateAction(type, keep_value) { value_new.attr('id', value.attr('id')); value_new.attr('name', value.attr('name')); value_new.attr('data-required', 1); - if (keep_value && value.val()) value_new.val(value.val()); + if (keep_value && value.val()) { + if(value_new.attr('multiple') ) { + value_new.val(value.val().split(",")); + } + else { + value_new.val(value.val()); + } + } value_new.insertBefore(value); + value.next(".chzn-container").remove(); // Remove previous field value.remove(); From 0f7cd8b1675ec199d5f62d14c20865ef6df09b37 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 8 Aug 2013 13:33:59 -0400 Subject: [PATCH 205/369] Verify if the user exists before retrivng roles --- html/pfappserver/lib/pfappserver/View/HTML.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/html/pfappserver/lib/pfappserver/View/HTML.pm b/html/pfappserver/lib/pfappserver/View/HTML.pm index 9fc1e8f0c6f7..71054e4c1926 100644 --- a/html/pfappserver/lib/pfappserver/View/HTML.pm +++ b/html/pfappserver/lib/pfappserver/View/HTML.pm @@ -61,7 +61,9 @@ sub js_filter { sub can_access { my ($self, $c, $action) = @_; - return admin_can([$c->user->roles],$action); + my $roles = []; + $roles = [$c->user->roles] if $c->user_exists; + return admin_can($roles,$action); } =head1 COPYRIGHT From c924098df6e407f81b950138af5dd33f6c1da004 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 8 Aug 2013 13:35:27 -0400 Subject: [PATCH 206/369] retrived user roles from the session --- .../pfappserver/Authentication/Store/PacketFence.pm | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence.pm b/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence.pm index fa1a85e74b04..1f384780f0ee 100644 --- a/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence.pm +++ b/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence.pm @@ -15,17 +15,18 @@ BEGIN { __PACKAGE__->mk_accessors(qw/file user_field user_class/) } sub new { my ($class, $config, $app, $realm) = @_; - + $config->{user_class} ||= __PACKAGE__ . '::User'; $config->{user_field} ||= 'username'; - + bless { %$config }, $class; } sub find_user { my ($self, $authinfo, $c) = @_; my $username = $authinfo->{$self->user_field}; - $self->user_class->new( $self, $username ); + my $roles = $c->session->{user_roles}; + $self->user_class->new( $self, $username,$roles ); } sub user_supports { @@ -35,16 +36,14 @@ sub user_supports { sub from_session { my ( $self, $c, $username) = @_; - $self->find_user( { username => $username } ); + $self->find_user( { username => $username },$c); } -=back - =head1 COPYRIGHT Copyright (C) 2012 Inverse inc. -=head1 LICENSE +=head1 LICENSE This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License From d7e2499ae18256d0877ba6a5ca1b4c548a95d160 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 8 Aug 2013 13:37:05 -0400 Subject: [PATCH 207/369] Added _roles attribute and ensure that uses with the role of NONE are not allowed to check in --- .../Authentication/Store/PacketFence/User.pm | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm b/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm index b6b7a3811201..00322efff707 100644 --- a/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm +++ b/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm @@ -9,17 +9,20 @@ use warnings; use pf::config qw($TRUE $FALSE $WEB_ADMIN_ALL); use pf::authentication; use pf::Authentication::constants; +use pf::log; +use List::MoreUtils qw(all); -BEGIN { __PACKAGE__->mk_accessors(qw/_user _store/) } +BEGIN { __PACKAGE__->mk_accessors(qw/_user _store _roles/) } use overload '""' => sub { shift->id }, fallback => 1; sub new { - my ( $class, $store, $user ) = @_; + my ( $class, $store, $user, $roles ) = @_; return unless $user; + $roles = [qw(NONE)] unless $roles; + bless { _store => $store, _user => $user, _roles => $roles }, $class; - bless { _store => $store, _user => $user }, $class; } sub id { @@ -43,17 +46,15 @@ sub check_password { if ($result) { my $value = &pf::authentication::match($source_id, {username => $self->_user}, $Actions::SET_ACCESS_LEVEL); - - if (defined $value && $value == $WEB_ADMIN_ALL) { - return $TRUE; - } + $self->_roles([split /\s*,\s*/,$value]) if defined $value; + return (defined $value && all{ $_ ne 'NONE'} @{$self->_roles} ); } return $FALSE; } sub roles { - return (qw(ALL)); + return (@{$_[0]->_roles}); } *for_session = \&id; From 6f59e592731952aa9ebfb7e507ba4f60dbb4f458 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 8 Aug 2013 13:53:43 -0400 Subject: [PATCH 208/369] saving user roles to the session --- html/pfappserver/lib/pfappserver/Controller/Admin.pm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Admin.pm b/html/pfappserver/lib/pfappserver/Controller/Admin.pm index dec2589dc56f..9d96e53febac 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Admin.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Admin.pm @@ -75,7 +75,8 @@ sub login :Local :Args(0) { eval { if ($c->authenticate( {username => $c->req->params->{'username'}, password => $c->req->params->{'password'}} )) { - $c->log->info("login: " . $c->req->params->{'username'}); + $c->session->{user_roles} = [$c->user->roles]; #saving the roles to the session + $c->persist_user();#To save the updated _roles data $c->response->redirect($c->uri_for($c->controller('Admin')->action_for('status'))); } else { From cab7206f9f72dbcea8e6fead27c45830bfcdc3d0 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 8 Aug 2013 13:55:26 -0400 Subject: [PATCH 209/369] changed access_level to a string --- lib/pf/Authentication/Source/SQLSource.pm | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/lib/pf/Authentication/Source/SQLSource.pm b/lib/pf/Authentication/Source/SQLSource.pm index ce17be3d265f..e03037f98147 100644 --- a/lib/pf/Authentication/Source/SQLSource.pm +++ b/lib/pf/Authentication/Source/SQLSource.pm @@ -28,7 +28,7 @@ has '+type' => ( default => 'SQL' ); sub available_attributes { my $self = shift; - my $super_attributes = $self->SUPER::available_attributes; + my $super_attributes = $self->SUPER::available_attributes; my $own_attributes = [{ value => "username", type => $Conditions::SUBSTRING }]; return [@$super_attributes, @$own_attributes]; @@ -38,7 +38,7 @@ sub available_attributes { =cut -sub authenticate { +sub authenticate { my ( $self, $username, $password ) = @_; my $result = pf::temporary_password::validate_password($username, $password); @@ -87,26 +87,26 @@ sub match { } my $access_level = $result->{'access_level'}; - if ($access_level > 0) { + if (defined $access_level ) { $action = pf::Authentication::Action->new({type => $Actions::SET_ACCESS_LEVEL, value => $access_level}); push(@actions, $action); } - + my $sponsor = $result->{'sponsor'}; if ($sponsor == 1) { $action = pf::Authentication::Action->new({type => $Actions::MARK_AS_SPONSOR, value => 1}); push(@actions, $action); } - + my $unregdate = $result->{'unregdate'}; if (defined $unregdate) { $action = pf::Authentication::Action->new({type => $Actions::SET_UNREG_DATE, value => $unregdate}); push(@actions, $action); } - + my $category = $result->{'category'}; if (defined $category) { $action = pf::Authentication::Action->new({type => $Actions::SET_ROLE, @@ -116,7 +116,7 @@ sub match { return \@actions; } - + return undef; } From c55ea16a80d1a94fbc3854b050a978163db704d1 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 8 Aug 2013 14:05:16 -0400 Subject: [PATCH 210/369] Fixed bug with NONE role not being check first Also allow multiple actions to be passed --- lib/pf/admin_roles.pm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/pf/admin_roles.pm b/lib/pf/admin_roles.pm index f43a1bb3e888..1ab31981e388 100644 --- a/lib/pf/admin_roles.pm +++ b/lib/pf/admin_roles.pm @@ -16,7 +16,7 @@ use warnings; use base qw(Exporter); use pf::file_paths; -use List::MoreUtils qw(any); +use List::MoreUtils qw(any all); use pf::config::cached; our @EXPORT = qw(admin_can @ADMIN_ACTIONS %ADMIN_ROLES $cached_adminroles_config); @@ -39,9 +39,9 @@ our @ADMIN_ACTIONS = qw( ); sub admin_can { - my ($roles,$action) = @_; - return 0 if any {$_ eq 'NONE'}; - return any { exists $ADMIN_ROLES{$_} && exists $ADMIN_ROLES{$_}{$action} } @$roles; + my ($roles,@actions) = @_; + return 0 if any {$_ eq 'NONE'} @$roles; + return any { my $role = $_; exists $ADMIN_ROLES{$role} && all {exists $ADMIN_ROLES{$role}{$_} } @actions } @$roles; } sub reloadConfig { From fd622eb4f72dc5be892a9eb600c9b1d92ece9387 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 9 Aug 2013 10:49:50 -0400 Subject: [PATCH 211/369] Improve JS and templates of admin roles --- html/pfappserver/root/admin/configuration.tt | 1 + .../root/configuration/adminroles/index.tt | 6 +++- .../root/configuration/adminroles/list.tt | 2 +- .../static/admin/configuration/adminroles.js | 29 +++++++++---------- 4 files changed, 20 insertions(+), 18 deletions(-) diff --git a/html/pfappserver/root/admin/configuration.tt b/html/pfappserver/root/admin/configuration.tt index 430ee5dd956c..43f6d6ba527d 100644 --- a/html/pfappserver/root/admin/configuration.tt +++ b/html/pfappserver/root/admin/configuration.tt @@ -89,6 +89,7 @@ table.sources { [% pf_section_entry( 'provisioning', 'Provisioning') %] [% list_entry('Portal::Profile', 'index', 'Portal Profiles') %] [% pf_section_entry( 'webservices', 'Web Services') %] + [% pf_section_entry('adminroles', 'Admin Access') %]
    • [% l('Network') %]
    • [% pf_section_entry( 'interfaces', 'Interfaces') %] [% pf_section_entry( 'switches', 'Switches') %] diff --git a/html/pfappserver/root/configuration/adminroles/index.tt b/html/pfappserver/root/configuration/adminroles/index.tt index 604d5804488c..306e16fd676e 100644 --- a/html/pfappserver/root/configuration/adminroles/index.tt +++ b/html/pfappserver/root/configuration/adminroles/index.tt @@ -15,10 +15,14 @@ -

      [% l('Admin Roles') %]

      +

      [% l('Admin Roles') %]

      [% INCLUDE configuration/adminroles/list.tt %] +
      +

      [% l('No role defined') %]

      +
      +
      [% l('Add admin role') %]
      diff --git a/html/pfappserver/root/configuration/adminroles/list.tt b/html/pfappserver/root/configuration/adminroles/list.tt index 3c44c7c83b47..2b80d9e05c77 100644 --- a/html/pfappserver/root/configuration/adminroles/list.tt +++ b/html/pfappserver/root/configuration/adminroles/list.tt @@ -1,4 +1,4 @@ - +
      diff --git a/html/pfappserver/root/static/admin/configuration/adminroles.js b/html/pfappserver/root/static/admin/configuration/adminroles.js index 3bc603ee7996..5a8224930b96 100644 --- a/html/pfappserver/root/static/admin/configuration/adminroles.js +++ b/html/pfappserver/root/static/admin/configuration/adminroles.js @@ -104,26 +104,17 @@ AdminRolesView.prototype.updateAdminRoles = function(e) { form.find('tr.hidden :input').removeAttr('disabled'); }, success: function(data) { - modal.modal('toggle'); - showSuccess(that.parent.find('.table.items').first(), data.status_msg); - that.list(); + modal.on('hidden', function() { + $('#noRole:visible').addClass('hidden'); + $('#adminroles').replaceWith(data); + }); + modal.modal('hide'); }, errorSibling: modal_body.children().first() }); } }; -AdminRolesView.prototype.list = function() { - this.adminroles.get({ - url: '/configuration/adminroles/list', - success: function(data) { - var table = $('#adminroles'); - table.html(data); - }, - errorSibling: $('#adminroles') - }); -}; - AdminRolesView.prototype.deleteAdminRoles = function(e) { e.preventDefault(); @@ -133,8 +124,14 @@ AdminRolesView.prototype.deleteAdminRoles = function(e) { this.adminroles.get({ url: url, success: function(data) { - showSuccess($('#adminroles'), data.status_msg); - row.fadeOut('slow', function() { $(this).remove(); }); + var table = $('#adminroles'); + showSuccess(table, data.status_msg); + row.remove(); + if (table.find('tbody tr').length == 0) { + // No more filters + table.addClass('hidden'); + $('#noRole').removeClass('hidden'); + } }, errorSibling: $('#adminroles') }); From edbcbd9f120a2d6cd1755785250de66d2ca59cbb Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 9 Aug 2013 10:52:43 -0400 Subject: [PATCH 212/369] Improve syntax --- .../Authentication/Store/PacketFence/User.pm | 7 +++--- .../Controller/Configuration/AdminRoles.pm | 23 +++++++++++-------- .../lib/pfappserver/Form/Config/AdminRoles.pm | 2 +- lib/pf/ConfigStore/AdminRoles.pm | 8 +++---- lib/pf/admin_roles.pm | 18 ++++++++++----- 5 files changed, 34 insertions(+), 24 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm b/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm index 00322efff707..c94752a7564e 100644 --- a/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm +++ b/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm @@ -39,7 +39,7 @@ sub supported_features { } sub check_password { - my ( $self, $password ) = @_; + my ($self, $password) = @_; my $internal_sources = pf::authentication::getInternalAuthenticationSources(); my ($result, $message, $source_id) = &pf::authentication::authenticate($self->_user, $password, @{$internal_sources}); @@ -47,14 +47,15 @@ sub check_password { if ($result) { my $value = &pf::authentication::match($source_id, {username => $self->_user}, $Actions::SET_ACCESS_LEVEL); $self->_roles([split /\s*,\s*/,$value]) if defined $value; - return (defined $value && all{ $_ ne 'NONE'} @{$self->_roles} ); + return (defined $value && all{ $_ ne 'NONE'} @{$self->_roles}); } return $FALSE; } sub roles { - return (@{$_[0]->_roles}); + my $self = shift; + return (@{$self->_roles}); } *for_session = \&id; diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm index 40da106a3f93..2d6fcd1165ea 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm @@ -6,7 +6,7 @@ pfappserver::Controller::Configuration::AdminRoles - Catalyst Controller =head1 DESCRIPTION -Controller for floating device management. +Controller for admin roles management. =cut @@ -23,15 +23,18 @@ BEGIN { with 'pfappserver::Base::Controller::Crud::Config::Clone'; } -__PACKAGE__->config( - action => { -#Reconfigure the object action from pfappserver::Base::Controller::Crud - object => { Chained => '/', PathPart => 'configuration/adminroles', CaptureArgs => 1 } - }, - action_args => { -#Setting the global model and form for all actions - '*' => { model => "Config::AdminRoles",form => "Config::AdminRoles" }, - }, +__PACKAGE__->config + ( + action => + { + # Reconfigure the object action from pfappserver::Base::Controller::Crud + object => { Chained => '/', PathPart => 'configuration/adminroles', CaptureArgs => 1 } + }, + action_args => + { + # Setting the global model and form for all actions + '*' => { model => "Config::AdminRoles", form => "Config::AdminRoles" }, + }, ); =head1 METHODS diff --git a/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm b/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm index f25c7d3fedd8..1e958b0d181c 100644 --- a/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm +++ b/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm @@ -45,7 +45,7 @@ has_field 'actions.contains' => ); has_block definition => ( - render_list => [ qw( description actions)] + render_list => [ qw(description actions)] ); sub build_do_form_wrapper{ 0 } diff --git a/lib/pf/ConfigStore/AdminRoles.pm b/lib/pf/ConfigStore/AdminRoles.pm index ee0c17828326..c8b8608d33e0 100644 --- a/lib/pf/ConfigStore/AdminRoles.pm +++ b/lib/pf/ConfigStore/AdminRoles.pm @@ -25,24 +25,24 @@ sub _buildCachedConfig { $cached_adminroles_config } =head2 cleanupAfterRead -Clean up switch data +Expand list of actions =cut sub cleanupAfterRead { my ($self, $id, $item) = @_; - $self->expand_list($item,$self->expandableParams); + $self->expand_list($item, $self->expandableParams); } =head2 cleanupBeforeCommit -Clean data before update or creating +Flatten list of actions before updating or creating =cut sub cleanupBeforeCommit { my ($self, $id, $item) = @_; - $self->flatten_list($item,$self->expandableParams); + $self->flatten_list($item, $self->expandableParams); } diff --git a/lib/pf/admin_roles.pm b/lib/pf/admin_roles.pm index 1ab31981e388..acacf4b64089 100644 --- a/lib/pf/admin_roles.pm +++ b/lib/pf/admin_roles.pm @@ -1,4 +1,5 @@ package pf::admin_roles; + =head1 NAME pf::admin_roles add documentation @@ -39,25 +40,30 @@ our @ADMIN_ACTIONS = qw( ); sub admin_can { - my ($roles,@actions) = @_; + my ($roles, @actions) = @_; + return 0 if any {$_ eq 'NONE'} @$roles; - return any { my $role = $_; exists $ADMIN_ROLES{$role} && all {exists $ADMIN_ROLES{$role}{$_} } @actions } @$roles; + return any { + my $role = $_; + exists $ADMIN_ROLES{$role} && all { exists $ADMIN_ROLES{$role}{$_} } @actions + } @$roles; } sub reloadConfig { my ($config,$name) = @_; + my %temp; $config->toHash(\%temp); $config->cleanupWhitespace(\%temp); %ADMIN_ROLES = (); - while(my ($role,$data) = each %temp) { + while (my ($role,$data) = each %temp) { my $actions = $data->{actions} || ''; - my %action_data = map {$_ => undef} split /\s*,\s*/,$actions; + my %action_data = map {$_ => undef} split /\s*,\s*/, $actions; $ADMIN_ROLES{$role} = \%action_data; } $ADMIN_ROLES{NONE} = {}; $ADMIN_ROLES{ALL} = { map {$_ => undef} @ADMIN_ACTIONS }; - $config->cache->set("ADMIN_ROLES",\%ADMIN_ROLES); + $config->cache->set("ADMIN_ROLES", \%ADMIN_ROLES); } our $cached_adminroles_config = pf::config::cached->new( @@ -70,7 +76,7 @@ our $cached_adminroles_config = pf::config::cached->new( cache_reload_violation_config => sub { my ($config,$name) = @_; my $data = $config->cache->get("ADMIN_ROLES"); - if($data) { + if ($data) { %ADMIN_ROLES = %$data; } else { reloadConfig($config,$name); From e90122767d8433795a4681c24148495366e4e8c7 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 9 Aug 2013 10:53:33 -0400 Subject: [PATCH 213/369] Admin roles: return list when creating/updating When successfully creating or updating a role, we return the list of all the roles to avoid an additional AJAX query. --- .../Controller/Configuration/AdminRoles.pm | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm index 2d6fcd1165ea..901eb8d1224e 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm @@ -51,11 +51,20 @@ Check which floating device is also defined as a switch after [qw(create clone)] => sub { my ($self, $c) = @_; - if (!(is_success($c->response->status) && $c->request->method eq 'POST' )) { + if (!(is_success($c->response->status) && $c->request->method eq 'POST')) { $c->stash->{template} = 'configuration/adminroles/view.tt'; } }; +after [qw(create clone update)] => sub { + my ($self, $c) = @_; + if (is_success($c->response->status) && $c->request->method eq 'POST') { + $c->stash->{current_view} = 'HTML'; + $c->stash->{template} = 'configuration/adminroles/list.tt'; + $c->forward('list'); + } +}; + =head2 after view =cut From dc38ab96966cf2f3e51c4390da3f233b44e4fd05 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 9 Aug 2013 11:01:49 -0400 Subject: [PATCH 214/369] Improve admin role editor --- .../lib/pfappserver/Form/Config/AdminRoles.pm | 10 +++------- html/pfappserver/root/configuration/adminroles/view.tt | 7 ++++++- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm b/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm index 1e958b0d181c..1142c2c84289 100644 --- a/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm +++ b/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm @@ -2,11 +2,11 @@ package pfappserver::Form::Config::AdminRoles; =head1 NAME -pfappserver::Form::Config::AdminRoles - Web form for a floating device +pfappserver::Form::Config::AdminRoles - Web form for an admin role =head1 DESCRIPTION -Form definition to create or update a floating network device. +Form definition to create or update an admin role =cut @@ -34,19 +34,15 @@ has_field 'actions' => ( type => 'DynamicTable', label => 'Actions', + do_label => 0, 'num_when_empty' => 2, ); has_field 'actions.contains' => ( type => 'Select', - label => 'Actions', options_method => \&options_actions, widget_wrapper => 'DynamicTableRow', ); -has_block definition => - ( - render_list => [ qw(description actions)] - ); sub build_do_form_wrapper{ 0 } diff --git a/html/pfappserver/root/configuration/adminroles/view.tt b/html/pfappserver/root/configuration/adminroles/view.tt index ca7aa47028bb..08df5877fde1 100644 --- a/html/pfappserver/root/configuration/adminroles/view.tt +++ b/html/pfappserver/root/configuration/adminroles/view.tt @@ -10,7 +10,12 @@
      [% form.field('id').render UNLESS item && item.id.defined %] - [% form.block('definition').render %] + [% form.field('description').render %] +
      + +
      + [% form.field('actions').render %] +
      From 93c3ef983607252ea145fbd223fcd4e573699be4 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 12 Aug 2013 12:30:01 -0400 Subject: [PATCH 215/369] Added upgrade and downgrade scripts for admin roles --- db/pf-roles-downgrade.sql | 3 +++ db/pf-roles-upgrade.sql | 3 +++ 2 files changed, 6 insertions(+) create mode 100644 db/pf-roles-downgrade.sql create mode 100644 db/pf-roles-upgrade.sql diff --git a/db/pf-roles-downgrade.sql b/db/pf-roles-downgrade.sql new file mode 100644 index 000000000000..eb435bb842fd --- /dev/null +++ b/db/pf-roles-downgrade.sql @@ -0,0 +1,3 @@ +update temporary_password SET access_level = '4294967295' WHERE access_level = 'ALL' ; +update temporary_password SET access_level = '0' where access_level = 'NONE'; +ALTER TABLE temporary_password CHANGE access_level access_level int unsigned NOT NULL default 0; diff --git a/db/pf-roles-upgrade.sql b/db/pf-roles-upgrade.sql new file mode 100644 index 000000000000..57e8084ffb9d --- /dev/null +++ b/db/pf-roles-upgrade.sql @@ -0,0 +1,3 @@ +ALTER TABLE temporary_password CHANGE access_level access_level varchar(255) default 'NONE'; +update temporary_password SET access_level = 'ALL' where access_level = '4294967295'; +update temporary_password SET access_level = 'NONE' where access_level = '0'; From c711db9352e2bf3a2fa45e2f8b292bbfc2f12adb Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 12 Aug 2013 15:49:48 -0400 Subject: [PATCH 216/369] Pick the first link in the configuration nav link instead of hard coding it to general --- html/pfappserver/root/static/admin/configuration.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/html/pfappserver/root/static/admin/configuration.js b/html/pfappserver/root/static/admin/configuration.js index b0be938280da..74738bdef8f8 100644 --- a/html/pfappserver/root/static/admin/configuration.js +++ b/html/pfappserver/root/static/admin/configuration.js @@ -45,7 +45,9 @@ function init() { return true; }); - $(window).hashchange(pfOnHashChange(updateSection,'/configuration')); + var href = $('.sidebar-nav .nav-list a').first().attr('href'); + href = href.replace(/^.*#/,"/"); + $(window).hashchange(pfOnHashChange(updateSection,href)); $(window).hashchange(); From 01c73ab3458b16d0e0867f690203af51dc2523c5 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 12 Aug 2013 16:14:16 -0400 Subject: [PATCH 217/369] Initial integration of access rights in templates --- conf/adminroles.conf | 11 +++++++ .../Base/Form/Authentication/Action.pm | 2 +- html/pfappserver/root/admin/configuration.tt | 16 ++++++++++ html/pfappserver/root/admin/status.tt | 2 ++ html/pfappserver/root/admin/wrapper.tt | 25 +++++++++++++-- html/pfappserver/root/node/advanced_search.tt | 2 +- html/pfappserver/root/node/simple_search.tt | 2 +- html/pfappserver/root/static/admin/common.css | 3 +- html/pfappserver/root/user/view.tt | 4 +-- lib/pf/admin_roles.pm | 32 ++++++++++++------- 10 files changed, 77 insertions(+), 22 deletions(-) diff --git a/conf/adminroles.conf b/conf/adminroles.conf index e69de29bb2d1..cf13c07ab870 100644 --- a/conf/adminroles.conf +++ b/conf/adminroles.conf @@ -0,0 +1,11 @@ +[Node Manager] +actions=NODES_READ,NODES_CREATE,NODES_UPDATE,NODES_DELETE +description=Nodes management + +[User Manager] +actions=USERS_READ,USERS_DELETE,USERS_UPDATE,USERS_CREATE +description=Users management + +[Violation Manager] +description=Violations managements +actions=VIOLATIONS_READ,VIOLATIONS_CREATE,VIOLATIONS_UPDATE,VIOLATIONS_DELETE,USERS_READ,NODES_READ diff --git a/html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm b/html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm index 6f0c63012de8..6d871e7e5e45 100644 --- a/html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm +++ b/html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm @@ -91,7 +91,7 @@ sub field_list { wrapper => 0, multiple => 1, element_class => ['chzn-select'], - element_attr => {'data-placeholder' => 'Click to add a role' }, + element_attr => {'data-placeholder' => 'Click to add a access right' }, options_method => \&options_access_level, } ); diff --git a/html/pfappserver/root/admin/configuration.tt b/html/pfappserver/root/admin/configuration.tt index 43f6d6ba527d..e165aa7da729 100644 --- a/html/pfappserver/root/admin/configuration.tt +++ b/html/pfappserver/root/admin/configuration.tt @@ -69,6 +69,7 @@ table.sources {
        + [%- IF can_access("CONFIGURATION_MAIN_READ") %]
      • [% l('Main') %]
        • [% pf_section_entry('general', 'General') %] [% pf_section_entry( 'network', 'Network') %] @@ -90,20 +91,35 @@ table.sources { [% list_entry('Portal::Profile', 'index', 'Portal Profiles') %] [% pf_section_entry( 'webservices', 'Web Services') %] [% pf_section_entry('adminroles', 'Admin Access') %] + [%- END %] + [%- IF can_access("CONFIGURATION_NETWORK_READ") %]
      • [% l('Network') %]
      • [% pf_section_entry( 'interfaces', 'Interfaces') %] [% pf_section_entry( 'switches', 'Switches') %] [% pf_section_entry( 'floating_devices', 'Floating devices') %] + [%- END %] + [%- IF can_access("USERS_ROLES_READ") || can_access("USERS_SOURCES_READ") %]
      • [% l('Users') %]
        • + [%- IF can_access("USERS_ROLES_READ") %] [% pf_section_entry( 'roles', 'Roles') %] + [%- END %] + [%- IF can_access("USERS_SOURCES_READ") %] [% list_entry('Authentication', 'index', 'Sources') %] + [%- IF can_access("VIOLATIONS_READ") || can_access("SOH_READ") %]
      • [% l('Compliance') %]
        • + [%- IF can_access("VIOLATIONS_READ") %] [% list_entry('Violation', 'index', 'Violations') %] + [%- END %] + [%- IF can_access("SOH_READ") %] [% pf_section_entry( 'soh', 'Statement of Health') %] + [%- END %] + [%- END %] + [%- IF can_access("CONFIGURATION_IDENTIFICATION_READ") %]
      • [% l('Identification') %]
        • [% list_entry('Configuration::FingerPrints', 'index', 'Fingerprints') %] [% list_entry('Configuration::UserAgents', 'index', 'User Agents') %] [% list_entry('Configuration::MacAddress', 'index', 'MAC Addresses') %] + [%- END %]
      diff --git a/html/pfappserver/root/admin/status.tt b/html/pfappserver/root/admin/status.tt index 1906e1d8104a..fe10ab73b78d 100644 --- a/html/pfappserver/root/admin/status.tt +++ b/html/pfappserver/root/admin/status.tt @@ -22,7 +22,9 @@
      • [% l('Overview') %]
      • [% l('Dashboard') %]
        • + [%- IF can_access("SERVICES") %]
      • [% l('Services') %]
        • + [%- END %] diff --git a/html/pfappserver/root/admin/wrapper.tt b/html/pfappserver/root/admin/wrapper.tt index bf7f36efb44d..78bdd35a79e6 100644 --- a/html/pfappserver/root/admin/wrapper.tt +++ b/html/pfappserver/root/admin/wrapper.tt @@ -51,26 +51,45 @@ - [% IF c.user_exists -%] + [%- IF c.user_exists %]
          [% l('Status') %] + [%- IF can_access("REPORTS") %] [% l('Reports') %] + [%- END %] + [%- IF can_access("NODES_READ") %] [% l('Nodes') %] - [% IF can_access("USERS_VIEW") %] + [%- END %] + [%- IF can_access("USERS_READ") %] [% l('Users') %] - [% END %] + [%- END %] + [%- IF can_access("CONFIGURATION_MAIN_READ") || + can_access("CONFIGURATION_NETWORK_READ") || + can_access("USERS_READ") || + can_access("USERS_ROLES_READ") || + can_access("USERS_SOURCES_READ") || + can_access("VIOLATIONS_READ") || + can_access("VIOLATIONS_CREATE") || + can_access("VIOLATIONS_UPDATE") || + can_access("VIOLATIONS_DELETE") || + can_access("VIOLATIONS_READ") || + can_access("SOH_READ") || + can_access("FINGERPRINTS_READ") || + can_access("USERAGENTS_READ") || + can_access("MAC_READ") %] [% l('Configuration') %] + [%- END %]
        • diff --git a/html/pfappserver/root/node/advanced_search.tt b/html/pfappserver/root/node/advanced_search.tt index d8457ec15d18..2977c5338d24 100644 --- a/html/pfappserver/root/node/advanced_search.tt +++ b/html/pfappserver/root/node/advanced_search.tt @@ -100,7 +100,7 @@
      [%- END %] [%- IF c.session.nodecolumns.pid %] - + [%- END %] [%- IF c.session.nodecolumns.last_ip %] diff --git a/html/pfappserver/root/node/simple_search.tt b/html/pfappserver/root/node/simple_search.tt index fe4cf66b57c4..30ae676d558d 100644 --- a/html/pfappserver/root/node/simple_search.tt +++ b/html/pfappserver/root/node/simple_search.tt @@ -100,7 +100,7 @@ [%- END %] [%- IF c.session.nodecolumns.pid %] - + [%- END %] [%- IF c.session.nodecolumns.last_ip %] diff --git a/html/pfappserver/root/static/admin/common.css b/html/pfappserver/root/static/admin/common.css index fef48dfbddb8..5551da20f347 100644 --- a/html/pfappserver/root/static/admin/common.css +++ b/html/pfappserver/root/static/admin/common.css @@ -38,10 +38,9 @@ table .action { .table .control-group { margin-bottom: 0; } -.table .btn-group { +.table .btn-group, .table-condensed select { vertical-align: top; } - .loader { position: fixed; left: 50%; diff --git a/html/pfappserver/root/user/view.tt b/html/pfappserver/root/user/view.tt index c30750618719..9132d20697b7 100644 --- a/html/pfappserver/root/user/view.tt +++ b/html/pfappserver/root/user/view.tt @@ -16,8 +16,8 @@
    • [% l('Password') %]
    • [% l('Actions') %]
      • [% END -%] -
    • [% l('Devices') %]
      • -
    • [% l('Violations') %]
      • + [% IF can_access("NODES_READ") %]
    • [% l('Devices') %]
      • [% END %] + [% IF can_access("VIOLATIONS_READ") %]
    • [% l('Violations') %]
      • [% END %]
      diff --git a/lib/pf/admin_roles.pm b/lib/pf/admin_roles.pm index acacf4b64089..4a7b17f20b1c 100644 --- a/lib/pf/admin_roles.pm +++ b/lib/pf/admin_roles.pm @@ -25,18 +25,26 @@ our %ADMIN_ROLES; our @ADMIN_ACTIONS = qw( SERVICES REPORTS - USERS_VIEW - USERS_ADD - USERS_MODIFY - USERS_REMOVE - NODES_VIEW - NODES_ADD - NODES_MODIFY - NODES_REMOVE - VIOLATIONS_VIEW - VIOLATIONS_ADD - VIOLATIONS_MODIFY - VIOLATIONS_REMOVE + USERS_READ + USERS_CREATE + USERS_UPDATE + USERS_DELETE + NODES_READ + NODES_CREATE + NODES_UPDATE + NODES_DELETE + CONFIGURATION_MAIN_READ + CONFIGURATION_NETWORK_READ + USERS_ROLES_READ + USERS_SOURCES_READ + VIOLATIONS_READ + VIOLATIONS_CREATE + VIOLATIONS_UPDATE + VIOLATIONS_DELETE + SOH_READ + FINGERPRINTS_READ + USERAGENTS_READ + MAC_READ ); sub admin_can { From 81ac26cb13e4fd4b6d9e4b6d5a6ad904c95ba35c Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 12 Aug 2013 18:20:42 -0400 Subject: [PATCH 218/369] Have a default for onhashchange --- html/pfappserver/root/static/admin/configuration.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/html/pfappserver/root/static/admin/configuration.js b/html/pfappserver/root/static/admin/configuration.js index 74738bdef8f8..c72f472e0421 100644 --- a/html/pfappserver/root/static/admin/configuration.js +++ b/html/pfappserver/root/static/admin/configuration.js @@ -46,7 +46,11 @@ function init() { }); var href = $('.sidebar-nav .nav-list a').first().attr('href'); - href = href.replace(/^.*#/,"/"); + if(href) { + href = href.replace(/^.*#/,"/"); + } else { + href = "/configuration"; + } $(window).hashchange(pfOnHashChange(updateSection,href)); $(window).hashchange(); From 0279654c079a099a06d2cd367427a10d12d33249 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 13 Aug 2013 10:13:11 -0400 Subject: [PATCH 219/369] Fix configuration template wrt admin roles --- html/pfappserver/root/admin/configuration.tt | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/html/pfappserver/root/admin/configuration.tt b/html/pfappserver/root/admin/configuration.tt index e165aa7da729..b08697ab7378 100644 --- a/html/pfappserver/root/admin/configuration.tt +++ b/html/pfappserver/root/admin/configuration.tt @@ -114,12 +114,18 @@ table.sources { [% pf_section_entry( 'soh', 'Statement of Health') %] [%- END %] [%- END %] - [%- IF can_access("CONFIGURATION_IDENTIFICATION_READ") %] + [%- IF can_access("FINGERPRINTS_READ") || can_access("USERAGENTS_READ") || can_access("MAC_READ") %]
    • [% l('Identification') %]
      • + [%- IF can_access("FINGERPRINTS_READ") %] [% list_entry('Configuration::FingerPrints', 'index', 'Fingerprints') %] + [%- END %] + [%- IF can_access("USERAGENTS_READ") %] [% list_entry('Configuration::UserAgents', 'index', 'User Agents') %] + [%- END %] + [%- IF can_access("MAC_READ") %] [% list_entry('Configuration::MacAddress', 'index', 'MAC Addresses') %] [%- END %] + [%- END %]
      From 59503ea4dea927287d25d7e8072ca39f12b002f1 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Fri, 30 Aug 2013 13:28:27 -0400 Subject: [PATCH 220/369] Fix packaging --- addons/packages/packetfence.spec | 2 ++ debian/packetfence.conffiles | 2 ++ 2 files changed, 4 insertions(+) diff --git a/addons/packages/packetfence.spec b/addons/packages/packetfence.spec index b01926904354..58529a92e0eb 100644 --- a/addons/packages/packetfence.spec +++ b/addons/packages/packetfence.spec @@ -647,6 +647,8 @@ fi %attr(0755, pf, pf) /usr/local/pf/bin/pftest %doc /usr/local/pf/ChangeLog %dir /usr/local/pf/conf +%config(noreplace) /usr/local/pf/conf/admin_roles.conf +%config(noreplace) /usr/local/pf/conf/adminroles.conf %config(noreplace) /usr/local/pf/conf/authentication.conf %config /usr/local/pf/conf/chi.conf %config /usr/local/pf/conf/dhcp_fingerprints.conf diff --git a/debian/packetfence.conffiles b/debian/packetfence.conffiles index 080f3f0acbd4..11b4923708a0 100644 --- a/debian/packetfence.conffiles +++ b/debian/packetfence.conffiles @@ -1,3 +1,5 @@ +/usr/local/pf/conf/admin_roles.conf +/usr/local/pf/conf/adminroles.conf /usr/local/pf/conf/authentication.conf /usr/local/pf/conf/profiles.conf /usr/local/pf/conf/dhcp_fingerprints.conf From 3ddaef13aa482b7c90af95cb1576367e4938e68d Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 6 Sep 2013 09:52:38 -0400 Subject: [PATCH 221/369] Fix condition to show configuration section --- html/pfappserver/root/admin/wrapper.tt | 1 - 1 file changed, 1 deletion(-) diff --git a/html/pfappserver/root/admin/wrapper.tt b/html/pfappserver/root/admin/wrapper.tt index 78bdd35a79e6..058eb4cd09dd 100644 --- a/html/pfappserver/root/admin/wrapper.tt +++ b/html/pfappserver/root/admin/wrapper.tt @@ -74,7 +74,6 @@ [%- END %] [%- IF can_access("CONFIGURATION_MAIN_READ") || can_access("CONFIGURATION_NETWORK_READ") || - can_access("USERS_READ") || can_access("USERS_ROLES_READ") || can_access("USERS_SOURCES_READ") || can_access("VIOLATIONS_READ") || From fb06354498097e1ebcd8da20e214ebb97807bbd4 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 18 Sep 2013 15:25:01 -0400 Subject: [PATCH 222/369] Add new AdminRole action This action is used whenever the AdminRole action parameter is defined in a controller. --- .../lib/pfappserver/Base/Action/AdminRole.pm | 73 +++++++++++++++++++ .../lib/pfappserver/Base/Controller.pm | 51 +++++++++++-- 2 files changed, 117 insertions(+), 7 deletions(-) create mode 100644 html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm diff --git a/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm b/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm new file mode 100644 index 000000000000..3a24143a18be --- /dev/null +++ b/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm @@ -0,0 +1,73 @@ +package Base::Action::AdminRole; + +=head1 NAME + +/usr/local/pf/html/pfappserver/lib/pfappserver/Base/Action add documentation + +=head1 DESCRIPTION + +AdminRole + +=cut + +use strict; +use warnings; +use HTTP::Status qw(:constants); +use Moose; +use namespace::autoclean; + +use pf::admin_roles; + +BEGIN { extends 'Catalyst::Action'; } + +=head1 METHODS + +=head2 before execute + +Verify that the user has the rights to execute the controller's action. + +=cut + +before execute => sub { + my ( $self, $controller, $c, %args ) = @_; + + my $action = $self->attributes->{AdminRole}[0]; + my $roles = []; + $roles = [$c->user->roles] if $c->user_exists; + + $c->log->info('Does ('.join(',', @$roles).') includes '.$action.'?'); + + unless(admin_can($roles, $action)) { + $c->response->status(HTTP_UNAUTHORIZED); + $c->stash->{status_msg} = "You don't have the rights to perform this action."; + $c->stash->{current_view} = 'JSON'; + $c->detach(); + } +}; + + +=head1 COPYRIGHT + +Copyright (C) 2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/html/pfappserver/lib/pfappserver/Base/Controller.pm b/html/pfappserver/lib/pfappserver/Base/Controller.pm index 585fa82ebe97..79cb68b5920a 100644 --- a/html/pfappserver/lib/pfappserver/Base/Controller.pm +++ b/html/pfappserver/lib/pfappserver/Base/Controller.pm @@ -18,6 +18,7 @@ use Moose; use namespace::autoclean; use POSIX; use URI::Escape; +use pfappserver::Base::Action::AdminRole; use pfappserver::Base::Action::SimpleSearch; use pf::os; @@ -77,33 +78,69 @@ sub auto :Private { =head2 valid_param +Subroutines with the 'SimpleSearch' attribute will automatically stash +URL parameters listed in our VALID_PARAMS hash. + =cut sub valid_param { - my ($self,$key) = @_; + my ($self, $key) = @_; return exists $VALID_PARAMS{$key}; } +=head2 _parse_SimpleSearch_attr + +Customize the parsing of the 'SimpleSearch' subroutine attribute. Returns a hash with the attribute value. + +See https://metacpan.org/module/Catalyst::Controller#parse_-name-_attr + +=cut + sub _parse_SimpleSearch_attr { - my ( $self, $c, $name, $value ) = @_; + my ($self, $c, $name, $value) = @_; return SimpleSearch => $value; } +=head2 _parse_AdminRole_attr + +Customize the parsing of the 'AdminRole' subroutine attribute. Returns a hash with the attribute value. + +See https://metacpan.org/module/Catalyst::Controller#parse_-name-_attr + +=cut + +sub _parse_AdminRole_attr { + my ($self, $c, $name, $value) = @_; + return AdminRole => $value; +} + =head2 around create_action +Construction of a new Catalyst::Action. + +See https://metacpan.org/module/Catalyst::Controller#self-create_action-args + =cut around create_action => sub { my ($orig, $self, %args) = @_; + my $model; + return $self->$orig(%args) if $args{name} =~ /^_(DISPATCH|BEGIN|AUTO|ACTION|END)$/; - my ($model) = @{ $args{attributes}->{SimpleSearch} || [] }; + ($model) = @{ $args{attributes}->{SimpleSearch} || [] }; + if ($model) { + return Base::Action::SimpleSearch->new(\%args); + } - return $self->$orig(%args) unless $model; + ($model) = @{ $args{attributes}->{AdminRole} || [] }; + if ($model) { + return Base::Action::AdminRole->new(\%args); + } - return Base::Action::SimpleSearch->new(\%args); + return $self->$orig(%args); }; =head2 _list_items @@ -194,7 +231,7 @@ sub add_fake_profile_data { =cut sub getForm { - my ($self,$c,@args) = @_; + my ($self, $c, @args) = @_; unless (@args) { if (exists $c->action->{form} && defined (my $form = $c->action->{form})) { push @args,$form; @@ -208,7 +245,7 @@ sub getForm { =cut sub getModel { - my ($self,$c,@args) = @_; + my ($self, $c, @args) = @_; unless (@args) { if (exists $c->action->{model} && defined (my $model = $c->action->{model})) { push @args,$model; From 470f31f33998445e27b1116c6deadcbe518e4e7c Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 18 Sep 2013 15:39:00 -0400 Subject: [PATCH 223/369] Add access rights to nodes management --- .../lib/pfappserver/Controller/Admin.pm | 2 +- .../lib/pfappserver/Controller/Node.pm | 26 ++--- html/pfappserver/root/node/view.tt | 104 +++++++++--------- html/pfappserver/root/node/violations.tt | 14 ++- 4 files changed, 74 insertions(+), 72 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Admin.pm b/html/pfappserver/lib/pfappserver/Controller/Admin.pm index 9d96e53febac..0433c512df1e 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Admin.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Admin.pm @@ -158,7 +158,7 @@ sub reports :Chained('object') :PathPart('reports') :Args(0) { =cut -sub nodes :Chained('object') :PathPart('nodes') :Args(0) { +sub nodes :Chained('object') :PathPart('nodes') :Args(0) :AdminRole('NODES_READ') { my ( $self, $c ) = @_; my $id = $c->user->id; my ($status, $saved_searches) = $c->model("SavedSearch::Node")->read_all($id); diff --git a/html/pfappserver/lib/pfappserver/Controller/Node.pm b/html/pfappserver/lib/pfappserver/Controller/Node.pm index 71f17db2bcc9..214dbcdc37c0 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Node.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Node.pm @@ -36,7 +36,7 @@ __PACKAGE__->config( =cut -sub index :Path :Args(0) { +sub index :Path :Args(0) :AdminRole('NODES_READ') { my ( $self, $c ) = @_; $c->go('simple_search'); } @@ -45,7 +45,7 @@ sub index :Path :Args(0) { =cut -sub simple_search :SimpleSearch('Node') :Local :Args() { } +sub simple_search :SimpleSearch('Node') :Local :Args() :AdminRole('NODES_READ') { } =head2 after _list_items @@ -73,7 +73,7 @@ Perform an advanced search using the Search::Node model =cut -sub advanced_search :Local :Args() { +sub advanced_search :Local :Args() :AdminRole('NODES_READ') { my ($self, $c, @args) = @_; my ($status, $status_msg, $result); my %search_results; @@ -219,7 +219,7 @@ sub object :Chained('/') :PathPart('node') :CaptureArgs(1) { =cut -sub view :Chained('object') :PathPart('read') :Args(0) { +sub view :Chained('object') :PathPart('read') :Args(0) :AdminRole('NODES_READ') { my ($self, $c) = @_; my ($nodeStatus, $result); @@ -256,7 +256,7 @@ sub view :Chained('object') :PathPart('read') :Args(0) { =cut -sub update :Chained('object') :PathPart('update') :Args(0) { +sub update :Chained('object') :PathPart('update') :Args(0) :AdminRole('NODES_UPDATE') { my ( $self, $c ) = @_; my ($status, $message); @@ -286,7 +286,7 @@ sub update :Chained('object') :PathPart('update') :Args(0) { =cut -sub delete :Chained('object') :PathPart('delete') :Args(0) { +sub delete :Chained('object') :PathPart('delete') :Args(0) :AdminRole('NODES_DELETE') { my ( $self, $c ) = @_; my ($status, $message) = $c->model('Node')->delete($c->stash->{mac}); @@ -301,7 +301,7 @@ sub delete :Chained('object') :PathPart('delete') :Args(0) { =cut -sub violations :Chained('object') :PathPart :Args(0) { +sub violations :Chained('object') :PathPart :Args(0) :AdminRole('NODES_READ') { my ($self, $c) = @_; my ($status, $result) = $c->model('Node')->violations($c->stash->{mac}); if (is_success($status)) { @@ -322,7 +322,7 @@ sub violations :Chained('object') :PathPart :Args(0) { =cut -sub triggerViolation :Chained('object') :PathPart('trigger') :Args(1) { +sub triggerViolation :Chained('object') :PathPart('trigger') :Args(1) :AdminRole('NODES_UPDATE') { my ($self, $c, $id) = @_; my ($status, $result) = $c->model('Config::Violations')->hasId($id); if (is_success($status)) { @@ -342,7 +342,7 @@ sub triggerViolation :Chained('object') :PathPart('trigger') :Args(1) { =cut -sub closeViolation :Path('close') :Args(1) { +sub closeViolation :Path('close') :Args(1) :AdminRole('NODES_UPDATE') { my ($self, $c, $id) = @_; my ($status, $result) = $c->model('Node')->closeViolation($id); $c->response->status($status); @@ -354,7 +354,7 @@ sub closeViolation :Path('close') :Args(1) { =cut -sub bulk_close: Local { +sub bulk_close: Local :AdminRole('NODES_UPDATE') { my ($self, $c) = @_; $c->stash->{current_view} = 'JSON'; my ($status, $status_msg); @@ -377,7 +377,7 @@ sub bulk_close: Local { =cut -sub bulk_register: Local { +sub bulk_register: Local :AdminRole('NODES_UPDATE') { my ($self, $c) = @_; $c->stash->{current_view} = 'JSON'; my ($status, $status_msg); @@ -400,7 +400,7 @@ sub bulk_register: Local { =cut -sub bulk_deregister: Local { +sub bulk_deregister: Local :AdminRole('NODES_UPDATE') { my ($self, $c) = @_; $c->stash->{current_view} = 'JSON'; my ($status, $status_msg); @@ -423,7 +423,7 @@ sub bulk_deregister: Local { =cut -sub bulk_apply_role: Local : Args(1) { +sub bulk_apply_role: Local : Args(1) :AdminRole('NODES_UPDATE') { my ($self, $c, $role) = @_; $c->stash->{current_view} = 'JSON'; my ($status, $status_msg); diff --git a/html/pfappserver/root/node/view.tt b/html/pfappserver/root/node/view.tt index ebfda1fed998..ac52ee5b36c9 100644 --- a/html/pfappserver/root/node/view.tt +++ b/html/pfappserver/root/node/view.tt @@ -109,61 +109,61 @@
      -[% IF node.iplog.history.size %] -
      [% l('Role Name') %][% node.computername %][% node.pid %][% IF can_access("USERS_READ") %][% node.pid %][% ELSE %][% node.pid %][% END %][% IF node.last_ssid %] [% END %][% node.last_ip %][% node.computername %][% node.pid %][% IF can_access("USERS_READ") %][% node.pid %][% ELSE %][% node.pid %][% END %][% IF node.last_ssid %] [% END %][% node.last_ip %]
      - - - - - - - - - [% FOR item IN node.iplog.history %] - - - - - - [% END %] - -
      [% l('IP') %][% l('Start') %][% l('End') %]
      [% item.ip %][% item.start_time %][% item.end_time %]
      -[% ELSE %] -
      -

      [% l('No IP history') %]

      -
      -[% END %] + [%- IF node.iplog.history.size %] + + + + + + + + + + [% FOR item IN node.iplog.history %] + + + + + + [% END %] + +
      [% l('IP') %][% l('Start') %][% l('End') %]
      [% item.ip %][% item.start_time %][% item.end_time %]
      + [%- ELSE %] +
      +

      [% l('No IP history') %]

      +
      + [%- END %]
      -[% IF node.locationlog.history.size %] - - - - - - - - - - - [% FOR item IN node.locationlog.history %] - - - - - - - [% END %] - -
      [% l('Switch/AP') %][% l('Connection Type') %][% l('Start') %][% l('End') %]
      [% IF switches.${item.switch} %][% item.switch %][% ELSE %][% item.switch %][% END %]
      [% IF item.ssid %] [% item.ssid %][% ELSE %][% IF item.port.length %][% l('port') %] [% item.port %] [% END %][% IF item.vlan.length %]vlan [% item.vlan %][% END %][% END %]      		[% l(item.connection_type) %][% item.start_time %][% item.end_time %]
      -[% ELSE %] -
      -

      [% l('No location history') %]

      -
      -[% END %] + [%- IF node.locationlog.history.size %] + + + + + + + + + + + [% FOR item IN node.locationlog.history %] + + + + + + + [% END %] + +
      [% l('Switch/AP') %][% l('Connection Type') %][% l('Start') %][% l('End') %]
      [% IF switches.${item.switch} %][% item.switch %][% ELSE %][% item.switch %][% END %]
      [% IF item.ssid %] [% item.ssid %][% ELSE %][% IF item.port.length %][% l('port') %] [% item.port %] [% END %][% IF item.vlan.length %]vlan [% item.vlan %][% END %][% END %]      		[% l(item.connection_type) %][% item.start_time %][% item.end_time %]
      + [% ELSE %] +
      +

      [% l('No location history') %]

      +
      + [% END %]
      @@ -175,9 +175,9 @@
      - [% l('Delete') %] + [% IF can_access("NODES_DELETE") %] [% l('Delete') %][% END %] [% l('Close') %] - + [% IF can_access("NODES_UPDATE") %][% END %]
      diff --git a/html/pfappserver/root/node/violations.tt b/html/pfappserver/root/node/violations.tt index 9ed859e64b13..69f61b464036 100644 --- a/html/pfappserver/root/node/violations.tt +++ b/html/pfappserver/root/node/violations.tt @@ -1,4 +1,4 @@ -[% IF items.size %] +[%- IF items.size %] @@ -9,21 +9,22 @@ - [% FOR item IN items %] + [%- FOR item IN items %] - + - [% END %] + [%- END %]
      [% item.description %] [% item.start_date %] [% item.release_date %][% IF item.status == 'open' %][% l('Release') %][% END %][% IF item.status == 'open' && can_access("NODES_UPDATE") %][% l('Release') %][% END %]
      -[% ELSE %] +[%- ELSE %]

      [% l('No violation found') %]

      -[% END %] +[%- END %] +[%- IF can_access("NODES_UPDATE") %]
      [% l('Trigger') %]
      +[%- END %] From 915f2d434e4a7ddee47e73d8a9d7ee2dcceb5e19 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 18 Sep 2013 15:44:16 -0400 Subject: [PATCH 224/369] Add more access rights "actions" --- html/pfappserver/root/admin/configuration.tt | 2 +- lib/pf/admin_roles.pm | 19 ++++++++++++++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/html/pfappserver/root/admin/configuration.tt b/html/pfappserver/root/admin/configuration.tt index b08697ab7378..62a9293de971 100644 --- a/html/pfappserver/root/admin/configuration.tt +++ b/html/pfappserver/root/admin/configuration.tt @@ -92,7 +92,7 @@ table.sources { [% pf_section_entry( 'webservices', 'Web Services') %] [% pf_section_entry('adminroles', 'Admin Access') %] [%- END %] - [%- IF can_access("CONFIGURATION_NETWORK_READ") %] + [%- IF can_access("INTERFACES_READ") || can_access("SWITCHES_READ") || can_access("FLOATING_DEVICES_READ") %]
    • [% l('Network') %]
    • [% pf_section_entry( 'interfaces', 'Interfaces') %] [% pf_section_entry( 'switches', 'Switches') %] diff --git a/lib/pf/admin_roles.pm b/lib/pf/admin_roles.pm index 4a7b17f20b1c..1903212d1752 100644 --- a/lib/pf/admin_roles.pm +++ b/lib/pf/admin_roles.pm @@ -34,7 +34,19 @@ our @ADMIN_ACTIONS = qw( NODES_UPDATE NODES_DELETE CONFIGURATION_MAIN_READ - CONFIGURATION_NETWORK_READ + CONFIGURATION_MAIN_UPDATE + INTERFACES_READ + INTERFACES_CREATE + INTERFACES_UPDATE + INTERFACES_DELETE + SWITCHES_READ + SWITCHES_CREATE + SWITCHES_UPDATE + SWITCHES_DELETE + FLOATING_DEVICES_READ + FLOATING_DEVICES_CREATE + FLOATING_DEVICES_UPDATE + FLOATING_DEVICES_DELETE USERS_ROLES_READ USERS_SOURCES_READ VIOLATIONS_READ @@ -42,9 +54,14 @@ our @ADMIN_ACTIONS = qw( VIOLATIONS_UPDATE VIOLATIONS_DELETE SOH_READ + SOH_CREATE + SOH_UPDATE + SOH_DELETE FINGERPRINTS_READ + FINGERPRINTS_UPDATE USERAGENTS_READ MAC_READ + MAC_UPDATE ); sub admin_can { From ee1aeea1b07ef29a9256af0052e16797220d0c69 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 18 Sep 2013 15:45:01 -0400 Subject: [PATCH 225/369] Fix HTML of admin role editor --- html/pfappserver/root/configuration/adminroles/view.tt | 1 + 1 file changed, 1 insertion(+) diff --git a/html/pfappserver/root/configuration/adminroles/view.tt b/html/pfappserver/root/configuration/adminroles/view.tt index 08df5877fde1..ac1d8603c007 100644 --- a/html/pfappserver/root/configuration/adminroles/view.tt +++ b/html/pfappserver/root/configuration/adminroles/view.tt @@ -15,6 +15,7 @@
      [% form.field('actions').render %] +
      From 52a48855375128ab8712a04ff25ee2c387225bb4 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 18 Sep 2013 17:01:43 -0400 Subject: [PATCH 226/369] Changed SimpleSearch and AdminRole to be a role into of a class --- .../lib/pfappserver/Base/Action/AdminRole.pm | 8 +++--- .../pfappserver/Base/Action/SimpleSearch.pm | 8 +++--- .../lib/pfappserver/Base/Controller.pm | 26 +++++++++---------- 3 files changed, 18 insertions(+), 24 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm b/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm index 3a24143a18be..ce2bdf928290 100644 --- a/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm +++ b/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm @@ -1,4 +1,4 @@ -package Base::Action::AdminRole; +package pfappserver::Base::Action::AdminRole; =head1 NAME @@ -13,13 +13,11 @@ AdminRole use strict; use warnings; use HTTP::Status qw(:constants); -use Moose; +use Moose::Role; use namespace::autoclean; use pf::admin_roles; -BEGIN { extends 'Catalyst::Action'; } - =head1 METHODS =head2 before execute @@ -30,7 +28,7 @@ Verify that the user has the rights to execute the controller's action. before execute => sub { my ( $self, $controller, $c, %args ) = @_; - + my $action = $self->attributes->{AdminRole}[0]; my $roles = []; $roles = [$c->user->roles] if $c->user_exists; diff --git a/html/pfappserver/lib/pfappserver/Base/Action/SimpleSearch.pm b/html/pfappserver/lib/pfappserver/Base/Action/SimpleSearch.pm index 073f353acad9..b4039d42458a 100644 --- a/html/pfappserver/lib/pfappserver/Base/Action/SimpleSearch.pm +++ b/html/pfappserver/lib/pfappserver/Base/Action/SimpleSearch.pm @@ -1,4 +1,4 @@ -package Base::Action::SimpleSearch; +package pfappserver::Base::Action::SimpleSearch; =head1 NAME @@ -6,16 +6,14 @@ package Base::Action::SimpleSearch; =head1 DESCRIPTION -SimpleSearch +SimpleSearch =cut use strict; use warnings; -use Moose; +use Moose::Role; use namespace::autoclean; - -BEGIN { extends 'Catalyst::Action'; } after execute => sub { my ( $self, $controller, $c, %args ) = @_; diff --git a/html/pfappserver/lib/pfappserver/Base/Controller.pm b/html/pfappserver/lib/pfappserver/Base/Controller.pm index 79cb68b5920a..d24e06effde4 100644 --- a/html/pfappserver/lib/pfappserver/Base/Controller.pm +++ b/html/pfappserver/lib/pfappserver/Base/Controller.pm @@ -15,6 +15,7 @@ use warnings; use Date::Parse; use HTTP::Status qw(:constants is_error is_success); use Moose; +use Moose::Util qw(apply_all_roles); use namespace::autoclean; use POSIX; use URI::Escape; @@ -126,21 +127,18 @@ around create_action => sub { my ($orig, $self, %args) = @_; my $model; - - return $self->$orig(%args) - if $args{name} =~ /^_(DISPATCH|BEGIN|AUTO|ACTION|END)$/; - - ($model) = @{ $args{attributes}->{SimpleSearch} || [] }; - if ($model) { - return Base::Action::SimpleSearch->new(\%args); - } - - ($model) = @{ $args{attributes}->{AdminRole} || [] }; - if ($model) { - return Base::Action::AdminRole->new(\%args); + my $action = $self->$orig(%args); + unless ($args{name} =~ /^_(DISPATCH|BEGIN|AUTO|ACTION|END)$/) { + my @roles; + if(@{ $args{attributes}->{SimpleSearch} || [] }) { + push @roles,'pfappserver::Base::Action::SimpleSearch'; + } + if(@{ $args{attributes}->{AdminRole} || [] }) { + push @roles,'pfappserver::Base::Action::AdminRole'; + } + apply_all_roles($action,@roles) if @roles; } - - return $self->$orig(%args); + return $action; }; =head2 _list_items From 887aa7bccb3ed445fecd23d6e5a6af81d482db45 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 18 Sep 2013 17:03:14 -0400 Subject: [PATCH 227/369] Added role SWITCHES_READ to configuration/switch/view --- .../lib/pfappserver/Controller/Configuration/Switch.pm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration/Switch.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration/Switch.pm index f8dee68a81c5..e6770a0a7ee6 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configuration/Switch.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration/Switch.pm @@ -25,7 +25,8 @@ BEGIN { __PACKAGE__->config( action => { #Reconfigure the object dispatcher from pfappserver::Base::Controller::Crud - object => { Chained => '/', PathPart => 'configuration/switch', CaptureArgs => 1 } + object => { Chained => '/', PathPart => 'configuration/switch', CaptureArgs => 1 }, + view => { Chained => 'object', PathPart => 'read', Args => 0, AdminRole => [qw(SWITCHES_READ)] } }, ); From 1d4ee33551794a38268def6efce273e9c4a05e7b Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 18 Sep 2013 17:04:08 -0400 Subject: [PATCH 228/369] Added role USERS_DELETE to user/delete --- html/pfappserver/lib/pfappserver/Controller/User.pm | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/User.pm b/html/pfappserver/lib/pfappserver/Controller/User.pm index af743d74c215..e554bd69aff5 100644 --- a/html/pfappserver/lib/pfappserver/Controller/User.pm +++ b/html/pfappserver/lib/pfappserver/Controller/User.pm @@ -97,7 +97,7 @@ sub view :Chained('object') :PathPart('read') :Args(0) { =cut -sub delete :Chained('object') :PathPart('delete') :Args(0) { +sub delete :Chained('object') :PathPart('delete') :Args(0) : AdminRole('USERS_DELETE') { my ($self, $c) = @_; my ($status, $result) = $c->model('User')->delete($c->stash->{user}->{pid}); @@ -364,17 +364,6 @@ sub mail :Local { $c->stash->{current_view} = 'JSON'; } -before [qw(delete)] => sub { - my ($self,$c,$role) = @_; - unless(admin_can($c->user,"USERS_REMOVE")) { - $c->log->info("Here"); - $c->response->status(HTTP_UNAUTHORIZED); - $c->stash->{status_msg} = "You shall not pass"; - $c->stash->{current_view} = 'JSON'; - $c->detach(); - } -}; - =head1 COPYRIGHT Copyright (C) 2012 Inverse inc. From 7faf37c20f8ce811640a61297e35875f73013fc9 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 18 Sep 2013 17:10:01 -0400 Subject: [PATCH 229/369] Added role FLOATING_DEVICES_READ to configuration/floatingdevice/read --- .../lib/pfappserver/Controller/Configuration/FloatingDevice.pm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration/FloatingDevice.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration/FloatingDevice.pm index 5da7904701c3..62a70f75a58a 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configuration/FloatingDevice.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration/FloatingDevice.pm @@ -26,7 +26,8 @@ BEGIN { __PACKAGE__->config( action => { #Reconfigure the object action from pfappserver::Base::Controller::Crud - object => { Chained => '/', PathPart => 'configuration/floatingdevice', CaptureArgs => 1 } + object => { Chained => '/', PathPart => 'configuration/floatingdevice', CaptureArgs => 1 }, + view => { Chained => 'object', PathPart => 'read', Args => 0, AdminRole => [qw(FLOATING_DEVICES_READ)] } }, action_args => { #Setting the global model and form for all actions From f31d2eb13a84dec72798cc19c2ea83f34bc1a14c Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 19 Sep 2013 14:58:16 -0400 Subject: [PATCH 230/369] Add access rights to floating devices management --- .../Controller/Configuration/FloatingDevice.pm | 16 ++++++++++++---- .../root/configuration/floatingdevice/index.tt | 2 ++ .../root/configuration/floatingdevice/list.tt | 4 ++++ .../root/configuration/floatingdevice/view.tt | 2 +- 4 files changed, 19 insertions(+), 5 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration/FloatingDevice.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration/FloatingDevice.pm index 62a70f75a58a..7eb20202e36b 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configuration/FloatingDevice.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration/FloatingDevice.pm @@ -25,13 +25,19 @@ BEGIN { __PACKAGE__->config( action => { -#Reconfigure the object action from pfappserver::Base::Controller::Crud + # Reconfigure the object action from pfappserver::Base::Controller::Crud object => { Chained => '/', PathPart => 'configuration/floatingdevice', CaptureArgs => 1 }, - view => { Chained => 'object', PathPart => 'read', Args => 0, AdminRole => [qw(FLOATING_DEVICES_READ)] } + # Configure access rights + view => { AdminRole => 'FLOATING_DEVICES_READ' }, + list => { AdminRole => 'FLOATING_DEVICES_READ' }, + create => { AdminRole => 'FLOATING_DEVICES_CREATE' }, + clone => { AdminRole => 'FLOATING_DEVICES_CREATE' }, + update => { AdminRole => 'FLOATING_DEVICES_UPDATE' }, + remove => { AdminRole => 'FLOATING_DEVICES_DELETE' }, }, action_args => { -#Setting the global model and form for all actions - '*' => { model => "Config::FloatingDevice",form => "Config::FloatingDevice" }, + # Setting the global model and form for all actions + '*' => { model => "Config::FloatingDevice", form => "Config::FloatingDevice" }, }, ); @@ -61,6 +67,8 @@ after list => sub { =head2 after create clone +Show the 'view' template when creating or cloning a floating device. + =cut after [qw(create clone)] => sub { diff --git a/html/pfappserver/root/configuration/floatingdevice/index.tt b/html/pfappserver/root/configuration/floatingdevice/index.tt index b8ec9d1f8b0d..03498a2c12ee 100644 --- a/html/pfappserver/root/configuration/floatingdevice/index.tt +++ b/html/pfappserver/root/configuration/floatingdevice/index.tt @@ -19,6 +19,8 @@ [% INCLUDE configuration/floatingdevice/list.tt %] + [%- IF can_access("FLOATING_DEVICES_CREATE") %]
      [% l('Add floating device') %]
      + [%- END %] diff --git a/html/pfappserver/root/configuration/floatingdevice/list.tt b/html/pfappserver/root/configuration/floatingdevice/list.tt index 8b9dc8e019a9..6758f08c9744 100644 --- a/html/pfappserver/root/configuration/floatingdevice/list.tt +++ b/html/pfappserver/root/configuration/floatingdevice/list.tt @@ -16,8 +16,12 @@
      		• [% floatingdevice.pvid %] [% IF floatingdevice.trunkPort == 'yes' %][% END %] + [%- IF can_access("FLOATING_DEVICES_CREATE") %] [% l('Clone') %] + [%- END %] + [%- IF can_access("FLOATING_DEVICES_DELETE") %] [% l('Delete') %] + [%- END %]
      [% switch.type %] [% l(switch.mode) %] + [%- IF can_access("SWITCHES_CREATE") %] [% l('Clone') %] - [% IF switch.id != 'default' %][% l('Delete') %][% END %] + [%- END %] + [% IF switch.id != 'default' && can_access("SWITCHES_DELETE") %][% l('Delete') %][% END %]
      + @@ -115,10 +123,8 @@ [% FOR node IN nodes %] - + + @@ -134,15 +140,16 @@
      + [%- END %]
      - [% l('Delete') %] + [% IF can_access("USERS_DELETE") %] [% l('Delete') %][% END %] [% l('Close') %] - + [% IF can_access("USERS_UPDATE") %][% END %]
      diff --git a/html/pfappserver/root/user/violations.tt b/html/pfappserver/root/user/violations.tt index ba28ff6e96d9..9725aea22939 100644 --- a/html/pfappserver/root/user/violations.tt +++ b/html/pfappserver/root/user/violations.tt @@ -5,22 +5,23 @@ + [% FOR item IN items %] - + - + [% END %]
      [% l('Status') %] [% l('MAC') %] [% l('Computer Name') %] [% l('OS (DHCP)') %]
      - [% l(node.status) %] - [% node.mac %] - [% l(node.status) %][% node.mac %] [% node.computername %] [% node.dhcp_fingerprint %]
      [% l('Description') %] [% l('MAC') %] [% l('Start Date') %][% l('Release Date') %]
      [% item.description %] [% item.mac %] [% item.start_date %]
      		[% item.release_date %]
      [% ELSE %]
      -

      [% l('No violation') %]

      +

      [% l('No violation found') %]

      [% END %] From d994247fd0bd0b5e64f3c0c158018a651a4b12b1 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 19 Sep 2013 15:24:20 -0400 Subject: [PATCH 233/369] Improve logging of AdminRole action --- html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm b/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm index ce2bdf928290..17b1706438ee 100644 --- a/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm +++ b/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm @@ -33,9 +33,9 @@ before execute => sub { my $roles = []; $roles = [$c->user->roles] if $c->user_exists; - $c->log->info('Does ('.join(',', @$roles).') includes '.$action.'?'); - unless(admin_can($roles, $action)) { + $c->log->debug(sprintf('Access to action %s was refused to user %s with admin roles %s', + $action, $c->user->id, join(',', @$roles))); $c->response->status(HTTP_UNAUTHORIZED); $c->stash->{status_msg} = "You don't have the rights to perform this action."; $c->stash->{current_view} = 'JSON'; From d6534fb3a8fd677d9f37f31296e3c1dcdc1d9fb1 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 19 Sep 2013 15:24:48 -0400 Subject: [PATCH 234/369] Add description to page of admin roles --- html/pfappserver/root/configuration/adminroles/index.tt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/html/pfappserver/root/configuration/adminroles/index.tt b/html/pfappserver/root/configuration/adminroles/index.tt index 306e16fd676e..899452f16958 100644 --- a/html/pfappserver/root/configuration/adminroles/index.tt +++ b/html/pfappserver/root/configuration/adminroles/index.tt @@ -17,6 +17,8 @@

      [% l('Admin Roles') %]

      +

      [% l('Define roles with specific access rights to the Web administration interface.') %]

      + [% INCLUDE configuration/adminroles/list.tt %]
      From cb6ec06a6e9800363de0e53e108b153f9ebfbd49 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 19 Sep 2013 15:28:16 -0400 Subject: [PATCH 235/369] Add access rights to services --- .../lib/pfappserver/Controller/Service.pm | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Service.pm b/html/pfappserver/lib/pfappserver/Controller/Service.pm index a68d64bd4dfe..5948f631038e 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Service.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Service.pm @@ -51,7 +51,7 @@ sub service :Chained('/') :PathPart('service') :CaptureArgs(1) { =cut -sub status :Chained('service') :PathPart('') :Args(0) { +sub status :Chained('service') :PathPart('') :Args(0) :AdminRole('SERVICES') { my ($self, $c) = @_; $self->_process_model_results($c, $c->stash->{model}->status); } @@ -60,7 +60,7 @@ sub status :Chained('service') :PathPart('') :Args(0) { =cut -sub start :Chained('service') :PathPart :Args(0) { +sub start :Chained('service') :PathPart :Args(0) :AdminRole('SERVICES') { my ($self, $c) = @_; $self->_process_model_results_as_json( $c, $c->stash->{model}->service_ctl($c->stash->{service}, "start") ); } @@ -69,7 +69,7 @@ sub start :Chained('service') :PathPart :Args(0) { =cut -sub stop :Chained('service') :PathPart :Args(0) { +sub stop :Chained('service') :PathPart :Args(0) :AdminRole('SERVICES') { my ($self, $c) = @_; $self->_process_model_results_as_json( $c, $c->stash->{model}->service_ctl($c->stash->{service}, "stop") ); } @@ -78,7 +78,7 @@ sub stop :Chained('service') :PathPart :Args(0) { =cut -sub restart :Chained('service') :PathPart :Args(0) { +sub restart :Chained('service') :PathPart :Args(0) :AdminRole('SERVICES') { my ($self, $c) = @_; $self->_process_model_results_as_json( $c, $c->stash->{model}->service_ctl($c->stash->{service}, "restart") ); } @@ -87,7 +87,7 @@ sub restart :Chained('service') :PathPart :Args(0) { =cut -sub pf_start :Local :Path('pf/start') { +sub pf_start :Local :Path('pf/start') :AdminRole('SERVICES') { my ($self, $c) = @_; $self->_process_model_results_as_json( $c, $c->model('Services')->service_cmd_background(qw(pf start)) ); } @@ -96,7 +96,7 @@ sub pf_start :Local :Path('pf/start') { =cut -sub pf_stop :Local :Path('pf/stop') { +sub pf_stop :Local :Path('pf/stop') :AdminRole('SERVICES') { my ($self, $c) = @_; $self->_process_model_results_as_json( $c, $c->model('Services')->service_cmd_background(qw(pf stop)) ); } @@ -105,7 +105,7 @@ sub pf_stop :Local :Path('pf/stop') { =cut -sub pf_restart :Local :Path('pf/restart') { +sub pf_restart :Local :Path('pf/restart') :AdminRole('SERVICES') { my ($self, $c) = @_; $self->_process_model_results_as_json( $c, $c->model('Services')->service_cmd_background(qw(pf restart)) ); } @@ -114,7 +114,7 @@ sub pf_restart :Local :Path('pf/restart') { =cut -sub httpd_admin_restart :Local : Path('httpd.admin/restart') { +sub httpd_admin_restart :Local : Path('httpd.admin/restart') :AdminRole('SERVICES') { my ($self, $c) = @_; $self->_process_model_results_as_json( $c, $c->model('Services')->service_cmd_background("httpd.admin", "restart") ); } @@ -123,7 +123,7 @@ sub httpd_admin_restart :Local : Path('httpd.admin/restart') { =cut -sub httpd_admin_stop :Local : Path('httpd.admin/stop') { +sub httpd_admin_stop :Local : Path('httpd.admin/stop') :AdminRole('SERVICES') { my ($self, $c) = @_; $self->_process_model_results_as_json( $c, $c->model('Services')->service_cmd_background("httpd.admin", "stop") ); } From 2aeeb06f633bff4c82588b0e3ec4a6e52f0c5ad4 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 19 Sep 2013 16:40:46 -0400 Subject: [PATCH 236/369] Add access rights to portal profiles management --- .../pfappserver/Controller/Portal/Profile.pm | 40 ++++---- .../Controller/Portal/Profile/Default.pm | 17 +++- html/pfappserver/root/admin/configuration.tt | 10 +- html/pfappserver/root/portal/profile/files.tt | 22 +++-- html/pfappserver/root/portal/profile/index.tt | 4 +- html/pfappserver/root/portal/profile/view.tt | 94 ++++++++++--------- lib/pf/admin_roles.pm | 7 ++ 7 files changed, 116 insertions(+), 78 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Portal/Profile.pm b/html/pfappserver/lib/pfappserver/Controller/Portal/Profile.pm index 812af288887d..374b23eee005 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Portal/Profile.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Portal/Profile.pm @@ -39,11 +39,19 @@ BEGIN { with 'pfappserver::Base::Controller::Crud::Config' => {excludes => [qw(object)]}; __PACKAGE__->config( -#Reconfiguring the models and forms for actions + # Reconfigure the models and forms for actions action_args => { '*' => { model => "Config::Profile", form => 'Portal::Profile'}, 'index' => { model => "Config::Profile", form => 'Portal'}, - } + }, + action => { + # Configure access rights + view => { AdminRole => 'PORTAL_PROFILES_READ' }, + list => { AdminRole => 'PORTAL_PROFILES_READ' }, + create => { AdminRole => 'PORTAL_PROFILES_CREATE' }, + update => { AdminRole => 'PORTAL_PROFILES_UPDATE' }, + remove => { AdminRole => 'PORTAL_PROFILES_DELETE' }, + }, ); =head1 METHODS @@ -92,12 +100,12 @@ after create => sub { } }; -sub sort_profiles :Local : Args(0) { +sub sort_profiles :Local :Args(0) :AdminRole('PORTAL_PROFILES_READ') { my ($self, $c) = @_; $c->stash->{current_view} = 'JSON'; } -sub upload :Chained('object') :PathPart('upload') :Args() { +sub upload :Chained('object') :PathPart('upload') :Args() :AdminRole('PORTAL_PROFILES_UPDATE') { my ($self, $c, @pathparts) = @_; $c->stash->{current_view} = 'JSON'; $self->validatePathParts($c, @pathparts); @@ -119,7 +127,7 @@ sub validatePathParts { } } -sub edit :Chained('object') :PathPart :Args() { +sub edit :Chained('object') :PathPart :Args() :AdminRole('PORTAL_PROFILES_UPDATE') { my ($self, $c, @pathparts) = @_; my $full_file_name = catfile(@pathparts); my ($file_name,$directory) = fileparse($full_file_name); @@ -136,7 +144,7 @@ sub edit :Chained('object') :PathPart :Args() { ); } -sub edit_new :Chained('object') :PathPart :Args() { +sub edit_new :Chained('object') :PathPart :Args() :AdminRole('PORTAL_PROFILES_UPDATE') { my ($self, $c, @pathparts) = @_; $self->validatePathParts($c, @pathparts); my $full_file_name = catfile(@pathparts); @@ -164,7 +172,7 @@ HTML ); } -sub rename :Chained('object') :PathPart :Args() { +sub rename :Chained('object') :PathPart :Args() :AdminRole('PORTAL_PROFILES_UPDATE') { my ($self, $c,@pathparts) = @_; my $request = $c->request; my $to = $request->param('to'); @@ -182,7 +190,7 @@ sub rename :Chained('object') :PathPart :Args() { $c->response->location( $c->pf_hash_for($c->controller('Portal::Profile')->action_for('edit'), [$c->stash->{id}], catfile(@pathparts,$to)) ); } -sub new_file :Chained('object') :PathPart :Args() { +sub new_file :Chained('object') :PathPart :Args() :AdminRole('PORTAL_PROFILES_UPDATE') { my ($self, $c, @pathparts) = @_; my $path = catfile(@pathparts); my $request = $c->request; @@ -201,7 +209,7 @@ sub new_file :Chained('object') :PathPart :Args() { } -sub save :Chained('object') :PathPart :Args() { +sub save :Chained('object') :PathPart :Args() :AdminRole('PORTAL_PROFILES_UPDATE') { my ($self, $c, @pathparts) = @_; my $file_content = $c->req->param("file_content") || ''; my $path = $self->_makeFilePath($c, @pathparts); @@ -209,13 +217,13 @@ sub save :Chained('object') :PathPart :Args() { write_file($path, $file_content); } -sub show_preview :Chained('object') :PathPart :Args() { +sub show_preview :Chained('object') :PathPart :Args() :AdminRole('PORTAL_PROFILES_READ') { my ($self, $c, @pathparts) = @_; my $file_name = catfile(@pathparts); $c->stash(file_name => $file_name); } -sub preview :Chained('object') :PathPart :Args() { +sub preview :Chained('object') :PathPart :Args() :AdminRole('PORTAL_PROFILES_READ') { my ($self, $c, @pathparts) = @_; my $template_path = $self->_makeFilePath($c); my $new_template = $self->_makePreviewTemplate($c, @pathparts); @@ -260,14 +268,14 @@ sub _makeDefaultFilePath { return catfile($CAPTIVE_PORTAL{TEMPLATE_DIR}, @pathparts); } -sub delete_file :Chained('object') :PathPart('delete') :Args() { +sub delete_file :Chained('object') :PathPart('delete') :Args() :AdminRole('PORTAL_PROFILES_UPDATE') { my ($self, $c, @pathparts) = @_; $c->stash->{current_view} = 'JSON'; my $file_path = $self->_makeFilePath($c, @pathparts); unlink($file_path); } -sub revert_file :Chained('object') :PathPart :Args() { +sub revert_file :Chained('object') :PathPart :Args() :AdminRole('PORTAL_PROFILES_UPDATE') { my ($self, $c, @pathparts) = @_; $c->stash->{current_view} = 'JSON'; my $file_path = $self->_makeFilePath($c,@pathparts); @@ -275,7 +283,7 @@ sub revert_file :Chained('object') :PathPart :Args() { copy($default_file_path, $file_path); } -sub files :Chained('object') :PathPart :Args(0) { +sub files :Chained('object') :PathPart :Args(0) :AdminRole('PORTAL_PROFILES_READ') { my ($self, $c) = @_; $c->stash(root => $self->_getFilesInfo($c)); } @@ -307,7 +315,7 @@ sub path_exists :Private { } } -sub copy_file :Chained('object'): PathPart('copy'): Args() { +sub copy_file :Chained('object'): PathPart('copy'): Args() :AdminRole('PORTAL_PROFILES_UPDATE') { my ($self, $c, @pathparts) = @_; my $from = catfile(@pathparts); my $request = $c->request; @@ -397,7 +405,7 @@ sub _readDirRecursive { return @files; } -sub revert_all :Chained('object') :PathPart :Args(0) { +sub revert_all :Chained('object') :PathPart :Args(0) :AdminRole('PORTAL_PROFILES_UPDATE') { my ($self,$c) = @_; $c->stash->{current_view} = 'JSON'; my ($entries_copied, $dir_copied, undef) = $self->copyDefaultFiles($c); diff --git a/html/pfappserver/lib/pfappserver/Controller/Portal/Profile/Default.pm b/html/pfappserver/lib/pfappserver/Controller/Portal/Profile/Default.pm index fe7c5ca1d71c..ec36533fe192 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Portal/Profile/Default.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Portal/Profile/Default.pm @@ -32,7 +32,14 @@ __PACKAGE__->config( # Configure the model and the form for actions action_args => { '*' => { model => "Config::Profile", form => 'Portal::Profile::Default'}, - } + }, + action => { + # Configure access rights + view => { AdminRole => 'PORTAL_PROFILES_READ' }, + list => { AdminRole => 'PORTAL_PROFILES_READ' }, + create => { AdminRole => 'PORTAL_PROFILES_CREATE' }, + update => { AdminRole => 'PORTAL_PROFILES_UPDATE' }, + }, ); @@ -82,7 +89,7 @@ sub _makeFilePath { =cut -sub delete_file :Chained('object') :PathPart('delete') :Args() { +sub delete_file :Chained('object') :PathPart('delete') :Args() :AdminRole('PORTAL_PROFILES_UPDATE') { my ($self,$c,@pathparts) = @_; $c->stash->{status_msg} = "Cannot delete a file in the default profile"; $c->go('bad_request'); @@ -92,7 +99,7 @@ sub delete_file :Chained('object') :PathPart('delete') :Args() { =cut -sub revert_file :Chained('object') :PathPart :Args() { +sub revert_file :Chained('object') :PathPart :Args() :AdminRole('PORTAL_PROFILES_UPDATE') { my ($self,$c,@pathparts) = @_; $c->stash->{status_msg} = "Cannot revert a file in the default profile"; $c->go('bad_request'); @@ -102,13 +109,13 @@ sub revert_file :Chained('object') :PathPart :Args() { =cut -sub revert_all :Chained('object') :PathPart :Args(0) { +sub revert_all :Chained('object') :PathPart :Args(0) :AdminRole('PORTAL_PROFILES_UPDATE') { my ($self,$c) = @_; $c->stash->{status_msg} = "Cannot revert files in the default profile"; $c->go('bad_request'); } -=item delete_profile +=item remove =cut diff --git a/html/pfappserver/root/admin/configuration.tt b/html/pfappserver/root/admin/configuration.tt index 62a9293de971..f360546cf180 100644 --- a/html/pfappserver/root/admin/configuration.tt +++ b/html/pfappserver/root/admin/configuration.tt @@ -69,8 +69,10 @@ table.sources {
        - [%- IF can_access("CONFIGURATION_MAIN_READ") %] + [%- IF can_access("CONFIGURATION_MAIN_READ") || can_access("PORTAL_PROFILES_READ") || can_access("ADMIN_ROLES_READ") %]
      • [% l('Main') %]
        • + [%- END %] + [%- IF can_access("CONFIGURATION_MAIN_READ") %] [% pf_section_entry('general', 'General') %] [% pf_section_entry( 'network', 'Network') %] [% pf_section_entry( 'trapping', 'Trapping') %] @@ -88,8 +90,12 @@ table.sources { [% pf_section_entry( 'captive_portal', 'Captive portal') %] [% pf_section_entry( 'advanced', 'Advanced') %] [% pf_section_entry( 'provisioning', 'Provisioning') %] - [% list_entry('Portal::Profile', 'index', 'Portal Profiles') %] [% pf_section_entry( 'webservices', 'Web Services') %] + [%- END %] + [%- IF can_access("PORTAL_PROFILES_READ") %] + [% list_entry('Portal::Profile', 'index', 'Portal Profiles') %] + [%- END %] + [%- IF can_access("ADMIN_ROLES_READ") %] [% pf_section_entry('adminroles', 'Admin Access') %] [%- END %] [%- IF can_access("INTERFACES_READ") || can_access("SWITCHES_READ") || can_access("FLOATING_DEVICES_READ") %] diff --git a/html/pfappserver/root/portal/profile/files.tt b/html/pfappserver/root/portal/profile/files.tt index f25a8461841a..20f26d5921be 100644 --- a/html/pfappserver/root/portal/profile/files.tt +++ b/html/pfappserver/root/portal/profile/files.tt @@ -12,6 +12,7 @@ td a.btn { margin-left: 5px; }
      		+ [%- IF can_access("PORTAL_PROFILES_UPDATE") %] [% l('New') %] [% uploader_id = "uploader_" _ dir_id %]
      @@ -43,6 +44,7 @@ td a.btn { margin-left: 5px; } $(window).hashchange(); }); + [%- END %]
      - [% IF entry.editable %] + [%- IF entry.editable && can_access("PORTAL_PROFILES_UPDATE") %] [% name %] - [% ELSE %] + [%- ELSE %] [% name %] - [% END %] + [%- END %] [% entry.size %]
      - [% IF entry.previewable %] + [%- IF entry.previewable %] - [% ELSE %] + [%- ELSE %] - [% END %] + [%- END %] + [%- IF can_access("PORTAL_PROFILES_UPDATE") %] - [%IF entry.delete_or_revert == 'revert' %] + [%- IF entry.delete_or_revert == 'revert' %] - [% ELSE %] + [%- ELSE %] - [% END %] + [%- END %] + [%- END %]
      [% profile.field('description').value %][% l('Delete') %][% IF can_access("PORTAL_PROFILES_DELETE") %][% l('Delete') %][% END %]
      +[%- IF can_access("PORTAL_PROFILES_CREATE") %]
      [% l('Add profile') %]
      +[%- END %] diff --git a/html/pfappserver/root/portal/profile/view.tt b/html/pfappserver/root/portal/profile/view.tt index 5bab062f75e9..7a77662db4cb 100644 --- a/html/pfappserver/root/portal/profile/view.tt +++ b/html/pfappserver/root/portal/profile/view.tt @@ -1,6 +1,6 @@

      - + - -

      -
      -
        -
      • - [% l('Settings') %] -
        • +
        + -
        -
        - [% form.block('definition').render %] - [% IF form.field('filter') %] -
        - -
        - [% form.field('filter').render %] +

        +
        + +
        + + [% form.block('definition').render %] + [% IF form.field('filter') %] +
        + +
        + [% form.field('filter').render %] +
        -
        - [% END -%] -
        - -
        - [% form.field('sources').render %] -
        -

        - - [%- IF form.isa('pfappserver::Form::Portal::Profile::Default') -%] - [% l('With no source specified, all internal sources will be used.') %] - [%- ELSE -%] - [% l('With no source specified, the sources of the default profile will be used.') %] - [%- END -%]
        - [% l('Add a source.') %] -

        + [% END -%] +
        + +
        + [% form.field('sources').render %] +
        +

        + + [%- IF form.isa('pfappserver::Form::Portal::Profile::Default') -%] + [% l('With no source specified, all internal sources will be used.') %] + [%- ELSE -%] + [% l('With no source specified, the sources of the default profile will be used.') %] + [%- END -%]
        + [% l('Add a source.') %] +

        +
        -
        -
        - [% l('Save') %] - -
        - + [%- IF can_access("PORTAL_PROFILES_UPDATE") %] +
        + [% l('Save') %] + +
        + [%- END %] + +
        diff --git a/lib/pf/admin_roles.pm b/lib/pf/admin_roles.pm index 1903212d1752..a00c54d45464 100644 --- a/lib/pf/admin_roles.pm +++ b/lib/pf/admin_roles.pm @@ -35,6 +35,13 @@ our @ADMIN_ACTIONS = qw( NODES_DELETE CONFIGURATION_MAIN_READ CONFIGURATION_MAIN_UPDATE + PORTAL_PROFILES_READ + PORTAL_PROFILES_CREATE + PORTAL_PROFILES_UPDATE + PORTAL_PROFILES_DELETE + ADMIN_ROLES_READ + ADMIN_ROLES_UPDATE + ADMIN_ROLES_DELETE INTERFACES_READ INTERFACES_CREATE INTERFACES_UPDATE From 91d0ac7b5a598f36ff59dd45b0a515e09dd9afab Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 19 Sep 2013 16:52:15 -0400 Subject: [PATCH 237/369] Add access rights to admin roles management --- .../Controller/Configuration/AdminRoles.pm | 44 +++++++++++-------- .../root/configuration/adminroles/index.tt | 2 + .../root/configuration/adminroles/list.tt | 4 +- .../root/configuration/adminroles/view.tt | 2 +- 4 files changed, 31 insertions(+), 21 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm index 901eb8d1224e..c1671da9a980 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm @@ -23,29 +23,29 @@ BEGIN { with 'pfappserver::Base::Controller::Crud::Config::Clone'; } -__PACKAGE__->config - ( - action => - { - # Reconfigure the object action from pfappserver::Base::Controller::Crud - object => { Chained => '/', PathPart => 'configuration/adminroles', CaptureArgs => 1 } - }, - action_args => - { - # Setting the global model and form for all actions - '*' => { model => "Config::AdminRoles", form => "Config::AdminRoles" }, - }, +__PACKAGE__->config( + action => { + # Reconfigure the object action from pfappserver::Base::Controller::Crud + object => { Chained => '/', PathPart => 'configuration/adminroles', CaptureArgs => 1 }, + # Configure access rights + view => { AdminRole => 'ADMIN_ROLES_READ' }, + list => { AdminRole => 'ADMIN_ROLES_READ' }, + create => { AdminRole => 'ADMIN_ROLES_CREATE' }, + clone => { AdminRole => 'ADMIN_ROLES_CREATE' }, + update => { AdminRole => 'ADMIN_ROLES_UPDATE' }, + remove => { AdminRole => 'ADMIN_ROLES_DELETE' }, + }, + action_args => { + # Setting the global model and form for all actions + '*' => { model => "Config::AdminRoles", form => "Config::AdminRoles" }, + }, ); =head1 METHODS -=head2 after list +=head2 after create/clone -Check which floating device is also defined as a switch - -=cut - -=head2 after create clone +Show the 'view' template when creating or cloning an admin role. =cut @@ -56,6 +56,12 @@ after [qw(create clone)] => sub { } }; +=head2 after create/clone/update + +List admin roles after creating or updating a role. + +=cut + after [qw(create clone update)] => sub { my ($self, $c) = @_; if (is_success($c->response->status) && $c->request->method eq 'POST') { @@ -67,6 +73,8 @@ after [qw(create clone update)] => sub { =head2 after view +Set the action URL to either "create" or "update". + =cut after view => sub { diff --git a/html/pfappserver/root/configuration/adminroles/index.tt b/html/pfappserver/root/configuration/adminroles/index.tt index 899452f16958..2ae17f8e6810 100644 --- a/html/pfappserver/root/configuration/adminroles/index.tt +++ b/html/pfappserver/root/configuration/adminroles/index.tt @@ -25,6 +25,8 @@

        [% l('No role defined') %]

        + [%- IF can_access("ADMIN_ROLES_CREATE") %]
        [% l('Add admin role') %]
        + [%- END %] diff --git a/html/pfappserver/root/configuration/adminroles/list.tt b/html/pfappserver/root/configuration/adminroles/list.tt index 2b80d9e05c77..be733f7f7695 100644 --- a/html/pfappserver/root/configuration/adminroles/list.tt +++ b/html/pfappserver/root/configuration/adminroles/list.tt @@ -12,8 +12,8 @@ [% adminrole.id %] [% adminrole.description | html%] - [% l('Clone') %] - [% l('Delete') %] + [% IF can_access("ADMIN_ROLES_CREATE ") %][% l('Clone') %][% END %] + [% IF can_access("ADMIN_ROLES_DELETE") %][% l('Delete') %][% END %] [% END -%] diff --git a/html/pfappserver/root/configuration/adminroles/view.tt b/html/pfappserver/root/configuration/adminroles/view.tt index ac1d8603c007..2db54d2bc05b 100644 --- a/html/pfappserver/root/configuration/adminroles/view.tt +++ b/html/pfappserver/root/configuration/adminroles/view.tt @@ -21,7 +21,7 @@
        [% l('Close') %] - + [% IF can_access("ADMIN_ROLES_UPDATE") %][% END %]
        From 9dcafcd04f8a7197338d53cb071c89eba9fd27e3 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 19 Sep 2013 16:53:18 -0400 Subject: [PATCH 238/369] Add access rights to main configuration section --- html/pfappserver/root/configuration/section.tt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/html/pfappserver/root/configuration/section.tt b/html/pfappserver/root/configuration/section.tt index 1eebb51ff504..b3624d7ff0bc 100644 --- a/html/pfappserver/root/configuration/section.tt +++ b/html/pfappserver/root/configuration/section.tt @@ -5,8 +5,10 @@ [% form.field(field.name).render %] [% END %] + [%- IF can_access("CONFIGURATION_MAIN_UPDATE") %]
        + [%- END %] From 866d5da2c02ad18f74ef5c12876b396106d1ad33 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 19 Sep 2013 17:05:31 -0400 Subject: [PATCH 239/369] Add access rights to reports --- .../lib/pfappserver/Controller/Admin.pm | 8 ++--- .../lib/pfappserver/Controller/Graph.pm | 30 +++++++++---------- 2 files changed, 18 insertions(+), 20 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Admin.pm b/html/pfappserver/lib/pfappserver/Controller/Admin.pm index 0433c512df1e..8079234acedd 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Admin.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Admin.pm @@ -18,9 +18,7 @@ use namespace::autoclean; use Moose; use pfappserver::Form::SavedSearch; -BEGIN { - extends 'Catalyst::Controller'; -} +BEGIN { extends 'pfappserver::Base::Controller'; } =head1 METHODS @@ -148,7 +146,7 @@ sub status :Chained('object') :PathPart('status') :Args(0) { =cut -sub reports :Chained('object') :PathPart('reports') :Args(0) { +sub reports :Chained('object') :PathPart('reports') :Args(0) :AdminRole('REPORTS') { my ( $self, $c ) = @_; $c->forward('Controller::Graph', 'reports'); @@ -172,7 +170,7 @@ sub nodes :Chained('object') :PathPart('nodes') :Args(0) :AdminRole('NODES_READ' =cut -sub users :Chained('object') :PathPart('users') :Args(0) { +sub users :Chained('object') :PathPart('users') :Args(0) :AdminRole('USERS_READ') { my ( $self, $c ) = @_; my $id = $c->user->id; my ($status, $saved_searches) = $c->model("SavedSearch::User")->read_all($id); diff --git a/html/pfappserver/lib/pfappserver/Controller/Graph.pm b/html/pfappserver/lib/pfappserver/Controller/Graph.pm index b6b9d4d67b14..c2ff6412798f 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Graph.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Graph.pm @@ -18,7 +18,7 @@ use Moose; use Readonly; use namespace::autoclean; -BEGIN {extends 'Catalyst::Controller'; } +BEGIN { extends 'pfappserver::Base::Controller'; } Readonly::Scalar our $DASHBOARD => 'dashboard'; Readonly::Scalar our $REPORTS => 'reports'; @@ -283,7 +283,7 @@ sub dashboard :Local { =cut -sub reports :Local { +sub reports :Local :AdminRole('REPORTS') { my ($self, $c, $start, $end) = @_; $self->_saveRange($c, $REPORTS, $start, $end); @@ -308,7 +308,7 @@ Used in the dashboard. =cut -sub registered :Path('nodes/registered') :Args(2) { +sub registered :Path('nodes/registered') :Args(2) :AdminRole('REPORTS') { my ($self, $c, $start, $end) = @_; $self->_saveActiveGraph($c); @@ -325,7 +325,7 @@ Used in the dashboard. =cut -sub unregistered :Path('nodes/unregistered') :Args(2) { +sub unregistered :Path('nodes/unregistered') :Args(2) :AdminRole('REPORTS') { my ($self, $c, $start, $end) = @_; $self->_saveActiveGraph($c); @@ -342,7 +342,7 @@ Used in the dashboard. =cut -sub detected :Path('nodes/detected') :Args(2) { +sub detected :Path('nodes/detected') :Args(2) :AdminRole('REPORTS') { my ($self, $c, $start, $end) = @_; $self->_saveActiveGraph($c); @@ -359,7 +359,7 @@ Used in the dashboard. =cut -sub wired :Local :Args(2) { +sub wired :Local :Args(2) :AdminRole('REPORTS') { my ( $self, $c, $start, $end ) = @_; $self->_saveActiveGraph($c); @@ -376,7 +376,7 @@ Used in the dashboard. =cut -sub wireless :Local :Args(2) { +sub wireless :Local :Args(2) :AdminRole('REPORTS') { my ( $self, $c, $start, $end ) = @_; $self->_saveActiveGraph($c); @@ -394,7 +394,7 @@ Used in the dashboard. =cut -sub violations_all :Local :Args(2) { +sub violations_all :Local :Args(2) :AdminRole('REPORTS') { my ($self, $c, $start, $end) = @_; $self->_saveActiveGraph($c); @@ -411,7 +411,7 @@ Defined as a report. =cut -sub nodes :Local { +sub nodes :Local :AdminRole('REPORTS') { my ($self, $c, $start, $end) = @_; $self->_saveRange($c, $REPORTS, $start, $end); @@ -461,7 +461,7 @@ Defined as a report. =cut -sub violations :Local { +sub violations :Local :AdminRole('REPORTS') { my ($self, $c, $start, $end) = @_; $self->_saveRange($c, $REPORTS, $start, $end); @@ -478,7 +478,7 @@ Defined as a report. =cut -sub os :Local { +sub os :Local :AdminRole('REPORTS') { my ($self, $c, $start, $end) = @_; $self->_saveRange($c, $REPORTS, $start, $end); @@ -500,7 +500,7 @@ Defined as a report. =cut -sub connectiontype :Local { +sub connectiontype :Local :AdminRole('REPORTS') { my ($self, $c, $start, $end) = @_; $self->_saveRange($c, $REPORTS, $start, $end); @@ -521,7 +521,7 @@ Defined as a report. =cut -sub ssid :Local { +sub ssid :Local :AdminRole('REPORTS') { my ($self, $c, $start, $end) = @_; $self->_saveRange($c, $REPORTS, $start, $end); @@ -542,7 +542,7 @@ Defined as a report. =cut -sub nodebandwidth :Local { +sub nodebandwidth :Local :AdminRole('REPORTS') { my ($self, $c, $option, $start, $end) = @_; $option = 'accttotal' unless ($option && $option =~ m/^(accttotal|acctinput|acctoutput)$/); @@ -567,7 +567,7 @@ Defined as a report. =cut -sub osclassbandwidth :Local { +sub osclassbandwidth :Local :AdminRole('REPORTS') { my ( $self, $c, $start, $end ) = @_; my $option = 'accttotal'; # we only sypport this field, see pf::pfcmd::report From 05cedfb15b92a796175241cf11b65c9f0b706baa Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 20 Sep 2013 06:43:36 -0400 Subject: [PATCH 240/369] Add access rights to violations management --- .../lib/pfappserver/Controller/Violation.pm | 10 +++++++++- html/pfappserver/root/violation/list.tt | 6 ++++++ html/pfappserver/root/violation/view.tt | 2 +- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Violation.pm b/html/pfappserver/lib/pfappserver/Controller/Violation.pm index c53ae30b7243..fef841f81047 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Violation.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Violation.pm @@ -30,7 +30,15 @@ BEGIN { __PACKAGE__->config( action => { - object => { Chained => '/', PathPart => 'violation', CaptureArgs => 1 } + # Reconfigure the object action from pfappserver::Base::Controller::Crud + object => { Chained => '/', PathPart => 'violation', CaptureArgs => 1 }, + # Configure access rights + view => { AdminRole => 'VIOLATIONS_READ' }, + list => { AdminRole => 'VIOLATIONS_READ' }, + create => { AdminRole => 'VIOLATIONS_CREATE' }, + clone => { AdminRole => 'VIOLATIONS_CREATE' }, + update => { AdminRole => 'VIOLATIONS_UPDATE' }, + remove => { AdminRole => 'VIOLATIONS_DELETE' }, }, ); diff --git a/html/pfappserver/root/violation/list.tt b/html/pfappserver/root/violation/list.tt index 4d36f1e31433..f2d59f3f4f70 100644 --- a/html/pfappserver/root/violation/list.tt +++ b/html/pfappserver/root/violation/list.tt @@ -37,8 +37,12 @@ [%- END %] [% violation.vlan %] + [%- IF can_access("VIOLATIONS_CREATE") %] [% l('Clone') %] + [%- END %] + [%- IF can_access("VIOLATIONS_DELETE") %] [% l('Delete') %] + [%- END %] [% IF profiles.size > 1 %]
        [% END %] [% l('Preview') %] @@ -60,6 +64,8 @@

        [% l('No violation defined') %]

        + [%- IF can_access("VIOLATIONS_CREATE") %]
        [% l('Add violation') %]
        + [%- END %] diff --git a/html/pfappserver/root/violation/view.tt b/html/pfappserver/root/violation/view.tt index b97dbca902e9..ea5ea61756f6 100644 --- a/html/pfappserver/root/violation/view.tt +++ b/html/pfappserver/root/violation/view.tt @@ -66,7 +66,7 @@
        [% l('Close') %] - + [% IF can_access("VIOLATIONS_UPDATE") %][% END %]
        From 390d23be22e25c273d2581b33457d0e81315b975 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 20 Sep 2013 09:03:25 -0400 Subject: [PATCH 241/369] Add access rights to users roles management --- html/pfappserver/lib/pfappserver/Controller/Roles.pm | 12 ++++++------ html/pfappserver/root/roles/index.tt | 8 +++++++- html/pfappserver/root/roles/read.tt | 2 +- lib/pf/admin_roles.pm | 6 ++++++ 4 files changed, 20 insertions(+), 8 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Roles.pm b/html/pfappserver/lib/pfappserver/Controller/Roles.pm index 7771463519a0..6f71aab4af03 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Roles.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Roles.pm @@ -28,7 +28,7 @@ BEGIN { extends 'pfappserver::Base::Controller'; } =cut -sub index :Path :Args(0) { +sub index :Path :Args(0) :AdminRole('USERS_ROLES_READ') { my ($self, $c) = @_; my ($status, $result) = $c->model('Roles')->list(); @@ -44,7 +44,7 @@ sub index :Path :Args(0) { =cut -sub create :Local { +sub create :Local :AdminRole('USERS_ROLES_CREATE') { my ($self, $c) = @_; my ($status, $result, $form); @@ -98,7 +98,7 @@ sub object :Chained('/') :PathPart('roles') :CaptureArgs(1) { =cut -sub read :Chained('object') :PathPart('read') :Args(0) { +sub read :Chained('object') :PathPart('read') :Args(0) :AdminRole('USERS_ROLES_READ') { my ($self, $c) = @_; my ($status, $result, $form); @@ -119,7 +119,7 @@ sub read :Chained('object') :PathPart('read') :Args(0) { =cut -sub update :Chained('object') :PathPart('update') :Args(0) { +sub update :Chained('object') :PathPart('update') :Args(0) :AdminRole('USERS_ROLES_UPDATE') { my ($self, $c) = @_; my ($status, $result, $form); @@ -154,7 +154,7 @@ sub update :Chained('object') :PathPart('update') :Args(0) { =cut -sub delete :Chained('object') :PathPart('delete') :Args(0) { +sub delete :Chained('object') :PathPart('delete') :Args(0) :AdminRole('USERS_ROLES_DELETE') { my ($self, $c) = @_; my ($status, $result) = $c->model('Roles')->delete($c->stash->{role}); @@ -168,7 +168,7 @@ sub delete :Chained('object') :PathPart('delete') :Args(0) { =head1 COPYRIGHT -Copyright (C) 2012 Inverse inc. +Copyright (C) 2012-2013 Inverse inc. =head1 LICENSE diff --git a/html/pfappserver/root/roles/index.tt b/html/pfappserver/root/roles/index.tt index 511ce397a233..d9a388d2e42f 100644 --- a/html/pfappserver/root/roles/index.tt +++ b/html/pfappserver/root/roles/index.tt @@ -40,7 +40,11 @@ [% role.name %] [% role.notes %] [% role.max_nodes_per_pid %] - [% l('Delete') %] + + [%- IF can_access("USERS_ROLES_DELETE") %] + [% l('Delete') %] + [%- END %] + [% END -%] @@ -51,6 +55,8 @@

        [% l('No role defined') %]

        + [%- IF can_access("USERS_ROLES_CREATE") %]
        [% l('Add role') %]
        + [%- END %] diff --git a/html/pfappserver/root/roles/read.tt b/html/pfappserver/root/roles/read.tt index f177ad593a37..d6d2ee8a5575 100644 --- a/html/pfappserver/root/roles/read.tt +++ b/html/pfappserver/root/roles/read.tt @@ -17,7 +17,7 @@
        [% l('Close') %] - + [% IF can_access("USERS_ROLES_UPDATE") %][% END %]
        diff --git a/lib/pf/admin_roles.pm b/lib/pf/admin_roles.pm index a00c54d45464..2493a07b566d 100644 --- a/lib/pf/admin_roles.pm +++ b/lib/pf/admin_roles.pm @@ -55,7 +55,13 @@ our @ADMIN_ACTIONS = qw( FLOATING_DEVICES_UPDATE FLOATING_DEVICES_DELETE USERS_ROLES_READ + USERS_ROLES_CREATE + USERS_ROLES_UPDATE + USERS_ROLES_DELETE USERS_SOURCES_READ + USERS_SOURCES_CREATE + USERS_SOURCES_UPDATE + USERS_SOURCES_DELETE VIOLATIONS_READ VIOLATIONS_CREATE VIOLATIONS_UPDATE From 8ba398b14b38ce2e59d314e7adb7e2a6c4e12aa5 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 20 Sep 2013 09:09:15 -0400 Subject: [PATCH 242/369] Add access rights to users sources management --- .../lib/pfappserver/Controller/Authentication.pm | 4 ++-- .../Controller/Authentication/Source.pm | 14 +++++++------- .../pfappserver/root/authentication/source/read.tt | 2 ++ .../root/authentication/source/rule_read.tt | 2 +- .../root/authentication/source/rules_read.tt | 2 ++ .../root/configuration/authentication.tt | 10 ++++++++-- 6 files changed, 22 insertions(+), 12 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Authentication.pm b/html/pfappserver/lib/pfappserver/Controller/Authentication.pm index 70480629088d..3fe11b64645a 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Authentication.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Authentication.pm @@ -34,7 +34,7 @@ Show list of authentication sources. Allow user to order the list. =cut -sub index :Path :Args(0) { +sub index :Path :Args(0) :AdminRole('USERS_SOURCES_READ') { my ($self, $c) = @_; my ($sources); @@ -64,7 +64,7 @@ Update the authentication sources order. =cut -sub update :Path('update') :Args(0) { +sub update :Path('update') :Args(0) :AdminRole('USERS_SOURCES_UPDATE') { my ($self, $c) = @_; my ($form, $status, $message); diff --git a/html/pfappserver/lib/pfappserver/Controller/Authentication/Source.pm b/html/pfappserver/lib/pfappserver/Controller/Authentication/Source.pm index 79023e5534c6..915fa8cdb2d1 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Authentication/Source.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Authentication/Source.pm @@ -44,7 +44,7 @@ Create a rule of the specified type =cut -sub create :Local :Args(1) { +sub create :Local :Args(1) :AdminRole('USERS_SOURCES_CREATE') { my ($self, $c, $type) = @_; $c->stash->{action_uri} = $c->req->uri; @@ -96,7 +96,7 @@ sub object :Chained('/') :PathPart('authentication') :CaptureArgs(1) { =cut -sub read :Chained('object') :PathPart('read') :Args(0) { +sub read :Chained('object') :PathPart('read') :Args(0) :AdminRole('USERS_SOURCES_READ') { my ($self, $c) = @_; my ($form_type, $form); @@ -133,7 +133,7 @@ sub read :Chained('object') :PathPart('read') :Args(0) { =cut -sub update :Chained('object') :PathPart('update') :Args(0) { +sub update :Chained('object') :PathPart('update') :Args(0) :AdminRole('USERS_SOURCES_UPDATE') { my ($self, $c) = @_; my ($form_type, $form, $status, $message); @@ -178,7 +178,7 @@ sub update :Chained('object') :PathPart('update') :Args(0) { =cut -sub delete :Chained('object') :PathPart('delete') :Args(0) { +sub delete :Chained('object') :PathPart('delete') :Args(0) :AdminRole('USERS_SOURCES_DELETE') { my ($self, $c) = @_; my ($status, $message) = $c->model('Authentication::Source')->delete($c->stash->{source}); @@ -246,7 +246,7 @@ sub rule_create :Chained('object') :PathPart('rule/create') :Args(0) { =cut -sub rules_read :Chained('object') :PathPart('rules/read') :Args(0) { +sub rules_read :Chained('object') :PathPart('rules/read') :Args(0) :AdminRole('USERS_SOURCES_READ') { my ($self, $c) = @_; $c->stash->{template} = 'authentication/source/rules_read.tt'; @@ -283,7 +283,7 @@ sub rule_object :Chained('object') :PathPart('rule') :CaptureArgs(1) { =cut -sub rule_read :Chained('rule_object') :PathPart('read') :Args(0) { +sub rule_read :Chained('rule_object') :PathPart('read') :Args(0) :AdminRole('USERS_SOURCES_READ') { my ($self, $c) = @_; my ($form); @@ -314,7 +314,7 @@ sub rule_read :Chained('rule_object') :PathPart('read') :Args(0) { =cut -sub rule_update :Chained('rule_object') :PathPart('update') :Args(0) { +sub rule_update :Chained('rule_object') :PathPart('update') :Args(0) :AdminRole('USERS_SOURCES_UPDATE') { my ($self, $c) = @_; my ($form, $status, $message); diff --git a/html/pfappserver/root/authentication/source/read.tt b/html/pfappserver/root/authentication/source/read.tt index de5e557465b0..402a383e3930 100644 --- a/html/pfappserver/root/authentication/source/read.tt +++ b/html/pfappserver/root/authentication/source/read.tt @@ -23,8 +23,10 @@ [% INCLUDE "authentication/source/type/${source.type}.tt" %] [% IF source.id %][% INCLUDE "authentication/source/rules_read.tt" %][% END -%] + [%- IF can_access("USERS_SOURCES_UPDATE") %]
        [% IF source.id %][% END %]
        + [%- END %] diff --git a/html/pfappserver/root/authentication/source/rule_read.tt b/html/pfappserver/root/authentication/source/rule_read.tt index 50c3d675bd6e..0cbc5a1707f4 100644 --- a/html/pfappserver/root/authentication/source/rule_read.tt +++ b/html/pfappserver/root/authentication/source/rule_read.tt @@ -79,6 +79,6 @@
        [% l('Close') %] - + [% IF can_access("USERS_SOURCES_UPDATE") %][% END %]
        diff --git a/html/pfappserver/root/authentication/source/rules_read.tt b/html/pfappserver/root/authentication/source/rules_read.tt index c796caaab450..83a849c15fbd 100644 --- a/html/pfappserver/root/authentication/source/rules_read.tt +++ b/html/pfappserver/root/authentication/source/rules_read.tt @@ -29,6 +29,8 @@

        [% l('No rule defined') %]

        + [%- IF can_access("USERS_SOURCES_UPDATE") %]
        [% l('Add rule') %]
        + [%- END %]
      diff --git a/html/pfappserver/root/configuration/authentication.tt b/html/pfappserver/root/configuration/authentication.tt index f9619fa7ae3e..ee9119995dd8 100644 --- a/html/pfappserver/root/configuration/authentication.tt +++ b/html/pfappserver/root/configuration/authentication.tt @@ -48,7 +48,7 @@ [% source.field('id').render_element %][% IF is_sql %][% source.field('id').value %][% ELSE %][% source.field('id').value %][% END %] [% source.field('description').value %] [% l(source.field('type').value) %] - [% UNLESS is_sql %][% l('Delete') %][% END %] + [% IF NOT is_sql AND can_access("USERS_SOURCES_DELETE") %][% l('Delete') %][% END %] [% END -%] [% END -%] @@ -76,7 +76,11 @@ [% source.field('id').render_element %][% source.field('id').value %] [% source.field('description').value %] [% l(source.field('type').value) %] - [% l('Delete') %] + + [%- IF can_access("USERS_SOURCES_DELETE") %] + [% l('Delete') %] + [%- END %] + [% END -%] [% END -%] @@ -115,6 +119,7 @@

      [% l('No source defined') %]

      +[%- IF can_access("USERS_SOURCES_CREATE") %]
      [% l('Add source') %] @@ -146,3 +151,4 @@
    +[%- END %] From 4947a262da25b30854f5d33e604a1d92c15952b6 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 20 Sep 2013 09:43:54 -0400 Subject: [PATCH 243/369] Add access rights to SoH filters management --- html/pfappserver/lib/pfappserver/Controller/SoH.pm | 10 +++++----- html/pfappserver/root/soh/index.tt | 8 +++++++- html/pfappserver/root/soh/read.tt | 2 +- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/SoH.pm b/html/pfappserver/lib/pfappserver/Controller/SoH.pm index d652b0b2e533..fa10c5b35949 100644 --- a/html/pfappserver/lib/pfappserver/Controller/SoH.pm +++ b/html/pfappserver/lib/pfappserver/Controller/SoH.pm @@ -28,7 +28,7 @@ BEGIN { extends 'pfappserver::Base::Controller'; } =cut -sub index :Path :Args(0) { +sub index :Path :Args(0) :AdminRole('SOH_READ') { my ($self, $c) = @_; my ($status, $result) = $c->model('SoH')->filters(); @@ -44,7 +44,7 @@ sub index :Path :Args(0) { =cut -sub create :Local { +sub create :Local :AdminRole('SOH_CREATE') { my ($self, $c) = @_; my ($status, $result, $form); @@ -113,7 +113,7 @@ sub object :Chained('/') :PathPart('soh') :CaptureArgs(1) { =cut -sub read :Chained('object') :PathPart('read') :Args(0) { +sub read :Chained('object') :PathPart('read') :Args(0) :AdminRole('SOH_READ') { my ($self, $c) = @_; my ($status, $result, $form); @@ -146,7 +146,7 @@ sub read :Chained('object') :PathPart('read') :Args(0) { =cut -sub update :Chained('object') :PathPart('update') :Args(0) { +sub update :Chained('object') :PathPart('update') :Args(0) :AdminRole('SOH_UPDATE') { my ($self, $c) = @_; my ($status, $result, $form); @@ -181,7 +181,7 @@ sub update :Chained('object') :PathPart('update') :Args(0) { =cut -sub delete :Chained('object') :PathPart('delete') :Args(0) { +sub delete :Chained('object') :PathPart('delete') :Args(0) :AdminRole('SOH_DELETE') { my ($self, $c) = @_; my $configViolationsModel = $c->model('Config::Violations'); diff --git a/html/pfappserver/root/soh/index.tt b/html/pfappserver/root/soh/index.tt index bc607b24e049..e1289edbea48 100644 --- a/html/pfappserver/root/soh/index.tt +++ b/html/pfappserver/root/soh/index.tt @@ -38,7 +38,11 @@ [% filter.filter_id %] [% filter.name %] [% l(filter.action) %] - [% l('Delete') %] + + [%- IF can_access("SOH_DELETE") %] + [% l('Delete') %] + [%- END %] + [% END -%] @@ -49,6 +53,8 @@

    [% l('No filter defined') %]

    + [%- IF can_access("SOH_CREATE") %]
    [% l('Add filter') %]
    + [%- END %] diff --git a/html/pfappserver/root/soh/read.tt b/html/pfappserver/root/soh/read.tt index ddb390e60c17..d1842cabd699 100644 --- a/html/pfappserver/root/soh/read.tt +++ b/html/pfappserver/root/soh/read.tt @@ -50,7 +50,7 @@
    [% l('Close') %] - + [% IF can_access("SOH_UPDATE") %][% END %]
    From 2033aa97658cf41f4a1825b66c616777fb4122d7 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 20 Sep 2013 09:54:10 -0400 Subject: [PATCH 244/369] Add access rights to fingerprints management --- .../pfappserver/Controller/Configuration/Fingerprints.pm | 8 ++++---- .../root/configuration/fingerprints/simple_search.tt | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm index 73d861874bb5..c5d627ca153f 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm @@ -43,14 +43,14 @@ sub index :Path :Args(0) { =cut -sub simple_search :Local :Args() : SimpleSearch('OS') { } +sub simple_search :Local :Args() :SimpleSearch('OS') :AdminRole('FINGERPRINTS_READ') { } =head2 update =cut -sub update :Local :Args(0) { +sub update :Local :Args(0) :AdminRole('FINGERPRINTS_UPDATE') { my ( $self, $c ) = @_; $c->stash->{current_view} = 'JSON'; my ( $status, $version_msg, $total ) = update_dhcp_fingerprints_conf(); @@ -65,7 +65,7 @@ sub update :Local :Args(0) { =cut -sub upload :Local :Args(0) { +sub upload :Local :Args(0) :AdminRole('FINGERPRINTS_READ') { my ( $self, $c ) = @_; $c->stash->{current_view} = 'JSON'; @@ -113,7 +113,7 @@ sub upload :Local :Args(0) { =head1 COPYRIGHT -Copyright (C) 2012 Inverse inc. +Copyright (C) 2012-2013 Inverse inc. =head1 LICENSE diff --git a/html/pfappserver/root/configuration/fingerprints/simple_search.tt b/html/pfappserver/root/configuration/fingerprints/simple_search.tt index 3d2759ff08b9..ab49165baa8b 100644 --- a/html/pfappserver/root/configuration/fingerprints/simple_search.tt +++ b/html/pfappserver/root/configuration/fingerprints/simple_search.tt @@ -1,7 +1,7 @@

    [% l('Fingerprints') %]

    [% l('Share Unknown Fingerprints') %] - | [% l('Update Fingerprints') %] +[% IF can_access("FINGERPRINTS_UPDATE") %] | [% l('Update Fingerprints') %][% END %]
    [%- INCLUDE 'configuration/listing.inc' titles = { From dd664b90e1fde04e4828d83c4c7c72ff18b6587a Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 20 Sep 2013 09:54:51 -0400 Subject: [PATCH 245/369] Add access rights to useragents management --- .../lib/pfappserver/Controller/Configuration/UserAgents.pm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration/UserAgents.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration/UserAgents.pm index add4b6e6f70c..d2df1daacbd7 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configuration/UserAgents.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration/UserAgents.pm @@ -33,13 +33,13 @@ sub index :Path { =cut -sub simple_search :Local :Args() : SimpleSearch('UserAgent') {} +sub simple_search :Local :Args() :SimpleSearch('UserAgent') :AdminRole('USERAGENTS_READ') {} =head2 upload =cut -sub upload :Local :Args(0) { +sub upload :Local :Args(0) :AdminRole('USERAGENTS_READ') { my ( $self, $c ) = @_; $c->stash->{current_view} = 'JSON'; @@ -97,7 +97,7 @@ sub upload :Local :Args(0) { =head1 COPYRIGHT -Copyright (C) 2012 Inverse inc. +Copyright (C) 2012-2013 Inverse inc. =head1 LICENSE From 6c83152fbc7872b7267a9fb0437bec34635f63bd Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 20 Sep 2013 09:55:34 -0400 Subject: [PATCH 246/369] Add access rights to MAC addresses management --- .../lib/pfappserver/Controller/Configuration/MacAddress.pm | 4 ++-- .../root/configuration/macaddress/simple_search.tt | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration/MacAddress.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration/MacAddress.pm index 7db876f206f0..850418521106 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configuration/MacAddress.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration/MacAddress.pm @@ -34,13 +34,13 @@ sub index :Path { =cut -sub simple_search :Local :Args(): SimpleSearch('MacAddress') { } +sub simple_search :Local :Args() :SimpleSearch('MacAddress') :AdminRole('MAC_READ') { } =head2 update =cut -sub update : Local : Args(0) { +sub update :Local :Args(0) :AdminRole('MAC_UPDATE') { my ( $self, $c ) = @_; $c->stash->{current_view} = 'JSON'; my ($status, $status_msg) = download_oui(); diff --git a/html/pfappserver/root/configuration/macaddress/simple_search.tt b/html/pfappserver/root/configuration/macaddress/simple_search.tt index 06c4369cd472..63911234ab98 100644 --- a/html/pfappserver/root/configuration/macaddress/simple_search.tt +++ b/html/pfappserver/root/configuration/macaddress/simple_search.tt @@ -1,7 +1,9 @@

    [% l('MAC Addresses') %]

    + [%- IF can_access("MAC_UPDATE") %]
    [% l('Update OUI Prefixes') %]
    + [%- END %] [%- INCLUDE 'configuration/listing.inc' titles = { oui =>{ title => 'OUI' }, vendor_info => { title => 'Vendor' }, From 7c91ce42c7b4675c8102e2e48dd54468e30db6c3 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 20 Sep 2013 12:44:24 -0400 Subject: [PATCH 247/369] Group admin roles actions in pulldown menus --- .../lib/pfappserver/Form/Config/AdminRoles.pm | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm b/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm index 1142c2c84289..18b22c400f55 100644 --- a/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm +++ b/html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm @@ -43,11 +43,26 @@ has_field 'actions.contains' => options_method => \&options_actions, widget_wrapper => 'DynamicTableRow', ); -sub build_do_form_wrapper{ 0 } +sub build_do_form_wrapper{ 0 } sub options_actions { - return map { {label => $_, value => $_} } @ADMIN_ACTIONS; + my $self = shift; + + my %groups; + my @options; + + map { + m/^(.+?)(_(READ|CREATE|UPDATE|DELETE))?$/; + $groups{$1} = [] unless $groups{$1}; + push(@{$groups{$1}}, { value => $_, label => $self->_localize($_) }) + } @ADMIN_ACTIONS; + + @options = map { + { group => $self->_localize($_), options => $groups{$_} } + } sort keys %groups; + + return \@options; }; =head1 COPYRIGHT From b1d75e6162129a52e77218f564445244a3f0fc77 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 20 Sep 2013 12:46:08 -0400 Subject: [PATCH 248/369] Sort actions when viewing an admin role --- .../Controller/Configuration/AdminRoles.pm | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm b/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm index c1671da9a980..72acc4f733cd 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm @@ -89,6 +89,24 @@ after view => sub { } }; +=head2 after _setup_object + +Sort the actions of the admin role. + +This subroutine is defined in pfappserver::Base::Controller::Crud. + +=cut + +after _setup_object => sub { + my ($self, $c) = @_; + + # Sort actions + if (is_success($c->response->status)) { + my @actions = sort @{$c->stash->{'item'}->{'actions'}}; + $c->stash->{'item'}->{'actions'} = \@actions; + } +}; + =head2 index Usage: /configuration/adminroles/ From a00fefb5f70fa5681ca24f00fb25ce634d4d1b5b Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 20 Sep 2013 14:19:17 -0400 Subject: [PATCH 249/369] Localization --- html/pfappserver/lib/pfappserver/I18N/en.po | 338 +++++++++++++++++++- 1 file changed, 334 insertions(+), 4 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/I18N/en.po b/html/pfappserver/lib/pfappserver/I18N/en.po index 45ca351f995a..58b11d759a76 100644 --- a/html/pfappserver/lib/pfappserver/I18N/en.po +++ b/html/pfappserver/lib/pfappserver/I18N/en.po @@ -48,6 +48,26 @@ msgstr "" msgid "A manual start from the command line will be required. Are you sure you want to continue?" msgstr "" +# pf::admin_roles (Groups) +msgid "ADMIN_ROLES" +msgstr "Admin Roles" + +# pf::admin_roles (Actions) +msgid "ADMIN_ROLES_CREATE" +msgstr "Admin Roles - Create" + +# pf::admin_roles (Actions) +msgid "ADMIN_ROLES_DELETE" +msgstr "Admin Roles - Delete" + +# pf::admin_roles (Actions) +msgid "ADMIN_ROLES_READ" +msgstr "Admin Roles - Read" + +# pf::admin_roles (Actions) +msgid "ADMIN_ROLES_UPDATE" +msgstr "Admin Roles - Update" + # html/pfappserver/lib/pfappserver/Form/Authentication/Source/Github.pm # html/pfappserver/lib/pfappserver/Form/Authentication/Source/Google.pm msgid "API Authorize Path" @@ -110,8 +130,11 @@ msgid "" "specified." msgstr "" +# html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm # html/pfappserver/lib/pfappserver/Form/Violation.pm # html/pfappserver/root/user/create.tt +# html/pfappserver/root/configuration/adminroles/view.tt +# html/pfappserver/root/configuration/users.tt # html/pfappserver/root/user/view.tt # html/pfappserver/root/violation/list.tt msgid "Actions" @@ -139,6 +162,10 @@ msgstr "" msgid "Add a source." msgstr "" +# html/pfappserver/root/configuration/adminroles/index.tt +msgid "Add admin role" +msgstr "" + # html/pfappserver/root/soh/index.tt msgid "Add filter" msgstr "" @@ -208,6 +235,14 @@ msgstr "" msgid "Admin Login" msgstr "" +# html/pfappserver/root/configuration/adminroles/view.tt +msgid "Admin Role" +msgstr "" + +# html/pfappserver/root/configuration/adminroles/index.tt +msgid "Admin Roles" +msgstr "" + # html/pfappserver/root/admin/nodes.tt # html/pfappserver/root/admin/users.tt msgid "Advanced" @@ -346,10 +381,23 @@ msgid "CLI" msgstr "" # html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm +# pf::admin_roles (Groups) +msgid "CONFIGURATION_MAIN" +msgstr "Main Configuration" + +# pf::admin_roles (Actions) +msgid "CONFIGURATION_MAIN_READ" +msgstr "Main Configuration - Read" + +# pf::admin_roles (Actions) +msgid "CONFIGURATION_MAIN_UPDATE" +msgstr "Main Configuration - Update" + # html/pfappserver/lib/pfappserver/Form/User/Create/Import.pm msgid "CSV File" msgstr "" +# html/pfappserver/root/configuration/adminroles/index.tt # html/pfappserver/root/configuration/authentication.tt # html/pfappserver/root/configuration/floatingdevice/index.tt # html/pfappserver/root/configuration/switch/index.tt @@ -386,6 +434,7 @@ msgstr "" msgid "Clear Violation" msgstr "" +# html/pfappserver/root/configuration/adminroles/list.tt # html/pfappserver/root/configuration/floatingdevice/list.tt # html/pfappserver/root/configuration/switch/list.tt # html/pfappserver/root/violation/list.tt @@ -396,6 +445,7 @@ msgstr "" # html/pfappserver/root/admin/users.tt # html/pfappserver/root/authentication/source/rule_read.tt # html/pfappserver/root/config/networks/view.tt +# html/pfappserver/root/configuration/adminroles/view.tt # html/pfappserver/root/configuration/floatingdevice/view.tt # html/pfappserver/root/configuration/switch/view.tt # html/pfappserver/root/interface/view.tt @@ -646,6 +696,10 @@ msgstr "" msgid "Default pid value to assign to imported nodes." msgstr "" +# html/pfappserver/root/configuration/adminroles/index.tt +msgid "Define roles with specific access rights to the Web administration interface." +msgstr "" + # html/pfappserver/root/configuration/authentication.tt msgid "Define the authentication sources to let users access the captive portal or the admin Web interface." msgstr "" @@ -670,6 +724,8 @@ msgid "" msgstr "" # html/pfappserver/root/config/networks/view.tt +# html/pfappserver/root/configuration/adminroles/index.tt +# html/pfappserver/root/configuration/adminroles/list.tt # html/pfappserver/root/configuration/authentication.tt # html/pfappserver/root/configuration/floatingdevice/index.tt # html/pfappserver/root/configuration/floatingdevice/list.tt @@ -686,6 +742,10 @@ msgstr "" msgid "Delete" msgstr "" +# html/pfappserver/root/configuration/adminroles/index.tt +msgid "Delete Admin Role" +msgstr "" + # html/pfappserver/root/portal/profile/files.tt msgid "Delete File" msgstr "" @@ -754,6 +814,7 @@ msgstr "" # html/pfappserver/lib/pfappserver/Form/Role.pm # html/pfappserver/lib/pfappserver/Form/Violation.pm # html/pfappserver/root/authentication/source/rules_read.tt +# html/pfappserver/root/configuration/adminroles/list.tt # html/pfappserver/root/configuration/authentication.tt # html/pfappserver/root/configuration/switch/list.tt # html/pfappserver/root/node/violations.tt @@ -927,6 +988,38 @@ msgstr "" msgid "External Sources" msgstr "" +# pf::admin_roles (Groups) +msgid "FINGERPRINTS" +msgstr "Fingerprints" + +# pf::admin_roles (Actions) +msgid "FINGERPRINTS_READ" +msgstr "Fingerprints - Read" + +# pf::admin_roles (Actions) +msgid "FINGERPRINTS_UPDATE" +msgstr "Fingerprints - Update" + +# pf::admin_roles (Groups) +msgid "FLOATING_DEVICES" +msgstr "Floating Devices" + +# pf::admin_roles (Actions) +msgid "FLOATING_DEVICES_CREATE" +msgstr "Floating Devices - Create" + +# pf::admin_roles (Actions) +msgid "FLOATING_DEVICES_DELETE" +msgstr "Floating Devices - Delete" + +# pf::admin_roles (Actions) +msgid "FLOATING_DEVICES_READ" +msgstr "Floating Devices - Read" + +# pf::admin_roles (Actions) +msgid "FLOATING_DEVICES_UPDATE" +msgstr "Floating Devices - Update" + # conf/documentation.conf (guests_self_registration.mandatory_fields) msgid "" "Fields required to be filled in the self-registration form. Valid values are:" @@ -1043,6 +1136,26 @@ msgstr "" msgid "ID of the scanning configuration on the OpenVAS server" msgstr "" +# pf::admin_roles (Groups) +msgid "INTERFACES" +msgstr "Interfaces" + +# pf::admin_roles (Actions) +msgid "INTERFACES_CREATE" +msgstr "Interfaces - Create" + +# pf::admin_roles (Actions) +msgid "INTERFACES_DELETE" +msgstr "Interfaces - Delete" + +# pf::admin_roles (Actions) +msgid "INTERFACES_READ" +msgstr "Interfaces - Read" + +# pf::admin_roles (Actions) +msgid "INTERFACES_UPDATE" +msgstr "Interfaces - Update" + # html/pfappserver/root/node/view.tt msgid "IP" msgstr "" @@ -1302,6 +1415,7 @@ msgstr "" # html/pfappserver/root/configuration/floatingdevice/list.tt # html/pfappserver/root/user/view.tt # html/pfappserver/root/user/violations.tt +# pf::admin_roles (Groups) msgid "MAC" msgstr "" @@ -1322,6 +1436,14 @@ msgstr "" msgid "MAC address" msgstr "" +# pf::admin_roles (Actions) +msgid "MAC_READ" +msgstr "MAC Addresses - Read" + +# pf::admin_roles (Actions) +msgid "MAC_UPDATE" +msgstr "MAC Addresses - Update" + # html/pfappserver/root/admin/configuration.tt msgid "Main" msgstr "" @@ -1362,6 +1484,26 @@ msgstr "" msgid "Multiple" msgstr "" +# pf::admin_roles (Groups) +msgid "NODES" +msgstr "Nodes" + +# pf::admin_roles (Actions) +msgid "NODES_CREATE" +msgstr "Nodes - Create" + +# pf::admin_roles (Actions) +msgid "NODES_DELETE" +msgstr "Nodes - Delete" + +# pf::admin_roles (Actions) +msgid "NODES_READ" +msgstr "Nodes - Read" + +# pf::admin_roles (Actions) +msgid "NODES_UPDATE" +msgstr "Nodes - Update" + # html/pfappserver/lib/pfappserver/Form/Authentication/Rule.pm # html/pfappserver/lib/pfappserver/Form/Authentication/Source.pm # html/pfappserver/lib/pfappserver/Form/Node.pm @@ -1425,6 +1567,10 @@ msgstr "" msgid "New" msgstr "" +# html/pfappserver/root/configuration/adminroles/view.tt +msgid "New Admin Role" +msgstr "" + # html/pfappserver/root/portal/profile/files.tt msgid "New File" msgstr "" @@ -1494,6 +1640,7 @@ msgstr "" msgid "No node found" msgstr "" +# html/pfappserver/root/configuration/adminroles/index.tt # html/pfappserver/root/roles/index.tt msgid "No role defined" msgstr "" @@ -1515,15 +1662,12 @@ msgstr "" msgid "No useragent found" msgstr "" -# html/pfappserver/root/user/violations.tt -msgid "No violation" -msgstr "" - # html/pfappserver/root/violation/list.tt msgid "No violation defined" msgstr "" # html/pfappserver/root/node/violations.tt +# html/pfappserver/root/user/violations.tt msgid "No violation found" msgstr "" @@ -1592,6 +1736,26 @@ msgstr "" msgid "Owner" msgstr "" +# pf::admin_roles (Groups) +msgid "PORTAL_PROFILES" +msgstr "Portal Profiles" + +# pf::admin_roles (Actions) +msgid "PORTAL_PROFILES_CREATE" +msgstr "Portal Profiles - Create" + +# pf::admin_roles (Actions) +msgid "PORTAL_PROFILES_DELETE" +msgstr "Portal Profiles - Delete" + +# pf::admin_roles (Actions) +msgid "PORTAL_PROFILES_READ" +msgstr "Portal Profiles - Read" + +# pf::admin_roles (Actions) +msgid "PORTAL_PROFILES_UPDATE" +msgstr "Portal Profiles - Update" + # html/pfappserver/lib/pfappserver/Form/Authentication/Source/LDAP.pm # html/pfappserver/lib/pfappserver/Form/Config/Switch.pm # html/pfappserver/lib/pfappserver/Form/User/Create/Import.pm @@ -1683,6 +1847,10 @@ msgstr "" msgid "Please specify the default DHCP lease time." msgstr "" +# html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm +msgid "Please specify the description of the admin role." +msgstr "" + # html/pfappserver/lib/pfappserver/Form/User.pm msgid "Please specify the end date of the registration window." msgstr "" @@ -1699,6 +1867,10 @@ msgstr "" msgid "Please specify the maximum DHCP lease time." msgstr "" +# html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm +msgid "Please specify the name of the admin role." +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Config/Network/Routed.pm msgid "Please specify the netmask." msgstr "" @@ -1831,6 +2003,15 @@ msgstr "" msgid "RADIUS" msgstr "" +# pf::admin_roles (Actions) +# pf::admin_roles (Groups) +msgid "REPORTS" +msgstr "Reports" + +# html/pfappserver/root/configuration/adminroles/index.tt +msgid "Really delete this admin role?" +msgstr "" + # html/pfappserver/root/portal/profile/files.tt msgid "Really delete this file?" msgstr "" @@ -1911,6 +2092,7 @@ msgid "Release" msgstr "" # html/pfappserver/root/node/violations.tt +# html/pfappserver/root/user/violations.tt msgid "Release Date" msgstr "" @@ -1999,6 +2181,11 @@ msgstr "" msgid "Role" msgstr "" +# html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm +# html/pfappserver/root/configuration/adminroles/list.tt +msgid "Role Name" +msgstr "" + # html/pfappserver/root/configuration/switch/view.tt msgid "Role mapping by VLAN" msgstr "" @@ -2031,6 +2218,11 @@ msgstr "" msgid "Rules" msgstr "" +# pf::admin_roles (Actions) +# pf::admin_roles (Groups) +msgid "SERVICES" +msgstr "Services" + # html/pfappserver/lib/pfappserver/Form/Authentication/Source/SMS.pm msgid "SMS Carriers" msgstr "" @@ -2039,6 +2231,26 @@ msgstr "" msgid "SNMP" msgstr "" +# pf::admin_roles (Groups) +msgid "SOH" +msgstr "SoH Filters" + +# pf::admin_roles (Actions) +msgid "SOH_CREATE" +msgstr "SoH Filters - Create" + +# pf::admin_roles (Actions) +msgid "SOH_DELETE" +msgstr "SoH Filters - Delete" + +# pf::admin_roles (Actions) +msgid "SOH_READ" +msgstr "SoH Filters - Read" + +# pf::admin_roles (Actions) +msgid "SOH_UPDATE" +msgstr "SoH Filters - Update" + # html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm # pf::Authentication::Source (common_attributes) msgid "SSID" @@ -2052,11 +2264,32 @@ msgstr "" msgid "SWITCH" msgstr "" +# pf::admin_roles (Groups) +msgid "SWITCHES" +msgstr "Switches" + +# pf::admin_roles (Actions) +msgid "SWITCHES_CREATE" +msgstr "Switches - Create" + +# pf::admin_roles (Actions) +msgid "SWITCHES_DELETE" +msgstr "Switches - Delete" + +# pf::admin_roles (Actions) +msgid "SWITCHES_READ" +msgstr "Switches - Read" + +# pf::admin_roles (Actions) +msgid "SWITCHES_UPDATE" +msgstr "Switches - Update" + # html/pfappserver/root/admin/nodes.tt # html/pfappserver/root/admin/users.tt # html/pfappserver/root/authentication/source/read.tt # html/pfappserver/root/authentication/source/rule_read.tt # html/pfappserver/root/config/networks/view.tt +# html/pfappserver/root/configuration/adminroles/view.tt # html/pfappserver/root/configuration/floatingdevice/view.tt # html/pfappserver/root/configuration/section.tt # html/pfappserver/root/configuration/switch/view.tt @@ -2100,6 +2333,7 @@ msgstr "" # html/pfappserver/root/authentication/source/read.tt # html/pfappserver/root/authentication/source/rule_read.tt # html/pfappserver/root/config/networks/view.tt +# html/pfappserver/root/configuration/adminroles/view.tt # html/pfappserver/root/configuration/floatingdevice/view.tt # html/pfappserver/root/configuration/switch/view.tt # html/pfappserver/root/interface/view.tt @@ -2312,6 +2546,7 @@ msgstr "" # html/pfappserver/root/admin/wrapper.tt # html/pfappserver/root/configurator/services.tt # html/pfappserver/root/service/status.tt +# html/pfappserver/root/user/view.tt msgid "Status" msgstr "" @@ -2569,6 +2804,81 @@ msgstr "" msgid "Type" msgstr "" +# pf::admin_roles (Groups) +msgid "USERAGENTS" +msgstr "Useragents" + +# pf::admin_roles (Actions) +msgid "USERAGENTS_READ" +msgstr "Useragents - Read" + +# pf::admin_roles (Groups) +msgid "USERS" +msgstr "Users" + +# pf::admin_roles (Actions) +msgid "USERS_CREATE" +msgstr "Users - Create" + +# pf::admin_roles (Actions) +msgid "USERS_DELETE" +msgstr "Users - Delete" + +# pf::admin_roles (Actions) +msgid "USERS_READ" +msgstr "Users - Read" + +# pf::admin_roles (Groups) +msgid "USERS_ROLES" +msgstr "Users Roles" + +# pf::admin_roles (Actions) +msgid "USERS_ROLES_CREATE" +msgstr "Users Roles - Create" + +# pf::admin_roles (Actions) +msgid "USERS_ROLES_DELETE" +msgstr "Users Roles - Delete" + +# pf::admin_roles (Actions) +msgid "USERS_ROLES_READ" +msgstr "Users Roles - Read" + +# pf::admin_roles (Actions) +msgid "USERS_ROLES_UPDATE" +msgstr "Users Roles - Update" + +# pf::admin_roles (Groups) +msgid "USERS_SOURCES" +msgstr "Users Sources" + +# pf::admin_roles (Actions) +msgid "USERS_SOURCES_CREATE" +msgstr "Users Sources - Create" + +# pf::admin_roles (Actions) +msgid "USERS_SOURCES_DELETE" +msgstr "Users Sources - Delete" + +# pf::admin_roles (Actions) +msgid "USERS_SOURCES_READ" +msgstr "Users Sources - Read" + +# pf::admin_roles (Actions) +msgid "USERS_SOURCES_UPDATE" +msgstr "Users Sources - Update" + +# pf::admin_roles (Actions) +msgid "USERS_UPDATE" +msgstr "Users - Update" + +# conf/documentation.conf (trapping.always_use_redirecturl) +msgid "" + "Under most circumstances we can redirect the user to the URL he originally " + "intended to visit. When enabled, always_use_redirecturl forces the captive " + "portal to redirect the user to the URL defined in trapping.redirecturl instead." +msgstr "" + # html/pfappserver/lib/pfappserver/Form/Node.pm msgid "Unregistration" msgstr "" @@ -2673,6 +2983,26 @@ msgstr "" msgid "Users" msgstr "" +# pf::admin_roles (Groups) +msgid "VIOLATIONS" +msgstr "Violations" + +# pf::admin_roles (Actions) +msgid "VIOLATIONS_CREATE" +msgstr "Violations - Create" + +# pf::admin_roles (Actions) +msgid "VIOLATIONS_DELETE" +msgstr "Violations - Delete" + +# pf::admin_roles (Actions) +msgid "VIOLATIONS_READ" +msgstr "Violations - Read" + +# pf::admin_roles (Actions) +msgid "VIOLATIONS_UPDATE" +msgstr "Violations - Update" + # html/pfappserver/lib/pfappserver/Form/Field/ProfileFilter.pm # html/pfappserver/lib/pfappserver/Form/Violation.pm msgid "VLAN" From fe3a73ffe476697a189ef90120004a05f9539b58 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 23 Sep 2013 00:43:35 -0400 Subject: [PATCH 250/369] Remove the delete link from the single action of a role --- html/pfappserver/root/static/admin/configuration/adminroles.js | 1 + 1 file changed, 1 insertion(+) diff --git a/html/pfappserver/root/static/admin/configuration/adminroles.js b/html/pfappserver/root/static/admin/configuration/adminroles.js index 5a8224930b96..4b786b529bf0 100644 --- a/html/pfappserver/root/static/admin/configuration/adminroles.js +++ b/html/pfappserver/root/static/admin/configuration/adminroles.js @@ -78,6 +78,7 @@ AdminRolesView.prototype.readAdminRoles = function(e) { modal.append(data); modal.one('shown', function() { modal.find(':input:visible').first().focus(); + updateDynamicRowsAfterRemove(modal.find('#actions')); }); modal.modal({ shown: true }); }, From 6bc7077a6bfadfeec1661361ddf4d253daba026c Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 23 Sep 2013 11:13:14 -0400 Subject: [PATCH 251/369] Redo the onfilereload when there is no extra data in the cache --- lib/pf/admin_roles.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/admin_roles.pm b/lib/pf/admin_roles.pm index 2493a07b566d..6af3a7150d5f 100644 --- a/lib/pf/admin_roles.pm +++ b/lib/pf/admin_roles.pm @@ -117,7 +117,7 @@ our $cached_adminroles_config = pf::config::cached->new( if ($data) { %ADMIN_ROLES = %$data; } else { - reloadConfig($config,$name); + $config->doCallbacks(1,0); } } ], From e21d726982ed7bc9236d160cdf73528d7ce62706 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 23 Sep 2013 11:30:55 -0400 Subject: [PATCH 252/369] Add missing ADMIN_ROLES_CREATE admin role action --- lib/pf/admin_roles.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/pf/admin_roles.pm b/lib/pf/admin_roles.pm index 6af3a7150d5f..7f2e42a677df 100644 --- a/lib/pf/admin_roles.pm +++ b/lib/pf/admin_roles.pm @@ -40,6 +40,7 @@ our @ADMIN_ACTIONS = qw( PORTAL_PROFILES_UPDATE PORTAL_PROFILES_DELETE ADMIN_ROLES_READ + ADMIN_ROLES_CREATE ADMIN_ROLES_UPDATE ADMIN_ROLES_DELETE INTERFACES_READ From e4e7284062a39f72bc9fbce3bbcbdad7fb965820 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 23 Sep 2013 14:03:37 -0400 Subject: [PATCH 253/369] Fix typo --- html/pfappserver/root/configuration/adminroles/list.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/pfappserver/root/configuration/adminroles/list.tt b/html/pfappserver/root/configuration/adminroles/list.tt index be733f7f7695..4f3793d16ec4 100644 --- a/html/pfappserver/root/configuration/adminroles/list.tt +++ b/html/pfappserver/root/configuration/adminroles/list.tt @@ -12,7 +12,7 @@ [% adminrole.id %] [% adminrole.description | html%] - [% IF can_access("ADMIN_ROLES_CREATE ") %][% l('Clone') %][% END %] + [% IF can_access("ADMIN_ROLES_CREATE") %][% l('Clone') %][% END %] [% IF can_access("ADMIN_ROLES_DELETE") %][% l('Delete') %][% END %] From b67c42bfe33ef0b62440dfca084098db00388f97 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 2 Oct 2013 10:40:13 -0400 Subject: [PATCH 254/369] Adding a new realm for the configurator --- html/pfappserver/lib/pfappserver.pm | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/html/pfappserver/lib/pfappserver.pm b/html/pfappserver/lib/pfappserver.pm index 3ae7c58720b4..a67f4569f728 100644 --- a/html/pfappserver/lib/pfappserver.pm +++ b/html/pfappserver/lib/pfappserver.pm @@ -100,6 +100,20 @@ __PACKAGE__->config( store => { class => '+pfappserver::Authentication::Store::PacketFence', } + }, + configurator => { + credential => { + class => 'Password', + password_type => 'none' + }, + store => { + class => 'Minimal', + users => { + _PF_CONFIGURATOR => { + roles => [qw/ALL/], + } + } + } } } }, From c8ea16564139c884480b2ca263c014d588aacd39 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 2 Oct 2013 11:00:13 -0400 Subject: [PATCH 255/369] Check if user is in admin realm instead just existence --- .../lib/pfappserver/Base/Controller.pm | 2 +- .../lib/pfappserver/Controller/Admin.pm | 4 ++-- .../lib/pfappserver/Controller/Graph.pm | 20 ------------------- html/pfappserver/root/admin/wrapper.tt | 2 +- 4 files changed, 4 insertions(+), 24 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Base/Controller.pm b/html/pfappserver/lib/pfappserver/Base/Controller.pm index d24e06effde4..fdd5eca645af 100644 --- a/html/pfappserver/lib/pfappserver/Base/Controller.pm +++ b/html/pfappserver/lib/pfappserver/Base/Controller.pm @@ -66,7 +66,7 @@ sub auto :Private { # This fixes a problem when "en" is not in the browsers languages. $c->languages( ['en'] ); - unless ($c->user_exists()) { + unless ($c->user_in_realm('admin')) { $c->response->status(HTTP_UNAUTHORIZED); $c->response->location($c->req->referer); $c->stash->{template} = 'admin/unauthorized.tt'; diff --git a/html/pfappserver/lib/pfappserver/Controller/Admin.pm b/html/pfappserver/lib/pfappserver/Controller/Admin.pm index 8079234acedd..357c9aa1c1a0 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Admin.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Admin.pm @@ -34,7 +34,7 @@ sub auto :Private { # Make sure the 'enforcements' session variable doesn't exist as it affects the Interface controller delete $c->session->{'enforcements'}; - unless ($c->action->name eq 'login' || $c->action->name eq 'logout' || $c->user_exists()) { + unless ($c->action->name eq 'login' || $c->action->name eq 'logout' || $c->user_in_realm('admin')) { $c->stash->{'template'} = 'admin/login.tt'; unless ($c->action->name eq 'index') { $c->stash->{status_msg} = 'Your session has expired.'; @@ -88,7 +88,7 @@ sub login :Local :Args(0) { } $c->stash->{current_view} = 'JSON'; } - elsif ($c->user_exists()) { + elsif ($c->user_in_realm( 'admin' )) { $c->response->redirect($c->uri_for($c->controller('Admin')->action_for('status'))); $c->detach(); } diff --git a/html/pfappserver/lib/pfappserver/Controller/Graph.pm b/html/pfappserver/lib/pfappserver/Controller/Graph.pm index c2ff6412798f..c3c187ab9d60 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Graph.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Graph.pm @@ -25,26 +25,6 @@ Readonly::Scalar our $REPORTS => 'reports'; =head1 METHODS -=head2 auto - -Allow only authenticated users - -=cut - -sub auto :Private { - my ($self, $c) = @_; - - unless ($c->user_exists()) { - $c->response->status(HTTP_UNAUTHORIZED); - $c->response->location($c->req->referer); - $c->stash->{template} = 'admin/unauthorized.tt'; - $c->detach(); - return 0; - } - - return 1; -} - =head2 begin Set the default view to pfappserver::View::JSON. diff --git a/html/pfappserver/root/admin/wrapper.tt b/html/pfappserver/root/admin/wrapper.tt index 058eb4cd09dd..8f992d9b0ca4 100644 --- a/html/pfappserver/root/admin/wrapper.tt +++ b/html/pfappserver/root/admin/wrapper.tt @@ -51,7 +51,7 @@ - [%- IF c.user_exists %] + [%- IF c.user_in_realm( 'admin' ) %]
      From e5ab2f6e8612f7411001036e71710aab72588a0a Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 2 Oct 2013 11:10:49 -0400 Subject: [PATCH 256/369] Configurator automatically login the _PF_CONFIGURATOR user --- html/pfappserver/lib/pfappserver/Controller/Configurator.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Configurator.pm b/html/pfappserver/lib/pfappserver/Controller/Configurator.pm index 0253958dde24..afa517be0fe6 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Configurator.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Configurator.pm @@ -53,6 +53,9 @@ Set the default view to pfappserver::View::Configurator. sub begin :Private { my ( $self, $c ) = @_; $c->stash->{current_view} = 'Configurator'; + unless($c->user_in_realm('configurator')) { + $c->authenticate( {username => '_PF_CONFIGURATOR' } , 'configurator' ); + } } =head2 index @@ -119,7 +122,6 @@ Enforcement mechanisms (step 1) sub enforcement :Chained('object') :PathPart('enforcement') :Args(0) { my ( $self, $c ) = @_; - if ($c->request->method eq 'POST') { # Save parameters in user session my $enforcements = $c->request->params->{enforcement}; From 5241e12041286e73d17be0ef466c044b7eb42c94 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 2 Oct 2013 11:12:38 -0400 Subject: [PATCH 257/369] Added new function pf::admin_roles::admin_can_do_any that would match if any action matches --- lib/pf/admin_roles.pm | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/pf/admin_roles.pm b/lib/pf/admin_roles.pm index 7f2e42a677df..64424ac222c4 100644 --- a/lib/pf/admin_roles.pm +++ b/lib/pf/admin_roles.pm @@ -20,7 +20,7 @@ use pf::file_paths; use List::MoreUtils qw(any all); use pf::config::cached; -our @EXPORT = qw(admin_can @ADMIN_ACTIONS %ADMIN_ROLES $cached_adminroles_config); +our @EXPORT = qw(admin_can admin_can_do_any @ADMIN_ACTIONS %ADMIN_ROLES $cached_adminroles_config); our %ADMIN_ROLES; our @ADMIN_ACTIONS = qw( SERVICES @@ -88,6 +88,16 @@ sub admin_can { } @$roles; } +sub admin_can_do_any { + my ($roles, @actions) = @_; + + return 0 if any {$_ eq 'NONE'} @$roles; + return any { + my $role = $_; + exists $ADMIN_ROLES{$role} && any { exists $ADMIN_ROLES{$role}{$_} } @actions + } @$roles; +} + sub reloadConfig { my ($config,$name) = @_; From e2307abdbc3079f20cea2c744caf2f76e5b8c80d Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 2 Oct 2013 11:13:36 -0400 Subject: [PATCH 258/369] Added new function can_access_any to be exposed to template --- html/pfappserver/lib/pfappserver/View/HTML.pm | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/html/pfappserver/lib/pfappserver/View/HTML.pm b/html/pfappserver/lib/pfappserver/View/HTML.pm index 71054e4c1926..d7201488f5f5 100644 --- a/html/pfappserver/lib/pfappserver/View/HTML.pm +++ b/html/pfappserver/lib/pfappserver/View/HTML.pm @@ -15,7 +15,7 @@ __PACKAGE__->config( js => \&js_filter, }, render_die => 1, - expose_methods => [qw(can_access)], + expose_methods => [qw(can_access can_access_any)], COMPILE_DIR => $tt_compile_cache_dir ); @@ -66,6 +66,17 @@ sub can_access { return admin_can($roles,$action); } +=head2 can_access_any + +=cut + +sub can_access_any { + my ($self, $c, $action) = @_; + my $roles = []; + $roles = $c->user->roles if $c->user_exists; + return admin_can_do_any($roles,$action); +} + =head1 COPYRIGHT Copyright (C) 2012-2013 Inverse inc. From f89bc251cbc91cdee78ce3e23289b17589922aa9 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 2 Oct 2013 11:14:22 -0400 Subject: [PATCH 259/369] refactor to use can_access_any --- html/pfappserver/root/admin/wrapper.tt | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/html/pfappserver/root/admin/wrapper.tt b/html/pfappserver/root/admin/wrapper.tt index 8f992d9b0ca4..df4b779fd454 100644 --- a/html/pfappserver/root/admin/wrapper.tt +++ b/html/pfappserver/root/admin/wrapper.tt @@ -72,19 +72,10 @@ [% l('Users') %] [%- END %] - [%- IF can_access("CONFIGURATION_MAIN_READ") || - can_access("CONFIGURATION_NETWORK_READ") || - can_access("USERS_ROLES_READ") || - can_access("USERS_SOURCES_READ") || - can_access("VIOLATIONS_READ") || - can_access("VIOLATIONS_CREATE") || - can_access("VIOLATIONS_UPDATE") || - can_access("VIOLATIONS_DELETE") || - can_access("VIOLATIONS_READ") || - can_access("SOH_READ") || - can_access("FINGERPRINTS_READ") || - can_access("USERAGENTS_READ") || - can_access("MAC_READ") %] + [%- IF can_access_any("CONFIGURATION_MAIN_READ" ,"CONFIGURATION_NETWORK_READ", + "USERS_ROLES_READ", "USERS_SOURCES_READ", "VIOLATIONS_READ", "VIOLATIONS_CREATE", + "VIOLATIONS_UPDATE", "VIOLATIONS_DELETE", "VIOLATIONS_READ", "SOH_READ", + "FINGERPRINTS_READ", "USERAGENTS_READ", "MAC_READ") %] [% l('Configuration') %] From b96244cb526fc72d0d4042f401488ece8f2dfe57 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 2 Oct 2013 11:16:19 -0400 Subject: [PATCH 260/369] Added AdminRoles attribute to Controller --- .../lib/pfappserver/Controller/Interface.pm | 41 ++++++++++++++++++- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Interface.pm b/html/pfappserver/lib/pfappserver/Controller/Interface.pm index eb99798cf64e..18104031d351 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Interface.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Interface.pm @@ -23,6 +23,7 @@ use warnings; use HTTP::Status qw(:constants is_error is_success); use Moose; +use Moose::Util qw(apply_all_roles); use namespace::autoclean; use pfappserver::Form::Interface; @@ -235,7 +236,7 @@ Usage: /interface//update// =cut -sub update :Chained('object') :PathPart('update') :Args(0) { +sub update :Chained('object') :PathPart('update') :Args(0) : AdminRole(INTERFACES_UPDATE) { my ( $self, $c ) = @_; my ($status, $result, $form); @@ -279,7 +280,7 @@ Usage: /interface//up =cut -sub up :Chained('object') :PathPart('up') :Args(0) { +sub up :Chained('object') :PathPart('up') :Args(0) : AdminRole(INTERFACES_UPDATE) { my ( $self, $c ) = @_; my $interface = $c->stash->{interface}; @@ -299,6 +300,42 @@ sub up :Chained('object') :PathPart('up') :Args(0) { $c->stash->{current_view} = 'JSON'; } +=item _parse_AdminRole_attr + +Customize the parsing of the 'AdminRole' subroutine attribute. Returns a hash with the attribute value. + +See https://metacpan.org/module/Catalyst::Controller#parse_-name-_attr + +=cut + +sub _parse_AdminRole_attr { + my ($self, $c, $name, $value) = @_; + return AdminRole => $value; +} + +=item around create_action + +Construction of a new Catalyst::Action. + +See https://metacpan.org/module/Catalyst::Controller#self-create_action-args + +=cut + +around create_action => sub { + my ($orig, $self, %args) = @_; + + my $model; + my $action = $self->$orig(%args); + unless ($args{name} =~ /^_(DISPATCH|BEGIN|AUTO|ACTION|END)$/) { + my @roles; + if(@{ $args{attributes}->{AdminRole} || [] }) { + push @roles,'pfappserver::Base::Action::AdminRole'; + } + apply_all_roles($action,@roles) if @roles; + } + return $action; +}; + =back =head1 COPYRIGHT From 5ed86e9fb55fde9fc182c1fd43d1a6ab0d694108 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 10 Oct 2013 16:02:53 -0400 Subject: [PATCH 261/369] Fixed can_access_any function to expect roles to return an array --- html/pfappserver/lib/pfappserver/View/HTML.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/pfappserver/lib/pfappserver/View/HTML.pm b/html/pfappserver/lib/pfappserver/View/HTML.pm index d7201488f5f5..df2949f86cd7 100644 --- a/html/pfappserver/lib/pfappserver/View/HTML.pm +++ b/html/pfappserver/lib/pfappserver/View/HTML.pm @@ -73,7 +73,7 @@ sub can_access { sub can_access_any { my ($self, $c, $action) = @_; my $roles = []; - $roles = $c->user->roles if $c->user_exists; + $roles = [$c->user->roles] if $c->user_exists; return admin_can_do_any($roles,$action); } From ab27b4c3d04742931483fd843419b6a0adf9fa53 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 10 Oct 2013 16:06:35 -0400 Subject: [PATCH 262/369] Fix debug statement --- html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm b/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm index 17b1706438ee..2f9cb503a6c3 100644 --- a/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm +++ b/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm @@ -34,8 +34,10 @@ before execute => sub { $roles = [$c->user->roles] if $c->user_exists; unless(admin_can($roles, $action)) { - $c->log->debug(sprintf('Access to action %s was refused to user %s with admin roles %s', - $action, $c->user->id, join(',', @$roles))); + if($c->user_exists) { + $c->log->debug(sprintf('Access to action %s was refused to user %s with admin roles %s', + $action, $c->user->id, join(',', @$roles))); + } $c->response->status(HTTP_UNAUTHORIZED); $c->stash->{status_msg} = "You don't have the rights to perform this action."; $c->stash->{current_view} = 'JSON'; From 3e772bd10922dda2a495a195e700286b496111e9 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 10 Oct 2013 16:09:59 -0400 Subject: [PATCH 263/369] Add access rights to interfaces management --- .../lib/pfappserver/Controller/Interface.pm | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Interface.pm b/html/pfappserver/lib/pfappserver/Controller/Interface.pm index 18104031d351..9a130df1ddc6 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Interface.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Interface.pm @@ -70,7 +70,7 @@ sub index :Local :Args(0) { =cut -sub list :Local :Args(0) { +sub list :Local :Args(0) :AdminRole('INTERFACES_READ') { my ( $self, $c ) = @_; $c->stash->{interfaces} = $c->model('Interface')->get('all'); @@ -110,7 +110,7 @@ Usage: /interface//create =cut -sub create :Chained('object') :PathPart('create') :Args(0) { +sub create :Chained('object') :PathPart('create') :Args(0) :AdminRole('INTERFACES_CREATE') { my ( $self, $c ) = @_; my $mechanism = 'all'; @@ -160,7 +160,7 @@ Usage: /interface//delete =cut -sub delete :Chained('object') :PathPart('delete') :Args(0) { +sub delete :Chained('object') :PathPart('delete') :Args(0) :AdminRole('INTERFACES_DELETE') { my ( $self, $c ) = @_; my $interface = $c->stash->{interface}; @@ -184,7 +184,7 @@ Usage: /interface//down =cut -sub down :Chained('object') :PathPart('down') :Args(0) { +sub down :Chained('object') :PathPart('down') :Args(0) :AdminRole('INTERFACES_UPDATE') { my ( $self, $c ) = @_; my $interface = $c->stash->{interface}; @@ -204,7 +204,7 @@ sub down :Chained('object') :PathPart('down') :Args(0) { $c->stash->{current_view} = 'JSON'; } -sub view :Chained('object') :ParthPart('read') :Args(0) { +sub view :Chained('object') :PathPart('read') :Args(0) :AdminRole('INTERFACES_READ') { my ( $self, $c ) = @_; # Retrieve interface definition @@ -236,7 +236,7 @@ Usage: /interface//update// =cut -sub update :Chained('object') :PathPart('update') :Args(0) : AdminRole(INTERFACES_UPDATE) { +sub update :Chained('object') :PathPart('update') :Args(0) :AdminRole('INTERFACES_UPDATE') { my ( $self, $c ) = @_; my ($status, $result, $form); @@ -280,7 +280,7 @@ Usage: /interface//up =cut -sub up :Chained('object') :PathPart('up') :Args(0) : AdminRole(INTERFACES_UPDATE) { +sub up :Chained('object') :PathPart('up') :Args(0) :AdminRole('INTERFACES_UPDATE') { my ( $self, $c ) = @_; my $interface = $c->stash->{interface}; From bab9d0f7c899f8b483374e1f591b10f83a102538 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 10 Oct 2013 16:23:16 -0400 Subject: [PATCH 264/369] Imported module pfappserver::Base::Action::AdminRole Cleanup unused variable --- html/pfappserver/lib/pfappserver/Controller/Interface.pm | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Interface.pm b/html/pfappserver/lib/pfappserver/Controller/Interface.pm index 9a130df1ddc6..f40df9f7dcb4 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Interface.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Interface.pm @@ -28,6 +28,7 @@ use namespace::autoclean; use pfappserver::Form::Interface; use pfappserver::Form::Interface::Create; +use pfappserver::Base::Action::AdminRole; BEGIN { extends 'Catalyst::Controller'; } @@ -323,8 +324,6 @@ See https://metacpan.org/module/Catalyst::Controller#self-create_action-args around create_action => sub { my ($orig, $self, %args) = @_; - - my $model; my $action = $self->$orig(%args); unless ($args{name} =~ /^_(DISPATCH|BEGIN|AUTO|ACTION|END)$/) { my @roles; From 6f8ebd8f2699dd0bc377071fe40ba7df98f79e9b Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 2 Oct 2013 11:05:11 -0400 Subject: [PATCH 265/369] pfappserver::Authentication::Store::PacketFence::User->roles returns an array ref instead of an array --- .../lib/pfappserver/Authentication/Store/PacketFence/User.pm | 5 +---- html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm | 2 +- html/pfappserver/lib/pfappserver/Controller/Admin.pm | 4 ++-- html/pfappserver/lib/pfappserver/View/HTML.pm | 2 +- 4 files changed, 5 insertions(+), 8 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm b/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm index c94752a7564e..4664ee9f27e1 100644 --- a/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm +++ b/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm @@ -53,10 +53,7 @@ sub check_password { return $FALSE; } -sub roles { - my $self = shift; - return (@{$self->_roles}); -} +*roles = *_roles; *for_session = \&id; diff --git a/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm b/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm index 2f9cb503a6c3..a40bff1d1285 100644 --- a/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm +++ b/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm @@ -31,7 +31,7 @@ before execute => sub { my $action = $self->attributes->{AdminRole}[0]; my $roles = []; - $roles = [$c->user->roles] if $c->user_exists; + $roles = $c->user->roles if $c->user_exists; unless(admin_can($roles, $action)) { if($c->user_exists) { diff --git a/html/pfappserver/lib/pfappserver/Controller/Admin.pm b/html/pfappserver/lib/pfappserver/Controller/Admin.pm index 357c9aa1c1a0..ed462f16f1d3 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Admin.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Admin.pm @@ -73,8 +73,8 @@ sub login :Local :Args(0) { eval { if ($c->authenticate( {username => $c->req->params->{'username'}, password => $c->req->params->{'password'}} )) { - $c->session->{user_roles} = [$c->user->roles]; #saving the roles to the session - $c->persist_user();#To save the updated _roles data + $c->session->{user_roles} = $c->user->roles; # Save the roles to the session + $c->persist_user(); # Save the updated roles data $c->response->redirect($c->uri_for($c->controller('Admin')->action_for('status'))); } else { diff --git a/html/pfappserver/lib/pfappserver/View/HTML.pm b/html/pfappserver/lib/pfappserver/View/HTML.pm index df2949f86cd7..3b5253617aa1 100644 --- a/html/pfappserver/lib/pfappserver/View/HTML.pm +++ b/html/pfappserver/lib/pfappserver/View/HTML.pm @@ -62,7 +62,7 @@ sub js_filter { sub can_access { my ($self, $c, $action) = @_; my $roles = []; - $roles = [$c->user->roles] if $c->user_exists; + $roles = $c->user->roles if $c->user_exists; return admin_can($roles,$action); } From a781bd20645153f6a3dc53bf1e475bd5e09eae6f Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 1 Nov 2013 16:31:44 -0400 Subject: [PATCH 266/369] Fix access authorization of actions --- html/pfappserver/lib/pfappserver/View/HTML.pm | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/View/HTML.pm b/html/pfappserver/lib/pfappserver/View/HTML.pm index 3b5253617aa1..818bfbf8fbc7 100644 --- a/html/pfappserver/lib/pfappserver/View/HTML.pm +++ b/html/pfappserver/lib/pfappserver/View/HTML.pm @@ -60,10 +60,10 @@ sub js_filter { =cut sub can_access { - my ($self, $c, $action) = @_; + my ($self, $c, @actions) = @_; my $roles = []; $roles = $c->user->roles if $c->user_exists; - return admin_can($roles,$action); + return admin_can($roles,@actions); } =head2 can_access_any @@ -71,10 +71,10 @@ sub can_access { =cut sub can_access_any { - my ($self, $c, $action) = @_; + my ($self, $c, @actions) = @_; my $roles = []; - $roles = [$c->user->roles] if $c->user_exists; - return admin_can_do_any($roles,$action); + $roles = $c->user->roles if $c->user_exists; + return admin_can_do_any($roles,@actions); } =head1 COPYRIGHT From 11a9f73fc704dec5127476a92bab8ac8e50e476a Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 4 Nov 2013 08:14:46 -0500 Subject: [PATCH 267/369] Pass roles as an array ref --- .../lib/pfappserver/Authentication/Store/PacketFence/User.pm | 5 ++++- html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm | 2 +- html/pfappserver/lib/pfappserver/Controller/Admin.pm | 2 +- html/pfappserver/lib/pfappserver/View/HTML.pm | 4 ++-- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm b/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm index 4664ee9f27e1..d1e03fad9578 100644 --- a/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm +++ b/html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm @@ -53,7 +53,10 @@ sub check_password { return $FALSE; } -*roles = *_roles; +sub roles { + my ($self) = @_; + return @{$self->_roles}; +} *for_session = \&id; diff --git a/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm b/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm index a40bff1d1285..2f9cb503a6c3 100644 --- a/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm +++ b/html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm @@ -31,7 +31,7 @@ before execute => sub { my $action = $self->attributes->{AdminRole}[0]; my $roles = []; - $roles = $c->user->roles if $c->user_exists; + $roles = [$c->user->roles] if $c->user_exists; unless(admin_can($roles, $action)) { if($c->user_exists) { diff --git a/html/pfappserver/lib/pfappserver/Controller/Admin.pm b/html/pfappserver/lib/pfappserver/Controller/Admin.pm index ed462f16f1d3..7fe2ae8140cc 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Admin.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Admin.pm @@ -73,7 +73,7 @@ sub login :Local :Args(0) { eval { if ($c->authenticate( {username => $c->req->params->{'username'}, password => $c->req->params->{'password'}} )) { - $c->session->{user_roles} = $c->user->roles; # Save the roles to the session + $c->session->{user_roles} = [$c->user->roles]; # Save the roles to the session $c->persist_user(); # Save the updated roles data $c->response->redirect($c->uri_for($c->controller('Admin')->action_for('status'))); } diff --git a/html/pfappserver/lib/pfappserver/View/HTML.pm b/html/pfappserver/lib/pfappserver/View/HTML.pm index 818bfbf8fbc7..54b4f089ae4d 100644 --- a/html/pfappserver/lib/pfappserver/View/HTML.pm +++ b/html/pfappserver/lib/pfappserver/View/HTML.pm @@ -62,7 +62,7 @@ sub js_filter { sub can_access { my ($self, $c, @actions) = @_; my $roles = []; - $roles = $c->user->roles if $c->user_exists; + $roles = [$c->user->roles] if $c->user_exists; return admin_can($roles,@actions); } @@ -73,7 +73,7 @@ sub can_access { sub can_access_any { my ($self, $c, @actions) = @_; my $roles = []; - $roles = $c->user->roles if $c->user_exists; + $roles = [$c->user->roles] if $c->user_exists; return admin_can_do_any($roles,@actions); } From 9bc26205c6caec3a016d53ab96fb866c30186c91 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 4 Nov 2013 09:52:35 -0500 Subject: [PATCH 268/369] Add access rights to interfaces management --- html/pfappserver/root/admin/configuration.tt | 8 ++++++++ html/pfappserver/root/config/networks/view.tt | 4 ++-- html/pfappserver/root/interface/index.tt | 2 ++ html/pfappserver/root/interface/list.tt | 4 ++-- html/pfappserver/root/interface/view.tt | 2 +- 5 files changed, 15 insertions(+), 5 deletions(-) diff --git a/html/pfappserver/root/admin/configuration.tt b/html/pfappserver/root/admin/configuration.tt index f360546cf180..fb1e5f991e01 100644 --- a/html/pfappserver/root/admin/configuration.tt +++ b/html/pfappserver/root/admin/configuration.tt @@ -100,10 +100,16 @@ table.sources { [%- END %] [%- IF can_access("INTERFACES_READ") || can_access("SWITCHES_READ") || can_access("FLOATING_DEVICES_READ") %]
    • [% l('Network') %]
    • + [%- IF can_access("INTERFACES_READ") %] [% pf_section_entry( 'interfaces', 'Interfaces') %] + [%- END %] + [%- IF can_access("SWITCHES_READ") %] [% pf_section_entry( 'switches', 'Switches') %] + [%- END %] + [%- IF can_access("FLOATING_DEVICES_READ") %] [% pf_section_entry( 'floating_devices', 'Floating devices') %] [%- END %] + [%- END %] [%- IF can_access("USERS_ROLES_READ") || can_access("USERS_SOURCES_READ") %]
    • [% l('Users') %]
      • [%- IF can_access("USERS_ROLES_READ") %] @@ -111,6 +117,8 @@ table.sources { [%- END %] [%- IF can_access("USERS_SOURCES_READ") %] [% list_entry('Authentication', 'index', 'Sources') %] + [%- END %] + [%- END %] [%- IF can_access("VIOLATIONS_READ") || can_access("SOH_READ") %]
    • [% l('Compliance') %]
      • [%- IF can_access("VIOLATIONS_READ") %] diff --git a/html/pfappserver/root/config/networks/view.tt b/html/pfappserver/root/config/networks/view.tt index 4b5cce5da80c..b6c939b16a8f 100644 --- a/html/pfappserver/root/config/networks/view.tt +++ b/html/pfappserver/root/config/networks/view.tt @@ -31,9 +31,9 @@
    - [% IF form.field('gateway') && network %] [% l('Delete') %][% END %] + [% IF form.field('gateway') && network && can_access("INTERFACES_DELETE") %] [% l('Delete') %][% END %] [% l('Close') %] - + [% IF can_access("INTERFACES_UPDATE") %][% END %]
    diff --git a/html/pfappserver/root/interface/index.tt b/html/pfappserver/root/interface/index.tt index 80b21139e0d2..84cfa487ca58 100644 --- a/html/pfappserver/root/interface/index.tt +++ b/html/pfappserver/root/interface/index.tt @@ -2,6 +2,8 @@ [% INCLUDE interface/list.tt %] +[%- IF can_access("INTERFACES_CREATE") %]
    [% l('Add routed network') %]
    +[%- END %] diff --git a/html/pfappserver/root/interface/list.tt b/html/pfappserver/root/interface/list.tt index e1dafd94a857..94c91685f6fa 100644 --- a/html/pfappserver/root/interface/list.tt +++ b/html/pfappserver/root/interface/list.tt @@ -21,9 +21,9 @@ [% l(interfaces.$i.type) %] [% IF interfaces.$i.vlan -%] - [% l('Delete') %] + [% IF can_access("INTERFACES_DELETE") %][% l('Delete') %][% END %] [% ELSE -%] - [% l('Add VLAN') %] + [% IF can_access("INTERFACES_CREATE") %][% l('Add VLAN') %][% END %] [% END -%] diff --git a/html/pfappserver/root/interface/view.tt b/html/pfappserver/root/interface/view.tt index bd644b4ecf51..6b049b5c0008 100644 --- a/html/pfappserver/root/interface/view.tt +++ b/html/pfappserver/root/interface/view.tt @@ -12,6 +12,6 @@
    [% l('Close') %] - + [% IF can_access("INTERFACES_UPDATE") %][% END %]
    From d50f7b26390a1ded8b18e83b2fab54761acdb509 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 4 Nov 2013 10:01:03 -0500 Subject: [PATCH 269/369] Change type of access_level column We no longer use a bit string but simply a string that refers to one or many roles from conf/adminroles.conf --- db/upgrade-4.0.0-4.1.0.sql | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/db/upgrade-4.0.0-4.1.0.sql b/db/upgrade-4.0.0-4.1.0.sql index 50d532aaaebb..38642e1e7658 100644 --- a/db/upgrade-4.0.0-4.1.0.sql +++ b/db/upgrade-4.0.0-4.1.0.sql @@ -1,5 +1,13 @@ -- --- category of temporary password is not mandatory +-- category of temporary_password is not mandatory -- -ALTER TABLE `temporary_password` MODIFY category int DEFAULT NULL; \ No newline at end of file +ALTER TABLE `temporary_password` MODIFY category int DEFAULT NULL; + +-- +-- access_level of temporary_password is now a string instead of a bit string +-- + +ALTER TABLE temporary_password CHANGE access_level access_level varchar(255) DEFAULT 'NONE'; +UPDATE temporary_password SET access_level = 'ALL' WHERE access_level = '4294967295'; +UPDATE temporary_password SET access_level = 'NONE' WHERE access_level = '0'; From 442c6e0c8721f891fa05fcd36d458d73a345871f Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 21 Nov 2013 16:40:40 -0500 Subject: [PATCH 270/369] Switch editor: Remove 'disabled' class of Save btn --- html/pfappserver/root/configuration/switch/view.tt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/pfappserver/root/configuration/switch/view.tt b/html/pfappserver/root/configuration/switch/view.tt index d84969ba557e..b247096fb3f0 100644 --- a/html/pfappserver/root/configuration/switch/view.tt +++ b/html/pfappserver/root/configuration/switch/view.tt @@ -90,7 +90,7 @@
    [% l('Close') %] - [% IF can_access("SWITCHES_UPDATE") %][% END %] + [% IF can_access("SWITCHES_UPDATE") %][% END %]
    From 486c29face67376b375270d64f7309cd587ba838 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Fri, 11 Oct 2013 16:18:15 -0400 Subject: [PATCH 271/369] Added wiredeauthTechniques method like deauthTechniques for the wireless Added ArubaSwitch switch module (mac auth and 802.1x and CoA support) Added Dell Force10 switch module Added CoA deauth support for Cisco Switch --- lib/pf/SNMP.pm | 37 +++- lib/pf/SNMP/ArubaSwitch.pm | 249 +++++++++++++++++++++++++++ lib/pf/SNMP/Brocade.pm | 2 +- lib/pf/SNMP/Cisco/Catalyst_2950.pm | 29 +++- lib/pf/SNMP/Cisco/Catalyst_2960.pm | 134 +++++++++++++- lib/pf/SNMP/Dell/Force10.pm | 157 +++++++++++++++++ lib/pf/SNMP/Juniper.pm | 2 +- lib/pf/SNMP/MockedSwitch.pm | 20 ++- lib/pf/SNMP/PacketFence.pm | 34 ++-- lib/pf/SNMP/ThreeCom/Switch_4200G.pm | 2 +- lib/pf/enforcement.pm | 6 +- sbin/pfsetvlan | 16 +- 12 files changed, 655 insertions(+), 33 deletions(-) create mode 100644 lib/pf/SNMP/ArubaSwitch.pm create mode 100644 lib/pf/SNMP/Dell/Force10.pm diff --git a/lib/pf/SNMP.pm b/lib/pf/SNMP.pm index 49e239b75c46..02786dab3e38 100644 --- a/lib/pf/SNMP.pm +++ b/lib/pf/SNMP.pm @@ -2413,7 +2413,7 @@ ifIndex - ifIndex to force re-authentication on =cut sub dot1xPortReauthenticate { - my ($this, $ifIndex) = @_; + my ($this, $ifIndex, $mac) = @_; return $this->_dot1xPortReauthenticate($ifIndex); } @@ -2475,7 +2475,7 @@ Default behavior is to bounce the port =cut sub handleReAssignVlanTrapForWiredMacAuth { - my ($this, $ifIndex) = @_; + my ($this, $ifIndex, $mac) = @_; my $logger = Log::Log4perl::get_logger(ref($this)); # TODO extract that behavior in a method call in pf::vlan so it can be overridden easily @@ -2814,6 +2814,39 @@ sub getIfIndexByNasPortId { return $FALSE; } +=item wiredeauthTechniques + +Return the reference to the deauth technique or the default deauth technique. + +=cut + +sub wiredeauthTechniques { + my ($this, $method, $connection_type) = @_; + my $logger = Log::Log4perl::get_logger( ref($this) ); + if ($connection_type == $WIRED_802_1X) { + my $default = $SNMP::SNMP; + my %tech = ( + $SNMP::SNMP => \&dot1xPortReauthenticate, + ); + + if (!defined($method) || !defined($tech{$method})) { + $method = $default; + } + return $method,$tech{$method}; + } + if ($connection_type == $WIRED_MAC_AUTH) { + my $default = $SNMP::SNMP; + my %tech = ( + $SNMP::SNMP => \&handleReAssignVlanTrapForWiredMacAuth, + ); + + if (!defined($method) || !defined($tech{$method})) { + $method = $default; + } + return $method,$tech{$method}; + } +} + =back =head1 AUTHOR diff --git a/lib/pf/SNMP/ArubaSwitch.pm b/lib/pf/SNMP/ArubaSwitch.pm new file mode 100644 index 000000000000..97a4731c6cd8 --- /dev/null +++ b/lib/pf/SNMP/ArubaSwitch.pm @@ -0,0 +1,249 @@ +package pf::SNMP::ArubaSwitch; + +=head1 NAME + +pf::SNMP::ArubaSwitch - Object oriented module to access SNMP enabled Aruba Switches + +=head1 SYNOPSIS + +The pf::SNMP::ArubaSwitch module implements an object oriented interface +to access SNMP enabled Aruba switches. + +=head1 STATUS + +=over + +=item Supports + +=over + +=item 802.1X and MAC-Authentication with and without VoIP + +=back + +Stacked switch support has not been tested. + +=back + + +=head1 BUGS AND LIMITATIONS + +=over + +=back + +=head1 CONFIGURATION AND ENVIRONMENT + +F + +=cut + +use strict; +use warnings; +use Log::Log4perl; +use Net::SNMP; +use base ('pf::SNMP'); + +sub description { 'Aruba Switches' } + +# importing switch constants +use pf::SNMP::constants; +use pf::util; +use pf::config; + +=head1 SUBROUTINES + +=over + +=cut +# CAPABILITIES +# access technology supported +sub supportsRoleBasedEnforcement { return $TRUE; } +sub supportsWiredMacAuth { return $TRUE; } +sub supportsWiredDot1x { return $TRUE; } +sub supportsRadiusDynamicVlanAssignment { return $TRUE; } +# sub supportsRadiusVoip { return $TRUE; } +# inline capabilities +sub inlineCapabilities { return ($MAC,$PORT); } + + +=item getVersion + +=cut + +sub getVersion { + my ($this) = @_; + my $oid_sysDescr = '1.3.6.1.2.1.1.1.0'; + my $logger = Log::Log4perl::get_logger( ref($this) ); + if ( !$this->connectRead() ) { + return ''; + } + $logger->trace("SNMP get_request for sysDescr: $oid_sysDescr"); + my $result = $this->{_sessionRead}->get_request( -varbindlist => [$oid_sysDescr] ); + my $sysDescr = ( $result->{$oid_sysDescr} || '' ); + if ( $sysDescr =~ m/V(\d{1}\.\d{2}\.\d{2})/ ) { + return $1; + } elsif ( $sysDescr =~ m/Version (\d+\.\d+\([^)]+\)[^,\s]*)(,|\s)+/ ) { + return $1; + } else { + return $sysDescr; + } +} + +=item _dot1xPortReauthenticate + +Actual implementation. + +Allows callers to refer to this implementation even though someone along the way override the above call. + +=cut + +sub dot1xPortReauthenticate { + my ($this, $ifIndex) = @_; + my $logger = Log::Log4perl::get_logger(ref($this)); + + return; +} + + +=item parseTrap + +All traps ignored + +=cut + +sub parseTrap { + my ( $this, $trapString ) = @_; + my $trapHashRef; + my $logger = Log::Log4perl::get_logger( ref($this) ); + + $logger->debug("trap ignored, not useful for switch"); + $trapHashRef->{'trapType'} = 'unknown'; + + return $trapHashRef; +} + +=head2 getIfIndexByNasPortId + +Fetch the ifindex on the switch by NAS-Port-Id radius attribute + +=cut + + +sub getIfIndexByNasPortId { + my ($this, $ifDesc_param) = @_; + + if ( !$this->connectRead() ) { + return 0; + } + + my @ifDescTemp = split(':',$ifDesc_param); + my $OID_ifDesc = '1.3.6.1.2.1.2.2.1.2'; + my $ifDescHashRef; + my $result = $this->{_sessionRead}->get_table( -baseoid => $OID_ifDesc ); + foreach my $key ( keys %{$result} ) { + my $ifDesc = $result->{$key}; + if ( $ifDesc =~ /$ifDescTemp[1]$/i ) { + $key =~ /^$OID_ifDesc\.(\d+)$/; + return $1; + } + } +} + +=item deauthenticateMacRadius + +Method to deauth a wired node with CoA. + +=cut +sub deauthenticateMacRadius { + my ($this, $ifIndex,$mac) = @_; + my $logger = Log::Log4perl::get_logger(ref($this)); + + + # perform CoA + $this->radiusDisconnect($mac); +} + +=item returnRoleAttribute + +What RADIUS Attribute (usually VSA) should the role returned into. + +=cut + +sub returnRoleAttribute { + my ($this) = @_; + + return 'Aruba-User-Role'; +} + +=item wiredeauthTechniques + +Return the reference to the deauth technique or the default deauth technique. + +=cut + +sub wiredeauthTechniques { + my ($this, $method, $connection_type) = @_; + my $logger = Log::Log4perl::get_logger( ref($this) ); + if ($connection_type == $WIRED_802_1X) { + my $default = $SNMP::SNMP; + my %tech = ( + $SNMP::SNMP => \&dot1xPortReauthenticate, + $SNMP::RADIUS => \&deauthenticateMacRadius, + ); + + if (!defined($method) || !defined($tech{$method})) { + $method = $default; + } + return $method,$tech{$method}; + } + if ($connection_type == $WIRED_MAC_AUTH) { + my $default = $SNMP::SNMP; + my %tech = ( + $SNMP::SNMP => \&handleReAssignVlanTrapForWiredMacAuth, + $SNMP::RADIUS => \&deauthenticateMacRadius, + ); + + if (!defined($method) || !defined($tech{$method})) { + $method = $default; + } + return $method,$tech{$method}; + } +} + + +=back + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + +# vim: set shiftwidth=4: +# vim: set expandtab: +# vim: set backspace=indent,eol,start: + diff --git a/lib/pf/SNMP/Brocade.pm b/lib/pf/SNMP/Brocade.pm index 2247c9400293..e273c7a8398e 100644 --- a/lib/pf/SNMP/Brocade.pm +++ b/lib/pf/SNMP/Brocade.pm @@ -122,7 +122,7 @@ Allows callers to refer to this implementation even though someone along the way =cut sub dot1xPortReauthenticate { - my ($this, $ifIndex) = @_; + my ($this, $ifIndex, $mac) = @_; my $logger = Log::Log4perl::get_logger(ref($this)); diff --git a/lib/pf/SNMP/Cisco/Catalyst_2950.pm b/lib/pf/SNMP/Cisco/Catalyst_2950.pm index b82b98f2d30d..17374aee24a9 100644 --- a/lib/pf/SNMP/Cisco/Catalyst_2950.pm +++ b/lib/pf/SNMP/Cisco/Catalyst_2950.pm @@ -976,7 +976,7 @@ or set the VLAN and log if there is a VoIP device. =cut sub dot1xPortReauthenticate { - my ($this, $ifIndex) = @_; + my ($this, $ifIndex, $mac) = @_; my $logger = Log::Log4perl::get_logger(ref($this)); $logger->info( @@ -1016,7 +1016,7 @@ sub dot1xPortReauthenticate { "Changing VLAN and leaving everything as it is." ); - my $mac = $locationlog[0]->{'mac'}; + $mac = $locationlog[0]->{'mac'}; my $vlan_obj = new pf::vlan::custom(); my ($vlan,$wasInline) = $vlan_obj->fetchVlanForNode($mac, $this, $ifIndex, $WIRED_802_1X); @@ -1160,6 +1160,31 @@ sub ifIndexToLldpLocalPort { return; } +=item getIfIndexByNasPortId + +Fetch the ifindex on the switch by NAS-Port-Id radius attribute + +=cut + +sub getIfIndexiByNasPortId { + my ($this, $ifDesc_param) = @_; + + if ( !$this->connectRead() ) { + return 0; + } + + my $OID_ifDesc = '1.3.6.1.2.1.2.2.1.2'; + my $ifDescHashRef; + my $result = $this->{_sessionRead}->get_table( -baseoid => $OID_ifDesc ); + foreach my $key ( keys %{$result} ) { + my $ifDesc = $result->{$key}; + if ( $ifDesc =~ /$ifDesc_param$/i ) { + $key =~ /^$OID_ifDesc\.(\d+)$/; + return $1; + } + } +} + =back =head1 AUTHOR diff --git a/lib/pf/SNMP/Cisco/Catalyst_2960.pm b/lib/pf/SNMP/Cisco/Catalyst_2960.pm index 844406acc094..d1761490dc3c 100644 --- a/lib/pf/SNMP/Cisco/Catalyst_2960.pm +++ b/lib/pf/SNMP/Cisco/Catalyst_2960.pm @@ -136,6 +136,10 @@ use base ('pf::SNMP::Cisco::Catalyst_2950'); use pf::config; use pf::SNMP::constants; use pf::util; +use pf::accounting qw(node_accounting_current_sessionid); +use pf::node qw(node_attributes); +use pf::util::radius qw(perform_coa perform_disconnect); + sub description { 'Cisco Catalyst 2960' } @@ -328,7 +332,7 @@ Points to pf::SNMP implementation bypassing Catalyst_2950's overridden behavior. =cut sub dot1xPortReauthenticate { - my ($this, $ifIndex) = @_; + my ($this, $ifIndex, $mac) = @_; return $this->_dot1xPortReauthenticate($ifIndex); } @@ -366,6 +370,134 @@ sub getVoipVsa { return ('Cisco-AVPair' => "device-traffic-class=voice"); } +=item deauthenticateMacRadius + +Method to deauth a wired node with CoA. + +=cut +sub deauthenticateMacRadius { + my ($this, $ifIndex,$mac) = @_; + my $logger = Log::Log4perl::get_logger(ref($this)); + + + # perform CoA + my $acctsessionid = node_accounting_current_sessionid($mac); + $this->radiusDisconnect($mac ,{ 'Acct-Terminate-Cause' => 'Admin-Reset'}); +} + +=item radiusDisconnect + +Send a CoA to disconnect a mac + +=cut +sub radiusDisconnect { + my ($self, $mac, $add_attributes_ref) = @_; + my $logger = Log::Log4perl::get_logger( ref($self) ); + + # initialize + $add_attributes_ref = {} if (!defined($add_attributes_ref)); + + if (!defined($self->{'_radiusSecret'})) { + $logger->warn( + "Unable to perform RADIUS CoA-Request on $self->{'_ip'}: RADIUS Shared Secret not configured" + ); + return; + } + + $logger->info("deauthenticating $mac"); + + # Where should we send the RADIUS CoA-Request? + # to network device by default + my $send_disconnect_to = $self->{'_ip'}; + # but if controllerIp is set, we send there + if (defined($self->{'_controllerIp'}) && $self->{'_controllerIp'} ne '') { + $logger->info("controllerIp is set, we will use controller $self->{_controllerIp} to perform deauth"); + $send_disconnect_to = $self->{'_controllerIp'}; + } + # allowing client code to override where we connect with NAS-IP-Address + $send_disconnect_to = $add_attributes_ref->{'NAS-IP-Address'} + if (defined($add_attributes_ref->{'NAS-IP-Address'})); + + my $response; + try { + my $connection_info = { + nas_ip => $send_disconnect_to, + secret => $self->{'_radiusSecret'}, + LocalAddr => $management_network->tag('vip'), + }; + + $logger->debug("network device supports roles. Evaluating role to be returned"); + my $roleResolver = pf::roles::custom->instance(); + my $role = $roleResolver->getRoleForNode($mac, $self); + + my $node_info = node_attributes($mac); + # transforming MAC to the expected format 00-11-22-33-CA-FE + $mac = uc($mac); + $mac =~ s/:/-/g; + + # Standard Attributes + my $attributes_ref = { + 'Calling-Station-Id' => $mac, + 'NAS-IP-Address' => $send_disconnect_to, + }; + + # merging additional attributes provided by caller to the standard attributes + $attributes_ref = { %$attributes_ref, %$add_attributes_ref }; + + $response = perform_coa($connection_info, $attributes_ref, [{ 'vendor' => 'Cisco', 'attribute' => 'Cisco-AVPair', 'value' => 'subscriber:command=reauthenticate' }]); + + } catch { + chomp; + $logger->warn("Unable to perform RADIUS CoA-Request: $_"); + $logger->error("Wrong RADIUS secret or unreachable network device...") if ($_ =~ /^Timeout/); + }; + return if (!defined($response)); + + return $TRUE if ($response->{'Code'} eq 'CoA-ACK'); + + $logger->warn( + "Unable to perform RADIUS Disconnect-Request." + . ( defined($response->{'Code'}) ? " $response->{'Code'}" : 'no RADIUS code' ) . ' received' + . ( defined($response->{'Error-Cause'}) ? " with Error-Cause: $response->{'Error-Cause'}." : '' ) + ); + return; +} + +=item wiredeauthTechniques + +Return the reference to the deauth technique or the default deauth technique. + +=cut + +sub wiredeauthTechniques { + my ($this, $method, $connection_type) = @_; + my $logger = Log::Log4perl::get_logger( ref($this) ); + if ($connection_type == $WIRED_802_1X) { + my $default = $SNMP::SNMP; + my %tech = ( + $SNMP::SNMP => \&dot1xPortReauthenticate, + $SNMP::RADIUS => \&deauthenticateMacRadius, + ); + + if (!defined($method) || !defined($tech{$method})) { + $method = $default; + } + return $method,$tech{$method}; + } + if ($connection_type == $WIRED_MAC_AUTH) { + my $default = $SNMP::SNMP; + my %tech = ( + $SNMP::SNMP => \&handleReAssignVlanTrapForWiredMacAuth, + $SNMP::RADIUS => \&deauthenticateMacRadius, + ); + + if (!defined($method) || !defined($tech{$method})) { + $method = $default; + } + return $method,$tech{$method}; + } +} + =back =head1 AUTHOR diff --git a/lib/pf/SNMP/Dell/Force10.pm b/lib/pf/SNMP/Dell/Force10.pm new file mode 100644 index 000000000000..d144f43e82fc --- /dev/null +++ b/lib/pf/SNMP/Dell/Force10.pm @@ -0,0 +1,157 @@ +package pf::SNMP::Dell::Force10; + +=head1 NAME + +pf::SNMP::Dell::Force10 - Object oriented module to access SNMP enabled Dell Force10 switches + +=head1 SYNOPSIS + +The pf::SNMP::Dell::Force10 module implements an object oriented interface to access SNMP enabled Dell:Force10 switches. + +The minimum required firmware version is ... + +=head1 CONFIGURATION AND ENVIRONMENT + +F + +=cut + +use strict; +use warnings; +use Log::Log4perl; +use pf::config; +use base ('pf::SNMP::Dell'); + +sub description { 'Dell Force 10' } + +# CAPABILITIES +# access technology supported +sub supportsWiredMacAuth { return $TRUE; } +sub supportsWiredDot1x { return $TRUE; } +# VoIP technology supported +sub supportsRadiusVoip { return $TRUE; } +# override 2950's FALSE +sub supportsRadiusDynamicVlanAssignment { return $TRUE; } + +sub getMinOSVersion { + my ($this) = @_; + my $logger = Log::Log4perl::get_logger( ref($this) ); + return '112'; +} + +=item * _identifyConnectionType + +Identify the connection type based information provided by RADIUS call + +Returns the constants $WIRED or $WIRELESS. Undef if unable to identify. + +=cut + +sub _identifyConnectionType { + my ($this, $nas_port_type, $eap_type, $mac, $user_name) = @_; + my $logger = Log::Log4perl::get_logger(ref($this)); + + $eap_type = 0 if (not defined($eap_type)); + if (defined($nas_port_type)) { + + if ($nas_port_type =~ /^Wireless-802\.11/) { + + if ($eap_type) { + return $WIRELESS_802_1X; + } else { + return $WIRELESS_MAC_AUTH; + } + + } elsif ($nas_port_type =~ /^Ethernet/ ) { + + if ($eap_type) { + + # some vendor do EAP-based Wired MAC Authentication, as far as PacketFence is concerned + # this is still MAC Authentication so we need to cheat a little bit here + # TODO: consider moving this logic later once the switch is initialized so we can ask it + # (supportsEAPMacAuth?) + $mac =~ s/[^[:xdigit:]]//g; + if (lc $mac eq lc $user_name) { + return $WIRED_MAC_AUTH; + } else { + return $WIRED_802_1X; + } + + } else { + return $WIRED_MAC_AUTH; + } + + } else { + # we didn't recognize request_type, this is a problem + $logger->warn("Unknown connection_type. NAS-Port-Type: $nas_port_type, EAP-Type: $eap_type."); + return; + } + } else { + + #$logger->warn("Request type was not set. There is a problem with the NAS, your radius config " + # ."or rlm_perl packetfence.pm FreeRADIUS module."); + return $WIRED_MAC_AUTH; + } +} + +=item getIfIndexByNasPortId + +Fetch the ifindex on the switch by NAS-Port-Id radius attribute + +=cut + +sub getIfIndexByNasPortId { + my ($this, $ifDesc_param) = @_; + my $logger = Log::Log4perl::get_logger(ref($this)); + if ( !$this->connectRead() ) { + return 0; + } + my @ifDesc_val = split('/',$ifDesc_param); + my $OID_ifDesc = '1.3.6.1.2.1.17.1.4.1.2.'.$ifDesc_param; + $logger->warn($OID_ifDesc); + my $ifDescHashRef; + my $result = $this->{_sessionRead}->get_request( -varbindlist => [ "$OID_ifDesc" ] ); + return $result->{"$OID_ifDesc"}; + foreach my $key ( keys %{$result} ) { + my $ifDesc = $result->{$key}; + if ( $ifDesc =~ /$ifDesc_val[1]$/i ) { + $key =~ /^$OID_ifDesc\.(\d+)$/; + return $1; + } + } +} + + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + +# vim: set shiftwidth=4: +# vim: set expandtab: +# vim: set backspace=indent,eol,start: + diff --git a/lib/pf/SNMP/Juniper.pm b/lib/pf/SNMP/Juniper.pm index ae7b7ee9e78b..66a6aeae89d0 100644 --- a/lib/pf/SNMP/Juniper.pm +++ b/lib/pf/SNMP/Juniper.pm @@ -183,7 +183,7 @@ Called when a ReAssignVlan trap is received for a switch-port in Wired MAC Authe =cut sub handleReAssignVlanTrapForWiredMacAuth { - my ($this, $ifIndex) = @_; + my ($this, $ifIndex, $mac) = @_; my $logger = Log::Log4perl::get_logger(ref($this)); my $switch_ip = $this->{_ip}; diff --git a/lib/pf/SNMP/MockedSwitch.pm b/lib/pf/SNMP/MockedSwitch.pm index 33648bf73d3f..4801041e8b09 100644 --- a/lib/pf/SNMP/MockedSwitch.pm +++ b/lib/pf/SNMP/MockedSwitch.pm @@ -2535,7 +2535,7 @@ ifIndex - ifIndex to force re-authentication on =cut sub dot1xPortReauthenticate { - my ($this, $ifIndex) = @_; + my ($this, $ifIndex, $mac) = @_; return $this->_dot1xPortReauthenticate($ifIndex); } @@ -2768,7 +2768,7 @@ sub NasPortToIfIndex { =cut sub handleReAssignVlanTrapForWiredMacAuth { - my ($this, $ifIndex) = @_; + my ($this, $ifIndex, $mac) = @_; my $logger = Log::Log4perl::get_logger(ref($this)); my $switch_ip = $this->{'_ip'}; @@ -2778,7 +2778,9 @@ sub handleReAssignVlanTrapForWiredMacAuth { return; } - my $mac = $locationlog[0]->{'mac'}; + if (!defined($mac)) { + $mac = $locationlog[0]->{'mac'}; + } my $hasPhone = $this->hasPhoneAtIfIndex($ifIndex); # TODO extract that behavior in a method call in pf::vlan so it can be overridden easily @@ -2889,6 +2891,18 @@ sub getIfIndexByNasPortId { return $FALSE; } +=item wiredeauthTechniques + +Return the reference to the deauth technique or the default deauth technique. + +=cut + +sub wiredeauthTechniques { + my ($this, $method, $connection_type) = @_; + my $logger = Log::Log4perl::get_logger( ref($this) ); + return $TRUE; +} + =back =head1 AUTHOR diff --git a/lib/pf/SNMP/PacketFence.pm b/lib/pf/SNMP/PacketFence.pm index 87e552c03ff5..1ce8da0753b2 100644 --- a/lib/pf/SNMP/PacketFence.pm +++ b/lib/pf/SNMP/PacketFence.pm @@ -48,20 +48,34 @@ sub connectWrite { } sub sendLocalReAssignVlanTrap { - my ($this, $switch_ip, $ifIndex, $connection_type) = @_; + my ($this, $switch_ip, $ifIndex, $connection_type, $mac) = @_; my $logger = Log::Log4perl::get_logger( ref($this) ); if ( !$this->connectWrite() ) { return 0; } - my $result = $this->{_sessionWrite}->trap( - -genericTrap => Net::SNMP::ENTERPRISE_SPECIFIC, - -agentaddr => $switch_ip, - -varbindlist => [ - '1.3.6.1.6.3.1.1.4.1.0', Net::SNMP::OBJECT_IDENTIFIER, '1.3.6.1.4.1.29464.1.1', - "1.3.6.1.2.1.2.2.1.1.$ifIndex", Net::SNMP::INTEGER, $ifIndex, - "1.3.6.1.2.1.2.2.1.1.$ifIndex", Net::SNMP::INTEGER, $connection_type, - ] - ); + my $result; + if (defined($mac)) { + $result = $this->{_sessionWrite}->trap( + -genericTrap => Net::SNMP::ENTERPRISE_SPECIFIC, + -agentaddr => $switch_ip, + -varbindlist => [ + '1.3.6.1.6.3.1.1.4.1.0', Net::SNMP::OBJECT_IDENTIFIER, '1.3.6.1.4.1.29464.1.1', + "1.3.6.1.2.1.2.2.1.1.$ifIndex", Net::SNMP::INTEGER, $ifIndex, + "1.3.6.1.2.1.2.2.1.1.$ifIndex", Net::SNMP::INTEGER, $connection_type, + "1.3.6.1.4.1.29464.1.3", Net::SNMP::OCTET_STRING, $mac, + ] + ); + } else { + $result = $this->{_sessionWrite}->trap( + -genericTrap => Net::SNMP::ENTERPRISE_SPECIFIC, + -agentaddr => $switch_ip, + -varbindlist => [ + '1.3.6.1.6.3.1.1.4.1.0', Net::SNMP::OBJECT_IDENTIFIER, '1.3.6.1.4.1.29464.1.1', + "1.3.6.1.2.1.2.2.1.1.$ifIndex", Net::SNMP::INTEGER, $ifIndex, + "1.3.6.1.2.1.2.2.1.1.$ifIndex", Net::SNMP::INTEGER, $connection_type, + ] + ); + } if ( !$result ) { $logger->error( "error sending SNMP trap: " . $this->{_sessionWrite}->error() ); diff --git a/lib/pf/SNMP/ThreeCom/Switch_4200G.pm b/lib/pf/SNMP/ThreeCom/Switch_4200G.pm index 08e5af420e48..9ea82472579b 100644 --- a/lib/pf/SNMP/ThreeCom/Switch_4200G.pm +++ b/lib/pf/SNMP/ThreeCom/Switch_4200G.pm @@ -140,7 +140,7 @@ See in L. =cut sub dot1xPortReauthenticate { - my ($this, $ifIndex) = @_; + my ($this, $ifIndex, $mac) = @_; my $logger = Log::Log4perl::get_logger(ref($this)); $logger->warn( diff --git a/lib/pf/enforcement.pm b/lib/pf/enforcement.pm index cbcd2417311f..0a0e25b6e592 100644 --- a/lib/pf/enforcement.pm +++ b/lib/pf/enforcement.pm @@ -131,7 +131,7 @@ sub _vlan_reevaluation { } elsif ($conn_type == $WIRED_SNMP_TRAPS) { $logger->debug("sending a local reAssignVlan trap to force VLAN change"); - $trapSender->sendLocalReAssignVlanTrap($switch_ip, $ifIndex, $conn_type); + $trapSender->sendLocalReAssignVlanTrap($switch_ip, $ifIndex, $conn_type, $mac); } elsif ($conn_type == $WIRELESS_MAC_AUTH) { $logger->debug("sending a local desAssociate trap to force deassociation " @@ -150,11 +150,11 @@ sub _vlan_reevaluation { } elsif ($conn_type == $WIRED_802_1X) { $logger->debug("sending a local reAssignVlan trap to force VLAN change"); - $trapSender->sendLocalReAssignVlanTrap($switch_ip, $ifIndex, $conn_type); + $trapSender->sendLocalReAssignVlanTrap($switch_ip, $ifIndex, $conn_type, $mac); } elsif ($conn_type == $WIRED_MAC_AUTH) { $logger->debug("sending a local reAssignVlan trap to force VLAN change"); - $trapSender->sendLocalReAssignVlanTrap($switch_ip, $ifIndex, $conn_type); + $trapSender->sendLocalReAssignVlanTrap($switch_ip, $ifIndex, $conn_type, $mac); } } else { $logger->error("Can't instantiate switch 127.0.0.1! Check your configuration!"); diff --git a/sbin/pfsetvlan b/sbin/pfsetvlan index 521f48014baf..3ff8769a172e 100755 --- a/sbin/pfsetvlan +++ b/sbin/pfsetvlan @@ -594,17 +594,20 @@ sub parseTrap { \.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0\ =\ OID:\ \.1\.3\.6\.1\.4\.1\.29464\.1\.1 # metadata \|\.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.(\d+)\ =\ INTEGER:\ \d+ # ifIndex \|\.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.\d+\ =\ INTEGER:\ (\d+) # connection type + \|\.1\.3\.6\.1\.4\.1\.29464\.1\.3\ =\ STRING:\ \"(.+)\" # mac /x) { # WARNING: using trap operation for something it is not meant to $trapHashRef = { 'trapType' => 'reAssignVlan', 'trapIfIndex' => $1, 'trapOperation' => $2, + 'trapMac' => $3, }; } elsif ($trapLine =~ /BEGIN VARIABLEBINDINGS \.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 = OID: \.1\.3\.6\.1\.4\.1\.29464\.1\.1\|\.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.(\d+) = INTEGER:/) { $trapHashRef = { 'trapType' => 'reAssignVlan', 'trapIfIndex' => $1, + 'trapMac' => $3, }; } elsif ($trapLine =~ /BEGIN\ VARIABLEBINDINGS\ # metadata @@ -711,6 +714,7 @@ sub parseTrap { } elsif ($trapType eq 'reAssignVlan') { $trapOperation = $trapHashRef->{'trapOperation'}; + $trapMac = $trapHashRef->{'trapMac'}; } elsif ($trapType eq 'roaming') { $trapMac = $trapHashRef->{'trapMac'}; $trapMac =~ s/ /:/g; @@ -1609,15 +1613,9 @@ sub handleTrap { my $connection_type = $trapOperation; # WARNING: I used trapOperation to carry the connection type $logger->info("$trapType trap received on $switch_ip ifIndex $switch_port"); - if (defined($connection_type) && $connection_type == $WIRED_802_1X) { - # we spawn a shell to workaround a thread safety bug in Net::Appliance::Session when using SSH transport - # http://www.cpanforum.com/threads/6909 - $logger->info("Forcing 802.1x re-authentication on $switch_ip:$switch_port. A new VLAN will be assigned."); - pf_run("/usr/local/pf/bin/pfcmd_vlan -deauthenticateDot1x -switch $switch_ip -ifIndex $switch_port"); - - } elsif (defined($connection_type) && $connection_type == $WIRED_MAC_AUTH) { - $switch->handleReAssignVlanTrapForWiredMacAuth($switch_port); - + if (defined($connection_type) && ($connection_type == $WIRED_802_1X || $connection_type == $WIRED_MAC_AUTH) ) { + my ($switchdeauthMethod, $deauthTechniques) = $switch->wiredeauthTechniques($switch->{_deauthMethod},$connection_type); + $deauthTechniques->($switch_port,$trapMac); } else { my @locationlog = locationlog_view_open_switchport_no_VoIP( $switch_ip, $switch_port ); From 25f1f5d7e7acd97801afd7e17dcd50cc1f57aa6b Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Fri, 11 Oct 2013 16:49:38 -0400 Subject: [PATCH 272/369] Update doc Added radius attribute --- ...twork_Devices_Configuration_Guide.asciidoc | 46 +++++++++++++++++++ lib/pf/radius.pm | 2 +- 2 files changed, 47 insertions(+), 1 deletion(-) diff --git a/docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc b/docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc index 16163d14ff51..37d768cac4e9 100644 --- a/docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc +++ b/docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc @@ -108,6 +108,7 @@ PacketFence supports the following devices: | |DWL Access-Points |Dlink::DWL | |DWS 3026 |Dlink::DWS_3026 |Dell |PowerConnect 3424 |Dell::PowerConnect3424 +| |Force 10 |Dell::Force10 |Edge-corE |3526XA |Accton::ES3536XA | |3528M |Accton::ES3528M |Enterasys |Matrix N3 |Enterasys::Matrix_N3 @@ -860,6 +861,12 @@ Radius server configuration: radius-server host 192.168.1.5 auth-port 1812 acct-port 1813 timeout 2 key useStrongerSecret radius-server vsa send authentication +CoA configuration + + aaa server radius dynamic-author + client 192.168.1.5 server-key useStrongerSecret + port 3799 + 802.1x with MAC Authentication bypass (Multi­Host) ++++++++++++++++++++++++++++++++++++++++++++++++++ @@ -896,6 +903,12 @@ Radius server configuration radius-server host 10.10.10.10 auth-port 1812 acct-port 1813 timeout 2 key useStrongerSecret radius-server vsa send authentication +CoA configuration + + aaa server radius dynamic-author + client 192.168.1.5 server-key useStrongerSecret + port 3799 + MAC Authentication bypass only ++++++++++++++++++++++++++++++ @@ -932,6 +945,12 @@ Radius server configuration radius-server host 192.168.1.5 auth-port 1812 acct-port 1813 timeout 2 key useStrongerSecret radius-server vsa send authentication +CoA configuration + + aaa server radius dynamic-author + client 192.168.1.5 server-key useStrongerSecret + port 3799 + Port-­Security ++++++++++++++ @@ -1108,6 +1127,33 @@ On each interface: Dell ~~~~ +Force 10 +^^^^^^^^ + +PacketFence supports this switch using radiusi mac-auth and 802.1x + +Global config settings + + radius-server host 192.168.1.5 key s3cr3t auth-port 1812 + +MAB interface configuration: + + interface GigabitEthernet 0/1 + no ip address + switchport + dot1x authentication + dot1x mac-auth-bypass + dot1x auth-type mab-only + no shutdown + +802.1x interface configuration: + + interface GigabitEthernet 0/1 + no ip address + switchport + dot1x authentication + no shutdown + PowerConnect 3424 ^^^^^^^^^^^^^^^^^ diff --git a/lib/pf/radius.pm b/lib/pf/radius.pm index ed77497fbe3d..04b30d99b347 100644 --- a/lib/pf/radius.pm +++ b/lib/pf/radius.pm @@ -234,7 +234,7 @@ sub _parseRequest { $eap_type = $radius_request->{'EAP-Type'}; } - my $nas_port_id_key = first { exists $radius_request->{$_} && defined $radius_request->{$_} } qw(Cisco-NAS-Port NAS-Port-Id); + my $nas_port_id_key = first { exists $radius_request->{$_} && defined $radius_request->{$_} } qw(Aruba-Port-Identifier Cisco-NAS-Port NAS-Port-Id); my $nas_port_id; if ($nas_port_id_key) { $nas_port_id = $radius_request->{$nas_port_id_key}; From 690509843c60da78ba86fc9a9c835535f91f83e0 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Tue, 15 Oct 2013 11:08:27 -0400 Subject: [PATCH 273/369] Added custom radius answer for aruba switch (remove vlan id if we have a role) --- lib/pf/SNMP/ArubaSwitch.pm | 56 +++++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/lib/pf/SNMP/ArubaSwitch.pm b/lib/pf/SNMP/ArubaSwitch.pm index 97a4731c6cd8..6ed5a8a183cb 100644 --- a/lib/pf/SNMP/ArubaSwitch.pm +++ b/lib/pf/SNMP/ArubaSwitch.pm @@ -42,6 +42,7 @@ use strict; use warnings; use Log::Log4perl; use Net::SNMP; +use Try::Tiny; use base ('pf::SNMP'); sub description { 'Aruba Switches' } @@ -139,7 +140,6 @@ sub getIfIndexByNasPortId { my @ifDescTemp = split(':',$ifDesc_param); my $OID_ifDesc = '1.3.6.1.2.1.2.2.1.2'; - my $ifDescHashRef; my $result = $this->{_sessionRead}->get_table( -baseoid => $OID_ifDesc ); foreach my $key ( keys %{$result} ) { my $ifDesc = $result->{$key}; @@ -211,6 +211,60 @@ sub wiredeauthTechniques { } } +=item returnRadiusAccessAccept + +Prepares the RADIUS Access-Accept reponse for the network device. + +Default implementation. + +=cut + +sub returnRadiusAccessAccept { + my ($self, $vlan, $mac, $port, $connection_type, $user_name, $ssid, $wasInline, $user_role) = @_; + my $logger = Log::Log4perl::get_logger( ref($self) ); + + # Inline Vs. VLAN enforcement + my $radius_reply_ref = {}; + + if (!$wasInline || ($wasInline && $vlan != 0)) { + $radius_reply_ref = { + 'Tunnel-Medium-Type' => $RADIUS::ETHERNET, + 'Tunnel-Type' => $RADIUS::VLAN, + 'Tunnel-Private-Group-ID' => $vlan, + }; + } + + # TODO this is experimental + try { + if ($self->supportsRoleBasedEnforcement()) { + $logger->debug("network device supports roles. Evaluating role to be returned"); + my $role = ""; + if ( defined($user_role) && $user_role ne "" ) { + $role = $self->getRoleByName($user_role); + } + if ( defined($role) && $role ne "" ) { + $radius_reply_ref = {}; + $radius_reply_ref->{$self->returnRoleAttribute()} = $role; + $logger->info( + "Added role $role to the returned RADIUS Access-Accept under attribute " . $self->returnRoleAttribute() + ); + } + else { + $logger->debug("received undefined role. No Role added to RADIUS Access-Accept"); + } + } + } + catch { + chomp($_); + $logger->debug( + "Exception when trying to resolve a Role for the node. No Role added to RADIUS Access-Accept. " + . "Exception: $_" + ); + }; + + $logger->info("Returning ACCEPT with VLAN: $vlan"); + return [$RADIUS::RLM_MODULE_OK, %$radius_reply_ref]; +} =back From 374f66f8a66035beeca3899485aca06d150e48f8 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Wed, 30 Oct 2013 11:05:56 -0400 Subject: [PATCH 274/369] Added HP Standalone access point module --- lib/pf/SNMP/HP/MSM.pm | 138 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 lib/pf/SNMP/HP/MSM.pm diff --git a/lib/pf/SNMP/HP/MSM.pm b/lib/pf/SNMP/HP/MSM.pm new file mode 100644 index 000000000000..fe7c7f88c970 --- /dev/null +++ b/lib/pf/SNMP/HP/MSM.pm @@ -0,0 +1,138 @@ +package pf::SNMP::HP::MSM; + +=head1 NAME + +pf::SNMP::HP::MSM + +=head1 SYNOPSIS + +The pf::SNMP::HP::MSM module manages access to HP Procurve access point MSM + +=head1 STATUS + +Should work on all HP Wireless Access Point + +=cut + +use strict; +use warnings; + +use Log::Log4perl; +use POSIX; + +use base ('pf::SNMP::HP::Controller_MSM710'); + +use pf::config; +sub description { 'HP ProCurve MSM Access Point' } + +# importing switch constants +use pf::SNMP::constants; +use pf::util; +use Net::Appliance::Session; + +=head1 SUBROUTINES + +=over + +=cut + +=item _deauthenticateMacWithSSH + +Method to deauthenticate a node with SSH + +=cut + +sub _deauthenticateMacWithSSH { + my ( $this, $mac ) = @_; + my $logger = Log::Log4perl::get_logger( ref($this) ); + my $session; + my @addition_ops; + if (defined $this->{_controllerPort} && $this->{_cliTransport} eq 'SSH' ) { + @addition_ops = ( + connect_options => { + ops => [ '-p' => $this->{_controllerPort} ] + } + ); + } + eval { + $session = Net::Appliance::Session->new( + Host => $this->{_ip}, + Timeout => 20, + Transport => $this->{_cliTransport}, + Platform => 'HP', + Source => $lib_dir.'/pf/SNMP/HP/nas-pb.yml', + @addition_ops + ); + $session->connect( + Name => $this->{_cliUser}, + Password => $this->{_cliPwd} + ); + }; + + if ($@) { + $logger->error( "ERROR: Can not connect to controller $this->{'_ip'} using " + . $this->{_cliTransport} ); + return 1; + } + $session->cmd("enable"); + $session->cmd("disassociate wireless client $mac"); + $session->close(); + + return 1; +} + +=item deauthTechniques + +Return the reference to the deauth technique or the default deauth technique. + +=cut + +sub deauthTechniques { + my ($this, $method) = @_; + my $logger = Log::Log4perl::get_logger( ref($this) ); + my $default = $SNMP::SSH; + my %tech = ( + $SNMP::SSH => \&_deauthenticateMacWithSSH, + ); + + if (!defined($method) || !defined($tech{$method})) { + $method = $default; + } + return $method,$tech{$method}; +} + + +=back + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + +# vim: set shiftwidth=4: +# vim: set expandtab: +# vim: set backspace=indent,eol,start: From 2c984adff6bb4a0c67c0e6349169c31caa38e64b Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Wed, 20 Nov 2013 13:01:05 -0500 Subject: [PATCH 275/369] Missing $switch param --- sbin/pfsetvlan | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/pfsetvlan b/sbin/pfsetvlan index 3ff8769a172e..cbfb259d8edb 100755 --- a/sbin/pfsetvlan +++ b/sbin/pfsetvlan @@ -1615,7 +1615,7 @@ sub handleTrap { if (defined($connection_type) && ($connection_type == $WIRED_802_1X || $connection_type == $WIRED_MAC_AUTH) ) { my ($switchdeauthMethod, $deauthTechniques) = $switch->wiredeauthTechniques($switch->{_deauthMethod},$connection_type); - $deauthTechniques->($switch_port,$trapMac); + $deauthTechniques->($switch,$switch_port,$trapMac); } else { my @locationlog = locationlog_view_open_switchport_no_VoIP( $switch_ip, $switch_port ); From 0aace286ff06c7eafda1fe046fdfe6acc231e809 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Wed, 20 Nov 2013 17:08:28 -0500 Subject: [PATCH 276/369] Missing lib --- lib/pf/SNMP/Cisco/Catalyst_2960.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/pf/SNMP/Cisco/Catalyst_2960.pm b/lib/pf/SNMP/Cisco/Catalyst_2960.pm index d1761490dc3c..beae24700124 100644 --- a/lib/pf/SNMP/Cisco/Catalyst_2960.pm +++ b/lib/pf/SNMP/Cisco/Catalyst_2960.pm @@ -131,6 +131,7 @@ use strict; use warnings; use Log::Log4perl; use Net::SNMP; +use Try::Tiny; use base ('pf::SNMP::Cisco::Catalyst_2950'); use pf::config; From 235f2f8cb48dcae0c33af88aaef4813785c3c33e Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 24 Sep 2013 19:15:41 -0400 Subject: [PATCH 277/369] Added new files for the services refactor --- lib/pf/services/manager.pm | 395 ++++++++++++++++++ lib/pf/services/manager/dhcpd.pm | 101 +++++ lib/pf/services/manager/httpd.pm | 64 +++ lib/pf/services/manager/httpd_admin.pm | 52 +++ lib/pf/services/manager/httpd_portal.pm | 52 +++ lib/pf/services/manager/httpd_webservices.pm | 52 +++ lib/pf/services/manager/memcached.pm | 56 +++ lib/pf/services/manager/pfdetect.pm | 59 +++ lib/pf/services/manager/pfdhcplistener.pm | 74 ++++ lib/pf/services/manager/pfdns.pm | 54 +++ lib/pf/services/manager/pfmon.pm | 54 +++ lib/pf/services/manager/pfsetvlan.pm | 53 +++ lib/pf/services/manager/radiusd.pm | 69 +++ .../manager/roles/pf_conf_service_managed.pm | 55 +++ .../manager/roles/pf_conf_trapping_engine.pm | 69 +++ lib/pf/services/manager/snmptrapd.pm | 59 +++ lib/pf/services/manager/snort.pm | 62 +++ lib/pf/services/manager/submanager.pm | 118 ++++++ lib/pf/services/manager/suricata.pm | 66 +++ 19 files changed, 1564 insertions(+) create mode 100644 lib/pf/services/manager.pm create mode 100644 lib/pf/services/manager/dhcpd.pm create mode 100644 lib/pf/services/manager/httpd.pm create mode 100644 lib/pf/services/manager/httpd_admin.pm create mode 100644 lib/pf/services/manager/httpd_portal.pm create mode 100644 lib/pf/services/manager/httpd_webservices.pm create mode 100644 lib/pf/services/manager/memcached.pm create mode 100644 lib/pf/services/manager/pfdetect.pm create mode 100644 lib/pf/services/manager/pfdhcplistener.pm create mode 100644 lib/pf/services/manager/pfdns.pm create mode 100644 lib/pf/services/manager/pfmon.pm create mode 100644 lib/pf/services/manager/pfsetvlan.pm create mode 100644 lib/pf/services/manager/radiusd.pm create mode 100644 lib/pf/services/manager/roles/pf_conf_service_managed.pm create mode 100644 lib/pf/services/manager/roles/pf_conf_trapping_engine.pm create mode 100644 lib/pf/services/manager/snmptrapd.pm create mode 100644 lib/pf/services/manager/snort.pm create mode 100644 lib/pf/services/manager/submanager.pm create mode 100644 lib/pf/services/manager/suricata.pm diff --git a/lib/pf/services/manager.pm b/lib/pf/services/manager.pm new file mode 100644 index 000000000000..92944f2b5796 --- /dev/null +++ b/lib/pf/services/manager.pm @@ -0,0 +1,395 @@ +package pf::services::manager; +=head1 NAME + +pf::services::manager + +=cut + +=head1 DESCRIPTION + +pf::services::manager + +This module encapsulates the service actions/commands for pfcmd tool + + +=cut + +use strict; + +use pf::file_paths; +use pf::log; +use pf::config; +use Moo; +use File::Slurp qw(read_file); +use Proc::ProcessTable; +use List::Util qw(first); +use Linux::Inotify2; + +=head1 Attributes + +=head2 name + +name of service + +=cut + +has name => ( is => 'rw'); + +=head2 launcher + +sprintf-formatted string that control how the services should be started + %1$s: is the service executable + %2$s: optional parameters + +=cut + +has launcher => ( is => 'rw', lazy => 1); + +=head2 dependsOnServices + +services that this service needs in order to start + +=cut + +has dependsOnServices => (is => 'ro', default => sub { [qw(memcached httpd.admin)] } ); + +=head2 executable + +executable of service + +=cut + +has executable => (is => 'rw', builder => 1, lazy => 1 ); + +=head1 Methods + +=head2 start + + start the service + +=cut + +sub start { + my ($self,$quick) = @_; + my $result = 0; + unless ($self->pid) { + if( $self->preStartSetup($quick)) { + if($self->startService($quick)) { + $result = $self->postStartCleanup($quick); + } + } + } + return $result; +} + +=head2 preStartSetup + + setup work for starting a servicw + +=cut + +sub preStartSetup { + my ($self,$quick) = @_; + $self->removeStalePid; + $self->generateConfig($quick) unless $quick; + return 1; +} + +=head2 startService + + Starts the service + +=cut + +sub startService { + my ($self,$quick) = @_; + return $self->launchService($self->executable); +} + +=head2 postStartCleanup + + Cleanup work after the starting the service + +=cut + +sub postStartCleanup { + my ($self,$quick) = @_; + my $run_dir = "$var_dir/run"; + my $pidFile = $self->pidFile; + my $result = 0; + unless (-e $pidFile) { + my $inotify = Linux::Inotify2->new; + $inotify->watch ($run_dir, IN_CREATE, sub { + my $e = shift; + my $name = $e->fullname; + if($pidFile eq $name) { + $e->w->cancel; + } + }); + my $timedout; + eval { + local $SIG{ALRM} = sub { die "alarm clock restart" }; + alarm 60; + eval { + 1 while !-e $pidFile && $inotify->poll; + }; + alarm 0; + $timedout = 1 if $@ && $@ =~ /^alarm clock restart/; + }; + my $logger = get_logger; + $logger->warn($self->name . " timed out trying to start" ) if $timedout; + alarm 0; + } + return -e $pidFile; +} + +=head2 _build_executable + +the builder the executable attribute + +=cut + +sub _build_executable { + my ($self) = @_; + my $name = $self->name; + my $service = ( $Config{'services'}{"${name}_binary"} || "$install_dir/sbin/$name" ); + return $service; +} + +=head2 restart + +restart the service + +=cut + +sub restart { + my ($self,$quick) = @_; + $self->stop($quick); + return $self->start($quick); +} + +=head2 status + +returns the pid or list of pids for the servie(s) + +=cut + +sub status { + my ($self,$quick) = @_; + $self->removeStalePid; + my $pid = $self->pid; + return $pid ? $pid : "0"; +} + +=head2 pid + +Returns the pid of the service + +=cut + +sub pid { + my ($self) = @_; + return $self->pidFromFile; +} + +=head2 stop + +Stop the service waitinf for it to shutdown + +=cut + +sub stop { + my ($self,$quick) = @_; + my $pid = $self->pid; + my $name = $self->name; + my $logger = get_logger; + if ($pid) { + $logger->info("Sending TERM signal to $name with pid $pid"); + my $count = kill 'TERM',$pid; + unless ($count) { + $logger->logcroak("Can't a TERM signal to $name with pid $pid "); + return; + } + my $pid_file = $self->pidFile; + if ( $self->waitToShutdown($pid) && -e $pid_file) { + $logger->info("Removing $pid_file"); + unlink($pid_file); + } + return !-e $pid_file; + } + return; +} + +=head2 watch + +If the service is stopped start the service + +=cut + +sub watch { + my ($self) = @_; + $self->removeStalePid; + unless($self->pid) { + return $self->start(1); + } + return; +} + +=head2 generateConfig + +generates the configuration files for the service + +=cut + +sub generateConfig { 1 } + +=head2 launchService + +launch the service using the launcher and arguements passed + +=cut + +sub launchService { + my ($self,@launcher_args) = @_; + my $launcher = $self->launcher; + if ($launcher) { + my $name = $self->name; + my $logger = get_logger; + my $cmd_line = sprintf($launcher, map { /^(.*)$/;$1 } @launcher_args); + $logger->info("Starting $name with '$cmd_line'"); + if ($cmd_line =~ /^(.+)$/) { + $cmd_line = $1; + my $t0 = Time::HiRes::time(); + my $return_value = system($cmd_line); + my $elapsed = Time::HiRes::time() - $t0; + $logger->info(sprintf("Daemon %s took %.3f seconds to start.", $name, $elapsed)); + return $return_value == 0; + } + } + return; +} + +=head2 pidFile + +return the pid file of the service + +=cut + +sub pidFile { + my ($self) = @_; + my $name = $self->name; + return "$var_dir/run/$name.pid"; +} + +=head2 pidFromFile + +get the pid from the pid file + +=cut + +sub pidFromFile { + my ($self) = @_; + my $name = $self->name; + my $logger = Log::Log4perl::get_logger('pf::services'); + my $pid; + my $pid_file = $self->pidFile; + if (-e $pid_file) { + eval {chomp( $pid = read_file($pid_file) );}; + } + $pid = 0 unless $pid; + if($pid) { + $logger->info("pidof -x $name returned $pid"); + if($pid =~ /^\s*(\d*)\s*$/) { + $pid = $1; + } + } + return $pid; +} + +=head2 removeStalePid + +removes the stale PID file + +=cut + +sub removeStalePid { + my ($self) = @_; + my $logger = get_logger; + my $pid = $self->pidFromFile; + my $pid_file = $self->pidFile; + if($pid && $pid =~ /^(.*)$/) { + $pid = $1; + unless (kill( 0,$pid)) { + $pid = 0; + $logger->info("removing stale pid file $pid_file"); + unlink $pid_file; + } + } +} + +=head2 waitToShutdown + +Waits for the pid of the service to shutdown + +=cut + +sub waitToShutdown { + my ($self, $pid) = @_; + my $name = $self->name; + my $logger = Log::Log4perl::get_logger('pf::services'); + my $maxWait = 10; + my $curWait = 0; + my $ppt; + my $proc = 0; + while ( ( ( $curWait < $maxWait ) + && ( $self->status ne "0" ) ) && defined($proc) ) + { + $ppt = new Proc::ProcessTable; + $proc = first { defined $_ && $_->pid == $pid } @{ $ppt->table }; + $logger->info("Waiting for $name to stop "); + sleep(2); + $curWait++; + } + return !defined $proc; +} + +=head2 isManaged + +return true is the service is currently managed by packetfence + +=cut + +sub isManaged { 1 } + + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/dhcpd.pm b/lib/pf/services/manager/dhcpd.pm new file mode 100644 index 000000000000..e3c4aff089b6 --- /dev/null +++ b/lib/pf/services/manager/dhcpd.pm @@ -0,0 +1,101 @@ +package pf::services::manager::dhcpd; +=head1 NAME + +pf::services::manager::dhcpd add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::dhcpd + +=cut + +use strict; +use warnings; +use Moo; +use pf::file_paths; +use pf::config; +use pf::log; +use pf::services::dhcpd qw(generate_dhcpd_conf); +use File::Touch; + +extends 'pf::services::manager'; +with 'pf::services::manager::roles::pf_conf_service_managed'; + +has '+name' => (default => sub { 'dhcpd' } ); + +has '+launcher' => (default => sub { "sudo %1\$s -lf $var_dir/dhcpd/dhcpd.leases -cf $generated_conf_dir/dhcpd.conf -pf $var_dir/run/dhcpd.pid " . join(" ", @listen_ints) } ); + + +sub generateConfig { + generate_dhcpd_conf(); +} + +sub preStartSetup { + my ($self,$quick) = @_; + $self->SUPER::preStartSetup($quick); + my $leases_file = "$var_dir/dhcpd/dhcpd.leases"; + touch ($leases_file) unless -f $leases_file; + manageStaticRoute(1); + return 1; +} + +sub stop { + my ($self,$quick) = @_; + $self->SUPER::stop($quick); + manageStaticRoute(); +} + +sub manageStaticRoute { + my $add_Route = @_; + my $logger = get_logger; + + foreach my $network ( keys %ConfigNetworks ) { + # shorter, more convenient local accessor + my %net = %{$ConfigNetworks{$network}}; + + + if ( defined($net{'next_hop'}) && ($net{'next_hop'} =~ /^(?:\d{1,3}\.){3}\d{1,3}$/) ) { + my $add_del = $add_Route ? 'add' : 'del'; + my $full_path = can_run('route') + or $logger->error("route is not installed! Can't add static routes to routed VLANs."); + + my $cmd = "sudo $full_path $add_del -net $network netmask " . $net{'netmask'} . " gw " . $net{'next_hop'}; + $cmd = untaint_chain($cmd); + my @out = pf_run($cmd); + } + } +} + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/httpd.pm b/lib/pf/services/manager/httpd.pm new file mode 100644 index 000000000000..b540a51667ed --- /dev/null +++ b/lib/pf/services/manager/httpd.pm @@ -0,0 +1,64 @@ +package pf::services::manager::httpd; +=head1 NAME + +pf::services::manager::httpd add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::httpd + +=cut + +use strict; +use warnings; +use pf::config; +use Moo; +extends 'pf::services::manager'; + +has '+launcher' => ( builder => 1, lazy => 1 ); + +sub executable { + my ($self) = @_; + my $service = ( $Config{'services'}{"httpd_binary"} || "$install_dir/sbin/httpd" ); + return $service; +} + +sub _build_launcher { + my ($self) = @_; + my $name = $self->name; + return "%1\$s -f $conf_dir/httpd.conf.d/$name -D$OS" +} + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/httpd_admin.pm b/lib/pf/services/manager/httpd_admin.pm new file mode 100644 index 000000000000..6e87f87d7079 --- /dev/null +++ b/lib/pf/services/manager/httpd_admin.pm @@ -0,0 +1,52 @@ +package pf::services::manager::httpd_admin; +=head1 NAME + +pf::services::manager::httpd_admin add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::httpd_admin + +=cut + +use strict; +use warnings; +use Moo; + +extends 'pf::services::manager::httpd'; + +has '+name' => (default => sub { 'httpd.admin' } ); + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/httpd_portal.pm b/lib/pf/services/manager/httpd_portal.pm new file mode 100644 index 000000000000..73b65ebfbb59 --- /dev/null +++ b/lib/pf/services/manager/httpd_portal.pm @@ -0,0 +1,52 @@ +package pf::services::manager::httpd_portal; +=head1 NAME + +pf::services::manager::httpd_portal add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::httpd_portal + +=cut + +use strict; +use warnings; +use Moo; + +extends 'pf::services::manager::httpd'; + +has '+name' => (default => sub { 'httpd.portal' } ); + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/httpd_webservices.pm b/lib/pf/services/manager/httpd_webservices.pm new file mode 100644 index 000000000000..bfecbd0a0856 --- /dev/null +++ b/lib/pf/services/manager/httpd_webservices.pm @@ -0,0 +1,52 @@ +package pf::services::manager::httpd_webservices; +=head1 NAME + +pf::services::manager::httpd_webservices add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::httpd_webservices + +=cut + +use strict; +use warnings; +use Moo; + +extends 'pf::services::manager::httpd'; + +has '+name' => (default => sub { 'httpd.webservices' } ); + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/memcached.pm b/lib/pf/services/manager/memcached.pm new file mode 100644 index 000000000000..ef911f3c947a --- /dev/null +++ b/lib/pf/services/manager/memcached.pm @@ -0,0 +1,56 @@ +package pf::services::manager::memcached; +=head1 NAME + +pf::services::manager::memcached add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::memcached + +=cut + +use strict; +use warnings; +use Moo; +use pf::file_paths; + +extends 'pf::services::manager'; +with 'pf::services::manager::roles::pf_conf_service_managed'; + +has '+name' => (default => sub { 'memcached' } ); + +has '+launcher' => (default => sub { "%1\$s -d -p 11211 -u pf -m 64 -c 1024 -P $install_dir/var/run/memcached.pid"}); + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/pfdetect.pm b/lib/pf/services/manager/pfdetect.pm new file mode 100644 index 000000000000..12f1d1573f0a --- /dev/null +++ b/lib/pf/services/manager/pfdetect.pm @@ -0,0 +1,59 @@ +package pf::services::manager::pfdetect; +=head1 NAME + +pf::services::manager::pfdetect add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::pfdetect + +=cut + +use strict; +use warnings; +use Moo; +use pf::file_paths; +use pf::config; +use pf::util; +extends 'pf::services::manager'; + +has '+name' => (default => sub { 'pfdetect' }); + +has '+launcher' => (default => sub {"%1\$s -d -p $install_dir/var/alert &"}); + +sub isManaged { return isenabled( $Config{'trapping'}{'detection'} ); } + + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/pfdhcplistener.pm b/lib/pf/services/manager/pfdhcplistener.pm new file mode 100644 index 000000000000..d647c7b84a5a --- /dev/null +++ b/lib/pf/services/manager/pfdhcplistener.pm @@ -0,0 +1,74 @@ +package pf::services::manager::pfdhcplistener; +=head1 NAME + +pf::services::manager::pfdhcplistener add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::pfdhcplistener + +=cut + +use strict; +use warnings; +use Moo; +use pf::config; + +extends 'pf::services::manager::submanager'; + +has pfdhcplistenerManagers => (is => 'rw', builder => 1 ); + + +has '+name' => (default => sub { 'pfdhcplistener'} ); + +sub _build_pfdhcplistenerManagers { + my ($self) = @_; + my @managers = map { + pf::services::manager->new ({ + executable => $self->executable, + name => "pfdhcplistener_$_", + launcher => "sudo %1\$s -i '$_' -d &" + }) + } @listen_ints, @dhcplistener_ints; + return \@managers; +} + + +sub managers { + my ($self) = @_; + return @{$self->pfdhcplistenerManagers}; +} + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/pfdns.pm b/lib/pf/services/manager/pfdns.pm new file mode 100644 index 000000000000..87a8501bbe51 --- /dev/null +++ b/lib/pf/services/manager/pfdns.pm @@ -0,0 +1,54 @@ +package pf::services::manager::pfdns; +=head1 NAME + +pf::services::manager::pfdns add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::pfdns + +=cut + +use strict; +use warnings; +use Moo; +extends 'pf::services::manager'; +with 'pf::services::manager::roles::pf_conf_service_managed'; + +has '+name' => (default => sub { 'pfdns' } ); + +has '+launcher' => (default => sub { '%1$s -d &' } ); + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/pfmon.pm b/lib/pf/services/manager/pfmon.pm new file mode 100644 index 000000000000..83fbeba00264 --- /dev/null +++ b/lib/pf/services/manager/pfmon.pm @@ -0,0 +1,54 @@ +package pf::services::manager::pfmon; +=head1 NAME + +pf::services::manager::pfmon add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::pfmon + +=cut + +use strict; +use warnings; +use Moo; + +extends 'pf::services::manager'; + +has '+name' => ( default => sub { 'pfmon' } ); + +has '+launcher' => (default => sub { '%1$s -d' } ); + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/pfsetvlan.pm b/lib/pf/services/manager/pfsetvlan.pm new file mode 100644 index 000000000000..e8c7256c53a6 --- /dev/null +++ b/lib/pf/services/manager/pfsetvlan.pm @@ -0,0 +1,53 @@ +package pf::services::manager::pfsetvlan; +=head1 NAME + +pf::services::manager::pfsetvlan add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::pfsetvlan + +=cut + +use strict; +use warnings; +use Moo; +extends 'pf::services::manager'; + +has '+name' => (default => sub { 'pfsetvlan' } ); + +has '+launcher' => (default => sub { '%1$s -d ' } ); + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/radiusd.pm b/lib/pf/services/manager/radiusd.pm new file mode 100644 index 000000000000..79bab2ead2fc --- /dev/null +++ b/lib/pf/services/manager/radiusd.pm @@ -0,0 +1,69 @@ +package pf::services::manager::radiusd; +=head1 NAME + +pf::services::manager::radiusd add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::radiusd + +=cut + +use strict; +use warnings; +use pf::services::radiusd qw(generate_radiusd_conf); +use pf::file_paths; +use Moo; + +extends 'pf::services::manager'; +with 'pf::services::manager::roles::pf_conf_service_managed'; + +has '+name' => ( default => sub { 'radiusd' } ); + +has '+launcher' => ( default => sub { "sudo %1\$s -d $install_dir/raddb/"} ); + +sub preStartSetup { + my ($self,$quick) = @_; + require pf::freeradius; + pf::freeradius::freeradius_populate_nas_config(); + $self->SUPER::preStartSetup($quick); +} + +sub generateConfig { + my ($self,$quick) = @_; + generate_radiusd_conf(); +} + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/roles/pf_conf_service_managed.pm b/lib/pf/services/manager/roles/pf_conf_service_managed.pm new file mode 100644 index 000000000000..5273ab4b1804 --- /dev/null +++ b/lib/pf/services/manager/roles/pf_conf_service_managed.pm @@ -0,0 +1,55 @@ +package pf::services::manager::roles::pf_conf_service_managed; +=head1 NAME + +pf::services::manager::roles::pf_conf_service_managed add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::roles::pf_conf_service_managed + +=cut + +use strict; +use warnings; +use Moo::Role; +use pf::config; +use pf::util; + +sub isManaged { + my ($self) = @_; + isenabled($Config{'services'}{$self->name}) +} + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/roles/pf_conf_trapping_engine.pm b/lib/pf/services/manager/roles/pf_conf_trapping_engine.pm new file mode 100644 index 000000000000..f9b41aa4cf35 --- /dev/null +++ b/lib/pf/services/manager/roles/pf_conf_trapping_engine.pm @@ -0,0 +1,69 @@ +package pf::services::manager::roles::pf_conf_trapping_engine; +=head1 NAME + +pf::services::manager::roles::pf_conf_trapping_engine add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::roles::pf_conf_trapping_engine + +=cut + +use strict; +use warnings; +use Moo::Role; +use pf::config; +use pf::util; + +=head2 isManaged + +Verify if the trapping engine + +=cut + +sub isManaged { + my ($self) = @_; + return isenabled($Config{'trapping'}{'detection'}) && $Config{'trapping'}{'detection_engine'} eq $self->name; +} + +=head2 dependsOnServices + +services that the trapping engine depends on + +=cut + +has dependsOnServices => (default => sub { [qw(memcached httpd.admin pfdetect)] } ); + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/snmptrapd.pm b/lib/pf/services/manager/snmptrapd.pm new file mode 100644 index 000000000000..1388b5d0e656 --- /dev/null +++ b/lib/pf/services/manager/snmptrapd.pm @@ -0,0 +1,59 @@ +package pf::services::manager::snmptrapd; +=head1 NAME + +pf::services::manager::snmptrapd add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::snmptrapd + +=cut + +use strict; +use warnings; +use Moo; +use pf::file_paths; +use pf::services::snmptrapd qw(generate_snmptrapd_conf); +extends 'pf::services::manager'; + +has '+name' => (default => sub { 'snmptrapd' } ); + +has '+launcher' => (default => sub { "%1\$s -n -c $generated_conf_dir/snmptrapd.conf -C -A -Lf $install_dir/logs/snmptrapd.log -p $install_dir/var/run/snmptrapd.pid -On" } ); + +sub generateConfig { + generate_snmptrapd_conf(); +} + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/snort.pm b/lib/pf/services/manager/snort.pm new file mode 100644 index 000000000000..1c4096e03d24 --- /dev/null +++ b/lib/pf/services/manager/snort.pm @@ -0,0 +1,62 @@ +package pf::services::manager::snort; +=head1 NAME + +pf::services::manager::snort add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::snort + +=cut + +use strict; +use warnings; +use Moo; +extends 'pf::services::manager'; +with 'pf::services::manager::roles::pf_conf_service_managed'; +use pf::file_paths; +use pf::config; + +has '+name' => ( default => sub { 'snort' } ); + +has '+launcher' => ( + default => sub { + "%1\$s -u pf -c $generated_conf_dir/snort.conf -i $monitor_int " . + "-N -D -l $install_dir/var --pid-path $install_dir/var/run" + }, + lazy => 1 +); + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/submanager.pm b/lib/pf/services/manager/submanager.pm new file mode 100644 index 000000000000..e75fd0eb24b4 --- /dev/null +++ b/lib/pf/services/manager/submanager.pm @@ -0,0 +1,118 @@ +package pf::services::manager::submanager; +=head1 NAME + +pf::services::manager::submanager add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::submanager + +a subclass for handling a service the has multple sub services + +=cut + +use strict; +use warnings; +use Moo; +use List::MoreUtils qw(true any); + +extends 'pf::services::manager'; + +=head2 managers + +The list of sub managers + +=cut + +sub managers { + my ($self) = @_; + return (); +} + +=head2 start + +start all the sub managers + +=cut + +sub start { + my ($self,$quick) = @_; + my $count; + my $pass = true {$count++; $_->start($quick) } $self->managers; + return $pass == $count; +} + +=head2 stop + +stop all the sub managers + +=cut + +sub stop { + my ($self,$quick) = @_; + my $count; + my $pass = true {$count++; $_->stop($quick) } $self->managers; + return $pass == $count; +} + +=head2 watch + +watch all the sub managers + +=cut + +sub watch { + my ($self,$quick) = @_; + my $count; + my $pass = true {$count++; $_->watch($quick) } $self->managers; + return $pass == $count; +} + +=head2 status + +returns all the pids of the submanagers + +=cut + +sub status { + my ($self,$quick) = @_; + my @results = map {$_->status } $self->managers; + if (@results == 0 || (!$quick && any { !defined($_) || $_ eq "0" } @results )) { + @results = ("0"); + } + return join(" ",@results); +} + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + diff --git a/lib/pf/services/manager/suricata.pm b/lib/pf/services/manager/suricata.pm new file mode 100644 index 000000000000..082c07ef338d --- /dev/null +++ b/lib/pf/services/manager/suricata.pm @@ -0,0 +1,66 @@ +package pf::services::manager::suricata; +=head1 NAME + +pf::services::manager::suricata add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::suricata + +=cut + +use strict; +use warnings; +use pf::file_paths; +use pf::config; +use Moo; +use pf::services::suricata qw(generate_suricata_conf); +extends 'pf::services::manager'; +with 'pf::services::manager::roles::pf_conf_service_managed'; + +has '+name' => ( default => sub { 'suricata' } ); + +has '+launcher' => ( + default => sub { + "%1\$s -D -c $install_dir/var/conf/suricata.yaml -i $monitor_int " . + "-l $install_dir/var --pidfile $install_dir/var/run/suricata.pid" + }, +); + +sub generateConfig { + generate_suricata_conf(); +} + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + From e27c1a02d8d3cf5f71d568ece5a72e910f098dd3 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 24 Sep 2013 19:17:59 -0400 Subject: [PATCH 278/369] Use the new pf::services::manager framework for the pfcmd service command --- bin/pfcmd.pl | 201 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 201 insertions(+) diff --git a/bin/pfcmd.pl b/bin/pfcmd.pl index 21caa5de0c89..053c9447b9d7 100755 --- a/bin/pfcmd.pl +++ b/bin/pfcmd.pl @@ -78,6 +78,7 @@ =head1 SYNOPSIS use pf::pfcmd; use pf::util; use HTTP::Status qw(is_success); +use List::MoreUtils qw(all true); # Perl taint mode setup (see: perlsec) delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; @@ -96,6 +97,13 @@ =head1 SYNOPSIS Readonly my $delimiter => '|'; use vars qw/%cmd $grammar/; my $command; +our %ACTION_MAP = ( + status => \&statusOfService, + start => \&startService, + stop => \&stopService, + watch => \&watchService, + restart => \&restartService, +); my $count = $ENV{PER_PAGE}; my $offset = $ENV{PAGE_NUM}; @@ -1145,7 +1153,24 @@ sub traplog { # stop/start pf services # return service status # + sub service { + my $service = $cmd{command}[1]; + my $action = $cmd{command}[2]; + require pf::services; + import pf::services; + my $actionHandler; + $action =~ /^(.*)$/; + $action = $1; + if(exists $ACTION_MAP{$action} && defined ($actionHandler = $ACTION_MAP{$action})) { + $service =~ /^(.*)$/; + $service = $1; + return $actionHandler->($service); + } + return $FALSE; +} + +sub service_ { my $service = $cmd{command}[1]; my $command = $cmd{command}[2]; require pf::services; @@ -1335,6 +1360,182 @@ sub service { return 0; } +sub startService { + my ($service) = @_; + my @managers = getStartServiceManagers($service); + print "service|command\n"; + my $count = 0; + if(isIptableManaged($service)) { + my $technique; + if(all { $_->status eq '0' } @managers) { + $technique = getIptablesTechnique(); + $technique->iptables_save( $install_dir . '/var/iptables.bak' ); + } + $technique ||= getIptablesTechnique(); + $technique->iptables_generate(); + } + foreach my $manager (@managers) { + my $command; + if($manager->status ne '0') { + $command = 'already started'; + } else { + $manager->start; + $command = 'start'; + } + print join('|',$manager->name,$command),"\n"; + } + return 0; +} + +sub saveIptables { + $logger->info("saving current iptables to var/iptables.bak"); +} + +sub getIptablesTechnique { + require pf::inline::custom; + my $iptables = pf::inline::custom->new(); + return $iptables->{_technique}; +} + +sub getStartServiceManagers { + my ($service) = @_; + my @services; + if($service eq 'pf') { + @services = @pf::services::ALL_SERVICES; + } else { + @services = ($service); + } + return grep { $_->isManaged } _getStartServiceManagers(@services); +} + +sub _getStartServiceManagers { + my %seen; + my @serviceManagers = + grep { (!exists $seen{$_->name}) && ($seen{$_->name} = 1) } + map { + my $m = $_; + my @managers = map { getServiceManager($_) } @{$m->dependsOnServices}; + push @managers,$m; + @managers + } + grep { defined $_ } + map { getServiceManager($_) } @_; + return @serviceManagers; +} + +sub stopService { + my ($service) = @_; + my @managers = getStopServiceManagers($service); + print "service|command\n"; + foreach my $manager (@managers) { + my $command; + if($manager->status eq '0') { + $command = 'already stopped'; + } else { + $manager->stop; + $command = 'stop'; + } + print join('|',$manager->name,$command),"\n"; + } + if(isIptableManaged($service)) { + my $count = true { $_->status eq '0' } @managers; + if( $count ) { + getIptablesTechnique->iptables_restore( $install_dir . '/var/iptables.bak' ); + } else { + $logger->error( + "Even though 'service pf stop' was called, there are still $count services running. " + . "Can't restore iptables from var/iptables.bak" + ); + } + } + return 0; +} + +sub isIptableManaged { + return $_[0] eq 'pf' && isenabled($Config{services}{iptables}) +} + +sub getStopServiceManagers { + my ($service) = @_; + my @services; + if($service eq 'pf') { + @services = grep { $_ ne 'memcached' } @pf::services::ALL_SERVICES; + push @services,'memcached'; + } else { + @services = ($service); + } + return _getStopServiceManagers(@services); +} + +sub _getStopServiceManagers { + my %seen; + my @serviceManagers = + grep { defined ($_) && (!exists $seen{$_->name}) && ($seen{$_->name} = 1) } + map { getServiceManager($_) } @_; + return @serviceManagers; +} + + +sub restartService { + my ($service) = @_; + stopService($service); + startService($service); +} + +sub watchService { + my ($service) = @_; + my @stoppedServiceManagers = + grep { $_->isManaged && $_->status eq '0' } + getStartServiceManagers($service); + if(@stoppedServiceManagers) { + my @stoppedServices = map { $_->name } @stoppedServiceManagers; + $logger->info("watch found incorrectly stopped services: " . join(", ", @stoppedServices)); + print "The following processes are not running:\n" . " - " + . join( "\n - ", @stoppedServices ) . "\n"; + if ( isenabled( $Config{'servicewatch'}{'email'} ) ) { + my %message; + $message{'subject'} = "PF WATCHER ALERT"; + $message{'message'} + = "The following processes are not running:\n" . " - " + . join( "\n - ", @stoppedServices ) . "\n"; + pfmailer(%message); + } + if ( isenabled( $Config{'servicewatch'}{'restart'} ) ) { + print "service|command\n"; + foreach my $manager (@stoppedServiceManagers) { + $manager->watch; + print join('|',$manager->name,"watch"),"\n"; + } + return 0; + } + } + return 1; +} + +sub statusOfService { + my ($service) = @_; + my @managers = getStopServiceManagers($service); + print "service|shouldBeStarted|pid\n"; + my $notStarted = 0; + foreach my $manager (@managers) { + my $isManaged = $manager->isManaged; + my $status = $manager->status; + print join('|',$manager->name,$isManaged,$status),"\n"; + $notStarted++ if $status eq '0' && $isManaged; + } + return ( $notStarted ? 3 : 0); +} + +sub getServiceManager { + my ($service) = @_; + my $module = "pf::services::manager::${service}"; + $module =~ /^(.*)$/; + $module = $1; + $module =~ s/\./_/; + eval "use $module;"; + return $module->new; +} + sub class { my ( $function, $id ); require pf::class; From 01e0c4ae46b19d20c4f0ad22319f6fba21208bf4 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 25 Sep 2013 10:15:43 -0400 Subject: [PATCH 279/369] Remove Minor parts from the COPYRIGHT section --- lib/pf/services/manager.pm | 1 - lib/pf/services/manager/httpd.pm | 1 - lib/pf/services/manager/httpd_admin.pm | 1 - lib/pf/services/manager/httpd_portal.pm | 1 - lib/pf/services/manager/httpd_webservices.pm | 1 - lib/pf/services/manager/memcached.pm | 1 - lib/pf/services/manager/pfdetect.pm | 1 - lib/pf/services/manager/pfdns.pm | 1 - lib/pf/services/manager/pfmon.pm | 1 - lib/pf/services/manager/pfsetvlan.pm | 1 - lib/pf/services/manager/radiusd.pm | 1 - lib/pf/services/manager/roles/pf_conf_service_managed.pm | 1 - lib/pf/services/manager/snmptrapd.pm | 1 - lib/pf/services/manager/snort.pm | 1 - lib/pf/services/manager/submanager.pm | 1 - lib/pf/services/manager/suricata.pm | 1 - 16 files changed, 16 deletions(-) diff --git a/lib/pf/services/manager.pm b/lib/pf/services/manager.pm index 92944f2b5796..211b9b887a03 100644 --- a/lib/pf/services/manager.pm +++ b/lib/pf/services/manager.pm @@ -366,7 +366,6 @@ sub isManaged { 1 } Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/services/manager/httpd.pm b/lib/pf/services/manager/httpd.pm index b540a51667ed..baf3fa66f92f 100644 --- a/lib/pf/services/manager/httpd.pm +++ b/lib/pf/services/manager/httpd.pm @@ -35,7 +35,6 @@ sub _build_launcher { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/services/manager/httpd_admin.pm b/lib/pf/services/manager/httpd_admin.pm index 6e87f87d7079..037049aa6366 100644 --- a/lib/pf/services/manager/httpd_admin.pm +++ b/lib/pf/services/manager/httpd_admin.pm @@ -23,7 +23,6 @@ has '+name' => (default => sub { 'httpd.admin' } ); Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/services/manager/httpd_portal.pm b/lib/pf/services/manager/httpd_portal.pm index 73b65ebfbb59..8b5d8a222414 100644 --- a/lib/pf/services/manager/httpd_portal.pm +++ b/lib/pf/services/manager/httpd_portal.pm @@ -23,7 +23,6 @@ has '+name' => (default => sub { 'httpd.portal' } ); Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/services/manager/httpd_webservices.pm b/lib/pf/services/manager/httpd_webservices.pm index bfecbd0a0856..c644e970daa4 100644 --- a/lib/pf/services/manager/httpd_webservices.pm +++ b/lib/pf/services/manager/httpd_webservices.pm @@ -23,7 +23,6 @@ has '+name' => (default => sub { 'httpd.webservices' } ); Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/services/manager/memcached.pm b/lib/pf/services/manager/memcached.pm index ef911f3c947a..75b4225b9938 100644 --- a/lib/pf/services/manager/memcached.pm +++ b/lib/pf/services/manager/memcached.pm @@ -27,7 +27,6 @@ has '+launcher' => (default => sub { "%1\$s -d -p 11211 -u pf -m 64 -c 1024 -P $ Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/services/manager/pfdetect.pm b/lib/pf/services/manager/pfdetect.pm index 12f1d1573f0a..679ce61b9b7d 100644 --- a/lib/pf/services/manager/pfdetect.pm +++ b/lib/pf/services/manager/pfdetect.pm @@ -30,7 +30,6 @@ sub isManaged { return isenabled( $Config{'trapping'}{'detection'} ); } Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/services/manager/pfdns.pm b/lib/pf/services/manager/pfdns.pm index 87a8501bbe51..6c23d29e965d 100644 --- a/lib/pf/services/manager/pfdns.pm +++ b/lib/pf/services/manager/pfdns.pm @@ -25,7 +25,6 @@ has '+launcher' => (default => sub { '%1$s -d &' } ); Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/services/manager/pfmon.pm b/lib/pf/services/manager/pfmon.pm index 83fbeba00264..d1cd31518885 100644 --- a/lib/pf/services/manager/pfmon.pm +++ b/lib/pf/services/manager/pfmon.pm @@ -25,7 +25,6 @@ has '+launcher' => (default => sub { '%1$s -d' } ); Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/services/manager/pfsetvlan.pm b/lib/pf/services/manager/pfsetvlan.pm index e8c7256c53a6..51a5226aaf41 100644 --- a/lib/pf/services/manager/pfsetvlan.pm +++ b/lib/pf/services/manager/pfsetvlan.pm @@ -24,7 +24,6 @@ has '+launcher' => (default => sub { '%1$s -d ' } ); Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/services/manager/radiusd.pm b/lib/pf/services/manager/radiusd.pm index 79bab2ead2fc..69b1c5115882 100644 --- a/lib/pf/services/manager/radiusd.pm +++ b/lib/pf/services/manager/radiusd.pm @@ -40,7 +40,6 @@ sub generateConfig { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/services/manager/roles/pf_conf_service_managed.pm b/lib/pf/services/manager/roles/pf_conf_service_managed.pm index 5273ab4b1804..b7c0ee817b36 100644 --- a/lib/pf/services/manager/roles/pf_conf_service_managed.pm +++ b/lib/pf/services/manager/roles/pf_conf_service_managed.pm @@ -26,7 +26,6 @@ sub isManaged { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/services/manager/snmptrapd.pm b/lib/pf/services/manager/snmptrapd.pm index 1388b5d0e656..7a4c6b854d84 100644 --- a/lib/pf/services/manager/snmptrapd.pm +++ b/lib/pf/services/manager/snmptrapd.pm @@ -30,7 +30,6 @@ sub generateConfig { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/services/manager/snort.pm b/lib/pf/services/manager/snort.pm index 1c4096e03d24..972d3b757254 100644 --- a/lib/pf/services/manager/snort.pm +++ b/lib/pf/services/manager/snort.pm @@ -33,7 +33,6 @@ has '+launcher' => ( Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/services/manager/submanager.pm b/lib/pf/services/manager/submanager.pm index e75fd0eb24b4..512292edb012 100644 --- a/lib/pf/services/manager/submanager.pm +++ b/lib/pf/services/manager/submanager.pm @@ -89,7 +89,6 @@ sub status { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT diff --git a/lib/pf/services/manager/suricata.pm b/lib/pf/services/manager/suricata.pm index 082c07ef338d..02e28638ac14 100644 --- a/lib/pf/services/manager/suricata.pm +++ b/lib/pf/services/manager/suricata.pm @@ -37,7 +37,6 @@ sub generateConfig { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. =head1 COPYRIGHT From 0d744e5985e24df0fc2956d23a8f04b63a8fbd02 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 25 Sep 2013 11:15:10 -0400 Subject: [PATCH 280/369] Added missed isManaged --- lib/pf/services/manager/pfdhcplistener.pm | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/pf/services/manager/pfdhcplistener.pm b/lib/pf/services/manager/pfdhcplistener.pm index d647c7b84a5a..062ad61eee41 100644 --- a/lib/pf/services/manager/pfdhcplistener.pm +++ b/lib/pf/services/manager/pfdhcplistener.pm @@ -20,7 +20,6 @@ extends 'pf::services::manager::submanager'; has pfdhcplistenerManagers => (is => 'rw', builder => 1 ); - has '+name' => (default => sub { 'pfdhcplistener'} ); sub _build_pfdhcplistenerManagers { @@ -41,12 +40,14 @@ sub managers { return @{$self->pfdhcplistenerManagers}; } +sub isManaged { + isenabled($Config{'network'}{'dhcpdetector'}) +} + =head1 AUTHOR Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. - =head1 COPYRIGHT Copyright (C) 2005-2013 Inverse inc. From e0252f8b10677db6c994c387b4fdff6021f2e9f9 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 25 Sep 2013 11:17:06 -0400 Subject: [PATCH 281/369] Fixed issue with t/pf.t --- lib/pf/services/manager/roles/pf_conf_trapping_engine.pm | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/pf/services/manager/roles/pf_conf_trapping_engine.pm b/lib/pf/services/manager/roles/pf_conf_trapping_engine.pm index f9b41aa4cf35..547f4b768cf3 100644 --- a/lib/pf/services/manager/roles/pf_conf_trapping_engine.pm +++ b/lib/pf/services/manager/roles/pf_conf_trapping_engine.pm @@ -34,14 +34,12 @@ services that the trapping engine depends on =cut -has dependsOnServices => (default => sub { [qw(memcached httpd.admin pfdetect)] } ); +has '+dependsOnServices' => ( is => 'rw', default => sub { [qw(memcached httpd.admin pfdetect)] } ); =head1 AUTHOR Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. - =head1 COPYRIGHT Copyright (C) 2005-2013 Inverse inc. From 34503dfc1ff644753d0a7d8467c417975e00584d Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 25 Sep 2013 11:34:55 -0400 Subject: [PATCH 282/369] Added vlan/inline enforcement check for is managed --- lib/pf/services/manager/dhcpd.pm | 4 +- lib/pf/services/manager/pfdns.pm | 1 + .../is_managed_vlan_inline_enforcement.pm | 53 +++++++++++++++++++ 3 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 lib/pf/services/manager/roles/is_managed_vlan_inline_enforcement.pm diff --git a/lib/pf/services/manager/dhcpd.pm b/lib/pf/services/manager/dhcpd.pm index e3c4aff089b6..bbc032b62725 100644 --- a/lib/pf/services/manager/dhcpd.pm +++ b/lib/pf/services/manager/dhcpd.pm @@ -19,9 +19,11 @@ use pf::config; use pf::log; use pf::services::dhcpd qw(generate_dhcpd_conf); use File::Touch; +use IPC::Cmd qw[can_run run]; extends 'pf::services::manager'; with 'pf::services::manager::roles::pf_conf_service_managed'; +with 'pf::services::manager::roles::is_managed_vlan_inline_enforcement'; has '+name' => (default => sub { 'dhcpd' } ); @@ -72,7 +74,7 @@ sub manageStaticRoute { Inverse inc. -Minor parts of this file may have been contributed. See CREDITS. + =head1 COPYRIGHT diff --git a/lib/pf/services/manager/pfdns.pm b/lib/pf/services/manager/pfdns.pm index 6c23d29e965d..30bf11e928d0 100644 --- a/lib/pf/services/manager/pfdns.pm +++ b/lib/pf/services/manager/pfdns.pm @@ -16,6 +16,7 @@ use warnings; use Moo; extends 'pf::services::manager'; with 'pf::services::manager::roles::pf_conf_service_managed'; +with 'pf::services::manager::roles::is_managed_vlan_inline_enforcement'; has '+name' => (default => sub { 'pfdns' } ); diff --git a/lib/pf/services/manager/roles/is_managed_vlan_inline_enforcement.pm b/lib/pf/services/manager/roles/is_managed_vlan_inline_enforcement.pm new file mode 100644 index 000000000000..968d09ae213b --- /dev/null +++ b/lib/pf/services/manager/roles/is_managed_vlan_inline_enforcement.pm @@ -0,0 +1,53 @@ +package pf::services::manager::roles::is_managed_vlan_inline_enforcement; +=head1 NAME + +pf::services::manager::roles::is_managed_vlan_inline_enforcement add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::roles::is_managed_vlan_inline_enforcement + +=cut + +use strict; +use warnings; +use pf::config; + +use Moo::Role; + +around isManaged => sub { + my $orig = shift; + return (is_inline_enforcement_enabled() || is_vlan_enforcement_enabled()) && $orig->(@_); +}; + +=head1 AUTHOR + +Inverse inc. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + From c75b6c9d7119bc99b5c5f6f8b3331bed9f9d952d Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 25 Sep 2013 12:22:38 -0400 Subject: [PATCH 283/369] Added missing module --- lib/pf/services/manager/pfdhcplistener.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/pf/services/manager/pfdhcplistener.pm b/lib/pf/services/manager/pfdhcplistener.pm index 062ad61eee41..230f9d3b5564 100644 --- a/lib/pf/services/manager/pfdhcplistener.pm +++ b/lib/pf/services/manager/pfdhcplistener.pm @@ -15,6 +15,7 @@ use strict; use warnings; use Moo; use pf::config; +use pf::util; extends 'pf::services::manager::submanager'; From 15c6714b2e1096c4d00b4f5e3a353891fe1bcd53 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 25 Sep 2013 13:05:39 -0400 Subject: [PATCH 284/369] Removed all old code from lib/pf/services.pm Refactored service_list & service_ctl in terms of pf::services::manager moved function getServiceManager from bin/pfcmd.pl to pf::services::get_service_manager Removed all code from bin/pfcmd.pl Refactor getServiceManager to pf::services::get_service_manager added checkup before starting services --- bin/pfcmd.pl | 227 ++--------------------- lib/pf/services.pm | 439 +++++++-------------------------------------- 2 files changed, 79 insertions(+), 587 deletions(-) diff --git a/bin/pfcmd.pl b/bin/pfcmd.pl index 053c9447b9d7..1961d799cd34 100755 --- a/bin/pfcmd.pl +++ b/bin/pfcmd.pl @@ -1170,202 +1170,13 @@ sub service { return $FALSE; } -sub service_ { - my $service = $cmd{command}[1]; - my $command = $cmd{command}[2]; - require pf::services; - import pf::services; - - $logger->info("Executing pfcmd service $service $command"); - - if ( lc($command) eq 'status' ) { - my (@services, %diff); - if ( $service eq 'pf' ) { - @services = @pf::services::ALL_SERVICES; - } else { - push( @services, $service ); - } - my @incorrectly_stopped_services = (); - my @services_which_should_be_started = pf::services::service_list(@services); - print "service|shouldBeStarted|pid\n"; - foreach my $tmp (@services) { - my $should_be_started = ( - ( grep( { $_ eq $tmp } @services_which_should_be_started ) - > 0 - ) ? 1 : 0 - ); - my $pid = pf::services::service_ctl( $tmp, 'status' ); - if ( ($should_be_started) && ( !$pid ) ) { - push @incorrectly_stopped_services, $tmp; - } - print "$tmp|$should_be_started|$pid\n"; - } - return ( ( scalar(@incorrectly_stopped_services) > 0 ) ? 3 : 0 ); - } - - if ( lc($command) eq 'watch' ) { - my (@services, %diff); - if ( $service eq "pf" ) { - @services = @pf::services::ALL_SERVICES; - } else { - push( @services, $service ); - } - my @services_which_should_be_started = pf::services::service_list(@services); - my @incorrectly_stopped_services = (); - foreach my $tmp (@services) { - my $should_be_started = (grep( { $_ eq $tmp } @services_which_should_be_started ) > 0); - my $pid = pf::services::service_ctl( $tmp, 'status' ); - if ( ($should_be_started) && ( !$pid ) ) { - push @incorrectly_stopped_services, $tmp; - } - } - if (@incorrectly_stopped_services) { - $logger->info("watch found incorrectly stopped services: " . join(", ", @incorrectly_stopped_services)); - print "The following processes are not running:\n" . " - " - . join( "\n - ", @incorrectly_stopped_services ) . "\n"; - if ( isenabled( $Config{'servicewatch'}{'email'} ) ) { - my %message; - $message{'subject'} = "PF WATCHER ALERT"; - $message{'message'} - = "The following processes are not running:\n" . " - " - . join( "\n - ", @incorrectly_stopped_services ) . "\n"; - pfmailer(%message); - } - if ( isenabled( $Config{'servicewatch'}{'restart'} ) ) { - $command = 'restart'; - } else { - return 1; - } - } else { - return 1; - } - } - - if ( lc($command) eq 'restart' ) { - if ( lc($service) eq 'pf' ) { - $logger->info( - "packetfence restart ... executing stop followed by start"); - local $cmd{command}[2] = "stop"; - service(); - local $cmd{command}[2] = "start"; - service(); - return 1; - } else { - if ( !pf::services::service_ctl( $service, "status" ) ) { - $command = "restart"; - } - } - } - - my (@services, %diff); - if ( $service ne 'pf' ) { - # make sure that snort is not started without pfdetect - if ($service eq 'snort') { - if ( !pf::services::service_ctl( 'pfdetect', 'status' ) ) { - $logger->info('addind pfdetect to list of services so that snort can be started'); - push @services, 'pfdetect'; - } - } - push @services, $service; - } else { - @services = @pf::services::ALL_SERVICES; - } - - my @alreadyRunningServices = (); - if ( lc($command) eq 'start' ) { - require pf::pfcmd::checkup; - import pf::pfcmd::checkup; - #Start httpd.admin anyway for the configurator - my $nb_running_services = 0; - if ( pf::services::service_ctl( "httpd.admin", "status" ) ) { - $nb_running_services++; - push @alreadyRunningServices, "httpd.admin"; - } - if ( grep( { $_ eq "httpd.admin" } @alreadyRunningServices ) == 1 ) - { - print "httpd.admin|already running\n"; - } else { - pf::services::service_ctl( "httpd.admin", $command ); - print "httpd.admin|$command\n"; - } - checkup(@services); - foreach my $tmp (@pf::services::ALL_SERVICES) { - if ( pf::services::service_ctl( $tmp, "status" ) ) { - $nb_running_services++; - push @alreadyRunningServices, $tmp; - } - } - if ( $nb_running_services == 0 ) { - if(isenabled($Config{services}{iptables}) && $service eq 'pf') { - $logger->info("saving current iptables to var/iptables.bak"); - require pf::inline::custom; - my $iptables = pf::inline::custom->new(); - my $technique = $iptables->{_technique}; - $technique->iptables_save( $install_dir . '/var/iptables.bak' ); - } - } - } - - print "service|command\n"; - if ( $command ne 'stop' ) { - print "config files|$command\n"; - require pf::os; - pf::os::import_dhcp_fingerprints(); - pf::services::read_violations_conf(); - if(isenabled($Config{services}{iptables}) && $service eq 'pf') { - print "iptables|$command\n"; - require pf::inline::custom; - my $iptables = pf::inline::custom->new(); - my $technique = $iptables->{_technique}; - $technique->iptables_generate(); - } - } - - foreach my $srv (@services) { - next if ( ($srv eq 'httpd.admin') && ($command eq 'start' ) ); - if ( ( $command eq 'start' ) - && ( grep( { $_ eq $srv } @alreadyRunningServices ) == 1 ) ) - { - print "$srv|already running\n"; - } else { - pf::services::service_ctl( $srv, $command ); - print "$srv|$command\n"; - } - } - - if ( lc($command) eq 'stop' ) { - my $nb_running_services = 0; - foreach my $tmp (@pf::services::ALL_SERVICES) { - if ( pf::services::service_ctl( $tmp, "status" ) ) { - $nb_running_services++; - } - } - if ( $nb_running_services == 0 ) { - if(isenabled($Config{services}{iptables}) && $service eq 'pf') { - print "iptables|$command\n"; - require pf::inline::custom; - my $iptables = pf::inline::custom->new(); - my $technique = $iptables->{_technique}; - $technique->iptables_restore( $install_dir . '/var/iptables.bak' ); - } - } else { - if ( lc($service) eq 'pf' ) { - $logger->error( - "Even though 'service pf stop' was called, there are still $nb_running_services services running. " - . "Can't restore iptables from var/iptables.bak" - ); - } - } - } - return 0; -} - sub startService { my ($service) = @_; my @managers = getStartServiceManagers($service); print "service|command\n"; my $count = 0; - if(isIptableManaged($service)) { + if(isIptablesManaged($service)) { + $logger->info("saving current iptables to var/iptables.bak"); my $technique; if(all { $_->status eq '0' } @managers) { $technique = getIptablesTechnique(); @@ -1374,6 +1185,10 @@ sub startService { $technique ||= getIptablesTechnique(); $technique->iptables_generate(); } + require pf::pfcmd::checkup; + import pf::pfcmd::checkup; + checkup( map {$_->name} @managers); + foreach my $manager (@managers) { my $command; if($manager->status ne '0') { @@ -1387,10 +1202,6 @@ sub startService { return 0; } -sub saveIptables { - $logger->info("saving current iptables to var/iptables.bak"); -} - sub getIptablesTechnique { require pf::inline::custom; my $iptables = pf::inline::custom->new(); @@ -1401,11 +1212,11 @@ sub getStartServiceManagers { my ($service) = @_; my @services; if($service eq 'pf') { - @services = @pf::services::ALL_SERVICES; + @services = pf::services::service_list(@pf::services::ALL_SERVICES); } else { @services = ($service); } - return grep { $_->isManaged } _getStartServiceManagers(@services); + return _getStartServiceManagers(@services); } sub _getStartServiceManagers { @@ -1414,12 +1225,12 @@ sub _getStartServiceManagers { grep { (!exists $seen{$_->name}) && ($seen{$_->name} = 1) } map { my $m = $_; - my @managers = map { getServiceManager($_) } @{$m->dependsOnServices}; + my @managers = map { pf::services::get_service_manager($_) } @{$m->dependsOnServices}; push @managers,$m; @managers } grep { defined $_ } - map { getServiceManager($_) } @_; + map { pf::services::get_service_manager($_) } @_; return @serviceManagers; } @@ -1437,7 +1248,7 @@ sub stopService { } print join('|',$manager->name,$command),"\n"; } - if(isIptableManaged($service)) { + if(isIptablesManaged($service)) { my $count = true { $_->status eq '0' } @managers; if( $count ) { getIptablesTechnique->iptables_restore( $install_dir . '/var/iptables.bak' ); @@ -1451,7 +1262,7 @@ sub stopService { return 0; } -sub isIptableManaged { +sub isIptablesManaged { return $_[0] eq 'pf' && isenabled($Config{services}{iptables}) } @@ -1471,7 +1282,7 @@ sub _getStopServiceManagers { my %seen; my @serviceManagers = grep { defined ($_) && (!exists $seen{$_->name}) && ($seen{$_->name} = 1) } - map { getServiceManager($_) } @_; + map { pf::services::get_service_manager($_) } @_; return @serviceManagers; } @@ -1485,7 +1296,7 @@ sub restartService { sub watchService { my ($service) = @_; my @stoppedServiceManagers = - grep { $_->isManaged && $_->status eq '0' } + grep { $_->status eq '0' } getStartServiceManagers($service); if(@stoppedServiceManagers) { my @stoppedServices = map { $_->name } @stoppedServiceManagers; @@ -1526,16 +1337,6 @@ sub statusOfService { return ( $notStarted ? 3 : 0); } -sub getServiceManager { - my ($service) = @_; - my $module = "pf::services::manager::${service}"; - $module =~ /^(.*)$/; - $module = $1; - $module =~ s/\./_/; - eval "use $module;"; - return $module->new; -} - sub class { my ( $function, $id ); require pf::class; diff --git a/lib/pf/services.pm b/lib/pf/services.pm index e92a7315e5cd..b6400ed38131 100644 --- a/lib/pf/services.pm +++ b/lib/pf/services.pm @@ -23,431 +23,122 @@ F, F, F. use strict; use warnings; -use File::Basename; -use IPC::Cmd qw[can_run run]; -use Log::Log4perl; -use Readonly; -use Time::HiRes; -use Try::Tiny; -use UNIVERSAL::require; -use Proc::ProcessTable; -use List::Util qw(first); - use pf::config; -use pf::util; -use pf::node qw(nodes_registered_not_violators); -use pf::trigger qw(trigger_delete_all parse_triggers); -use pf::class qw(class_view_all class_merge); -use pf::services::apache; -use pf::services::dhcpd qw(generate_dhcpd_conf); -use pf::services::radiusd qw(generate_radiusd_conf); -use pf::services::snmptrapd qw(generate_snmptrapd_conf); -use pf::services::snort qw(generate_snort_conf); -use pf::services::suricata qw(generate_suricata_conf); -use pf::SwitchFactory; -use pf::violation_config; -use File::Slurp qw(read_file); - -Readonly our @APACHE_SERVICES => ( - 'httpd.admin', 'httpd.webservices', 'httpd.portal', 'httpd.proxy' +use pf::services::manager::memcached; +use pf::services::manager::httpd_admin; +use pf::services::manager::httpd_webservices; +use pf::services::manager::httpd_portal; +use pf::services::manager::pfdns; +use pf::services::manager::dhcpd; +use pf::services::manager::pfdetect; +use pf::services::manager::snort; +use pf::services::manager::suricata; +use pf::services::manager::radiusd; +use pf::services::manager::snmptrapd; +use pf::services::manager::pfsetvlan; +use pf::services::manager::pfdhcplistener; +use pf::services::manager::pfmon; +use Module::Loaded qw(is_loaded); + +our @APACHE_SERVICES = ( + 'httpd.admin', 'httpd.webservices', 'httpd.portal' ); -Readonly our @ALL_SERVICES => ( +our @ALL_SERVICES = ( 'memcached', @APACHE_SERVICES, 'pfdns', 'dhcpd', 'pfdetect', 'snort', 'suricata', 'radiusd', 'snmptrapd', 'pfsetvlan', 'pfdhcplistener', 'pfmon' ); my $services = join("|", @ALL_SERVICES); -Readonly our $ALL_BINARIES_RE => qr/$services +our $ALL_BINARIES_RE => qr/$services |apache2 # httpd on debian |freeradius # radiusd on debian |httpd.worker # mpm_worker apache version |httpd $/x; -=head1 Globals - -=over - -=item service_launchers - -sprintf-formatted strings that control how the services should be started. - %1$s: is the binary (w/ full path) - %2$s: optional parameters - -=cut - -my %service_launchers; -$service_launchers{'httpd'} = "%1\$s -f $conf_dir/httpd.conf"; -$service_launchers{'httpd.webservices'} = "%1\$s -f $conf_dir/httpd.conf.d/httpd.webservices -D$OS"; -$service_launchers{'httpd.admin'} = "%1\$s -f $conf_dir/httpd.conf.d/httpd.admin -D$OS"; -$service_launchers{'httpd.portal'} = "%1\$s -f $conf_dir/httpd.conf.d/httpd.portal -D$OS"; -$service_launchers{'httpd.proxy'} = "%1\$s -f $conf_dir/httpd.conf.d/httpd.proxy -D$OS"; - -$service_launchers{'pfdetect'} = "%1\$s -d -p $install_dir/var/alert &"; -$service_launchers{'pfmon'} = '%1$s -d &'; -$service_launchers{'pfdhcplistener'} = 'sudo %1$s -i %2$s -d &'; -$service_launchers{'pfsetvlan'} = '%1$s -d &'; -# TODO the following join on @listen_ints will cause problems with dynamic config reloading -$service_launchers{'dhcpd'} = "sudo %1\$s -lf $var_dir/dhcpd/dhcpd.leases -cf $generated_conf_dir/dhcpd.conf -pf $var_dir/run/dhcpd.pid " . join(" ", @listen_ints); -$service_launchers{'pfdns'} = '%1$s -d &'; -$service_launchers{'snmptrapd'} = "%1\$s -n -c $generated_conf_dir/snmptrapd.conf -C -A -Lf $install_dir/logs/snmptrapd.log -p $install_dir/var/run/snmptrapd.pid -On"; -$service_launchers{'radiusd'} = "sudo %1\$s -d $install_dir/raddb/"; -$service_launchers{'memcached'} = "%1\$s -d -p 11211 -u pf -m 64 -c 1024 -P $install_dir/var/run/memcached.pid"; - -# TODO $monitor_int will cause problems with dynamic config reloading -if ( isenabled( $Config{'trapping'}{'detection'} ) && $monitor_int && $Config{'trapping'}{'detection_engine'} eq 'snort' ) { - $service_launchers{'snort'} = - "%1\$s -u pf -c $generated_conf_dir/snort.conf -i $monitor_int " . - "-N -D -l $install_dir/var --pid-path $install_dir/var/run"; -} elsif ( isenabled( $Config{'trapping'}{'detection'} ) && $monitor_int && $Config{'trapping'}{'detection_engine'} eq 'suricata' ) { - $service_launchers{'suricata'} = - "%1\$s -D -c $install_dir/var/conf/suricata.yaml -i $monitor_int " . - "-l $install_dir/var --pidfile $install_dir/var/run/suricata.pid"; -} - -=back +our %ALLOWED_ACTIONS = ( + stop => undef, + start => undef, + watch => undef, + status => undef, + restart => undef, +); =head1 SUBROUTINES -=over - -=item * service_ctl +=head2 service_ctl =cut -#FIXME this is ridiculously complex and unfocused for such a simple task.. what is all that duplication? sub service_ctl { - my ( $daemon, $action, $quick ) = @_; - my $logger = Log::Log4perl::get_logger('pf::services'); - my $service = ( $Config{'services'}{"${daemon}_binary"} || "$install_dir/sbin/$daemon" ); - if ($daemon =~ /httpd\.(.*)/) { - $service = ( $Config{'services'}{"httpd_binary"} || "$install_dir/sbin/$daemon" ); - } - my $binary = basename($service); - - #Untaint Daemon - $daemon =~ /^(.*)$/; - $daemon = $1; - - $logger->info("$daemon $service $action"); - if ( $binary =~ /^($ALL_BINARIES_RE)$/ ) { - $binary = $1; - CASE: { - $action eq "start" && do { - - # if we shouldn't be running that daemon based on current configuration, skip it - if (!scalar grep({ $daemon eq $_ } service_list(@ALL_SERVICES))) { - $logger->info("$daemon ($service) not started because it's not required based on configuration"); - return $FALSE; - } - - if ( $daemon =~ /(dhcpd|snort|suricata|httpd|snmptrapd|radiusd)/ && !$quick ) - { - my $confname = "generate_" . $daemon . "_conf"; - $logger->info( - "Generating configuration file for $binary ($confname)"); - my %serviceHash = ( - 'dhcpd' => \&generate_dhcpd_conf, - 'snort' => \&generate_snort_conf, - 'suricata' => \&generate_suricata_conf, - 'httpd' => \&generate_httpd_conf, - 'httpd.webservices' => \&generate_httpd_conf, - 'httpd.portal' => \&generate_httpd_conf, - 'httpd.proxy' => \&generate_httpd_conf, - 'httpd.admin' => \&generate_httpd_conf, - 'radiusd' => \&generate_radiusd_conf, - 'snmptrapd' => \&generate_snmptrapd_conf - ); - if ( $serviceHash{$daemon} ) { - $serviceHash{$daemon}->(); - } else { - print "No such sub: $confname\n"; - } - } - - # valid daemon and flags are set - if (grep({ $daemon eq $_ } @ALL_SERVICES) && defined($service_launchers{$daemon})) { - - if ( !( ($daemon eq 'pfdhcplistener' ) || ($daemon eq 'httpd') || ($daemon eq 'httpd.webservices') || ($daemon eq 'httpd.admin') || ($daemon eq 'httpd.portal') || ($daemon eq 'httpd.proxy') ) ) { - if ( $daemon eq 'dhcpd' ) { - - # create var/dhcpd/dhcpd.leases if it doesn't exist - pf_run("touch $var_dir/dhcpd/dhcpd.leases") if (!-f $var_dir . '/dhcpd/dhcpd.leases'); - - manage_Static_Route(1); - - } elsif ( $daemon eq 'radiusd' ) { - my $pid = service_ctl( $daemon, "status" ); - # TODO: push all these per-daemon initialization into pf::services::... - require pf::freeradius; - pf::freeradius::freeradius_populate_nas_config(); - - } - return launchService($daemon,$service); - } elsif ($daemon eq 'pfdhcplistener') { - if ( isenabled( $Config{'network'}{'dhcpdetector'} ) ) { - # putting interfaces to run listener on in hash so that - # only one listener per interface will ever run - my %interfaces = map { $_ => $TRUE } @listen_ints, @dhcplistener_ints; - foreach my $dev (keys %interfaces) { - launchService($daemon,$service, $dev); - } - return 1; - } - } elsif ($daemon eq 'httpd') { - foreach my $serv (@APACHE_SERVICES) { - next if ($serv eq "httpd.admin"); - service_ctl($serv,"start"); - } - } elsif ($daemon =~ /httpd\.(.*)/) { - launchService($daemon,$service); - } - } - last CASE; - }; - $action eq "stop" && do { - if ($daemon eq 'httpd') { - foreach my $serv (@APACHE_SERVICES) { - stopService($serv,$binary); - } - } else { - stopService($daemon,$binary); - } - last CASE; - }; - $action eq "restart" && do { - service_ctl( "pfdetect", "stop" ) if ( $daemon eq "snort" || $daemon eq "suricata" ); - service_ctl( $daemon, "stop" ); - - service_ctl( "pfdetect", "start" ) if ( $daemon eq "snort" || $daemon eq "suricata" ); - service_ctl( $daemon, "start" ); - last CASE; - }; - $action eq "status" && do { - my $pid; - # -x: this causes the program to also return process id's of shells running the named scripts. - if (!( ($binary eq "pfdhcplistener") || ($daemon eq "httpd") || ($daemon eq "snort") ) ) { - return getPidFromFile($daemon,$binary); - } - # Handle the pfdhcplistener case. Grab exact interfaces where pfdhcplistner should run, - # explicitly check process names per interface then return 0 to force a restart if one is missing. - elsif ($binary eq "pfdhcplistener") { - my %int_to_pid; - my $dead_flag; - foreach my $interface ( @listen_ints, @dhcplistener_ints ) { - my $pid = getPidFromFile("pfdhcplistener_${interface}",$binary); - $int_to_pid{$interface} = $pid; - $dead_flag = $TRUE unless $pid; - } - - # outputs: a list of interface => pid, ... helpful for sysadmin and forensics - $logger->info( - sprintf( "$binary pids %s", join(", ", map { "$_ => $int_to_pid{$_}" } keys %int_to_pid) ) - ); - - # return 0 if one is not working - # REWORK: if there only one interface without a pfdhcplistener then the pid is 0 - # result, you can have more than one pfdhcplistener per interface ?! - # return 0 if ($dead_flag); - $pid = join(" ", values %int_to_pid); - if ( $quick || !$dead_flag) { - return ($pid); - } else { - return (0); - } - } - elsif ($daemon =~ "snort") { - $pid = 0; - if (defined $monitor_int) { - $pid = getPidFromFile("${daemon}_${monitor_int}.pid",$binary); - } - return ($pid); - } - - } + my ($service, $action, $quick) = @_; + if(exists $ALLOWED_ACTIONS{$action}) { + my $sm = get_service_manager($service); + if(defined $sm && ($action ne 'start' || $sm->isManaged )) { + return $sm->$action($quick); } } - else { - $logger->logcroak("unknown service $binary (daemon: $daemon)!"); - return $FALSE; - } - return $TRUE; + return 0; } -=item * service_list +=head2 get_service_manager -return an array of enabled services +Get service manager my service name =cut -sub service_list { - my @services = @_; - my @finalServiceList = (); - my @add_last; - foreach my $service (@services) { - if ( $service eq 'snort' || $service eq 'suricata' ) { - # add suricata or snort to services to add last if enabled - push @add_last, $service - if (isenabled($Config{'trapping'}{'detection'}) && $Config{'trapping'}{'detection_engine'} eq $service); - } elsif ( $service eq "radiusd" ) { - push @finalServiceList, $service - if ( isenabled($Config{'services'}{'radiusd'}) ); - } elsif ( $service eq "pfdetect" ) { - push @finalServiceList, $service - if ( isenabled( $Config{'trapping'}{'detection'} ) ); - } elsif ( $service eq "dhcpd" ) { - push @finalServiceList, $service - if ( (is_inline_enforcement_enabled() || is_vlan_enforcement_enabled()) - && isenabled($Config{'services'}{'dhcpd'}) ); - } elsif ( $service eq "pfdns" ) { - push @finalServiceList, $service - if ( (is_inline_enforcement_enabled() || is_vlan_enforcement_enabled()) - && isenabled($Config{'services'}{'pfdns'}) ); - } elsif ( $service eq "httpd.proxy" ) { - push @finalServiceList, $service - if ( isenabled($Config{'trapping'}{'interception_proxy'}) ); - } - elsif ( $service eq 'pfdhcplistener' ) { - push @finalServiceList, $service if ( isenabled($Config{'network'}{'dhcpdetector'}) ); - } - # other services are added as-is - else { - push @finalServiceList, $service; - } +sub get_service_manager { + my ($service) = @_; + my $sm; + my $module = _make_service_manager_module_name($service); + if(is_loaded($module)) { + $sm = $module->new; } - - push @finalServiceList, @add_last; - return @finalServiceList; + return $sm; } -# Adding or removing static routes for Registration and Isolation VLANs -sub manage_Static_Route { - my $add_Route = @_; - my $logger = Log::Log4perl::get_logger('pf::services'); - - foreach my $network ( keys %ConfigNetworks ) { - # shorter, more convenient local accessor - my %net = %{$ConfigNetworks{$network}}; - +=head2 read_violations_conf - if ( defined($net{'next_hop'}) && ($net{'next_hop'} =~ /^(?:\d{1,3}\.){3}\d{1,3}$/) ) { - my $add_del = $add_Route ? 'add' : 'del'; - my $full_path = can_run('route') - or $logger->error("route is not installed! Can't add static routes to routed VLANs."); - - my $cmd = "sudo $full_path $add_del -net $network netmask " . $net{'netmask'} . " gw " . $net{'next_hop'}; - $cmd = untaint_chain($cmd); - my @out = pf_run($cmd); - } - } -} - -=item * read_violations_conf +reload the violation config =cut sub read_violations_conf { + require pf::violation_config; pf::violation_config::readViolationConfigFile(); return 1; } -sub getPidFromFile { - my ($daemon,$binary) = @_; - my $logger = Log::Log4perl::get_logger('pf::services'); - my $pid = 0; - my $pid_file = "$install_dir/var/run/$daemon.pid"; - if (-e $pid_file) { - eval {chomp( $pid = read_file($pid_file) );}; - } - $pid = 0 unless $pid; - $logger->info("pidof -x $binary returned $pid"); - if($pid && $pid =~ /^(.*)$/) { - $pid = $1; - unless (kill( 0,$pid)) { - $pid = 0; - $logger->info("removing stale pid file $pid_file"); - unlink $pid_file; - } - } +=head2 _make_service_manager_module_name - return ($pid); -} +make the service manager module name -sub launchService { - my ($daemon,@launcher_args) = @_; - my $launcher = $service_launchers{$daemon}; - @launcher_args = map { /^(.+)$/;$1 } @launcher_args; - if ($launcher) { - $launcher =~ /^(.*)$/; - $launcher = $1; - my $logger = Log::Log4perl::get_logger('pf::services'); - my $cmd_line = sprintf($launcher, @launcher_args); - $logger->info("Starting $daemon with '$cmd_line'"); - if ($cmd_line =~ /^(.+)$/) { - $cmd_line = $1; - my $t0 = Time::HiRes::time(); - my $return_value = system($cmd_line); - my $elapsed = Time::HiRes::time() - $t0; - $logger->info(sprintf("Daemon %s took %.3f seconds to start.", $daemon, $elapsed)); - return $return_value; - } - } - return; +=cut + +sub _make_service_manager_module_name { + my ($service) = @_; + my $module = "pf::services::manager::${service}"; + $module =~ /^(.*)$/; + $module = $1; + $module =~ s/\./_/; + return $module; } +=head2 service_list -sub stopService { - my ($service,$binary) = @_; - my $pids = service_ctl( $service, "status", 1 ); - my $logger = Log::Log4perl::get_logger('pf::services'); - $pids =~ /^(.*)$/; - $pids = $1; - my @pid = split(' ', $pids); - foreach my $pid (@pid) { - if ($pid) { - $logger->info("Sending TERM signal to $service with pid $pid"); - my $count = kill 'TERM',$pid; - unless ($count) { - $logger->logcroak("Can't a TERM signal to $service with pid $pid "); - return; - } - - if ( $service =~ /(dhcpd)/) { - manage_Static_Route(); - } - my $pid_file = "$install_dir/var/run/$binary.pid"; - if ( waitToShutdown($service, $pid) && -e $pid_file) { - $logger->info("Removing $pid_file"); - unlink($pid_file); - } - } - } +Return the list of services that are allowed to be managed -} +=cut -sub waitToShutdown { - my ($service, $pid) = @_; - my $logger = Log::Log4perl::get_logger('pf::services'); - my $maxWait = 10; - my $curWait = 0; - my $ppt; - my $proc = 0; - while ( ( ( $curWait < $maxWait ) - && ( service_ctl( $service, "status" ) ne "0" ) ) && defined($proc) ) - { - $ppt = new Proc::ProcessTable; - $proc = first { $_->pid == $pid } @{ $ppt->table }; - $logger->info("Waiting for $service to stop "); - sleep(2); - $curWait++; - } - return defined $proc; +sub service_list { + return grep { + my $module = _make_service_manager_module_name($_); + is_loaded($module) && $module->new->isManaged + } @_; } -=back - =head1 AUTHOR Inverse inc. From cacc253250919fbc4ee21a27417ef36845af95cb Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 26 Sep 2013 00:59:18 -0400 Subject: [PATCH 285/369] Refactored pf status in terms of the service manager model --- .../lib/pfappserver/Model/Services.pm | 35 +++---------------- 1 file changed, 5 insertions(+), 30 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Model/Services.pm b/html/pfappserver/lib/pfappserver/Model/Services.pm index 420c5082c318..e74948b87654 100644 --- a/html/pfappserver/lib/pfappserver/Model/Services.pm +++ b/html/pfappserver/lib/pfappserver/Model/Services.pm @@ -97,28 +97,8 @@ sub status { my ($self) = @_; my $logger = get_logger(); - my $cmd = "$PFCMD service pf status 2>&1"; - $logger->info("Requesting services status with: $cmd"); - - my @services_status = $self->_run_pfcmd_service("pf","status"); - $logger->debug( - "Service status output: " - . ( (@services_status) ? join('', @services_status) : 'NONE' ) - ); - - # TODO extract service\|shouldBeStarted\|pid into constant and use constant both here and when we report on CLI - if (!@services_status || $services_status[0] !~ /^service\|shouldBeStarted\|pid$/) { - return ( $STATUS::INTERNAL_SERVER_ERROR, join('', @services_status) ); - } - - my $services_ref = {}; - shift @services_status; # throw out first line - foreach my $service_status (@services_status) { - chomp($service_status); - my ($service_name, $should_be_started, $pids) = split(/\|/, $service_status); - $services_ref->{$service_name} = ($pids) if ($should_be_started); - } - return ($STATUS::OK, { services => $services_ref}) if ( %$services_ref ); + my %services_ref = map { $_->name => $_->status } grep { $_->isManaged } map { pf::services::get_service_manager($_) } @pf::services::ALL_SERVICES; + return ($STATUS::OK, { services => \%services_ref}) if ( keys %services_ref ); return ($STATUS::INTERNAL_SERVER_ERROR, "Unidentified error see server side logs for details."); } @@ -129,15 +109,10 @@ sub status { sub service_status { my ($self,$service) = @_; - my @services = @pf::services::ALL_SERVICES; - my @services_which_should_be_started = pf::services::service_list(@services); + my $sm = pf::services::get_service_manager($service); my %status = ( - pid => pf::services::service_ctl($service, 'status' ), - shouldBeStarted => ( - ( grep( { $_ eq $service } @services_which_should_be_started ) - > 0 - ) ? 1 : 0 - ) + pid => $sm->status, + shouldBeStarted => $sm->isManaged ); return ($STATUS::OK,\%status); } From ff296c1fd8af9650b2a6f333d8ebe6ebceaa994b Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 27 Sep 2013 15:17:47 -0400 Subject: [PATCH 286/369] Refactored stop where if the process did not stop in 60 seconds kill -9 the process --- lib/pf/services/manager.pm | 144 +++++++++++++++++++++++++------------ 1 file changed, 97 insertions(+), 47 deletions(-) diff --git a/lib/pf/services/manager.pm b/lib/pf/services/manager.pm index 211b9b887a03..896b6841120c 100644 --- a/lib/pf/services/manager.pm +++ b/lib/pf/services/manager.pm @@ -11,7 +11,6 @@ pf::services::manager This module encapsulates the service actions/commands for pfcmd tool - =cut use strict; @@ -24,6 +23,8 @@ use File::Slurp qw(read_file); use Proc::ProcessTable; use List::Util qw(first); use Linux::Inotify2; +use Errno qw(EINTR EAGAIN); +use Time::HiRes qw (alarm sleep); =head1 Attributes @@ -61,11 +62,37 @@ executable of service has executable => (is => 'rw', builder => 1, lazy => 1 ); +=head2 lastPid + +The last pid retrived from the pidFile + +=cut + +has lastPid => (is => 'rw'); + +=head2 inotify + +The inotify object used to watch for pidfile + +=cut + +has inotify => (is => 'rw', builder => 1, lazy => 1 ); + =head1 Methods +=head2 _build_inotify + +builds the inotify object + +=cut + +sub _build_inotify { + return Linux::Inotify2->new; +} + =head2 start - start the service +start the service =cut @@ -84,7 +111,7 @@ sub start { =head2 preStartSetup - setup work for starting a servicw +work for starting a servicw =cut @@ -97,7 +124,7 @@ sub preStartSetup { =head2 startService - Starts the service +Starts the service =cut @@ -108,7 +135,7 @@ sub startService { =head2 postStartCleanup - Cleanup work after the starting the service +Cleanup work after the starting the service =cut @@ -118,7 +145,7 @@ sub postStartCleanup { my $pidFile = $self->pidFile; my $result = 0; unless (-e $pidFile) { - my $inotify = Linux::Inotify2->new; + my $inotify = $self->inotify; $inotify->watch ($run_dir, IN_CREATE, sub { my $e = shift; my $name = $e->fullname; @@ -189,7 +216,8 @@ Returns the pid of the service sub pid { my ($self) = @_; - return $self->pidFromFile; + $self->lastPid($self->pidFromFile); + return $self->lastPid; } =head2 stop @@ -201,25 +229,73 @@ Stop the service waitinf for it to shutdown sub stop { my ($self,$quick) = @_; my $pid = $self->pid; - my $name = $self->name; - my $logger = get_logger; if ($pid) { - $logger->info("Sending TERM signal to $name with pid $pid"); - my $count = kill 'TERM',$pid; - unless ($count) { - $logger->logcroak("Can't a TERM signal to $name with pid $pid "); - return; - } - my $pid_file = $self->pidFile; - if ( $self->waitToShutdown($pid) && -e $pid_file) { - $logger->info("Removing $pid_file"); - unlink($pid_file); - } - return !-e $pid_file; + $self->preStopSetup(); + $self->stopService(); + $self->postStopCleanup(); + return 1; } return; } + +=head2 preStopSetup + +the pre stop setup + +=cut + +sub preStopSetup { + my ($self) = @_; + $self->inotify->watch($self->pidFile, IN_DELETE_SELF); +} + +sub postStopCleanup { + my ($self) = @_; + my $logger = get_logger(); + my $name = $self->name; + my $pid = $self->lastPid; + my $inotify = $self->inotify; + my $pidFile = $self->pidFile; + my $timedout; + #give the kill a little time + sleep(0.1); + $inotify->blocking(0); + $self->removeStalePid; + eval { + local $SIG{ALRM} = sub { die "alarm clock restart" }; + alarm 60; + eval { + until($inotify->read) { + die $! if defined $! && $! != EINTR && $! != EAGAIN; + $self->removeStalePid; + #give it some time + select(undef, undef, undef, 0.1); + } + }; + alarm 0; + $timedout = 1 if $@ && $@ =~ /^alarm clock restart/; + $logger->error("Error: $@") if $@; + }; + alarm 0; + $logger->info("Timed out waiting for process $name to stop") if $timedout; + $self->removeStalePid; + my $still_alive = kill 0 , $pid; + if ( $still_alive ) { + my $count = kill 'KILL',$pid; + $self->removeStalePid; + } +} + +sub stopService { + my ($self) = @_; + my $name = $self->name; + my $logger = get_logger(); + my $pid = $self->lastPid; + $logger->info("Sending TERM signal to $name with pid $pid"); + my $count = kill 'TERM',$pid; +} + =head2 watch If the service is stopped start the service @@ -327,32 +403,6 @@ sub removeStalePid { } } -=head2 waitToShutdown - -Waits for the pid of the service to shutdown - -=cut - -sub waitToShutdown { - my ($self, $pid) = @_; - my $name = $self->name; - my $logger = Log::Log4perl::get_logger('pf::services'); - my $maxWait = 10; - my $curWait = 0; - my $ppt; - my $proc = 0; - while ( ( ( $curWait < $maxWait ) - && ( $self->status ne "0" ) ) && defined($proc) ) - { - $ppt = new Proc::ProcessTable; - $proc = first { defined $_ && $_->pid == $pid } @{ $ppt->table }; - $logger->info("Waiting for $name to stop "); - sleep(2); - $curWait++; - } - return !defined $proc; -} - =head2 isManaged return true is the service is currently managed by packetfence From 18baee876e763153d2ecb0460b257abc90e2ea7d Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 30 Sep 2013 08:02:22 -0400 Subject: [PATCH 287/369] Code cleanp better logging --- lib/pf/services/manager.pm | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/lib/pf/services/manager.pm b/lib/pf/services/manager.pm index 896b6841120c..b7985ee65eeb 100644 --- a/lib/pf/services/manager.pm +++ b/lib/pf/services/manager.pm @@ -392,13 +392,14 @@ sub removeStalePid { my ($self) = @_; my $logger = get_logger; my $pid = $self->pidFromFile; - my $pid_file = $self->pidFile; + my $pidFile = $self->pidFile; if($pid && $pid =~ /^(.*)$/) { $pid = $1; - unless (kill( 0,$pid)) { - $pid = 0; - $logger->info("removing stale pid file $pid_file"); - unlink $pid_file; + $logger->info("verifying process $pid"); + my $result = kill(0, $pid); + unless ($result) { + $logger->info("removing stale pid file $pidFile"); + unlink $pidFile; } } } From e6ac306d680ad8b8d930114b2f8ec972ec27759c Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 30 Sep 2013 09:48:07 -0400 Subject: [PATCH 288/369] Created test and dummy daemon for testing pf::services::manager --- t/daemon.t | 128 +++++++++++++++++++++++++++++++++++++++++++++++ t/services/dummy | 24 +++++++++ 2 files changed, 152 insertions(+) create mode 100755 t/daemon.t create mode 100755 t/services/dummy diff --git a/t/daemon.t b/t/daemon.t new file mode 100755 index 000000000000..c05cdfb1ff58 --- /dev/null +++ b/t/daemon.t @@ -0,0 +1,128 @@ +#!/usr/bin/perl +=head1 NAME + +daemon + +=cut + +=head1 DESCRIPTION + +daemon + +=cut + +use strict; +use warnings; +use Time::HiRes qw(sleep); +use lib '/usr/local/pf/lib'; + +use Test::More tests => 14; # last test to print + +use Test::NoWarnings; + +use_ok('pf::services::manager'); + +my $sm = pf::services::manager->new( + executable => '/usr/local/pf/t/services/dummy', + launcher => '%1$s', + name => 'dummy' +); + +isa_ok($sm,"pf::services::manager"); + +$sm->start; + +my $pid = $sm->pid; + +ok($pid,"Pid return $pid"); + +ok(isAlive($pid), "Process is running"); + +kill 9, $pid; +#Give it a little time +waitForPid($pid); + +ok(-e $sm->pidFile,"Pidfile there after force kill of process"); + +$sm->removeStalePid; + +ok(!(-e $sm->pidFile),"The stale pid removed"); + +$sm->watch; + +sleep(0.1); + +#Give it a little time +$pid = $sm->pid; + +ok($pid,"Pid return $pid after watch"); + +ok(isAlive($pid), "Process is running after watch"); + +$sm->stop; + +ok(!isAlive($pid),"Process is stopped"); + +ok(!-e $sm->pidFile,"Pidfile is removed after stopping"); + +$sm->start; + +$pid = $sm->pid; + +ok($pid,"Pid return $pid"); + +ok(isAlive($pid), "Process is running"); + +$sm->restart; + +my $newpid = $sm->pid; + +ok($pid != $newpid && isAlive($newpid),"Restart is successful"); + +sub isAlive { + my ($pid) = @_; + return kill 0, $pid; +} + +sub waitForPid { + my ($pid) = @_; + my $count = 0; + while(isAlive($pid) && $count < 4 ) { + sleep(0.1); + $count++; + } +} + + +=head1 AUTHOR + +Inverse inc. + +Minor parts of this file may have been contributed. See CREDITS. + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + + diff --git a/t/services/dummy b/t/services/dummy new file mode 100755 index 000000000000..8def8c4fc2c3 --- /dev/null +++ b/t/services/dummy @@ -0,0 +1,24 @@ +#!/usr/bin/perl +use strict; +use POSIX qw(pause setsid); +use Getopt::Std; + +BEGIN { + use lib qw(/usr/local/pf/lib /usr/local/pf/t); + use pf::util; + use PfFilePaths; +} + +my %args; +getopts( 'n:', \%args ); +my $name = 'dummy'; +$name = $args{n} if exists $args{n}; + +exit(0) if fork; +setsid; +exit(0) if fork; + +createpid($name); +$SIG{TERM} = sub {}; +pause; +deletepid($name); From 1eb1d3bfcf0befad454d14002689a6aeca2e1787 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 30 Sep 2013 17:18:45 -0400 Subject: [PATCH 289/369] renamed pf::services::manager::roles::pf_conf_service_managed to pf::services::manager::roles::is_managed_by_pf_conf --- lib/pf/services/manager/dhcpd.pm | 2 +- lib/pf/services/manager/memcached.pm | 2 +- lib/pf/services/manager/pfdns.pm | 2 +- lib/pf/services/manager/radiusd.pm | 2 +- ...{pf_conf_service_managed.pm => is_managed_by_pf_conf.pm} | 6 +++--- lib/pf/services/manager/snort.pm | 2 +- lib/pf/services/manager/suricata.pm | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) rename lib/pf/services/manager/roles/{pf_conf_service_managed.pm => is_managed_by_pf_conf.pm} (84%) diff --git a/lib/pf/services/manager/dhcpd.pm b/lib/pf/services/manager/dhcpd.pm index bbc032b62725..6c33a748a903 100644 --- a/lib/pf/services/manager/dhcpd.pm +++ b/lib/pf/services/manager/dhcpd.pm @@ -22,7 +22,7 @@ use File::Touch; use IPC::Cmd qw[can_run run]; extends 'pf::services::manager'; -with 'pf::services::manager::roles::pf_conf_service_managed'; +with 'pf::services::manager::roles::is_managed_by_pf_conf'; with 'pf::services::manager::roles::is_managed_vlan_inline_enforcement'; has '+name' => (default => sub { 'dhcpd' } ); diff --git a/lib/pf/services/manager/memcached.pm b/lib/pf/services/manager/memcached.pm index 75b4225b9938..7f065ddf5899 100644 --- a/lib/pf/services/manager/memcached.pm +++ b/lib/pf/services/manager/memcached.pm @@ -17,7 +17,7 @@ use Moo; use pf::file_paths; extends 'pf::services::manager'; -with 'pf::services::manager::roles::pf_conf_service_managed'; +with 'pf::services::manager::roles::is_managed_by_pf_conf'; has '+name' => (default => sub { 'memcached' } ); diff --git a/lib/pf/services/manager/pfdns.pm b/lib/pf/services/manager/pfdns.pm index 30bf11e928d0..19f2fd7f6355 100644 --- a/lib/pf/services/manager/pfdns.pm +++ b/lib/pf/services/manager/pfdns.pm @@ -15,7 +15,7 @@ use strict; use warnings; use Moo; extends 'pf::services::manager'; -with 'pf::services::manager::roles::pf_conf_service_managed'; +with 'pf::services::manager::roles::is_managed_by_pf_conf'; with 'pf::services::manager::roles::is_managed_vlan_inline_enforcement'; has '+name' => (default => sub { 'pfdns' } ); diff --git a/lib/pf/services/manager/radiusd.pm b/lib/pf/services/manager/radiusd.pm index 69b1c5115882..4b7a12b4afcf 100644 --- a/lib/pf/services/manager/radiusd.pm +++ b/lib/pf/services/manager/radiusd.pm @@ -18,7 +18,7 @@ use pf::file_paths; use Moo; extends 'pf::services::manager'; -with 'pf::services::manager::roles::pf_conf_service_managed'; +with 'pf::services::manager::roles::is_managed_by_pf_conf'; has '+name' => ( default => sub { 'radiusd' } ); diff --git a/lib/pf/services/manager/roles/pf_conf_service_managed.pm b/lib/pf/services/manager/roles/is_managed_by_pf_conf.pm similarity index 84% rename from lib/pf/services/manager/roles/pf_conf_service_managed.pm rename to lib/pf/services/manager/roles/is_managed_by_pf_conf.pm index b7c0ee817b36..3d6b6d4d0a56 100644 --- a/lib/pf/services/manager/roles/pf_conf_service_managed.pm +++ b/lib/pf/services/manager/roles/is_managed_by_pf_conf.pm @@ -1,13 +1,13 @@ -package pf::services::manager::roles::pf_conf_service_managed; +package pf::services::manager::roles::is_managed_by_pf_conf; =head1 NAME -pf::services::manager::roles::pf_conf_service_managed add documentation +pf::services::manager::roles::is_managed_by_pf_conf add documentation =cut =head1 DESCRIPTION -pf::services::manager::roles::pf_conf_service_managed +pf::services::manager::roles::is_managed_by_pf_conf =cut diff --git a/lib/pf/services/manager/snort.pm b/lib/pf/services/manager/snort.pm index 972d3b757254..ea8ba3b0d79b 100644 --- a/lib/pf/services/manager/snort.pm +++ b/lib/pf/services/manager/snort.pm @@ -15,7 +15,7 @@ use strict; use warnings; use Moo; extends 'pf::services::manager'; -with 'pf::services::manager::roles::pf_conf_service_managed'; +with 'pf::services::manager::roles::is_managed_by_pf_conf'; use pf::file_paths; use pf::config; diff --git a/lib/pf/services/manager/suricata.pm b/lib/pf/services/manager/suricata.pm index 02e28638ac14..46635467aec5 100644 --- a/lib/pf/services/manager/suricata.pm +++ b/lib/pf/services/manager/suricata.pm @@ -18,7 +18,7 @@ use pf::config; use Moo; use pf::services::suricata qw(generate_suricata_conf); extends 'pf::services::manager'; -with 'pf::services::manager::roles::pf_conf_service_managed'; +with 'pf::services::manager::roles::is_managed_by_pf_conf'; has '+name' => ( default => sub { 'suricata' } ); From 2aa3ec33d436135fe8f4cb607f3ab4eeef528558 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 1 Oct 2013 06:29:18 -0400 Subject: [PATCH 290/369] Add httpd.proxy to service list --- lib/pf/pfcmd.pm | 2 +- lib/pf/services.pm | 3 +- lib/pf/services/manager/httpd_proxy.pm | 57 ++++++++++++++++++++++++++ 3 files changed, 60 insertions(+), 2 deletions(-) create mode 100644 lib/pf/services/manager/httpd_proxy.pm diff --git a/lib/pf/pfcmd.pm b/lib/pf/pfcmd.pm index 4eb64d079a1a..c33d52871f2b 100644 --- a/lib/pf/pfcmd.pm +++ b/lib/pf/pfcmd.pm @@ -312,7 +312,7 @@ sub parseCommandLine { 'service' => qr{ ^ ( dhcpd | httpd | pfdns | pfdetect | pf | pfdhcplistener | pfmon | pfsetvlan | radiusd | snmptrapd - | snort | suricata | httpd\.webservices | httpd\.admin | httpd\.portal | memcached) + | snort | suricata | httpd\.webservices | httpd\.admin | httpd\.portal | httpd\.proxy | memcached) \s+ ( restart | start | status | stop | watch ) diff --git a/lib/pf/services.pm b/lib/pf/services.pm index b6400ed38131..90f28491a643 100644 --- a/lib/pf/services.pm +++ b/lib/pf/services.pm @@ -28,6 +28,7 @@ use pf::services::manager::memcached; use pf::services::manager::httpd_admin; use pf::services::manager::httpd_webservices; use pf::services::manager::httpd_portal; +use pf::services::manager::httpd_proxy; use pf::services::manager::pfdns; use pf::services::manager::dhcpd; use pf::services::manager::pfdetect; @@ -41,7 +42,7 @@ use pf::services::manager::pfmon; use Module::Loaded qw(is_loaded); our @APACHE_SERVICES = ( - 'httpd.admin', 'httpd.webservices', 'httpd.portal' + 'httpd.admin', 'httpd.webservices', 'httpd.portal', 'httpd.proxy' ); our @ALL_SERVICES = ( diff --git a/lib/pf/services/manager/httpd_proxy.pm b/lib/pf/services/manager/httpd_proxy.pm new file mode 100644 index 000000000000..1f92d69aa934 --- /dev/null +++ b/lib/pf/services/manager/httpd_proxy.pm @@ -0,0 +1,57 @@ +package pf::services::manager::httpd_proxy; +=head1 NAME + +pf::services::manager::httpd_proxy add documentation + +=cut + +=head1 DESCRIPTION + +pf::services::manager::httpd_proxy + +=cut + +use strict; +use warnings; +use Moo; +use pf::config; +use pf::util; + +extends 'pf::services::manager::httpd'; + +has '+name' => (default => sub { 'httpd.proxy' } ); + +sub isManaged { + return isenabled($Config{'trapping'}{'interception_proxy'}); +} + +=head1 AUTHOR + +Inverse inc. + + +=head1 COPYRIGHT + +Copyright (C) 2005-2013 Inverse inc. + +=head1 LICENSE + +This program is free software; you can redistribute it and::or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +USA. + +=cut + +1; + From bea183a92377f9c0665cf4dc231e8f580dd738b1 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 1 Oct 2013 14:31:49 -0400 Subject: [PATCH 291/369] Avoid printing double headers on restart --- bin/pfcmd.pl | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/bin/pfcmd.pl b/bin/pfcmd.pl index 1961d799cd34..15388ffa1820 100755 --- a/bin/pfcmd.pl +++ b/bin/pfcmd.pl @@ -79,6 +79,8 @@ =head1 SYNOPSIS use pf::util; use HTTP::Status qw(is_success); use List::MoreUtils qw(all true); +use Term::ANSIColor; +use IO::Interactive qw(is_interactive); # Perl taint mode setup (see: perlsec) delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; @@ -105,6 +107,10 @@ =head1 SYNOPSIS restart => \&restartService, ); +our $SERVICE_HEADER ="service|command\n"; + +our $IS_INTERACTIVE = is_interactive(); + my $count = $ENV{PER_PAGE}; my $offset = $ENV{PAGE_NUM}; @@ -1173,7 +1179,7 @@ sub service { sub startService { my ($service) = @_; my @managers = getStartServiceManagers($service); - print "service|command\n"; + print $SERVICE_HEADER; my $count = 0; if(isIptablesManaged($service)) { $logger->info("saving current iptables to var/iptables.bak"); @@ -1237,7 +1243,7 @@ sub _getStartServiceManagers { sub stopService { my ($service) = @_; my @managers = getStopServiceManagers($service); - print "service|command\n"; + print $SERVICE_HEADER; foreach my $manager (@managers) { my $command; if($manager->status eq '0') { @@ -1290,6 +1296,7 @@ sub _getStopServiceManagers { sub restartService { my ($service) = @_; stopService($service); + local $SERVICE_HEADER = ''; startService($service); } @@ -1312,7 +1319,7 @@ sub watchService { pfmailer(%message); } if ( isenabled( $Config{'servicewatch'}{'restart'} ) ) { - print "service|command\n"; + print $SERVICE_HEADER; foreach my $manager (@stoppedServiceManagers) { $manager->watch; print join('|',$manager->name,"watch"),"\n"; From 0e15324af0f258f0f7ba30557ccdc90ed29b5c4a Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 1 Oct 2013 15:14:35 -0400 Subject: [PATCH 292/369] Removed unused variables --- lib/pf/services.pm | 8 -------- 1 file changed, 8 deletions(-) diff --git a/lib/pf/services.pm b/lib/pf/services.pm index 90f28491a643..5d2279c16827 100644 --- a/lib/pf/services.pm +++ b/lib/pf/services.pm @@ -50,14 +50,6 @@ our @ALL_SERVICES = ( 'snmptrapd', 'pfsetvlan', 'pfdhcplistener', 'pfmon' ); -my $services = join("|", @ALL_SERVICES); -our $ALL_BINARIES_RE => qr/$services - |apache2 # httpd on debian - |freeradius # radiusd on debian - |httpd.worker # mpm_worker apache version - |httpd -$/x; - our %ALLOWED_ACTIONS = ( stop => undef, start => undef, From ac0e21faa2f9f06712adfddba398581fe56ff308 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 3 Oct 2013 18:01:05 -0400 Subject: [PATCH 293/369] refactor the creation of the cmdline to a seperate function --- lib/pf/services/manager.pm | 54 +++++++++++++++++++++++++++----------- 1 file changed, 38 insertions(+), 16 deletions(-) diff --git a/lib/pf/services/manager.pm b/lib/pf/services/manager.pm index b7985ee65eeb..d7456437f091 100644 --- a/lib/pf/services/manager.pm +++ b/lib/pf/services/manager.pm @@ -130,7 +130,7 @@ Starts the service sub startService { my ($self,$quick) = @_; - return $self->launchService($self->executable); + return $self->launchService; } =head2 postStartCleanup @@ -326,25 +326,47 @@ launch the service using the launcher and arguements passed =cut sub launchService { - my ($self,@launcher_args) = @_; - my $launcher = $self->launcher; - if ($launcher) { - my $name = $self->name; - my $logger = get_logger; - my $cmd_line = sprintf($launcher, map { /^(.*)$/;$1 } @launcher_args); - $logger->info("Starting $name with '$cmd_line'"); - if ($cmd_line =~ /^(.+)$/) { - $cmd_line = $1; - my $t0 = Time::HiRes::time(); - my $return_value = system($cmd_line); - my $elapsed = Time::HiRes::time() - $t0; - $logger->info(sprintf("Daemon %s took %.3f seconds to start.", $name, $elapsed)); - return $return_value == 0; - } + my ($self) = @_; + my $cmdLine = $self->_cmdLine; + if ($cmdLine =~ /^(.+)$/) { + $cmdLine = $1; + my $logger = get_logger(); + my $t0 = Time::HiRes::time(); + my $return_value = system($cmdLine); + my $elapsed = Time::HiRes::time() - $t0; + $logger->info(sprintf("Daemon %s took %.3f seconds to start.", $self->name, $elapsed)); + return $return_value == 0; } return; } +=head2 _cmdLine + +TODO: documention + +=cut + +sub _cmdLine { + my ($self) = @_; + my $launcher = $self->launcher; + my @cmdLineArgs = $self->_cmdLineArgs; + my $cmdLine = sprintf($launcher, map { /^(.*)$/;$1 } @cmdLineArgs); + return $cmdLine; +} + + +=head2 _cmdLineArgs + +TODO: documention + +=cut + +sub _cmdLineArgs { + my ($self) = @_; + return ($self->executable); +} + + =head2 pidFile return the pid file of the service From 7035b857e7dd3145349a8145b610b4aa22c168bf Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 3 Oct 2013 20:08:26 -0400 Subject: [PATCH 294/369] Refactor stop watch generateConfig startService postStartCleanup to a generalized around modifier Overloaded removeStalePid to call removeStalePid on submanagers --- lib/pf/services/manager/submanager.pm | 37 ++++++++------------------- 1 file changed, 11 insertions(+), 26 deletions(-) diff --git a/lib/pf/services/manager/submanager.pm b/lib/pf/services/manager/submanager.pm index 512292edb012..04a5d9114cb6 100644 --- a/lib/pf/services/manager/submanager.pm +++ b/lib/pf/services/manager/submanager.pm @@ -31,43 +31,28 @@ sub managers { return (); } -=head2 start +=head2 generateConfig startService postStartCleanup stop watch -start all the sub managers +Delegating generateConfig startService postStartCleanup stop watch to sub managers =cut -sub start { - my ($self,$quick) = @_; +around [qw(generateConfig startService postStartCleanup watch stop)] => sub { + my ($orig,$self,$quick) = @_; my $count; - my $pass = true {$count++; $_->start($quick) } $self->managers; + my $pass = true {$count++; $_->$orig($quick) } $self->managers; return $pass == $count; -} +}; -=head2 stop +=head2 removeStalePid -stop all the sub managers +Delegating removeStalePid to sub managers =cut -sub stop { - my ($self,$quick) = @_; - my $count; - my $pass = true {$count++; $_->stop($quick) } $self->managers; - return $pass == $count; -} - -=head2 watch - -watch all the sub managers - -=cut - -sub watch { - my ($self,$quick) = @_; - my $count; - my $pass = true {$count++; $_->watch($quick) } $self->managers; - return $pass == $count; +sub removeStalePid { + my ($self) = @_; + $_->removeStalePid foreach $self->managers; } =head2 status From 8256bd6cad292889fb33f631fcb0d992a7f1c260 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 4 Oct 2013 12:46:42 -0400 Subject: [PATCH 295/369] pfcmd service now has color --- bin/pfcmd.pl | 43 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 35 insertions(+), 8 deletions(-) diff --git a/bin/pfcmd.pl b/bin/pfcmd.pl index 15388ffa1820..2086046500fa 100755 --- a/bin/pfcmd.pl +++ b/bin/pfcmd.pl @@ -1197,14 +1197,23 @@ sub startService { foreach my $manager (@managers) { my $command; + my $color = ''; if($manager->status ne '0') { + $color = color 'yellow' if $IS_INTERACTIVE; $command = 'already started'; } else { - $manager->start; - $command = 'start'; + if($manager->start) { + $command = 'start'; + $color = color 'green' if $IS_INTERACTIVE; + } else { + $command = 'not started'; + $color = color 'red' if $IS_INTERACTIVE; + } } - print join('|',$manager->name,$command),"\n"; + print $manager->name,"|${color}$command\n"; + print color 'reset' if $IS_INTERACTIVE; } + print color 'reset' if $IS_INTERACTIVE; return 0; } @@ -1246,13 +1255,20 @@ sub stopService { print $SERVICE_HEADER; foreach my $manager (@managers) { my $command; + my $color = ''; if($manager->status eq '0') { $command = 'already stopped'; + $color = color 'yellow' if $IS_INTERACTIVE; } else { - $manager->stop; - $command = 'stop'; + if($manager->stop) { + $color = color 'green' if $IS_INTERACTIVE; + $command = 'stop'; + } else { + $color = color 'red' if $IS_INTERACTIVE; + } } - print join('|',$manager->name,$command),"\n"; + print $manager->name,"|${color}$command\n"; + print color 'reset' if $IS_INTERACTIVE; } if(isIptablesManaged($service)) { my $count = true { $_->status eq '0' } @managers; @@ -1336,10 +1352,21 @@ sub statusOfService { print "service|shouldBeStarted|pid\n"; my $notStarted = 0; foreach my $manager (@managers) { + my $color = ''; my $isManaged = $manager->isManaged; my $status = $manager->status; - print join('|',$manager->name,$isManaged,$status),"\n"; - $notStarted++ if $status eq '0' && $isManaged; + if($status eq '0' ) { + if ($isManaged) { + $color = color 'red' if $IS_INTERACTIVE; + $notStarted++; + } else { + $color = color 'yellow' if $IS_INTERACTIVE; + } + } else { + $color = color 'green' if $IS_INTERACTIVE; + } + print $manager->name,"|${color}$isManaged|$status\n"; + print color 'reset' if $IS_INTERACTIVE; } return ( $notStarted ? 3 : 0); } From ecb706a659955d04f1d1a43b5ea1a2cb7b8ce7b9 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 4 Oct 2013 14:36:45 -0400 Subject: [PATCH 296/369] Added new perl modules --- addons/packages/packetfence.spec | 2 ++ debian/control | 1 + 2 files changed, 3 insertions(+) diff --git a/addons/packages/packetfence.spec b/addons/packages/packetfence.spec index b01926904354..fc0de1a345c3 100644 --- a/addons/packages/packetfence.spec +++ b/addons/packages/packetfence.spec @@ -224,6 +224,8 @@ Requires: perl(Moo) >= 1.0 Requires: perl(Term::ANSIColor) Requires: perl(IO::Interactive) Requires: perl(Module::Loaded) +Requires: perl(Linux::FD) +Requires: perl(File::Touch) # configuration-wizard Requires: iproute, vconfig # diff --git a/debian/control b/debian/control index cb5bac368984..ee0ae82bab43 100644 --- a/debian/control +++ b/debian/control @@ -53,6 +53,7 @@ Depends: ${misc:Depends}, vlan, make, libiptables-libiptc-perl, libload-perl, libmime-lite-tt-perl, libmime-lite-perl, libconfig-general-perl, libproc-processtable-perl, libfile-flock-perl, libperl-version-perl, perl-modules, + liblinux-fd-perl, libfile-touch-perl # hard-coded to specific version because v3 broke the API and we haven't ported to it yet # see #1313: Port our Net-Appliance-Session to the version 3 API # http://packetfence.org/bugs/view.php?id=1313 From bf51c3cbdb088e96adf8979e8e8d5110c95c16e2 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 15 Oct 2013 14:30:35 -0400 Subject: [PATCH 297/369] Moved to use timerfd for timeouts --- lib/pf/services/manager.pm | 100 +++++++++++++++++++++++++------------ 1 file changed, 69 insertions(+), 31 deletions(-) diff --git a/lib/pf/services/manager.pm b/lib/pf/services/manager.pm index d7456437f091..0df6df4af3c7 100644 --- a/lib/pf/services/manager.pm +++ b/lib/pf/services/manager.pm @@ -24,7 +24,8 @@ use Proc::ProcessTable; use List::Util qw(first); use Linux::Inotify2; use Errno qw(EINTR EAGAIN); -use Time::HiRes qw (alarm sleep); +use Time::HiRes qw (alarm); +use Linux::FD::Timer; =head1 Attributes @@ -99,7 +100,7 @@ start the service sub start { my ($self,$quick) = @_; my $result = 0; - unless ($self->pid) { + unless ($self->status) { if( $self->preStartSetup($quick)) { if($self->startService($quick)) { $result = $self->postStartCleanup($quick); @@ -119,6 +120,7 @@ sub preStartSetup { my ($self,$quick) = @_; $self->removeStalePid; $self->generateConfig($quick) unless $quick; + $self->_setupWatchForPidCreate; return 1; } @@ -141,35 +143,48 @@ Cleanup work after the starting the service sub postStartCleanup { my ($self,$quick) = @_; - my $run_dir = "$var_dir/run"; my $pidFile = $self->pidFile; my $result = 0; + my $inotify = $self->inotify; unless (-e $pidFile) { - my $inotify = $self->inotify; - $inotify->watch ($run_dir, IN_CREATE, sub { - my $e = shift; - my $name = $e->fullname; - if($pidFile eq $name) { - $e->w->cancel; - } - }); my $timedout; eval { local $SIG{ALRM} = sub { die "alarm clock restart" }; alarm 60; eval { - 1 while !-e $pidFile && $inotify->poll; + 1 while $inotify->poll && !-e $pidFile; }; alarm 0; $timedout = 1 if $@ && $@ =~ /^alarm clock restart/; }; + alarm 0; my $logger = get_logger; $logger->warn($self->name . " timed out trying to start" ) if $timedout; - alarm 0; } return -e $pidFile; } + +=head2 _setupWatchForPidCreate + +This setups a watch on the run directory to wait for the pid to + +=cut + +sub _setupWatchForPidCreate { + my ($self) = @_; + my $inotify = $self->inotify; + my $pidFile = $self->pidFile; + my $run_dir = "$var_dir/run"; + $inotify->watch ($run_dir, IN_CREATE, sub { + my $e = shift; + my $name = $e->fullname; + if($pidFile eq $name) { + $e->w->cancel; + } + }); +} + =head2 _build_executable the builder the executable attribute @@ -250,6 +265,23 @@ sub preStopSetup { $self->inotify->watch($self->pidFile, IN_DELETE_SELF); } +=head2 stopService + +=cut + +sub stopService { + my ($self) = @_; + my $name = $self->name; + my $logger = get_logger(); + my $pid = $self->lastPid; + $logger->info("Sending TERM signal to $name with pid $pid"); + my $count = kill 'TERM',$pid; +} + +=head2 postStopCleanup + +=cut + sub postStopCleanup { my ($self) = @_; my $logger = get_logger(); @@ -259,9 +291,11 @@ sub postStopCleanup { my $pidFile = $self->pidFile; my $timedout; #give the kill a little time - sleep(0.1); $inotify->blocking(0); $self->removeStalePid; + my $timer = Linux::FD::Timer->new('monotonic'); + $timer->set_timeout(0.1,0.1); + $timer->receive; eval { local $SIG{ALRM} = sub { die "alarm clock restart" }; alarm 60; @@ -270,7 +304,7 @@ sub postStopCleanup { die $! if defined $! && $! != EINTR && $! != EAGAIN; $self->removeStalePid; #give it some time - select(undef, undef, undef, 0.1); + $timer->receive; } }; alarm 0; @@ -279,21 +313,10 @@ sub postStopCleanup { }; alarm 0; $logger->info("Timed out waiting for process $name to stop") if $timedout; - $self->removeStalePid; - my $still_alive = kill 0 , $pid; - if ( $still_alive ) { - my $count = kill 'KILL',$pid; - $self->removeStalePid; + if ($self->isAlive($pid)) { + kill 'KILL',$pid; } -} - -sub stopService { - my ($self) = @_; - my $name = $self->name; - my $logger = get_logger(); - my $pid = $self->lastPid; - $logger->info("Sending TERM signal to $name with pid $pid"); - my $count = kill 'TERM',$pid; + $self->removeStalePid; } =head2 watch @@ -418,14 +441,29 @@ sub removeStalePid { if($pid && $pid =~ /^(.*)$/) { $pid = $1; $logger->info("verifying process $pid"); - my $result = kill(0, $pid); + my $result = $self->isAlive; unless ($result) { $logger->info("removing stale pid file $pidFile"); - unlink $pidFile; + unlink $pidFile if -e $pidFile; } } } +=head2 isAlive + +checks if process is alive + +=cut + +sub isAlive { + my ($self,$pid) = @_; + my $result; + $pid = $self->pid unless defined $pid; + $result = kill 0 , $pid if $pid; + return $result; +} + + =head2 isManaged return true is the service is currently managed by packetfence From c9e9140e218a09bf66a694b9a5b91494c0e63115 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 15 Oct 2013 14:32:47 -0400 Subject: [PATCH 298/369] Group the sub pfhcplistener pidfiles in one inotify object --- lib/pf/services/manager/pfdhcplistener.pm | 51 ++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/lib/pf/services/manager/pfdhcplistener.pm b/lib/pf/services/manager/pfdhcplistener.pm index 230f9d3b5564..5ddd73c4bd5a 100644 --- a/lib/pf/services/manager/pfdhcplistener.pm +++ b/lib/pf/services/manager/pfdhcplistener.pm @@ -16,10 +16,15 @@ use warnings; use Moo; use pf::config; use pf::util; +use List::MoreUtils qw(any all); +use Linux::Inotify2; +use pf::log; extends 'pf::services::manager::submanager'; -has pfdhcplistenerManagers => (is => 'rw', builder => 1 ); +has pfdhcplistenerManagers => (is => 'rw', builder => 1, lazy => 1); + +has _pidFiles => (is => 'rw', default => sub { {} } ); has '+name' => (default => sub { 'pfdhcplistener'} ); @@ -35,6 +40,50 @@ sub _build_pfdhcplistenerManagers { return \@managers; } +=head2 _setupWatchForPidCreate + +Setting up inotify to watch for the creation of pidFiles for each pfdhcplistener instance + +=cut + +sub _setupWatchForPidCreate { + my ($self) = @_; + my $inotify = $self->inotify; + my @pidFiles = map { $_->pidFile } $self->managers; + my $run_dir = "$var_dir/run"; + $inotify->watch ($run_dir, IN_CREATE, sub { + my $e = shift; + if(all { -e $_ } @pidFiles) { + my $name = $e->fullname; + @pidFiles = grep { $_ ne $name } @pidFiles; + $e->w->cancel unless @pidFiles; + } + }); +} + +sub postStartCleanup { + my ($self,$quick) = @_; + my $pidFile = $self->pidFile; + my $result = 0; + my $inotify = $self->inotify; + my @pidFiles = map { $_->pidFile } $self->managers; + my $logger = get_logger; + unless (-e $pidFile) { + my $timedout; + eval { + local $SIG{ALRM} = sub { die "alarm clock restart" }; + alarm 60; + eval { + 1 while $inotify->poll; + }; + alarm 0; + $timedout = 1 if $@ && $@ =~ /^alarm clock restart/; + }; + alarm 0; + $logger->warn($self->name . " timed out trying to start" ) if $timedout; + } + return all { -e $_ } @pidFiles; +} sub managers { my ($self) = @_; From ddbeadff8812299796fd63e068552e8194a71e52 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 18 Oct 2013 11:51:39 -0400 Subject: [PATCH 299/369] Refactor get(Stop|Start)ServiceManagers to getManagers --- bin/pfcmd.pl | 103 ++++++++++++++++++++++++--------------------------- 1 file changed, 48 insertions(+), 55 deletions(-) diff --git a/bin/pfcmd.pl b/bin/pfcmd.pl index 2086046500fa..62d342b5be4c 100755 --- a/bin/pfcmd.pl +++ b/bin/pfcmd.pl @@ -69,7 +69,11 @@ =head1 SYNOPSIS use Log::Log4perl; use Try::Tiny; -use constant INSTALL_DIR => '/usr/local/pf'; +use constant { + INSTALL_DIR => '/usr/local/pf', + JUST_MANAGED => 1, + INCLUDE_DEPENDS_ON => 2, +}; use lib INSTALL_DIR . "/lib"; @@ -79,6 +83,7 @@ =head1 SYNOPSIS use pf::util; use HTTP::Status qw(is_success); use List::MoreUtils qw(all true); +use List::Util qw(first); use Term::ANSIColor; use IO::Interactive qw(is_interactive); @@ -1171,14 +1176,20 @@ sub service { if(exists $ACTION_MAP{$action} && defined ($actionHandler = $ACTION_MAP{$action})) { $service =~ /^(.*)$/; $service = $1; - return $actionHandler->($service); + my @services; + if($service eq 'pf') { + @services = @pf::services::ALL_SERVICES; + } else { + @services = ($service); + } + return $actionHandler->($service,@services); } return $FALSE; } sub startService { - my ($service) = @_; - my @managers = getStartServiceManagers($service); + my ($service,@services) = @_; + my @managers = getManagers(\@services,INCLUDE_DEPENDS_ON | JUST_MANAGED); print $SERVICE_HEADER; my $count = 0; if(isIptablesManaged($service)) { @@ -1217,41 +1228,45 @@ sub startService { return 0; } -sub getIptablesTechnique { - require pf::inline::custom; - my $iptables = pf::inline::custom->new(); - return $iptables->{_technique}; -} - -sub getStartServiceManagers { - my ($service) = @_; - my @services; - if($service eq 'pf') { - @services = pf::services::service_list(@pf::services::ALL_SERVICES); - } else { - @services = ($service); - } - return _getStartServiceManagers(@services); -} - -sub _getStartServiceManagers { +sub getManagers { + my ($services,$flags) = @_; + $flags = 0 unless defined $flags; my %seen; + my $includeDependsOn = $flags & INCLUDE_DEPENDS_ON; + my $justManaged = $flags & JUST_MANAGED; my @serviceManagers = - grep { (!exists $seen{$_->name}) && ($seen{$_->name} = 1) } + grep { (!exists $seen{$_->name}) && ($seen{$_->name} = 1) && ( !$justManaged || $_->isManaged ) } map { my $m = $_; - my @managers = map { pf::services::get_service_manager($_) } @{$m->dependsOnServices}; + my @managers = + grep { defined $_ } + map { pf::services::get_service_manager($_) } + @{$m->dependsOnServices} + if $includeDependsOn; push @managers,$m; @managers } grep { defined $_ } - map { pf::services::get_service_manager($_) } @_; + map { pf::services::get_service_manager($_) } @$services; return @serviceManagers; } +sub getIptablesTechnique { + require pf::inline::custom; + my $iptables = pf::inline::custom->new(); + return $iptables->{_technique}; +} + sub stopService { - my ($service) = @_; - my @managers = getStopServiceManagers($service); + my ($service,@services) = @_; + my @managers = getManagers(\@services); + #push memcached to back of the list + my $manager = first { $_->name eq 'memcached' } @managers; + if($manager) { + @managers = grep { $_->name ne 'memcached' } @managers; + push @managers, $manager; + } + print $SERVICE_HEADER; foreach my $manager (@managers) { my $command; @@ -1288,39 +1303,17 @@ sub isIptablesManaged { return $_[0] eq 'pf' && isenabled($Config{services}{iptables}) } -sub getStopServiceManagers { - my ($service) = @_; - my @services; - if($service eq 'pf') { - @services = grep { $_ ne 'memcached' } @pf::services::ALL_SERVICES; - push @services,'memcached'; - } else { - @services = ($service); - } - return _getStopServiceManagers(@services); -} - -sub _getStopServiceManagers { - my %seen; - my @serviceManagers = - grep { defined ($_) && (!exists $seen{$_->name}) && ($seen{$_->name} = 1) } - map { pf::services::get_service_manager($_) } @_; - return @serviceManagers; -} - - sub restartService { - my ($service) = @_; - stopService($service); + stopService(@_); local $SERVICE_HEADER = ''; - startService($service); + startService(@_); } sub watchService { - my ($service) = @_; + my ($service,@services) = @_; my @stoppedServiceManagers = grep { $_->status eq '0' } - getStartServiceManagers($service); + getManagers(\@services, JUST_MANAGED | INCLUDE_DEPENDS_ON); if(@stoppedServiceManagers) { my @stoppedServices = map { $_->name } @stoppedServiceManagers; $logger->info("watch found incorrectly stopped services: " . join(", ", @stoppedServices)); @@ -1347,8 +1340,8 @@ sub watchService { } sub statusOfService { - my ($service) = @_; - my @managers = getStopServiceManagers($service); + my ($service,@services) = @_; + my @managers = getManagers(\@services); print "service|shouldBeStarted|pid\n"; my $notStarted = 0; foreach my $manager (@managers) { From 4e5e385bd1f083cba886b7f83e37bb85e53df8fa Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 18 Nov 2013 13:32:36 -0500 Subject: [PATCH 300/369] Add dependency to Linux::Inotify2 --- addons/packages/packetfence.spec | 1 + debian/control | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/addons/packages/packetfence.spec b/addons/packages/packetfence.spec index fc0de1a345c3..2d6e844b9cd2 100644 --- a/addons/packages/packetfence.spec +++ b/addons/packages/packetfence.spec @@ -225,6 +225,7 @@ Requires: perl(Term::ANSIColor) Requires: perl(IO::Interactive) Requires: perl(Module::Loaded) Requires: perl(Linux::FD) +Requires: perl(Linux::Inotify2) Requires: perl(File::Touch) # configuration-wizard Requires: iproute, vconfig diff --git a/debian/control b/debian/control index ee0ae82bab43..406ae1aa3936 100644 --- a/debian/control +++ b/debian/control @@ -53,7 +53,7 @@ Depends: ${misc:Depends}, vlan, make, libiptables-libiptc-perl, libload-perl, libmime-lite-tt-perl, libmime-lite-perl, libconfig-general-perl, libproc-processtable-perl, libfile-flock-perl, libperl-version-perl, perl-modules, - liblinux-fd-perl, libfile-touch-perl + liblinux-fd-perl, liblinux-inotify2-perl, libfile-touch-perl, # hard-coded to specific version because v3 broke the API and we haven't ported to it yet # see #1313: Port our Net-Appliance-Session to the version 3 API # http://packetfence.org/bugs/view.php?id=1313 From 2d42b20f64c0621390e4e3b23ae3e3e6a66f32c6 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 20 Nov 2013 12:43:24 -0500 Subject: [PATCH 301/369] Fixed configuration generation for httpd based services --- lib/pf/services/manager/httpd.pm | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/lib/pf/services/manager/httpd.pm b/lib/pf/services/manager/httpd.pm index baf3fa66f92f..a6f4b57c04e3 100644 --- a/lib/pf/services/manager/httpd.pm +++ b/lib/pf/services/manager/httpd.pm @@ -15,6 +15,7 @@ use strict; use warnings; use pf::config; use Moo; +use pf::services::apache; extends 'pf::services::manager'; has '+launcher' => ( builder => 1, lazy => 1 ); @@ -31,6 +32,22 @@ sub _build_launcher { return "%1\$s -f $conf_dir/httpd.conf.d/$name -D$OS" } +=head2 generateConfig + +TODO: documention + +=cut + +our $WAS_GENERATED; + +sub generateConfig { + my ($self) = @_; + return 1 if $WAS_GENERATED; + pf::services::apache::generate_httpd_conf(); + $WAS_GENERATED = 1; + return 1; +} + =head1 AUTHOR Inverse inc. From a50db5ac614c083bbb12bb7bc23d647eb0a57e4b Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 27 Nov 2013 11:49:15 -0500 Subject: [PATCH 302/369] Untaint launcher before passing it to sprintf --- lib/pf/services/manager.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/pf/services/manager.pm b/lib/pf/services/manager.pm index 0df6df4af3c7..41b0e51fd9ce 100644 --- a/lib/pf/services/manager.pm +++ b/lib/pf/services/manager.pm @@ -372,7 +372,9 @@ TODO: documention sub _cmdLine { my ($self) = @_; my $launcher = $self->launcher; - my @cmdLineArgs = $self->_cmdLineArgs; + $launcher =~ /^(.*)$/; + $launcher = $1; + my @cmdLineArgs = map { /^(.*)$/;$1 } $self->_cmdLineArgs; my $cmdLine = sprintf($launcher, map { /^(.*)$/;$1 } @cmdLineArgs); return $cmdLine; } From 0c4e5119222189bbc70786285dd2dca6824f6e07 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 27 Nov 2013 12:03:07 -0500 Subject: [PATCH 303/369] Refactor reset --- bin/pfcmd.pl | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/bin/pfcmd.pl b/bin/pfcmd.pl index 62d342b5be4c..348f0665ca3e 100755 --- a/bin/pfcmd.pl +++ b/bin/pfcmd.pl @@ -116,6 +116,8 @@ =head1 SYNOPSIS our $IS_INTERACTIVE = is_interactive(); +our $RESET_COLOR = $IS_INTERACTIVE ? color 'reset' : ''; + my $count = $ENV{PER_PAGE}; my $offset = $ENV{PAGE_NUM}; @@ -1221,10 +1223,8 @@ sub startService { $color = color 'red' if $IS_INTERACTIVE; } } - print $manager->name,"|${color}$command\n"; - print color 'reset' if $IS_INTERACTIVE; + print $manager->name,"|${color}${command}${RESET_COLOR}\n"; } - print color 'reset' if $IS_INTERACTIVE; return 0; } @@ -1282,8 +1282,7 @@ sub stopService { $color = color 'red' if $IS_INTERACTIVE; } } - print $manager->name,"|${color}$command\n"; - print color 'reset' if $IS_INTERACTIVE; + print $manager->name,"|${color}${command}${RESET_COLOR}\n"; } if(isIptablesManaged($service)) { my $count = true { $_->status eq '0' } @managers; @@ -1358,8 +1357,7 @@ sub statusOfService { } else { $color = color 'green' if $IS_INTERACTIVE; } - print $manager->name,"|${color}$isManaged|$status\n"; - print color 'reset' if $IS_INTERACTIVE; + print $manager->name,"|${color}$isManaged|$status${RESET_COLOR}\n"; } return ( $notStarted ? 3 : 0); } From 74032b9b3b5fc943d436ff25714791fc52621feb Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 27 Nov 2013 12:03:18 -0500 Subject: [PATCH 304/369] Display better message when a service was not stopped --- bin/pfcmd.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/pfcmd.pl b/bin/pfcmd.pl index 348f0665ca3e..25440caa03eb 100755 --- a/bin/pfcmd.pl +++ b/bin/pfcmd.pl @@ -1280,6 +1280,7 @@ sub stopService { $command = 'stop'; } else { $color = color 'red' if $IS_INTERACTIVE; + $command = 'not stopped'; } } print $manager->name,"|${color}${command}${RESET_COLOR}\n"; From 18ce0dcfd6ce4d30fad6994f2949cd45163f178b Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 27 Nov 2013 12:04:16 -0500 Subject: [PATCH 305/369] Return value of the parent stop command --- lib/pf/services/manager/dhcpd.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pf/services/manager/dhcpd.pm b/lib/pf/services/manager/dhcpd.pm index 6c33a748a903..1ede91e7bcc8 100644 --- a/lib/pf/services/manager/dhcpd.pm +++ b/lib/pf/services/manager/dhcpd.pm @@ -24,7 +24,6 @@ use IPC::Cmd qw[can_run run]; extends 'pf::services::manager'; with 'pf::services::manager::roles::is_managed_by_pf_conf'; with 'pf::services::manager::roles::is_managed_vlan_inline_enforcement'; - has '+name' => (default => sub { 'dhcpd' } ); has '+launcher' => (default => sub { "sudo %1\$s -lf $var_dir/dhcpd/dhcpd.leases -cf $generated_conf_dir/dhcpd.conf -pf $var_dir/run/dhcpd.pid " . join(" ", @listen_ints) } ); @@ -45,8 +44,9 @@ sub preStartSetup { sub stop { my ($self,$quick) = @_; - $self->SUPER::stop($quick); + my $result = $self->SUPER::stop($quick); manageStaticRoute(); + return $result; } sub manageStaticRoute { From d9ebfb6a1fd03e571b7c899a6a430c5a54f8e5bf Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 28 Nov 2013 13:18:53 -0500 Subject: [PATCH 306/369] Added new attribute shouldCheckup --- lib/pf/services/manager.pm | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/pf/services/manager.pm b/lib/pf/services/manager.pm index 41b0e51fd9ce..c38da2dfbd9f 100644 --- a/lib/pf/services/manager.pm +++ b/lib/pf/services/manager.pm @@ -37,6 +37,14 @@ name of service has name => ( is => 'rw'); +=head2 shouldCheckup + +if service requires checkup + +=cut + +has shouldCheckup => ( is => 'rw', default => sub { 1 } ); + =head2 launcher sprintf-formatted string that control how the services should be started From 0d425e475c0bcb91cebf0db968c451a88fbb6ca7 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 28 Nov 2013 13:19:35 -0500 Subject: [PATCH 307/369] Setup attribute shouldCheckup to 0 --- lib/pf/services/manager/httpd_admin.pm | 2 ++ lib/pf/services/manager/memcached.pm | 2 ++ 2 files changed, 4 insertions(+) diff --git a/lib/pf/services/manager/httpd_admin.pm b/lib/pf/services/manager/httpd_admin.pm index 037049aa6366..fd12cf774c40 100644 --- a/lib/pf/services/manager/httpd_admin.pm +++ b/lib/pf/services/manager/httpd_admin.pm @@ -19,6 +19,8 @@ extends 'pf::services::manager::httpd'; has '+name' => (default => sub { 'httpd.admin' } ); +has '+shouldCheckup' => ( default => sub { 0 } ); + =head1 AUTHOR Inverse inc. diff --git a/lib/pf/services/manager/memcached.pm b/lib/pf/services/manager/memcached.pm index 7f065ddf5899..a10e7cd601a6 100644 --- a/lib/pf/services/manager/memcached.pm +++ b/lib/pf/services/manager/memcached.pm @@ -23,6 +23,8 @@ has '+name' => (default => sub { 'memcached' } ); has '+launcher' => (default => sub { "%1\$s -d -p 11211 -u pf -m 64 -c 1024 -P $install_dir/var/run/memcached.pid"}); +has '+shouldCheckup' => ( default => sub { 0 } ); + =head1 AUTHOR Inverse inc. From 7fce2e5e5bead1614f8982d723067bccb9bb643a Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 28 Nov 2013 13:21:23 -0500 Subject: [PATCH 308/369] Start service that require no checkup before service that require checkup --- bin/pfcmd.pl | 45 +++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-) diff --git a/bin/pfcmd.pl b/bin/pfcmd.pl index 25440caa03eb..126202726e5c 100755 --- a/bin/pfcmd.pl +++ b/bin/pfcmd.pl @@ -68,6 +68,7 @@ =head1 SYNOPSIS use File::Basename qw(basename); use Log::Log4perl; use Try::Tiny; +use List::MoreUtils qw(part); use constant { INSTALL_DIR => '/usr/local/pf', @@ -1204,30 +1205,42 @@ sub startService { $technique ||= getIptablesTechnique(); $technique->iptables_generate(); } + require pf::pfcmd::checkup; import pf::pfcmd::checkup; - checkup( map {$_->name} @managers); + my ($noCheckupManagers,$checkupManagers) = part { $_->shouldCheckup} @managers; + foreach my $manager (@$noCheckupManagers) { + _doStart($manager); + } + if(@$checkupManagers) { + checkup( map {$_->name} @$checkupManagers); - foreach my $manager (@managers) { - my $command; - my $color = ''; - if($manager->status ne '0') { - $color = color 'yellow' if $IS_INTERACTIVE; - $command = 'already started'; - } else { - if($manager->start) { - $command = 'start'; - $color = color 'green' if $IS_INTERACTIVE; - } else { - $command = 'not started'; - $color = color 'red' if $IS_INTERACTIVE; - } + foreach my $manager (@$checkupManagers) { + _doStart($manager); } - print $manager->name,"|${color}${command}${RESET_COLOR}\n"; } return 0; } +sub _doStart { + my ($manager) = @_; + my $command; + my $color = ''; + if($manager->status ne '0') { + $color = color 'yellow' if $IS_INTERACTIVE; + $command = 'already started'; + } else { + if($manager->start) { + $command = 'start'; + $color = color 'green' if $IS_INTERACTIVE; + } else { + $command = 'not started'; + $color = color 'red' if $IS_INTERACTIVE; + } + } + print $manager->name,"|${color}${command}${RESET_COLOR}\n"; +} + sub getManagers { my ($services,$flags) = @_; $flags = 0 unless defined $flags; From ba94b86e0f6e080b523b087b6289288bf463cf23 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Thu, 28 Nov 2013 16:23:21 -0500 Subject: [PATCH 309/369] Fixed AeroHive trap --- lib/pf/SNMP/AeroHIVE.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/pf/SNMP/AeroHIVE.pm b/lib/pf/SNMP/AeroHIVE.pm index dced9439df63..4143ea539fd3 100644 --- a/lib/pf/SNMP/AeroHIVE.pm +++ b/lib/pf/SNMP/AeroHIVE.pm @@ -111,6 +111,7 @@ sub parseTrap { $valeurs{$oid} = $value; } $trapHashRef->{'trapSSID'} = $valeurs{$AEROHIVE::ahSSID}; + $trapHashRef->{'trapSSID'} =~ s/"//g; $trapHashRef->{'trapIfIndex'} = $valeurs{$AEROHIVE::ahIfIndex}; $trapHashRef->{'trapVlan'} = $valeurs{$AEROHIVE::ahClientVLAN}; $trapHashRef->{'trapMac'} = $valeurs{$AEROHIVE::ahRemoteId}; From 7a575d768d20d94b2d307142862e085689c151f0 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 29 Nov 2013 09:20:05 -0500 Subject: [PATCH 310/369] Use prototype Delay method to respect seconds We were using the standard setTimeout function which expects miliseconds, not seconds. --- html/common/pf.js | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/html/common/pf.js b/html/common/pf.js index e450ead2dec6..6672db13941b 100644 --- a/html/common/pf.js +++ b/html/common/pf.js @@ -62,7 +62,7 @@ function networkAccessCallback(destination_url, redirect_url) { } // Chrome 10 / Safari 5 / IE9 (sometimes) flawless - top.location.replace(destination_url.unescapeHTML()); + performRedirect(destination_url); } /** @@ -96,9 +96,9 @@ Date.now = Date.now || function() { return +new Date; }; function detectNetworkAccess(retry_delay, destination_url, redirect_url, external_ip) { "use strict"; - var errorDetected; - var loaded; - var netdetect = $('netdetect'); + var errorDetected, loaded, netdetect, checker, initNetDetect; + + netdetect = $('netdetect'); netdetect.onerror = function() { errorDetected = true; loaded = false; @@ -107,22 +107,21 @@ function detectNetworkAccess(retry_delay, destination_url, redirect_url, externa errorDetected = false; loaded = true; }; - var checker; - var initNetDetect = function() { + initNetDetect = function() { errorDetected = loaded = undefined; var netdetect = $('netdetect'); netdetect.src = "http://" + external_ip + "/common/network-access-detection.gif?r=" + Date.now(); - setTimeout(checker,1000); + checker.delay(retry_delay); }; checker = function() { var netdetect = $('netdetect'); - if(errorDetected === true) { + if (errorDetected === true) { initNetDetect(); } else if (loaded === true) { networkAccessCallback(destination_url, redirect_url); } else { - //Check the width or height of the image since we do not know if it is loaded - if(netdetect.width || netdetect.height) { + // Check the width or height of the image since we do not know if it is loaded + if (netdetect.width || netdetect.height) { networkAccessCallback(destination_url, redirect_url); } else { initNetDetect(); From d8224a425ffb45261f6596e30de68b66ab0b7679 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 15 Oct 2013 14:19:50 -0400 Subject: [PATCH 311/369] Allow switch to be read dynamically by radius --- lib/pf/SwitchFactory.pm | 2 + lib/pf/freeradius.pm | 40 ++---------- raddb/policy.conf | 4 ++ raddb/sites-available/dynamic-clients | 91 +++++++++------------------ 4 files changed, 40 insertions(+), 97 deletions(-) diff --git a/lib/pf/SwitchFactory.pm b/lib/pf/SwitchFactory.pm index 38be8cd99728..cf0c95b96dab 100644 --- a/lib/pf/SwitchFactory.pm +++ b/lib/pf/SwitchFactory.pm @@ -23,6 +23,7 @@ use Log::Log4perl qw(get_logger); use pf::config; use pf::config::cached; use pf::util; +use pf::freeradius; our ($singleton, %SwitchConfig, $switches_cached_config); @@ -64,6 +65,7 @@ $switches_cached_config = pf::config::cached->new( } } $SwitchConfig{'127.0.0.1'} = { %{$SwitchConfig{default}}, type => 'PacketFence', mode => 'production', uplink => ['dynamic'], SNMPVersionTrap => '1', SNMPCommunityTrap => 'public'}; + freeradius_populate_nas_config(\%SwitchConfig); $config->cache->set("SwitchConfig",\%SwitchConfig); }, ], diff --git a/lib/pf/freeradius.pm b/lib/pf/freeradius.pm index aa540f81861d..a2839a6e9b0f 100644 --- a/lib/pf/freeradius.pm +++ b/lib/pf/freeradius.pm @@ -121,55 +121,27 @@ Populates the radius_nas table with switches in switches.conf. # First, we aim at reduced complexity. I prefer to dump and reload than to deal with merging config vs db changes. sub freeradius_populate_nas_config { my $logger = Log::Log4perl::get_logger('pf::freeradius'); + my ($switch_config) = @_; if (!_delete_all_nas()) { $logger->info("Problem emptying FreeRADIUS nas clients table."); } - # load switches.conf - my %SwitchConfig; - if (!-e $conf_dir.SWITCHES_CONF) { - croak "Config file " . $conf_dir.SWITCHES_CONF . " cannot be read\n"; - } - - tie %SwitchConfig, 'pf::config::cached', (-file => $conf_dir.SWITCHES_CONF); - - my @errors = @Config::IniFiles::errors; - if ( scalar(@errors) ) { - croak "Error reading config file: " . join( "\n", @errors ) . "\n"; - } - - $logger->debug("Starting to insert switches in radius_nas table for FreeRADIUS"); - foreach my $switch (sort keys %SwitchConfig) { + foreach my $switch (keys %$switch_config) { # we skip the 'default' entry or the local switch if ($switch eq 'default' || $switch eq '127.0.0.1') { next; } - # valid if switch's radiusSecret exists and is not all whitespace - my $valid_sw_radiussecret = ( - defined($SwitchConfig{$switch}{'radiusSecret'}) - && $SwitchConfig{$switch}{'radiusSecret'} =~ /\S/ - ); - - # valid if default radiusSecret exists and is not all whitespace - my $valid_df_radiussecret = ( - defined($SwitchConfig{'default'}{'radiusSecret'}) - && $SwitchConfig{'default'}{'radiusSecret'} =~ /\S/ - ); + my $sw_radiussecret = $switch_config->{$switch}{'radiusSecret'}; - # we are looking for the opposite of a valid switch statement or a valid radius statement - if (!($valid_sw_radiussecret || $valid_df_radiussecret)) { + # skipping unless switch's radiusSecret exists and is not all whitespace + unless (defined $sw_radiussecret && $sw_radiussecret =~ /\S/ ) { $logger->debug("No RADIUS secret for switch: $switch FreeRADIUS configuration skipped"); next; } # insert NAS - _insert_nas( - $switch, - $switch, - $SwitchConfig{$switch}{'radiusSecret'} || $SwitchConfig{'default'}{'radiusSecret'}, - $switch . " (" . ($SwitchConfig{$switch}{'type'} || $SwitchConfig{'default'}{'type'}) .")", - ); + _insert_nas( $switch, $switch, $sw_radiussecret, $switch . " (" . $switch_config->{$switch}{'type'} .")"); } } diff --git a/raddb/policy.conf b/raddb/policy.conf index 31ce6bad125c..325cced75b5d 100644 --- a/raddb/policy.conf +++ b/raddb/policy.conf @@ -155,6 +155,10 @@ policy { } } + + # The dynamic client/controller time to live / lifetime + dynamic_controller_ttl = 600 + # # Normalize the MAC Addresses in the Calling/Called-Station-Id # diff --git a/raddb/sites-available/dynamic-clients b/raddb/sites-available/dynamic-clients index f8c3cc4ddd4a..69705c2346a8 100644 --- a/raddb/sites-available/dynamic-clients +++ b/raddb/sites-available/dynamic-clients @@ -33,13 +33,7 @@ # # Define a network where clients may be dynamically defined. -client dynamic { - ipaddr = 192.168.0.0 - - # - # You MUST specify a netmask! - # IPv4 /32 or IPv6 /128 are NOT allowed! - netmask = 16 +client 0.0.0.0/0 { # # Any other configuration normally found in a "client" @@ -71,7 +65,7 @@ client dynamic { # If the lifetime is "0", then the dynamic client is never # deleted. The only way to delete the client is to re-start # the server. - lifetime = 3600 + lifetime = ${policy.dynamic_controller_ttl} } # @@ -80,6 +74,7 @@ server dynamic_client_server { # # The only contents of the virtual server is the "authorize" section. + # authorize { # @@ -106,38 +101,6 @@ server dynamic_client_server { # useless, but it documents the attributes # you need. # - update control { - - # - # Echo the IP address of the client. - FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}" - - # require_message_authenticator - FreeRADIUS-Client-Require-MA = no - - # secret - FreeRADIUS-Client-Secret = "testing123" - - # shortname - FreeRADIUS-Client-Shortname = "%{Packet-Src-IP-Address}" - - # nastype - FreeRADIUS-Client-NAS-Type = "other" - - # virtual_server - # - # This can ONLY be used if the network client - # definition (e.g. "client dynamic" above) has - # NO virtual_server defined. - # - # If the network client definition does have a - # virtual_server defined, then that is used, - # and there is no need to define this attribute. - # - FreeRADIUS-Client-Virtual-Server = "something" - - } - # # Example 2: Read the clients from "clients" files # in a directory. @@ -155,25 +118,27 @@ server dynamic_client_server { # Example 3: Look the clients up in SQL. # # This requires the SQL module to be configured, of course. - if ("%{sql: SELECT nasname FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}") { - update control { - # - # Echo the IP. - FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}" - - # - # Do multiple SELECT statements to grab - # the various definitions. - FreeRADIUS-Client-Shortname = "%{sql: SELECT shortname FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}" + update control { + Tmp-String-8 = "%{sql: SELECT nasname FROM radius_nas WHERE nasname '%{Packet-Src-IP-Address}'}" + } + if ("%{control:Tmp-String-8}") { + update control { + # + # Echo the IP. + FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}" - FreeRADIUS-Client-Secret = "%{sql: SELECT secret FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}" + # + # Do multiple SELECT statements to grab + # the various definitions. + FreeRADIUS-Client-Shortname = "%{sql: SELECT shortname FROM radius_nas WHERE nasname = '%{control:Tmp-String-8}'}" - FreeRADIUS-Client-NAS-Type = "%{sql: SELECT type FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}" + FreeRADIUS-Client-Secret = "%{sql: SELECT secret FROM radius_nas WHERE nasname = '%{control:Tmp-String-8}'}" - FreeRADIUS-Client-Virtual-Server = "%{sql: SELECT server FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}" - } + FreeRADIUS-Client-NAS-Type = "%{sql: SELECT type FROM radius_nas WHERE nasname = '%{control:Tmp-String-8}'}" - } + } + ok + } # Do an LDAP lookup in the elements OU, check to see if # the Packet-Src-IP-Address object has a "ou" @@ -198,27 +163,27 @@ server dynamic_client_server { # # And with a "ou" value of the shared secret password # for the NAS element. ie "password" - if ("%{ldap:ldap:///OU=Elements,OU=Radius,DC=ACME,DC=COM?ou?sub?cn=%{Packet-Src-IP-Address}}") { - update control { - FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}" +# if ("%{ldap:ldap:///OU=Elements,OU=Radius,DC=ACME,DC=COM?ou?sub?cn=%{Packet-Src-IP-Address}}") { +# update control { +# FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}" # Set the Client-Shortname to be the Location # "l" just like in the Huntgroups, but this # time to the shortname. - FreeRADIUS-Client-Shortname = "%{ldap:ldap:///OU=Elements,OU=Radius,DC=ACME,DC=COM?l?sub?cn=%{Packet-Src-IP-Address}}" +# FreeRADIUS-Client-Shortname = "%{ldap:ldap:///OU=Elements,OU=Radius,DC=ACME,DC=COM?l?sub?cn=%{Packet-Src-IP-Address}}" # Lookup and set the Shared Secret based on # the "ou" attribute. - FreeRADIUS-Client-Secret = "%{ldap:ldap:///OU=Elements,OU=Radius,DC=ACME,DC=COM?ou?sub?cn=%{Packet-Src-IP-Address}}" - } - } +# FreeRADIUS-Client-Secret = "%{ldap:ldap:///OU=Elements,OU=Radius,DC=ACME,DC=COM?ou?sub?cn=%{Packet-Src-IP-Address}}" +# } +# ok +# } # # Tell the caller that the client was defined properly. # # If the authorize section does NOT return "ok", then # the new client is ignored. - ok } } From 144e93976639937bed2f6f80b01b5cde9434c97a Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 21 Nov 2013 11:40:21 -0500 Subject: [PATCH 312/369] Will not truncate radius_nas table on restart --- lib/pf/services.pm | 3 ++- lib/pf/services/radiusd.pm | 13 +++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/lib/pf/services.pm b/lib/pf/services.pm index e92a7315e5cd..73fbde28d941 100644 --- a/lib/pf/services.pm +++ b/lib/pf/services.pm @@ -181,7 +181,8 @@ sub service_ctl { my $pid = service_ctl( $daemon, "status" ); # TODO: push all these per-daemon initialization into pf::services::... require pf::freeradius; - pf::freeradius::freeradius_populate_nas_config(); + require pf::SwitchFactory; + pf::freeradius::freeradius_populate_nas_config(\%pf::SwitchFactory::SwitchConfig); } return launchService($daemon,$service); diff --git a/lib/pf/services/radiusd.pm b/lib/pf/services/radiusd.pm index 1be834656554..87a8bf2cc90b 100644 --- a/lib/pf/services/radiusd.pm +++ b/lib/pf/services/radiusd.pm @@ -11,12 +11,12 @@ according to what PacketFence needs to accomplish. =head1 CONFIGURATION AND ENVIRONMENT -Read the following configuration files: +Read the following configuration files: F F F -Generates the following configuration files: +Generates the following configuration files: F F F @@ -60,9 +60,10 @@ sub generate_radiusd_conf { generate_radiusd_eapconf(); generate_radiusd_sqlconf(); - #Build the nas table for RADIUS + #Build the nas table for RADIUS require pf::freeradius; - pf::freeradius::freeradius_populate_nas_config(); + require pf::SwitchFactory; + pf::freeradius::freeradius_populate_nas_config(\%pf::SwitchFactory::SwitchConfig); return 1; } @@ -80,8 +81,8 @@ sub generate_radiusd_mainconf { $tags{'install_dir'} = $install_dir; $tags{'management_ip'} = defined($management_network->tag('vip')) ? $management_network->tag('vip') : $management_network->tag('ip'); $tags{'arch'} = `uname -m` eq "x86_64" ? "64" : ""; - - parse_template( \%tags, "$conf_dir/radiusd/radiusd.conf", "$install_dir/raddb/radiusd.conf" ); + + parse_template( \%tags, "$conf_dir/radiusd/radiusd.conf", "$install_dir/raddb/radiusd.conf" ); } =item * generate_radiusd_eapconf From 13db4dc40a013804f897c00241af7fe30cfb61e0 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Thu, 21 Nov 2013 11:40:42 -0500 Subject: [PATCH 313/369] Updated NEWS files --- NEWS.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index fa2dd806381e..38b2251e2b75 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -24,6 +24,7 @@ New Features * Displayed columns of nodes are now customizable * Create a single node or import multiple nodes from a CSV file from the Web admin * LDAP authentication sources can now filter by group membership using a second LDAP query +* Radius does not need to be restarted after adding a switch Enhancements ++++++++++++ From f5ea594eafcd750135c3b15be732349a9da822c9 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 29 Nov 2013 10:29:39 -0500 Subject: [PATCH 314/369] Fix condition to avoid warning --- lib/pf/vlan.pm | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/lib/pf/vlan.pm b/lib/pf/vlan.pm index ba9e3d8e656b..7f78fac340f9 100644 --- a/lib/pf/vlan.pm +++ b/lib/pf/vlan.pm @@ -73,7 +73,7 @@ sub fetchVlanForNode { $logger->info("Inline trigger match, the node is in inline mode"); my $inline = $this->getInlineVlan($switch, $ifIndex, $mac, $node_info, $connection_type, $user_name, $ssid); $logger->info("MAC: $mac, PID: " .$node_info->{pid}. ", Status: " .$node_info->{status}. ". Returned VLAN: $inline"); - return ( $inline , 1 ); + return ( $inline, 1 ); } # violation handling @@ -87,20 +87,14 @@ sub fetchVlanForNode { # there were no violation, now onto registration handling my $registration = $this->getRegistrationVlan($switch, $ifIndex, $mac, $node_info, $connection_type, $user_name, $ssid); if (defined($registration) && $registration != 0) { - - if ( ($connection_type & $WIRELESS_MAC_AUTH) == $WIRELESS_MAC_AUTH ) { - - + if ($connection_type && ($connection_type & $WIRELESS_MAC_AUTH) == $WIRELESS_MAC_AUTH) { my $notes = $node_info->{'notes'}; if ($notes eq 'AUTO-REGISTERED') { $logger->info("Connection type is WIRELESS_MAC_AUTH and the device was comming from a secure SSID with auto registration" ); - my %info = ( - 'notes' => '', - ); - node_modify($mac,%info); + node_modify($mac, ('notes' => '')); } } - return ( $registration , 0, "registration"); + return ( $registration, 0, "registration" ); } # no violation, not unregistered, we are now handling a normal vlan From d682450c9e488d3d3007e1f668975c5a949f30ce Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Fri, 29 Nov 2013 15:16:31 -0500 Subject: [PATCH 315/369] Fix the error "dispatcher.pm line 70", missing test on the Referer --- lib/pf/web/dispatcher.pm | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/lib/pf/web/dispatcher.pm b/lib/pf/web/dispatcher.pm index 5189234ba475..920480b6052f 100755 --- a/lib/pf/web/dispatcher.pm +++ b/lib/pf/web/dispatcher.pm @@ -66,13 +66,19 @@ sub translate { my $s = $r->server(); my $proto = isenabled($Config{'captive_portal'}{'secure_redirect'}) ? $HTTPS : $HTTP; #Because of chrome captiv portal detection we have to test if the request come from http request - my $parsed = APR::URI->parse($r->pool,$r->headers_in->{'Referer'}); - if ($s->port eq '80' && $proto eq 'https' && $r->uri !~ /$WEB::ALLOWED_RESOURCES/o && $parsed->path !~ /$WEB::ALLOWED_RESOURCES/o) { - #Generate a page with a refresh tag - $r->handler('modperl'); - $r->set_handlers( PerlResponseHandler => \&html_redirect ); - return Apache2::Const::OK; - } else { + if (defined($r->headers_in->{'Referer'})) { + my $parsed = APR::URI->parse($r->pool,$r->headers_in->{'Referer'}); + if ($s->port eq '80' && $proto eq 'https' && $r->uri !~ /$WEB::ALLOWED_RESOURCES/o && $parsed->path !~ /$WEB::ALLOWED_RESOURCES/o) { + #Generate a page with a refresh tag + $r->handler('modperl'); + $r->set_handlers( PerlResponseHandler => \&html_redirect ); + return Apache2::Const::OK; + } else { + # DECLINED tells Apache to continue further mod_rewrite / alias processing + return Apache2::Const::DECLINED; + } + } + else { # DECLINED tells Apache to continue further mod_rewrite / alias processing return Apache2::Const::DECLINED; } From aaefe69579e9dc0b5e03afd62698e8190aae28bd Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Fri, 29 Nov 2013 21:40:14 -0500 Subject: [PATCH 316/369] Check the role for dot1x autoregistration from the authentication sources defined in the captiv portal associated to the connection instead of all the authentication sources. --- lib/pf/vlan.pm | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/pf/vlan.pm b/lib/pf/vlan.pm index ba9e3d8e656b..c672f2dd2c03 100644 --- a/lib/pf/vlan.pm +++ b/lib/pf/vlan.pm @@ -26,6 +26,7 @@ use pf::violation qw(violation_count_trap violation_exist_open violation_view_to use pf::authentication; use pf::Authentication::constants; +use pf::Portal::ProfileFactory; our $VERSION = 1.04; @@ -367,13 +368,15 @@ sub getNormalVlan { # FIRST HIT MATCH elsif ( defined $user_name && (($connection_type & $EAP) == $EAP) ) { $logger->debug("EAP connection with a username. Trying to match rules from authentication sources."); + my $profile = pf::Portal::ProfileFactory->instantiate($mac); + my @sources = ($profile->getInternalSources); my $params = { username => $user_name, connection_type => connection_type_to_str($connection_type), SSID => $ssid, }; - $role = &pf::authentication::match(&pf::authentication::getInternalAuthenticationSources(), $params, $Actions::SET_ROLE); - } + $role = &pf::authentication::match([@sources], $params, $Actions::SET_ROLE); + } # If a user based role has been found by matching authentication sources rules, we return it if ( defined($role) && $role ne '' ) { From 19cc2d6a484b162d45cf3622a02fbabfe04ae9ed Mon Sep 17 00:00:00 2001 From: Louis Munro Date: Mon, 2 Dec 2013 09:52:08 -0500 Subject: [PATCH 317/369] Modified logrotate to use copytrucate instead of restarting services. --- addons/logrotate | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/addons/logrotate b/addons/logrotate index 43e3e1e202be..58665313a583 100644 --- a/addons/logrotate +++ b/addons/logrotate @@ -6,13 +6,6 @@ missingok compress delaycompress - sharedscripts - create 644 pf pf su pf pf - postrotate - # uncomment the crm statements if you are running packetfence in a corosync cluster - #/usr/sbin/crm resource unmanage PacketFence - /etc/init.d/packetfence condrestart >/dev/null 2>&1 || true - #/usr/sbin/crm resource manage PacketFence - endscript + copytruncate } From 1cb1414637c3ab64328ba1d37b34947f0001d8d7 Mon Sep 17 00:00:00 2001 From: Louis Munro Date: Mon, 2 Dec 2013 09:56:10 -0500 Subject: [PATCH 318/369] Updated NEWS.asciidoc to reflect logrotate changes. --- NEWS.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index fa2dd806381e..1d76a05216da 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -43,6 +43,7 @@ Enhancements * Validate file path when saving an Htpasswd authentication source * Improved validation of a sponsor's email address * Allow actions depending on authentication source type +* Modified logrotate so it uses copytruncate instead of restarting the services. Bug Fixes +++++++++ From e8166606c4fa25112536de9abc6d88b446f62734 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Mon, 2 Dec 2013 10:03:27 -0500 Subject: [PATCH 319/369] Added proxy log files in logrotate --- addons/logrotate | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/addons/logrotate b/addons/logrotate index 58665313a583..2ed39016329c 100644 --- a/addons/logrotate +++ b/addons/logrotate @@ -1,6 +1,6 @@ # logrotate file for packetfence -/usr/local/pf/logs/access_log /usr/local/pf/logs/admin_access_log /usr/local/pf/logs/admin_error_log /usr/local/pf/logs/error_log /usr/local/pf/logs/packetfence.log /usr/local/pf/logs/pfdetect /usr/local/pf/logs/pfmon /usr/local/pf/logs/snmptrapd.log /usr/local/pf/logs/radius.log /usr/local/pf/logs/portal_access_log /usr/local/pf/logs/portal_error_log /usr/local/pf/logs/webservices_access_log /usr/local/pf/logs/webservices_error_log /usr/local/pf/logs/catalyst.log { +/usr/local/pf/logs/access_log /usr/local/pf/logs/admin_access_log /usr/local/pf/logs/admin_error_log /usr/local/pf/logs/error_log /usr/local/pf/logs/packetfence.log /usr/local/pf/logs/pfdetect /usr/local/pf/logs/pfmon /usr/local/pf/logs/snmptrapd.log /usr/local/pf/logs/radius.log /usr/local/pf/logs/portal_access_log /usr/local/pf/logs/portal_error_log /usr/local/pf/logs/portal_error_log /usr/local/pf/logs/proxy_access_log /usr/local/pf/logs/webservices_access_log /usr/local/pf/logs/webservices_error_log /usr/local/pf/logs/catalyst.log { weekly rotate 52 missingok From b1dcd5cf60b480c87e296303af9e57d41209d15b Mon Sep 17 00:00:00 2001 From: Louis Munro Date: Mon, 2 Dec 2013 11:06:42 -0500 Subject: [PATCH 320/369] Added a barnyard2 init script. --- NEWS.asciidoc | 1 + addons/barnyard2.sh | 116 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 117 insertions(+) create mode 100755 addons/barnyard2.sh diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 1d76a05216da..01ee1b76519e 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -44,6 +44,7 @@ Enhancements * Improved validation of a sponsor's email address * Allow actions depending on authentication source type * Modified logrotate so it uses copytruncate instead of restarting the services. +* Now comes with a corosync compatible barnyard2 init script in addons. Bug Fixes +++++++++ diff --git a/addons/barnyard2.sh b/addons/barnyard2.sh new file mode 100755 index 000000000000..09a5b91d9f13 --- /dev/null +++ b/addons/barnyard2.sh @@ -0,0 +1,116 @@ +#!/bin/bash +# lmunro@inverse.ca 20130508 +# License: GNU General Public License 2 (GPL2) +# +# This script is called from heartbeat (or corosync) to manage +# the Barnyard2 resource. +# It is loosely based on the barnyard2 init script. + +# Source function library +. /etc/rc.d/init.d/functions + +# program name +BASE=barnyard2 + +# program options +CONF="/usr/local/$BASE/etc/barnyard2.conf" +GEN_MAP="/usr/local/pf/conf/snort/gen-msg.map" +SID_MAP="/usr/local/pf/conf/snort/sid-msg.map" +LOG_DIR="/var/log/snort" +SPOOL_DIR="/var/log/snort" +LOG_FILE="merged.log" +WALDO_FILE="/var/log/snort/barnyard2.waldo" +DAEMON="-D" + +# Check that $BASE exists. +[ -f /usr/local/bin/$BASE ] || exit 0 + +# source ocf functions +: ${OCF_FUNCTIONS_DIR=${OCF_ROOT}/resource.d/heartbeat} +. ${OCF_FUNCTIONS_DIR}/.ocf-shellfuncs + + +RETVAL=0 + + +_get_meta_data() { + cat < + + +1.0 + + +The Barnyard resource agent manages the barnyard2 service. + + + +Barnyard + + + + + + + + + + + + +END + + return $OCF_SUCCESS +} + + + +_start () { + if [ -n "`/sbin/pidof $BASE`" ]; then + echo -n $"$BASE: already running" + echo "" + exit $OCF_SUCCESS + fi + echo -n "Starting Barnyard: " + /usr/local/bin/$BASE -c $CONF -G $GEN_MAP -S $SID_MAP -d $SPOOL_DIR -l $LOG_DIR -f $LOG_FILE -w $WALDO_FILE $DAEMON + sleep 1 + action "" /sbin/pidof $BASE + RETVAL=$? + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/barnyard2 +} + +_stop () { + echo -n "Shutting down Barnyard: " + killproc /usr/local/bin/$BASE + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/barnyard2 +} + +_monitor () { + status $BASE || RETVAL=7 +} + +_usage () { + echo "Usage: barnyard {start|stop|monitor|meta_data}" +} + +case $__OCF_ACTION in + meta-data) + _get_meta_data + exit $OCF_SUCCESS + ;; + start) _start + exit $RETVAL + ;; + stop) _stop + ;; + monitor) _monitor + exit $RETVAL + ;; + *) _usage + exit $OCF_ERR_UNIMPLEMENTED + ;; +esac + +exit $? From b84ae2ebb2fa5e920c6e3aa00d58d8a90028d4ec Mon Sep 17 00:00:00 2001 From: lzammit Date: Mon, 2 Dec 2013 13:35:21 -0500 Subject: [PATCH 321/369] Update PacketFence_Administration_Guide.asciidoc Disable resolvconf --- docs/PacketFence_Administration_Guide.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/PacketFence_Administration_Guide.asciidoc b/docs/PacketFence_Administration_Guide.asciidoc index 4c0d28150515..fa1385c6cd12 100644 --- a/docs/PacketFence_Administration_Guide.asciidoc +++ b/docs/PacketFence_Administration_Guide.asciidoc @@ -199,6 +199,7 @@ Install your distribution with minimal installation and no additional packages. * Disable Firewall * Disable SELinux * Disable AppArmor +* Disable resolvconf Make sure your system is up to date and your yum or apt-get database is updated. On a RHEL-based system, do: From 3e5827caecfbcc48741a489f30bba02554e9a019 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Mon, 2 Dec 2013 14:04:45 -0500 Subject: [PATCH 322/369] Synchronise locationlog before trying to match source in portal profile (Autoreg 802.1x) --- lib/pf/radius.pm | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/pf/radius.pm b/lib/pf/radius.pm index ed77497fbe3d..e3ebd8b2e482 100644 --- a/lib/pf/radius.pm +++ b/lib/pf/radius.pm @@ -138,6 +138,9 @@ sub authorize { if (!node_register($mac, $autoreg_node_defaults{'pid'}, %autoreg_node_defaults)) { $logger->error("auto-registration of node $mac failed"); } + locationlog_synchronize($switch_ip, $port, undef, $mac, + $isPhone ? $VOIP : $NO_VOIP, $connection_type, $user_name, $ssid + ); } # if it's an IP Phone, let _authorizeVoip decide (extension point) From 3dea4202097adc6651596a2a7519ce33f17ecee0 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 2 Dec 2013 15:41:31 -0500 Subject: [PATCH 323/369] Update NEWS and UPGRADE files --- NEWS.asciidoc | 1 + UPGRADE.asciidoc | 10 +++++++++- conf/admin_roles.conf | 0 3 files changed, 10 insertions(+), 1 deletion(-) delete mode 100644 conf/admin_roles.conf diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 69ab13137ac6..db3aebb39ee8 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -26,6 +26,7 @@ New Features * LDAP authentication sources can now filter by group membership using a second LDAP query * Extended definition of access durations * FreeRADIUS does not need to be restarted after adding a switch +* New customizable ACLs for Web admin interface Enhancements ++++++++++++ diff --git a/UPGRADE.asciidoc b/UPGRADE.asciidoc index eedb7308e656..dbf9fc418a88 100644 --- a/UPGRADE.asciidoc +++ b/UPGRADE.asciidoc @@ -12,6 +12,9 @@ Database schema update ^^^^^^^^^^^^^^^^^^^^^^ The category column in the temporary_password should not be mandatory. + +Also, the access_level of the temporary_password table is now a string instead of a bit string. + Make sure you run the following to update your schema: mysql -u root -p pf -v < db/upgrade-4.0.0-4.1.0.sql @@ -20,7 +23,12 @@ Configuration changes ^^^^^^^^^^^^^^^^^^^^^ The parameters `trapping.redirecturl` and `trapping.always_use_redirecturl` from `pf.conf` (or `pf.conf.defaults`) -were moved to the default portal profile in `profiles.conf`. Adjust your configuration accordingly. +were moved to the default portal profile in `profiles.conf`. + +The action `set_access_level` of authentication sources in `authentication.pf` must now match one of the admin roles +defined in `adminroles.conf`. The previous level `4294967295` must be replaced by *ALL* and the level `0` by *NONE*. + +Adjust your configuration files accordingly. Upgrading from a version prior to 4.0.6 --------------------------------------- diff --git a/conf/admin_roles.conf b/conf/admin_roles.conf deleted file mode 100644 index e69de29bb2d1..000000000000 From 413a6db801187d8f288e5ac4df112c6d8b85196f Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 2 Dec 2013 09:50:15 -0500 Subject: [PATCH 324/369] Will only attempt repopulation of switches if there switches need to be changed --- lib/pf/freeradius.pm | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/lib/pf/freeradius.pm b/lib/pf/freeradius.pm index a2839a6e9b0f..fcc6c5e53d43 100644 --- a/lib/pf/freeradius.pm +++ b/lib/pf/freeradius.pm @@ -122,24 +122,21 @@ Populates the radius_nas table with switches in switches.conf. sub freeradius_populate_nas_config { my $logger = Log::Log4perl::get_logger('pf::freeradius'); my ($switch_config) = @_; + my %skip = (default => undef, '127.0.0.1' => undef ); + my $radiusSecret; + my @switches = grep { + !exists $skip{$_} + && defined( $radiusSecret = $switch_config->{$_}{radiusSecret} ) + && $radiusSecret =~ /\S/ + } keys %$switch_config; + return unless @switches; if (!_delete_all_nas()) { $logger->info("Problem emptying FreeRADIUS nas clients table."); } - foreach my $switch (keys %$switch_config) { - - # we skip the 'default' entry or the local switch - if ($switch eq 'default' || $switch eq '127.0.0.1') { next; } - + foreach my $switch (@switches) { my $sw_radiussecret = $switch_config->{$switch}{'radiusSecret'}; - - # skipping unless switch's radiusSecret exists and is not all whitespace - unless (defined $sw_radiussecret && $sw_radiussecret =~ /\S/ ) { - $logger->debug("No RADIUS secret for switch: $switch FreeRADIUS configuration skipped"); - next; - } - # insert NAS _insert_nas( $switch, $switch, $sw_radiussecret, $switch . " (" . $switch_config->{$switch}{'type'} .")"); } From dd4fada0f5e07ab89b86b607e62e5b510df2a5b9 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 29 Nov 2013 17:28:53 -0500 Subject: [PATCH 325/369] Validate startup array references --- bin/pfcmd.pl | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/bin/pfcmd.pl b/bin/pfcmd.pl index 126202726e5c..a73945440f72 100755 --- a/bin/pfcmd.pl +++ b/bin/pfcmd.pl @@ -1206,13 +1206,15 @@ sub startService { $technique->iptables_generate(); } - require pf::pfcmd::checkup; - import pf::pfcmd::checkup; my ($noCheckupManagers,$checkupManagers) = part { $_->shouldCheckup} @managers; - foreach my $manager (@$noCheckupManagers) { - _doStart($manager); + if($noCheckupManagers && @$noCheckupManagers) { + foreach my $manager (@$noCheckupManagers) { + _doStart($manager); + } } - if(@$checkupManagers) { + if($checkupManagers && @$checkupManagers) { + require pf::pfcmd::checkup; + import pf::pfcmd::checkup; checkup( map {$_->name} @$checkupManagers); foreach my $manager (@$checkupManagers) { From 8e489db30e9f345448ba1e56b7d6e24c558c4de9 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 2 Dec 2013 11:56:12 -0500 Subject: [PATCH 326/369] Add db_ping function --- lib/pf/db.pm | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/lib/pf/db.pm b/lib/pf/db.pm index 4feff690ca45..17320d0bea87 100644 --- a/lib/pf/db.pm +++ b/lib/pf/db.pm @@ -40,7 +40,7 @@ BEGIN { use Exporter (); our ( @ISA, @EXPORT ); @ISA = qw(Exporter); - @EXPORT = qw(%dbh db_data db_connect db_disconnect get_db_handle db_query_execute); + @EXPORT = qw(%dbh db_data db_connect db_disconnect get_db_handle db_query_execute db_ping); } @@ -118,6 +118,21 @@ sub db_connect { } } +=item * db_ping + +checks if database is connected + +=cut + +sub db_ping { + my ($dbh,$result); + eval { + my $dbh = db_connect; + $result = $dbh->ping; + }; + return $result; +} + =item * db_disconnect =cut From 26865a9cee896baec98acc126131c75f30fc569f Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 2 Dec 2013 12:00:29 -0500 Subject: [PATCH 327/369] Check if the database is alive before loading into database --- lib/pf/violation_config.pm | 91 ++++++++++++++++++++------------------ 1 file changed, 47 insertions(+), 44 deletions(-) diff --git a/lib/pf/violation_config.pm b/lib/pf/violation_config.pm index e640451b5d1f..491c53ec3fb0 100644 --- a/lib/pf/violation_config.pm +++ b/lib/pf/violation_config.pm @@ -20,6 +20,7 @@ use Try::Tiny; use pf::config; use pf::trigger qw(trigger_delete_all parse_triggers); use pf::class qw(class_merge); +use pf::db; our (%Violation_Config, $cached_violations_config); @@ -37,51 +38,53 @@ sub fileReloadViolationConfig { $logger->info("called $name"); $config->toHash(\%Violation_Config); $config->cleanupWhitespace(\%Violation_Config); - trigger_delete_all(); - while(my ($violation,$data) = each %Violation_Config) { - # parse triggers if they exist - my $triggers_ref = []; - if ( defined $data->{'trigger'} ) { - try { - $triggers_ref = parse_triggers($data->{'trigger'}); - } catch { - $logger->warn("Violation $violation is ignored: $_"); - $triggers_ref = []; - }; + if(db_ping) { + trigger_delete_all(); + while(my ($violation,$data) = each %Violation_Config) { + # parse triggers if they exist + my $triggers_ref = []; + if ( defined $data->{'trigger'} ) { + try { + $triggers_ref = parse_triggers($data->{'trigger'}); + } catch { + $logger->warn("Violation $violation is ignored: $_"); + $triggers_ref = []; + }; + } + + # parse grace, try to understand trailing signs, and convert back to seconds + if ( defined $data->{'grace'} ) { + $data->{'grace'} = normalize_time($data->{'grace'}); + } + + if ( defined $data->{'window'} && $data->{'window'} ne "dynamic" ) { + $data->{'window'} = normalize_time($data->{'window'}); + } + + # be careful of the way parameters are passed, whitelists, actions and triggers are expected at the end + class_merge( + $violation, + $data->{'desc'} || '', + $data->{'auto_enable'}, + $data->{'max_enable'}, + $data->{'grace'}, + $data->{'window'}, + $data->{'vclose'}, + $data->{'priority'}, + $data->{'template'}, + $data->{'max_enable_url'}, + $data->{'redirect_url'}, + $data->{'button_text'}, + $data->{'enabled'}, + $data->{'vlan'}, + $data->{'target_category'}, + $data->{'whitelisted_categories'} || '', + $data->{'actions'}, + $triggers_ref + ); } - - # parse grace, try to understand trailing signs, and convert back to seconds - if ( defined $data->{'grace'} ) { - $data->{'grace'} = normalize_time($data->{'grace'}); - } - - if ( defined $data->{'window'} && $data->{'window'} ne "dynamic" ) { - $data->{'window'} = normalize_time($data->{'window'}); - } - - # be careful of the way parameters are passed, whitelists, actions and triggers are expected at the end - class_merge( - $violation, - $data->{'desc'} || '', - $data->{'auto_enable'}, - $data->{'max_enable'}, - $data->{'grace'}, - $data->{'window'}, - $data->{'vclose'}, - $data->{'priority'}, - $data->{'template'}, - $data->{'max_enable_url'}, - $data->{'redirect_url'}, - $data->{'button_text'}, - $data->{'enabled'}, - $data->{'vlan'}, - $data->{'target_category'}, - $data->{'whitelisted_categories'} || '', - $data->{'actions'}, - $triggers_ref - ); + $config->cache->set("Violation_Config",\%Violation_Config); } - $config->cache->set("Violation_Config",\%Violation_Config); } sub readViolationConfigFile { @@ -98,7 +101,7 @@ sub readViolationConfigFile { if($data) { %Violation_Config = %$data; } else { - fileReloadViolationConfig($config,$name); + $config->doCallbacks(1,0); } } ], From 3e137256d747ea5dad7e7614da385585441a0652 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 2 Dec 2013 12:04:13 -0500 Subject: [PATCH 328/369] Refactor color usage on the command --- bin/pfcmd.pl | 44 ++++++++++++++++++++++++++------------------ 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/bin/pfcmd.pl b/bin/pfcmd.pl index a73945440f72..ac6db1a01c5d 100755 --- a/bin/pfcmd.pl +++ b/bin/pfcmd.pl @@ -113,11 +113,8 @@ =head1 SYNOPSIS restart => \&restartService, ); -our $SERVICE_HEADER ="service|command\n"; - -our $IS_INTERACTIVE = is_interactive(); - -our $RESET_COLOR = $IS_INTERACTIVE ? color 'reset' : ''; +our ($SERVICE_HEADER, $IS_INTERACTIVE); +our ($RESET_COLOR, $WARNING_COLOR, $ERROR_COLOR, $SUCCESS_COLOR); my $count = $ENV{PER_PAGE}; my $offset = $ENV{PAGE_NUM}; @@ -1173,6 +1170,13 @@ sub service { my $action = $cmd{command}[2]; require pf::services; import pf::services; + $SERVICE_HEADER ="service|command\n"; + $IS_INTERACTIVE = is_interactive(); + $RESET_COLOR = $IS_INTERACTIVE ? color 'reset' : ''; + $WARNING_COLOR = $IS_INTERACTIVE ? color 'yellow' : ''; + $ERROR_COLOR = $IS_INTERACTIVE ? color 'red' : ''; + $SUCCESS_COLOR = $IS_INTERACTIVE ? color 'green' : ''; + my $actionHandler; $action =~ /^(.*)$/; $action = $1; @@ -1207,16 +1211,14 @@ sub startService { } my ($noCheckupManagers,$checkupManagers) = part { $_->shouldCheckup} @managers; + if($noCheckupManagers && @$noCheckupManagers) { foreach my $manager (@$noCheckupManagers) { _doStart($manager); } } if($checkupManagers && @$checkupManagers) { - require pf::pfcmd::checkup; - import pf::pfcmd::checkup; checkup( map {$_->name} @$checkupManagers); - foreach my $manager (@$checkupManagers) { _doStart($manager); } @@ -1229,15 +1231,15 @@ sub _doStart { my $command; my $color = ''; if($manager->status ne '0') { - $color = color 'yellow' if $IS_INTERACTIVE; + $color = $WARNING_COLOR; $command = 'already started'; } else { if($manager->start) { $command = 'start'; - $color = color 'green' if $IS_INTERACTIVE; + $color = $SUCCESS_COLOR; } else { $command = 'not started'; - $color = color 'red' if $IS_INTERACTIVE; + $color = $ERROR_COLOR; } } print $manager->name,"|${color}${command}${RESET_COLOR}\n"; @@ -1288,13 +1290,13 @@ sub stopService { my $color = ''; if($manager->status eq '0') { $command = 'already stopped'; - $color = color 'yellow' if $IS_INTERACTIVE; + $color = $WARNING_COLOR; } else { if($manager->stop) { - $color = color 'green' if $IS_INTERACTIVE; + $color = $SUCCESS_COLOR; $command = 'stop'; } else { - $color = color 'red' if $IS_INTERACTIVE; + $color = $ERROR_COLOR; $command = 'not stopped'; } } @@ -1365,13 +1367,13 @@ sub statusOfService { my $status = $manager->status; if($status eq '0' ) { if ($isManaged) { - $color = color 'red' if $IS_INTERACTIVE; + $color = $ERROR_COLOR; $notStarted++; } else { - $color = color 'yellow' if $IS_INTERACTIVE; + $color = $WARNING_COLOR; } } else { - $color = color 'green' if $IS_INTERACTIVE; + $color = $SUCCESS_COLOR; } print $manager->name,"|${color}$isManaged|$status${RESET_COLOR}\n"; } @@ -1395,8 +1397,14 @@ sub checkup { require pf::services; require pf::pfcmd::checkup; no warnings "once"; #avoids only used once warnings generated by the access of pf::pfcmd::checkup namespace + my @services; + if(@_) { + @services = @_; + } else { + @services = @pf::services::ALL_SERVICES; + } - my @problems = pf::pfcmd::checkup::sanity_check(pf::services::service_list(@pf::services::ALL_SERVICES)); + my @problems = pf::pfcmd::checkup::sanity_check(pf::services::service_list(@services)); foreach my $entry (@problems) { chomp $entry->{$pf::pfcmd::checkup::MESSAGE}; print $entry->{$pf::pfcmd::checkup::SEVERITY} . " - " . $entry->{$pf::pfcmd::checkup::MESSAGE} . "\n"; From 91d10b766bad7e98e83859997295dc646add6b63 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 2 Dec 2013 16:33:11 -0500 Subject: [PATCH 329/369] Will not attempt to repopulate db if if database is down --- lib/pf/freeradius.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/pf/freeradius.pm b/lib/pf/freeradius.pm index fcc6c5e53d43..db00ee8b5e4f 100644 --- a/lib/pf/freeradius.pm +++ b/lib/pf/freeradius.pm @@ -121,6 +121,7 @@ Populates the radius_nas table with switches in switches.conf. # First, we aim at reduced complexity. I prefer to dump and reload than to deal with merging config vs db changes. sub freeradius_populate_nas_config { my $logger = Log::Log4perl::get_logger('pf::freeradius'); + return unless db_ping; my ($switch_config) = @_; my %skip = (default => undef, '127.0.0.1' => undef ); my $radiusSecret; From e4d21cdb79186ad4445dc8ec4c663629afdb3267 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 2 Dec 2013 18:43:52 -0500 Subject: [PATCH 330/369] New schema for 4.1.0 release --- db/pf-schema-4.1.0.sql | 807 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 807 insertions(+) create mode 100644 db/pf-schema-4.1.0.sql diff --git a/db/pf-schema-4.1.0.sql b/db/pf-schema-4.1.0.sql new file mode 100644 index 000000000000..84118f8ec43c --- /dev/null +++ b/db/pf-schema-4.1.0.sql @@ -0,0 +1,807 @@ +-- +-- Table structure for table `class` +-- + +CREATE TABLE class ( + vid int(11) NOT NULL, + description varchar(255) NOT NULL default "none", + auto_enable char(1) NOT NULL default "Y", + max_enables int(11) NOT NULL default 0, + grace_period int(11) NOT NULL, + window varchar(255) NOT NULL default 0, + vclose int(11), + priority int(11) NOT NULL, + template varchar(255), + max_enable_url varchar(255), + redirect_url varchar(255), + button_text varchar(255), + enabled char(1) NOT NULL default "N", + vlan varchar(255), + target_category varchar(255), + PRIMARY KEY (vid) +) ENGINE=InnoDB; + +-- +-- Table structure for table `trigger` +-- +CREATE TABLE `trigger` ( + vid int(11) default NULL, + tid_start varchar(255) NOT NULL, + tid_end varchar(255) NOT NULL, + type varchar(255) default NULL, + whitelisted_categories varchar(255) NOT NULL default '', + PRIMARY KEY (vid,tid_start,tid_end,type), + KEY `trigger` (tid_start,tid_end,type), + CONSTRAINT `0_64` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB; + +-- +-- Table structure for table `person` +-- + +CREATE TABLE person ( + pid varchar(255) NOT NULL, + `firstname` varchar(255) default NULL, + `lastname` varchar(255) default NULL, + `email` varchar(255) default NULL, + `telephone` varchar(255) default NULL, + `company` varchar(255) default NULL, + `address` varchar(255) default NULL, + notes varchar(255), + sponsor varchar(255) default NULL, + PRIMARY KEY (pid) +) ENGINE=InnoDB; + + +-- +-- Table structure for table `node_category` +-- + +CREATE TABLE `node_category` ( + `category_id` int NOT NULL AUTO_INCREMENT, + `name` varchar(255) NOT NULL, + `max_nodes_per_pid` int default 0, + `notes` varchar(255) default NULL, + PRIMARY KEY (`category_id`) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; + +-- +-- Insert 'default' category +-- + +INSERT INTO `node_category` (category_id,name,notes) VALUES ("1","default","Placeholder role/category, feel free to edit"); + +-- +-- Insert 'guest' category +-- + +INSERT INTO `node_category` (category_id,name,notes) VALUES ("2","guest","Guests"); + +-- +-- Insert 'gaming' category +-- + +INSERT INTO `node_category` (category_id,name,notes) VALUES ("3","gaming","Gaming devices"); + +-- +-- Table structure for table `node` +-- + +CREATE TABLE node ( + mac varchar(17) NOT NULL, + pid varchar(255) NOT NULL default "admin", + category_id int default NULL, + detect_date datetime NOT NULL default "0000-00-00 00:00:00", + regdate datetime NOT NULL default "0000-00-00 00:00:00", + unregdate datetime NOT NULL default "0000-00-00 00:00:00", + lastskip datetime NOT NULL default "0000-00-00 00:00:00", + status varchar(15) NOT NULL default "unreg", + user_agent varchar(255) default NULL, + computername varchar(255) default NULL, + notes varchar(255) default NULL, + last_arp datetime NOT NULL default "0000-00-00 00:00:00", + last_dhcp datetime NOT NULL default "0000-00-00 00:00:00", + dhcp_fingerprint varchar(255) default NULL, + `bypass_vlan` varchar(50) default NULL, + `voip` enum('no','yes') NOT NULL DEFAULT 'no', + PRIMARY KEY (mac), + KEY pid (pid), + KEY category_id (category_id), + KEY `node_status` (`status`, `unregdate`), + KEY `node_dhcpfingerprint` (`dhcp_fingerprint`), + CONSTRAINT `0_57` FOREIGN KEY (`pid`) REFERENCES `person` (`pid`) ON DELETE CASCADE ON UPDATE CASCADE, + CONSTRAINT `node_category_key` FOREIGN KEY (`category_id`) REFERENCES `node_category` (`category_id`) +) ENGINE=InnoDB; + +-- +-- Table structure for table `node_useragent` +-- + +CREATE TABLE `node_useragent` ( + mac varchar(17) NOT NULL, + os varchar(255) DEFAULT NULL, + browser varchar(255) DEFAULT NULL, + device enum('no','yes') NOT NULL DEFAULT 'no', + device_name varchar(255) DEFAULT NULL, + mobile enum('no','yes') NOT NULL DEFAULT 'no', + PRIMARY KEY (mac) +) ENGINE=InnoDB; + +-- +-- Trigger to delete the node_useragent associated with a mac when deleting this mac from the node table +-- + +DROP TRIGGER IF EXISTS node_useragent_delete_trigger; +DELIMITER / +CREATE TRIGGER node_useragent_delete_trigger AFTER DELETE ON node +FOR EACH ROW +BEGIN + DELETE FROM node_useragent WHERE mac = OLD.mac; +END / +DELIMITER ; + +-- +-- Table structure for table `action` +-- + +CREATE TABLE action ( + vid int(11) NOT NULL, + action varchar(255) NOT NULL, + PRIMARY KEY (vid,action), + CONSTRAINT `FOREIGN` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB; + +-- +-- Table structure for table `violation` +-- + +CREATE TABLE violation ( + id int NOT NULL AUTO_INCREMENT, + mac varchar(17) NOT NULL, + vid int(11) NOT NULL, + start_date datetime NOT NULL, + release_date datetime default "0000-00-00 00:00:00", + status varchar(10) default "open", + ticket_ref varchar(255) default NULL, + notes text, + KEY mac (mac), + KEY vid (vid), + KEY status (status), + KEY ind1 (mac,status,vid), + CONSTRAINT `0_60` FOREIGN KEY (`mac`) REFERENCES `node` (`mac`) ON DELETE CASCADE ON UPDATE CASCADE, + CONSTRAINT `0_61` FOREIGN KEY (`vid`) REFERENCES `class` (`vid`) ON DELETE CASCADE ON UPDATE CASCADE, + PRIMARY KEY (id) +) ENGINE=InnoDB; + +-- +-- Table structure for table `iplog` +-- + +CREATE TABLE iplog ( + mac varchar(17) NOT NULL, + ip varchar(15) NOT NULL, + start_time datetime NOT NULL, + end_time datetime default "0000-00-00 00:00:00", + KEY mac (mac), + KEY `ip_view_open` (`ip`, `end_time`), + KEY `mac_view_open` (`mac`, `end_time`), + CONSTRAINT `0_63` FOREIGN KEY (`mac`) REFERENCES `node` (`mac`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB; + +CREATE TABLE os_type ( + os_id int(11) NOT NULL, + description varchar(255) NOT NULL, + PRIMARY KEY os_id (os_id) +) ENGINE=InnoDB; + +CREATE TABLE dhcp_fingerprint ( + fingerprint varchar(255) NOT NULL, + os_id int(11) NOT NULL, + PRIMARY KEY fingerprint (fingerprint), + KEY os_id_key (os_id), + CONSTRAINT `0_65` FOREIGN KEY (`os_id`) REFERENCES `os_type` (`os_id`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB; + +CREATE TABLE os_class ( + class_id int(11) NOT NULL, + description varchar(255) NOT NULL, + PRIMARY KEY class_id (class_id) +) ENGINE=InnoDB; + +CREATE TABLE os_mapping ( + os_type int(11) NOT NULL, + os_class int(11) NOT NULL, + PRIMARY KEY (os_type,os_class), + KEY os_type_key (os_type), + KEY os_class_key (os_class), + CONSTRAINT `0_66` FOREIGN KEY (`os_type`) REFERENCES `os_type` (`os_id`) ON DELETE CASCADE ON UPDATE CASCADE, + CONSTRAINT `0_67` FOREIGN KEY (`os_class`) REFERENCES `os_class` (`class_id`) ON DELETE CASCADE ON UPDATE CASCADE +) ENGINE=InnoDB; + +CREATE TABLE `locationlog` ( + `mac` varchar(17) default NULL, + `switch` varchar(17) NOT NULL default '', + `port` varchar(8) NOT NULL default '', + `vlan` varchar(50) default NULL, + `connection_type` varchar(50) NOT NULL default '', + `dot1x_username` varchar(255) NOT NULL default '', + `ssid` varchar(32) NOT NULL default '', + `start_time` datetime NOT NULL default '0000-00-00 00:00:00', + `end_time` datetime default NULL, + KEY `locationlog_view_mac` (`mac`, `end_time`), + KEY `locationlog_view_switchport` (`switch`,`port`,`end_time`,`vlan`) +) ENGINE=InnoDB; + +CREATE TABLE `locationlog_history` ( + `mac` varchar(17) default NULL, + `switch` varchar(17) NOT NULL default '', + `port` varchar(8) NOT NULL default '', + `vlan` varchar(50) default NULL, + `connection_type` varchar(50) NOT NULL default '', + `dot1x_username` varchar(255) NOT NULL default '', + `ssid` varchar(32) NOT NULL default '', + `start_time` datetime NOT NULL default '0000-00-00 00:00:00', + `end_time` datetime default NULL, + KEY `locationlog_history_view_mac` (`mac`, `end_time`) +) ENGINE=InnoDB; + +CREATE TABLE `userlog` ( + `mac` varchar(17) NOT NULL default '', + `pid` varchar(255) default NULL, + `start_time` datetime NOT NULL default '0000-00-00 00:00:00', + `end_time` datetime default NULL, + PRIMARY KEY (`mac`,`start_time`), + KEY `pid` (`pid`), + CONSTRAINT `userlog_ibfk_1` FOREIGN KEY (`mac`) REFERENCES `node` (`mac`) ON DELETE CASCADE +) ENGINE=InnoDB; + +CREATE TABLE `ifoctetslog` ( + `switch` varchar(17) NOT NULL default '', + `port` varchar(8) NOT NULL default '', + `read_time` datetime NOT NULL default '0000-00-00 00:00:00', + `mac` varchar(17) default NULL, + `ifInOctets` bigint(20) unsigned NOT NULL default '0', + `ifOutOctets` bigint(20) unsigned NOT NULL default '0', + PRIMARY KEY (`switch`,`port`,`read_time`) +) ENGINE=InnoDB; + +CREATE TABLE `switchlocation` ( + `switch` varchar(17) NOT NULL default '', + `port` varchar(8) NOT NULL default '', + `start_time` datetime NOT NULL default '0000-00-00 00:00:00', + `end_time` datetime default NULL, + `location` varchar(50) default NULL, + `description` varchar(50) default NULL, + PRIMARY KEY (`switch`,`port`,`start_time`) +) ENGINE=InnoDB; + +CREATE TABLE `traplog` ( + `switch` varchar(30) NOT NULL default '', + `ifIndex` smallint(6) NOT NULL default '0', + `parseTime` datetime NOT NULL default '0000-00-00 00:00:00', + `type` varchar(30) NOT NULL default '', + KEY `switch` (`switch`,`ifIndex`), + KEY `parseTime` (`parseTime`) +) ENGINE=InnoDB; + +CREATE TABLE `configfile` ( + `filename` varchar(255) NOT NULL, + `filecontent` text NOT NULL, + `lastmodified` datetime NOT NULL +) ENGINE=InnoDB default CHARSET=latin1; + +-- +-- Table structure for table `email_activation` +-- + +CREATE TABLE email_activation ( + `code_id` int NOT NULL AUTO_INCREMENT, + `pid` varchar(255) default NULL, + `mac` varchar(17) default NULL, + `email` varchar(255) NOT NULL, -- email were approbation request is sent + `activation_code` varchar(255) NOT NULL, + `expiration` datetime NOT NULL, + `status` varchar(60) default NULL, + `type` varchar(60) default NULL, + PRIMARY KEY (code_id), + KEY `identifier` (pid, mac), + KEY `activation` (activation_code, status) +) ENGINE=InnoDB; + +-- +-- Table structure for table `temporary_password` +-- + +CREATE TABLE temporary_password ( + `pid` varchar(255) NOT NULL, + `password` varchar(255) NOT NULL, + `valid_from` datetime default NULL, + `expiration` datetime NOT NULL, + `access_duration` varchar(255) default NULL, + `access_level` varchar(255) DEFAULT 'NONE', + `category` int DEFAULT NULL, + `sponsor` tinyint(1) NOT NULL default 0, + `unregdate` datetime NOT NULL default "0000-00-00 00:00:00", + PRIMARY KEY (pid) +) ENGINE=InnoDB; + +-- +-- Insert 'default' admin user +-- + +INSERT INTO `person` (pid,notes) VALUES ("admin","Default Admin User - do not delete"); +INSERT INTO temporary_password (pid, password, valid_from, expiration, access_duration, access_level, category) VALUES ('admin', 'admin', NOW(), '2038-01-01', '9999D', 'ALL', 1); + +-- +-- Trigger to delete the temp password from 'temporary_password' when deleting the pid associated with +-- + +DROP TRIGGER IF EXISTS temporary_password_delete_trigger; +DELIMITER / +CREATE TRIGGER temporary_password_delete_trigger AFTER DELETE ON person +FOR EACH ROW +BEGIN + DELETE FROM temporary_password WHERE pid = OLD.pid; +END / +DELIMITER ; + +-- +-- Table structure for table `sms_activation` +-- + +CREATE TABLE sms_activation ( + `code_id` int NOT NULL AUTO_INCREMENT, + `mac` varchar(17) default NULL, + `phone_number` varchar(255) NOT NULL, -- phone number where sms is sent + `carrier_id` int(11) NOT NULL, + `activation_code` varchar(255) NOT NULL, + `expiration` datetime NOT NULL, + `status` varchar(60) default NULL, + PRIMARY KEY (code_id), + KEY `identifier` (mac), + KEY `activation` (activation_code, status) +) ENGINE=InnoDB; + +-- +-- Table structure for table `sms_carrier` +-- +-- Source: StatusNet +-- Schema fetched on 2010-10-15 from: +-- http://gitorious.org/statusnet/mainline/blobs/raw/master/db/statusnet.sql +-- + +CREATE TABLE sms_carrier ( + id integer primary key comment 'primary key for SMS carrier', + name varchar(64) unique key comment 'name of the carrier', + email_pattern varchar(255) not null comment 'sprintf pattern for making an email address from a phone number', + created datetime not null comment 'date this record was created', + modified timestamp comment 'date this record was modified' +) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_bin; + +-- +-- Insert data for table `sms_carrier` +-- +-- Source: StatusNet +-- Data fetched on 2011-07-20 from: +-- http://gitorious.org/statusnet/mainline/blobs/raw/master/db/sms_carrier.sql +-- + +INSERT INTO sms_carrier + (id, name, email_pattern, created) +VALUES + (100056, '3 River Wireless', '%s@sms.3rivers.net', now()), + (100057, '7-11 Speakout', '%s@cingularme.com', now()), + (100058, 'Airtel (Karnataka, India)', '%s@airtelkk.com', now()), + (100059, 'Alaska Communications Systems', '%s@msg.acsalaska.com', now()), + (100060, 'Alltel Wireless', '%s@message.alltel.com', now()), + (100061, 'AT&T Wireless', '%s@txt.att.net', now()), + (100062, 'Bell Mobility (Canada)', '%s@txt.bell.ca', now()), + (100063, 'Boost Mobile', '%s@myboostmobile.com', now()), + (100064, 'Cellular One (Dobson)', '%s@mobile.celloneusa.com', now()), + (100065, 'Cingular (Postpaid)', '%s@cingularme.com', now()), + (100066, 'Centennial Wireless', '%s@cwemail.com', now()), + (100067, 'Cingular (GoPhone prepaid)', '%s@cingularme.com', now()), + (100068, 'Claro (Nicaragua)', '%s@ideasclaro-ca.com', now()), + (100069, 'Comcel', '%s@comcel.com.co', now()), + (100070, 'Cricket', '%s@sms.mycricket.com', now()), + (100071, 'CTI', '%s@sms.ctimovil.com.ar', now()), + (100072, 'Emtel (Mauritius)', '%s@emtelworld.net', now()), + (100073, 'Fido (Canada)', '%s@fido.ca', now()), + (100074, 'General Communications Inc.', '%s@msg.gci.net', now()), + (100075, 'Globalstar', '%s@msg.globalstarusa.com', now()), + (100076, 'Helio', '%s@myhelio.com', now()), + (100077, 'Illinois Valley Cellular', '%s@ivctext.com', now()), + (100078, 'i wireless', '%s.iws@iwspcs.net', now()), + (100079, 'Meteor (Ireland)', '%s@sms.mymeteor.ie', now()), + (100080, 'Mero Mobile (Nepal)', '%s@sms.spicenepal.com', now()), + (100081, 'MetroPCS', '%s@mymetropcs.com', now()), + (100082, 'Movicom', '%s@movimensaje.com.ar', now()), + (100083, 'Mobitel (Sri Lanka)', '%s@sms.mobitel.lk', now()), + (100084, 'Movistar (Colombia)', '%s@movistar.com.co', now()), + (100085, 'MTN (South Africa)', '%s@sms.co.za', now()), + (100086, 'MTS (Canada)', '%s@text.mtsmobility.com', now()), + (100087, 'Nextel (Argentina)', '%s@nextel.net.ar', now()), + (100088, 'Orange (Poland)', '%s@orange.pl', now()), + (100089, 'Personal (Argentina)', '%s@personal-net.com.ar', now()), + (100090, 'Plus GSM (Poland)', '%s@text.plusgsm.pl', now()), + (100091, 'President\'s Choice (Canada)', '%s@txt.bell.ca', now()), + (100092, 'Qwest', '%s@qwestmp.com', now()), + (100093, 'Rogers (Canada)', '%s@pcs.rogers.com', now()), + (100094, 'Sasktel (Canada)', '%s@sms.sasktel.com', now()), + (100095, 'Setar Mobile email (Aruba)', '%s@mas.aw', now()), + (100096, 'Solo Mobile', '%s@txt.bell.ca', now()), + (100097, 'Sprint (PCS)', '%s@messaging.sprintpcs.com', now()), + (100098, 'Sprint (Nextel)', '%s@page.nextel.com', now()), + (100099, 'Suncom', '%s@tms.suncom.com', now()), + (100100, 'T-Mobile', '%s@tmomail.net', now()), + (100101, 'T-Mobile (Austria)', '%s@sms.t-mobile.at', now()), + (100102, 'Telus Mobility (Canada)', '%s@msg.telus.com', now()), + (100103, 'Thumb Cellular', '%s@sms.thumbcellular.com', now()), + (100104, 'Tigo (Formerly Ola)', '%s@sms.tigo.com.co', now()), + (100105, 'Unicel', '%s@utext.com', now()), + (100106, 'US Cellular', '%s@email.uscc.net', now()), + (100107, 'Verizon', '%s@vtext.com', now()), + (100108, 'Virgin Mobile (Canada)', '%s@vmobile.ca', now()), + (100109, 'Virgin Mobile (USA)', '%s@vmobl.com', now()), + (100110, 'YCC', '%s@sms.ycc.ru', now()), + (100111, 'Orange (UK)', '%s@orange.net', now()), + (100112, 'Cincinnati Bell Wireless', '%s@gocbw.com', now()), + (100113, 'T-Mobile Germany', '%s@t-mobile-sms.de', now()), + (100114, 'Vodafone Germany', '%s@vodafone-sms.de', now()), + (100115, 'E-Plus', '%s@smsmail.eplus.de', now()), + (100116, 'Cellular South', '%s@csouth1.com', now()), + (100117, 'ChinaMobile (139)', '%s@139.com', now()), + (100118, 'Dialog Axiata', '%s@dialog.lk', now()); + +-- Adding RADIUS nas client table + +CREATE TABLE radius_nas ( + id int(10) NOT NULL AUTO_INCREMENT, + nasname varchar(128) NOT NULL, + shortname varchar(32), + type varchar(30) default 'other', + ports int(5), + secret varchar(60) default 'secret' NOT NULL, + community varchar(50), + description varchar(200) default 'RADIUS Client', + PRIMARY KEY (id), + KEY nasname (nasname) +) ENGINE=InnoDB; + +-- Adding RADIUS accounting table + +CREATE TABLE radacct ( + radacctid bigint(21) NOT NULL AUTO_INCREMENT, + acctsessionid varchar(64) NOT NULL default '', + acctuniqueid varchar(32) NOT NULL default '', + username varchar(64) NOT NULL default '', + groupname varchar(64) NOT NULL default '', + realm varchar(64) default '', + nasipaddress varchar(15) NOT NULL default '', + nasportid varchar(15) default NULL, + nasporttype varchar(32) default NULL, + acctstarttime datetime NULL default NULL, + acctstoptime datetime NULL default NULL, + acctsessiontime int(12) default NULL, + acctauthentic varchar(32) default NULL, + connectinfo_start varchar(50) default NULL, + connectinfo_stop varchar(50) default NULL, + acctinputoctets bigint(20) default NULL, + acctoutputoctets bigint(20) default NULL, + calledstationid varchar(50) NOT NULL default '', + callingstationid varchar(50) NOT NULL default '', + acctterminatecause varchar(32) NOT NULL default '', + servicetype varchar(32) default NULL, + framedprotocol varchar(32) default NULL, + framedipaddress varchar(15) NOT NULL default '', + acctstartdelay int(12) default NULL, + acctstopdelay int(12) default NULL, + xascendsessionsvrkey varchar(10) default NULL, + PRIMARY KEY (radacctid), + KEY username (username), + KEY framedipaddress (framedipaddress), + KEY acctsessionid (acctsessionid), + KEY acctsessiontime (acctsessiontime), + KEY acctuniqueid (acctuniqueid), + KEY acctstarttime (acctstarttime), + KEY acctstoptime (acctstoptime), + KEY nasipaddress (nasipaddress), + KEY callingstationid (callingstationid) +) ENGINE=InnoDB; + +-- Adding RADIUS update log table + +CREATE TABLE radacct_log ( + acctsessionid varchar(64) NOT NULL default '', + username varchar(64) NOT NULL default '', + nasipaddress varchar(15) NOT NULL default '', + acctstatustype varchar(25) NOT NULL default '', + timestamp datetime NULL default NULL, + acctinputoctets bigint(20) default NULL, + acctoutputoctets bigint(20) default NULL, + acctsessiontime int(12) default NULL, + KEY acctsessionid (acctsessionid), + KEY username (username), + KEY nasipaddress (nasipaddress), + KEY timestamp (timestamp) +) ENGINE=InnoDB; + +-- Adding RADIUS Updates Stored Procedure + +DROP PROCEDURE IF EXISTS acct_update; +DELIMITER / +CREATE PROCEDURE acct_update( + IN p_timestamp datetime, + IN p_acctsessiontime int(12), + IN p_acctinputoctets bigint(20), + IN p_acctoutputoctets bigint(20), + IN p_acctsessionid varchar(64), + IN p_username varchar(64), + IN p_nasipaddress varchar(15), + IN p_framedipaddress varchar(15), + IN p_acctstatustype varchar(25) +) +BEGIN + DECLARE Previous_Input_Octets bigint(20); + DECLARE Previous_Output_Octets bigint(20); + DECLARE Previous_Session_Time int(12); + + # Collect traffic previous values in the update table + SELECT SUM(acctinputoctets), SUM(acctoutputoctets), SUM(acctsessiontime) + INTO Previous_Input_Octets, Previous_Output_Octets, Previous_Session_Time + FROM radacct_log + WHERE acctsessionid = p_acctsessionid + AND username = p_username + AND nasipaddress = p_nasipaddress; + + # Set values to 0 when no previous records + IF (Previous_Session_Time IS NULL) THEN + SET Previous_Session_Time = 0; + SET Previous_Input_Octets = 0; + SET Previous_Output_Octets = 0; + END IF; + + # Update record with new traffic + UPDATE radacct SET + framedipaddress = p_framedipaddress, + acctsessiontime = p_acctsessiontime, + acctinputoctets = p_acctinputoctets, + acctoutputoctets = p_acctoutputoctets + WHERE acctsessionid = p_acctsessionid + AND username = p_username + AND nasipaddress = p_nasipaddress + AND (acctstoptime IS NULL OR acctstoptime = 0); + + # Create new record in the log table + INSERT INTO radacct_log + (acctsessionid, username, nasipaddress, + timestamp, acctstatustype, acctinputoctets, acctoutputoctets, acctsessiontime) + VALUES + (p_acctsessionid, p_username, p_nasipaddress, + p_timestamp, p_acctstatustype, (p_acctinputoctets - Previous_Input_Octets), (p_acctoutputoctets - Previous_Output_Octets), + (p_acctsessiontime - Previous_Session_Time)); +END / +DELIMITER ; + +-- Adding RADIUS Start Stored Procedure + +DROP PROCEDURE IF EXISTS acct_start; +DELIMITER / +CREATE PROCEDURE acct_start ( + IN p_acctsessionid varchar(64), + IN p_acctuniqueid varchar(32), + IN p_username varchar(64), + IN p_realm varchar(64), + IN p_nasipaddress varchar(15), + IN p_nasportid varchar(15), + IN p_nasporttype varchar(32), + IN p_acctstarttime datetime, + IN p_acctstoptime datetime, + IN p_acctsessiontime int(12), + IN p_acctauthentic varchar(32), + IN p_connectioninfo_start varchar(50), + IN p_connectioninfo_stop varchar(50), + IN p_acctinputoctets bigint(20), + IN p_acctoutputoctets bigint(20), + IN p_calledstationid varchar(50), + IN p_callingstationid varchar(50), + IN p_acctterminatecause varchar(32), + IN p_servicetype varchar(32), + IN p_framedprotocol varchar(32), + IN p_framedipaddress varchar(15), + IN p_acctstartdelay varchar(12), + IN p_acctstopdelay varchar(12), + IN p_xascendsessionsvrkey varchar(10), + IN p_acctstatustype varchar(25) +) +BEGIN + # Insert new record with new traffic + INSERT INTO radacct + (acctsessionid, acctuniqueid, username, + realm, nasipaddress, nasportid, + nasporttype, acctstarttime, acctstoptime, + acctsessiontime, acctauthentic, connectinfo_start, + connectinfo_stop, acctinputoctets, acctoutputoctets, + calledstationid, callingstationid, acctterminatecause, + servicetype, framedprotocol, framedipaddress, + acctstartdelay, acctstopdelay, xascendsessionsvrkey) + VALUES + (p_acctsessionid, p_acctuniqueid, p_username, + p_realm, p_nasipaddress, p_nasportid, + p_nasporttype, p_acctstarttime, p_acctstoptime, + p_acctsessiontime, p_acctauthentic, p_connectioninfo_start, + p_connectioninfo_stop, p_acctinputoctets, p_acctoutputoctets, + p_calledstationid, p_callingstationid, p_acctterminatecause, + p_servicetype, p_framedprotocol, p_framedipaddress, + p_acctstartdelay, p_acctstopdelay, p_xascendsessionsvrkey); + + # Create new record in the log table + INSERT INTO radacct_log + (acctsessionid, username, nasipaddress, + timestamp, acctstatustype, acctinputoctets, acctoutputoctets, acctsessiontime) + VALUES + (p_acctsessionid, p_username, p_nasipaddress, + p_acctstarttime, p_acctstatustype,p_acctinputoctets,p_acctoutputoctets,p_acctsessiontime); +END / +DELIMITER ; + +-- Adding RADIUS Stop Stored Procedure + +DROP PROCEDURE IF EXISTS acct_stop; +DELIMITER / +CREATE PROCEDURE acct_stop( + IN p_timestamp datetime, + IN p_acctsessiontime int(12), + IN p_acctinputoctets bigint(20), + IN p_acctoutputoctets bigint(20), + IN p_acctterminatecause varchar(12), + IN p_acctdelaystop varchar(32), + IN p_connectinfo_stop varchar(50), + IN p_acctsessionid varchar(64), + IN p_username varchar(64), + IN p_nasipaddress varchar(15), + IN p_acctstatustype varchar(25) +) +BEGIN + DECLARE Previous_Input_Octets bigint(20); + DECLARE Previous_Output_Octets bigint(20); + DECLARE Previous_Session_Time int(12); + + # Collect traffic previous values in the update table + SELECT SUM(acctinputoctets), SUM(acctoutputoctets), SUM(acctsessiontime) + INTO Previous_Input_Octets, Previous_Output_Octets, Previous_Session_Time + FROM radacct_log + WHERE acctsessionid = p_acctsessionid + AND username = p_username + AND nasipaddress = p_nasipaddress; + + # Set values to 0 when no previous records + IF (Previous_Session_Time IS NULL) THEN + SET Previous_Session_Time = 0; + SET Previous_Input_Octets = 0; + SET Previous_Output_Octets = 0; + END IF; + + # Update record with new traffic + UPDATE radacct SET + acctstoptime = p_timestamp, + acctsessiontime = p_acctsessiontime, + acctinputoctets = p_acctinputoctets, + acctoutputoctets = p_acctoutputoctets, + acctterminatecause = p_acctterminatecause, + connectinfo_stop = p_connectinfo_stop + WHERE acctsessionid = p_acctsessionid + AND username = p_username + AND nasipaddress = p_nasipaddress + AND (acctstoptime IS NULL OR acctstoptime = 0); + + # Create new record in the log table + INSERT INTO radacct_log + (acctsessionid, username, nasipaddress, + timestamp, acctstatustype, acctinputoctets, acctoutputoctets, acctsessiontime) + VALUES + (p_acctsessionid, p_username, p_nasipaddress, + p_timestamp, p_acctstatustype, (p_acctinputoctets - Previous_Input_Octets), (p_acctoutputoctets - Previous_Output_Octets), + (p_acctsessiontime - Previous_Session_Time)); +END / +DELIMITER ; + +-- +-- Statement of Health (SoH) related +-- +-- The web interface allows you to create any number of named filters, +-- which are a collection of rules. A rule is a specific condition that +-- must be satisfied by the statement of health, e.g. "anti-virus is not +-- installed". The rules in a filter are ANDed together to determine if +-- the specified action is to be executed. + +-- +-- One entry per filter. +-- + +CREATE TABLE soh_filters ( + filter_id int NOT NULL PRIMARY KEY AUTO_INCREMENT, + name varchar(32) NOT NULL UNIQUE, + + -- If action is null, this filter won't do anything. Otherwise this + -- column may have any value; "accept" and "violation" are currently + -- recognised and acted upon. + action varchar(32), + + -- If action = 'violation', then this column contains the vid of a + -- violation to trigger. (I wish I could write a constraint to + -- express this.) + vid int +) ENGINE=InnoDB; + +INSERT INTO soh_filters (name) VALUES ('Default'); + +-- +-- One entry for each rule in a filter. +-- + +CREATE TABLE soh_filter_rules ( + rule_id int NOT NULL PRIMARY KEY AUTO_INCREMENT, + + filter_id int NOT NULL, + FOREIGN KEY (filter_id) REFERENCES soh_filters (filter_id) + ON DELETE CASCADE, + + -- Any valid health class, e.g. "antivirus" + class varchar(32) NOT NULL, + + -- Must be 'is' or 'is not' + op varchar(16) NOT NULL, + + -- May be 'ok', 'installed', 'enabled', 'disabled', 'uptodate', + -- 'microsoft' for now; more values may be used in future. + status varchar(16) NOT NULL +) ENGINE=InnoDB; + +-- +-- Table structure for table `scan` +-- + +CREATE TABLE scan ( + id varchar(20) NOT NULL, + ip varchar(255) NOT NULL, + mac varchar(17) NOT NULL, + type varchar(255) NOT NULL, + start_date datetime NOT NULL, + update_date timestamp NOT NULL ON UPDATE CURRENT_TIMESTAMP, + status varchar(255) NOT NULL, + report_id varchar(255) NOT NULL, + PRIMARY KEY (id) +) ENGINE=InnoDB; + +-- +-- Table structure for table `billing` +-- + +CREATE TABLE billing ( + id varchar(20) NOT NULL, + ip varchar(255) NOT NULL, + mac varchar(17) NOT NULL, + type varchar(255) NOT NULL, + start_date datetime NOT NULL, + update_date timestamp NOT NULL ON UPDATE CURRENT_TIMESTAMP, + status varchar(255) NOT NULL, + item varchar(255) NOT NULL, + price varchar(255) NOT NULL, + person varchar(255) NOT NULL, + PRIMARY KEY (id) +) ENGINE=InnoDB; + +-- +-- Table structure for table `savedsearch` +-- + +CREATE TABLE savedsearch ( + id int NOT NULL AUTO_INCREMENT, + pid varchar(255) NOT NULL, + namespace varchar(255) NOT NULL, + name varchar(255) NOT NULL, + query text, + in_dashboard tinyint, + PRIMARY KEY (id) +) ENGINE=InnoDB; From 7e8eea8cd15b3b0a687036c5b4938195340ae7f9 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Mon, 2 Dec 2013 22:28:21 -0500 Subject: [PATCH 331/369] Fix reordering of conf sections and groups Fixes #1749 --- NEWS.asciidoc | 1 + lib/pf/IniFiles.pm | 16 ++++++++-------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index db3aebb39ee8..c01473b7811d 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -67,6 +67,7 @@ Bug Fixes * Fixed self-registration of multiple unverified devices * Fixed duplicate entries in advanced search of nodes * Fixed advanced search by node category +* Fixed reordering of conf sections and groups (#1749) Version 4.0.6-2 released on 2013-09-13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/lib/pf/IniFiles.pm b/lib/pf/IniFiles.pm index a385e8c72c4f..53835e9fe324 100644 --- a/lib/pf/IniFiles.pm +++ b/lib/pf/IniFiles.pm @@ -130,18 +130,18 @@ sub ResortSections { sub ReorderByGroup { my ($self) = @_; my @sections = $self->Sections; - if(@sections) { - #Finding all non group sections + if (@sections) { + # Finding all non group sections my @non_group = grep { !/ / } @sections; - if(scalar @sections != scalar @non_group) { - my @new_sections; + if (scalar @sections != scalar @non_group) { + my @new_sections; my @groups = grep { / / } @sections; foreach my $section (@non_group) { - push @new_sections,$section, grep { /^\Q$section \E/ } @groups; - @groups = grep { !/^\Q$section\E/ } @groups; + push @new_sections, $section, grep { /^\Q$section \E/ } @groups; + @groups = grep { !/^\Q$section \E/ } @groups; } - #Push any remaining group sections - push @new_sections,@groups; + # Push any remaining group sections + push @new_sections, @groups; $self->{sects} = \@new_sections; } } From fd482e1e60264fa994eff38472bf2f54ffdb15e3 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 3 Dec 2013 09:17:46 -0500 Subject: [PATCH 332/369] Fix packaging --- addons/packages/packetfence.spec | 1 - debian/packetfence.conffiles | 1 - 2 files changed, 2 deletions(-) diff --git a/addons/packages/packetfence.spec b/addons/packages/packetfence.spec index 5427d9c9f613..7daa42a7e9d3 100644 --- a/addons/packages/packetfence.spec +++ b/addons/packages/packetfence.spec @@ -650,7 +650,6 @@ fi %attr(0755, pf, pf) /usr/local/pf/bin/pftest %doc /usr/local/pf/ChangeLog %dir /usr/local/pf/conf -%config(noreplace) /usr/local/pf/conf/admin_roles.conf %config(noreplace) /usr/local/pf/conf/adminroles.conf %config(noreplace) /usr/local/pf/conf/authentication.conf %config /usr/local/pf/conf/chi.conf diff --git a/debian/packetfence.conffiles b/debian/packetfence.conffiles index 11b4923708a0..9bf2afb77b89 100644 --- a/debian/packetfence.conffiles +++ b/debian/packetfence.conffiles @@ -1,4 +1,3 @@ -/usr/local/pf/conf/admin_roles.conf /usr/local/pf/conf/adminroles.conf /usr/local/pf/conf/authentication.conf /usr/local/pf/conf/profiles.conf From f75306001e54a512998225352ecd86941b316566 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 3 Dec 2013 09:40:00 -0500 Subject: [PATCH 333/369] Fix warning in condition in pf::vlan --- lib/pf/vlan.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/vlan.pm b/lib/pf/vlan.pm index c672f2dd2c03..986ca7665396 100644 --- a/lib/pf/vlan.pm +++ b/lib/pf/vlan.pm @@ -366,7 +366,7 @@ sub getNormalVlan { # If it's an EAP connection with a username, we try to match that username with authentication sources to calculate # the role based on the rules defined in the different authentication sources. # FIRST HIT MATCH - elsif ( defined $user_name && (($connection_type & $EAP) == $EAP) ) { + elsif ( defined $user_name && $connection_type && ($connection_type & $EAP) == $EAP ) { $logger->debug("EAP connection with a username. Trying to match rules from authentication sources."); my $profile = pf::Portal::ProfileFactory->instantiate($mac); my @sources = ($profile->getInternalSources); From 3cf7ab61232404437ad7d4c74f22313b8d88e47a Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 3 Dec 2013 09:46:54 -0500 Subject: [PATCH 334/369] Update HTTP/BrowserDetect.pm --- lib/HTTP/BrowserDetect.pm | 777 ++++++++++++++++++++++++-------------- 1 file changed, 486 insertions(+), 291 deletions(-) diff --git a/lib/HTTP/BrowserDetect.pm b/lib/HTTP/BrowserDetect.pm index 9bd4f4d3994b..89ba9cac42a5 100644 --- a/lib/HTTP/BrowserDetect.pm +++ b/lib/HTTP/BrowserDetect.pm @@ -3,18 +3,14 @@ use warnings; package HTTP::BrowserDetect; -use vars qw(@ISA @EXPORT @EXPORT_OK @ALL_TESTS); -require Exporter; - -@ISA = qw(Exporter); -@EXPORT = qw(); -@EXPORT_OK = qw(); +use vars qw(@ALL_TESTS); # Operating Systems our @OS_TESTS = qw( windows mac os2 unix linux vms bsd amiga firefoxos + rimtabletos ); # More precise Windows @@ -23,9 +19,9 @@ our @WINDOWS_TESTS = qw( win95 win98 winnt winme win32 win2k winxp win2k3 winvista - win7 win8 wince - winphone winphone7 winphone7_5 - winphone8 + win7 win8 win8_0 + win8_1 wince winphone + winphone7 winphone7_5 winphone8 ); # More precise Mac @@ -90,6 +86,7 @@ our @IE_TESTS = qw( ie5 ie5up ie55 ie55up ie6 ie7 ie8 ie9 ie10 + ie11 ); our @OPERA_TESTS = qw( @@ -118,31 +115,73 @@ our @ENGINE_TESTS = qw( gecko trident ); +# https://support.google.com/webmasters/answer/1061943?hl=en + +my %ROBOTS = ( + altavista => 'AltaVista', + askjeeves => 'AskJeeves', + baidu => 'Baidu Spider', + curl => 'curl', + facebook => 'Facebook', + getright => 'GetRight', + google => 'Google', + googleadsbot => 'Google AdsBot', + googleadsense => 'Google AdSense', + googlebotimage => 'Googlebot Images', + googlebotnews => 'Googlebot News', + googlebotvideo => 'Googlebot Video', + googlemobile => 'Google Mobile', + icab => 'iCab', + infoseek => 'InfoSeek', + linkchecker => 'LinkChecker', + linkexchange => 'LinkExchange', + lotusnotes => 'Lotus Notes', + lwp => 'LWP::UserAgent', + lycos => 'Lycos', + msn => 'MSN', + msnmobile => 'MSN Mobile', + puf => 'puf', + robot => 'robot', + slurp => 'Yahoo! Slurp', + specialarchiver => 'archive.org_bot', + staroffice => 'StarOffice', + webcrawler => 'WebCrawler', + webtv => 'WebTV', + wget => 'wget', + yahoo => 'Yahoo', + yandeximages => 'YandexImages', +); + our @ROBOT_TESTS = qw( puf curl wget - getright robot yahoo + getright robot slurp + yahoo altavista lycos infoseek lwp webcrawler linkexchange - slurp webtv staroffice - lotusnotes icab google - googlemobile msn msnmobile + webtv staroffice + lotusnotes icab googlemobile + msn msnmobile facebook baidu googleadsbot - askjeeves + askjeeves googleadsense googlebotvideo + googlebotnews googlebotimage google + linkchecker yandeximages specialarchiver ); our @MISC_TESTS = qw( mobile dotnet x11 - java tablet + java tablet ); push @ALL_TESTS, ( - @OS_TESTS, @WINDOWS_TESTS, @MAC_TESTS, - @UNIX_TESTS, @BSD_TESTS, @GAMING_TESTS, - ( sort ( keys %DEVICE_TESTS ) ), @BROWSER_TESTS, @IE_TESTS, - @OPERA_TESTS, @AOL_TESTS, @NETSCAPE_TESTS, - @FIREFOX_TESTS, @ENGINE_TESTS, @ROBOT_TESTS, - @MISC_TESTS, + @OS_TESTS, @WINDOWS_TESTS, + @MAC_TESTS, @UNIX_TESTS, + @BSD_TESTS, @GAMING_TESTS, + ( sort ( keys %DEVICE_TESTS ) ), @BROWSER_TESTS, + @IE_TESTS, @OPERA_TESTS, + @AOL_TESTS, @NETSCAPE_TESTS, + @FIREFOX_TESTS, @ENGINE_TESTS, + @ROBOT_TESTS, @MISC_TESTS, ); # Safari build -> version map for versions prior to 3.0 @@ -229,19 +268,24 @@ sub _test { $self->{tests} = {}; my $tests = $self->{tests}; + $self->_os_tests; + $self->_robot_tests; my @ff = ( 'firefox', @FIREFOX_TESTS ); my $ff = join "|", @ff; my $ua = lc $self->{user_agent}; + # Trident Engine (detect early for sniffing out IE) + $tests->{TRIDENT} = ( index( $ua, "trident/" ) != -1 ); + # Browser version my ( $major, $minor, $beta ) = ( $ua =~ m{ \S+ # Greedly catch anything leading up to forward slash. \/ # Version starts with a slash [A-Za-z]* # Eat any letters before the major version - ( [^.]* ) # Major version number is everything before the first dot + ( [0-9A-Za-z]* ) # Major version number is everything before the first dot \. # The first dot ( [\d]* ) # Minor version number is every digit after the first dot [\d.]* # Throw away remaining numbers and dots @@ -266,32 +310,61 @@ sub _test { } - # IE (and many others ) version - if ($ua =~ m{ - compatible; - \s* - \w* - [\s|\/] - [A-Za-z\-\/]* # Eat any letters before the major version - ( [0-9a-zA-Z\.]* ) # Grab everything else and split it later - ; - }x + # IE (and others) version + if ( $ua =~ m{\b msie \s ( [0-9\.]+ ) (?: [a-z]+ [a-z0-9]* )? ;}x ) { + + # Internet Explorer + ( $major, $minor, $beta ) = split /\./, $1; + } + elsif ( $ua + =~ m{\b compatible; \s* [\w\-]* / ( [0-9\.]* ) (?: [a-z]+ [a-z0-9\.]* )? ;}x ) { - my $match = $1; - $match =~ s{[a-zA-Z].*}{}g; # toss the beta version for now - ( $major, $minor, $beta ) = split /\./, $match; + # Generic "compatible" formats + ( $major, $minor, $beta ) = split /\./, $1; } + elsif ($tests->{TRIDENT} && $ua =~ m{\b rv: ( [0-9\.]+ ) \b}x ) { + # MSIE masking as Gecko really well ;) + ( $major, $minor, $beta ) = split /\./, $1; + } + + # Opera browsers + + $tests->{OPERA} + = ( index( $ua, "opera" ) != -1 + || index( $ua, "opr/" ) != -1 ); + $tests->{OPERA3} + = ( index( $ua, "opera 3" ) != -1 + || index( $ua, "opera/3" ) != -1 ); + $tests->{OPERA4} + = ( index( $ua, "opera 4" ) != -1 ) + || ( index( $ua, "opera/4" ) != -1 + && ( index( $ua, "nintendo dsi" ) == -1 ) ); + $tests->{OPERA5} + = ( index( $ua, "opera 5" ) != -1 ) + || ( index( $ua, "opera/5" ) != -1 ); + $tests->{OPERA6} + = ( index( $ua, "opera 6" ) != -1 ) + || ( index( $ua, "opera/6" ) != -1 ); + $tests->{OPERA7} + = ( index( $ua, "opera 7" ) != -1 ) + || ( index( $ua, "opera/7" ) != -1 ); # Opera needs to be dealt with specifically # http://dev.opera.com/articles/view/opera-ua-string-changes/ + # http://my.opera.com/community/openweb/idopera/ # Opera/9.80 (S60; SymbOS; Opera Mobi/320; U; sv) Presto/2.4.15 Version/10.00 + # Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.52 Safari/537.36 OPR/15.0.1147.100 if ( $ua =~ m{\AOpera.*\sVersion/(\d*)\.(\d*)\z}i ) { $major = $1; $minor = $2; } + elsif ( $ua =~ m{\bOPR/(\d+)\.(\d+)}i ) { + $major = $1; + $minor = $2; + } elsif ( $ua =~ m{NetFront/(\d*)\.(\d*) Kindle}i ) { $major = $1; $minor = $2; @@ -309,7 +382,9 @@ sub _test { $tests->{GECKO} = ( index( $ua, "gecko" ) != -1 ) && ( index( $ua, "like gecko" ) == -1 ); - $tests->{CHROME} = ( index( $ua, "chrome/" ) != -1 ); + $tests->{CHROME} + = ( !$tests->{OPERA} + && index( $ua, "chrome/" ) != -1 ); $tests->{SAFARI} = ( ( index( $ua, "safari" ) != -1 ) || ( index( $ua, "applewebkit" ) != -1 ) ) @@ -358,10 +433,12 @@ sub _test { = ( !$tests->{FIREFOX} && !$tests->{SAFARI} && !$tests->{CHROME} + && !$tests->{OPERA} + && !$tests->{TRIDENT} && index( $ua, "mozilla" ) != -1 + && index( $ua, "msie" ) == -1 && index( $ua, "spoofer" ) == -1 && index( $ua, "compatible" ) == -1 - && index( $ua, "opera" ) == -1 && index( $ua, "webtv" ) == -1 && index( $ua, "hotjava" ) == -1 && index( $ua, "nintendo" ) == -1 @@ -401,7 +478,8 @@ sub _test { # Internet Explorer browsers - $tests->{IE} = ( index( $ua, "msie" ) != -1 + $tests->{IE} = ( $tests->{TRIDENT} + || index( $ua, "msie" ) != -1 || index( $ua, 'microsoft internet explorer' ) != -1 ); $tests->{IE3} = ( $tests->{IE} && $major == 3 ); $tests->{IE4} = ( $tests->{IE} && $major == 4 ); @@ -416,6 +494,7 @@ sub _test { $tests->{IE8} = ( $tests->{IE} && $major == 8 ); $tests->{IE9} = ( $tests->{IE} && $major == 9 ); $tests->{IE10} = ( $tests->{IE} && $major == 10 ); + $tests->{IE11} = ( $tests->{IE} && $major == 11 ); # Neoplanet browsers @@ -435,24 +514,8 @@ sub _test { $tests->{AOLTV} = ( index( $ua, "navio" ) != -1 ) || ( index( $ua, "navio_aoltv" ) != -1 ); - # Opera browsers - - $tests->{OPERA} = ( index( $ua, "opera" ) != -1 ); - $tests->{OPERA3} = ( index( $ua, "opera 3" ) != -1 ) - || ( index( $ua, "opera/3" ) != -1 ); - $tests->{OPERA4} = ( index( $ua, "opera 4" ) != -1 ) - || ( index( $ua, "opera/4" ) != -1 - && ( index( $ua, "nintendo dsi" ) == -1 ) ); - $tests->{OPERA5} = ( index( $ua, "opera 5" ) != -1 ) - || ( index( $ua, "opera/5" ) != -1 ); - $tests->{OPERA6} = ( index( $ua, "opera 6" ) != -1 ) - || ( index( $ua, "opera/6" ) != -1 ); - $tests->{OPERA7} = ( index( $ua, "opera 7" ) != -1 ) - || ( index( $ua, "opera/7" ) != -1 ); - # Other browsers - $tests->{CURL} = ( index( $ua, "libcurl" ) != -1 ); $tests->{STAROFFICE} = ( index( $ua, "staroffice" ) != -1 ); $tests->{ICAB} = ( index( $ua, "icab" ) != -1 ); $tests->{LOTUSNOTES} = ( index( $ua, "lotus-notes" ) != -1 ); @@ -462,74 +525,11 @@ sub _test { $tests->{ELINKS} = ( index( $ua, "elinks" ) != -1 ); $tests->{WEBTV} = ( index( $ua, "webtv" ) != -1 ); $tests->{MOSAIC} = ( index( $ua, "mosaic" ) != -1 ); - $tests->{PUF} = ( index( $ua, "puf/" ) != -1 ); - $tests->{WGET} = ( index( $ua, "wget" ) != -1 ); - $tests->{GETRIGHT} = ( index( $ua, "getright" ) != -1 ); - $tests->{LWP} - = ( index( $ua, "libwww-perl" ) != -1 || index( $ua, "lwp-" ) != -1 ); - $tests->{YAHOO} = ( index( $ua, "yahoo" ) != -1 ) - && ( index( $ua, 'jp.co.yahoo.android' ) == -1 ); - $tests->{GOOGLE} = ( index( $ua, "googlebot" ) != -1 ); - $tests->{GOOGLEMOBILE} = ( index( $ua, "googlebot-mobile" ) != -1 ); - $tests->{MSN} = ( - ( index( $ua, "msnbot" ) != -1 || index( $ua, "bingbot" ) ) != -1 ); - $tests->{MSNMOBILE} = ( - ( index( $ua, "msnbot-mobile" ) != -1 - || index( $ua, "bingbot-mobile" ) - ) != -1 - ); $tests->{JAVA} = ( index( $ua, "java" ) != -1 || index( $ua, "jdk" ) != -1 || index( $ua, "jakarta commons-httpclient" ) != -1 ); - $tests->{ALTAVISTA} = ( index( $ua, "altavista" ) != -1 ); - $tests->{SCOOTER} = ( index( $ua, "scooter" ) != -1 ); - $tests->{LYCOS} = ( index( $ua, "lycos" ) != -1 ); - $tests->{INFOSEEK} = ( index( $ua, "infoseek" ) != -1 ); - $tests->{WEBCRAWLER} = ( index( $ua, "webcrawler" ) != -1 ); - $tests->{LINKEXCHANGE} = ( index( $ua, "lecodechecker" ) != -1 ); - $tests->{SLURP} = ( index( $ua, "slurp" ) != -1 ); - $tests->{FACEBOOK} = ( index( $ua, "facebookexternalhit" ) != -1 ); - $tests->{BAIDU} = ( index( $ua, "baiduspider" ) != -1 ); - $tests->{GOOGLEADSBOT} = ( index( $ua, "adsbot-google" ) != -1 ); - $tests->{ASKJEEVES} = ( index( $ua, "ask jeeves/teoma" ) != -1 ); - $tests->{ROBOT} = ( - ( $tests->{WGET} - || $tests->{PUF} - || $tests->{GETRIGHT} - || $tests->{LWP} - || $tests->{YAHOO} - || $tests->{ALTAVISTA} - || $tests->{LYCOS} - || $tests->{INFOSEEK} - || $tests->{WEBCRAWLER} - || $tests->{LINKEXCHANGE} - || $tests->{SLURP} - || $tests->{GOOGLE} - || $tests->{GOOGLEMOBILE} - || $tests->{MSN} - || $tests->{MSNMOBILE} - || $tests->{FACEBOOK} - || $tests->{JAVA} - || $tests->{BAIDU} - || $tests->{GOOGLEADSBOT} - || $tests->{ASKJEEVES} - ) - || index( $ua, "bot" ) != -1 - || index( $ua, "spider" ) != -1 - || index( $ua, "crawl" ) != -1 - || index( $ua, "agent" ) != -1 - || $ua =~ /seek (?! mo (?: toolbar )? \s+ \d+\.\d+ )/x - || $ua =~ /search (?! [\w\s]* toolbar \b | bar \b )/x - || index( $ua, "reap" ) != -1 - || index( $ua, "worm" ) != -1 - || index( $ua, "find" ) != -1 - || index( $ua, "index" ) != -1 - || index( $ua, "copy" ) != -1 - || index( $ua, "fetch" ) != -1 - || index( $ua, "ia_archive" ) != -1 - || index( $ua, "zyborg" ) != -1 - ); + $tests->{NETFRONT} = ( index( $ua, "playstation 3" ) != -1 || index( $ua, "playstation portable" ) != -1 @@ -537,21 +537,22 @@ sub _test { # Devices - $tests->{BLACKBERRY} = ( index( $ua, "blackberry" ) != -1 ); - $tests->{IPHONE} = ( index( $ua, "iphone" ) != -1 ); - $tests->{WINCE} = ( index( $ua, "windows ce" ) != -1 ); - $tests->{WINPHONE} = ( index( $ua, "windows phone" ) != -1 ); - $tests->{WEBOS} = ( index( $ua, "webos" ) != -1 ); - $tests->{IPOD} = ( index( $ua, "ipod" ) != -1 ); - $tests->{IPAD} = ( index( $ua, "ipad" ) != -1 ); - $tests->{KINDLE} = ( index( $ua, "kindle" ) != -1 ); - $tests->{AUDREY} = ( index( $ua, "audrey" ) != -1 ); - $tests->{IOPENER} = ( index( $ua, "i-opener" ) != -1 ); - $tests->{AVANTGO} = ( index( $ua, "avantgo" ) != -1 ); - $tests->{PALM} = ( $tests->{AVANTGO} || index( $ua, "palmos" ) != -1 ); - $tests->{OBIGO} = ( index( $ua, "obigo/" ) != -1 ); - $tests->{WAP} = ( - $tests->{OBIGO} + $tests->{BLACKBERRY} = ( index( $ua, "blackberry" ) != -1 + || index( $ua, "rim tablet os" ) != -1 ); + $tests->{IPHONE} = ( index( $ua, "iphone" ) != -1 ); + $tests->{WINCE} = ( index( $ua, "windows ce" ) != -1 ); + $tests->{WINPHONE} = ( index( $ua, "windows phone" ) != -1 ); + $tests->{WEBOS} = ( index( $ua, "webos" ) != -1 ); + $tests->{IPOD} = ( index( $ua, "ipod" ) != -1 ); + $tests->{IPAD} = ( index( $ua, "ipad" ) != -1 ); + $tests->{KINDLE} = ( index( $ua, "kindle" ) != -1 ); + $tests->{AUDREY} = ( index( $ua, "audrey" ) != -1 ); + $tests->{IOPENER} = ( index( $ua, "i-opener" ) != -1 ); + $tests->{AVANTGO} = ( index( $ua, "avantgo" ) != -1 ); + $tests->{PALM} = ( $tests->{AVANTGO} || index( $ua, "palmos" ) != -1 ); + $tests->{OBIGO} = ( index( $ua, "obigo/" ) != -1 ); + $tests->{WAP} + = ( $tests->{OBIGO} || index( $ua, "up.browser" ) != -1 || ( index( $ua, "nokia" ) != -1 && !$tests->{WINPHONE} ) || index( $ua, "alcatel" ) != -1 @@ -571,9 +572,11 @@ sub _test { $tests->{DSI} = ( index( $ua, "nintendo dsi" ) != -1 ); $tests->{'N3DS'} = ( index( $ua, "nintendo 3ds" ) != -1 ); - $tests->{MOBILE} = ( - ( $tests->{FIREFOX} && index( $ua, "mobile" ) != -1 ) + ( $tests->{FIREFOX} && index( $ua, "mobile" ) != -1 ) + || ( $tests->{IE} + && !$tests->{WINPHONE} + && index( $ua, "arm" ) != -1 ) || index( $ua, "up.browser" ) != -1 || index( $ua, "nokia" ) != -1 || index( $ua, "alcatel" ) != -1 @@ -596,8 +599,10 @@ sub _test { || index( $ua, "iphone" ) != -1 || index( $ua, "ipod" ) != -1 || index( $ua, "ipad" ) != -1 - || (index( $ua, "opera mini" ) != -1 && index( $ua, "tablet" ) == -1 ) - || (index( $ua, "android" ) != -1 && index( $ua, "mobile" ) != -1 ) + || ( index( $ua, "opera mini" ) != -1 + && index( $ua, "tablet" ) == -1 ) + || ( index( $ua, "android" ) != -1 + && index( $ua, "mobile" ) != -1 ) || index( $ua, "htc_" ) != -1 || index( $ua, "symbian" ) != -1 || index( $ua, "webos" ) != -1 @@ -609,17 +614,22 @@ sub _test { || index( $ua, "opera mobi" ) != -1 || index( $ua, "fennec" ) != -1 || index( $ua, "opera tablet" ) != -1 + || index( $ua, "rim tablet" ) != -1 || $tests->{PSP} || $tests->{DSI} || $tests->{'N3DS'} || $tests->{GOOGLEMOBILE} || $tests->{MSNMOBILE} ); - - + $tests->{TABLET} = ( - index( $ua, "ipad" ) != -1 - || (index( $ua, "android" ) != -1 && index( $ua, "mobile" ) == -1 && index( $ua, "opera" ) == -1 ) + index( $ua, "ipad" ) != -1 + || ( $tests->{IE} + && !$tests->{WINPHONE} + && index( $ua, "arm" ) != -1 ) + || ( index( $ua, "android" ) != -1 + && index( $ua, "mobile" ) == -1 + && index( $ua, "opera" ) == -1 ) || index( $ua, "kindle" ) != -1 || index( $ua, "xoom" ) != -1 || index( $ua, "flyer" ) != -1 @@ -639,13 +649,188 @@ sub _test { || index( $ua, "an10bg3" ) != -1 || index( $ua, "an10bg3dt" ) != -1 || index( $ua, "opera tablet" ) != -1 - || index( $ua, "hp-tablet" ) != -1 - - + || index( $ua, "rim tablet" ) != -1 + || index( $ua, "hp-tablet" ) + != -1 + ); # Operating System + # A final try at browser version, if we haven't gotten it so far + if ( !defined( $major ) || $major eq '' ) { + if ( $ua =~ /[A-Za-z]+\/(\d+)\;/ ) { + $major = $1; + $minor = 0; + } + + } + + # Gecko version + $self->{gecko_version} = undef; + if ( $tests->{GECKO} ) { + if ( $ua =~ /\([^)]*rv:([\w.\d]*)/ ) { + $self->{gecko_version} = $1; + } + } + + # Engines + + $self->{engine_version} = $self->{gecko_version}; + + if ( $ua =~ /trident\/([\w\.\d]*)/ ) { + $self->{engine_version} = $1; + } + + # RealPlayer + $tests->{REALPLAYER} + = ( index( $ua, "(r1 " ) != -1 || index( $ua, "realplayer" ) != -1 ); + + $self->{realplayer_version} = undef; + if ( $tests->{REALPLAYER} ) { + if ( $ua =~ /realplayer\/([\d+\.]+)/ ) { + $self->{realplayer_version} = $1; + my @version = split( /\./, $self->{realplayer_version} ); + $major = shift @version; + $minor = shift @version; + } + elsif ( $ua =~ /realplayer\s(\w+)/ ) { + $self->{realplayer_version} = $1; + } + } + + # Device from UA + + $self->{device_name} = undef; + + if ( $tests->{OBIGO} && $ua =~ /^(mot-\S+)/ ) { + $self->{device_name} = substr $self->{user_agent}, 0, length $1; + $self->{device_name} =~ s/^MOT-/Motorola /i; + } + elsif ( + $ua =~ /windows phone os [^\)]+ iemobile\/[^;]+; ([^;]+; [^;\)]+)/g ) + { + $self->{device_name} = substr $self->{user_agent}, + pos( $ua ) - length $1, length $1; + $self->{device_name} =~ s/; / /; + } + elsif ( $ua + =~ /windows phone [^\)]+ iemobile\/[^;]+; arm; touch; ([^;]+; [^;\)]+)/g + ) + { + $self->{device_name} = substr $self->{user_agent}, + pos( $ua ) - length $1, length $1; + $self->{device_name} =~ s/; / /; + } + + $self->{major} = $major; + $self->{minor} = $minor; + $self->{beta} = $beta; + + $self->_os_tests; + $self->_robot_tests; + + return undef unless $self->robot; + +} + +sub _robot_tests { + my $self = shift; + my $ua = lc $self->{user_agent}; + my $tests = $self->{tests}; + + $tests->{LWP} + = ( index( $ua, "libwww-perl" ) != -1 || index( $ua, "lwp-" ) != -1 ); + $tests->{YAHOO} = ( index( $ua, "yahoo" ) != -1 ) + && ( index( $ua, 'jp.co.yahoo.android' ) == -1 ); + $tests->{MSN} = ( + ( index( $ua, "msnbot" ) != -1 || index( $ua, "bingbot" ) ) != -1 ); + $tests->{MSNMOBILE} = ( + ( index( $ua, "msnbot-mobile" ) != -1 + || index( $ua, "bingbot-mobile" ) + ) != -1 + ); + + $tests->{ALTAVISTA} = ( index( $ua, "altavista" ) != -1 ); + $tests->{ASKJEEVES} = ( index( $ua, "ask jeeves/teoma" ) != -1 ); + $tests->{BAIDU} = ( index( $ua, "baiduspider" ) != -1 ); + $tests->{CURL} = ( index( $ua, "libcurl" ) != -1 ); + $tests->{FACEBOOK} = ( index( $ua, "facebookexternalhit" ) != -1 ); + $tests->{GETRIGHT} = ( index( $ua, "getright" ) != -1 ); + $tests->{GOOGLEADSBOT} = ( index( $ua, "adsbot-google" ) != -1 ); + $tests->{GOOGLEADSENSE} = ( index( $ua, "mediapartners-google" ) != -1 ); + $tests->{GOOGLEBOTIMAGE} = ( index( $ua, "googlebot-image" ) != -1 ); + $tests->{GOOGLEBOTNEWS} = ( index( $ua, "googlebot-news" ) != -1 ); + $tests->{GOOGLEBOTVIDEO} = ( index( $ua, "googlebot-video" ) != -1 ); + $tests->{GOOGLEMOBILE} = ( index( $ua, "googlebot-mobile" ) != -1 ); + $tests->{GOOGLE} = ( index( $ua, "googlebot" ) != -1 ); + $tests->{INFOSEEK} = ( index( $ua, "infoseek" ) != -1 ); + $tests->{LINKEXCHANGE} = ( index( $ua, "lecodechecker" ) != -1 ); + $tests->{LINKCHECKER} = ( index( $ua, "linkchecker" ) != -1 ); + $tests->{LYCOS} = ( index( $ua, "lycos" ) != -1 ); + $tests->{PUF} = ( index( $ua, "puf/" ) != -1 ); + $tests->{SCOOTER} = ( index( $ua, "scooter" ) != -1 ); + $tests->{SLURP} = ( index( $ua, "slurp" ) != -1 ); + $tests->{SPECIALARCHIVER} = ( index( $ua, "special_archiver" ) != -1 ); + $tests->{WEBCRAWLER} = ( index( $ua, "webcrawler" ) != -1 ); + $tests->{WGET} = ( index( $ua, "wget" ) != -1 ); + $tests->{YANDEXIMAGES} = ( index( $ua, "yandeximages" ) != -1 ); + + $tests->{ROBOT} + = ( $tests->{ALTAVISTA} + || $tests->{ASKJEEVES} + || $tests->{BAIDU} + || $tests->{FACEBOOK} + || $tests->{GETRIGHT} + || $tests->{GOOGLEADSBOT} + || $tests->{GOOGLEADSENSE} + || $tests->{GOOGLEMOBILE} + || $tests->{GOOGLEBOTNEWS} + || $tests->{GOOGLEBOTIMAGE} + || $tests->{GOOGLEBOTVIDEO} + || $tests->{GOOGLE} + || $tests->{INFOSEEK} + || $tests->{JAVA} + || $tests->{LINKEXCHANGE} + || $tests->{LINKCHECKER} + || $tests->{LWP} + || $tests->{LYCOS} + || $tests->{MSNMOBILE} + || $tests->{MSN} + || $tests->{PUF} + || $tests->{SLURP} + || $tests->{SPECIALARCHIVER} + || $tests->{WEBCRAWLER} + || $tests->{WGET} + || $tests->{YAHOO} + || $tests->{YANDEXIMAGES} ) + || index( $ua, "agent" ) != -1 + || index( $ua, "bot" ) != -1 + || index( $ua, "copy" ) != -1 + || index( $ua, "crawl" ) != -1 + || index( $ua, "fetch" ) != -1 + || index( $ua, "find" ) != -1 + || index( $ua, "ia_archive" ) != -1 + || index( $ua, "index" ) != -1 + || index( $ua, "reap" ) != -1 + || index( $ua, "spider" ) != -1 + || index( $ua, "worm" ) != -1 + || index( $ua, "zyborg" ) != -1 + || $ua =~ /seek (?! mo (?: toolbar )? \s+ \d+\.\d+ )/x + || $ua =~ /search (?! [\w\s]* toolbar \b | bar \b )/x; + + # Yahoo Slurp! hack this should apply to most browsers, but there's a case + # where GoogleBot masquerades as Safari on iOS. not sure how to handle + # that. + + delete $tests->{FIREFOX} if $self->robot; +} + +sub _os_tests { + my $self = shift; + my $tests = $self->{tests}; + my $ua = lc $self->{user_agent}; + $tests->{WIN16} = ( index( $ua, "win16" ) != -1 || index( $ua, "16bit" ) != -1 @@ -674,7 +859,9 @@ sub _test { $tests->{WIN2K3} = ( index( $ua, "nt 5.2" ) != -1 ); $tests->{WINVISTA} = ( index( $ua, "nt 6.0" ) != -1 ); $tests->{WIN7} = ( index( $ua, "nt 6.1" ) != -1 ); - $tests->{WIN8} = ( index( $ua, "nt 6.2" ) != -1 ); + $tests->{WIN8_0} = ( index( $ua, "nt 6.2" ) != -1 ); + $tests->{WIN8_1} = ( index( $ua, "nt 6.3" ) != -1 ); + $tests->{WIN8} = ( $tests->{WIN8_0} || $tests->{WIN8_1} ); $tests->{DOTNET} = ( index( $ua, ".net clr" ) != -1 ); $tests->{WINME} = ( index( $ua, "win 9x 4.90" ) != -1 ); # whatever @@ -756,8 +943,8 @@ sub _test { $tests->{AIX3} = ( index( $ua, "aix 3" ) != -1 ); $tests->{AIX4} = ( index( $ua, "aix 4" ) != -1 ); - $tests->{LINUX} = ( index( $ua, "inux" ) != -1 ); - $tests->{SCO} = $ua =~ m{(?:SCO|unix_sv)}; + $tests->{LINUX} = ( index( $ua, "inux" ) != -1 ); + $tests->{SCO} = $ua =~ m{(?:SCO|unix_sv)}; $tests->{UNIXWARE} = ( index( $ua, "unix_system_v" ) != -1 ); $tests->{MPRAS} = ( index( $ua, "ncr" ) != -1 ); $tests->{RELIANT} = ( index( $ua, "reliantunix" ) != -1 ); @@ -798,138 +985,117 @@ sub _test { && !$tests->{ANDROID} && index( $ua, "fennec" ) == -1 ); + $tests->{RIMTABLETOS} = ( index( $ua, "rim tablet os" ) != -1 ); + $tests->{PS3GAMEOS} = $tests->{PS3} && $tests->{NETFRONT}; $tests->{PSPGAMEOS} = $tests->{PSP} && $tests->{NETFRONT}; +} - # A final try at browser version, if we haven't gotten it so far - if ( !defined( $major ) || $major eq '' ) { - if ( $ua =~ /[A-Za-z]+\/(\d+)\;/ ) { - $major = $1; - $minor = 0; - } +# undocumented, experimental, volatile. not bothering with major/minor here as +# that's flawed for 3 point versions the plan is to move this parsing into the +# UeberAgent parser - } +sub os_version { + my $self = shift; - # Gecko version - $self->{gecko_version} = undef; - if ( $tests->{GECKO} ) { - if ( $ua =~ /\([^)]*rv:([\w.\d]*)/ ) { - $self->{gecko_version} = $1; - } + if ( $self->ios && $self->{user_agent} =~ m{OS (\d*_\d*|\d*_\d*_\d*) like Mac} ) { + my $version = $1; + $version =~ s{_}{.}g; + return $version; } - # Engines - - $tests->{TRIDENT} = ( index( $ua, "trident/" ) != -1 ); - - $self->{engine_version} = $self->{gecko_version}; - - if ( $ua =~ /trident\/([\w\.\d]*)/ ) { - $self->{engine_version} = $1; + if ( $self->mac && $self->{user_agent} =~ m{ X \s (\d\d)_(\d)_(\d)}x ) { + return join '.', $1, $2, $3; } - # RealPlayer - $tests->{REALPLAYER} - = ( index( $ua, "(r1 " ) != -1 || index( $ua, "realplayer" ) != -1 ); - - $self->{realplayer_version} = undef; - if ( $tests->{REALPLAYER} ) { - if ( $ua =~ /realplayer\/([\d+\.]+)/ ) { - $self->{realplayer_version} = $1; - my @version = split( /\./, $self->{realplayer_version} ); - $major = shift @version; - $minor = shift @version; - } - elsif ( $ua =~ /realplayer\s(\w+)/ ) { - $self->{realplayer_version} = $1; - } + # firefox in mac + # "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0" + if ( $self->mac && $self->{user_agent} =~ m{ X \s (\d\d\.\d)}x ) { + return $1; } - # Device from UA - - $self->{device_name} = undef; - - if ( $tests->{OBIGO} && $ua =~ /^(mot-\S+)/ ) - { - $self->{device_name} = substr $self->{user_agent}, 0, length $1; - $self->{device_name} =~ s/^MOT-/Motorola /i; - } - elsif ( $ua =~ /windows phone os [^\)]+ iemobile\/[^;]+; ([^;]+; [^;\)]+)/g ) + if ( $self->winphone + && $self->{user_agent} =~ m{Windows \s Phone \s \w{0,2} \s{0,1} (\d+\.\d+);}x ) { - $self->{device_name} = substr $self->{user_agent}, - pos( $ua ) - length $1, length $1; - $self->{device_name} =~ s/; / /; + return $1; } - elsif ( $ua =~ /windows phone [^\)]+ iemobile\/[^;]+; arm; touch; ([^;]+; [^;\)]+)/g ) - { - $self->{device_name} = substr $self->{user_agent}, - pos( $ua ) - length $1, length $1; - $self->{device_name} =~ s/; / /; + + if ( $self->android && $self->{user_agent} =~ m{Android ([\d\.\w-]*)} ) { + return $1; } - $self->{major} = $major; - $self->{minor} = $minor; - $self->{beta} = $beta; + if ( $self->firefoxos && $self->{user_agent} =~ m{Firefox/([\d\.]*)} ) { + return $1; + } } +# because the internals are the way they are, these tests have to happen in a +# certain order. hopefully we can change this once we have lazily loaded +# attributes. in the meantime, a pile of returns will do the job. if we +# changed this to use a hash, we'd still need a carefully ordered array of keys +# in order to get something useful back. so, as it is, this actually wouldn't +# be that much less verbose and the order of operations is quite clear. it +# still feels dirty, though. it does highlight the fact that way too many +# methods can return true for some UA strings, which means there are probably a +# lot of false positives we haven't checked for. + sub browser_string { - my ( $self ) = _self_or_default( @_ ); - my $browser_string = undef; - my $user_agent = $self->user_agent; - if ( defined $user_agent ) { - $browser_string = 'Netscape' if $self->netscape; - $browser_string = 'Firefox' if $self->firefox; - $browser_string = 'Safari' if $self->safari; - $browser_string = 'Chrome' if $self->chrome; - $browser_string = 'MSIE' if $self->ie; - $browser_string = 'WebTV' if $self->webtv; - $browser_string = 'AOL Browser' if $self->aol; - $browser_string = 'Obigo' if $self->obigo; - $browser_string = 'Opera' if $self->opera; - $browser_string = 'Mosaic' if $self->mosaic; - $browser_string = 'Lynx' if $self->lynx; - $browser_string = 'Links' if $self->links; - $browser_string = 'RealPlayer' if $self->realplayer_browser; - $browser_string = 'IceWeasel' if $self->iceweasel; - $browser_string = 'curl' if $self->curl; - $browser_string = 'puf' if $self->puf; - $browser_string = 'NetFront' if $self->netfront; - $browser_string = 'Mobile Safari' if $self->mobile_safari; - $browser_string = 'ELinks' if $self->elinks; - $browser_string = 'BlackBerry' if $self->blackberry; - $browser_string = 'Nintendo 3DS' if $self->n3ds; - $browser_string = 'Nintendo DSi' if $self->dsi; - } - return $browser_string; + my ( $self ) = _self_or_default( @_ ); + return undef unless defined $self->{user_agent}; + + return 'Netscape' if $self->netscape; + return 'IceWeasel' if $self->iceweasel; + return 'Firefox' if $self->firefox; + return 'BlackBerry' if $self->blackberry; + return 'Mobile Safari' if $self->mobile_safari; + return 'RealPlayer' if $self->realplayer_browser; + return 'Safari' if $self->safari; + return 'Chrome' if $self->chrome; + return 'AOL Browser' if $self->aol; + return 'MSIE' if $self->ie; + return 'WebTV' if $self->webtv; + return 'Obigo' if $self->obigo; + return 'Nintendo DSi' if $self->dsi; + return 'Opera' if $self->opera; + return 'Mosaic' if $self->mosaic; + return 'Lynx' if $self->lynx; + return 'ELinks' if $self->elinks; + return 'Links' if $self->links; + return 'curl' if $self->curl; + return 'puf' if $self->puf; + return 'NetFront' if $self->netfront; + return 'Nintendo 3DS' if $self->n3ds; + return undef; } sub os_string { - my ( $self ) = _self_or_default( @_ ); - my $os_string = undef; - my $user_agent = $self->user_agent; - if ( defined $user_agent ) { - $os_string = 'Win95' if $self->win95; - $os_string = 'Win98' if $self->win98; - $os_string = 'WinNT' if $self->winnt; - $os_string = 'Win2k' if $self->win2k; - $os_string = 'WinXP' if $self->winxp; - $os_string = 'Win2k3' if $self->win2k3; - $os_string = 'WinVista' if $self->winvista; - $os_string = 'Win7' if $self->win7; - $os_string = 'Win8' if $self->win8; - $os_string = 'Windows Phone' if $self->winphone; - $os_string = 'Mac' if $self->mac; - $os_string = 'Mac OS X' if $self->macosx; - $os_string = 'Win3x' if $self->win3x; - $os_string = 'OS2' if $self->os2; - $os_string = 'Unix' if $self->unix && !$self->linux; - $os_string = 'Linux' if $self->linux; - $os_string = 'Firefox OS' if $self->firefoxos; - $os_string = 'Playstation 3 GameOS' if $self->ps3gameos; - $os_string = 'Playstation Portable GameOS' if $self->pspgameos; - $os_string = 'iOS' if $self->iphone || $self->ipod || $self->ipad; - } - return $os_string; + my ( $self ) = _self_or_default( @_ ); + return undef unless defined $self->{user_agent}; + + return 'Win95' if $self->win95; + return 'Win98' if $self->win98; + return 'Win2k' if $self->win2k; + return 'WinXP' if $self->winxp; + return 'Win2k3' if $self->win2k3; + return 'WinVista' if $self->winvista; + return 'Win7' if $self->win7; + return 'Win8' if $self->win8_0; + return 'Win8.1' if $self->win8_1; + return 'WinNT' if $self->winnt; + return 'Windows Phone' if $self->winphone; + return 'Win3x' if $self->win3x; + return 'Android' if $self->android; + return 'Linux' if $self->linux; + return 'Unix' if $self->unix; + return 'Firefox OS' if $self->firefoxos; + return 'RIM Tablet OS' if $self->rimtabletos; + return 'Playstation 3 GameOS' if $self->ps3gameos; + return 'Playstation Portable GameOS' if $self->pspgameos; + return 'iOS' if $self->iphone || $self->ipod || $self->ipad; + return 'Mac OS X' if $self->macosx; + return 'Mac' if $self->mac; + return 'OS2' if $self->os2; + return undef; } sub realplayer { @@ -942,7 +1108,9 @@ sub realplayer { sub _realplayer_version { my ( $self, $check ) = _self_or_default( @_ ); - if ( exists $self->{realplayer_version} && $self->{realplayer_version} ) { + if ( exists $self->{realplayer_version} + && $self->{realplayer_version} ) + { my @version = split( /\./, $self->{realplayer_version} ); $self->{major} = shift @version; $self->{minor} = $self->_format_minor( shift @version ); @@ -1040,7 +1208,7 @@ sub _public { # Return Public version of Safari. See RT #48727. if ( $self->safari ) { - my $ua = lc $self->user_agent; + my $ua = lc $self->{user_agent}; # Safari starting with version 3.0 provides its own public version if ($ua =~ m{ @@ -1065,12 +1233,12 @@ sub _public { # lower build for my $maybe_build ( - sort { $b <=> $a } + sort { $self->_cmp_versions( $b, $a ) } keys %safari_build_to_version ) { $version = $safari_build_to_version{$maybe_build}, last - if $build >= $maybe_build; + if $self->_cmp_versions( $build, $maybe_build ) >= 0; } } my ( $major, $minor ) = split /\./, $version; @@ -1084,11 +1252,27 @@ sub _public { return ( $self->major, $self->minor, $self->beta( $check ) ); } +sub _cmp_versions { + my ( $self, $a, $b ) = @_; + + my @a = split /\./, $a; + my @b = split /\./, $b; + + while ( @b ) { + return -1 if @a == 0 || $a[0] < $b[0]; + return 1 if @b == 0 || $b[0] < $a[0]; + shift @a; + shift @b; + } + + return @a <=> @b; +} + sub engine_string { my ( $self, $check ) = _self_or_default( @_ ); - if ( $self->user_agent =~ m{\bKHTML\b} ) { + if ( $self->{user_agent} =~ m{\bKHTML\b} ) { return 'KHTML'; } @@ -1214,28 +1398,30 @@ sub _language_country { if ( $self->safari ) { if ( $self->major == 1 - && $self->user_agent =~ m/\s ( [a-z]{2} ) \)/xms ) + && $self->{user_agent} =~ m/\s ( [a-z]{2} ) \)/xms ) { return { language => uc $1 }; } - if ( $self->user_agent =~ m/\s ([a-z]{2})-([A-Za-z]{2})/xms ) { + if ( $self->{user_agent} =~ m/\s ([a-z]{2})-([A-Za-z]{2})/xms ) { return { language => uc $1, country => uc $2 }; } } - if ( $self->aol && $self->user_agent =~ m/;([A-Z]{2})_([A-Z]{2})\)/ ) { + if ( $self->aol + && $self->{user_agent} =~ m/;([A-Z]{2})_([A-Z]{2})\)/ ) + { return { language => $1, country => $2 }; } - if ( $self->user_agent =~ m/\b([a-z]{2})-([A-Za-z]{2})\b/xms ) { + if ( $self->{user_agent} =~ m/\b([a-z]{2})-([A-Za-z]{2})\b/xms ) { return { language => uc $1, country => uc $2 }; } - if ( $self->user_agent =~ m/\[([a-z]{2})\]/xms ) { + if ( $self->{user_agent} =~ m/\[([a-z]{2})\]/xms ) { return { language => uc $1 }; } - if ( $self->user_agent =~ m/\(([^)]+)\)/xms ) { + if ( $self->{user_agent} =~ m/\(([^)]+)\)/xms ) { my @parts = split( /;/, $1 ); foreach my $part ( @parts ) { if ( $part =~ /^\s*([a-z]{2})\s*$/ ) { @@ -1272,6 +1458,17 @@ sub browser_properties { return @browser_properties; } + +sub robot_name { + my $self = shift; + foreach my $name ( @ROBOT_TESTS ) { + next if $name eq 'robot'; + if ( $self->$name ) { + return $ROBOTS{$name}; + } + } +} + 1; # ABSTRACT: Determine Web browser, version, and platform from an HTTP user agent string @@ -1303,11 +1500,6 @@ __END__ ...; } - # Process a different user agent string - $browser->user_agent($another_user_agent_string); - - - =head1 DESCRIPTION The HTTP::BrowserDetect object does a number of tests on an HTTP user agent @@ -1332,12 +1524,12 @@ HTTP::BrowserDetect object that is created behind the scenes. =head1 SUBROUTINES/METHODS -=head2 user_agent($user_agent_string) +=head2 user_agent() + +Returns the value of the user agent string. -Returns the value of the user agent string. When called with a parameter, it -resets the user agent and reperforms all tests on the string. This way you can -process a series of user agent strings (from a log file, perhaps) without -creating a new HTTP::BrowserDetect object each time. +Calling this method with a parameter has now been deprecated and this feature +will be removed in an upcoming release. =head2 country() @@ -1480,7 +1672,9 @@ winnt, which is a type of win32) win32 winme win95 win98 winnt - win2k winxp win2k3 winvista win7 win8 + win2k winxp win2k3 winvista win7 + win8 + win8_0 win8_1 wince winphone winphone7 winphone7_5 winphone8 @@ -1495,6 +1689,8 @@ mac68k macppc macosx ios =head2 os2() +=head2 rimtabletos() + =head2 unix() sun sun4 sun5 suni86 irix irix5 irix6 hpux hpux9 hpux10 @@ -1519,8 +1715,9 @@ Returns one of the following strings, or undef. This method exists solely for compatibility with the L module. Win95, Win98, WinNT, Win2K, WinXP, Win2k3, WinVista, Win7, Win8, - Windows Phone, Mac, Mac OS X, iOS, Win3x, OS2, Unix, Linux, - Firefox OS, Playstation 3 GameOS, Playstation Portable GameOS + Win8.1, Windows Phone, Mac, Mac OS X, iOS, Win3x, OS2, Unix, Linux, + Firefox OS, Playstation 3 GameOS, Playstation Portable GameOS, + RIM Tablet OS =head1 Detecting Browser Vendor @@ -1542,7 +1739,7 @@ version separately. =head3 icab -=head3 ie ie3 ie4 ie4up ie5 ie55 ie6 ie7 ie8 ie9 ie10 +=head3 ie ie3 ie4 ie4up ie5 ie55 ie6 ie7 ie8 ie9 ie10 ie11 =head3 java @@ -1593,7 +1790,7 @@ Returns undef on failure. Otherwise returns one of the following: Netscape, Firefox, Safari, Chrome, MSIE, WebTV, AOL Browser, Opera, Mosaic, Lynx, Links, ELinks, RealPlayer, IceWeasel, curl, puf, NetFront, Mobile Safari, -BlackBerry +BlackBerry. =head2 gecko_version() @@ -1671,6 +1868,8 @@ value. This is by no means a complete list of robots that exist on the Web. =head3 googleadsbot +=head3 googleadsense + =head3 googlemobile =head3 infoseek @@ -1780,6 +1979,8 @@ Aran Deltac yeahoffline +David Ihnen + =head1 TO DO The C<_engine()> method currently only handles Gecko and Trident. It needs to @@ -1789,15 +1990,9 @@ POD coverage is also not 100%. =head1 SEE ALSO -"The Ultimate JavaScript Client Sniffer, Version 3.0", L - "Browser ID (User-Agent) Strings", L -Safari "Historical User Agent strings", L (now gone, retrieved 2007-06-20) - -"Safari Agent Strings", L - -perl(1), L, L. +L. =head1 From 12015d45f33ef03365684797a54c68059ace9ada Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 3 Dec 2013 09:49:32 -0500 Subject: [PATCH 335/369] Bump release to 4.1.0 --- conf/pf-release | 2 +- docs/docinfo.xml | 6 +++--- docs/includes/global-attributes.asciidoc | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/conf/pf-release b/conf/pf-release index b0bf22650ccd..98dc8065b659 100644 --- a/conf/pf-release +++ b/conf/pf-release @@ -1 +1 @@ -PacketFence 4.0.7 +PacketFence 4.1.0 diff --git a/docs/docinfo.xml b/docs/docinfo.xml index bbd7e47e1324..c4824483c4bd 100644 --- a/docs/docinfo.xml +++ b/docs/docinfo.xml @@ -1,7 +1,7 @@ -Version 4.0.6 - September 2013 -for version 4.0.6 -2013-09-05 +Version 4.1.0 - December 2013 +for version 4.1.0 +2013-12-05 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". diff --git a/docs/includes/global-attributes.asciidoc b/docs/includes/global-attributes.asciidoc index f78a04693a8c..ba7e8ff6c068 100644 --- a/docs/includes/global-attributes.asciidoc +++ b/docs/includes/global-attributes.asciidoc @@ -13,6 +13,6 @@ // TODO have the build system take care of this -:release_version: 4.0.6 +:release_version: 4.1.0 // vim: set syntax=asciidoc tabstop=2 shiftwidth=2 expandtab: From 8dd8caae28794cdf97d9ac45e5c918a8f9440f59 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 3 Dec 2013 10:06:24 -0500 Subject: [PATCH 336/369] Fix warning in condition in pf::vlan --- lib/pf/vlan.pm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/pf/vlan.pm b/lib/pf/vlan.pm index 986ca7665396..eb6bdaa1e7bb 100644 --- a/lib/pf/vlan.pm +++ b/lib/pf/vlan.pm @@ -89,7 +89,7 @@ sub fetchVlanForNode { my $registration = $this->getRegistrationVlan($switch, $ifIndex, $mac, $node_info, $connection_type, $user_name, $ssid); if (defined($registration) && $registration != 0) { - if ( ($connection_type & $WIRELESS_MAC_AUTH) == $WIRELESS_MAC_AUTH ) { + if ( $connection_type && ($connection_type & $WIRELESS_MAC_AUTH) == $WIRELESS_MAC_AUTH ) { my $notes = $node_info->{'notes'}; @@ -344,10 +344,10 @@ sub getNormalVlan { my $role = ""; # Try MAC_AUTH, then other EAP methods and finally anything else. - if ( ($connection_type & $WIRED_MAC_AUTH) == $WIRED_MAC_AUTH ) { + if ( $connection_type && ($connection_type & $WIRED_MAC_AUTH) == $WIRED_MAC_AUTH ) { $logger->info("Connection type is WIRED_MAC_AUTH. Getting role from node_info" ); $role = $node_info->{'category'}; - } elsif ( ($connection_type & $WIRELESS_MAC_AUTH) == $WIRELESS_MAC_AUTH ) { + } elsif ( $connection_type && ($connection_type & $WIRELESS_MAC_AUTH) == $WIRELESS_MAC_AUTH ) { $logger->info("Connection type is WIRELESS_MAC_AUTH. Getting role from node_info" ); $role = $node_info->{'category'}; From 850c83c6e43d52e6b0579b6bf8353b3a2a7e2c47 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Tue, 3 Dec 2013 14:33:48 -0500 Subject: [PATCH 337/369] added a new column in node table to detect if the node has been auto registered --- NEWS.asciidoc | 1 + db/pf-schema-4.1.0.sql | 1 + db/upgrade-4.0.0-4.1.0.sql | 6 ++++++ lib/pf/node.pm | 18 ++++++++++-------- lib/pf/vlan.pm | 13 ++++++------- 5 files changed, 24 insertions(+), 15 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index c01473b7811d..94b6faa72982 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -48,6 +48,7 @@ Enhancements * Allow actions depending on authentication source type * Modified logrotate so it uses copytruncate instead of restarting the services. * Now comes with a corosync compatible barnyard2 init script in addons. +* Unreg the node when you come from a secure connection to an open connection Bug Fixes +++++++++ diff --git a/db/pf-schema-4.1.0.sql b/db/pf-schema-4.1.0.sql index 84118f8ec43c..d7c2917ec956 100644 --- a/db/pf-schema-4.1.0.sql +++ b/db/pf-schema-4.1.0.sql @@ -104,6 +104,7 @@ CREATE TABLE node ( dhcp_fingerprint varchar(255) default NULL, `bypass_vlan` varchar(50) default NULL, `voip` enum('no','yes') NOT NULL DEFAULT 'no', + `autoreg` enum('no','yes') NOT NULL DEFAULT 'no', PRIMARY KEY (mac), KEY pid (pid), KEY category_id (category_id), diff --git a/db/upgrade-4.0.0-4.1.0.sql b/db/upgrade-4.0.0-4.1.0.sql index 38642e1e7658..a5f5bc04a452 100644 --- a/db/upgrade-4.0.0-4.1.0.sql +++ b/db/upgrade-4.0.0-4.1.0.sql @@ -11,3 +11,9 @@ ALTER TABLE `temporary_password` MODIFY category int DEFAULT NULL; ALTER TABLE temporary_password CHANGE access_level access_level varchar(255) DEFAULT 'NONE'; UPDATE temporary_password SET access_level = 'ALL' WHERE access_level = '4294967295'; UPDATE temporary_password SET access_level = 'NONE' WHERE access_level = '0'; + +-- +-- Added a new column to set if the node has been registered by auto registration +-- + +ALTER TABLE `node` ADD `autoreg` enum('no','yes') NOT NULL DEFAULT 'no' AFTER voip; diff --git a/lib/pf/node.pm b/lib/pf/node.pm index c1da483abf8c..558dc9ba5896 100644 --- a/lib/pf/node.pm +++ b/lib/pf/node.pm @@ -126,7 +126,7 @@ sub node_db_prepare { detect_date=?, regdate=?, unregdate=?, lastskip=?, user_agent=?, computername=?, dhcp_fingerprint=?, last_arp=?, last_dhcp=?, - notes=? + notes=?, autoreg=? WHERE mac=? ]); @@ -136,7 +136,7 @@ sub node_db_prepare { detect_date, regdate, unregdate, lastskip, user_agent, computername, dhcp_fingerprint, last_arp, last_dhcp, - node.notes + node.notes, autoreg FROM node LEFT JOIN node_category USING (category_id) WHERE mac = ? @@ -148,7 +148,7 @@ sub node_db_prepare { detect_date, regdate, unregdate, lastskip, user_agent, computername, IFNULL(os_class.description, ' ') as dhcp_fingerprint, last_arp, last_dhcp, - node.notes + node.notes, autoreg FROM node LEFT JOIN node_category USING (category_id) LEFT JOIN dhcp_fingerprint ON node.dhcp_fingerprint=dhcp_fingerprint.fingerprint @@ -183,7 +183,7 @@ sub node_db_prepare { node.detect_date, node.regdate, node.unregdate, node.lastskip, node.user_agent, node.computername, node.dhcp_fingerprint, node.last_arp, node.last_dhcp, - node.notes, + node.notes, autoreg, UNIX_TIMESTAMP(node.regdate) AS regdate_timestamp, UNIX_TIMESTAMP(node.unregdate) AS unregdate_timestamp FROM node @@ -402,7 +402,7 @@ sub node_add { 'detect_date', 'regdate', 'unregdate', 'lastskip', 'user_agent', 'computername', 'dhcp_fingerprint', 'last_arp', 'last_dhcp', - 'notes' + 'notes', 'autoreg' ) { $data{$field} = "" if ( !defined $data{$field} ); } @@ -422,7 +422,7 @@ sub node_add { $data{detect_date}, $data{regdate}, $data{unregdate}, $data{lastskip}, $data{user_agent}, $data{computername}, $data{dhcp_fingerprint}, $data{last_arp}, $data{last_dhcp}, - $data{notes} + $data{notes}, $data{autoreg} ) || return (0); return (1); } @@ -441,7 +441,8 @@ sub node_add_simple { 'last_skip' => 0, 'status' => 'unreg', 'last_dhcp' => 0, - 'voip' => 'no' + 'voip' => 'no', + 'autoreg' => 'no' ); if ( !node_add( $mac, %tmp ) ) { return (0); @@ -772,7 +773,7 @@ sub node_modify { $existing->{detect_date}, $existing->{regdate}, $existing->{unregdate}, $existing->{lastskip}, $existing->{user_agent}, $existing->{computername}, $existing->{dhcp_fingerprint}, $existing->{last_arp}, $existing->{last_dhcp}, - $existing->{notes}, + $existing->{notes},$existing->{autoreg}, $mac ); return ($sth->rows); @@ -1169,3 +1170,4 @@ USA. =cut 1; + diff --git a/lib/pf/vlan.pm b/lib/pf/vlan.pm index eb6bdaa1e7bb..9ff1f0ab8e64 100644 --- a/lib/pf/vlan.pm +++ b/lib/pf/vlan.pm @@ -92,11 +92,10 @@ sub fetchVlanForNode { if ( $connection_type && ($connection_type & $WIRELESS_MAC_AUTH) == $WIRELESS_MAC_AUTH ) { - my $notes = $node_info->{'notes'}; - if ($notes eq 'AUTO-REGISTERED') { - $logger->info("Connection type is WIRELESS_MAC_AUTH and the device was comming from a secure SSID with auto registration" ); + if (isenabled($notes->{'autoreg'})) { + $logger->info("Connection type is WIRELESS_MAC_AUTH and the device was coming from a secure SSID with auto registration" ); my %info = ( - 'notes' => '', + 'autoreg' => 'no', ); node_modify($mac,%info); } @@ -351,13 +350,12 @@ sub getNormalVlan { $logger->info("Connection type is WIRELESS_MAC_AUTH. Getting role from node_info" ); $role = $node_info->{'category'}; - my $notes = $node_info->{'notes'}; - if ($notes eq 'AUTO-REGISTERED') { + if (isenabled($notes->{'äutoreg'})) { $logger->info("Device is comming from a secure connection and has been auto registered, we unreg it and forward it to the portal" ); $role = 'registration'; my %info = ( 'status' => 'unreg', - 'notes' => '', + 'autoreg' => 'no', ); node_modify($mac,%info); } @@ -449,6 +447,7 @@ sub getNodeInfoForAutoReg { notes => 'AUTO-REGISTERED', status => 'reg', auto_registered => 1, # tells node_register to autoreg + autoreg => 'yes', ); # if we are called from a violation with action=autoreg, say so From c8db7ae8bf9650c11e598d18f490dbda15871567 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Tue, 3 Dec 2013 14:43:05 -0500 Subject: [PATCH 338/369] Fix syntax --- lib/pf/vlan.pm | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/pf/vlan.pm b/lib/pf/vlan.pm index 9ff1f0ab8e64..b2a7da4880f4 100644 --- a/lib/pf/vlan.pm +++ b/lib/pf/vlan.pm @@ -91,8 +91,7 @@ sub fetchVlanForNode { if ( $connection_type && ($connection_type & $WIRELESS_MAC_AUTH) == $WIRELESS_MAC_AUTH ) { - - if (isenabled($notes->{'autoreg'})) { + if (isenabled($node_info->{'autoreg'})) { $logger->info("Connection type is WIRELESS_MAC_AUTH and the device was coming from a secure SSID with auto registration" ); my %info = ( 'autoreg' => 'no', @@ -350,7 +349,7 @@ sub getNormalVlan { $logger->info("Connection type is WIRELESS_MAC_AUTH. Getting role from node_info" ); $role = $node_info->{'category'}; - if (isenabled($notes->{'äutoreg'})) { + if (isenabled($node_info->{'autoreg'})) { $logger->info("Device is comming from a secure connection and has been auto registered, we unreg it and forward it to the portal" ); $role = 'registration'; my %info = ( From 6b6073b9e868299ab5b38c090c65fc4812c44bd7 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Tue, 3 Dec 2013 14:45:18 -0500 Subject: [PATCH 339/369] Change the default admin level --- conf/authentication.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/authentication.conf b/conf/authentication.conf index ba70dcfc2c6e..88a10aefe54e 100644 --- a/conf/authentication.conf +++ b/conf/authentication.conf @@ -10,7 +10,7 @@ type=Htpasswd [file1 rule admins] description=All admins match=all -action0=set_access_level=4294967295 +action0=set_access_level=ALL [sms] description=SMS-based registration From 9b006cf3ce431fdd85ef87ee5c239dd76f5efbea Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Wed, 4 Dec 2013 09:26:41 -0500 Subject: [PATCH 340/369] Missing autoreg in node_add sql and test if pf.conf exist before trying to manage iptables --- bin/pfcmd.pl | 2 +- lib/pf/node.pm | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/pfcmd.pl b/bin/pfcmd.pl index ac6db1a01c5d..6e206a0392bc 100755 --- a/bin/pfcmd.pl +++ b/bin/pfcmd.pl @@ -1199,7 +1199,7 @@ sub startService { my @managers = getManagers(\@services,INCLUDE_DEPENDS_ON | JUST_MANAGED); print $SERVICE_HEADER; my $count = 0; - if(isIptablesManaged($service)) { + if(isIptablesManaged($service) && -e $pf_config_file) { $logger->info("saving current iptables to var/iptables.bak"); my $technique; if(all { $_->status eq '0' } @managers) { diff --git a/lib/pf/node.pm b/lib/pf/node.pm index 558dc9ba5896..d88fa7e0d95f 100644 --- a/lib/pf/node.pm +++ b/lib/pf/node.pm @@ -112,9 +112,9 @@ sub node_db_prepare { detect_date, regdate, unregdate, lastskip, user_agent, computername, dhcp_fingerprint, last_arp, last_dhcp, - notes + notes, autoreg ) VALUES ( - ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? + ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) ]); From 0a791b092e41a9a72b9ded4c15e2cd240e72c783 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Wed, 4 Dec 2013 10:25:55 -0500 Subject: [PATCH 341/369] Update doc for dynamic radius client and fix sql syntax --- .../PacketFence_Administration_Guide.asciidoc | 24 +++++++++++++++---- raddb/sites-available/dynamic-clients | 2 +- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/docs/PacketFence_Administration_Guide.asciidoc b/docs/PacketFence_Administration_Guide.asciidoc index 2151e2c58468..094fe00970f5 100644 --- a/docs/PacketFence_Administration_Guide.asciidoc +++ b/docs/PacketFence_Administration_Guide.asciidoc @@ -879,9 +879,25 @@ attempting to attack each other. FreeRADIUS Configuration ~~~~~~~~~~~~~~~~~~~~~~~~ -This section presents the FreeRADIUS configuration steps. In some occasions, a RADIUS server is mandatory in order to give access to the network. For example, the usage of WPA2-Enterprise (Wireless 802.1X), MAC authentication and Wired 802.1X all requires a RADIUS server to authenticate the users and the devices, and then to push the proper VLAN to the network equipment. We strongly recommend that you install FreeRADIUS even if you plan not to use the feature now. +This section presents the FreeRADIUS configuration steps. In some occasions, a RADIUS server is mandatory in order to give access to the network. For example, the usage of WPA2-Enterprise (Wireless 802.1X), MAC authentication and Wired 802.1X all requires a RADIUS server to authenticate the users and the devices, and then to push the proper VLAN to the network equipment. -Option 1: Authentication against Active Directory (AD) +Option 1: Dynamic switch configuration +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Since PacketFence version 4.1 you are now be able to enable dynamic clients. +It mean that when you add a new switch configuration in PacketFence´s administration interface you don´t have to restart radiusd service. + +To enable this feature make a symlink in `/usr/local/pf/raddb/site-enabled` directory: + + ln -s ../sites-available/dynamic-clients dynamic-clients + +and of course restart radiusd: + + /usr/local/pf/bin/pfcmd service radiusd restart + + + +Option 2: Authentication against Active Directory (AD) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Replace `/usr/local/pf/raddb/modules/mschap` with the following configuration: @@ -1054,14 +1070,14 @@ For Debian and Ubuntu: rad_recv: Access-Accept packet from host 127.0.0.1 port 18120, id=108, length=20 -Option 2: Local Authentication +Option 3: Local Authentication ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Add your user's entries at the end of the `/usr/local/pf/raddb/users` file with the following format: username Cleartext-Password := "password" -Option 3: Authentication against OpenLDAP +Option 4: Authentication against OpenLDAP ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ To be contributed... diff --git a/raddb/sites-available/dynamic-clients b/raddb/sites-available/dynamic-clients index 69705c2346a8..b230fcbf28c8 100644 --- a/raddb/sites-available/dynamic-clients +++ b/raddb/sites-available/dynamic-clients @@ -119,7 +119,7 @@ server dynamic_client_server { # # This requires the SQL module to be configured, of course. update control { - Tmp-String-8 = "%{sql: SELECT nasname FROM radius_nas WHERE nasname '%{Packet-Src-IP-Address}'}" + Tmp-String-8 = "%{sql: SELECT nasname FROM radius_nas WHERE nasname = '%{Packet-Src-IP-Address}'}" } if ("%{control:Tmp-String-8}") { update control { From b3191cbb2aa5cb2a033f6fd72e21ed0b693a3948 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Wed, 4 Dec 2013 13:16:48 -0500 Subject: [PATCH 342/369] Added autoreg default value in node_modify --- lib/pf/node.pm | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/pf/node.pm b/lib/pf/node.pm index d88fa7e0d95f..7683fcf50d28 100644 --- a/lib/pf/node.pm +++ b/lib/pf/node.pm @@ -750,6 +750,11 @@ sub node_modify { delete $existing->{'category'} if defined($existing->{'category'}); } + # Autoregistration handling + if (!defined($data{'autoreg'})) { + $existing->{autoreg} = 'no'; + } + my $new_mac = lc( $existing->{'mac'} ); my $new_status = $existing->{'status'}; From db4b7ce341b4f3cb9cbad8f7f4d13619124a6e31 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Wed, 4 Dec 2013 14:34:44 -0500 Subject: [PATCH 343/369] Will pass orginal url to captive portal as the destination_url --- lib/pf/web/dispatcher.pm | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/lib/pf/web/dispatcher.pm b/lib/pf/web/dispatcher.pm index 920480b6052f..b09b36284b35 100755 --- a/lib/pf/web/dispatcher.pm +++ b/lib/pf/web/dispatcher.pm @@ -14,6 +14,8 @@ use Apache2::RequestRec (); use Apache2::Response (); use Apache2::RequestUtil (); use Apache2::ServerRec; +use Apache2::URI (); +use Apache2::Util (); use APR::Table; use APR::URI; @@ -35,7 +37,7 @@ use pf::proxypassthrough::constants; Implementation of PerlTransHandler. Rewrite all URLs except those explicitly allowed by the Captive portal. -For simplicity and performance this doesn't consume and leverage +For simplicity and performance this doesn't consume and leverage L. Reference: http://perl.apache.org/docs/2.0/user/handlers/http.html#PerlTransHandler @@ -99,7 +101,7 @@ sub translate { =item handler -For simplicity and performance this doesn't consume and leverage +For simplicity and performance this doesn't consume and leverage L. =cut @@ -108,7 +110,8 @@ sub handler { my ($r) = @_; my $logger = Log::Log4perl->get_logger(__PACKAGE__); $logger->trace('hitting redirector'); - + my $url = $r->construct_url; + my $orginal_url = Apache2::Util::escape_path($url,$r->pool); my $proto; # Google chrome hack redirect in http if ($r->uri =~ /\/generate_204/) { @@ -118,7 +121,7 @@ sub handler { } my $stash = { - 'login_url' => "$proto://".$Config{'general'}{'hostname'}.".".$Config{'general'}{'domain'}."/captive-portal", + 'login_url' => "$proto://".$Config{'general'}{'hostname'}.".".$Config{'general'}{'domain'}."/captive-portal?destination_url=$orginal_url", 'login_url_wispr' => "$proto://".$Config{'general'}{'hostname'}.".".$Config{'general'}{'domain'}."/wispr", }; @@ -194,22 +197,22 @@ Inverse inc. Copyright (C) 2005-2013 Inverse inc. =head1 LICENSE - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, -USA. - +USA. + =cut 1; From aeeb54f2d3c435a68fd52c85a683b2b778c89a75 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Thu, 5 Dec 2013 10:04:54 -0500 Subject: [PATCH 344/369] Fix redirect_url --- lib/pf/web.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pf/web.pm b/lib/pf/web.pm index 8562467a72a2..1384c17eec3a 100644 --- a/lib/pf/web.pm +++ b/lib/pf/web.pm @@ -170,7 +170,7 @@ sub generate_release_page { $portalSession->stash({ timer => $Config{'trapping'}{'redirtimer'}, - redirect_url => $portalSession->getProfile->getRedirectURL, + redirect_url => $portalSession->getDestinationUrl(), initial_delay => $CAPTIVE_PORTAL{'NET_DETECT_INITIAL_DELAY'}, retry_delay => $CAPTIVE_PORTAL{'NET_DETECT_RETRY_DELAY'}, external_ip => $Config{'captive_portal'}{'network_detection_ip'}, @@ -179,7 +179,7 @@ sub generate_release_page { # override destination_url if we enabled the always_use_redirecturl option if (isenabled($portalSession->getProfile->forceRedirectURL)) { - $portalSession->stash->{'destination_url'} = $portalSession->getProfile->getRedirectURL; + $portalSession->stash->{'redirect_url'} = $portalSession->getProfile->getRedirectURL; } render_template($portalSession, 'release.html', $r); From 5c04de6f2e8e9bbaad7ee49caff574758a41bf4e Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 5 Dec 2013 14:40:30 -0500 Subject: [PATCH 345/369] Fixed pid of SMS-registered devices --- NEWS.asciidoc | 1 + html/captive-portal/mobile-confirmation.cgi | 6 ++---- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 94b6faa72982..6726072e40c6 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -69,6 +69,7 @@ Bug Fixes * Fixed duplicate entries in advanced search of nodes * Fixed advanced search by node category * Fixed reordering of conf sections and groups (#1749) +* Fixed pid of SMS-registered devices (was "admin" in certain circumstances) Version 4.0.6-2 released on 2013-09-13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/html/captive-portal/mobile-confirmation.cgi b/html/captive-portal/mobile-confirmation.cgi index baaa4cc93ed4..f127e28c0b09 100755 --- a/html/captive-portal/mobile-confirmation.cgi +++ b/html/captive-portal/mobile-confirmation.cgi @@ -66,7 +66,8 @@ if ( $portalSession->getCgi->param("pin") ) { $logger->info("Valid PIN -- Registering user"); - my $pid = $portalSession->getSession->param("guest_pid") || "admin"; + my $node_info = node_attributes($portalSession->getClientMac()); + my $pid = $node_info->{'pid'} || 'admin'; my $sms_type = pf::Authentication::Source::SMSSource->meta->get_attribute('type')->default; my $source = $portalSession->getProfile->getSourceByType($sms_type); my $auth_params = { 'username' => $pid }; @@ -86,9 +87,6 @@ if ( $portalSession->getCgi->param("pin") ) { pf::web::web_node_register($portalSession, $pid, %info); - # clear state that redirects to the Enter PIN page - $portalSession->getSession->clear(["guest_pid"]); - pf::web::end_portal_session($portalSession); } else { From 8ad273092bbc8ca61c355b0c882a10494ed560c4 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 5 Dec 2013 16:47:09 -0500 Subject: [PATCH 346/369] Initial destination URL is now respected with FF --- NEWS.asciidoc | 1 + html/captive-portal/templates/pending.html | 2 +- html/captive-portal/templates/release.html | 2 +- .../captive-portal/templates/scan-in-progress.html | 2 +- html/common/pf.js | 12 ++++++------ lib/pf/Portal/Session.pm | 5 +++-- lib/pf/web.pm | 14 ++------------ 7 files changed, 15 insertions(+), 23 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 6726072e40c6..3c8924707b68 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -40,6 +40,7 @@ Enhancements * Improved validation of VLAN management * Updated FontAwesome to version 3.2.1 * Each portal profile can now have a different redirection URL +* Initial destination URL is now respected with Firefox * An Htpasswd source can now define sponsors * Improved display of pie charts (limit of legend labels and highlight of table rows) * Creation of users is now performed from the users page (was on the configuration page) diff --git a/html/captive-portal/templates/pending.html b/html/captive-portal/templates/pending.html index 199755e9987b..dbe84d801010 100644 --- a/html/captive-portal/templates/pending.html +++ b/html/captive-portal/templates/pending.html @@ -11,7 +11,7 @@ } detectNetworkAccess.delay([% initial_delay %], - [% retry_delay %], "[% destination_url %]", "[% redirect_url %]", "[% external_ip %]" + [% retry_delay %], "[% destination_url %]", "[% external_ip %]" ); }); diff --git a/html/captive-portal/templates/release.html b/html/captive-portal/templates/release.html index afbd768c3950..81abf144a2e5 100644 --- a/html/captive-portal/templates/release.html +++ b/html/captive-portal/templates/release.html @@ -21,7 +21,7 @@ } detectNetworkAccess.delay([% initial_delay %], - [% retry_delay %], "[% destination_url %]", "[% redirect_url %]", "[% external_ip %]" + [% retry_delay %], "[% destination_url %]", "[% external_ip %]" ); [% END %] }); diff --git a/html/captive-portal/templates/scan-in-progress.html b/html/captive-portal/templates/scan-in-progress.html index 6fc6aebc02b8..664b95829d1b 100644 --- a/html/captive-portal/templates/scan-in-progress.html +++ b/html/captive-portal/templates/scan-in-progress.html @@ -17,7 +17,7 @@ } detectNetworkAccess.delay([% refresh_timer %], - [% refresh_timer %], "[% destination_url %]", "[% redirect_url %]", "[% external_ip %]" + [% refresh_timer %], "[% destination_url %]", "[% external_ip %]" ); }); diff --git a/html/common/pf.js b/html/common/pf.js index 6672db13941b..258166d0ad70 100644 --- a/html/common/pf.js +++ b/html/common/pf.js @@ -43,14 +43,14 @@ function fetchNodeStatus() { Called when access to the network outside registration or quarantine works */ var network_redirected = false; -function networkAccessCallback(destination_url, redirect_url) { +function networkAccessCallback(destination_url) { network_redirected = true; // browser redirect // Firefox 3/4 needs a new forced destination and a little delay if (Prototype.Browser.Gecko) { - performRedirect.delay(5, redirect_url); + performRedirect.delay(5, destination_url); return; } @@ -61,7 +61,7 @@ function networkAccessCallback(destination_url, redirect_url) { return; } - // Chrome 10 / Safari 5 / IE9 (sometimes) flawless + // Other browsers, try a direct redirection performRedirect(destination_url); } @@ -94,7 +94,7 @@ function performRedirect(destination_url) { Date.now = Date.now || function() { return +new Date; }; -function detectNetworkAccess(retry_delay, destination_url, redirect_url, external_ip) { +function detectNetworkAccess(retry_delay, destination_url, external_ip) { "use strict"; var errorDetected, loaded, netdetect, checker, initNetDetect; @@ -118,11 +118,11 @@ function detectNetworkAccess(retry_delay, destination_url, redirect_url, externa if (errorDetected === true) { initNetDetect(); } else if (loaded === true) { - networkAccessCallback(destination_url, redirect_url); + networkAccessCallback(destination_url); } else { // Check the width or height of the image since we do not know if it is loaded if (netdetect.width || netdetect.height) { - networkAccessCallback(destination_url, redirect_url); + networkAccessCallback(destination_url); } else { initNetDetect(); } diff --git a/lib/pf/Portal/Session.pm b/lib/pf/Portal/Session.pm index eafe435be413..90e310de11fe 100644 --- a/lib/pf/Portal/Session.pm +++ b/lib/pf/Portal/Session.pm @@ -153,11 +153,12 @@ Returns destination_url properly parsed, defended against XSS and with configure sub _getDestinationUrl { my ($self) = @_; - # Set default if destination_url not set - unless (defined($self->cgi->param("destination_url"))) { + # Return portal profile's redirection URL if destination_url is not set or if redirection URL is forced + if (!defined($self->cgi->param("destination_url")) || $self->getProfile->forceRedirectURL) { return $self->getProfile->getRedirectURL; } + # Respect the user's initial destination URL return decode_entities(uri_unescape($self->cgi->param("destination_url"))); } diff --git a/lib/pf/web.pm b/lib/pf/web.pm index 1384c17eec3a..d1f2ca62c2e0 100644 --- a/lib/pf/web.pm +++ b/lib/pf/web.pm @@ -170,18 +170,13 @@ sub generate_release_page { $portalSession->stash({ timer => $Config{'trapping'}{'redirtimer'}, - redirect_url => $portalSession->getDestinationUrl(), + destination_url => $portalSession->getDestinationUrl(), initial_delay => $CAPTIVE_PORTAL{'NET_DETECT_INITIAL_DELAY'}, retry_delay => $CAPTIVE_PORTAL{'NET_DETECT_RETRY_DELAY'}, external_ip => $Config{'captive_portal'}{'network_detection_ip'}, auto_redirect => $Config{'captive_portal'}{'network_detection'}, }); - # override destination_url if we enabled the always_use_redirecturl option - if (isenabled($portalSession->getProfile->forceRedirectURL)) { - $portalSession->stash->{'redirect_url'} = $portalSession->getProfile->getRedirectURL; - } - render_template($portalSession, 'release.html', $r); } @@ -653,17 +648,12 @@ sub generate_pending_page { my ( $portalSession ) = @_; $portalSession->stash({ - redirect_url => $portalSession->getProfile->getRedirectURL, + destination_url => $portalSession->getDestinationUrl(), initial_delay => $CAPTIVE_PORTAL{'NET_DETECT_PENDING_INITIAL_DELAY'}, retry_delay => $CAPTIVE_PORTAL{'NET_DETECT_PENDING_RETRY_DELAY'}, external_ip => $Config{'captive_portal'}{'network_detection_ip'}, }); - # override destination_url if we enabled the always_use_redirecturl option - if (isenabled($portalSession->getProfile->forceRedirectURL)) { - $portalSession->stash->{'destination_url'} = $portalSession->getProfile->getRedirectURL; - } - render_template($portalSession, 'pending.html'); } From e96e1f2070fe32b0020a0d61fdfd588f8cf56703 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Thu, 5 Dec 2013 16:48:58 -0500 Subject: [PATCH 347/369] New link on SMS confirmation page to cancel Instead of automatically changing the node status to unreg when visiting the captive portal, we now keep the node in pending mode but allow the user to go back to the registration page that will unregister the node and display the login/registration page. --- NEWS.asciidoc | 1 + html/captive-portal/redir.cgi | 9 +++++++-- .../captive-portal/templates/guest/sms_confirmation.html | 4 ++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 3c8924707b68..503006b5e90a 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -50,6 +50,7 @@ Enhancements * Modified logrotate so it uses copytruncate instead of restarting the services. * Now comes with a corosync compatible barnyard2 init script in addons. * Unreg the node when you come from a secure connection to an open connection +* Allow a self-registered node by SMS to go back to the registration page Bug Fixes +++++++++ diff --git a/html/captive-portal/redir.cgi b/html/captive-portal/redir.cgi index 050d4900d811..73e3c986a7cb 100755 --- a/html/captive-portal/redir.cgi +++ b/html/captive-portal/redir.cgi @@ -100,7 +100,13 @@ if ($violation) { #check to see if node needs to be registered # -my $unreg = node_unregistered($mac); +my $unreg; +if ($portalSession->getCgi->param('unreg')) { + $logger->info("Unregister node $mac"); + $unreg = node_deregister($mac); # set node status to 'unreg' +} else { + $unreg = node_unregistered($mac); # check if node status is 'unreg' +} if ($unreg && isenabled($Config{'trapping'}{'registration'})){ # Redirect to the billing engine if enabled if ( isenabled($portalSession->getProfile->getBillingEngine) ) { @@ -130,7 +136,6 @@ if ($unreg && isenabled($Config{'trapping'}{'registration'})){ my $node_info = node_view($mac); if (defined($node_info) && $node_info->{'status'} eq $pf::node::STATUS_PENDING) { if (pf::sms_activation::sms_activation_has_entry($mac)) { - node_deregister($mac); pf::web::guest::generate_sms_confirmation_page($portalSession, "/activate/sms"); } elsif ($portalSession->getCgi->https()) { diff --git a/html/captive-portal/templates/guest/sms_confirmation.html b/html/captive-portal/templates/guest/sms_confirmation.html index 74e4b2dda3fd..dd2d82805a5f 100644 --- a/html/captive-portal/templates/guest/sms_confirmation.html +++ b/html/captive-portal/templates/guest/sms_confirmation.html @@ -28,4 +28,8 @@

    [% title %]

    +
    + [% i18n("I don't have a PIN") %] +
    + [% INCLUDE footer.html %] From 59ae1ac51e4af794eba4df8221c7b1b536b30946 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 6 Dec 2013 11:09:58 -0500 Subject: [PATCH 348/369] Fix saving allow_localdomain in email source When the checkbox was unchecked, the option was not saved and was enabled by default. --- NEWS.asciidoc | 1 + .../lib/pfappserver/Form/Authentication/Source/Email.pm | 4 +++- lib/pf/Authentication/Source/EmailSource.pm | 3 +-- lib/pf/Authentication/Source/NullSource.pm | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 503006b5e90a..957c1e867211 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -72,6 +72,7 @@ Bug Fixes * Fixed advanced search by node category * Fixed reordering of conf sections and groups (#1749) * Fixed pid of SMS-registered devices (was "admin" in certain circumstances) +* Fixed saving of 'allow local domain' option when disabled in an email authentication source Version 4.0.6-2 released on 2013-09-13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Email.pm b/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Email.pm index e351b8651b3c..0d5b6d20234b 100644 --- a/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Email.pm +++ b/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Email.pm @@ -29,7 +29,9 @@ has_field 'email_activation_timeout' => ); has_field 'allow_localdomain' => ( - type => 'Checkbox', + type => 'Toggle', + checkbox_value => 'yes', + unchecked_value => 'no', label => 'Allow Local Domain', default => pf::Authentication::Source::EmailSource->meta->get_attribute('allow_localdomain')->default, tags => { after_element => \&help, diff --git a/lib/pf/Authentication/Source/EmailSource.pm b/lib/pf/Authentication/Source/EmailSource.pm index dd0d34c7a5eb..a9db048f4fb9 100644 --- a/lib/pf/Authentication/Source/EmailSource.pm +++ b/lib/pf/Authentication/Source/EmailSource.pm @@ -8,7 +8,6 @@ pf::Authentication::Source::EmailSource =cut -use pf::config qw($TRUE $FALSE); use pf::Authentication::constants; use Moose; @@ -17,8 +16,8 @@ extends 'pf::Authentication::Source'; has '+class' => (default => 'external'); has '+type' => (default => 'Email'); has '+unique' => (default => 1); +has 'allow_localdomain' => (isa => 'Str', is => 'rw', default => 'yes'); has 'email_activation_timeout' => (isa => 'Str', is => 'rw', default => '10m'); -has 'allow_localdomain' => (isa => 'Bool', is => 'rw', default => 1); =head2 available_attributes diff --git a/lib/pf/Authentication/Source/NullSource.pm b/lib/pf/Authentication/Source/NullSource.pm index 72221ae216ce..0b649327f630 100644 --- a/lib/pf/Authentication/Source/NullSource.pm +++ b/lib/pf/Authentication/Source/NullSource.pm @@ -23,7 +23,7 @@ extends 'pf::Authentication::Source'; has '+class' => (default => 'exclusive'); has '+type' => (default => 'Null'); has '+unique' => (default => 1); -has 'email_required' => ( is=> 'rw', default => 'disabled'); +has 'email_required' => (isa => 'Str', is => 'rw', default => 'no'); =head2 available_actions From 4509bfece03bd493658871122bcf0f8b78ec9621 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Fri, 6 Dec 2013 11:17:47 -0500 Subject: [PATCH 349/369] Add allow_localdomain option to the sponsor source --- NEWS.asciidoc | 4 +++- conf/authentication.conf | 2 +- .../pfappserver/Form/Authentication/Source/Null.pm | 5 +++-- .../Form/Authentication/Source/SponsorEmail.pm | 12 ++++++++++++ .../authentication/source/type/SponsorEmail.tt | 2 +- lib/pf/Authentication/Source/SponsorEmailSource.pm | 1 + lib/pf/web/guest.pm | 14 +++++++++++--- 7 files changed, 32 insertions(+), 8 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 957c1e867211..2e440707cf65 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -11,7 +11,7 @@ This is a list of noteworthy changes across releases. For more details and developer visible changes see the ChangeLog file. For a list of compatibility related changes see the UPGRADE.asciidoc file. -Version 4.x.y released on 2013-MM-DD +Version 4.1.0 released on 2013-MM-DD ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ New Features @@ -51,6 +51,7 @@ Enhancements * Now comes with a corosync compatible barnyard2 init script in addons. * Unreg the node when you come from a secure connection to an open connection * Allow a self-registered node by SMS to go back to the registration page +* Sponsor email authentication source can refuse email addresses of the local domain (as the email source) Bug Fixes +++++++++ @@ -73,6 +74,7 @@ Bug Fixes * Fixed reordering of conf sections and groups (#1749) * Fixed pid of SMS-registered devices (was "admin" in certain circumstances) * Fixed saving of 'allow local domain' option when disabled in an email authentication source +* The 'allow local domain' option of the email source will now only affect the user who registers by email Version 4.0.6-2 released on 2013-09-13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/conf/authentication.conf b/conf/authentication.conf index 88a10aefe54e..9f973a4b10e0 100644 --- a/conf/authentication.conf +++ b/conf/authentication.conf @@ -27,7 +27,7 @@ action1=set_access_duration=1D description=Email-based registration email_activation_timeout=10m type=Email -allow_localdomain=1 +allow_localdomain=yes [email rule catchall] description= diff --git a/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Null.pm b/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Null.pm index e76ca2171cf4..6c6a7f00d25c 100644 --- a/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Null.pm +++ b/html/pfappserver/lib/pfappserver/Form/Authentication/Source/Null.pm @@ -1,4 +1,5 @@ package pfappserver::Form::Authentication::Source::Null; + =head1 NAME pfappserver::Form::Authentication::Source::Null add documentation @@ -20,8 +21,8 @@ extends 'pfappserver::Form::Authentication::Source'; has_field 'email_required' => ( type => 'Toggle', - checkbox_value => 'enabled', - unchecked_value => 'disabled', + checkbox_value => 'yes', + unchecked_value => 'no', ); =head1 AUTHOR diff --git a/html/pfappserver/lib/pfappserver/Form/Authentication/Source/SponsorEmail.pm b/html/pfappserver/lib/pfappserver/Form/Authentication/Source/SponsorEmail.pm index 877d31cefa0b..d0b21de63ade 100644 --- a/html/pfappserver/lib/pfappserver/Form/Authentication/Source/SponsorEmail.pm +++ b/html/pfappserver/lib/pfappserver/Form/Authentication/Source/SponsorEmail.pm @@ -16,6 +16,18 @@ with 'pfappserver::Base::Form::Role::Help'; use pf::Authentication::Source::SponsorEmailSource; +# Form fields +has_field 'allow_localdomain' => + ( + type => 'Toggle', + checkbox_value => 'yes', + unchecked_value => 'no', + label => 'Allow Local Domain', + default => pf::Authentication::Source::EmailSource->meta->get_attribute('allow_localdomain')->default, + tags => { after_element => \&help, + help => 'Accept self-registration with email address from the local domain' }, + ); + =head1 COPYRIGHT Copyright (C) 2013 Inverse inc. diff --git a/html/pfappserver/root/authentication/source/type/SponsorEmail.tt b/html/pfappserver/root/authentication/source/type/SponsorEmail.tt index 8b137891791f..2f0dcc239332 100644 --- a/html/pfappserver/root/authentication/source/type/SponsorEmail.tt +++ b/html/pfappserver/root/authentication/source/type/SponsorEmail.tt @@ -1 +1 @@ - +[% form.field('allow_localdomain').render %] diff --git a/lib/pf/Authentication/Source/SponsorEmailSource.pm b/lib/pf/Authentication/Source/SponsorEmailSource.pm index 067cf2b66900..d3548c2c61e3 100644 --- a/lib/pf/Authentication/Source/SponsorEmailSource.pm +++ b/lib/pf/Authentication/Source/SponsorEmailSource.pm @@ -16,6 +16,7 @@ extends 'pf::Authentication::Source'; has '+class' => (default => 'external'); has '+type' => (default => 'SponsorEmail'); has '+unique' => (default => 1); +has 'allow_localdomain' => (isa => 'Str', is => 'rw', default => 'yes'); =head2 available_attributes diff --git a/lib/pf/web/guest.pm b/lib/pf/web/guest.pm index 12587b8878ff..a1ee44f2f2ba 100644 --- a/lib/pf/web/guest.pm +++ b/lib/pf/web/guest.pm @@ -182,13 +182,21 @@ sub validate_selfregistration { return ($FALSE, $GUEST::ERROR_AUP_NOT_ACCEPTED); } - my $email_type = pf::Authentication::Source::EmailSource->meta->get_attribute('type')->default; - my $source = $portalSession->getProfile->getSourceByType($email_type); + # check if email with local domain is allowed for email and sponsor sources + my $source; + if (defined($cgi->param('by_email'))) { + my $email_type = pf::Authentication::Source::EmailSource->meta->get_attribute('type')->default; + $source = $portalSession->getProfile->getSourceByType($email_type); + } + elsif (defined($cgi->param('by_sponsor'))) { + my $sponsor_type = pf::Authentication::Source::SponsorEmailSource->meta->get_attribute('type')->default; + $source = $portalSession->getProfile->getSourceByType($sponsor_type); + } if ($source) { unless (isenabled($source->{allow_localdomain})) { # You should not register as a guest if you are part of the local network my $localdomain = $Config{'general'}{'domain'}; - if ($cgi->param('email') =~ /[@.]$localdomain$/i) { + if ($cgi->param('email') =~ /[@\.]$localdomain$/i) { return ($FALSE, $GUEST::ERROR_EMAIL_UNAUTHORIZED_AS_GUEST, [ $localdomain ]); } } From 0011712941e21f74e6343f56843077ed76897e06 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 6 Dec 2013 14:24:16 -0500 Subject: [PATCH 350/369] Will not removestaleFile if the quick argument is true --- lib/pf/services/manager.pm | 17 +++++++++-------- lib/pf/services/manager/submanager.pm | 6 +++--- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/lib/pf/services/manager.pm b/lib/pf/services/manager.pm index c38da2dfbd9f..20cf22bc8f62 100644 --- a/lib/pf/services/manager.pm +++ b/lib/pf/services/manager.pm @@ -126,7 +126,7 @@ work for starting a servicw sub preStartSetup { my ($self,$quick) = @_; - $self->removeStalePid; + $self->removeStalePid($quick); $self->generateConfig($quick) unless $quick; $self->_setupWatchForPidCreate; return 1; @@ -226,7 +226,7 @@ returns the pid or list of pids for the servie(s) sub status { my ($self,$quick) = @_; - $self->removeStalePid; + $self->removeStalePid($quick); my $pid = $self->pid; return $pid ? $pid : "0"; } @@ -253,9 +253,9 @@ sub stop { my ($self,$quick) = @_; my $pid = $self->pid; if ($pid) { - $self->preStopSetup(); - $self->stopService(); - $self->postStopCleanup(); + $self->preStopSetup($quick); + $self->stopService($quick); + $self->postStopCleanup($quick); return 1; } return; @@ -291,7 +291,7 @@ sub stopService { =cut sub postStopCleanup { - my ($self) = @_; + my ($self,$quick) = @_; my $logger = get_logger(); my $name = $self->name; my $pid = $self->lastPid; @@ -300,7 +300,7 @@ sub postStopCleanup { my $timedout; #give the kill a little time $inotify->blocking(0); - $self->removeStalePid; + $self->removeStalePid($quick); my $timer = Linux::FD::Timer->new('monotonic'); $timer->set_timeout(0.1,0.1); $timer->receive; @@ -444,7 +444,8 @@ removes the stale PID file =cut sub removeStalePid { - my ($self) = @_; + my ($self,$quick) = @_; + return if $quick; my $logger = get_logger; my $pid = $self->pidFromFile; my $pidFile = $self->pidFile; diff --git a/lib/pf/services/manager/submanager.pm b/lib/pf/services/manager/submanager.pm index 04a5d9114cb6..5ccf5c227d59 100644 --- a/lib/pf/services/manager/submanager.pm +++ b/lib/pf/services/manager/submanager.pm @@ -51,8 +51,8 @@ Delegating removeStalePid to sub managers =cut sub removeStalePid { - my ($self) = @_; - $_->removeStalePid foreach $self->managers; + my ($self,$quick) = @_; + $_->removeStalePid($quick) foreach $self->managers; } =head2 status @@ -63,7 +63,7 @@ returns all the pids of the submanagers sub status { my ($self,$quick) = @_; - my @results = map {$_->status } $self->managers; + my @results = map { $_->status($quick) } $self->managers; if (@results == 0 || (!$quick && any { !defined($_) || $_ eq "0" } @results )) { @results = ("0"); } From 5185a250e832cf89a87c631614ac2f4c52f1f4bf Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 6 Dec 2013 14:25:32 -0500 Subject: [PATCH 351/369] Service status is called with quick parameter --- html/pfappserver/lib/pfappserver/Model/Services.pm | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Model/Services.pm b/html/pfappserver/lib/pfappserver/Model/Services.pm index e74948b87654..60bdab464910 100644 --- a/html/pfappserver/lib/pfappserver/Model/Services.pm +++ b/html/pfappserver/lib/pfappserver/Model/Services.pm @@ -97,7 +97,7 @@ sub status { my ($self) = @_; my $logger = get_logger(); - my %services_ref = map { $_->name => $_->status } grep { $_->isManaged } map { pf::services::get_service_manager($_) } @pf::services::ALL_SERVICES; + my %services_ref = map { $_->name => $_->status(1) } grep { $_->isManaged } map { pf::services::get_service_manager($_) } @pf::services::ALL_SERVICES; return ($STATUS::OK, { services => \%services_ref}) if ( keys %services_ref ); return ($STATUS::INTERNAL_SERVER_ERROR, "Unidentified error see server side logs for details."); @@ -163,7 +163,13 @@ sub service_start { =cut sub service_cmd { - my ($self,$service) = @_; + my ($self,@args) = @_; + my $logger = get_logger(); + my $result = $self->_run_pfcmd_service(@args); + $logger->debug("pfcmd service output: " . $result); + return ($STATUS::OK, {result => $result}) if ( defined($result) ); + + return ($STATUS::INTERNAL_SERVER_ERROR, "Unidentified error see server side logs for details."); } =item service_cmd_background From 0493a64e8ec18641a5f347dab47772b5840a7e41 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 6 Dec 2013 14:37:08 -0500 Subject: [PATCH 352/369] Start/Stop/Restart will now call the pfcmd and wait for it's completion before return --- html/pfappserver/lib/pfappserver/Controller/Service.pm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/html/pfappserver/lib/pfappserver/Controller/Service.pm b/html/pfappserver/lib/pfappserver/Controller/Service.pm index 5948f631038e..64a90600441a 100644 --- a/html/pfappserver/lib/pfappserver/Controller/Service.pm +++ b/html/pfappserver/lib/pfappserver/Controller/Service.pm @@ -62,7 +62,7 @@ sub status :Chained('service') :PathPart('') :Args(0) :AdminRole('SERVICES') { sub start :Chained('service') :PathPart :Args(0) :AdminRole('SERVICES') { my ($self, $c) = @_; - $self->_process_model_results_as_json( $c, $c->stash->{model}->service_ctl($c->stash->{service}, "start") ); + $self->_process_model_results_as_json( $c, $c->stash->{model}->service_cmd($c->stash->{service}, "start") ); } =head2 stop @@ -71,7 +71,7 @@ sub start :Chained('service') :PathPart :Args(0) :AdminRole('SERVICES') { sub stop :Chained('service') :PathPart :Args(0) :AdminRole('SERVICES') { my ($self, $c) = @_; - $self->_process_model_results_as_json( $c, $c->stash->{model}->service_ctl($c->stash->{service}, "stop") ); + $self->_process_model_results_as_json( $c, $c->stash->{model}->service_cmd($c->stash->{service}, "stop") ); } =head2 restart @@ -80,7 +80,7 @@ sub stop :Chained('service') :PathPart :Args(0) :AdminRole('SERVICES') { sub restart :Chained('service') :PathPart :Args(0) :AdminRole('SERVICES') { my ($self, $c) = @_; - $self->_process_model_results_as_json( $c, $c->stash->{model}->service_ctl($c->stash->{service}, "restart") ); + $self->_process_model_results_as_json( $c, $c->stash->{model}->service_cmd($c->stash->{service}, "restart") ); } =head2 pf_start From 95db68e4f8ea6afbeaa5d9a9e732a423ef40716b Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 6 Dec 2013 15:02:52 -0500 Subject: [PATCH 353/369] Clearing network information when reloading pf.conf --- lib/pf/config.pm | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/pf/config.pm b/lib/pf/config.pm index 4563b0372832..832adb061e68 100644 --- a/lib/pf/config.pm +++ b/lib/pf/config.pm @@ -477,6 +477,11 @@ sub readPfConfigFiles { my ($config) = @_; $config->toHash(\%Config); $config->cleanupWhitespace(\%Config); + #clearing older interfaces infor + $monitor_int = $management_network = undef; + @listen_ints = @dhcplistener_ints = @ha_ints = + @internal_nets = @external_nets = + @inline_enforcement_nets = @vlan_enforcement_nets = (); my @time_values = grep { my $t = $Doc_Config{$_}{type}; defined $t && $t eq 'time' } keys %Doc_Config; @@ -619,6 +624,7 @@ sub readNetworkConfigFile { my ($config) = @_; $config->toHash(\%ConfigNetworks); $config->cleanupWhitespace(\%ConfigNetworks); + @routed_isolation_nets = @routed_registration_nets = @inline_nets = (); foreach my $network ( $config->Sections ) { # populate routed nets variables From bcc51e64b47e1ea6885c4f0020104e203672e340 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 15 Jul 2013 11:28:12 -0400 Subject: [PATCH 354/369] Use the correct prepared statement when there are no dates defined --- lib/pf/ifoctetslog.pm | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/pf/ifoctetslog.pm b/lib/pf/ifoctetslog.pm index 2ae2ced7ed2a..2cf95b35664d 100644 --- a/lib/pf/ifoctetslog.pm +++ b/lib/pf/ifoctetslog.pm @@ -8,7 +8,7 @@ pf::ifoctetslog - module for SNMP counters. =head1 DESCRIPTION -pf::ifoctetslog contains the functions related to the SNMP counters: +pf::ifoctetslog contains the functions related to the SNMP counters: inbound and outbound octets counters included in the ifTable. =head1 CONFIGURATION AND ENVIRONMENT @@ -128,7 +128,7 @@ sub ifoctetslog_history_user { @raw_data = db_data(IFOCTETSLOG, $ifoctetslog_statements, 'ifoctetslog_history_user_start_end_sql', $user, $params{'start_time'}, $params{'end_time'}); } else { - @raw_data = db_data(IFOCTETSLOG, $ifoctetslog_statements, 'ifoctetslog_history_user_start_end_sql', $user); + @raw_data = db_data(IFOCTETSLOG, $ifoctetslog_statements, 'ifoctetslog_history_user_sql', $user); } my $previousLine; @@ -186,10 +186,10 @@ sub ifoctetslog_history_switchport { my @raw_data; my @data; if ( exists( $params{'start_time'} ) && exists( $params{'end_time'} ) ) { - @raw_data = db_data(IFOCTETSLOG, $ifoctetslog_statements, 'ifoctetslog_history_switchport_start_end_sql', + @raw_data = db_data(IFOCTETSLOG, $ifoctetslog_statements, 'ifoctetslog_history_switchport_start_end_sql', $switch, $params{'ifIndex'}, $params{'start_time'}, $params{'end_time'}); } else { - @raw_data = db_data(IFOCTETSLOG, $ifoctetslog_statements, 'ifoctetslog_history_switchport_sql', + @raw_data = db_data(IFOCTETSLOG, $ifoctetslog_statements, 'ifoctetslog_history_switchport_sql', $switch, $params{'ifIndex'}); } my $previousLine; @@ -215,7 +215,7 @@ sub ifoctetslog_history_switchport { sub ifoctetslog_insert { my ( $switch, $ifIndex, $mac, $ifInOctets, $ifOutOctets ) = @_; - db_query_execute(IFOCTETSLOG, $ifoctetslog_statements, 'ifoctetslog_insert_sql', + db_query_execute(IFOCTETSLOG, $ifoctetslog_statements, 'ifoctetslog_insert_sql', $switch, $ifIndex, $mac, $ifInOctets, $ifOutOctets) || return (0); return (1); From 4f9252398c13932663824d1fe7c2711e6c9ada0d Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Fri, 6 Dec 2013 16:11:58 -0500 Subject: [PATCH 355/369] Updated news file --- NEWS.asciidoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 2e440707cf65..2f70155db780 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -75,6 +75,8 @@ Bug Fixes * Fixed pid of SMS-registered devices (was "admin" in certain circumstances) * Fixed saving of 'allow local domain' option when disabled in an email authentication source * The 'allow local domain' option of the email source will now only affect the user who registers by email +* Fixed ifoctetshistoryuser command to use the correct query when just a user is given +* Fixed network-detection for IE 8 Version 4.0.6-2 released on 2013-09-13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From 01eae41b6192ec5e3fe663caf7a8a5f20750b3d0 Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 9 Dec 2013 12:46:27 -0500 Subject: [PATCH 356/369] Use isenabled for forceRedirectURL --- lib/pf/Portal/Session.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/Portal/Session.pm b/lib/pf/Portal/Session.pm index 90e310de11fe..58ca9c7ad080 100644 --- a/lib/pf/Portal/Session.pm +++ b/lib/pf/Portal/Session.pm @@ -154,7 +154,7 @@ sub _getDestinationUrl { my ($self) = @_; # Return portal profile's redirection URL if destination_url is not set or if redirection URL is forced - if (!defined($self->cgi->param("destination_url")) || $self->getProfile->forceRedirectURL) { + if (!defined($self->cgi->param("destination_url")) || isenabled($self->getProfile->forceRedirectURL)) { return $self->getProfile->getRedirectURL; } From 858f8267fb45a018118ce2199b4aa0652eca9e3d Mon Sep 17 00:00:00 2001 From: James Rouzier Date: Mon, 9 Dec 2013 13:07:17 -0500 Subject: [PATCH 357/369] Will not set destination_url if the url matches the captive portal --- lib/pf/web/dispatcher.pm | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/pf/web/dispatcher.pm b/lib/pf/web/dispatcher.pm index b09b36284b35..dbc8934638c4 100755 --- a/lib/pf/web/dispatcher.pm +++ b/lib/pf/web/dispatcher.pm @@ -110,8 +110,12 @@ sub handler { my ($r) = @_; my $logger = Log::Log4perl->get_logger(__PACKAGE__); $logger->trace('hitting redirector'); + my $captivePortalDomain = $Config{'general'}{'hostname'}.".".$Config{'general'}{'domain'}; + my $destination_url = ''; my $url = $r->construct_url; - my $orginal_url = Apache2::Util::escape_path($url,$r->pool); + if ($url !~ m#://\Q$captivePortalDomain\E/#) { + $destination_url = Apache2::Util::escape_path($url,$r->pool); + } my $proto; # Google chrome hack redirect in http if ($r->uri =~ /\/generate_204/) { @@ -121,8 +125,8 @@ sub handler { } my $stash = { - 'login_url' => "$proto://".$Config{'general'}{'hostname'}.".".$Config{'general'}{'domain'}."/captive-portal?destination_url=$orginal_url", - 'login_url_wispr' => "$proto://".$Config{'general'}{'hostname'}.".".$Config{'general'}{'domain'}."/wispr", + 'login_url' => "${proto}://${captivePortalDomain}/captive-portal?destination_url=$destination_url", + 'login_url_wispr' => "${proto}://${captivePortalDomain}/wispr" }; # prepare custom REDIRECT response From 4c73805b7de7d73d1ebec0e6690782f6426fc290 Mon Sep 17 00:00:00 2001 From: Durand Fabrice Date: Tue, 10 Dec 2013 09:26:03 -0500 Subject: [PATCH 358/369] Removed support for the httpd service --- lib/pf/pfcmd.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/pfcmd.pm b/lib/pf/pfcmd.pm index c33d52871f2b..b167e28511f6 100644 --- a/lib/pf/pfcmd.pm +++ b/lib/pf/pfcmd.pm @@ -309,7 +309,7 @@ sub parseCommandLine { ( \d+ ) ) $ }xms, - 'service' => qr{ ^ ( dhcpd | httpd | pfdns | pfdetect + 'service' => qr{ ^ ( dhcpd | pfdns | pfdetect | pf | pfdhcplistener | pfmon | pfsetvlan | radiusd | snmptrapd | snort | suricata | httpd\.webservices | httpd\.admin | httpd\.portal | httpd\.proxy | memcached) From 6bdccd9845ff5e457188d55cea3bfba189a2ed46 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 10 Dec 2013 14:46:48 -0500 Subject: [PATCH 359/369] Improve SSID report on web admin --- NEWS.asciidoc | 1 + lib/pf/pfcmd/report.pm | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 2f70155db780..7d6a12be30f6 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -77,6 +77,7 @@ Bug Fixes * The 'allow local domain' option of the email source will now only affect the user who registers by email * Fixed ifoctetshistoryuser command to use the correct query when just a user is given * Fixed network-detection for IE 8 +* Fixed SQL query of SSID report in Web admin Version 4.0.6-2 released on 2013-09-13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/lib/pf/pfcmd/report.pm b/lib/pf/pfcmd/report.pm index 4ef107f55a71..41045406474a 100644 --- a/lib/pf/pfcmd/report.pm +++ b/lib/pf/pfcmd/report.pm @@ -256,13 +256,13 @@ sub report_db_prepare { ]); $report_statements->{'report_ssid_sql'} = get_db_handle()->prepare(qq [ - SELECT ssid,count(*) AS nodes, ROUND(COUNT(*)/ - (SELECT COUNT(*) + SELECT ssid, COUNT(DISTINCT locationlog.mac) AS nodes, ROUND(COUNT(DISTINCT locationlog.mac)/ + (SELECT COUNT(DISTINCT locationlog.mac) FROM locationlog INNER JOIN node ON node.mac = locationlog.mac AND locationlog.end_time IS NULL INNER JOIN iplog ON node.mac = iplog.mac WHERE ssid != "" AND iplog.start_time BETWEEN ? AND ? - )*100,1) as percent + )*100,1) AS percent FROM locationlog INNER JOIN node ON node.mac = locationlog.mac AND locationlog.end_time IS NULL INNER JOIN iplog ON node.mac = iplog.mac From c96192b7d6b9a6e4f0415853205165c097f36494 Mon Sep 17 00:00:00 2001 From: Jean Raby Date: Wed, 11 Dec 2013 10:48:40 -0500 Subject: [PATCH 360/369] fix invalid regex (^ was escaped by the shell) --- addons/watchdog/freeradius-watchdog.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/addons/watchdog/freeradius-watchdog.sh b/addons/watchdog/freeradius-watchdog.sh index d35b7c696610..012ca5f7ccd6 100644 --- a/addons/watchdog/freeradius-watchdog.sh +++ b/addons/watchdog/freeradius-watchdog.sh @@ -33,10 +33,10 @@ function radius_test () { WORKING=0 for OUTPUT in `radtest testuser testpass $SERVER_IP 12 testing123 2>&1` do - if [[ "$OUTPUT" =~ "^radclient: no response from server for" ]]; then + if [[ "$OUTPUT" =~ ^"radclient: no response from server for" ]]; then WORKING=0 break - elif [[ "$OUTPUT" =~ "^rad_recv: Access-Accept packet from host" ]]; then + elif [[ "$OUTPUT" =~ ^"rad_recv: Access-Accept packet from host" ]]; then WORKING=1 fi done From d34f7441c1fd3ab492e8a0c62ff52649b04c6743 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 11 Dec 2013 11:50:26 -0500 Subject: [PATCH 361/369] Simple search of nodes: respect spaces We must respect the space characters when the search string doesn't match a MAC address. --- lib/pf/node.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/node.pm b/lib/pf/node.pm index 7683fcf50d28..dcc40af8df86 100644 --- a/lib/pf/node.pm +++ b/lib/pf/node.pm @@ -658,7 +658,7 @@ sub node_view_all { $node_view_all_sql .= " HAVING node.mac = $mac"; } else { - my $like = get_db_handle->quote("\%$like\%"); + $like = get_db_handle->quote('%' . $params{'where'}{'like'} . '%'); $node_view_all_sql .= " HAVING node.mac LIKE $like" . " OR node.computername LIKE $like" . " OR node.pid LIKE $like" From 108a7a854fec544750b15f5f155d4eaad9e4fb96 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 11 Dec 2013 12:05:00 -0500 Subject: [PATCH 362/369] Cleanup bundled values of authentication.conf --- conf/authentication.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/conf/authentication.conf b/conf/authentication.conf index 9f973a4b10e0..2d03bec04509 100644 --- a/conf/authentication.conf +++ b/conf/authentication.conf @@ -38,6 +38,7 @@ action1=set_access_duration=1D [sponsor] description=Sponsor-based registration type=SponsorEmail +allow_localdomain=yes [sponsor rule catchall] description= @@ -48,4 +49,4 @@ action1=set_access_duration=1D [null] description=Null Source type=Null -email_required=disabled +email_required=no From 3e67e39c24d1444254d4bf9e8429f3b6e6d69ddd Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 11 Dec 2013 12:05:37 -0500 Subject: [PATCH 363/369] Improve error message in Null auth source --- lib/pf/Authentication/Source/NullSource.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pf/Authentication/Source/NullSource.pm b/lib/pf/Authentication/Source/NullSource.pm index 0b649327f630..e7c092eab7df 100644 --- a/lib/pf/Authentication/Source/NullSource.pm +++ b/lib/pf/Authentication/Source/NullSource.pm @@ -57,7 +57,7 @@ sub authenticate { if (isdisabled($self->email_required) || Email::Valid->address($username) ) { return ($TRUE, 'Successful authentication using null source.'); } - return ($FALSE, 'Successful authentication using null source.'); + return ($FALSE, 'Invalid email address provided.'); } =head1 AUTHOR From 044e706cad15ac9b5620e5bf8bf785435da60ba0 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 11 Dec 2013 12:26:14 -0500 Subject: [PATCH 364/369] Improve help on Web admin interface --- html/pfappserver/root/configuration/adminroles/index.tt | 2 +- html/pfappserver/root/portal/profile/view.tt | 2 +- lib/pf/pfcmd/help.pm | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/html/pfappserver/root/configuration/adminroles/index.tt b/html/pfappserver/root/configuration/adminroles/index.tt index 2ae17f8e6810..4980766f44d2 100644 --- a/html/pfappserver/root/configuration/adminroles/index.tt +++ b/html/pfappserver/root/configuration/adminroles/index.tt @@ -17,7 +17,7 @@

    [% l('Admin Roles') %]

    -

    [% l('Define roles with specific access rights to the Web administration interface.') %]

    +

    [% l('Define roles with specific access rights to the Web administration interface. Roles are assigned to users depending on their authentication source.') %]

    [% INCLUDE configuration/adminroles/list.tt %] diff --git a/html/pfappserver/root/portal/profile/view.tt b/html/pfappserver/root/portal/profile/view.tt index 7a77662db4cb..4285eee5d0e4 100644 --- a/html/pfappserver/root/portal/profile/view.tt +++ b/html/pfappserver/root/portal/profile/view.tt @@ -51,7 +51,7 @@

    [%- IF form.isa('pfappserver::Form::Portal::Profile::Default') -%] - [% l('With no source specified, all internal sources will be used.') %] + [% l('With no source specified, all internal and external sources will be used.') %] [%- ELSE -%] [% l('With no source specified, the sources of the default profile will be used.') %] [%- END -%]
    diff --git a/lib/pf/pfcmd/help.pm b/lib/pf/pfcmd/help.pm index 0bbf707361d9..7ce39afb4cc2 100644 --- a/lib/pf/pfcmd/help.pm +++ b/lib/pf/pfcmd/help.pm @@ -651,7 +651,7 @@ sub help_fixpermissions { print STDERR << "EOT"; Usage: pfcmd fixpermissions -Fix the permissions of the files and directories of packetfence +Fix the permissions of the files and directories of PacketFence EOT return 1; From 29d5553ea30e1649a4e0aec38511fa57ed3a2475 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 11 Dec 2013 13:45:00 -0500 Subject: [PATCH 365/369] Update German translation --- NEWS.asciidoc | 2 + conf/locale/de/LC_MESSAGES/packetfence.po | 471 ++++++++++++---------- 2 files changed, 254 insertions(+), 219 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index 7d6a12be30f6..be91d0e08974 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -52,10 +52,12 @@ Enhancements * Unreg the node when you come from a secure connection to an open connection * Allow a self-registered node by SMS to go back to the registration page * Sponsor email authentication source can refuse email addresses of the local domain (as the email source) +* Updated German (de) translation Bug Fixes +++++++++ +* RADIUS configuration files are no longer replaced when updating packages * Fixed match of Htpasswd authentication source (#1714) * Fixed creation of users without a role (#1721) * Fixed expiration date of registration to the end of the day (#1722) diff --git a/conf/locale/de/LC_MESSAGES/packetfence.po b/conf/locale/de/LC_MESSAGES/packetfence.po index 20ae69f6f53b..69beec017346 100644 --- a/conf/locale/de/LC_MESSAGES/packetfence.po +++ b/conf/locale/de/LC_MESSAGES/packetfence.po @@ -1,16 +1,14 @@ -# Copyright (C) 2006-2012 Inverse inc. +# Copyright (C) 2006-2013 Inverse inc. # This file is distributed under the same license as the PacketFence project. -# -# Translators: -# Tino Matysiak , 2011. # +# Translators: +# erSitzt , 2013 +# Tino Matysiak , 2011 msgid "" msgstr "" "Project-Id-Version: PacketFence\n" -"Report-Msgid-Bugs-To: http://www.packetfence.org/bugs/\n" -"PO-Revision-Date: 2012-04-26 17:23+0000\n" -"Last-Translator: inverse \n" -"Language-Team: PacketFence support \n" +"PO-Revision-Date: 2013-12-02 22:10+0000\n" +"Language-Team: German (http://www.transifex.com/projects/p/packetfence/language/de/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" @@ -35,6 +33,9 @@ msgstr "Italiano" msgid "nl_NL" msgstr "Dutch" +msgid "pl_PL" +msgstr "Polski" + msgid "pt_BR" msgstr "Português" @@ -74,7 +75,7 @@ msgid "Unable to validate credentials at the moment" msgstr "Die Anmeldeinformationen können im Moment nicht überprüft werden" msgid "error: something went wrong creating the guest" -msgstr "" +msgstr "Es gab ein Problem beim Erstellen des Gast-Accounts" msgid "help: provide info" msgstr "Wenn Sie Fragen zu dieser Seite haben, wenden Sie sich an Ihren Systemadministrator für Unterstützung. Bitte stellen Sie folgende Informationen zur Verfügung:" @@ -89,13 +90,16 @@ msgid "register: to complete" msgstr "Um den Registrierungsprozess abzuschließen, müssen Sie sich mit Ihrem Benutzernamen und Ihrem Passwort authentifizieren." msgid "Authentication" -msgstr "" +msgstr "Authentifizierung" + +msgid "Wrong username or password." +msgstr "Falscher Benutzername oder Passwort" msgid "or" -msgstr "" +msgstr "oder" msgid "Sign up" -msgstr "" +msgstr "Registrieren" msgid "register: skip registration" msgstr "Registrierung überspringen" @@ -158,46 +162,46 @@ msgid "PacketFence Registration System" msgstr "PacketFence Registrierungs-System" msgid "Guest Registration" -msgstr "" +msgstr "Gast Registrierung" msgid "guest network disclaimer" -msgstr "" +msgstr "Dieses Gast-Netzwerk wird exklusiv zum Nutzen der Gäste und Besucher bereitgestellt. Der Zugriff schliesst keine Garantie für Zuverlässigkeit, Geschwindigkeit oder Privatssphäre ein; Dieses Netzwerk wird für den ausdrücklichen Zweck zur Erleichterung der einfachen Internet-Kommunikation bereitgestellt" msgid "" "In the fields below please enter your name, phone number and a valid email " "address." -msgstr "" +msgstr "Bitte geben sie in den folgenden Feldern ihren Namen, Telefonnummer und eine gültige Emailadresse ein." msgid "" "If you choose to receive your access code by email, you " "will have to click on an activation link sent to your email address. After " "clicking on the link you will receive guest credentials to use on-site by " "email" -msgstr "" +msgstr "Wenn sie wählen ihren Zugangscode per Email zu erhalten, müssen Sie auf einen Aktivierungslink, der an Ihre Emailadresse geschickt wurde, klicken. Nachdem Sie auf den Link geklickt haben, erhalten Sie per Email Gast-Zugangsdaten, die Sie vor Ort nutzen können." msgid "" "If you choose to receive your access code by email, you " "will be given temporary network access for 10 minutes during that time:" -msgstr "" +msgstr "Wenn sie sich entscheiden ihren Zugangscode per Email zu erhalten, bekommen sie temporären Netzwerkzugriff für 10 Minuten in dieser Zeit:" msgid "Login to the email account you referenced and;" -msgstr "" +msgstr "Melden sie sich in dem Email-Account an, den sie angegeben haben und;" msgid "" "Click on the link emailed to you to validate network access for the next 24 " "hours." -msgstr "" +msgstr "Klicken sie auf den Link der ihnen zugemailt wurde um den Netzwerkzugriff für die nächsten 24 Stunden zu bestätigen." msgid "Register by Email" -msgstr "" +msgstr "Per Email registrieren" msgid "" "If you choose to receive your access code by SMS, you will " "be able to enter it on the next page." -msgstr "" +msgstr "Wenn sie sich entscheiden ihren Zugangscode per SMS zu erhalten, haben sie auf der nächsten Seite die Möglichkeit ihn einzugeben." msgid "Register by SMS" -msgstr "" +msgstr "Per SMS registrieren" msgid "Password" msgstr "Passwort" @@ -267,7 +271,7 @@ msgstr "Es wurde erkannt, dass Ihr Gerät Daten zu einem unbekannten Netzwerk ve msgid "" "Your system has been detected sending traffic to a network known to be " "unused (darknet). This is often indicative of a worm/virus infection." -msgstr "" +msgstr "Es wurde festgestellt dass ihr System Traffic in ein nicht verwendetes Netzwerk (darknet) sendet. Dies ist oft ein Anzeichen für eine Wurm/Virus - Infektion." msgid "" "Your system will likely need to be rebuilt. Please contact your local " @@ -277,7 +281,7 @@ msgstr "Das Betriebssystem muss wahrscheinlich neu installiert werden. Bitte wen msgid "" "Your system will likely need to be rebuilt. Please contact your support " "staff for more information." -msgstr "" +msgstr "Ihr System muss vermutlich neuinstalliert werden. Bitte wenden sie sich an ihren Support für weitere Informationen." msgid "Windows patches are not up to date" msgstr "Windows-Updates sind nicht auf dem neuesten Stand" @@ -339,315 +343,317 @@ msgid "" msgstr "Ihr System muss womöglich neu installiert werden. Bitte wenden Sie sich an Ihren Systemadministrator für weitere Informationen." msgid "guest management" -msgstr "" +msgstr "Gästeverwaltung" msgid "guest registration form" -msgstr "" +msgstr "Gast Registrierungsformular" msgid "guest registration instructions" -msgstr "" +msgstr "Bitte füllen sie alle untenstehenden Felder zum Erstellen eines Gastzugangs aus. Gäste können sich nicht vor ihrem Ankunftsdatum oder nach ihrem Ankunftsdatum zuzüglich einer Zeitspanne mit einem Toleranzfenster von einem Tag registrieren. Der Zugriffszeitraum startet wenn sich der Gast im Abfang-Portal (Captive-Portal) angemeldet hat" msgid "Firstname" -msgstr "" +msgstr "Vorname" msgid "firstname" -msgstr "" +msgstr "Vorname" msgid "Lastname" -msgstr "" +msgstr "Nachname" msgid "lastname" -msgstr "" +msgstr "Nachname" msgid "Company" -msgstr "" +msgstr "Firma" msgid "Company / Organization" -msgstr "" +msgstr "Firma / Organisation" msgid "organization" -msgstr "" +msgstr "Firma / Organisation" msgid "Phone number" -msgstr "" +msgstr "Telefonnummer" msgid "phone" -msgstr "" +msgstr "Telefon" msgid "Phone Provider" -msgstr "" +msgstr "Telefonanbieter" msgid "Select your provider" -msgstr "" +msgstr "Anbieter auswählen" msgid "Email" -msgstr "" +msgstr "Email" msgid "email" -msgstr "" +msgstr "Email" msgid "Sponsor's email" -msgstr "" +msgstr "Email des Sponsors" msgid "sponsor_email" -msgstr "" +msgstr "Email des Sponsors" msgid "Address" -msgstr "" +msgstr "Adresse" msgid "Arrival Date" -msgstr "" +msgstr "Ankunftsdatum" msgid "End Date" -msgstr "" +msgstr "Enddatum" msgid "Access Duration" -msgstr "" +msgstr "Zugangsdauer" msgid "Notes" -msgstr "" +msgstr "Notizen" msgid "Send access code by email" -msgstr "" +msgstr "Zugangscode per Mail schicken" msgid "Print access code" -msgstr "" +msgstr "Zugangscode drucken" msgid "Print" -msgstr "" +msgstr "Drucken" msgid "Back" -msgstr "" +msgstr "Zurück" msgid "second" msgid_plural "seconds" -msgstr[0] "" -msgstr[1] "" +msgstr[0] "Sekunde" +msgstr[1] "Sekunden" msgid "minute" msgid_plural "minutes" -msgstr[0] "" -msgstr[1] "" +msgstr[0] "Minute" +msgstr[1] "Minuten" msgid "hour" msgid_plural "hours" -msgstr[0] "" -msgstr[1] "" +msgstr[0] "Stunde" +msgstr[1] "Stunden" msgid "day" msgid_plural "days" -msgstr[0] "" -msgstr[1] "" +msgstr[0] "Tag" +msgstr[1] "Tage" msgid "week" msgid_plural "weeks" -msgstr[0] "" -msgstr[1] "" +msgstr[0] "Woche" +msgstr[1] "Wochen" msgid "month" msgid_plural "months" -msgstr[0] "" -msgstr[1] "" +msgstr[0] "Monat" +msgstr[1] "Monate" msgid "year" msgid_plural "years" -msgstr[0] "" -msgstr[1] "" +msgstr[0] "Jahr" +msgstr[1] "Jahre" msgid "Invalid access duration provided" -msgstr "" +msgstr "Ungültige Zugangsdauer angegeben" msgid "Expected on %s" -msgstr "" +msgstr "Erwartet am %s" msgid "Missing mandatory parameter or malformed entry." -msgstr "" +msgstr "Zwingender Parameter fehlt oder fehlerhafter Eintrag." msgid "Usernames must only contain alphanumeric characters." -msgstr "" +msgstr "Benutzernamen dürfen nur alphanumerische Zeichen enthalten." msgid "Access duration is not of an allowed value." -msgstr "" +msgstr "Zugriffszeitraum hat keinen gültigen Wert." msgid "Arrival date is not of expected format." -msgstr "" +msgstr "Ankunftsdatum ist nicht im erwarteten Format." msgid "" "You can't register as a guest with a %s email address. Please register as a " "regular user using your email address instead." -msgstr "" +msgstr "Sie können sich nicht als Gast mit einer %s Emailadresse anmelden. Bitte registrieren sie sich stattdessen als normaler Benutzer mit ihrer Emailadresse." msgid "An error occured while sending the confirmation email." -msgstr "" +msgstr "Beim Versenden der Besätigungsemail ist ein Fehler aufgetreten." msgid "An error occured while sending the PIN by SMS." -msgstr "" +msgstr "Beim Versenden der PIN per SMS ist ein Fehler aufgetreten." msgid "The uploaded file was corrupted. Please try again." -msgstr "" +msgstr "Die hochgeladene Datei ist korrupt. Bitte erneut versuchen." msgid "Can't open uploaded file." -msgstr "" +msgstr "Die hochgeladene Datei kann nicht geöffnet werden." msgid "Confirm Mobile Phone Number" -msgstr "" +msgstr "Handynummer bestätigen." msgid "" "Please enter the PIN code received on your mobile phone in order to gain " "access to the network." -msgstr "" +msgstr "Bitte geben sie den PIN-Code ein, den sie auf ihr Mobiltelefon erhalten haben um Netzwerkzugriff zu erhalten." msgid "PIN" -msgstr "" +msgstr "PIN" msgid "Confirm" -msgstr "" +msgstr "Bestätigen" msgid "Cancel" -msgstr "" +msgstr "Abbrechen" msgid "Guest Access Code" -msgstr "" +msgstr "Gast-Zugangscode" msgid "This username and password will be valid starting %s." -msgstr "" +msgstr "Dieser Benutzername und Password wird ab %s gültig sein." msgid "Once authenticated the access will be valid for %d %s." -msgstr "" +msgstr "Sobald sie authentifiziert wurden ist der Zugang gültig für %d %s." msgid "" "Guest successfully registered. An email with the username and password has " "been sent." -msgstr "" +msgstr "Gast erfolgreich registriert. Eine Email mit Benutzername und Password wurde verschickt." msgid "Import completed: %i guest(s) created, %i line(s) skipped." -msgstr "" +msgstr "Import abgeschlossen: %i Gäste angelegt, %i Zeilen übersprungen." msgid "Single guest creation" -msgstr "" +msgstr "Einzelnen Gast erstellen" msgid "Multiple guest accounts creation" -msgstr "" +msgstr "Mehrere Gäste erstellen" msgid "CSV file" -msgstr "" +msgstr "CSV-Datei" msgid "CSV file import" -msgstr "" +msgstr "CSV-Datei Import" msgid "You are logged in as" -msgstr "" +msgstr "Sind sind eingeloggt als" msgid "Sponsored by" -msgstr "" +msgstr "Gesponsort von" msgid "Guest Network Access Information" -msgstr "" +msgstr "Gast-Netzwerk Zugangsinformation" msgid "" "If you have scripting turned off, you will not be automatically redirected. " "Please enable scripting or open a new browser window from time to time to " "see if your access was enabled." -msgstr "" +msgstr "Wenn sie Scripting deaktiviert haben, werden sie nicht automatisch weitergeleitet. Bitte aktivieren sie Scripting oder öffnen sie immer mal ein neues Browserfenster um zu sehen ob ihr Zugriff aktiviert wurde." -msgid "Unable to detect network connectivity. Try restarting your web browser or opening a new tab to see if your access has been succesfully enabled." -msgstr "" +msgid "" +"Unable to detect network connectivity. Try restarting your web browser or " +"opening a new tab to see if your access has been succesfully enabled." +msgstr "Kann keine Netzwerkverbindung feststellen. Versuchen Sie Ihren Browser neuzustarten oder einen neuen Tab zu öffnen um zu sehen ob der Zugang erfolgreich aktiviert wurde." msgid "" "Your network access should be available. Close your current browser, and " "open a new one to start browsing." -msgstr "" +msgstr "Ihr Netzwerkzugang sollte jetzt verfügbar sein. Schliessen Sie Ihren aktuellen Browser und öffnen Sie einen Neuen" msgid "Registration pending" -msgstr "" +msgstr "Registrierung steht noch aus" msgid "" "There are known issues with the automatic redirection on Opera browsers. " "Please open a new browser window from time to time to see if your access was" " enabled." -msgstr "" +msgstr "Es gibt bekannte Probleme mit der automatischen Weiterleitung in Opera-Browsern. Bitte öffnen sie immer mal ein neues Browserfenster um zu sehen ob ihr Zugriff aktiviert wurde." msgid "" "Some versions of Internet Explorer may take a while before redirection " "occur." -msgstr "" +msgstr "Einige Versionen des Internet Explorer brauchen evtl. einen Moment bevor die Weiterleitung stattfindet." msgid "I accept the terms" -msgstr "" +msgstr "Ich akzeptiere die Bedingungen" msgid "I have read and accept the terms" -msgstr "" +msgstr "Ich habe die Bedingungen gelesen und akzeptiere sie" msgid "You need to accept the terms before proceeding any further." -msgstr "" +msgstr "Sie müssen die Bedingungen akzeptieren bevor sie fortsetzen." msgid "" "Your registration is pending approval. Once approved you will be " "automatically redirected." -msgstr "" +msgstr "Ihre Registrierung wartet auf Genehmigung. Sobald sie genehmigt wurde, werden sie weitergeleitet." msgid "Next page" -msgstr "" +msgstr "Nächste Seite" msgid "" "The activation code provided is invalid. Reasons could be: it never existed," " it was already used or has expired." -msgstr "" +msgstr "Der angegebene Aktivierungscode ist ungültig. Dies kann folgende Gründe haben: es gab ihn nie, er wurde schon benutzt oder er ist abgelaufen." msgid "" "You have been detected using a device that has been explicitly disallowed by" " your network administrator." -msgstr "" +msgstr "Es wurde festgestellt dass sie ein Gerät benutzen, welches explizit vom Administrator verboten wurde." msgid "NAT Device Detected" -msgstr "" +msgstr "NAT Gerät erkannt" msgid "" "You have been detected using a device that performs network address " "translation (NAT). These devices, typically wireless access points or " "'routers' are not permitted on the network. Please unplug this device and " "connect your computer directly to the network for access." -msgstr "" +msgstr "Es wurde festgestellt dass sie ein Gerät einsetzen welches Network Address Translation (NAT) verwendet. Diese Geräte, typischerweise AccessPoints oder Router sind in diesem Netzwerk nicht erlaubt. Bitte trennen Sie dieses Gerät vom Netzwerk und verbinden Sie ihren Rechner direkt mit dem Netzwerk um Zugriff zu erhalten." msgid "Rogue DHCP server" -msgstr "" +msgstr "Unauthorisierter DHCP Server" msgid "You have been detected running a rogue DHCP server. Please disable it." -msgstr "" +msgstr "Es wurde festgestellt dass sie einen unauthorisierten DHCP Server betreiben. Bitte deaktivieren sie ihn." msgid "Vulnerability Scanning" -msgstr "" +msgstr "Schwachstellen Scan" msgid "" "Your system will be scanned for vulnerabilities before you are allowed to " "enter the network. Please click on the button below, this can take anywhere " "from a few seconds to a couple of minutes." -msgstr "" +msgstr "Ihr System wird auf Schwachstellen geprüft bevor sie Zugang zum Netzwerk erhalten. Bitte klicken sie unten auf den Button, dies kann ein paar Sekunden bis zu mehreren Minuten dauern." msgid "Malware found!" -msgstr "" +msgstr "Schadsoftware gefunden!" msgid "" "Your system has been found to be infected with malware. Due to the threat " "this infection poses for other systems on the network, network connectivity " "has been disabled until corrective action is taken." -msgstr "" +msgstr "Es wurde festgestellt dass ihr System mit Schadsoftware infiziert ist. Aufgrund der Bedrohung die diese Infektion für andere Systeme im Netzwerk darstellt, wurde ihre Netzwerkverbindung deaktiviert bis sie das Problem behoben haben." msgid "Malware Removal" -msgstr "" +msgstr "Schadsoftware Entfernung" msgid "LSASS Worm" -msgstr "" +msgstr "LSASS Wurm" msgid "" "Your system has been found to be infected with An LSASS-based worm. Due to " "the threat this infection poses for other systems on the network, network " "connectivity has been disabled until corrective action is taken. " "Instructions for disinfection are below:" -msgstr "" +msgstr "Es wurde festgestellt dass ihr System mit einem LSASS-basierten Wurm infiziert ist. Aufgrund der Bedrohung die diese Infektion für andere Systeme im Netzwerk darstellt, wurde ihre Netzwerkverbindung deaktiviert bis sie das Problem behoben haben.\nAnweisungen zur Entfernung finden sie unten:" msgid "Worm Removal" -msgstr "" +msgstr "Wurmentfernung" msgid "" "Make sure your antivirus is working. You might want to perform a full system" @@ -655,338 +661,365 @@ msgid "" "network access. Make sure that you followed the instructions to correct the " "issue. Failure to do so will result in network access being disabled again. " "Repeated failures will result in access being disabled permanently." -msgstr "" +msgstr "Stellen sie sicher dass ihre Antiviren-Lösung funktioniert. Führen sie evtl. einen vollen System-Scan durch. Wenn sie auf den 'Netzwerk aktivieren'-Button klicken wird ihr Netzwerk wieder aktiviert. Stellen sie sicher dass sie den Angaben zum Beheben des Problems gefolgt sind. Wenn dies nicht der Fall ist, wird der Netzwerkzugriff wieder deaktiviert. Wiederholte Fehler führen zu einer permanenten Deaktivierung." msgid "Trojan Infection" -msgstr "" +msgstr "Trojaner" msgid "Unauthorized device" -msgstr "" +msgstr "Unauthorisiertes Gerät" msgid "" "Your system has been found to be infected with a Trojan IRC bot and is " "scanning other systems. Due to the threat this infection poses for other " "systems on the network, network connectivity has been disabled until " "corrective action is taken." -msgstr "" +msgstr "Es wurde festgestellt dass ihr System mit einem Trojaner IRC Bot infiziert ist und andere Systeme scannt. Aufgrund der Bedrohung die diese Infektion für andere Systeme im Netzwerk darstellt, wurde ihre Netzwerkverbindung deaktiviert bis sie das Problem behoben haben." msgid "Zotob Infection" -msgstr "" +msgstr "Zotob Infektion" msgid "" "Your system has been found to be infected with a Zotob worm and is scanning " "other systems. Due to the threat this infection poses for other systems on " "the network, network connectivity has been disabled until corrective action " "is taken." -msgstr "" +msgstr "Es wurde festgestellt dass ihr System mit einem Zotob-Wurm infiziert ist. Aufgrund der Bedrohung die diese Infektion für andere Systeme im Netzwerk darstellt, wurde ihre Netzwerkverbindung deaktiviert bis sie das Problem behoben haben." msgid "" "Your network access is currently being enabled. Once network connectivity is" " established you will be automatically redirected." -msgstr "" +msgstr "Ihr Netzwerkzugang wird gerade aktiviert. Sobald die Netzwerkverbindung hergestellt wurde, werden sie automatisch weitergeleitet." msgid "Your network access is currently being enabled. Please wait..." -msgstr "" +msgstr "Ihr Netzwerkzugang wird gerade aktiviert. Bitte warten..." msgid "You must be authenticated to manage guests." -msgstr "" +msgstr "Sie müssen authentifiziert sein um Gäste verwalten zu können." msgid "This account is expired." -msgstr "" +msgstr "Dieser Zugang ist abgelaufen." msgid "This account is not yet activated." -msgstr "" +msgstr "Dieser Zugang ist noch nicht aktiviert." msgid "" "Your network should be enabled within a minute or two. If it is not reboot " "your computer." -msgstr "" +msgstr "Ihr Netzwerk sollte in den nächsten ein bis zwei Minuten aktiviert werden. Wenn nicht, starten sie bitte ihren Rechner neu." msgid "Invalid PIN" -msgstr "" +msgstr "Ungültige PIN" msgid "Username Prefix" -msgstr "" +msgstr "Benutzername Prefix" msgid "Quantity" -msgstr "" +msgstr "Anzahl" msgid "Print access codes" -msgstr "" +msgstr "Zugriffscode drucken" msgid "Logout" -msgstr "" +msgstr "Ausloggen" msgid "Required columns: username, password." -msgstr "" +msgstr "Benötigte Spalten: Benutzername, Passwort" msgid "Column Delimiter" -msgstr "" +msgstr "Spaltenbegrenzer" msgid "Columns Order" -msgstr "" +msgstr "Spaltenreihenfolge" msgid "comma (,)" -msgstr "" +msgstr "komma(,)" msgid "semicolon (;)" -msgstr "" +msgstr "semikolon(;)" msgid "tab" -msgstr "" +msgstr "tab" msgid "Format is: yyyy-mm-dd" -msgstr "" +msgstr "Das Format ist: jjjj-mm-dd" msgid "Import file" -msgstr "" +msgstr "Importdatei" msgid "Access to the guest network has been granted until %s." -msgstr "" +msgstr "Zugriff auf das Gast-Netzwerk wurde bis zum %s gestattet" msgid "Access to the guest network has been granted." -msgstr "" +msgstr "Zugriff auf das Gast-Netzwerk wurde gewährt." msgid "Access to the guest network granted" -msgstr "" +msgstr "Zugriff auf das Gast-Netzwerk wurde gestattet" msgid "" "Your XML configuration have been generated and is now ready to download. " "Follow the link below in order to get access to the secure SSID." -msgstr "" +msgstr "Ihre XML-Konfiguration wurde generiert und steht nun zum Download bereit.\nFolgen Sie dem Link unten um Zugriff auf die sichere SSID zu bekommen." msgid "Click to install your generated wireless profile." -msgstr "" +msgstr "Klicken um das generierte Wireless-Profil zu installieren." msgid "Internet Access Package" -msgstr "" +msgstr "Internetzugriffspaket" msgid "Credit Card Number" -msgstr "" +msgstr "Kreditkartennummer" msgid "Credit Card Expiration Date" -msgstr "" +msgstr "Kreditkartenablaufdatum" msgid "MMYY" -msgstr "" +msgstr "MMJJ" msgid "Credit Card Verification Number" -msgstr "" +msgstr "Kreditkarten Prüfnummer" msgid "Continue" -msgstr "" +msgstr "Fortsetzen" msgid "" "An error occured while processing your payment. Incorrect credit card " "informations provided." -msgstr "" +msgstr "Bei der Bearbeitung ihrer Bezahlung ist ein Fehler aufgetreten. Es wurden ungültige Kreditkarteninformationen angegeben" msgid "" "An error occured while processing you payment. Your credit card has not been" " charged." -msgstr "" +msgstr "Bei der Bearbeitung ihrer Bezahlung ist ein Fehler aufgetreten. Ihre Kreditkarte wurde nicht belastet." msgid "The scan report code provided is invalid or expired." -msgstr "" +msgstr "Der Scan-Report Code ist ungültig oder abgelaufen." # SoH filters msgid "Filters" -msgstr "" +msgstr "Filter" msgid "" "Define the filters which will apply to all NAP-capable clients that produce " "a statement of health (SoH)." -msgstr "" +msgstr "Definieren sie die Filter, welche auf alle NAP-fähigen Clients, welche einen Statement of Health(SoH) liefern, angewandt werden." msgid "Delete this filter" -msgstr "" +msgstr "Diesen Filter löschen" msgid "Do nothing" -msgstr "" +msgstr "Nichts tun" msgid "Accept" -msgstr "" +msgstr "Akzeptieren" msgid "Reject" -msgstr "" +msgstr "Abweisen" msgid "Trigger violation" -msgstr "" +msgstr "Verstoß auslösen" msgid "Conditions:" -msgstr "" +msgstr "Bedingungen:" msgid "(None yet)" -msgstr "" +msgstr "(bisher keine)" msgid "Add a condition" -msgstr "" +msgstr "Bedingung hinzufügen" msgid "Delete this condition" -msgstr "" +msgstr "Diese Bedingung löschen" msgid "Firewall" -msgstr "" +msgstr "Firewall" msgid "Anti-virus" -msgstr "" +msgstr "Antivirus" msgid "Anti-spyware" -msgstr "" +msgstr "Anti-Spyware" msgid "Auto-updates" -msgstr "" +msgstr "Auto-Updates" msgid "Security updates" -msgstr "" +msgstr "Sicherheitsupdates" msgid "is" -msgstr "" +msgstr "ist" msgid "is not" -msgstr "" +msgstr "ist nicht" msgid "ok" -msgstr "" +msgstr "Ok" msgid "installed" -msgstr "" +msgstr "installiert" msgid "enabled" -msgstr "" +msgstr "aktiviert" msgid "disabled" -msgstr "" +msgstr "deaktiviert" msgid "up-to-date" -msgstr "" +msgstr "aktuell" msgid "from Microsoft" -msgstr "" +msgstr "von Microsoft" msgid "Action:" -msgstr "" +msgstr "Aktion:" msgid "Add a filter" -msgstr "" +msgstr "Filter hinzufügen" msgid "Save filters" -msgstr "" +msgstr "Filter speichern" msgid "Invalid response" -msgstr "" +msgstr "Ungültige Antwort" msgid "Request failed" -msgstr "" +msgstr "Anfrage fehlgeschlagen" msgid "Are you sure you want to delete this filter?" -msgstr "" +msgstr "Diesen Filter wirklich löschen ?" msgid "Enter new filter name" -msgstr "" +msgstr "Neuen Filternamen eingeben" msgid "Guest Sponsor Login" -msgstr "" +msgstr "Gast Sponsor Login" msgid "Before we proceed with guest activation, we need you to authenticate." -msgstr "" +msgstr "Bevor wir mit der Gast-Aktivierung fortfahren, müssen Sie sich authentifizieren." msgid "" "You have reached the maximum number of devices you are able to register with" " this username." -msgstr "" +msgstr "Sie haben die maximale Anzahl an Geräten erreicht, die Sie mit diesem Benutzer registrieren können." msgid "" "An email has been sent to your email address. Click on the activation link " "to confirm your email address. Once confirmed you will receive a username " "and password by email for you to use once on-site." -msgstr "" +msgstr "Eine Email wurde an Ihre Emailadresse geschickt. Klicken Sie auf den Aktivierungslink um Ihre Emailadresse zu bestätigen. Sobald diese bestätigt ist, erhalten Sie per Email einen Benutzernamen und ein Passwort zur Verwendung vor Ort." msgid "" "An access request was sent to the sponsor's email. You will receive an email" " with a username and password once your access has been approved." -msgstr "" +msgstr "Eine Zugriffsanfrage wurde an die Email des Sponsors geschickt. Sie erhalten eine Email mit Benutzernamen und Passwort sobald Ihr Zugriff bestätigt wurde." msgid "Registration in advance by SMS is not supported." -msgstr "" +msgstr "Vorabregistrierung per SMS wird nicht unterstützt." msgid "%s: Guest Network Access Information" -msgstr "" +msgstr "%s: Gast-Netzwerk Zugangsinformation" msgid "%s: Guest access confirmed!" -msgstr "" +msgstr "%s: Gast Zugang bestätigt!" msgid "%s: Guest network access enabled" -msgstr "" +msgstr "%s: Gastnetzwerk-Zugriff aktiviert" msgid "" "There was a problem trying to find the computer to register. The problem has" " been logged." -msgstr "" +msgstr "Es gab ein Problem beim Versuch den zu registrierenden Computer zu finden. Das Problem wurde geloggt." msgid "" "The device with MAC address %s has already been authorized to your network." -msgstr "" +msgstr "Das Gerät mit der MAC-Adresse %s wurde bereits für Ihr Netzwerk autorisiert." msgid "%s: Guest access request" -msgstr "" +msgstr "%s: Gastzugangsanfrage" msgid "%s: Guest access request accepted" -msgstr "" +msgstr "%s: Gastzugangsanfrage angenommen" msgid "Guest pre-registration is not allowed by policy" -msgstr "" +msgstr "Gast Vorabregistrierung ist per Richtlinie nicht erlaubt" msgid "" "If you choose to have your access sponsored, we will send " "an email to the Sponsor email you provided with an activation link. The " "sponsor will need to click on that link and authenticate in order to approve" " you in." -msgstr "" +msgstr "Wenn sie sich entscheiden ihren Zugangs per Sponsor zu erhalten, werden wir einen Aktivierungslink per Email an die Emailadresse des Sponsors, den Sie angegeben haben schicken. Der Sponsor muss dann auf diesen Link klicken und sich authentifizieren um Sie zu bestätigen." msgid "You will receive guest credentials by email once approved." -msgstr "" +msgstr "Sie erhalten Gastzugangsdaten per Email sobald Ihr Zugang bestätigt wurden." msgid "You will be in a waiting area until approved." -msgstr "" +msgstr "Sie werden sich in einem Wartebereich befinden bis Ihr Zugang bestätigt wurde." msgid "Register through a Sponsor" -msgstr "" +msgstr "Per Sponsor registrieren" msgid "Network Access Requested" -msgstr "" +msgstr "Netzwerkzugang beantragt" msgid "Access to the guest network confirmed" -msgstr "" +msgstr "Zugang zum Gastnetzwerk bestätigt" msgid "" "Access to the guest network has been successfully confirmed. You should " "receive credentials for on-site guest access by email shortly." -msgstr "" +msgstr "Zugang zum Gastnetzwerk wurde erfolgreich bestätigt. Sie sollten die Zugangsdaten für den Gastzugang vor Ort in Kürze per Email erhalten." msgid "%s: Email activation required" -msgstr "" +msgstr "%s: Emailaktivierung erforderlich" msgid "Missing mandatory parameter or malformed entry" -msgstr "" +msgstr "Zwingender Parameter fehlt oder fehlerhafter Eintrag." msgid "Missing mandatory parameter(s): %s" -msgstr "" +msgstr "Fehlende(r) zwingende(r) Parameter: %s" msgid "Illegal email address provided" -msgstr "" +msgstr "Ungültige Emailadresse angegeben" msgid "Illegal phone number provided" -msgstr "" +msgstr "Ungültige Telefonnummer angegeben" msgid "Acceptable Use Policy (AUP) was not accepted" -msgstr "" +msgstr "Nutzungsvereinbarung wurde nicht akzeptiert" msgid "Your access can only be sponsored by a %s email address" -msgstr "" +msgstr "Ihr Zugang kann nur von einer %s Emailadresse gesponsort werden" msgid "Unable to validate your sponsor at the moment" -msgstr "" +msgstr "Ihr Sponsor kann im Moment nicht überprüft werden" msgid "Email %s is not allowed to sponsor guest access" -msgstr "" +msgstr "Die Email %s darf keinen Gastzugang sponsoren" + +msgid "You need to be authenticated to access this page." +msgstr "Sie müssen sich authentifizieren um auf diese Seite zuzugreifen." + +msgid "OAuth2 Error: Failed to get the token" +msgstr "OAuth2 Fehler: Kein Token erhalten" + +msgid "OAuth2 Error: Failed to validate the token, please retry" +msgstr "OAuth2 Fehler: Token konnte nicht validiert werden, bitte erneut versuchen" + +msgid "Registration canceled please try again" +msgstr "Registrierung abgebrochen, bitte erneut versuchen" + +msgid "Please verify MAC address provided" +msgstr "Bitte angegebene MAC-Adresse verifizieren" + +msgid "You are not authorized" +msgstr "Sie sind nicht berechtigt" + +msgid "The MAC address %s has been successfully registered." +msgstr "Die MAC-Adresse %s wurde erfolgreich registriert." + +msgid "The MAC address %s provided is invalid please try again" +msgstr "Die MAC-Adresse %s ist ungültig, bitte nochmal versuchen" + +msgid "This module is not enabled" +msgstr "Dieses Modul ist nicht aktiviert" From 126d4870b217c13936ec344ed4393c55082ac3b9 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 11 Dec 2013 13:48:20 -0500 Subject: [PATCH 366/369] Prepare release 4.1.0 --- NEWS.asciidoc | 4 ++-- debian/changelog | 6 ++++++ ...PacketFence_Network_Devices_Configuration_Guide.asciidoc | 4 ++-- docs/docinfo.xml | 2 +- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/NEWS.asciidoc b/NEWS.asciidoc index be91d0e08974..b9e94f3cf2de 100644 --- a/NEWS.asciidoc +++ b/NEWS.asciidoc @@ -11,7 +11,7 @@ This is a list of noteworthy changes across releases. For more details and developer visible changes see the ChangeLog file. For a list of compatibility related changes see the UPGRADE.asciidoc file. -Version 4.1.0 released on 2013-MM-DD +Version 4.1.0 released on 2013-12-11 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ New Features @@ -20,7 +20,7 @@ New Features * Portal profiles can be filtered by switches * Proxy interception * New pfcmd command fixpermissions -* Added a Null Authenication Source +* Added a "Null" authenication source * Displayed columns of nodes are now customizable * Create a single node or import multiple nodes from a CSV file from the Web admin * LDAP authentication sources can now filter by group membership using a second LDAP query diff --git a/debian/changelog b/debian/changelog index e36c7a519844..e45bd5236159 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +packetfence (4.1.0) unstable; urgency=low + + * Version 4.1.0 + + -- Francis Lachapelle Wed, 11 Dec 2013 12:00:00 -0400 + packetfence (4.0.6) unstable; urgency=low * Version 4.0.6 diff --git a/docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc b/docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc index 37d768cac4e9..e998dd6a9ee8 100644 --- a/docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc +++ b/docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc @@ -47,7 +47,7 @@ Note on Inline enforcement support ---------------------------------- There is no need to follow the instructions in this guide if you plan on deploying in inline -enforcement, except radius inline. In this case all you need to do is to have a flat layer 2 network up to +enforcement, except RADIUS inline. In this case all you need to do is to have a flat layer 2 network up to PacketFence's inline interface with no other gateway available for devices to reach out to the Internet. @@ -1130,7 +1130,7 @@ Dell Force 10 ^^^^^^^^ -PacketFence supports this switch using radiusi mac-auth and 802.1x +PacketFence supports this switch using RADIUS, MAC-Authentication and 802.1x. Global config settings diff --git a/docs/docinfo.xml b/docs/docinfo.xml index c4824483c4bd..7ef185ee3153 100644 --- a/docs/docinfo.xml +++ b/docs/docinfo.xml @@ -1,7 +1,7 @@ Version 4.1.0 - December 2013 for version 4.1.0 -2013-12-05 +2013-12-11 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". From a0d35eb98e6f495ea606e75e652ed9dda51bd2d8 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 11 Dec 2013 14:03:39 -0500 Subject: [PATCH 367/369] Prepare release 4.1.0 --- addons/packages/packetfence.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/addons/packages/packetfence.spec b/addons/packages/packetfence.spec index 7daa42a7e9d3..ccd1f42509b6 100644 --- a/addons/packages/packetfence.spec +++ b/addons/packages/packetfence.spec @@ -870,6 +870,9 @@ fi %attr(6755, root, root) /usr/local/pf/bin/pfcmd %changelog +* Wed Dec 11 2013 Francis Lachapelle - 4.1.0-1 +- New release 4.1.0 + * Thu Sep 5 2013 Francis Lachapelle - 4.0.6-1 - New release 4.0.6 From 53bd99cb11bb531d489552d3480a7ac2fda9d5d5 Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Wed, 11 Dec 2013 14:20:03 -0500 Subject: [PATCH 368/369] Update ChangeLog --- ChangeLog | 3572 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 3572 insertions(+) diff --git a/ChangeLog b/ChangeLog index fe6b25077484..a05ab8f956e5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,3575 @@ +commit a0d35eb98e6f495ea606e75e652ed9dda51bd2d8 +Author: Francis Lachapelle +Date: Wed Dec 11 14:03:39 2013 -0500 + + Prepare release 4.1.0 + +M addons/packages/packetfence.spec + +commit 126d4870b217c13936ec344ed4393c55082ac3b9 +Author: Francis Lachapelle +Date: Wed Dec 11 13:48:20 2013 -0500 + + Prepare release 4.1.0 + +M NEWS.asciidoc +M debian/changelog +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc +M docs/docinfo.xml + +commit 29d5553ea30e1649a4e0aec38511fa57ed3a2475 +Author: Francis Lachapelle +Date: Wed Dec 11 13:45:00 2013 -0500 + + Update German translation + +M NEWS.asciidoc +M conf/locale/de/LC_MESSAGES/packetfence.po + +commit 044e706cad15ac9b5620e5bf8bf785435da60ba0 +Author: Francis Lachapelle +Date: Wed Dec 11 12:26:14 2013 -0500 + + Improve help on Web admin interface + +M html/pfappserver/root/configuration/adminroles/index.tt +M html/pfappserver/root/portal/profile/view.tt +M lib/pf/pfcmd/help.pm + +commit 3e67e39c24d1444254d4bf9e8429f3b6e6d69ddd +Author: Francis Lachapelle +Date: Wed Dec 11 12:05:37 2013 -0500 + + Improve error message in Null auth source + +M lib/pf/Authentication/Source/NullSource.pm + +commit 108a7a854fec544750b15f5f155d4eaad9e4fb96 +Author: Francis Lachapelle +Date: Wed Dec 11 12:05:00 2013 -0500 + + Cleanup bundled values of authentication.conf + +M conf/authentication.conf + +commit d34f7441c1fd3ab492e8a0c62ff52649b04c6743 +Author: Francis Lachapelle +Date: Wed Dec 11 11:50:26 2013 -0500 + + Simple search of nodes: respect spaces + + We must respect the space characters when the search string doesn't + match a MAC address. + +M lib/pf/node.pm + +commit c96192b7d6b9a6e4f0415853205165c097f36494 +Author: Jean Raby +Date: Wed Dec 11 10:48:40 2013 -0500 + + fix invalid regex (^ was escaped by the shell) + +M addons/watchdog/freeradius-watchdog.sh + +commit 6bdccd9845ff5e457188d55cea3bfba189a2ed46 +Author: Francis Lachapelle +Date: Tue Dec 10 14:46:48 2013 -0500 + + Improve SSID report on web admin + +M NEWS.asciidoc +M lib/pf/pfcmd/report.pm + +commit 4c73805b7de7d73d1ebec0e6690782f6426fc290 +Author: Durand Fabrice +Date: Tue Dec 10 09:26:03 2013 -0500 + + Removed support for the httpd service + +M lib/pf/pfcmd.pm + +commit 858f8267fb45a018118ce2199b4aa0652eca9e3d +Author: James Rouzier +Date: Mon Dec 9 13:07:17 2013 -0500 + + Will not set destination_url if the url matches the captive portal + +M lib/pf/web/dispatcher.pm + +commit 01eae41b6192ec5e3fe663caf7a8a5f20750b3d0 +Author: James Rouzier +Date: Mon Dec 9 12:46:27 2013 -0500 + + Use isenabled for forceRedirectURL + +M lib/pf/Portal/Session.pm + +commit 4f9252398c13932663824d1fe7c2711e6c9ada0d +Author: James Rouzier +Date: Fri Dec 6 16:11:58 2013 -0500 + + Updated news file + +M NEWS.asciidoc + +commit bcc51e64b47e1ea6885c4f0020104e203672e340 +Author: James Rouzier +Date: Mon Jul 15 11:28:12 2013 -0400 + + Use the correct prepared statement when there are no dates defined + +M lib/pf/ifoctetslog.pm + +commit 95db68e4f8ea6afbeaa5d9a9e732a423ef40716b +Author: James Rouzier +Date: Fri Dec 6 15:02:52 2013 -0500 + + Clearing network information when reloading pf.conf + +M lib/pf/config.pm + +commit 0493a64e8ec18641a5f347dab47772b5840a7e41 +Author: James Rouzier +Date: Fri Dec 6 14:37:08 2013 -0500 + + Start/Stop/Restart will now call the pfcmd and wait for it's completion before return + +M html/pfappserver/lib/pfappserver/Controller/Service.pm + +commit 5185a250e832cf89a87c631614ac2f4c52f1f4bf +Author: James Rouzier +Date: Fri Dec 6 14:25:32 2013 -0500 + + Service status is called with quick parameter + +M html/pfappserver/lib/pfappserver/Model/Services.pm + +commit 0011712941e21f74e6343f56843077ed76897e06 +Author: James Rouzier +Date: Fri Dec 6 14:24:16 2013 -0500 + + Will not removestaleFile if the quick argument is true + +M lib/pf/services/manager.pm +M lib/pf/services/manager/submanager.pm + +commit 4509bfece03bd493658871122bcf0f8b78ec9621 +Author: Francis Lachapelle +Date: Fri Dec 6 11:17:47 2013 -0500 + + Add allow_localdomain option to the sponsor source + +M NEWS.asciidoc +M conf/authentication.conf +M html/pfappserver/lib/pfappserver/Form/Authentication/Source/Null.pm +M html/pfappserver/lib/pfappserver/Form/Authentication/Source/SponsorEmail.pm +M html/pfappserver/root/authentication/source/type/SponsorEmail.tt +M lib/pf/Authentication/Source/SponsorEmailSource.pm +M lib/pf/web/guest.pm + +commit 59ae1ac51e4af794eba4df8221c7b1b536b30946 +Author: Francis Lachapelle +Date: Fri Dec 6 11:09:58 2013 -0500 + + Fix saving allow_localdomain in email source + + When the checkbox was unchecked, the option was not saved and was + enabled by default. + +M NEWS.asciidoc +M html/pfappserver/lib/pfappserver/Form/Authentication/Source/Email.pm +M lib/pf/Authentication/Source/EmailSource.pm +M lib/pf/Authentication/Source/NullSource.pm + +commit e96e1f2070fe32b0020a0d61fdfd588f8cf56703 +Author: Francis Lachapelle +Date: Thu Dec 5 16:48:58 2013 -0500 + + New link on SMS confirmation page to cancel + + Instead of automatically changing the node status to unreg when visiting + the captive portal, we now keep the node in pending mode but allow the + user to go back to the registration page that will unregister the node + and display the login/registration page. + +M NEWS.asciidoc +M html/captive-portal/redir.cgi +M html/captive-portal/templates/guest/sms_confirmation.html + +commit 8ad273092bbc8ca61c355b0c882a10494ed560c4 +Author: Francis Lachapelle +Date: Thu Dec 5 16:47:09 2013 -0500 + + Initial destination URL is now respected with FF + +M NEWS.asciidoc +M html/captive-portal/templates/pending.html +M html/captive-portal/templates/release.html +M html/captive-portal/templates/scan-in-progress.html +M html/common/pf.js +M lib/pf/Portal/Session.pm +M lib/pf/web.pm + +commit 5c04de6f2e8e9bbaad7ee49caff574758a41bf4e +Author: Francis Lachapelle +Date: Thu Dec 5 14:40:30 2013 -0500 + + Fixed pid of SMS-registered devices + +M NEWS.asciidoc +M html/captive-portal/mobile-confirmation.cgi + +commit aeeb54f2d3c435a68fd52c85a683b2b778c89a75 +Author: Durand Fabrice +Date: Thu Dec 5 10:04:54 2013 -0500 + + Fix redirect_url + +M lib/pf/web.pm + +commit db4b7ce341b4f3cb9cbad8f7f4d13619124a6e31 +Author: James Rouzier +Date: Wed Dec 4 14:34:44 2013 -0500 + + Will pass orginal url to captive portal as the destination_url + +M lib/pf/web/dispatcher.pm + +commit b3191cbb2aa5cb2a033f6fd72e21ed0b693a3948 +Author: Durand Fabrice +Date: Wed Dec 4 13:16:48 2013 -0500 + + Added autoreg default value in node_modify + +M lib/pf/node.pm + +commit 0a791b092e41a9a72b9ded4c15e2cd240e72c783 +Author: Durand Fabrice +Date: Wed Dec 4 10:25:55 2013 -0500 + + Update doc for dynamic radius client and fix sql syntax + +M docs/PacketFence_Administration_Guide.asciidoc +M raddb/sites-available/dynamic-clients + +commit 9b006cf3ce431fdd85ef87ee5c239dd76f5efbea +Author: Durand Fabrice +Date: Wed Dec 4 09:26:41 2013 -0500 + + Missing autoreg in node_add sql and test if pf.conf exist before trying to manage iptables + +M bin/pfcmd.pl +M lib/pf/node.pm + +commit 6b6073b9e868299ab5b38c090c65fc4812c44bd7 +Author: James Rouzier +Date: Tue Dec 3 14:45:18 2013 -0500 + + Change the default admin level + +M conf/authentication.conf + +commit c8db7ae8bf9650c11e598d18f490dbda15871567 +Author: Durand Fabrice +Date: Tue Dec 3 14:43:05 2013 -0500 + + Fix syntax + +M lib/pf/vlan.pm + +commit 850c83c6e43d52e6b0579b6bf8353b3a2a7e2c47 +Author: Durand Fabrice +Date: Tue Dec 3 14:33:48 2013 -0500 + + added a new column in node table to detect if the node has been auto registered + +M NEWS.asciidoc +M db/pf-schema-4.1.0.sql +M db/upgrade-4.0.0-4.1.0.sql +M lib/pf/node.pm +M lib/pf/vlan.pm + +commit 8dd8caae28794cdf97d9ac45e5c918a8f9440f59 +Author: Francis Lachapelle +Date: Tue Dec 3 10:06:24 2013 -0500 + + Fix warning in condition in pf::vlan + +M lib/pf/vlan.pm + +commit 12015d45f33ef03365684797a54c68059ace9ada +Author: Francis Lachapelle +Date: Tue Dec 3 09:49:32 2013 -0500 + + Bump release to 4.1.0 + +M conf/pf-release +M docs/docinfo.xml +M docs/includes/global-attributes.asciidoc + +commit 3cf7ab61232404437ad7d4c74f22313b8d88e47a +Author: Francis Lachapelle +Date: Tue Dec 3 09:46:54 2013 -0500 + + Update HTTP/BrowserDetect.pm + +M lib/HTTP/BrowserDetect.pm + +commit f75306001e54a512998225352ecd86941b316566 +Author: Francis Lachapelle +Date: Tue Dec 3 09:40:00 2013 -0500 + + Fix warning in condition in pf::vlan + +M lib/pf/vlan.pm + +commit fd482e1e60264fa994eff38472bf2f54ffdb15e3 +Author: Francis Lachapelle +Date: Tue Dec 3 09:17:46 2013 -0500 + + Fix packaging + +M addons/packages/packetfence.spec +M debian/packetfence.conffiles + +commit 7e8eea8cd15b3b0a687036c5b4938195340ae7f9 +Author: Francis Lachapelle +Date: Mon Dec 2 22:28:21 2013 -0500 + + Fix reordering of conf sections and groups + + Fixes #1749 + +M NEWS.asciidoc +M lib/pf/IniFiles.pm + +commit e4d21cdb79186ad4445dc8ec4c663629afdb3267 +Author: James Rouzier +Date: Mon Dec 2 18:43:52 2013 -0500 + + New schema for 4.1.0 release + +A db/pf-schema-4.1.0.sql + +commit 91d10b766bad7e98e83859997295dc646add6b63 +Author: James Rouzier +Date: Mon Dec 2 16:33:11 2013 -0500 + + Will not attempt to repopulate db if if database is down + +M lib/pf/freeradius.pm + +commit 3e137256d747ea5dad7e7614da385585441a0652 +Author: James Rouzier +Date: Mon Dec 2 12:04:13 2013 -0500 + + Refactor color usage on the command + +M bin/pfcmd.pl + +commit 26865a9cee896baec98acc126131c75f30fc569f +Author: James Rouzier +Date: Mon Dec 2 12:00:29 2013 -0500 + + Check if the database is alive before loading into database + +M lib/pf/violation_config.pm + +commit 8e489db30e9f345448ba1e56b7d6e24c558c4de9 +Author: James Rouzier +Date: Mon Dec 2 11:56:12 2013 -0500 + + Add db_ping function + +M lib/pf/db.pm + +commit dd4fada0f5e07ab89b86b607e62e5b510df2a5b9 +Author: James Rouzier +Date: Fri Nov 29 17:28:53 2013 -0500 + + Validate startup array references + +M bin/pfcmd.pl + +commit 413a6db801187d8f288e5ac4df112c6d8b85196f +Author: James Rouzier +Date: Mon Dec 2 09:50:15 2013 -0500 + + Will only attempt repopulation of switches if there switches need to be changed + +M lib/pf/freeradius.pm + +commit 3dea4202097adc6651596a2a7519ce33f17ecee0 +Author: Francis Lachapelle +Date: Mon Dec 2 15:41:31 2013 -0500 + + Update NEWS and UPGRADE files + +M NEWS.asciidoc +M UPGRADE.asciidoc +D conf/admin_roles.conf + +commit 3e5827caecfbcc48741a489f30bba02554e9a019 +Author: Durand Fabrice +Date: Mon Dec 2 14:04:45 2013 -0500 + + Synchronise locationlog before trying to match source in portal profile (Autoreg 802.1x) + +M lib/pf/radius.pm + +commit b84ae2ebb2fa5e920c6e3aa00d58d8a90028d4ec +Author: lzammit +Date: Mon Dec 2 13:35:21 2013 -0500 + + Update PacketFence_Administration_Guide.asciidoc + + Disable resolvconf + +M docs/PacketFence_Administration_Guide.asciidoc + +commit b1dcd5cf60b480c87e296303af9e57d41209d15b +Author: Louis Munro +Date: Mon Dec 2 11:06:42 2013 -0500 + + Added a barnyard2 init script. + +M NEWS.asciidoc +A addons/barnyard2.sh + +commit e8166606c4fa25112536de9abc6d88b446f62734 +Author: Durand Fabrice +Date: Mon Dec 2 10:03:27 2013 -0500 + + Added proxy log files in logrotate + +M addons/logrotate + +commit 1cb1414637c3ab64328ba1d37b34947f0001d8d7 +Author: Louis Munro +Date: Mon Dec 2 09:56:10 2013 -0500 + + Updated NEWS.asciidoc to reflect logrotate changes. + +M NEWS.asciidoc + +commit 19cc2d6a484b162d45cf3622a02fbabfe04ae9ed +Author: Louis Munro +Date: Mon Dec 2 09:52:08 2013 -0500 + + Modified logrotate to use copytrucate instead of restarting services. + +M addons/logrotate + +commit aaefe69579e9dc0b5e03afd62698e8190aae28bd +Author: Durand Fabrice +Date: Fri Nov 29 21:40:14 2013 -0500 + + Check the role for dot1x autoregistration from the authentication sources defined + in the captiv portal associated to the connection instead of all the authentication sources. + +M lib/pf/vlan.pm + +commit d682450c9e488d3d3007e1f668975c5a949f30ce +Author: Durand Fabrice +Date: Fri Nov 29 15:16:31 2013 -0500 + + Fix the error "dispatcher.pm line 70", missing test on the Referer + +M lib/pf/web/dispatcher.pm + +commit f5ea594eafcd750135c3b15be732349a9da822c9 +Author: Francis Lachapelle +Date: Fri Nov 29 10:29:39 2013 -0500 + + Fix condition to avoid warning + +M lib/pf/vlan.pm + +commit 13db4dc40a013804f897c00241af7fe30cfb61e0 +Author: James Rouzier +Date: Thu Nov 21 11:40:42 2013 -0500 + + Updated NEWS files + +M NEWS.asciidoc + +commit 144e93976639937bed2f6f80b01b5cde9434c97a +Author: James Rouzier +Date: Thu Nov 21 11:40:21 2013 -0500 + + Will not truncate radius_nas table on restart + +M lib/pf/services.pm +M lib/pf/services/radiusd.pm + +commit d8224a425ffb45261f6596e30de68b66ab0b7679 +Author: James Rouzier +Date: Tue Oct 15 14:19:50 2013 -0400 + + Allow switch to be read dynamically by radius + +M lib/pf/SwitchFactory.pm +M lib/pf/freeradius.pm +M raddb/policy.conf +M raddb/sites-available/dynamic-clients + +commit 7a575d768d20d94b2d307142862e085689c151f0 +Author: Francis Lachapelle +Date: Fri Nov 29 09:20:05 2013 -0500 + + Use prototype Delay method to respect seconds + + We were using the standard setTimeout function which expects + miliseconds, not seconds. + +M html/common/pf.js + +commit ba94b86e0f6e080b523b087b6289288bf463cf23 +Author: Durand Fabrice +Date: Thu Nov 28 16:23:21 2013 -0500 + + Fixed AeroHive trap + +M lib/pf/SNMP/AeroHIVE.pm + +commit 7fce2e5e5bead1614f8982d723067bccb9bb643a +Author: James Rouzier +Date: Thu Nov 28 13:21:23 2013 -0500 + + Start service that require no checkup before service that require checkup + +M bin/pfcmd.pl + +commit 0d425e475c0bcb91cebf0db968c451a88fbb6ca7 +Author: James Rouzier +Date: Thu Nov 28 13:19:35 2013 -0500 + + Setup attribute shouldCheckup to 0 + +M lib/pf/services/manager/httpd_admin.pm +M lib/pf/services/manager/memcached.pm + +commit d9ebfb6a1fd03e571b7c899a6a430c5a54f8e5bf +Author: James Rouzier +Date: Thu Nov 28 13:18:53 2013 -0500 + + Added new attribute shouldCheckup + +M lib/pf/services/manager.pm + +commit 18ce0dcfd6ce4d30fad6994f2949cd45163f178b +Author: James Rouzier +Date: Wed Nov 27 12:04:16 2013 -0500 + + Return value of the parent stop command + +M lib/pf/services/manager/dhcpd.pm + +commit 74032b9b3b5fc943d436ff25714791fc52621feb +Author: James Rouzier +Date: Wed Nov 27 12:03:18 2013 -0500 + + Display better message when a service was not stopped + +M bin/pfcmd.pl + +commit 0c4e5119222189bbc70786285dd2dca6824f6e07 +Author: James Rouzier +Date: Wed Nov 27 12:03:07 2013 -0500 + + Refactor reset + +M bin/pfcmd.pl + +commit a50db5ac614c083bbb12bb7bc23d647eb0a57e4b +Author: James Rouzier +Date: Wed Nov 27 11:49:15 2013 -0500 + + Untaint launcher before passing it to sprintf + +M lib/pf/services/manager.pm + +commit 2d42b20f64c0621390e4e3b23ae3e3e6a66f32c6 +Author: James Rouzier +Date: Wed Nov 20 12:43:24 2013 -0500 + + Fixed configuration generation for httpd based services + +M lib/pf/services/manager/httpd.pm + +commit 4e5e385bd1f083cba886b7f83e37bb85e53df8fa +Author: Francis Lachapelle +Date: Mon Nov 18 13:32:36 2013 -0500 + + Add dependency to Linux::Inotify2 + +M addons/packages/packetfence.spec +M debian/control + +commit ddbeadff8812299796fd63e068552e8194a71e52 +Author: James Rouzier +Date: Fri Oct 18 11:51:39 2013 -0400 + + Refactor get(Stop|Start)ServiceManagers to getManagers + +M bin/pfcmd.pl + +commit c9e9140e218a09bf66a694b9a5b91494c0e63115 +Author: James Rouzier +Date: Tue Oct 15 14:32:47 2013 -0400 + + Group the sub pfhcplistener pidfiles in one inotify object + +M lib/pf/services/manager/pfdhcplistener.pm + +commit bf51c3cbdb088e96adf8979e8e8d5110c95c16e2 +Author: James Rouzier +Date: Tue Oct 15 14:30:35 2013 -0400 + + Moved to use timerfd for timeouts + +M lib/pf/services/manager.pm + +commit ecb706a659955d04f1d1a43b5ea1a2cb7b8ce7b9 +Author: James Rouzier +Date: Fri Oct 4 14:36:45 2013 -0400 + + Added new perl modules + +M addons/packages/packetfence.spec +M debian/control + +commit 8256bd6cad292889fb33f631fcb0d992a7f1c260 +Author: James Rouzier +Date: Fri Oct 4 12:46:42 2013 -0400 + + pfcmd service now has color + +M bin/pfcmd.pl + +commit 7035b857e7dd3145349a8145b610b4aa22c168bf +Author: James Rouzier +Date: Thu Oct 3 20:08:26 2013 -0400 + + Refactor stop watch generateConfig startService postStartCleanup to a generalized around modifier + Overloaded removeStalePid to call removeStalePid on submanagers + +M lib/pf/services/manager/submanager.pm + +commit ac0e21faa2f9f06712adfddba398581fe56ff308 +Author: James Rouzier +Date: Thu Oct 3 18:01:05 2013 -0400 + + refactor the creation of the cmdline to a seperate function + +M lib/pf/services/manager.pm + +commit 0e15324af0f258f0f7ba30557ccdc90ed29b5c4a +Author: James Rouzier +Date: Tue Oct 1 15:14:35 2013 -0400 + + Removed unused variables + +M lib/pf/services.pm + +commit bea183a92377f9c0665cf4dc231e8f580dd738b1 +Author: James Rouzier +Date: Tue Oct 1 14:31:49 2013 -0400 + + Avoid printing double headers on restart + +M bin/pfcmd.pl + +commit 2aa3ec33d436135fe8f4cb607f3ab4eeef528558 +Author: James Rouzier +Date: Tue Oct 1 06:29:18 2013 -0400 + + Add httpd.proxy to service list + +M lib/pf/pfcmd.pm +M lib/pf/services.pm +A lib/pf/services/manager/httpd_proxy.pm + +commit 1eb1d3bfcf0befad454d14002689a6aeca2e1787 +Author: James Rouzier +Date: Mon Sep 30 17:18:45 2013 -0400 + + renamed pf::services::manager::roles::pf_conf_service_managed to pf::services::manager::roles::is_managed_by_pf_conf + +M lib/pf/services/manager/dhcpd.pm +M lib/pf/services/manager/memcached.pm +M lib/pf/services/manager/pfdns.pm +M lib/pf/services/manager/radiusd.pm +A lib/pf/services/manager/roles/is_managed_by_pf_conf.pm +D lib/pf/services/manager/roles/pf_conf_service_managed.pm +M lib/pf/services/manager/snort.pm +M lib/pf/services/manager/suricata.pm + +commit e6ac306d680ad8b8d930114b2f8ec972ec27759c +Author: James Rouzier +Date: Mon Sep 30 09:48:07 2013 -0400 + + Created test and dummy daemon for testing pf::services::manager + +A t/daemon.t +A t/services/dummy + +commit 18baee876e763153d2ecb0460b257abc90e2ea7d +Author: James Rouzier +Date: Mon Sep 30 08:02:22 2013 -0400 + + Code cleanp better logging + +M lib/pf/services/manager.pm + +commit ff296c1fd8af9650b2a6f333d8ebe6ebceaa994b +Author: James Rouzier +Date: Fri Sep 27 15:17:47 2013 -0400 + + Refactored stop where if the process did not stop in 60 seconds kill -9 the process + +M lib/pf/services/manager.pm + +commit cacc253250919fbc4ee21a27417ef36845af95cb +Author: James Rouzier +Date: Thu Sep 26 00:59:18 2013 -0400 + + Refactored pf status in terms of the service manager model + +M html/pfappserver/lib/pfappserver/Model/Services.pm + +commit 15c6714b2e1096c4d00b4f5e3a353891fe1bcd53 +Author: James Rouzier +Date: Wed Sep 25 13:05:39 2013 -0400 + + Removed all old code from lib/pf/services.pm + Refactored service_list & service_ctl in terms of pf::services::manager + moved function getServiceManager from bin/pfcmd.pl to pf::services::get_service_manager + + Removed all code from bin/pfcmd.pl + Refactor getServiceManager to pf::services::get_service_manager + added checkup before starting services + +M bin/pfcmd.pl +M lib/pf/services.pm + +commit c75b6c9d7119bc99b5c5f6f8b3331bed9f9d952d +Author: James Rouzier +Date: Wed Sep 25 12:22:38 2013 -0400 + + Added missing module + +M lib/pf/services/manager/pfdhcplistener.pm + +commit 34503dfc1ff644753d0a7d8467c417975e00584d +Author: James Rouzier +Date: Wed Sep 25 11:34:55 2013 -0400 + + Added vlan/inline enforcement check for is managed + +M lib/pf/services/manager/dhcpd.pm +M lib/pf/services/manager/pfdns.pm +A lib/pf/services/manager/roles/is_managed_vlan_inline_enforcement.pm + +commit e0252f8b10677db6c994c387b4fdff6021f2e9f9 +Author: James Rouzier +Date: Wed Sep 25 11:17:06 2013 -0400 + + Fixed issue with t/pf.t + +M lib/pf/services/manager/roles/pf_conf_trapping_engine.pm + +commit 0d744e5985e24df0fc2956d23a8f04b63a8fbd02 +Author: James Rouzier +Date: Wed Sep 25 11:15:10 2013 -0400 + + Added missed isManaged + +M lib/pf/services/manager/pfdhcplistener.pm + +commit 01e0c4ae46b19d20c4f0ad22319f6fba21208bf4 +Author: James Rouzier +Date: Wed Sep 25 10:15:43 2013 -0400 + + Remove Minor parts from the COPYRIGHT section + +M lib/pf/services/manager.pm +M lib/pf/services/manager/httpd.pm +M lib/pf/services/manager/httpd_admin.pm +M lib/pf/services/manager/httpd_portal.pm +M lib/pf/services/manager/httpd_webservices.pm +M lib/pf/services/manager/memcached.pm +M lib/pf/services/manager/pfdetect.pm +M lib/pf/services/manager/pfdns.pm +M lib/pf/services/manager/pfmon.pm +M lib/pf/services/manager/pfsetvlan.pm +M lib/pf/services/manager/radiusd.pm +M lib/pf/services/manager/roles/pf_conf_service_managed.pm +M lib/pf/services/manager/snmptrapd.pm +M lib/pf/services/manager/snort.pm +M lib/pf/services/manager/submanager.pm +M lib/pf/services/manager/suricata.pm + +commit e27c1a02d8d3cf5f71d568ece5a72e910f098dd3 +Author: James Rouzier +Date: Tue Sep 24 19:17:59 2013 -0400 + + Use the new pf::services::manager framework for the pfcmd service command + +M bin/pfcmd.pl + +commit 235f2f8cb48dcae0c33af88aaef4813785c3c33e +Author: James Rouzier +Date: Tue Sep 24 19:15:41 2013 -0400 + + Added new files for the services refactor + +A lib/pf/services/manager.pm +A lib/pf/services/manager/dhcpd.pm +A lib/pf/services/manager/httpd.pm +A lib/pf/services/manager/httpd_admin.pm +A lib/pf/services/manager/httpd_portal.pm +A lib/pf/services/manager/httpd_webservices.pm +A lib/pf/services/manager/memcached.pm +A lib/pf/services/manager/pfdetect.pm +A lib/pf/services/manager/pfdhcplistener.pm +A lib/pf/services/manager/pfdns.pm +A lib/pf/services/manager/pfmon.pm +A lib/pf/services/manager/pfsetvlan.pm +A lib/pf/services/manager/radiusd.pm +A lib/pf/services/manager/roles/pf_conf_service_managed.pm +A lib/pf/services/manager/roles/pf_conf_trapping_engine.pm +A lib/pf/services/manager/snmptrapd.pm +A lib/pf/services/manager/snort.pm +A lib/pf/services/manager/submanager.pm +A lib/pf/services/manager/suricata.pm + +commit 0aace286ff06c7eafda1fe046fdfe6acc231e809 +Author: Durand Fabrice +Date: Wed Nov 20 17:08:28 2013 -0500 + + Missing lib + +M lib/pf/SNMP/Cisco/Catalyst_2960.pm + +commit 2c984adff6bb4a0c67c0e6349169c31caa38e64b +Author: Durand Fabrice +Date: Wed Nov 20 13:01:05 2013 -0500 + + Missing $switch param + +M sbin/pfsetvlan + +commit 374f66f8a66035beeca3899485aca06d150e48f8 +Author: Durand Fabrice +Date: Wed Oct 30 11:05:56 2013 -0400 + + Added HP Standalone access point module + +A lib/pf/SNMP/HP/MSM.pm + +commit 690509843c60da78ba86fc9a9c835535f91f83e0 +Author: Durand Fabrice +Date: Tue Oct 15 11:08:27 2013 -0400 + + Added custom radius answer for aruba switch (remove vlan id if we have a role) + +M lib/pf/SNMP/ArubaSwitch.pm + +commit 25f1f5d7e7acd97801afd7e17dcd50cc1f57aa6b +Author: Durand Fabrice +Date: Fri Oct 11 16:49:38 2013 -0400 + + Update doc + Added radius attribute + +M docs/PacketFence_Network_Devices_Configuration_Guide.asciidoc +M lib/pf/radius.pm + +commit 486c29face67376b375270d64f7309cd587ba838 +Author: Durand Fabrice +Date: Fri Oct 11 16:18:15 2013 -0400 + + Added wiredeauthTechniques method like deauthTechniques for the wireless + Added ArubaSwitch switch module (mac auth and 802.1x and CoA support) + Added Dell Force10 switch module + Added CoA deauth support for Cisco Switch + +M lib/pf/SNMP.pm +A lib/pf/SNMP/ArubaSwitch.pm +M lib/pf/SNMP/Brocade.pm +M lib/pf/SNMP/Cisco/Catalyst_2950.pm +M lib/pf/SNMP/Cisco/Catalyst_2960.pm +A lib/pf/SNMP/Dell/Force10.pm +M lib/pf/SNMP/Juniper.pm +M lib/pf/SNMP/MockedSwitch.pm +M lib/pf/SNMP/PacketFence.pm +M lib/pf/SNMP/ThreeCom/Switch_4200G.pm +M lib/pf/enforcement.pm +M sbin/pfsetvlan + +commit 442c6e0c8721f891fa05fcd36d458d73a345871f +Author: Francis Lachapelle +Date: Thu Nov 21 16:40:40 2013 -0500 + + Switch editor: Remove 'disabled' class of Save btn + +M html/pfappserver/root/configuration/switch/view.tt + +commit d50f7b26390a1ded8b18e83b2fab54761acdb509 +Author: Francis Lachapelle +Date: Mon Nov 4 10:01:03 2013 -0500 + + Change type of access_level column + + We no longer use a bit string but simply a string that refers to one or + many roles from conf/adminroles.conf + +M db/upgrade-4.0.0-4.1.0.sql + +commit 9bc26205c6caec3a016d53ab96fb866c30186c91 +Author: Francis Lachapelle +Date: Mon Nov 4 09:52:35 2013 -0500 + + Add access rights to interfaces management + +M html/pfappserver/root/admin/configuration.tt +M html/pfappserver/root/config/networks/view.tt +M html/pfappserver/root/interface/index.tt +M html/pfappserver/root/interface/list.tt +M html/pfappserver/root/interface/view.tt + +commit 11a9f73fc704dec5127476a92bab8ac8e50e476a +Author: James Rouzier +Date: Mon Nov 4 08:14:46 2013 -0500 + + Pass roles as an array ref + +M html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm +M html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm +M html/pfappserver/lib/pfappserver/Controller/Admin.pm +M html/pfappserver/lib/pfappserver/View/HTML.pm + +commit a781bd20645153f6a3dc53bf1e475bd5e09eae6f +Author: Francis Lachapelle +Date: Fri Nov 1 16:31:44 2013 -0400 + + Fix access authorization of actions + +M html/pfappserver/lib/pfappserver/View/HTML.pm + +commit 6f8ebd8f2699dd0bc377071fe40ba7df98f79e9b +Author: James Rouzier +Date: Wed Oct 2 11:05:11 2013 -0400 + + pfappserver::Authentication::Store::PacketFence::User->roles returns an array ref instead of an array + +M html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm +M html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm +M html/pfappserver/lib/pfappserver/Controller/Admin.pm +M html/pfappserver/lib/pfappserver/View/HTML.pm + +commit bab9d0f7c899f8b483374e1f591b10f83a102538 +Author: James Rouzier +Date: Thu Oct 10 16:23:16 2013 -0400 + + Imported module pfappserver::Base::Action::AdminRole + Cleanup unused variable + +M html/pfappserver/lib/pfappserver/Controller/Interface.pm + +commit 3e772bd10922dda2a495a195e700286b496111e9 +Author: Francis Lachapelle +Date: Thu Oct 10 16:09:59 2013 -0400 + + Add access rights to interfaces management + +M html/pfappserver/lib/pfappserver/Controller/Interface.pm + +commit ab27b4c3d04742931483fd843419b6a0adf9fa53 +Author: James Rouzier +Date: Thu Oct 10 16:06:35 2013 -0400 + + Fix debug statement + +M html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm + +commit 5ed86e9fb55fde9fc182c1fd43d1a6ab0d694108 +Author: James Rouzier +Date: Thu Oct 10 16:02:53 2013 -0400 + + Fixed can_access_any function to expect roles to return an array + +M html/pfappserver/lib/pfappserver/View/HTML.pm + +commit b96244cb526fc72d0d4042f401488ece8f2dfe57 +Author: James Rouzier +Date: Wed Oct 2 11:16:19 2013 -0400 + + Added AdminRoles attribute to Controller + +M html/pfappserver/lib/pfappserver/Controller/Interface.pm + +commit f89bc251cbc91cdee78ce3e23289b17589922aa9 +Author: James Rouzier +Date: Wed Oct 2 11:14:22 2013 -0400 + + refactor to use can_access_any + +M html/pfappserver/root/admin/wrapper.tt + +commit e2307abdbc3079f20cea2c744caf2f76e5b8c80d +Author: James Rouzier +Date: Wed Oct 2 11:13:36 2013 -0400 + + Added new function can_access_any to be exposed to template + +M html/pfappserver/lib/pfappserver/View/HTML.pm + +commit 5241e12041286e73d17be0ef466c044b7eb42c94 +Author: James Rouzier +Date: Wed Oct 2 11:12:38 2013 -0400 + + Added new function pf::admin_roles::admin_can_do_any that would match if any action matches + +M lib/pf/admin_roles.pm + +commit e5ab2f6e8612f7411001036e71710aab72588a0a +Author: James Rouzier +Date: Wed Oct 2 11:10:49 2013 -0400 + + Configurator automatically login the _PF_CONFIGURATOR user + +M html/pfappserver/lib/pfappserver/Controller/Configurator.pm + +commit c8ea16564139c884480b2ca263c014d588aacd39 +Author: James Rouzier +Date: Wed Oct 2 11:00:13 2013 -0400 + + Check if user is in admin realm instead just existence + +M html/pfappserver/lib/pfappserver/Base/Controller.pm +M html/pfappserver/lib/pfappserver/Controller/Admin.pm +M html/pfappserver/lib/pfappserver/Controller/Graph.pm +M html/pfappserver/root/admin/wrapper.tt + +commit b67c42bfe33ef0b62440dfca084098db00388f97 +Author: James Rouzier +Date: Wed Oct 2 10:40:13 2013 -0400 + + Adding a new realm for the configurator + +M html/pfappserver/lib/pfappserver.pm + +commit e4e7284062a39f72bc9fbce3bbcbdad7fb965820 +Author: Francis Lachapelle +Date: Mon Sep 23 14:03:37 2013 -0400 + + Fix typo + +M html/pfappserver/root/configuration/adminroles/list.tt + +commit e21d726982ed7bc9236d160cdf73528d7ce62706 +Author: Francis Lachapelle +Date: Mon Sep 23 11:30:55 2013 -0400 + + Add missing ADMIN_ROLES_CREATE admin role action + +M lib/pf/admin_roles.pm + +commit 6bc7077a6bfadfeec1661361ddf4d253daba026c +Author: James Rouzier +Date: Mon Sep 23 11:13:14 2013 -0400 + + Redo the onfilereload when there is no extra data in the cache + +M lib/pf/admin_roles.pm + +commit fe3a73ffe476697a189ef90120004a05f9539b58 +Author: James Rouzier +Date: Mon Sep 23 00:43:35 2013 -0400 + + Remove the delete link from the single action of a role + +M html/pfappserver/root/static/admin/configuration/adminroles.js + +commit a00fefb5f70fa5681ca24f00fb25ce634d4d1b5b +Author: Francis Lachapelle +Date: Fri Sep 20 14:19:17 2013 -0400 + + Localization + +M html/pfappserver/lib/pfappserver/I18N/en.po + +commit b1d75e6162129a52e77218f564445244a3f0fc77 +Author: Francis Lachapelle +Date: Fri Sep 20 12:46:08 2013 -0400 + + Sort actions when viewing an admin role + +M html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm + +commit 7c91ce42c7b4675c8102e2e48dd54468e30db6c3 +Author: Francis Lachapelle +Date: Fri Sep 20 12:44:24 2013 -0400 + + Group admin roles actions in pulldown menus + +M html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm + +commit 6c83152fbc7872b7267a9fb0437bec34635f63bd +Author: Francis Lachapelle +Date: Fri Sep 20 09:55:34 2013 -0400 + + Add access rights to MAC addresses management + +M html/pfappserver/lib/pfappserver/Controller/Configuration/MacAddress.pm +M html/pfappserver/root/configuration/macaddress/simple_search.tt + +commit dd664b90e1fde04e4828d83c4c7c72ff18b6587a +Author: Francis Lachapelle +Date: Fri Sep 20 09:54:51 2013 -0400 + + Add access rights to useragents management + +M html/pfappserver/lib/pfappserver/Controller/Configuration/UserAgents.pm + +commit 2033aa97658cf41f4a1825b66c616777fb4122d7 +Author: Francis Lachapelle +Date: Fri Sep 20 09:54:10 2013 -0400 + + Add access rights to fingerprints management + +M html/pfappserver/lib/pfappserver/Controller/Configuration/Fingerprints.pm +M html/pfappserver/root/configuration/fingerprints/simple_search.tt + +commit 4947a262da25b30854f5d33e604a1d92c15952b6 +Author: Francis Lachapelle +Date: Fri Sep 20 09:43:54 2013 -0400 + + Add access rights to SoH filters management + +M html/pfappserver/lib/pfappserver/Controller/SoH.pm +M html/pfappserver/root/soh/index.tt +M html/pfappserver/root/soh/read.tt + +commit 8ba398b14b38ce2e59d314e7adb7e2a6c4e12aa5 +Author: Francis Lachapelle +Date: Fri Sep 20 09:09:15 2013 -0400 + + Add access rights to users sources management + +M html/pfappserver/lib/pfappserver/Controller/Authentication.pm +M html/pfappserver/lib/pfappserver/Controller/Authentication/Source.pm +M html/pfappserver/root/authentication/source/read.tt +M html/pfappserver/root/authentication/source/rule_read.tt +M html/pfappserver/root/authentication/source/rules_read.tt +M html/pfappserver/root/configuration/authentication.tt + +commit 390d23be22e25c273d2581b33457d0e81315b975 +Author: Francis Lachapelle +Date: Fri Sep 20 09:03:25 2013 -0400 + + Add access rights to users roles management + +M html/pfappserver/lib/pfappserver/Controller/Roles.pm +M html/pfappserver/root/roles/index.tt +M html/pfappserver/root/roles/read.tt +M lib/pf/admin_roles.pm + +commit 05cedfb15b92a796175241cf11b65c9f0b706baa +Author: Francis Lachapelle +Date: Fri Sep 20 06:43:36 2013 -0400 + + Add access rights to violations management + +M html/pfappserver/lib/pfappserver/Controller/Violation.pm +M html/pfappserver/root/violation/list.tt +M html/pfappserver/root/violation/view.tt + +commit 866d5da2c02ad18f74ef5c12876b396106d1ad33 +Author: Francis Lachapelle +Date: Thu Sep 19 17:05:31 2013 -0400 + + Add access rights to reports + +M html/pfappserver/lib/pfappserver/Controller/Admin.pm +M html/pfappserver/lib/pfappserver/Controller/Graph.pm + +commit 9dcafcd04f8a7197338d53cb071c89eba9fd27e3 +Author: Francis Lachapelle +Date: Thu Sep 19 16:53:18 2013 -0400 + + Add access rights to main configuration section + +M html/pfappserver/root/configuration/section.tt + +commit 91d0ac7b5a598f36ff59dd45b0a515e09dd9afab +Author: Francis Lachapelle +Date: Thu Sep 19 16:52:15 2013 -0400 + + Add access rights to admin roles management + +M html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm +M html/pfappserver/root/configuration/adminroles/index.tt +M html/pfappserver/root/configuration/adminroles/list.tt +M html/pfappserver/root/configuration/adminroles/view.tt + +commit 2aeeb06f633bff4c82588b0e3ec4a6e52f0c5ad4 +Author: Francis Lachapelle +Date: Thu Sep 19 16:40:46 2013 -0400 + + Add access rights to portal profiles management + +M html/pfappserver/lib/pfappserver/Controller/Portal/Profile.pm +M html/pfappserver/lib/pfappserver/Controller/Portal/Profile/Default.pm +M html/pfappserver/root/admin/configuration.tt +M html/pfappserver/root/portal/profile/files.tt +M html/pfappserver/root/portal/profile/index.tt +M html/pfappserver/root/portal/profile/view.tt +M lib/pf/admin_roles.pm + +commit cb6ec06a6e9800363de0e53e108b153f9ebfbd49 +Author: Francis Lachapelle +Date: Thu Sep 19 15:28:16 2013 -0400 + + Add access rights to services + +M html/pfappserver/lib/pfappserver/Controller/Service.pm + +commit d6534fb3a8fd677d9f37f31296e3c1dcdc1d9fb1 +Author: Francis Lachapelle +Date: Thu Sep 19 15:24:48 2013 -0400 + + Add description to page of admin roles + +M html/pfappserver/root/configuration/adminroles/index.tt + +commit d994247fd0bd0b5e64f3c0c158018a651a4b12b1 +Author: Francis Lachapelle +Date: Thu Sep 19 15:24:20 2013 -0400 + + Improve logging of AdminRole action + +M html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm + +commit 8a4bf7a4e9e6d76df0ae8cd24e1957d86b8dbde9 +Author: Francis Lachapelle +Date: Thu Sep 19 15:14:29 2013 -0400 + + Add access rights to users management + +M html/pfappserver/lib/pfappserver/Controller/User.pm +M html/pfappserver/lib/pfappserver/Model/User.pm +M html/pfappserver/root/user/view.tt +M html/pfappserver/root/user/violations.tt + +commit 69d034fff4f6da5cf50f6dab012cb5b7eafd0cd2 +Author: Francis Lachapelle +Date: Thu Sep 19 14:59:55 2013 -0400 + + Add access rights to switches management + +M html/pfappserver/lib/pfappserver/Controller/Configuration/Switch.pm +M html/pfappserver/root/configuration/switch/index.tt +M html/pfappserver/root/configuration/switch/list.tt +M html/pfappserver/root/configuration/switch/view.tt + +commit f31d2eb13a84dec72798cc19c2ea83f34bc1a14c +Author: Francis Lachapelle +Date: Thu Sep 19 14:58:16 2013 -0400 + + Add access rights to floating devices management + +M html/pfappserver/lib/pfappserver/Controller/Configuration/FloatingDevice.pm +M html/pfappserver/root/configuration/floatingdevice/index.tt +M html/pfappserver/root/configuration/floatingdevice/list.tt +M html/pfappserver/root/configuration/floatingdevice/view.tt + +commit 7faf37c20f8ce811640a61297e35875f73013fc9 +Author: James Rouzier +Date: Wed Sep 18 17:10:01 2013 -0400 + + Added role FLOATING_DEVICES_READ to configuration/floatingdevice/read + +M html/pfappserver/lib/pfappserver/Controller/Configuration/FloatingDevice.pm + +commit 1d4ee33551794a38268def6efce273e9c4a05e7b +Author: James Rouzier +Date: Wed Sep 18 17:04:08 2013 -0400 + + Added role USERS_DELETE to user/delete + +M html/pfappserver/lib/pfappserver/Controller/User.pm + +commit 887aa7bccb3ed445fecd23d6e5a6af81d482db45 +Author: James Rouzier +Date: Wed Sep 18 17:03:14 2013 -0400 + + Added role SWITCHES_READ to configuration/switch/view + +M html/pfappserver/lib/pfappserver/Controller/Configuration/Switch.pm + +commit 52a48855375128ab8712a04ff25ee2c387225bb4 +Author: James Rouzier +Date: Wed Sep 18 17:01:43 2013 -0400 + + Changed SimpleSearch and AdminRole to be a role into of a class + +M html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm +M html/pfappserver/lib/pfappserver/Base/Action/SimpleSearch.pm +M html/pfappserver/lib/pfappserver/Base/Controller.pm + +commit ee1aeea1b07ef29a9256af0052e16797220d0c69 +Author: Francis Lachapelle +Date: Wed Sep 18 15:45:01 2013 -0400 + + Fix HTML of admin role editor + +M html/pfappserver/root/configuration/adminroles/view.tt + +commit 915f2d434e4a7ddee47e73d8a9d7ee2dcceb5e19 +Author: Francis Lachapelle +Date: Wed Sep 18 15:44:16 2013 -0400 + + Add more access rights "actions" + +M html/pfappserver/root/admin/configuration.tt +M lib/pf/admin_roles.pm + +commit 470f31f33998445e27b1116c6deadcbe518e4e7c +Author: Francis Lachapelle +Date: Wed Sep 18 15:39:00 2013 -0400 + + Add access rights to nodes management + +M html/pfappserver/lib/pfappserver/Controller/Admin.pm +M html/pfappserver/lib/pfappserver/Controller/Node.pm +M html/pfappserver/root/node/view.tt +M html/pfappserver/root/node/violations.tt + +commit fb06354498097e1ebcd8da20e214ebb97807bbd4 +Author: Francis Lachapelle +Date: Wed Sep 18 15:25:01 2013 -0400 + + Add new AdminRole action + + This action is used whenever the AdminRole action parameter is defined + in a controller. + +A html/pfappserver/lib/pfappserver/Base/Action/AdminRole.pm +M html/pfappserver/lib/pfappserver/Base/Controller.pm + +commit 3ddaef13aa482b7c90af95cb1576367e4938e68d +Author: Francis Lachapelle +Date: Fri Sep 6 09:52:38 2013 -0400 + + Fix condition to show configuration section + +M html/pfappserver/root/admin/wrapper.tt + +commit 59503ea4dea927287d25d7e8072ca39f12b002f1 +Author: Durand Fabrice +Date: Fri Aug 30 13:28:27 2013 -0400 + + Fix packaging + +M addons/packages/packetfence.spec +M debian/packetfence.conffiles + +commit 0279654c079a099a06d2cd367427a10d12d33249 +Author: Francis Lachapelle +Date: Tue Aug 13 10:13:11 2013 -0400 + + Fix configuration template wrt admin roles + +M html/pfappserver/root/admin/configuration.tt + +commit 81ac26cb13e4fd4b6d9e4b6d5a6ad904c95ba35c +Author: James Rouzier +Date: Mon Aug 12 18:20:42 2013 -0400 + + Have a default for onhashchange + +M html/pfappserver/root/static/admin/configuration.js + +commit 01c73ab3458b16d0e0867f690203af51dc2523c5 +Author: Francis Lachapelle +Date: Mon Aug 12 16:14:16 2013 -0400 + + Initial integration of access rights in templates + +M conf/adminroles.conf +M html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm +M html/pfappserver/root/admin/configuration.tt +M html/pfappserver/root/admin/status.tt +M html/pfappserver/root/admin/wrapper.tt +M html/pfappserver/root/node/advanced_search.tt +M html/pfappserver/root/node/simple_search.tt +M html/pfappserver/root/static/admin/common.css +M html/pfappserver/root/user/view.tt +M lib/pf/admin_roles.pm + +commit c711db9352e2bf3a2fa45e2f8b292bbfc2f12adb +Author: James Rouzier +Date: Mon Aug 12 15:49:48 2013 -0400 + + Pick the first link in the configuration nav link instead of hard coding it to general + +M html/pfappserver/root/static/admin/configuration.js + +commit 93c3ef983607252ea145fbd223fcd4e573699be4 +Author: James Rouzier +Date: Mon Aug 12 12:30:01 2013 -0400 + + Added upgrade and downgrade scripts for admin roles + +A db/pf-roles-downgrade.sql +A db/pf-roles-upgrade.sql + +commit dc38ab96966cf2f3e51c4390da3f233b44e4fd05 +Author: Francis Lachapelle +Date: Fri Aug 9 11:01:49 2013 -0400 + + Improve admin role editor + +M html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm +M html/pfappserver/root/configuration/adminroles/view.tt + +commit e90122767d8433795a4681c24148495366e4e8c7 +Author: Francis Lachapelle +Date: Fri Aug 9 10:53:33 2013 -0400 + + Admin roles: return list when creating/updating + + When successfully creating or updating a role, we return the list of all + the roles to avoid an additional AJAX query. + +M html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm + +commit edbcbd9f120a2d6cd1755785250de66d2ca59cbb +Author: Francis Lachapelle +Date: Fri Aug 9 10:52:43 2013 -0400 + + Improve syntax + +M html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm +M html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm +M html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm +M lib/pf/ConfigStore/AdminRoles.pm +M lib/pf/admin_roles.pm + +commit fd622eb4f72dc5be892a9eb600c9b1d92ece9387 +Author: Francis Lachapelle +Date: Fri Aug 9 10:49:50 2013 -0400 + + Improve JS and templates of admin roles + +M html/pfappserver/root/admin/configuration.tt +M html/pfappserver/root/configuration/adminroles/index.tt +M html/pfappserver/root/configuration/adminroles/list.tt +M html/pfappserver/root/static/admin/configuration/adminroles.js + +commit c55ea16a80d1a94fbc3854b050a978163db704d1 +Author: James Rouzier +Date: Thu Aug 8 14:05:16 2013 -0400 + + Fixed bug with NONE role not being check first Also allow multiple actions to be passed + +M lib/pf/admin_roles.pm + +commit cab7206f9f72dbcea8e6fead27c45830bfcdc3d0 +Author: James Rouzier +Date: Thu Aug 8 13:55:26 2013 -0400 + + changed access_level to a string + +M lib/pf/Authentication/Source/SQLSource.pm + +commit 6f59e592731952aa9ebfb7e507ba4f60dbb4f458 +Author: James Rouzier +Date: Thu Aug 8 13:53:43 2013 -0400 + + saving user roles to the session + +M html/pfappserver/lib/pfappserver/Controller/Admin.pm + +commit d7e2499ae18256d0877ba6a5ca1b4c548a95d160 +Author: James Rouzier +Date: Thu Aug 8 13:37:05 2013 -0400 + + Added _roles attribute and ensure that uses with the role of NONE are not allowed to check in + +M html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm + +commit c924098df6e407f81b950138af5dd33f6c1da004 +Author: James Rouzier +Date: Thu Aug 8 13:35:27 2013 -0400 + + retrived user roles from the session + +M html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence.pm + +commit 0f7cd8b1675ec199d5f62d14c20865ef6df09b37 +Author: James Rouzier +Date: Thu Aug 8 13:33:59 2013 -0400 + + Verify if the user exists before retrivng roles + +M html/pfappserver/lib/pfappserver/View/HTML.pm + +commit 48efc3a27a4cbd91ce9fe87d439bfd7d17f69426 +Author: James Rouzier +Date: Thu Aug 8 13:30:43 2013 -0400 + + If action type allow mulitple values then convert the value to an array + +M html/pfappserver/root/static/admin/common.js + +commit 7800b3e505b55fa7ec65e558aa0588f1243174a4 +Author: James Rouzier +Date: Thu Aug 8 13:29:49 2013 -0400 + + Changed the name of the action to match the actions defined in pf::admin_roles + +M html/pfappserver/root/admin/wrapper.tt + +commit 5ada47aafbce43887f1403e3439ea7b7eacd10a8 +Author: James Rouzier +Date: Thu Aug 8 13:28:38 2013 -0400 + + Added the ability to choose multiple roles and pull roles from ADMIN ROLES + +M html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm + +commit 43e436e50bfb56e34010b564bd55b4e323b07227 +Author: James Rouzier +Date: Tue Aug 6 13:36:36 2013 -0400 + + function admin_can will always fail if has role of NONE + +M lib/pf/admin_roles.pm + +commit a965792866bc69241e9215f4270d188f32e0b448 +Author: James Rouzier +Date: Tue Aug 6 12:26:44 2013 -0400 + + default role is ALL + +M html/pfappserver/lib/pfappserver/Authentication/Store/PacketFence/User.pm + +commit 63bfc16a2143766b9988b3ab7ffaa5f6b1fb80fa +Author: James Rouzier +Date: Tue Aug 6 12:25:57 2013 -0400 + + Will use the roles from the defined user + +M html/pfappserver/lib/pfappserver/View/HTML.pm + +commit a310c50acfac5bf886a3dc7b1c1d39deef6125b8 +Author: James Rouzier +Date: Tue Aug 6 12:24:21 2013 -0400 + + Refactor + use the cached config from pf::admin_roles + +M lib/pf/ConfigStore/AdminRoles.pm + +commit 3a5be424b593ce9ddc8caafb89ecdcc1c53d5de8 +Author: James Rouzier +Date: Tue Aug 6 12:22:52 2013 -0400 + + implemented admin_can + Added hard coded roles NONE and ALL + move the load of the adminroles.conf to here + +M lib/pf/admin_roles.pm + +commit 0ac61d60cf3988ae7b386d00a3fceb2c64d3351b +Author: James Rouzier +Date: Tue Aug 6 12:21:16 2013 -0400 + + Added Description for admin role + +M html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm +M html/pfappserver/root/configuration/adminroles/list.tt + +commit 1ac91c1006e2e3f66236e2a66e1642e830f6db75 +Author: James Rouzier +Date: Tue Aug 6 10:10:31 2013 -0400 + + renamed administration function + +M html/pfappserver/lib/pfappserver/View/HTML.pm + +commit ba8eb4c38c387bbefc04767492fae32e07210e71 +Author: James Rouzier +Date: Tue Aug 6 10:08:53 2013 -0400 + + New configuartion controller for adminroles + +A conf/admin_roles.conf +A conf/adminroles.conf +A html/pfappserver/lib/pfappserver/Controller/Configuration/AdminRoles.pm +M html/pfappserver/lib/pfappserver/Controller/User.pm +A html/pfappserver/lib/pfappserver/Form/Config/AdminRoles.pm +A html/pfappserver/lib/pfappserver/Model/Config/AdminRoles.pm +M html/pfappserver/root/admin/configuration.tt +A html/pfappserver/root/configuration/adminroles/index.tt +A html/pfappserver/root/configuration/adminroles/list.tt +A html/pfappserver/root/configuration/adminroles/view.tt +A html/pfappserver/root/static/admin/configuration/adminroles.js +A lib/pf/ConfigStore/AdminRoles.pm +M lib/pf/admin_roles.pm +M lib/pf/file_paths.pm + +commit 12fea5e471bc08b30681e06ea823573c12e75a42 +Author: James Rouzier +Date: Mon Aug 5 18:24:42 2013 -0400 + + renamed pf::user_roles to pf::admin_roles + +M html/pfappserver/lib/pfappserver/View/HTML.pm +A lib/pf/admin_roles.pm +D lib/pf/user_roles.pm + +commit 9bb1c8a11f19e27bc58d928fb64cd15f40aa6958 +Author: James Rouzier +Date: Wed Jul 31 22:49:02 2013 -0400 + + Example restriction for user role + +M html/pfappserver/lib/pfappserver/Controller/User.pm +M html/pfappserver/root/admin/wrapper.tt + +commit d4049b499df21c79c32cc662580dbd5f90209104 +Author: James Rouzier +Date: Wed Jul 31 22:00:27 2013 -0400 + + Add new module pf::user and exposed_method has_role to templates + +M html/pfappserver/lib/pfappserver/View/HTML.pm +A lib/pf/user_roles.pm + +commit 04906e4f793da80f59ee45af0cd98efad99b683e +Author: Francis Lachapelle +Date: Fri Nov 22 16:10:03 2013 -0500 + + Improve Administration Guide + +M docs/PacketFence_Administration_Guide.asciidoc + +commit 852a2a5f14010b8fcfb2f687e728dd19443ef777 +Author: Francis Lachapelle +Date: Fri Nov 22 15:49:36 2013 -0500 + + Remove useless call to get_abbr_time + +M html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm +M html/pfappserver/lib/pfappserver/Form/Field/Duration.pm +M html/pfappserver/lib/pfappserver/Form/User.pm + +commit 0400cc762fd1d981bbb6b0df8e8c620c74eb8b3a +Author: Francis Lachapelle +Date: Mon Nov 18 13:58:29 2013 -0500 + + Fix argument to pf::authentication::match + +M html/captive-portal/email_activation.cgi + +commit 36dd0b14c424d7d08d855f275e464f28662ef63e +Author: Francis Lachapelle +Date: Mon Nov 18 11:50:11 2013 -0500 + + Update NEWS and admin guide for extended duration + +M NEWS.asciidoc +M docs/PacketFence_Administration_Guide.asciidoc + +commit efe35c882de938c978358ebc4cad9a0244f4c5fa +Author: Francis Lachapelle +Date: Fri Nov 1 14:33:31 2013 -0400 + + Set default_access_duration as an extended_time + +M conf/documentation.conf +M html/pfappserver/lib/pfappserver/Form/Config/Pf.pm +M html/pfappserver/root/static/admin/common.js + +commit 37538797417d396b86a152d701b3c174d6ba1a6c +Author: Francis Lachapelle +Date: Fri Nov 1 14:30:30 2013 -0400 + + Improve formatting of extended duration + +M lib/pf/web/util.pm + +commit 7f1d9b279ce8fb0e081c02bdfbd04d4600f3e5af +Author: Francis Lachapelle +Date: Fri Nov 1 11:14:27 2013 -0400 + + New ExtendedDuration field and widget + +A html/pfappserver/lib/pfappserver/Form/Field/ExtendedDuration.pm +A html/pfappserver/lib/pfappserver/Form/Widget/Field/ExtendedDuration.pm +M html/pfappserver/root/static/admin/common.css +M lib/pf/config.pm +M lib/pf/util.pm + +commit 874d093d380d1ae54b1abee82a2ae74ad2460ba1 +Author: Francis Lachapelle +Date: Fri Nov 1 11:02:55 2013 -0400 + + Support hours/minutes/seconds in relative duration + +M lib/pf/config.pm + +commit 698b8380efe368125107eb3c3ce703f32a8bce10 +Author: Francis Lachapelle +Date: Fri Nov 1 10:59:54 2013 -0400 + + application.js: trigger change event on btn groups + +M html/pfappserver/root/static/app/application.js + +commit d8c036df50b614fdc5ecc7254ce741fa05215688 +Author: Francis Lachapelle +Date: Fri Nov 1 10:10:09 2013 -0400 + + C::Configuration: action to compute duration + +M html/pfappserver/lib/pfappserver/Controller/Configuration.pm + +commit a4864c864a43daf43c69d5f9d991eb2b1fa53023 +Author: Francis Lachapelle +Date: Fri Nov 1 10:05:34 2013 -0400 + + Support 'disabled' attribute in ButtonGroup + +M html/pfappserver/lib/pfappserver/Form/Widget/Field/ButtonGroup.pm + +commit 8fd328beef3be8fe1274bc42d019503147e56660 +Author: Francis Lachapelle +Date: Fri Nov 1 09:46:51 2013 -0400 + + Improve Form::Field::Duration + + Added attributes "with_operator" (show a select input with 'add' and + 'subtract' options) and "with_time" (optionally hide time units). + + Also added support to disable the entire widget. + +M html/pfappserver/lib/pfappserver/Form/Field/Duration.pm + +commit be449f2418b3b045952ad4bfc14ceaffa3532ade +Author: Francis Lachapelle +Date: Fri Nov 1 09:33:36 2013 -0400 + + Improve update of compound fields in Base::Form + +M html/pfappserver/lib/pfappserver/Base/Form.pm + +commit 55fea9b0d3bb112f9ab40228116ac6d91a095999 +Author: Francis Lachapelle +Date: Fri Nov 1 09:22:17 2013 -0400 + + Improve pf::web::util::get_translated_time_hash + +M html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm +M lib/pf/web/util.pm + +commit 4b0b1fb9b5856dac358a9e8fe532731e1c151c0f +Author: Francis Lachapelle +Date: Wed Oct 23 10:40:33 2013 -0400 + + Tests for pf::config::access_duration + +M t/config.t + +commit 34525526dba5651ca7d453ce84500086c8642bf6 +Author: Francis Lachapelle +Date: Wed Oct 23 10:34:08 2013 -0400 + + Fix calculation of duration for months and years + +M lib/pf/config.pm + +commit 266944d6d2a80fe0b5d4b5187cd93d97949471d7 +Author: Francis Lachapelle +Date: Tue Oct 22 16:10:05 2013 -0400 + + Handle advanced deadline in self-registration CGI + +M html/captive-portal/guest-selfregistration.cgi + +commit 96cbf1c70ced9aaa03956a279fecf67962f61989 +Author: Francis Lachapelle +Date: Tue Oct 22 14:00:50 2013 -0400 + + Fix oauth2.cgi + +M html/captive-portal/oauth2.cgi + +commit 21315589058765053e4110609792ac8188d62b1b +Author: Durand Fabrice +Date: Thu Jun 6 10:13:34 2013 -0400 + + Rewrite feature for packetfence 4, missing admin gui stuff + +M html/captive-portal/email_activation.cgi +M html/captive-portal/mobile-confirmation.cgi +M html/captive-portal/oauth2.cgi +M html/captive-portal/register.cgi +M lib/pf/config.pm +M lib/pf/web/wispr.pm + +commit 30256fb88720e15cd9af48677e076e49d7501a94 +Author: Francis Lachapelle +Date: Thu Nov 28 13:23:11 2013 -0500 + + Comments cleanup + +M sbin/pfdns + +commit ba78b0612112ffded5e70a8319a1ab4424f4665f +Author: Francis Lachapelle +Date: Thu Nov 28 12:39:09 2013 -0500 + + Allow actions depending on auth source type + +M NEWS.asciidoc +M html/pfappserver/lib/pfappserver/Base/Form/Authentication/Action.pm +M html/pfappserver/lib/pfappserver/Form/Authentication/Rule.pm +M html/pfappserver/root/authentication/source/rule_read.tt +M lib/pf/Authentication/Source/EmailSource.pm +M lib/pf/Authentication/Source/NullSource.pm +M lib/pf/Authentication/Source/SMSSource.pm +M lib/pf/Authentication/Source/SponsorEmailSource.pm + +commit 7b4a3a2b038d6211dfcf61033e9e08521946b412 +Author: Francis Lachapelle +Date: Thu Nov 28 09:52:49 2013 -0500 + + Improved validation of a sponsor's email address + + When validating a sponsor's email address, we used to only check the + first source that returns a username for the specified email address, + which would cause a problem when the email address was found in multiple + sources but the 'mark as sponsor' action was set only for one the + sources. With this commit, we let each source's "match" implementation + handles the possibility that an email address is specified instead of a + username. + +M NEWS.asciidoc +M lib/pf/Authentication/Source/HtpasswdSource.pm +M lib/pf/Authentication/Source/LDAPSource.pm +M lib/pf/Authentication/Source/SQLSource.pm +M lib/pf/authentication.pm +M lib/pf/temporary_password.pm +M lib/pf/web/guest.pm + +commit ae01ddd8a3013b90398038bb68c3b56352ccbd32 +Author: James Rouzier +Date: Wed Nov 27 10:27:08 2013 -0500 + + Added support for Date.now() for older browsers + +M html/common/pf.js + +commit 773559e7e82670f80798eec8841a5d6ce55ab106 +Author: James Rouzier +Date: Thu Oct 17 14:17:06 2013 -0400 + + Hardcoded the retry_delay + +M html/common/pf.js + +commit beabb866eccd90fe7c12c4701a7d74329003d7c0 +Author: James Rouzier +Date: Wed Jul 17 10:51:07 2013 -0400 + + Added additional event handler for dealing with the onload event not firing for some browsers + +M html/common/pf.js + +commit 29c9bcddfe7abeed15c403049a85e4cddff5bcf6 +Author: Francis Lachapelle +Date: Tue Nov 26 15:41:33 2013 -0500 + + Fix advanced search by node category + +M NEWS.asciidoc +M html/pfappserver/lib/pfappserver/Model/Node.pm +M html/pfappserver/root/admin/nodes.tt +M lib/pf/node.pm + +commit 339a17c0de1af5b8b9537d27878a7846e6adf11a +Author: Durand Fabrice +Date: Tue Nov 26 11:16:08 2013 -0500 + + Missing comma + +M lib/pf/vlan.pm + +commit acdbb803ba8f592dc45397cdecb5de1010192762 +Author: Durand Fabrice +Date: Tue Nov 26 10:44:27 2013 -0500 + + Unreg a node if it try to connect to a open SSID and was autoregistered on a secure ssid + +M lib/pf/vlan.pm + +commit fb9bd620c61997e561d6e345a4b4e8b36ccf490c +Author: Durand Fabrice +Date: Wed Nov 20 16:37:40 2013 -0500 + + Fixed WARNING - invalid parameter with profile + +M lib/pf/pfcmd/checkup.pm + +commit 9f0e78831878a85c8ec35aaedc0246f05f3cc8bb +Author: Durand Fabrice +Date: Wed Nov 20 13:02:10 2013 -0500 + + Remove duplicate entry + +M conf/documentation.conf + +commit 25781a0d142722ceef7403b83f2e90db3f388487 +Author: Francis Lachapelle +Date: Mon Nov 18 10:18:28 2013 -0500 + + Initialize JS widgets that are not visible + + This is required for multi-values chosen select widget. + +M html/pfappserver/root/static/admin/common.js +M html/pfappserver/root/static/js/user.js + +commit a29ba04aac2b642e09df1a475a4333fe272a3846 +Author: Francis Lachapelle +Date: Thu Nov 14 14:29:18 2013 -0500 + + Fix checkboxes of displayed columns (nodes/users) + +M html/pfappserver/root/node/create.tt +M html/pfappserver/root/node/simple_search.tt +M html/pfappserver/root/static/js/node.js +M html/pfappserver/root/static/js/user.js +M html/pfappserver/root/user/create.tt + +commit 76a0166260ce1788ab9720a5856bf01dfa9dcc0c +Author: Francis Lachapelle +Date: Thu Nov 14 14:15:53 2013 -0500 + + Validate file path when saving an Htpasswd source + +M NEWS.asciidoc +M html/pfappserver/lib/pfappserver/Form/Authentication/Source/Htpasswd.pm + +commit 7e609d080c19b4c3c9835b3c6dc34ee54d2b9a14 +Author: Francis Lachapelle +Date: Thu Nov 14 13:59:40 2013 -0500 + + Fix duplicate entries in advanced search of nodes + +M NEWS.asciidoc +M html/pfappserver/lib/pfappserver/Model/Search/Node.pm + +commit de27c133546ffdd10d2090380d6e4aca42761ca7 +Author: Francis Lachapelle +Date: Wed Nov 13 16:14:33 2013 -0500 + + Localization + +M html/pfappserver/lib/pfappserver/I18N/en.po +M html/pfappserver/root/user/list_password.tt +M html/pfappserver/root/user/view.tt + +commit d1dbad37f53a74177f34e72fba4dc4e6cd0d5982 +Author: Francis Lachapelle +Date: Wed Nov 13 16:10:54 2013 -0500 + + LDAP source: filter by group membership + +M NEWS.asciidoc +M html/pfappserver/lib/pfappserver/Form/Authentication/Rule.pm +M lib/pf/Authentication/Source/LDAPSource.pm +M lib/pf/Authentication/constants.pm + +commit 5d63ea12f5fc010bfa2f1ae76f732bcbf56bf355 +Author: Francis Lachapelle +Date: Tue Nov 12 16:25:40 2013 -0500 + + Users CSV importation: use only checked columns + +M html/pfappserver/lib/pfappserver/Model/User.pm + +commit dca5224926175b845cef9b0571382f35acb26571 +Author: Francis Lachapelle +Date: Tue Nov 12 16:24:53 2013 -0500 + + Create a node or import nodes from a CSV file + +M NEWS.asciidoc +M html/pfappserver/lib/pfappserver/Controller/Node.pm +M html/pfappserver/lib/pfappserver/Form/Node.pm +A html/pfappserver/lib/pfappserver/Form/Node/Create/Import.pm +M html/pfappserver/lib/pfappserver/Model/Node.pm +M html/pfappserver/root/admin/nodes.tt +A html/pfappserver/root/node/create.tt +M html/pfappserver/root/static/admin/common.js +M html/pfappserver/root/static/js/node.js +M html/pfappserver/root/user/create.tt +M lib/pf/node.pm + +commit dc3d9971f4d3065ea4434a7dc2e982de0300d1cd +Author: Francis Lachapelle +Date: Tue Nov 12 09:41:00 2013 -0500 + + Move users creation to users page + + Users creation was previously accessible from the configuration page. + +M NEWS.asciidoc +M html/pfappserver/lib/pfappserver/Controller/User.pm +M html/pfappserver/root/admin/configuration.tt +M html/pfappserver/root/admin/users.tt +D html/pfappserver/root/configuration/users.tt +M html/pfappserver/root/static/admin/configuration.js +M html/pfappserver/root/static/admin/configuration/authentication.js +D html/pfappserver/root/static/admin/configuration/users.js +M html/pfappserver/root/static/js/user.js +A html/pfappserver/root/user/create.tt +M html/pfappserver/root/user/view.tt + +commit bb2d386107c3db133e2a35490b437cef4f3124a9 +Author: Francis Lachapelle +Date: Fri Nov 8 13:43:35 2013 -0500 + + Highlight corresponding rows of pie chart segments + +M NEWS.asciidoc +M html/pfappserver/root/graph/pie.tt +M html/pfappserver/root/static/admin/common.css +M html/pfappserver/root/static/app/application.js +M html/pfappserver/root/static/app/graphs.js + +commit 1ca425d43814401d459cf7d817b97add246d02c8 +Author: Francis Lachapelle +Date: Fri Nov 8 12:03:38 2013 -0500 + + Limit pie charts to 10 lengend labels + +M html/pfappserver/root/static/app/graphs.js + +commit 32b5e9281d9c99468e28a2131e1f500f20a310af +Author: Francis Lachapelle +Date: Tue Nov 5 15:30:00 2013 -0500 + + Fix self-reg of multiple unverified devices + +M NEWS.asciidoc +M conf/templates/emails-guest_sponsor_preregistration.txt.tt +M html/captive-portal/email_activation.cgi +M lib/pf/email_activation.pm + +commit a93c41a42a034703e2cd39d724e3c9744c77afc6 +Author: Francis Lachapelle +Date: Mon Nov 4 16:24:23 2013 -0500 + + Improve saved search on users page + +M NEWS.asciidoc +M html/pfappserver/lib/pfappserver/Controller/Admin.pm +M html/pfappserver/lib/pfappserver/Controller/SavedSearch/Node.pm +M html/pfappserver/lib/pfappserver/Controller/SavedSearch/User.pm +M html/pfappserver/lib/pfappserver/Form/SavedSearch.pm +M html/pfappserver/lib/pfappserver/Model/SavedSearch/Node.pm +M html/pfappserver/lib/pfappserver/Model/SavedSearch/User.pm +M html/pfappserver/root/admin/users.tt +M html/pfappserver/root/static/admin/searches.js +M html/pfappserver/root/static/js/user.js +M lib/pf/savedsearch.pm + +commit f5424f979ab0d5b21ab451a62549b19fa5d2d89b +Author: James Rouzier +Date: Tue Nov 5 13:36:55 2013 -0500 + + Code cleanup + +M html/captive-portal/templates/login.html + +commit 8fc21fff21379d44a657078fc7833fa26a7db79a +Author: James Rouzier +Date: Tue Nov 5 10:41:50 2013 -0500 + + Added compression to chi for memcached + +M conf/chi.conf + +commit ac220c8bb9a2602c5d1d47f5c8a08701ead4d290 +Author: Francis Lachapelle +Date: Mon Nov 4 13:20:50 2013 -0500 + + Cleanup Form::User + +M html/pfappserver/lib/pfappserver/Form/User.pm + +commit 7daf8f821bb9a3b30f626475ff80e8086e799a5b +Author: Francis Lachapelle +Date: Tue Oct 29 15:19:16 2013 -0400 + + Allow Htpasswd sources to validatate sponsors + + A sponsor is validated by her/his email address and consequently, the + authentication source must implement the method "username_from_email". + +M NEWS.asciidoc +M lib/pf/Authentication/Source/HtpasswdSource.pm +M lib/pf/authentication.pm +M lib/pf/file_paths.pm +M t/authentication.t +A t/data/htpasswd.conf + +commit 76f0cb6f75788ebc98e655ff5e1e14717ffab5a8 +Author: Francis Lachapelle +Date: Thu Oct 24 16:25:03 2013 -0400 + + Fix display of profiles table + +M html/pfappserver/root/portal/profile/index.tt + +commit c8cbf13d89ee33240505cad2052d67d8ffb12357 +Author: James Rouzier +Date: Tue Oct 29 11:52:03 2013 -0400 + + Fix indent + +M packetfence.init + +commit 73d79d59eea1d33a7b252ae5b6d06c6cd59e42ff +Author: James Rouzier +Date: Fri Oct 25 18:15:08 2013 -0400 + + Flush ipset before starting packetfence + +M packetfence.init + +commit 523f11a7f9372740e521564f1e01b933df7a42f7 +Author: Durand Fabrice +Date: Thu Oct 24 19:46:16 2013 -0400 + + Fix wispr authentication (http://www.packetfence.org/bugs/view.php?id=1742) + +M lib/pf/web.pm +M lib/pf/web/wispr.pm + +commit fe813adc469088bc524fe5a29b5d429ed4fe1b33 +Author: James Rouzier +Date: Thu Oct 24 16:28:21 2013 -0400 + + Changed log level from error to debug + +M lib/pf/util.pm + +commit 0c169d02477558768ce2ab602a2a11ee081416fa +Author: Francis Lachapelle +Date: Mon Oct 21 14:05:23 2013 -0400 + + Set the redirect URL per portal profile + +M NEWS.asciidoc +M UPGRADE.asciidoc +M conf/documentation.conf +M conf/pf.conf.defaults +M conf/profiles.conf +M html/captive-portal/email_activation.cgi +M html/captive-portal/mobile-confirmation.cgi +M html/captive-portal/oauth2.cgi +M html/pfappserver/lib/pfappserver/Controller/Portal/Profile/Default.pm +M html/pfappserver/lib/pfappserver/Form/Portal/Common.pm +M html/pfappserver/lib/pfappserver/Form/Portal/Profile.pm +M html/pfappserver/lib/pfappserver/Form/Portal/Profile/Default.pm +M lib/pf/Portal/Profile.pm +M lib/pf/Portal/ProfileFactory.pm +M lib/pf/Portal/Session.pm +M lib/pf/web.pm + +commit 4ae1972167eefd7fbe0a2a9bceeb5791586101fd +Author: Loick Pelet +Date: Mon Oct 21 09:53:45 2013 -0400 + + modified way to chgrp for centos + +M docs/PacketFence_Administration_Guide.asciidoc + +commit fdd8bb79d3b3915dbb201ea7392b31847210b374 +Author: Francis Lachapelle +Date: Mon Oct 21 09:19:36 2013 -0400 + + Syntax cleanup + +M html/pfappserver/lib/pfappserver/Base/Model/Search.pm +M html/pfappserver/root/static/admin/searches.js + +commit 763b62c84dcfdf0a4c83fd141d5d95aba3612888 +Author: Francis Lachapelle +Date: Mon Oct 21 09:17:17 2013 -0400 + + Removed useless logging entries + +M html/captive-portal/guest-selfregistration.cgi +M html/captive-portal/register-gaming-device.cgi +M html/captive-portal/register.cgi + +commit 6b1e6417c634ce993507e306fc0efb54f089a8e9 +Author: Francis Lachapelle +Date: Fri Oct 18 16:48:11 2013 -0400 + + Allow nodes columns to be customizable + +M NEWS.asciidoc +M html/pfappserver/lib/pfappserver/Base/Action/SimpleSearch.pm +M html/pfappserver/lib/pfappserver/Base/Controller.pm +M html/pfappserver/lib/pfappserver/Controller/Node.pm +M html/pfappserver/lib/pfappserver/Model/Node.pm +M html/pfappserver/lib/pfappserver/Model/Search/Node.pm +M html/pfappserver/root/node/advanced_search.tt +M html/pfappserver/root/node/simple_search.tt +M html/pfappserver/root/static/admin/nodes.js +M html/pfappserver/root/static/app/application.js +M html/pfappserver/root/static/js/node.js +M lib/pf/node.pm + +commit 82003f61c6937613a061823481206dc98d1f673c +Author: Francis Lachapelle +Date: Fri Oct 18 15:42:59 2013 -0400 + + Update FontAwesome to version 3.2.1 + +M NEWS.asciidoc +M html/pfappserver/root/static/css/bootstrap.css +M html/pfappserver/root/static/css/bootstrap.min.css +M html/pfappserver/root/static/font/fontawesome-webfont.eot +M html/pfappserver/root/static/font/fontawesome-webfont.svg +M html/pfappserver/root/static/font/fontawesome-webfont.ttf +M html/pfappserver/root/static/font/fontawesome-webfont.woff + +commit 16e2aaae6089d8c1241927eb54d4ca61378e4a8b +Author: Francis Lachapelle +Date: Fri Oct 18 14:34:55 2013 -0400 + + Check mode parameter first in register.cgi + + The new Null authentication source needs to be considered only if no + 'mode' parameter is specified. + +M html/captive-portal/register.cgi + +commit 5ddb92d1cce25fc3b43c8f46644aa300532afca2 +Author: Francis Lachapelle +Date: Fri Oct 18 12:04:14 2013 -0400 + + Can't sort by phone nor nodes count + + Fixed sort by phone number and nodes count when performing an advanced + search on users. + Fixes #1738 + +M NEWS.asciidoc +M html/pfappserver/lib/pfappserver/Model/Search/User.pm +M html/pfappserver/lib/pfappserver/Model/User.pm +M html/pfappserver/root/user/advanced_search.tt + +commit d98d58a3591d0781c4ee83c345e02f151cf36935 +Author: Francis Lachapelle +Date: Fri Oct 18 11:37:33 2013 -0400 + + Improve error message when sending a mail + +M lib/pf/email_activation.pm +M lib/pf/sms_activation.pm + +commit 6b47384c3f273f96cabf8a8f7c78db35f03ee444 +Author: Francis Lachapelle +Date: Fri Oct 18 11:17:37 2013 -0400 + + LDAP regexp condition doesn't consider all values + + Also improved debugging output. + +M NEWS.asciidoc +M lib/pf/Authentication/Source/LDAPSource.pm +M lib/pf/authentication.pm + +commit b9393cf4b5515ff0ae70b9763012eb6d08142d3f +Author: Francis Lachapelle +Date: Fri Oct 18 07:27:42 2013 -0400 + + Wrap AUP checkbox with a