netpass-devel Mailing List for NetPass
Brought to you by:
jeffmurphy
You can subscribe to this list here.
2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2005 |
Jan
|
Feb
|
Mar
|
Apr
(39) |
May
(103) |
Jun
(89) |
Jul
(22) |
Aug
(100) |
Sep
(21) |
Oct
(5) |
Nov
|
Dec
(7) |
2006 |
Jan
(25) |
Feb
(8) |
Mar
(12) |
Apr
(2) |
May
|
Jun
(1) |
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(4) |
2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(3) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
From: jeff m. <jef...@us...> - 2007-09-18 15:22:07
|
Update of /cvsroot/netpass/NetPass/www/components In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv6494 Modified Files: OSDetect Log Message: extra paren Index: OSDetect =================================================================== RCS file: /cvsroot/netpass/NetPass/www/components/OSDetect,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- OSDetect 29 Aug 2007 17:34:25 -0000 1.2 +++ OSDetect 18 Sep 2007 15:22:00 -0000 1.3 @@ -27,7 +27,7 @@ 'bsd' => 'BSD' }; - foreach my $k (@os_list)) { + foreach my $k (@os_list) { if($ua =~ /$k/i) { $os = $os_map->{$k}; last; |
From: jeff m. <jef...@us...> - 2007-08-29 17:35:34
|
Update of /cvsroot/netpass/NetPass/lib/SNMP In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv5643/lib/SNMP Modified Files: Device.pm Log Message: rm dbging statement Index: Device.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/SNMP/Device.pm,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- Device.pm 29 Aug 2007 17:34:23 -0000 1.5 +++ Device.pm 29 Aug 2007 17:35:30 -0000 1.6 @@ -295,7 +295,6 @@ }; foreach my $k (keys %{$types}) { -print "k=$k $desc\n"; if($desc =~ /$k/) { $plugin = $types->{$k}->{'Module'}; $self->device_type($types->{$k}->{'Desc'}); |
From: jeff m. <jef...@us...> - 2007-08-29 17:34:26
|
Update of /cvsroot/netpass/NetPass/lib/SNMP In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv4093/lib/SNMP Modified Files: Device.pm Log Message: enhances os detection Index: Device.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/SNMP/Device.pm,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- Device.pm 19 May 2005 20:15:04 -0000 1.4 +++ Device.pm 29 Aug 2007 17:34:23 -0000 1.5 @@ -295,6 +295,7 @@ }; foreach my $k (keys %{$types}) { +print "k=$k $desc\n"; if($desc =~ /$k/) { $plugin = $types->{$k}->{'Module'}; $self->device_type($types->{$k}->{'Desc'}); |
From: jeff m. <jef...@us...> - 2007-08-29 17:34:26
|
Update of /cvsroot/netpass/NetPass/www/components In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv4093/www/components Modified Files: OSDetect Log Message: enhances os detection Index: OSDetect =================================================================== RCS file: /cvsroot/netpass/NetPass/www/components/OSDetect,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -d -r1.1.1.1 -r1.2 --- OSDetect 24 Sep 2004 01:05:20 -0000 1.1.1.1 +++ OSDetect 29 Aug 2007 17:34:25 -0000 1.2 @@ -13,16 +13,22 @@ my $ua = lc($ENV{'HTTP_USER_AGENT'}); my $os = "Unknown"; + my @os_list = ( 'linux', 'x11', 'mac', + 'Windows NT 6.0', 'Windows NT 5.1', 'Windows', + 'bsd' ); + my $os_map = { 'linux' => 'Linux', 'x11' => 'Unix', 'mac' => 'Mac', - 'win' => 'Windows', + 'Windows NT 6.0' => 'Windows Vista', + 'Windows NT 5.1' => 'Windows XP', + 'Windows' => 'Windows Other', 'bsd' => 'BSD' }; - foreach my $k (sort keys(%$os_map)) { - if($ua =~ /$k/) { + foreach my $k (@os_list)) { + if($ua =~ /$k/i) { $os = $os_map->{$k}; last; } |
From: jeff m. <jef...@us...> - 2006-12-15 19:28:17
|
Update of /cvsroot/netpass/NetPass/lib/NetPass In directory sc8-pr-cvs7.sourceforge.net:/tmp/cvs-serv12715/lib/NetPass Modified Files: API.pm Log Message: api changes, quar-by-mac Index: API.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/API.pm,v retrieving revision 1.28 retrieving revision 1.29 diff -u -d -r1.28 -r1.29 --- API.pm 15 Dec 2006 19:25:46 -0000 1.28 +++ API.pm 15 Dec 2006 19:28:15 -0000 1.29 @@ -480,7 +480,7 @@ return ("nothing") if $mode eq "not_really"; foreach my $npid (($arrays) ? @$id : $id) { - last if($aqo); # don't log a result if we've got aqo + last if($aqo); # don't log a result if we've got aqo my $rv = $np->db->addResult ( -mac => $mac, -id => $npid, @@ -660,7 +660,7 @@ unless($nr){ foreach my $npid (($arrays) ? @$id : $id) { - llast if($aqo); # don't log a result if we've got aqo + last if($aqo); # don't log a result if we've got aqo my $rv = $np->db->addResult ( -mac => $mac, -id => $npid, |
From: jeff m. <jef...@us...> - 2006-12-15 19:25:50
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin In directory sc8-pr-cvs7.sourceforge.net:/tmp/cvs-serv11506/www/htdocs/Admin Modified Files: qc.mhtml Log Message: api changes, quar-by-mac Index: qc.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/qc.mhtml,v retrieving revision 1.31 retrieving revision 1.32 diff -u -d -r1.31 -r1.32 --- qc.mhtml 18 Jan 2006 19:21:37 -0000 1.31 +++ qc.mhtml 15 Dec 2006 19:25:46 -0000 1.32 @@ -48,7 +48,7 @@ return; } -my $statuses = ['QUAR','PQUAR','UNQUAR','PUNQUAR']; # love the grammer! +my $statuses = ['QUAR','PQUAR','UNQUAR','PUNQUAR']; # love the grammar! my $msgs = getAllMsgs($np->db->{'dbh'}); </%perl> |
From: jeff m. <jef...@us...> - 2006-12-15 19:25:49
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs7.sourceforge.net:/tmp/cvs-serv11506/bin Modified Files: import_nessus_scans.pl Log Message: api changes, quar-by-mac Index: import_nessus_scans.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/import_nessus_scans.pl,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- import_nessus_scans.pl 22 Aug 2005 19:26:06 -0000 1.6 +++ import_nessus_scans.pl 15 Dec 2006 19:25:44 -0000 1.7 @@ -86,7 +86,7 @@ my $pass = $np->cfg->nessus(-key => 'password'); my $port = $np->cfg->nessus(-key => 'port'); -my $ncmd = "$bd/bin/nessus -c /dev/null -x -q -p $host $port $user $pass "; +my $ncmd = "$bd/bin/nessus -x -q -p $host $port $user $pass "; print qq{Nessus command is: "$ncmd"\n} if $D; |
From: jeff m. <jef...@us...> - 2006-12-15 19:25:49
|
Update of /cvsroot/netpass/NetPass/lib/NetPass In directory sc8-pr-cvs7.sourceforge.net:/tmp/cvs-serv11506/lib/NetPass Modified Files: API.pm Log Message: api changes, quar-by-mac Index: API.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/API.pm,v retrieving revision 1.27 retrieving revision 1.28 diff -u -d -r1.27 -r1.28 --- API.pm 7 Jul 2006 13:31:37 -0000 1.27 +++ API.pm 15 Dec 2006 19:25:46 -0000 1.28 @@ -362,7 +362,7 @@ return $np->db->addSnortRuleEntry(@$args); } -=head2 my $results = quarantineIP(-secret => $secret, -ip => $ip, -id => $id, -type => $type, -time => $time, -aqo => [0 | 1]) +=head2 my $results = quarantineByIP(-secret => $secret, -ip => $ip, -id => $id, -type => $type, -time => $time, -aqo => [0 | 1]) Arguments to this function include a secret key, IP address to be quarantined, an ID associated to either a Nessus or Snort ID, @@ -480,6 +480,7 @@ return ("nothing") if $mode eq "not_really"; foreach my $npid (($arrays) ? @$id : $id) { + last if($aqo); # don't log a result if we've got aqo my $rv = $np->db->addResult ( -mac => $mac, -id => $npid, @@ -659,6 +660,7 @@ unless($nr){ foreach my $npid (($arrays) ? @$id : $id) { + llast if($aqo); # don't log a result if we've got aqo my $rv = $np->db->addResult ( -mac => $mac, -id => $npid, |
From: jeff m. <jef...@us...> - 2006-07-07 13:31:41
|
Update of /cvsroot/netpass/NetPass/lib/NetPass In directory sc8-pr-cvs7.sourceforge.net:/tmp/cvs-serv15144/lib/NetPass Modified Files: API.pm DB.pm LOG.pm Log Message: primarily changes to API to allow easier remote control of netpass from IDS systems Index: DB.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/DB.pm,v retrieving revision 1.58 retrieving revision 1.59 diff -u -d -r1.58 -r1.59 --- DB.pm 16 Mar 2006 21:27:51 -0000 1.58 +++ DB.pm 7 Jul 2006 13:31:37 -0000 1.59 @@ -300,7 +300,7 @@ return 0; } -=head2 $rv = getRegisterInfo(-mac => mac, -macs => [], -ip => ip, -ips => [], -switch => ip, -port => number) +=head2 $rv = getRegisterInfo(-mac => mac, -macs => [], -ip => ip, -ips => [], -user => user, -users => [], -switch => ip, -port => number) This routine will get the registered info on an already registered MAC. Returns: @@ -347,6 +347,8 @@ -macs => [], -ip => '', -ips => [], + -user => '', + -users => [], -switch => '', -port => '' } @@ -355,16 +357,20 @@ return "invalid params\n".Carp::longmess(Class::ParmList->error) if (!defined($parms)); - my ($mac, $macs, $ip, $ips, $switch, $port) = + my ($mac, $macs, $ip, $ips, $switch, $port, $user, $users) = $parms->get('-mac', '-macs', '-ip', '-ips', - '-switch', '-port'); + '-switch', '-port', '-user', '-users'); - my $sql = "SELECT macAddress, ipAddress, lastSeen, registeredOn, status, username, OS, switchIP, switchPort, uqlinkup FROM register WHERE "; + my $sql = "SELECT macAddress, ipAddress, lastSeen, registeredOn, status, username, OS, switchIP, switchPort, uqlinkup, username FROM register WHERE "; if ($mac ne "") { $sql .= " macAddress = ".$self->dbh->quote($mac); $kfield = "macAddress"; } + elsif ($user ne "") { + $sql .= " username = ".$self->dbh->quote($user); + $kfield = "macAddress"; + } elsif ($ip ne "") { $sql .= " ipAddress = ".$self->dbh->quote($ip); $kfield = "ipAddress"; @@ -378,6 +384,10 @@ $sql .= join (" OR ", (map (" macAddress = ".$self->dbh->quote($_), @{$macs}))); $kfield = "macAddress"; } + elsif ($#{$users} > -1) { + $sql .= join (" OR ", (map (" username = ".$self->dbh->quote($_), @{$users}))); + $kfield = "macAddress"; + } elsif ($#{$ips} > -1) { $sql .= join (" OR ", (map (" ipAddress = ".$self->dbh->quote($_), @{$ip}))); $kfield = "ipAddress"; @@ -506,7 +516,6 @@ my ($name, $massageHTML, $ip, $npcfg, $group) = $parms->get('-name', '-nohtml', '-ip', '-npcfg', '-group'); - $self->reconnect() || return undef; return undef unless defined($name); @@ -558,11 +567,11 @@ my $sql = shift; my $sth = $self->{'dbh'}->prepare($sql); - return undef unless defined $sth; + return undef if(!$sth); - my $rv = $sth->execute; + my $rv = $sth->execute(); if (!defined($rv)) { - $sth->finish; + $sth->finish(); return undef; } my $val = $sth->fetchrow_arrayref; Index: API.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/API.pm,v retrieving revision 1.26 retrieving revision 1.27 diff -u -d -r1.26 -r1.27 --- API.pm 8 Aug 2005 13:06:58 -0000 1.26 +++ API.pm 7 Jul 2006 13:31:37 -0000 1.27 @@ -187,6 +187,62 @@ return \@aref; } +=head2 getResults(-secret => $secret, ...) + + Refer to Netpass::DB for documentation. + +=cut + + +sub getResults { + my $self = shift; + my $np = $::np; + + my($secret, $args) = $self->$get_secret_from_args(@_); + return undef if $secret eq ""; + return undef unless ($self->$check_soap_auth($secret)); + return undef if $self->$execute_user_defined_function("getResults", @_) < 0; + + return $np->db->getResults(@$args); +} + +=head2 addResult(-secret => $secret, ...) + + Refer to NetPass::DB for documentation. + +=cut + +sub addResult { + my $self = shift; + my $np = $::np; + + my($secret, $args) = $self->$get_secret_from_args(@_); + return undef if $secret eq ""; + return undef unless ($self->$check_soap_auth($secret)); + return undef if $self->$execute_user_defined_function("addResult", @_) < 0; + + return $np->db->addResult(@$args); +} + +=head2 updateResult(-secret => $secret, ...) + + Refer to NetPass::DB for documentation. + +=cut + +sub updateResult { + my $self = shift; + my $np = $::np; + + my($secret, $args) = $self->$get_secret_from_args(@_); + return undef if $secret eq ""; + return undef unless ($self->$check_soap_auth($secret)); + return undef if $self->$execute_user_defined_function("updateResult", @_) < 0; + + return $np->db->updateResult(@$args); +} + + =head2 my $bool = snortEnabled($secret, $network) Determines snort status on the specified network, returns either @@ -251,10 +307,9 @@ return \@snortnws; } -=head2 $rv = getRegisterInfo(-secret => secret -mac => mac, -macs => [], -ip => ip, -ips => []) +=head2 $rv = getRegisterInfo(-secret => secret, ...) -This routine is basically a NetPass::API wrapper to NetPass::DB::getRegisterInfo, -for information regarding arguments see DB::getRegisterInfo. +Refer to NetPass::DB::getRegisterInfo for documentation. =cut @@ -270,6 +325,24 @@ return $np->db->getRegisterInfo(@$args); } +=head2 $msg = getPage(-secret => $secret, ...) + + Refer to NetPass::DB::getPage for documentation. + +=cut + +sub getPage { + my $self = shift; + my $np = $::np; + + my($secret, $args) = $self->$get_secret_from_args(@_); + return undef if $secret eq ""; + return undef unless ($self->$check_soap_auth($secret)); + return undef if $self->$execute_user_defined_function("getPage", @_) < 0; + + return $np->db->getPage(@$args); +} + =head2 $rv = addSnortRuleEntry(-secret => $secret -rule => $rule -user => $user -desc => $desc) This routine is basically a NetPass::API wrapper to NetPass::DB::addSnortRuleEntry, @@ -289,17 +362,23 @@ return $np->db->addSnortRuleEntry(@$args); } -=head2 my $results = quarantineByIP(-secret => $secret, -ip => $ip, -id => $id, -type => $type, -time => $time) +=head2 my $results = quarantineIP(-secret => $secret, -ip => $ip, -id => $id, -type => $type, -time => $time, -aqo => [0 | 1]) -Arguments to this function include a secret key, ip address to be -quarantined, an id associated to either a Nessus or Snort ID, -a type corresponding to what exactly quarantined this ip, and a timestamp -when the incident occured. The type, id, and time variables can also be +Arguments to this function include a secret key, IP address to be +quarantined, an ID associated to either a Nessus or Snort ID, +a type corresponding to what exactly quarantined this IP, and a timestamp +when the incident occured. The type, ID, and time variables can also be ARRAY references for multiple id's with their corresponding types and timestamps, however there must be an equal number of elements in each -of the arrays or an error will occur. This function returns either -C<quarantined> if the ip as been quarantined, C<nothing> if nothing -has been done or C<undef> on failure. +of the arrays or an error will occur. + +The aqo ("autoquaroverride") parameter allows you to quarantine a host even +if autoquarantining is not enabled in its subnet. It defaults to "0" +which means if you try to quarantine a host for which auto-quar is not +enabled, nothing will happen other than a log entry being made. + +This function returns either C<quarantined> if the ip as been quarantined, +C<nothing> if nothing has been done or C<undef> on failure. =cut @@ -310,17 +389,18 @@ my @msgs; my $parms = parse_parms({ -parms => \@_, - -legal => [ qw(-secret -type -id -ip -time) ], + -legal => [ qw(-secret -type -id -ip -time -aqo) ], -required => [ qw(-secret -type -id -ip -time) ], -defaults => { -secret => '', -type => '', -id => '', -ip => '', + -aqo => 0 } }); return "invalid params\n".Carp::longmess(Class::ParmList->error) if (!defined($parms)); - my ($secret, $type, $id, $ip, $time) = $parms->get('-secret', '-type', '-id', '-ip', '-time'); + my ($secret, $type, $id, $ip, $time, $aqo) = $parms->get('-secret', '-type', '-id', '-ip', '-time', '-aqo'); return undef unless ($self->$check_soap_auth($secret)); return undef if $self->$execute_user_defined_function("quarantineByIP", @_) < 0; @@ -346,7 +426,7 @@ } my $mode = $np->cfg->snortEnabled($network); - if ($mode eq "disabled") { + if (!$aqo && $mode eq "disabled") { _log("DEBUG", "Snort is disabled on $network"); return ("nothing"); } @@ -368,7 +448,7 @@ my $t = $time->[$i]; $t = localtime($time->[$i]) if $time->[$i] =~ /^\d+$/; - if ($mode eq "not_really") { + if (!$aqo && $mode eq "not_really") { push @msgs, sprintf("%s report-only for violation of %d plugin at %s.", $type->[$i], $id->[$i], $t); } else { @@ -381,7 +461,7 @@ my $t = $time; $t = localtime($time) if $time =~ /^\d+$/; - if ($mode eq "not_really") { + if (!$aqo && $mode eq "not_really") { push @msgs, sprintf("%s report-only for violation of %d plugin at %s", $type, $id, $t); } else { @@ -435,7 +515,7 @@ if (!defined($sw) || !defined($po)) { _log("ERROR", "unable to determine switch for $mac $ip\n"); - return undef; + return "quarantine pending: unable to determine switch for $mac"; } my $rv3 = $np->db->requestMovePort( @@ -447,12 +527,193 @@ if (!$rv3) { _log("ERROR", "$mac requestMovePort($sw, $po) failed\n"); + return "quarantine pending: requestMovePort($sw, $po) failed"; + } + + return ("quarantined"); +} + +=head2 my $results = quarantineByMAC(-secret => $secret, -mac => $mac, -id => $id, -type => $type, -time => $time, -aqo => [0 | 1]) + +Arguments to this function include a secret key, MAC address to be +quarantined, an ID associated to either a Nessus or Snort ID, +a type corresponding to what exactly quarantined this IP, and a timestamp +when the incident occured. The type, ID, and time variables can also be +ARRAY references for multiple id's with their corresponding types and +timestamps, however there must be an equal number of elements in each +of the arrays or an error will occur. + +The aqo ("autoquaroverride") parameter allows you to quarantine a host even +if autoquarantining is not enabled in its subnet. It defaults to "0" +which means if you try to quarantine a host for which auto-quar is not +enabled, nothing will happen other than a log entry being made. + +The nr ("no result") parameter allows you to manipulate the results table +from outside the quarantineByMAC function. + +This function returns either C<quarantined> if the mac as been quarantined, +C<nothing> if nothing has been done or C<undef> on failure. If the register +is updated but the quarantine fails, a value of C<quarantine pending: errstr> +is returned since the users register status at that point has been updated to +'QUAR'. + +=cut + +sub quarantineByMAC { + my $self = shift; + my $np = $::np; + my $arrays = 0; + my @msgs; + my $parms = parse_parms({ + -parms => \@_, + -legal => [ qw(-secret -type -id -mac -time -aqo -nr -status) ], + -required => [ qw(-secret -type -id -mac -time) ], + -defaults => { -secret => '', + -type => '', + -id => '', + -mac => '', + -aqo => 0, + -status => 'QUAR', + } + }); + + return "invalid params\n".Carp::longmess(Class::ParmList->error) if (!defined($parms)); + my ($secret, $type, $id, $mac, $time, $aqo, $nr, $status) = $parms->get('-secret', '-type', '-id', '-mac', '-time', '-aqo', '-nr', '-status'); + + return undef unless ($self->$check_soap_auth($secret)); + return undef if $self->$execute_user_defined_function("quarantineByMAC", @_) < 0; + + if (ref($type) eq 'ARRAY' && ref($id) eq 'ARRAY' && ref($time) eq 'ARRAY') { + $arrays = 1; + } + + if (!$arrays && (ref($type) eq 'ARRAY' || ref($id) eq 'ARRAY' || ref($time) eq 'ARRAY')) { + _log("ERROR", "Invalid Paramaters passed"); + return undef; + } + + if ($arrays && ($#$type != $#$id || $#$type != $#$time)) { + _log("ERROR", "LIST Paramaters type, id, and time do not have the same number of elements"); + return undef; + } + + my $ip2mac = $np->db->getRegisterInfo(-mac => $mac); + if (ref($ip2mac) ne 'HASH') { + _log("ERROR", "Unable to retrieve ip to mac mapping"); + return undef; + } + + my $ip = $ip2mac->{$mac}->{'ipAddress'}; + if (!defined $ip) { + _log("ERROR", "Cannot determine ip address for $mac"); return undef; } + my $network = $np->cfg->getMatchingNetwork(-ip => $ip); + if ($network eq "none") { + _log("ERROR", "Unable to determine network for $ip"); + return undef; + } + + my $mode = $np->cfg->snortEnabled($network); + if (!$aqo && $mode eq "disabled") { + _log("DEBUG", "Snort is disabled on $network"); + return ("nothing"); + } + + if ($arrays) { + for (my $i = 0; $i <= $#$type; $i++) { + my $t = $time->[$i]; + $t = localtime($time->[$i]) if $time->[$i] =~ /^\d+$/; + + if (!$aqo && $mode eq "not_really") { + push @msgs, sprintf("%s report-only for violation of %d plugin at %s.", + $type->[$i], $id->[$i], $t); + } else { + push @msgs, sprintf("%s quarantine for violation of %d plugin at %s.", + $type->[$i], $id->[$i], $t); + + } + } + } else { + my $t = $time; + $t = localtime($time) if $time =~ /^\d+$/; + + if (!$aqo && $mode eq "not_really") { + push @msgs, sprintf("%s report-only for violation of %d plugin at %s", + $type, $id, $t); + } else { + push @msgs, sprintf("%s quarantine for violation of %d plugin at %s.", + $type, $id, $t); + } + } + + $np->db->audit ( + -severity => 'NOTICE', + -mac => $mac, + -ip => $ip, + -user => 'npapi', + -msg => \@msgs, + ); + return ("nothing") if $mode eq "not_really"; + + unless($nr){ + foreach my $npid (($arrays) ? @$id : $id) { + my $rv = $np->db->addResult ( + -mac => $mac, + -id => $npid, + -type => ($arrays) ? shift @$type : $type, + -npcfg => $np->cfg + ); + + if ($rv eq "invalid mac") { + _log("ERROR", "Invalid mac $mac"); + return undef; + } + if ($rv eq "db failure") { + _log("ERROR", "database failure"); + return undef; + } + if ($rv ne "duplicate result" && $rv ne 0) { + _log("ERROR", "Unknown Error"); + return undef; + } + } + } + + my $rv2 = $np->db->updateRegister ( + -mac => $mac, + -status => $status, + ); + + if ($rv2 ne 1) { + _log("ERROR", "Unable to quarantine $mac: ".$rv2); + return undef; + } + + my($sw, $po, $m2p, $p2m) = $np->findOurSwitchPort($mac, $ip); + + if (!defined($sw) || !defined($po)) { + _log("ERROR", "unable to determine switch for $mac $ip\n"); + return "quarantine pending: unable to determine switch for $mac $ip"; + } + + my $rv3 = $np->db->requestMovePort( + -switch => $sw, + -port => $po, + -vlan => 'quarantine', + -by => 'npapi', + ); + + if (!$rv3) { + _log("ERROR", "$mac requestMovePort($sw, $po) failed\n"); + return "quarantine pending: $mac requestMovePort($sw, $po) failed"; + } + return ("quarantined"); } + =head2 echo() Used to determine if we have a valid connection, Returns 1 always. Index: LOG.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/LOG.pm,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- LOG.pm 4 May 2005 03:09:44 -0000 1.2 +++ LOG.pm 7 Jul 2006 13:31:37 -0000 1.3 @@ -125,6 +125,8 @@ if ($SL == 0) { print $lh '[', scalar(localtime), "] [$MTYPE] ${subr} [$line]: "; print $lh join(' ', @_); + print $lh "\n"; + $lh->flush(); } else { my $s = sprintf("[$MTYPE] ${subr} [$line]: %s", join(' ', @_)); chomp($s); |
From: jeff m. <jef...@us...> - 2006-07-07 13:31:41
|
Update of /cvsroot/netpass/NetPass/lib In directory sc8-pr-cvs7.sourceforge.net:/tmp/cvs-serv15144/lib Modified Files: NetPass.pm Log Message: primarily changes to API to allow easier remote control of netpass from IDS systems Index: NetPass.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass.pm,v retrieving revision 1.23 retrieving revision 1.24 diff -u -d -r1.23 -r1.24 --- NetPass.pm 9 Sep 2005 12:32:11 -0000 1.23 +++ NetPass.pm 7 Jul 2006 13:31:37 -0000 1.24 @@ -237,8 +237,10 @@ if (grep (/^$_vlan$/, @$x)) { _log ("WARNING", "$hn/$port is already in vlan $vlan ($_vlan)\n"); - $self->error("already in that vlan: nothing to do!"); - return 1; # success + # this bit of efficiency tends to cause problems, it's best to + # go ahead and just reset the vlan membership regardless. + #$self->error("already in that vlan: nothing to do!"); + #return 1; # success } _log ("INFO", "Setting port $port on $hn to PVID $_vlan ($vlan)\n") |
From: jeff m. <jef...@us...> - 2006-07-07 13:31:41
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs7.sourceforge.net:/tmp/cvs-serv15144/bin Modified Files: macscan.pl npsvc.pl Log Message: primarily changes to API to allow easier remote control of netpass from IDS systems Index: npsvc.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/npsvc.pl,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- npsvc.pl 22 Aug 2005 19:26:06 -0000 1.7 +++ npsvc.pl 7 Jul 2006 13:31:36 -0000 1.8 @@ -162,14 +162,14 @@ next if ($line =~ /^\s*\#/); my($port, $email, $action, $cmd) = split(/\s+/, $line, 4); print "config(pre-regexp): <$port> <$email> <$action> <$cmd>\n" if $D; - if ($email !~ /^\w+\@\w*\.*\w*\.*\w+\.\w+$/) { + if ($email !~ /^[^@]+\@\w*\.*\w*\.*\w+\.\w+$/) { print "config(email) <$email> didnt parse\n"; } if (! -e (split(/\s+/, $cmd))[0]) { print "config(cmd) <$cmd> not executable\n"; } next if ($cmd eq '' || - $email !~ /^\w+\@\w*\.*\w*\.*\w+\.\w+$/ || + $email !~ /^[^@]+\@\w*\.*\w*\.*\w+\.\w+$/ || $port eq '' || $action !~ /^(restart|norestart)$/ || !-e (split(/\s+/, $cmd))[0]); Index: macscan.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/macscan.pl,v retrieving revision 1.15 retrieving revision 1.16 diff -u -d -r1.15 -r1.16 --- macscan.pl 19 Jan 2006 21:46:45 -0000 1.15 +++ macscan.pl 7 Jul 2006 13:31:36 -0000 1.16 @@ -111,6 +111,8 @@ use NetPass::LOG qw(_log _cont); require NetPass; +use Data::Dumper; + BEGIN { use Config; $Config{useithreads} or die "Recompile Perl with threads to run this program."; @@ -326,7 +328,7 @@ $portIsOK = 0; push @nOkMacs, $mac."/NR"; } - elsif ($np->db->macStatus($mac) =~ /^[P]QUAR/) { + elsif ($np->db->macStatus($mac) =~ /^[P]{0,1}QUAR/) { # mac registered but quarantined print "[$tid] reg status of $mac is 'registered but quarantined'\n" if $D; $portIsOK = 0; |
From: jeff m. <jef...@us...> - 2006-07-07 13:31:41
|
Update of /cvsroot/netpass/NetPass In directory sc8-pr-cvs7.sourceforge.net:/tmp/cvs-serv15144 Modified Files: CHANGES Log Message: primarily changes to API to allow easier remote control of netpass from IDS systems Index: CHANGES =================================================================== RCS file: /cvsroot/netpass/NetPass/CHANGES,v retrieving revision 1.32 retrieving revision 1.33 diff -u -d -r1.32 -r1.33 --- CHANGES 7 Apr 2006 20:44:10 -0000 1.32 +++ CHANGES 7 Jul 2006 13:31:36 -0000 1.33 @@ -333,3 +333,17 @@ jcm bug#1465448 Input validation on manual register form allowed invalid mac addresses to be registered. +2006-04-10 + jcm removed "port is already in that VLAN" check from NetPass.pm - occasionally + a port would get stuck in both VLANs, and this check would stop NetPass + from fixing that when it occurred. + +2006-07-06 + jcm modified API.pm to allow quarantining even if autoquar is not enabled on + a network (via a toggle) + wcy modified LOG.pm to fix a STDOUT flush problem + jcm modified macscan.pl to fix a bug where QUAR would be ignored + jcm modified API.pm to allow quaranting by MAC as well as to expose a few + more functions + wcy modified DB.pm to allow fetching of register records by username + |
From: Julian Y. K. <ko...@no...> - 2006-06-16 14:31:27
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 16:26 -0500 03/16/2006, Jeff Murphy wrote: >> 2.) A user who has been given UserEditor rights for a given group is >> unable to completely delete a user from the UserEditor. For example, we >> have >> designated a user (Rachael) who is responsible for granting and revoking >> QuarAdmin rights for the "Resnet" group. When one of these users stops >> working for Rachael, she wants to completely remove them from the User >> list. However, even after removing all groups from that user's username, >> the user is still there in the Resnet group, just with no rights >> whatsoever. >> > >fixed This behavior is fixed (thanks!), but our delegated admin user reports that she is still unable to add users to the group that she has rights for. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) Comment: <http://bt.ittns.northwestern.edu/julian/pgppubkey.html> iQA/AwUBRJLAUA5UB5zJHgFjEQLB4wCfUjhFxNY4StWnczFzMLCU1w9hDuIAn3Q2 3Ht4KaESuG/tNh13y/SP8OCv =F+SD -----END PGP SIGNATURE----- -- Julian Y. Koh <mailto:ko...@no...> Network Engineer <phone:847-467-5780> Telecommunications and Network Services Northwestern University PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html> |
From: jeff m. <jef...@us...> - 2006-04-07 20:44:21
|
Update of /cvsroot/netpass/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19250 Modified Files: CHANGES Log Message: bug#1465448 Input validation on manual register form Index: CHANGES =================================================================== RCS file: /cvsroot/netpass/NetPass/CHANGES,v retrieving revision 1.31 retrieving revision 1.32 diff -u -d -r1.31 -r1.32 --- CHANGES 28 Mar 2006 21:35:38 -0000 1.31 +++ CHANGES 7 Apr 2006 20:44:10 -0000 1.32 @@ -329,3 +329,7 @@ 2006-03-28 jcm rebuilt apache to version 1.3.34 and posted binaries +2006-04-07 + jcm bug#1465448 Input validation on manual register form allowed invalid mac + addresses to be registered. + |
From: jeff m. <jef...@us...> - 2006-04-07 20:44:17
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19250/www/htdocs/Admin Modified Files: mr.mhtml Log Message: bug#1465448 Input validation on manual register form Index: mr.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/mr.mhtml,v retrieving revision 1.12 retrieving revision 1.13 diff -u -d -r1.12 -r1.13 --- mr.mhtml 19 Jan 2006 21:41:48 -0000 1.12 +++ mr.mhtml 7 Apr 2006 20:44:11 -0000 1.13 @@ -125,17 +125,23 @@ $err = "The network ($nw) that the address ($ip) is a part of, is not managed by NetPass."; } + if ($mac !~ /^[a-f0-9:]+$/) { + $err .= "<BR>The MAC address you gave doesn't look right."; + } + if ( ! $isRoot ) { my $netgroup = $np->cfg->getNetgroup(-network => $nw); if ( !grep(/^default$/, @$rwGroups) && !grep(/^$nw$/, @$rwGroups) && !grep(/^$netgroup$/, @$rwGroups) ) { - $err = "You don't have permission to register an IP address on the $nw network."; + $err .= "<BR>You don't have permission to register an IP address on the $nw network."; } } - $err = saveReg($np->db->{'dbh'}, NetPass::padMac($mac), $ip, $uid) if ($err eq ""); + if ($err eq '') { + $err = saveReg($np->db->{'dbh'}, NetPass::padMac($mac), $ip, $uid) if ($err eq ""); - $err = "This MAC address (".NetPass::padMac($mac).") is already registered." - if ($err =~ /duplicate/i); + $err = "This MAC address (".NetPass::padMac($mac).") is already registered." + if ($err =~ /duplicate/i); + } if ($err ne "") { print $q->p({-class => "error"}, $err); |
From: jeff m. <jef...@us...> - 2006-03-23 18:50:15
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15265/bin Modified Files: interfacecfg.pl Log Message: added custom-mac specification to per-network config to more easily support NU non-GARP feature. see appendix D in doc Index: interfacecfg.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/interfacecfg.pl,v retrieving revision 1.13 retrieving revision 1.14 diff -u -d -r1.13 -r1.14 --- interfacecfg.pl 16 Mar 2006 21:27:51 -0000 1.13 +++ interfacecfg.pl 23 Mar 2006 18:50:04 -0000 1.14 @@ -106,6 +106,7 @@ $ifaces{$net}{'int'} = $np->cfg->getInterface($net); $ifaces{$net}{'qvlan'} = $np->cfg->quarantineVlan($net); $ifaces{$net}{'nqvlan'} = $np->cfg->nonquarantineVlan($net); + $ifaces{$net}{'cmac'} = $np->cfg->getCustomMAC($net); $ifaces{$net}{'vip'} = ($np->cfg->virtualIP($net)) ? $np->cfg->virtualIP($net) : $ips[0]; $ifaces{$net}{'d1'} = $ips[1]; $ifaces{$net}{'d2'} = $ips[2]; @@ -144,6 +145,10 @@ ' netmask '.$ifaces{$_}{'mask'}." up\n"; } else { print "$IFCONFIG ".$ifaces{$_}{'int'}." 0.0.0.0 up\n"; + # cisco 65xx custom-mac feature. See Appendix D for details. + if (exists $ifaces{$_}{'cmac'} && $ifaces{$_}{'cmac'}) { + print "$IFCONFIG ".$ifaces{$_}{'int'}.'.'.$ifaces{$_}{'qvlan'}." hw ether ".$ifaces{$_}{'cmac'}."\n"; + } print "$IFCONFIG ".$ifaces{$_}{'int'}.'.'.$ifaces{$_}{'qvlan'}." up\n"; } print "$VCONFIG add ".$ifaces{$_}{'int'}.' '.$ifaces{$_}{'nqvlan'}."\n"; |
From: jeff m. <jef...@us...> - 2006-03-23 18:50:14
|
Update of /cvsroot/netpass/NetPass/lib/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15265/lib/NetPass Modified Files: Config.pm Log Message: added custom-mac specification to per-network config to more easily support NU non-GARP feature. see appendix D in doc Index: Config.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/Config.pm,v retrieving revision 1.55 retrieving revision 1.56 diff -u -d -r1.55 -r1.56 --- Config.pm 18 Jan 2006 17:01:30 -0000 1.55 +++ Config.pm 23 Mar 2006 18:50:04 -0000 1.56 @@ -899,6 +899,27 @@ return undef; } +=head2 my $cmac = $cfg-E<gt>getCustomMAC(network) + +return the custom MAC address we've set for this network. +See Appendix D of the NetPass manual for a discussion on how this is used. + +=cut + +sub getCustomMAC { + my $self = shift; + my $nw = shift; + + $self->reloadIfChanged(); + + if ($self->{'cfg'}->obj('network')->exists($nw)) { + if ($self->{'cfg'}->obj('network')->obj($nw)->exists('cmac')) { + return $self->{'cfg'}->obj('network')->obj($nw)->value('cmac'); + } + } + return undef; +} + =head2 my $int = $cfg-E<gt>getInterface(network) return the interface that is connected to the given network. returns undef @@ -1014,10 +1035,10 @@ return ""; } -=head2 $cfg-E<gt>setNetwork(-network => '', -comment => '', -interface => '', -qvid => #, -uqvid => #) +=head2 $cfg-E<gt>setNetwork(-network => '', -comment => '', -interface => '', -qvid => #, -uqvid => #, -cmac => '') -Given a network, set the various "core" network fields. A comment of "" or undef is OK. All other -fields are required. +Given a network, set the various "core" network fields. A comment of "" or undef is OK. 'cmac' +is optional. All other fields are required. RETURNS @@ -1032,9 +1053,9 @@ my $parms = parse_parms({ -parms => \@_, - -legal => [qw(-network -comment -interface -qvid -uqvid)], + -legal => [qw(-network -comment -interface -qvid -uqvid -cmac)], -required => [qw(-network -interface -qvid -uqvid)], - -defaults => { -comment => '' } + -defaults => { -comment => '', -cmac => '' } } ); @@ -1042,10 +1063,15 @@ return "invalid parameters: ".Carp::longmess("invalid parameters ".Class::ParmList->error); } - my ($network, $comment, $interface, $qvid, $uqvid) = - $parms->get('-network', '-comment', '-interface', '-qvid', '-uqvid'); + my ($network, $comment, $interface, $qvid, $uqvid, $cmac) = + $parms->get('-network', '-comment', '-interface', '-qvid', '-uqvid', '-cmac'); $comment ||= ''; + $cmac ||= ''; + + if ($cmac ne '' && ($cmac !~ /^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$/i) ) { + return "invalid parameters: cmac does not look like a MAC address"; + } $self->reloadIfChanged(); @@ -1057,12 +1083,16 @@ _log("DEBUG", "set network int $interface\n"); _log("DEBUG", "set network qid $qvid\n"); _log("DEBUG", "set network nqid $uqvid\n"); + _log("DEBUG", "set network cmac $cmac\n"); $self->{'cfg'}->obj('network')->obj($network)->comment($comment); $self->{'cfg'}->obj('network')->obj($network)->interface($interface); $self->{'cfg'}->obj('network')->obj($network)->quarantine($qvid); $self->{'cfg'}->obj('network')->obj($network)->nonquarantine($uqvid); + $self->{'cfg'}->obj('network')->obj($network)->cmac($cmac) if ($cmac ne ''); + $self->{'cfg'}->obj('network')->obj($network)->delete('cmac') if ($cmac eq ''); + return 0; } |
From: jeff m. <jef...@us...> - 2006-03-23 18:50:13
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15265/www/htdocs/Admin Modified Files: network.mhtml Log Message: added custom-mac specification to per-network config to more easily support NU non-GARP feature. see appendix D in doc Index: network.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/network.mhtml,v retrieving revision 1.13 retrieving revision 1.14 diff -u -d -r1.13 -r1.14 --- network.mhtml 6 Sep 2005 20:29:18 -0000 1.13 +++ network.mhtml 23 Mar 2006 18:50:04 -0000 1.14 @@ -6,6 +6,7 @@ - add/remove networks - configure per-network settings - comment + - custom mac address (see Appendix D) - ha enabled/disabled + settings - garp enabled/disabled + settings - netgroup membership @@ -24,6 +25,7 @@ $submitButton => ''; $network => ''; $comment => ''; + $cmac => ''; $interface => ''; $qvid => ''; $uqvid => ''; @@ -79,11 +81,12 @@ if ( ($submitButton eq "Commit Changes") && $network && ($network ne $WH) ) { _log("DEBUG", $m->session->{'username'}. " is updating $network $secondaryRedirector\n"); - $rv = $np->cfg->setNetwork(-network => $network, - -comment => $comment, + $rv = $np->cfg->setNetwork(-network => $network, + -comment => $comment, -interface => $interface, - -qvid => $qvid, - -uqvid => $uqvid); + -qvid => $qvid, + -uqvid => $uqvid, + -cmac => $cmac); push @setResults, "Failed to set 'network' fields: $rv" if $rv; $rv = $np->cfg->setHA( -network => $network, @@ -175,6 +178,7 @@ $uqvid = $np->cfg->nonquarantineVlan($network); $interface = $np->cfg->getInterface($network); $comment = $np->cfg->getNetComment($network); + $cmac = $np->cfg->getCustomMAC($network); $ng = $np->cfg->getNetgroup(-network => $network); $ng ||= ''; $switches = $np->cfg->getSwitches($network); @@ -275,6 +279,8 @@ <tr class='garpOptions' id='garpOptions1'><td class='left'>Delay:</td><td colspan=2><input size=4 maxlength=8 name='garpDelay' value="<%$garpDelay%>"> seconds </td></tr> <tr class='garpOptions' id='garpOptions2'><td class='left'>Number:</td><td colspan=2><input size=4 maxlength=8 name='garpNumber' value="<%$garpNumber%>"></td></tr> +<tr class='left' id='cmac'><td class='left'>Custom MAC:</td><td colspan=2><input size=18 maxlength=22 name='cmac' value="<%$cmac%>"></td></tr> + <tr><td class='left'>Switches:<BR> <button id='delSwitch' onclick='network_onclick_delSwitch(); return false;' type='button'>Delete</button><BR> @@ -291,11 +297,6 @@ </td> </tr> <tr><td colspan=3> -<PRE><B>TODO: - - when click netgroup .. highlight networks list</B> -</PRE> -</td></tr> -<tr><td colspan=3> % my $ngtxt = $ng ? qq{<BR>(Part of the "<a href='netgroups.mhtml?netgroups=$ng'>$ng</a>" netgroup)} : ""; % $m->comp('/Admin/TableEditPolicy', %ARGS, 'tableName' => 'Network General Settings for '.$network.$ngtxt, % 'showDefault' => 1, 'formatFor' => 'network', |
From: jeff m. <jef...@us...> - 2006-03-23 18:50:13
|
Update of /cvsroot/netpass/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15265 Modified Files: CHANGES Log Message: added custom-mac specification to per-network config to more easily support NU non-GARP feature. see appendix D in doc Index: CHANGES =================================================================== RCS file: /cvsroot/netpass/NetPass/CHANGES,v retrieving revision 1.29 retrieving revision 1.30 diff -u -d -r1.29 -r1.30 --- CHANGES 16 Mar 2006 21:27:50 -0000 1.29 +++ CHANGES 23 Mar 2006 18:50:04 -0000 1.30 @@ -320,3 +320,8 @@ jcm bug#1451626 user editored emitted debugging output in some circumstances jcm bug#1451625 remove a user from all groups, sometimes doesnt delete the user from the database + +2006-03-20 + jcm added 'custom mac' to per-network configuration. this can be used to set the + redirector's per-vlan mac address to the same as the router, which will + let you disable garp. see Appendix D in the doc for a discussion. |
From: jeff m. <jef...@us...> - 2006-03-23 18:46:42
|
Update of /cvsroot/netpass/NetPass-Doc In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv13070 Modified Files: npag.doc Log Message: fleshed out appendices Index: npag.doc =================================================================== RCS file: /cvsroot/netpass/NetPass-Doc/npag.doc,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -u -d -r1.1.1.1 -r1.2 Binary files /tmp/cvsWl4gtW and /tmp/cvscTrKTH differ |
From: jeff m. <jef...@us...> - 2006-03-16 21:27:59
|
Update of /cvsroot/netpass/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv7108 Modified Files: CHANGES Log Message: bug fixes, bug#1451624 bug#1451626 bug#1451625 Index: CHANGES =================================================================== RCS file: /cvsroot/netpass/NetPass/CHANGES,v retrieving revision 1.28 retrieving revision 1.29 diff -u -d -r1.28 -r1.29 --- CHANGES 7 Feb 2006 19:54:32 -0000 1.28 +++ CHANGES 16 Mar 2006 21:27:50 -0000 1.29 @@ -314,3 +314,9 @@ jcm bug#1426335 fixed a bug on a few forms (IDS, Audit, Reports) allowed readonly access even if you werent in the appropriate readonly group(s) +2006-03-16 + jcm bug#1451624 table column in reports/byclient and audit page referenced + 'UBIT Name' + jcm bug#1451626 user editored emitted debugging output in some circumstances + jcm bug#1451625 remove a user from all groups, sometimes doesnt delete the + user from the database |
From: jeff m. <jef...@us...> - 2006-03-16 21:27:57
|
Update of /cvsroot/netpass/NetPass/lib/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv7108/lib/NetPass Modified Files: DB.pm Log Message: bug fixes, bug#1451624 bug#1451626 bug#1451625 Index: DB.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/DB.pm,v retrieving revision 1.57 retrieving revision 1.58 diff -u -d -r1.57 -r1.58 --- DB.pm 5 Jan 2006 21:02:35 -0000 1.57 +++ DB.pm 16 Mar 2006 21:27:51 -0000 1.58 @@ -1451,8 +1451,9 @@ =cut -# go from NetAdmin;Test Network+NetAdmin;128.205.10.0/24+Reports+Users -# to the hash +# go from Test Network+NetAdmin;128.205.10.0/24+Reports+Users +# to the hash. All DB entries must be in the form +# Group+perm+perm+... sub decomposeGroupMembership { my $self = shift; @@ -1464,15 +1465,13 @@ my $network = $1; my $netgroups = $2; $rv->{$network} = [ split(/\+/, $netgroups) ]; - } else { - $rv->{$c} = 1; - } + } } return $rv; } # go from the hash back to -# NetAdmin;Test Network+NetAdmin;128.205.10.0/24+Reports+Users +# Test Network+NetAdmin;128.205.10.0/24+Reports+Users sub composeGroupMembership { my $self = shift; @@ -1481,11 +1480,9 @@ my $gstring = ""; foreach my $g (sort keys %$gh) { - if (ref($gh->{$g}) eq "ARRAY") { + if ( (ref($gh->{$g}) eq "ARRAY") && ($#{$gh->{$g}} > -1) ) { $gstring .= "$g+".join('+', @{$gh->{$g}}).";"; - } else { - $gstring .= "$g;"; - } + } } $gstring =~ s/;$//; return $gstring; |
From: jeff m. <jef...@us...> - 2006-03-16 21:27:57
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv7108/www/htdocs/Admin Modified Files: audit.mhtml user.mhtml Log Message: bug fixes, bug#1451624 bug#1451626 bug#1451625 Index: user.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/user.mhtml,v retrieving revision 1.24 retrieving revision 1.25 diff -u -d -r1.24 -r1.25 --- user.mhtml 23 Jun 2005 20:21:09 -0000 1.24 +++ user.mhtml 16 Mar 2006 21:27:51 -0000 1.25 @@ -42,7 +42,7 @@ # these are reserved group names. my %groups = ( 'Admin' => 1, 'ScanAdmin' => 1, 'Editor' => 1, 'Reports' => 1, - 'UserEditor' => 1, 'QuarAdmin' => 1 ); #, 'NetAdmin' => 1 ); + 'UserEditor' => 1, 'QuarAdmin' => 1 ); my @groups = (keys %groups); my $error = ""; my $whoami = $m->session->{'username'}; @@ -148,7 +148,7 @@ foreach $user (keys %$uh) { print "PASS1($user): examine group membership from webdata..\n" if $D; foreach my $bdgrp (keys %{$uh->{$user}}) { - print "\texamining group $bdgrp ..\n"; + print "\texamining group $bdgrp ..\n" if $D; if ($bdgrp !~ /$mygrpRE/) { print "\t\twe found a group $bdgrp that we arent allowed to edit\n" if $D; Index: audit.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/audit.mhtml,v retrieving revision 1.11 retrieving revision 1.12 diff -u -d -r1.11 -r1.12 --- audit.mhtml 7 Feb 2006 19:54:33 -0000 1.11 +++ audit.mhtml 16 Mar 2006 21:27:51 -0000 1.12 @@ -177,7 +177,7 @@ print $q->h4("Showing Results $result_set"); -if($count==0 && $start==0) { +if($count == 0 && $start == 0) { print $q->p("You may want to re-define your search to be less strict.<br>I would suggest removing one or more fields and modifying the Search Type."); return; } @@ -187,10 +187,13 @@ print $q->a({ -href=>$next_link }, "Next Page -->") if($next_link ne ''); print $q->br; +my $unameprompt = $np->cfg->policy(-key => 'USERNAME_PROMPT') || "Username"; +$unameprompt =~ s/:$//; + my @rows = ( $q->TR( $q->th("Date/Time") . - $q->th("UBIT Name") . + $q->th($unameprompt) . $q->th("IP Address") . $q->th("Mac Address") . #$q->th("Severity") . @@ -327,10 +330,11 @@ my $lres = $dbh->selectall_arrayref($query); if(!defined($lres)) { - return ("failed to retrieve local results: ". $dbh->errstr, -1); + print $q->p({-class => 'error'}, "Failed to retrieve local results: ". $dbh->errstr); + return ([], 0, "failed to retrieve local results: ". $dbh->errstr, -1); } - my $count = $#{$lres}; + my $count = $#{$lres} > -1 ? $#{$lres} : 0; my $link = "audit.mhtml?ip=$ip&mac=$mac&uid=$uid&type=$type&message=$message&search=Search&start="; my $prev_link = $link . ($start-$limit); @@ -347,6 +351,7 @@ } my @results = @$lres; + my $rcount = 0; use Sys::Hostname; foreach my $npserv (keys %hosts) { @@ -356,6 +361,7 @@ $np->cfg->dbUsername, $np->cfg->dbPassword); if ($rdbh) { my $rres = $rdbh->selectall_arrayref($query); + $rcount += ($#{$rres}+1); if (ref($rres) eq "ARRAY") { push @results, @$rres; } else { @@ -366,8 +372,7 @@ print $q->p({-class => 'error'}, "Failed to connect to database on $npserv"); } } - - return (\@results, $count, $result_set, $next_link, $prev_link); + return (\@results, $count || $rcount, $result_set, $next_link, $prev_link); } </%perl> |
From: jeff m. <jef...@us...> - 2006-03-16 21:27:57
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv7108/bin Modified Files: interfacecfg.pl portinfo.pl Log Message: bug fixes, bug#1451624 bug#1451626 bug#1451625 Index: interfacecfg.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/interfacecfg.pl,v retrieving revision 1.12 retrieving revision 1.13 diff -u -d -r1.12 -r1.13 --- interfacecfg.pl 4 Aug 2005 06:45:24 -0000 1.12 +++ interfacecfg.pl 16 Mar 2006 21:27:51 -0000 1.13 @@ -76,7 +76,7 @@ my $ROUTE = "/sbin/route"; my $HARESOURCES = "/etc/ha.d/haresources"; -getopts('U:d:r:c:h', \%opts); +getopts('DU:d:r:c:h', \%opts); pod2usage(2) if ($opts{'h'}); Index: portinfo.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/portinfo.pl,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- portinfo.pl 7 Feb 2006 19:58:13 -0000 1.6 +++ portinfo.pl 16 Mar 2006 21:27:51 -0000 1.7 @@ -47,8 +47,8 @@ use strict; use Getopt::Std; -#use lib '/u1/project/netpass/NetPass-2/lib'; -use lib '/opt/netpass/lib'; +use lib '/u1/project/netpass/NetPass-2/lib'; +#use lib '/opt/netpass/lib'; use FileHandle; use Pod::Usage; |
From: jeff m. <jef...@us...> - 2006-03-16 21:27:56
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin/reports In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv7108/www/htdocs/Admin/reports Modified Files: byclient.mhtml Log Message: bug fixes, bug#1451624 bug#1451626 bug#1451625 Index: byclient.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/reports/byclient.mhtml,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- byclient.mhtml 7 Feb 2006 19:54:33 -0000 1.8 +++ byclient.mhtml 16 Mar 2006 21:27:51 -0000 1.9 @@ -214,6 +214,8 @@ my $mi = shift; my $nk = keys %$mi; + my $unameprompt = $np->cfg->policy(-key => 'USERNAME_PROMPT') || "Username"; + $unameprompt =~ s/:$//; if ($nk > -1) { my @rows = (); @@ -221,7 +223,7 @@ push @rows, $q->TR( $q->th("Mac Address") . $q->th("Status"), - $q->th("UBIT Name") . + $q->th($unameprompt) . $q->th("IP Address") . $q->th("OS") . $q->th("Switch"), |