netpass-devel Mailing List for NetPass (Page 18)
Brought to you by:
jeffmurphy
Menu
▾
▴
netpass-devel — Developer Discussion
You can subscribe to this list here.
| 2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2005 |
Jan
|
Feb
|
Mar
|
Apr
(39) |
May
(103) |
Jun
(89) |
Jul
(22) |
Aug
(100) |
Sep
(21) |
Oct
(5) |
Nov
|
Dec
(7) |
| 2006 |
Jan
(25) |
Feb
(8) |
Mar
(12) |
Apr
(2) |
May
|
Jun
(1) |
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(4) |
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(3) |
Sep
(1) |
Oct
|
Nov
|
Dec
|
|
From: Matt <mt...@us...> - 2005-04-27 20:36:57
|
Update of /cvsroot/netpass/NetPass/install.d/init.d In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv9767 Modified Files: mysqld Log Message: Index: mysqld =================================================================== RCS file: /cvsroot/netpass/NetPass/install.d/init.d/mysqld,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -r1.1 -r1.2 --- mysqld 20 Apr 2005 15:15:52 -0000 1.1 +++ mysqld 27 Apr 2005 20:36:48 -0000 1.2 @@ -23,7 +23,6 @@ start(){ # startup mysql cluster stuff cd /var/lib/mysql-cluster - /usr/local/mysql/bin/ndb_mgmd /usr/local/mysql/bin/ndbd touch /var/log/mysqld.log @@ -73,6 +72,8 @@ fi [ $ret -eq 0 ] && rm -f /var/lock/subsys/mysqld [ $ret -eq 0 ] && rm -f $datadir/mysql.sock + + killproc ndbd return $ret } |
|
From: jeff m. <jef...@us...> - 2005-04-27 03:54:21
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26183/www/htdocs/Admin Modified Files: gencfg.mhtml greset.mhtml index.mhtml lockcfg.mhtml mr.mhtml qc.mhtml urlfilter.mhtml Log Message: working thru forms, making sure per-network admin functionality is implemented Index: lockcfg.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/lockcfg.mhtml,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- lockcfg.mhtml 25 Apr 2005 19:15:03 -0000 1.2 +++ lockcfg.mhtml 27 Apr 2005 03:54:07 -0000 1.3 @@ -28,7 +28,7 @@ -user => $m->session->{'username'}); if ($rv) { # fail - print "NOK lock $rv\n"; + print "NOK lock force err=$rv\n"; } else { # success print "OK lock\n"; @@ -45,7 +45,7 @@ } elsif ($lstat) { # an error occurred - print "NOK lock $lstat\n"; + print "NOK lock isConfigLockedErr $lstat\n"; } else { # config is not locked, lock it @@ -54,7 +54,7 @@ -user => $m->session->{'username'}); if ($rv) { # fail - print "NOK lock $rv\n"; + print "NOK lock err=$rv\n"; } else { # success print "OK lock\n"; Index: mr.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/mr.mhtml,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- mr.mhtml 24 Apr 2005 03:42:03 -0000 1.7 +++ mr.mhtml 27 Apr 2005 03:54:07 -0000 1.8 @@ -26,25 +26,31 @@ Fill in <B>all</B> of the fields. -In the event that someone is <code>multi_mac</code> quarantined (e.g. due to linksys) or +In the event that someone is <code>multi_mac</code> quarantined (e.g. due to using a mini-switch) or for any other reasonable circumstances, you can: <ol> -<li> determine the mac/ip that needs to be registered -<LI> enter those (along with the end users username) into the manual -registration page -<LI> click 'register'. the record will be entered with a default status of -quarantined. -<LI> click 'quar control' (left side) -<LI> search for the record you just made and change its status to -something reasonable (e.g. unquar or punquar) +<li> Determine the mac/ip that needs to be registered, +<LI> Enter those (along with the end user's username) into the manual +registration page, +<LI> Click 'Register'. The record will be entered with a default status of +quarantined, +<LI> Click 'Quar Control' (left side), +<LI> Search for the record you just made and change its status to +something reasonable (e.g. UNQUAR or PUNQUAR). </ol> <%perl> -if (! $m->comp('/Admin/MemberOf', 'group' => [ 'Admin', 'QuarAdmin' ]) ) { - print $q->p({-class=>'error'}, "Sorry, permission denied.<BR>(You must be an Admin or in the QuarAdmin group)"); + +my @rwGroups = ('Admin', 'QuarAdmin'); + +my ($isRW, $rwGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @rwGroups ]); +my ($isRoot, $junk) = $m->comp('/Admin/MemberOf', 'acl' => [ 'Admin' ], 'group' => 'default'); + +if (! $isRW ) { + print $q->p({-class=>'error'}, "Sorry, you don't have access to this form.<P>"); return; } @@ -77,8 +83,7 @@ $q->textfield( -name => "mac", -value => $mac, - -filter => '/^\w{2}:{0,1}\w{2}:{0,1}\w{2}:{0,1}\w{2}:{ -0,1}\w{2}:{0,1}\w{2}$/', + -filter => '/^\w{2}:{0,1}\w{2}:{0,1}\w{2}:{0,1}\w{2}:{0,1}\w{2}:{0,1}\w{2}$/', -error => 'Please format the MAC Address in the forma t specified.' ). @@ -113,10 +118,29 @@ return if(!$register); if ($register) { - my $err = saveReg($np->db->{'dbh'}, NetPass::padMac($mac), $ip, $uid); + # enforce IP address restrictions + + my $nw = $np->cfg->getMatchingNetwork(-ip => $ip); + my $err = ''; + + if (!defined($nw) || ($nw eq "none")) { + $err = "The network ($nw) that the address ($ip) is a part of, is not managed by NetPass."; + } + + if ( ! $isRoot ) { + my $netgroup = $np->cfg->getNetgroup($nw); + if ( !grep(/^$nw$/, @$rwGroups) && !grep(/^$netgroup$/, @$rwGroups) ) { + $err = "You don't have permission to register an IP address on the $nw network."; + } + } + + $err = saveReg($np->db->{'dbh'}, NetPass::padMac($mac), $ip, $uid) if ($err eq ""); + + $err = "This MAC address (".NetPass::padMac($mac).") is already registered." + if ($err =~ /duplicate/i); + if ($err ne "") { print $q->p({-class => "error"}, $err); - print "Anything that mentions 'duplicate entry' means that this mac address is already registered.<P>\n"; } else { </%perl> Registration successful for <PRE><%$uid%> <%$mac%> <%$ip%></PRE> Index: index.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/index.mhtml,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- index.mhtml 25 Apr 2005 05:52:26 -0000 1.7 +++ index.mhtml 27 Apr 2005 03:54:07 -0000 1.8 @@ -16,7 +16,7 @@ <%perl> my $comma = ""; foreach my $grp (sort keys %{$m->session->{'my_groups'}}) { - print "$grp (".join(', ', @{$m->session->{'my_groups'}->{$grp}}).")$comma "; + print "$grp (".join(', ', sort @{$m->session->{'my_groups'}->{$grp}}).")$comma "; $comma = ","; } } else { Index: qc.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/qc.mhtml,v retrieving revision 1.16 retrieving revision 1.17 diff -u -d -r1.16 -r1.17 --- qc.mhtml 24 Apr 2005 03:42:03 -0000 1.16 +++ qc.mhtml 27 Apr 2005 03:54:08 -0000 1.17 @@ -30,14 +30,19 @@ my $readOnly = "disabled"; my @aclGroups = (); -if (@aclGroups = $m->comp('/Admin/MemberOf', 'acl' => [ @rwGroups ])) { +my ($isRW, $rwGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @rwGroups ]); +my ($isRO, $roGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @roGroups ]); +my ($isRoot, $junk) = $m->comp('/Admin/MemberOf', 'acl' => [ 'Admin' ], 'group' => 'default'); + +if ( $isRW ) { $readOnly = ""; -} elsif (@aclGroups = $m->comp('/Admin/MemberOf', 'acl' => [ @roGroups ])) { +} +elsif ( $isRO ) { $readOnly = "disabled"; -} else { +} +else { print $q->p({-class=>'error'}, - "Sorry, permission denied.<BR>You must be in one of these groups: ", - join(',', @rwGroups, @roGroups)); + "Sorry, you don't have permission to access this form.<P>"); return; } @@ -50,12 +55,18 @@ The "IP Address" field is the address that the client had <I>when they first registered</I>. It is <B>not necessarily</B> the address they have right now. So when quarantining a host, you -should really be searching by MAC Address. To translate a currently assigned IP Address +should really be searching by MAC Address. + +% use Sys::Hostname; +% if (hostname =~ /buffalo\.edu$/) { +To translate a currently assigned IP Address into a MAC address, you can use some of the other tools available until we are able to better integrate them into UB NetPass. <P> These tools might require additional access. If you get an access denied, click on the "Apply for an account" link and apply for a "Network Documentation" account. <P> +%} + <ul> @@ -169,7 +180,7 @@ if($submit) { if ($readOnly eq "") { - my $sqr = saveQuarChanges($np->db->{'dbh'},\%ARGS, $ids); + my $sqr = saveQuarChanges($np->db->{'dbh'}, \%ARGS, $ids, $isRoot, $rwGroups, $roGroups); if ($sqr ne "") { print $q->p({-class=>"error"}, $sqr); } @@ -433,6 +444,10 @@ my $dbh = shift; my $args = shift; my $ids = shift; + my $isRoot = shift; + my $rwGroups = shift; + my $roGroups = shift; + my $D = 0; if(!(ref($ids) =~ /ARRAY/) ) { @@ -510,6 +525,22 @@ print "</UL>\n" if $D; next if ( $m_unc && $s_unc && $u_unc ); + # we're being somewhat trusting here. to be thorough, refetch IP from + # db based on mac + + my $nw = $np->cfg->getMatchingNetwork(-ip => $args->{"ipAddr:$mac"}); + my $netgroup = $np->cfg->getNetgroup($nw); + + if ($nw eq "none") { + print qq{<p class='error'>Update failed for $mac because it's network is unknown to NetPass.</P>}; + next; + } + + if ( !$isRoot && !grep(/^$nw$/, @$rwGroups) && !grep(/^$netgroup$/, @$rwGroups) ) { + print qq{<P class='error'>Update failed for $mac because you don't have the proper permissions for it's network ($nw)</P>}; + next; + } + if($D) { print "<PRE>[debugging output - ignore this]\n"; print "mac ".$mac."\n"; @@ -545,7 +576,8 @@ } else { push @params, $args->{"message:$mac"}; $resultsRV = $np->db->addResult(-mac => $mac, -type => 'manual', - -id => $args->{"message:$mac"}); + -force => 1, + -id => $args->{"message:$mac"}); } } @@ -610,20 +642,20 @@ if($rv) { $rv = ""; my $ipAddr = $args->{"ipAddr:$mac"}; - print qq{Database update succeeded for mac address "$mac" ($ipAddr)<P>}; + print qq{<P class='error'>Database update succeeded for mac address "$mac" ($ipAddr)</P>}; _log("DEBUG", "$mac $ipAddr record updated.\n"); my ($sw, $po, $m2p, $p2m) = $np->findOurSwitchPort($mac, $ipAddr); if (!defined($sw) || !defined($po)) { - $rv = "not found on network. port reset failed."; + $rv = "not found on network. Port reset failed."; _log("DEBUG", "$mac $ipAddr $rv\n"); $np->db->audit(-mac => $mac, -ip => $args->{'ip'}, -user => $m->session->{'username'}, -msg => [ "QC: $rv " ]); - $rv = qq{mac address "$mac" $rv}; + $rv = qq{MAC address "$mac" $rv}; } else { _log("DEBUG", "$mac $ipAddr found. quarantining $sw $po\n"); if (! $np->db->requestMovePort(-switch => $sw, Index: gencfg.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/gencfg.mhtml,v retrieving revision 1.9 retrieving revision 1.10 diff -u -d -r1.9 -r1.10 --- gencfg.mhtml 25 Apr 2005 02:52:48 -0000 1.9 +++ gencfg.mhtml 27 Apr 2005 03:54:07 -0000 1.10 @@ -5,6 +5,16 @@ # (c) 2004 University at Buffalo. # Available under the "Artistic License" # http://www.gnu.org/licenses/license-list.html#ArtisticLicense + +NAME + + General Configuration + +PERMISSIONS + + RO: NONE + RW: Must be member of default/Admin + </%doc> <%args> Index: greset.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/greset.mhtml,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- greset.mhtml 12 Apr 2005 16:17:28 -0000 1.2 +++ greset.mhtml 27 Apr 2005 03:54:07 -0000 1.3 @@ -39,20 +39,22 @@ <%perl> -if (! $m->comp('/Admin/MemberOf', 'group' => [ 'Admin' ]) ) { - print $q->p({-class=>'error'}, "Sorry, permission denied.<BR>(You must be an Admin)"); +my ($isRoot, $junk) = $m->comp('/Admin/MemberOf', 'acl' => [ 'Admin' ], 'group' => 'default'); + +if (! $isRoot ) { + print $q->p({-class=>'error'}, "Sorry, you don't have access to this form.<P>"); return; } if ($ARGS{'quarantineall'}) { $np->db->reqAppAction('quarall', 'start', ''); - $np->db->audit( -user => $m->session->{'logged_in'}, + $np->db->audit( -user => $m->session->{'username'}, -severity => "ALERT", -msg => [ "Activated Quarantine All Global Reset" ]); } elsif ($ARGS{'unquarantineall'}) { $np->db->reqAppAction('unquarall', 'start', ''); - $np->db->audit( -user => $m->session->{'logged_in'}, + $np->db->audit( -user => $m->session->{'username'}, -severity => "ALERT", -msg => [ "Activated Unquarantine All Global Reset" ]); } Index: urlfilter.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/urlfilter.mhtml,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -r1.1 -r1.2 --- urlfilter.mhtml 21 Apr 2005 16:33:01 -0000 1.1 +++ urlfilter.mhtml 27 Apr 2005 03:54:08 -0000 1.2 @@ -5,217 +5,31 @@ # Available under the "Artistic License" # http://www.gnu.org/licenses/license-list.html#ArtisticLicense -</%doc> +NAME + + URL Filter (SquidGuard Config) +PERMISSIONS + + RO: */Reports + RW: */Admin */ScanAdmin + +</%doc> <%args> </%args> - <script><!-- -setWhereAmI('Squid Config'); - -function deleteEntry (item, index) { - item.options[index] = null; -} - -function addEntry (item, text) { - var val = text.value - if (val != "") { - var opt = new Option(val, val) - item.options[item.options.length] = opt - text.value = ""; - } -} - -function gatherList(item, variable) { - var str = "" - - for (var i = 0; i < item.options.length; i++) { - str += "|"+item[i].value - } - variable.value = str - return true -} - +setWhereAmI('URL Filter'); --> </script> - <%perl> -use FileHandle; - -my $npcfg = $np->cfg(); -my $squidbasedir = $npcfg->{'cfg'}->obj('squid')->value('BASE_DIR'); - -my $SQUIDCONFFILE = "$squidbasedir/SquidGuard.conf"; -my $ALLOWEDURLS = "$squidbasedir/allowed_urls"; -my $ALLOWEDDOMAINS = "$squidbasedir/allowed_domains"; - -if ($ARGS{'action'}) { - writeConf($SQUIDCONFFILE, $ALLOWEDURLS, $ALLOWEDDOMAINS, \%ARGS); - $np->db->reqAppAction('squid', 'restart', '') -} - -my $data = readConf($SQUIDCONFFILE, $ALLOWEDURLS, $ALLOWEDDOMAINS); - -if (! $m->comp('/Admin/MemberOf', 'group' => [ 'Admin' ]) ) { - print $q->p({-class=>'error'}, "Sorry, permission denied.<BR>(You must be an Admin)"); - return; -} - -print $q->start_form(-name => 'form', -method => "POST"); -print "<h2>SquidGuard Configuration</h2>"; -print "<TABLE CLASS='gray' CELLSPACING=2 CELLPADDING=2 WIDTH=400 BORDER=0>"; -print "<TR><TH COLSPAN=2>Allowed Urls</TH>"; -print "<TH COLSPAN=2>Allowed Domains</TH></TR>"; - -print "<TR><TD CLASS='gray' ROWSPAN=6>"; -print $q->textfield ( - -name => 'newurl', - -size => '30', - ); -print $q->scrolling_list ( - -name => 'allowedurls', - -values => [sort @{$data->{allowed_urls}}], - -size => 9, - -style => 'width:223px;' - ); -print "</TD><TD CLASS='gray'>"; -print $q->button ( - -name => 'addurl', - -value => 'Add', - -onClick => "addEntry(document.form.allowedurls, - document.form.newurl); - return false;", - ); -print "</TD><TD ROWSPAN=6 CLASS='gray'>"; -print $q->textfield ( - -name => 'newdomain', - -size => '30', - ); -print "<BR>"; -print $q->scrolling_list ( - -name => 'alloweddomains', - -values => [sort @{$data->{allowed_domains}}], - -size => 9, - -style => 'width:223px;' - ); -print "</TD><TD CLASS='gray'>"; -print $q->button ( - -name => 'adddom', - -value => 'Add', - -onClick => "addEntry(document.form.alloweddomains, - document.form.newdomain); - return false;", - ); -print "</TD></TR>"; -print "<TR><TD CLASS='gray'> </TD><TD CLASS='gray'> </TD></TR>"; -print "<TR><TD CLASS='gray'> </TD><TD CLASS='gray'> </TD></TR>"; -print "<TR><TD CLASS='gray'> </TD><TD CLASS='gray'> </TD></TR>"; -print "<TR><TD CLASS='gray'> </TD><TD CLASS='gray'> </TD></TR>"; -print "<TR><TD CLASS='gray'>"; -print $q->button ( - -name => 'delurl', - -value => 'Del', - -onClick => "deleteEntry(document.form.allowedurls, - document.form.allowedurls.selectedIndex); - return false;", - ); -print "</TD><TD CLASS='gray'>"; -print $q->button ( - -name => 'deldom', - -value => 'Del', - -onClick => "deleteEntry(document.form.alloweddomains, - document.form.alloweddomains.selectedIndex); - return false;", - ); -print "</TD></TR><TR><TD CLASS='gray' COLSPAN=4> </TD></TR>"; -print "<TR><TD CLASS='gray' COLSPAN=4><B>Redirect</B><BR>"; -print $q->textfield ( - -name => 'redirect', - -value => $data->{redirect}, - -size => '40', - ); -print "</TD></TR>"; -print "</TABLE>"; -print "<input TYPE=\"hidden\" NAME=\"listad\" VALUE=\"$ARGS{'listad'}\">"; -print "<input TYPE=\"hidden\" NAME=\"listau\" VALUE=\"$ARGS{'listau'}\">"; -print $q->submit( - -name => 'action', - -value => 'Commit Changes', - -onClick => "return ( - gatherList(document.form.allowedurls, - document.form.listau) && - gatherList(document.form.alloweddomains, - document.form.listad));" - ); -print $q->end_form(); - -sub writeConf { - - use File::Copy; - - my($cf, $au, $ad, $args) = @_; - - my $AD = new FileHandle; - my $AU = new FileHandle; - my $CF = new FileHandle; - my @t; - - $AU->open("> $au"); - foreach (split(/\|/, $args->{'listau'})) { - next unless (/^\w+\.\w+\.{0,1}\w*\.{0,1}\w*$/); - print $AU $_."\n"; - } - $AU->close; - - $AD->open("> $ad"); - foreach (split(/\|/, $args->{'listad'})) { - next unless (/^\w+\.\w+\.{0,1}\w*\.{0,1}\w*$/); - print $AD $_."\n"; - } - $AD->close; - - $CF->open($cf); - @t = <$CF>; - $CF->close; - - $CF->open("> $cf"); - foreach (@t) { - if (/^\s+redirect\s302\:.+$/) { - print $CF "\tredirect 302:".$args->{'redirect'}."\n"; - next; - } - print $CF $_; - } - $CF->close; -} - -sub readConf { - my($cf, $au, $ad) = @_; - my $data = {}; - - my $AD = new FileHandle; - my $AU = new FileHandle; - my $CF = new FileHandle; - - $AD->open($ad); - while (<$AD>) { chomp; push @{$data->{allowed_domains}}, $_; } - $AD->close; +my ($isRO, $roGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ 'Reports' ]); +my ($isRW, $rwGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ 'Admin', 'ScanAdmin' ]); - $AU->open($au); - while (<$AU>) { chomp; push @{$data->{allowed_urls}}, $_; } - $AU->close; +if ( !$isRO && !$isRW ) { + print qq{<P class='error'>Sorry, you don't have access to this form.</P>}; + return; +} - $CF->open($cf); - while (<$CF>) { - if (/^\s+redirect\s302\:(.+)$/) { - $data->{redirect} = $1; - last; - } - } - $CF->close; - - return $data; -} </%perl> |
|
From: jeff m. <jef...@us...> - 2005-04-27 03:54:21
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin/Editor In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26183/www/htdocs/Admin/Editor Modified Files: edit.mhtml index.mhtml Log Message: working thru forms, making sure per-network admin functionality is implemented Index: edit.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/Editor/edit.mhtml,v retrieving revision 1.3 retrieving revision 1.4 diff -u -d -r1.3 -r1.4 --- edit.mhtml 19 Apr 2005 04:01:24 -0000 1.3 +++ edit.mhtml 27 Apr 2005 03:54:08 -0000 1.4 @@ -25,18 +25,17 @@ my @roGroups = ('Reports'); my $readOnly = "disabled"; -my ($isReadonly, $roGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @roGroups ]); -my ($isAdmin, $rwGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @rwGroups ]); -my $isRoot = $m->comp('/Admin/MemberOf', 'acl' => [ 'Admin' ], 'group' => 'default'); +my ($isRO, $roGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @roGroups ]); +my ($isRW, $rwGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @rwGroups ]); +my ($isRoot, $junk) = $m->comp('/Admin/MemberOf', 'acl' => [ 'Admin' ], 'group' => 'default'); -if ($isAdmin) { +if ($isRW) { $readOnly = ""; -} elsif ($isReadonly) { +} elsif ($isRO) { $readOnly = "disabled"; } else { print $q->p({-class=>'error'}, - "Sorry, permission denied.<BR>You must be in one of these groups: ", - join(',', @rwGroups, @roGroups)); + "Sorry, you don't have access to this form.<P>"); return; } @@ -52,19 +51,10 @@ my $pageList = $np->db->getPageList(); my %allGroups = map { $_ => $_ } @{$pageList->{'group'}}; -if ($submit eq " Save Change ") { - my $rv = $np->db->setPage(-name => $name, -group => $group, -content => $content); - if ($rv) { - print "<P class='error'>Failed to update page: $rv</P>"; - } -} -elsif($submit eq " Save Copy ") { - my $rv = $np->db->setPage(-name => $name, -group => $group, -content => $content, -noupdate => 1); - if ($rv) { - print "<P class='error'>Failed to update page: $rv (did you remember to change the name or group?)</P>"; - } -} +if (! $isRoot) { + %allGroups = map {$_ => $_} (@$rwGroups); +} </%perl> Index: index.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/Editor/index.mhtml,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- index.mhtml 19 Apr 2005 04:01:25 -0000 1.4 +++ index.mhtml 27 Apr 2005 03:54:08 -0000 1.5 @@ -9,7 +9,6 @@ <%args> $name => ''; -$network => ''; $ta => ''; $search => ''; $group => ''; @@ -29,18 +28,20 @@ my @roGroups = ('Reports'); my $readOnly = "disabled"; -my ($isReadonly, $roGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @roGroups ]); -my ($isAdmin, $rwGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @rwGroups ]); -my $isRoot = $m->comp('/Admin/MemberOf', 'acl' => [ 'Admin' ], 'group' => 'default'); +my ($isRO, $roGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @roGroups ]); +my ($isRW, $rwGroups) = $m->comp('/Admin/MemberOf', 'acl' => [ @rwGroups ]); +my ($isRoot, $junk) = $m->comp('/Admin/MemberOf', 'acl' => [ 'Admin' ], 'group' => 'default'); +my ($allMyRO, $allMyRW); +($junk, $allMyRO) = $m->comp('/Admin/MemberOf', 'acl' => [ @roGroups ]); +($junk, $allMyRW) = $m->comp('/Admin/MemberOf', 'acl' => [ @rwGroups ]); -if ($isAdmin) { +if ($isRW) { $readOnly = ""; -} elsif ($isReadonly) { +} elsif ($isRO) { $readOnly = "disabled"; } else { print $q->p({-class=>'error'}, - "Sorry, permission denied.<BR>You must be in one of these groups: ", - join(',', @rwGroups, @roGroups)); + "Sorry, you don't have access to this form.<P>"); return; } @@ -50,15 +51,29 @@ my %allGroups = map { $_ => $_ } @{$pageList->{'group'}}; -# XXX if you are !default->Admin then strip out groups that you dont -# belong too if (! $isRoot) { - foreach my $grp (@$roGroups, @$rwGroups) { - print "Strip group: $grp<BR>"; - } + # 'default' is added so you can at least see the default + # messages (assuming you dont have any default perms). + # we won't allow you to edit them tho. + + %allGroups = map {$_ => $_} ('default', @$allMyRO, @$allMyRW); } +print "You have permission to <B>edit</B> the messages in the following groups: ", join(', ', @$allMyRW), "<BR>" + if ($#{$allMyRW} > -1); + +print "You have permission to <B>view</B> the messages in the following groups: "; + +if ($#{$allMyRO} > -1) { + print join(', ', @$allMyRO); + print ", default" if (grep !/^default$/, @$allMyRO); + print "<BR>"; +} else { + print "default<BR>"; +} + + print $q->table({-border=>0, -width=>600}, $q->TR($q->td({-colspan=>2, -align=>"right"}, @@ -101,138 +116,86 @@ return if(!$submit && !$search); if($submit) { - if ($readOnly eq "") { - savePage($dbh, $name, $ta); - print $q->p("Your changes have been saved..."); - } else { - # this really shouldnt happen. we dont give them a submit button - $np->db->audit( -user => $m->session->{'username'}, - -severity => "ALERT", - -msg => [ "tried to change a Message but is ReadOnly" ]); - - } -} - -my ($results, $count) = getMessages($dbh, $name, $group); - -if($count<0) { - print ("<P class='error'>Sorry, there was an error while processing your request!</P>"); -} - -print $q->h4("Your search returned $count result(s)"); - -if($count==0) { - print $q->p("You may want to re-define your search to be less strict."); - return; + my $rv = savePage($allMyRW, $name, $group, $ta, ($submit eq " Save Copy ")); + print $q->p({-class=>'error'}, $rv); } -my @rows = (); - -push(@rows, $q->TR( - $q->th("Name") . - $q->th("Edit") - ) -); - -my $class = ""; - -while (my $row = $results->fetchrow_hashref() ) { - - $class = ($class eq "")?"gray":""; - - my $href = "edit.mhtml?name=" . $row->{name}."&group=".$row->{'network'}; - if ($readOnly eq "disabled") { - $href = "view.mhtml?name=" . $row->{name}."&group=".$row->{'network'}; - } - - my $delLink = ""; +my $pl = $np->db->getPageList(-name => $name, -group => $group); +if (ref($pl) ne "HASH") { + print ("<P class='error'>Sorry, there was an error while processing your request ($pl).</P>"); +} else { + my $count = $#{$pl->{'name'}} + 1; + my $class = ""; - #if ($readOnly eq "") { - # $delLink = $q->td(({-align=>'center'}, $q->submit(-name => 'submit', -value => 'Delete'))); - #} +</%perl> + <h4>Your search returned <%$count%> result(s)</h4> +% if ($count) { - push( @rows, $q->TR( {-class=> $class }, - $q->td({-align=>'center'}, $row->{name}) . - $q->td({-align=>'center'}, $q->a({-href=>$href}, - ($readOnly eq "")?"[ edit ]":"[ view ]" - )) - ) . "\n"); -} + <table> + <tr><th>Name</th><th>Group</th><th colspan=3>Operation</th></tr> -$results->finish(); +% for(my $row = 0 ; $row <= $#{$pl->{'name'}} ; $row++) { +% $class = ($class eq "")?"gray":""; +% my $rwHref = "edit.mhtml?name=" . $pl->{'name'}->[$row]."&group=".$pl->{'group'}->[$row]; +% my $roHref = "view.mhtml?name=" . $pl->{'name'}->[$row]."&group=".$pl->{'group'}->[$row]; +% my $delLink = ""; -print $q->table({-width=>'80%'}, @rows); -print $q->end_form(); + <tr class="<%$class%>"> + <td width='50%'><%$pl->{'name'}->[$row]%></td> + <td width='25%'><%$pl->{'group'}->[$row]%></td> +% if (grep /^$pl->{'group'}->[$row]$/, @$rwGroups) { + <td width='8%'><a href="<%$rwHref%>">[ edit ]</a></td> + <td width='8%'><a href="">[ del ]</a></td> +% } else { + <td width='8%'> </td> + <td width='8%'> </td> +% } + <td width='8%'><a href="<%$roHref%>">[ view ]</a></td> + </tr> +% } + </table> +% } +%} -print $q->p(); +</form> +<P> +<%perl> return; -####################### +sub savePage { + my $rw = shift; + my $name = shift; + my $group = shift; + my $content = shift; + my $noupdate = shift; -sub getMessages { - my $dbh = shift; - my $name = shift; - my $group = shift; + # enforce permissions - my @clause = (); - my @params = (); + if (grep /^$group$/, @$rw) { - if($name) { - push(@clause, "name LIKE ?"); - push(@params, "%$name%"); - } + $np->db->audit( + -user => $m->session->{'username'}, + -msg => [ "MessageEdit: $name ($group) editted" ]); - if($group) { - push(@clause, "network = ?"); - push(@params, $group); - } + my $rv = $np->db->setPage(-name => $name, -group => $group, + -content => $content, -noupdate => $noupdate); - my $query = "SELECT name, network FROM pages"; - - if($#clause>-1) { - $query .= " WHERE " . join(" AND ", @clause) + if ($rv =~ /duplicate/i) { + return "Save failed. Duplicate entry. Did you use 'Save Copy' but forget to change the name?"; + } + return $rv if ($rv); # error + return "Page saved."; } - $query .= " ORDER BY name LIMIT 150"; - - my $sth = $dbh->prepare($query); - - if(!defined($sth)) { - return ("prepare failed: ". $dbh->errstr, -1); - } - - if( !$sth->execute(@params) ) { - return ("execute failed: ". $dbh->errstr, -1); - } - - my $count = $sth->rows; + # else you dont have permission - return ($sth, $count); + $np->db->audit( -user => $m->session->{'username'}, -severity => "ALERT", + -msg => [ "tried to edit $name ($group) but doesnt have permission to do so" ]); + return "You dont have the appropriate permissions to edit this message."; } -sub savePage { - my $dbh = shift; - my $name = shift; - my $content = shift; - - $np->db->audit( - -user => $m->session->{'logged_in'}, - -msg => [ "MessageEdit: $name editted" ]); - - my $ins_query = "INSERT IGNORE INTO pages (content, name) values (?,?)"; - my $upd_query = "UPDATE pages SET content=? WHERE name = ?"; - - my $ins_sth = $dbh->prepare($ins_query); - my $upd_sth = $dbh->prepare($upd_query); - - $ins_sth->execute($content, $name); - $ins_sth->finish; - $upd_sth->execute($content, $name); - $upd_sth->finish; - -} </%perl> |
|
From: jeff m. <jef...@us...> - 2005-04-27 03:54:20
|
Update of /cvsroot/netpass/NetPass/install.d In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26183/install.d Modified Files: tables.sql Log Message: working thru forms, making sure per-network admin functionality is implemented Index: tables.sql =================================================================== RCS file: /cvsroot/netpass/NetPass/install.d/tables.sql,v retrieving revision 1.13 retrieving revision 1.14 diff -u -d -r1.13 -r1.14 --- tables.sql 20 Apr 2005 18:32:33 -0000 1.13 +++ tables.sql 27 Apr 2005 03:54:06 -0000 1.14 @@ -45,20 +45,6 @@ PRIMARY KEY (username) ) TYPE=NDBCLUSTER; -create table networkAdmins ( - username varchar(128) not null, - netId integer not null, - index (username, netid) -) TYPE=NDBCLUSTER; - -create table networks ( - id integer unsigned not null auto_increment, - network integer not null, - netmask integer not null, - name varchar(128) not null, - index unique (name) -) TYPE=NDBCLUSTER; - reate table config ( rev integer unsigned not null auto_increment, dt datetime not null, @@ -83,7 +69,6 @@ network VARCHAR(128) NOT NULL default 'default', name VARCHAR(128) NOT NULL, content TEXT, - PRIMARY KEY(name), UNIQUE INDEX (name, network) ) TYPE=NDBCLUSTER; @@ -198,14 +183,51 @@ INDEX(proc) ) TYPE=NDBCLUSTER; -# for Apache::Session +CREATE TABLE urlFilters ( + url varchar(254) not null, + dst varchar(254), + network varchar(128) not null, + action enum('permit', 'soft-redirect', 'hard-redirect', 'block') not null, + unique index (url, network) +); -use sessions; -CREATE TABLE `sessions` ( - `id` varchar(64) NOT NULL, - `length` int(11) default NULL, - `a_session` text, - PRIMARY KEY (id) -) TYPE=NDBCLUSTER; +insert into urlFilters values ('itpolicies\.buffalo\.edu', NULL, 'default', 'permit'); +insert into urlFilters values ('netpass\.buffalo\.edu', NULL, 'default', 'permit'); +insert into urlFilters values ('cert\.org', NULL, 'default', 'permit'); +insert into urlFilters values ('download\.microsoft\.com', NULL, 'default', 'permit'); +insert into urlFilters values ('lavasoftusa\.com', NULL, 'default', 'permit'); +insert into urlFilters values ('microsoft\.com', NULL, 'default', 'permit'); +insert into urlFilters values ('protect\.microsoft\.com', NULL, 'default', 'permit'); +insert into urlFilters values ('redhat\.com', NULL, 'default', 'permit'); +insert into urlFilters values ('securityresponse\.symantec\.com', NULL, 'default', 'permit'); +insert into urlFilters values ('service1\.symantec\.com', NULL, 'default', 'permit'); +insert into urlFilters values ('support\.microsoft\.com', NULL, 'default', 'permit'); +insert into urlFilters values ('swquery\.apple\.com', NULL, 'default', 'permit'); +insert into urlFilters values ('swscan\.apple\.com', NULL, 'default', 'permit'); +insert into urlFilters values ('symantecliveupdate\.com', NULL, 'default', 'permit'); +insert into urlFilters values ('us\.mcafee\.com', NULL, 'default', 'permit'); +insert into urlFilters values ('vil\.nai\.com', NULL, 'default', 'permit'); +insert into urlFilters values ('windows\.com', NULL, 'default', 'permit'); +insert into urlFilters values ('windowsupdate\.com', NULL, 'default', 'permit'); +insert into urlFilters values ('windowsupdate\.microsoft\.com', NULL, 'default', 'permit'); +insert into urlFilters values ('wings\.buffalo\.edu', NULL, 'default', 'permit'); +insert into urlFilters values ('www\.microsoft\.com', NULL, 'default', 'permit'); +insert into urlFilters values ('www\.sans\.org', NULL, 'default', 'permit'); +insert into urlFilters values ('www\.sophos\.com', NULL, 'default', 'permit'); + +insert into urlFilters values ('command\.weatherbug\.com', NULL, 'default', 'block'); +insert into urlFilters values ('isapi60\.weatherbug\.com', NULL, 'default', 'block'); +insert into urlFilters values ('wisapidata\.weatherbug\.com', NULL, 'default', 'block'); +insert into urlFilters values ('config\.180solutions\.com', NULL, 'default', 'block'); +insert into urlFilters values ('ping\.180solutions\.com', NULL, 'default', 'block'); +insert into urlFilters values ('desktop3\.weather\.com', NULL, 'default', 'block'); +insert into urlFilters values ('image\.weather\.com', NULL, 'default', 'block'); +insert into urlFilters values ('www\.statblaster\.com/updatestats', NULL, 'default', 'block'); +insert into urlFilters values ('www\.mydailyhoroscope\.net/mdh/AdResponse\.aspx', NULL, 'default','block'); +insert into urlFilters values ('204\.177\.92\.204/w/getclientid', NULL, 'default', 'block'); +insert into urlFilters values ('client\.warez\.com/data/gcache\.php', NULL, 'default', 'block'); +insert into urlFilters values ('http://sports\.espn\.go\.com/espn/espnmotion/ESPNMotionXMLv4', NULL, 'default', 'block'); + +insert into urlFilters values ('DEFAULT', 'http://npvip-d.cit.buffalo.edu/?url=%u', 'default', 'hard-redirect'); |
|
From: jeff m. <jef...@us...> - 2005-04-27 03:54:20
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26183/bin Modified Files: macscan.pl portmover.pl Added Files: npurlfilter.pl Log Message: working thru forms, making sure per-network admin functionality is implemented Index: macscan.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/macscan.pl,v retrieving revision 1.9 retrieving revision 1.10 diff -u -d -r1.9 -r1.10 --- macscan.pl 24 Apr 2005 03:42:02 -0000 1.9 +++ macscan.pl 27 Apr 2005 03:54:06 -0000 1.10 @@ -153,7 +153,7 @@ my $allSwitches = $np->cfg->getSwitches(); -# we devide the switches up into groups of "$ps" +# we divide the switches up into groups of "$ps" # and give each group out to a thread for periodic # polling --- NEW FILE: npurlfilter.pl --- #!/opt/perl/bin/perl -w # # $Header: /cvsroot/netpass/NetPass/bin/npurlfilter.pl,v 1.1 2005/04/27 03:54:06 jeffmurphy Exp $ # (c) 2004 University at Buffalo. # Available under the "Artistic License" # http://www.gnu.org/licenses/license-list.html#ArtisticLicense =head1 NAME npurlfilter.pl - Squid plugin for filtering/redirecting URLs =head1 SYNOPSIS npurlfilter.pl [-D] [-c cstr] [-U dbuser/dbpass] [-t secs] -D enable debugging -c db connect string -U db user[/pass] -t secs how often to re-read url list from DB (default 3600 seconds) =head1 OPTIONS =over 8 =item B<-D> Enable debugging output. Debugging output is sent to the _log() since Squid reads from STDOUT, we can't send it there. =item B<-c cstr> Connect to alternate database. =item B<-U user/pass> Credentials to connect to the database with. =item B<-t secs> How often do we refresh the URL list from the DB. Default: 3600 seconds. =back =head1 DESCRIPTION This program is run via Squid's "redirect_program" directive. It reads URLs from STDIN and sends URLs (via STDOUT) back to Squid. For most URLs, we send back a redirect to the NetPass server's URL. Some URLs (configurable via the NetPass adminstrative interface) are permitted through without redirection. The URL list is re-read from the database once per hour unless "-t" is specified. You can also connect to Squid and request the URL http://netpass-reload-urlfilter./ to cause an immediate reload. This request must from localhost (127.0.0.1) or it is ignored. =head1 AUTHOR Jeff Murphy <jcm...@bu...> $Id: npurlfilter.pl,v 1.1 2005/04/27 03:54:06 jeffmurphy Exp $ =cut use strict; use Getopt::Std; use lib '/opt/netpass/lib/'; use FileHandle; use Pod::Usage; use NetPass::LOG qw(_log _cont); require NetPass; my %opts : shared; getopts('c:U:t:Dh?', \%opts); pod2usage(2) if exists $opts{'h'} || exists $opts{'?'}; $| = 1; my $D = exists $opts{'D'} ? 1 : 0; my $rlt = exists $opts{'t'} ? $opts{'t'} : 3600; # reload time NetPass::LOG::init [ 'npurlfilter', 'local0' ]; my $dbuser; my $dbpass; ($dbuser, $dbpass) = exists $opts{'U'} ? split('/', $opts{'U'}) : (undef, undef); my $cstr = exists $opts{'c'} ? $opts{'c'} : undef; my $np = new NetPass(-cstr => $cstr, -dbuser => $dbuser, -dbpass => $dbpass, -debug => exists $opts{'D'} ? 1 : 0, -quiet => exists $opts{'q'} ? 1 : 0); if (ref($np) ne "NetPass") { _log("ERROR", "Failed to connect to NetPass: $np\n"); safeMode(); } my $llt = time(); # last load time my $fl = $np->db->getUrlFilters(); while(my $line = <STDIN>) { if ($llt+$rlt > time()) { $fl = $np->db->getUrlFilters(); } chomp $line; my @p = split(/\s/, $line); my $newurl = $p[0]; study $p[0]; if ($#p == 3) { if ( ($p[0] =~ /^http...netpass-reload-urlfilter/) && ($p[1] =~ /127\.0\.0\.1/) ) { $fl = $np->db->getUrlFilters(); next; } if ($p[0] =~ /$fl->{'permit'}->{'re'}/) { } elsif ($p[0] =~ /$fl->{'soft-redirect'}->{'re'}/) { foreach my $pat (@{$fl->{'soft-redirect'}->{'list'}}) { $newurl = $fl->{'soft-redirect'}->{'hash'}->{$pat}; last; } } elsif ($p[0] =~ /$fl->{'hard-redirect'}->{'re'}/) { foreach my $pat (@{$fl->{'soft-redirect'}->{'list'}}) { $newurl = '302:'.$fl->{'soft-redirect'}->{'hash'}->{$pat}; last; } } elsif ($p[0] =~ /$fl->{'block'}->{'re'}/) { $newurl = '403:'.$p[0]; } } print $newurl; } exit 0; sub safeMode { _log("ERROR", "entering safe-mode\n"); while(<STDIN>) { print; } } Index: portmover.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/portmover.pl,v retrieving revision 1.4 retrieving revision 1.5 diff -u -d -r1.4 -r1.5 --- portmover.pl 12 Apr 2005 15:24:08 -0000 1.4 +++ portmover.pl 27 Apr 2005 03:54:06 -0000 1.5 @@ -133,6 +133,7 @@ if (!defined($ar)) { _log "ERROR", "db error ".$np->db->error."\n"; + next; } foreach my $row (@$ar) { |
|
From: jeff m. <jef...@us...> - 2005-04-27 03:54:19
|
Update of /cvsroot/netpass/NetPass/www/components/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26183/www/components/Admin Modified Files: LockConfig Log Message: working thru forms, making sure per-network admin functionality is implemented Index: LockConfig =================================================================== RCS file: /cvsroot/netpass/NetPass/www/components/Admin/LockConfig,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- LockConfig 25 Apr 2005 19:15:01 -0000 1.2 +++ LockConfig 27 Apr 2005 03:54:07 -0000 1.3 @@ -11,11 +11,45 @@ var b = document.getElementById('lockButton'); if (b) { b.disabled = ''; - b.textContent = "Lock Config"; + b.innerHTML = "Lock Config"; } lockOpPending = false; - var ra = r.split(' '); - alert(ra.length + "/ ra0='" +ra[0]+"'"); + var ra = r.split(/\s/); + + if (ra[0] == "OK") { + // something succeeded + if (ra[1] == "lock") { + // we got the lock, change button to + // green and text to 'unlock' + b.style.backgroundColor = '#77FF77'; + b.innerHTML = 'Config is Locked (by you)<BR>Unlock Config'; + adjust_onClick(b, "return lockConfig(0, 0);"); + } else { + // we got the unlock, button -> yellow + // text -> 'lock' + b.style.backgroundColor = '#FFFF77'; + b.innerHTML = 'Config is Unlocked<BR>Lock Config'; + adjust_onClick(b, "return lockConfig(1, 0);"); + } + } else { + // something failed +//alert(r + " ral:" + ra.length + ' 1:' + ra[0] + ' 2:' + ra[1] + ' 3:' + ra[2]); + + if (ra[1] == "lock") { + // we didnt get the lock, change button to + // red and text to 'force lock' + b.style.backgroundColor = '#FF7777'; + b.innerHTML = 'Config is Locked by '+ra[2]+'<BR>Force Lock Config'; + adjust_onClick(b, "return lockConfig(1, 1);"); + } else { + // we didnt get the unlock, + // button -> red + // text -> 'force unlock' + b.style.backgroundColor = '#FF7777'; + b.innerHTML = 'Config is Locked by '+ra[2]+'<BR>Force Unock Config'; + adjust_onClick(b, "return lockConfig(0, 1);"); + } + } } function lockConfig(lock, force) { @@ -26,13 +60,14 @@ var b = document.getElementById('lockButton'); if (b) { - b.textContent = "Wait ..."; + b.innerHTML = "Wait ..."; + adjust_onClick(b, "return false;"); b.disabled = true; } lockOpPending = true; - xmlhttp.open("GET", "lockcfg.mhtml?printable=2&lock="+lock + - "&force="+force, true); + var url = "lockcfg.mhtml?printable=2&lock="+lock +"&force="+force; + xmlhttp.open("GET", url , true); xmlhttp.onreadystatechange=function() { if (xmlhttp.readyState == 4) { lockConfig_results(xmlhttp.responseText); @@ -46,10 +81,23 @@ var b = document.getElementById('lockButton'); } +function adjust_onClick(obj, fn) { + if (browserType_IE) { + obj.onclick = eval("x=function(e){"+fn+"}"); + } else { + obj.setAttribute('ONCLICK', fn); + } +} + + --> </script> <style> -SPAN.unlockedButton { +DIV.unlockedButton { + text-align: center; + width: 10em; + float: right; + display: block; border: outset 2px black; padding: 2px 5px 2px 5px; background-color: #FFFF77; @@ -57,8 +105,10 @@ } </style> -<span onclick="lockConfig(0,0); return false;" id='lockButton' - class='unlockedButton'>Lock Config</span> +<div onclick="return false;" id='lockButton' + class='unlockedButton'>Thinking ...</div> + +<!--<div class='unlockedButton'>Testing<BR>Foobar</div>--> <%perl> my $lstat = $np->db->isConfigLocked(); @@ -67,8 +117,10 @@ # the config is locked if ($lstat->{'user'} eq $m->session->{'username'}) { # by us, so show the unlock button + print qq{<script>lockConfig_results("OK lock");</script>}; } else { # but not by us, show the force unlock button + print qq{<script>lockConfig_results("NOK lock $lstat->{'user'}");</script>}; } } elsif ($lstat) { @@ -76,5 +128,6 @@ } else { # the config is not locked, show the lock button + print qq{<script>lockConfig_results("OK unlock");</script>}; } </%perl> |
|
From: jeff m. <jef...@us...> - 2005-04-27 03:54:19
|
Update of /cvsroot/netpass/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26183 Modified Files: MANIFEST Log Message: working thru forms, making sure per-network admin functionality is implemented Index: MANIFEST =================================================================== RCS file: /cvsroot/netpass/NetPass/MANIFEST,v retrieving revision 1.29 retrieving revision 1.30 diff -u -d -r1.29 -r1.30 --- MANIFEST 25 Apr 2005 02:52:47 -0000 1.29 +++ MANIFEST 27 Apr 2005 03:54:05 -0000 1.30 @@ -31,6 +31,8 @@ bin/getresults.pl bin/quarantine_host.pl bin/lsconf.pl +bin/rogue-dhcp-detect.pl +bin/npurlfilter.pl doc/cron.monthly/mysql_binlog_rotate doc/logrotate.d/apache doc/logrotate.d/netpass @@ -82,6 +84,7 @@ doc/npsnort.txt doc/netpass-install.sxw etc/netpass-example.conf +etc/oui.txt install.d/logrotate.d/apache install.d/logrotate.d/netpass install.d/logrotate.d/snort |
|
From: jeff m. <jef...@us...> - 2005-04-27 03:54:19
|
Update of /cvsroot/netpass/NetPass/www/components/Client In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26183/www/components/Client Modified Files: Remediate Log Message: working thru forms, making sure per-network admin functionality is implemented Index: Remediate =================================================================== RCS file: /cvsroot/netpass/NetPass/www/components/Client/Remediate,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- Remediate 24 Apr 2005 03:42:03 -0000 1.8 +++ Remediate 27 Apr 2005 03:54:07 -0000 1.9 @@ -89,7 +89,7 @@ print $q->submit(-name=>'submit', -value=>'Re-Scan') . $q->br; } else { $m->session->{'phase'} = 'COMPLETE'; - my $msg = $np->db->getPage(-name => 'msg:remediate_completed_no_recan', + my $msg = $np->db->getPage(-name => 'msg:remediate_completed_no_rescan', -nohtml => 1, -npcfg => $np->cfg, -ip => $ip); if($msg) { |
|
From: jeff m. <jef...@us...> - 2005-04-27 03:54:19
|
Update of /cvsroot/netpass/NetPass/lib/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv26183/lib/NetPass Modified Files: Config.pm DB.pm Log Message: working thru forms, making sure per-network admin functionality is implemented Index: Config.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/Config.pm,v retrieving revision 1.29 retrieving revision 1.30 diff -u -d -r1.29 -r1.30 --- Config.pm 24 Apr 2005 04:54:26 -0000 1.29 +++ Config.pm 27 Apr 2005 03:54:07 -0000 1.30 @@ -1004,6 +1004,9 @@ sub getNetgroup { my $self = shift; my $network = shift; + + return '' if (!defined($network) || ($network eq "none")); + my $nw = $self->getMatchingNetwork(-ip => $network); my $netgroup = ''; Index: DB.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/DB.pm,v retrieving revision 1.34 retrieving revision 1.35 diff -u -d -r1.34 -r1.35 --- DB.pm 25 Apr 2005 19:15:00 -0000 1.34 +++ DB.pm 27 Apr 2005 03:54:07 -0000 1.35 @@ -20,6 +20,11 @@ $self->{'dbh'}->disconnect if defined $self->{'dbh'}; } +sub disconnect { + my $self = shift; + $self->{'dbh'}->disconnect if defined $self->{'dbh'}; +} + sub D { my $self = shift; @@ -498,9 +503,19 @@ $sql .= " WHERE name LIKE ".$self->dbh->quote($name."%"); } if ($group ne "") { - $sql .= " AND network LIKE ".$self->dbh->quote($group."%"); + if ($name ne "") { + $sql .= " AND "; + } else { + $sql .= " WHERE "; + } + if ($group =~ /%/) { + $sql .= " network LIKE ".$self->dbh->quote($group); + } else { + $sql .= " network = ".$self->dbh->quote($group); + } } + $sql .= " ORDER BY name ASC "; $self->reconnect() || return undef; my $ar = $self->dbh->selectall_arrayref($sql); @@ -515,7 +530,7 @@ return $rv; } - return "db failure ". $self->dbh->errstr; + return "db failure (sql=$sql) ". $self->dbh->errstr; } @@ -675,14 +690,15 @@ $sql .= $self->dbh->quote($name) . ")"; my $rv = $self->dbh->do($sql); + if (!defined($rv)) { if ($noupdate == 0) { $sql = "UPDATE pages SET content = ".$self->dbh->quote($content); $sql .= " WHERE network = ".$self->dbh->quote($group); - $sql .= " AND name = ".$self->dbg->quote($name); + $sql .= " AND name = ".$self->dbh->quote($name); $rv = $self->dbh->do($sql); } - if (!defined($rv)) { + if (!defined($rv) || ($rv == 0)) { return "db failure ".$self->dbh->errstr; } } @@ -1936,8 +1952,8 @@ $i ||= ''; if ($t =~ /^manual$/i) { - $junk = $self->getPage(-ip => $i, -npcfg => $npcfg); - if (!defined($junk)) { + $junk = $self->getPage(-name => $i, -npcfg => $npcfg); + if (!defined($junk) && !$f) { _log("ERROR", "$m cant add 'manual' result with invalid ID '$i'\n"); return "invalid manual id"; } @@ -2624,8 +2640,105 @@ +=head2 getUrlFilters() + +Fetch the "urlFilters" table contents. +RETURNS +=over 4 + + HASHREF on success + {network}-> + {'permit'}->{'re'} = joined RE + {'block'}->{'re'} = joined RE + {'soft-redirect'}->{'re'} = joined RE + {'hard-redirect'}->{'re'} = joined RE + + {'permit'}->{'list'}->[] + {'block'}->{'list'}->[] + {'soft-redirect'}->{'list'}->[] + {'hard-redirect'}->{'list'}->[] + + {'permit'}->{'hash'}->{url} = newurl + {'block'}->{'hash'}->{url} = newurl + {'soft-redirect'}->{'hash'}->{url} = newurl + {'hard-redirect'}->{'hash'}->{url} = newurl + + "db failure" something failed with the DB + +=back + +=cut + +sub getUrlFilters { + my $self = shift; + + my $sql = "SELECT url, dst, network, action FROM urlFilters"; + my $hr = $self->dbh->selectall_arrayref($sql); + if (ref($hr) ne "ARRAY") { + _log("ERROR", "failed to read urlFilters table: ".$self->dbh->errstr); + return "db failure ".$self->dbh->errstr; + } + + my $rv = {}; + my @permit; + my @block; + my @sredir; + my @hredir; + + my $permit; + my $block; + my $sredir; + my $hredir; + + my $dst; + + foreach my $row (@$hr) { + my $url = $row->[0]; + # $network $url $dst + $dst->{$row->[2]}->{$row->[0]} = $row->[1]; + $permit->{$row->[2]}->{$row->[0]} = $row->[1]; + $block->{$row->[2]}->{$row->[0]} = $row->[1]; + $sredir->{$row->[2]}->{$row->[0]} = $row->[1]; + $hredir->{$row->[2]}->{$row->[0]} = $row->[1]; + + if ($row->[3] eq "permit") { + push @permit, $row->[0]; + } + elsif ($row->[3] eq "block") { + push @block, $row->[0]; + } + elsif ($row->[3] eq "soft-redirect") { + push @sredir, $row->[0]; + } + elsif ($row->[3] eq "hard-redirect") { + push @hredir, $row->[0]; + } + } + + $rv->{'permit'}->{'re'} = '^'.join('|', @permit).'$'; + $rv->{'permit'}->{'list'} = \@permit; + $rv->{'permit'}->{'hash'} = {}; + %{$rv->{'permit'}->{'hash'}} = map { $_ => 1 } @permit; + + $rv->{'block'}->{'re'} = '^'.join('|', @block).'$'; + $rv->{'block'}->{'list'} = \@block; + $rv->{'block'}->{'hash'} = {}; + %{$rv->{'block'}->{'hash'}} = map { $_ => 1 } @block; + + $rv->{'soft-redirect'}->{'re'} = '^'.join('|', @sredir).'$'; + $rv->{'soft-redirect'}->{'list'} = \@sredir; + $rv->{'soft-redirect'}->{'hash'} = {}; + %{$rv->{'soft-redirect'}->{'hash'}} = map { $_ => 1 } @sredir; + + $rv->{'hard-redirect'}->{'re'} = '^'.join('|', @hredir).'$'; + $rv->{'hard-redirect'}->{'list'} = \@hredir; + $rv->{'hard-redirect'}->{'hash'} = {}; + %{$rv->{'hard-redirect'}->{'hash'}} = map { $_ => 1 } @hredir; + + return $rv; +} |
|
From: rcolantuoni <rco...@us...> - 2005-04-26 20:35:45
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv24744 Modified Files: rogue-dhcp-detect.pl Log Message: added pcap code and threading... still has errors on exit, due to _log calls in the threads perhaps... Index: rogue-dhcp-detect.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/rogue-dhcp-detect.pl,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- rogue-dhcp-detect.pl 25 Apr 2005 20:03:35 -0000 1.2 +++ rogue-dhcp-detect.pl 26 Apr 2005 20:35:36 -0000 1.3 @@ -57,22 +57,20 @@ use threads; use Getopt::Std; use Pod::Usage; +use Net::Pcap; -use lib qw(../lib); +use lib qw(/opt/netpass/lib); use NetPass::LOG qw(_log _cont); use NetPass; use NetPass::Config; use FileHandle; -use IO::Select; BEGIN { use Config; $Config{useithreads} or die "Recompile Perl with threads to run this program."; } -#NetPass::LOG::init [ 'rogue-dhcp', 'local0' ]; #*STDOUT; - my %opts; getopts('U:Dqhc:', \%opts); @@ -80,11 +78,18 @@ my ($dbuser, $dbpass) = exists $opts{'U'} ? split('/', $opts{'U'}) : (undef, undef); +my $debug = exists $opts{'D'} ? 1 : 0; +my $quiet = exists $opts{'q'} ? 1 : 0; + +NetPass::LOG::init *STDOUT if $debug; +NetPass::LOG::init [ 'rogue-dhcp-sniff', 'local0' ] unless $debug; + + my $np = new NetPass( -cstr => exists $opts{'c'} ? $opts{'c'} : undef, -dbuser => $dbuser, -dbpass => $dbpass, - -debug => exists $opts{'D'} ? 1 : 0, - -quiet => exists $opts{'q'} ? 1 : 0, + -debug => $debug, + -quiet => $quiet, ); die "failed to create NetPass object" unless defined $np; @@ -102,13 +107,9 @@ } die "no interfaces to listen on" if($#interfaces<0); - -#exit; ###################### CONFIG VARS #################################### -my $debug = 1; -my $quiet = 0; my $allowed = { '128.205.1.32' => 'ccdhcp-resnet3', @@ -124,7 +125,7 @@ my $reportFrequency = 20; # how often (in minutes) to send the report of rogues found # file containing a map of the first half of a mac address to manufacturer -my $ouiFile = "../etc/oui.txt"; +my $ouiFile = "/opt/netpass/etc/oui.txt"; my $fhIfMap = {}; @@ -136,9 +137,6 @@ # unbuffer output $|=1; -# create a filehandle group -my $fhGroup = IO::Select->new(); - # when true, we exit my $programExit = 0; @@ -152,129 +150,85 @@ # use oui file for determining what manufacturer made this device my $ouiCache = loadOUI($ouiFile); -# for each VLAN, open a tcpdump filehandle and push it into the filehandle group -foreach my $interface (@interfaces) { - next if(!ifConfigured($interface)); - - # the -S in the tcpdump command is very important... without -S, tcpdump keeps track of - # all the connections it has seen so it can generate relative sequence numbers rather - # than absolute sequence numbers. over time, this will increase the address space used - # by tcpdump, simulating a memory leak. +my @threads = (); - my $fh = new FileHandle "/usr/sbin/tcpdump -Slne -i$interface udp src port 67 2>&1 |"; - if(defined($fh)) { - print "Listening to traffic on IF $interface\n" if(!$quiet); - $fhGroup->add($fh); - $fhIfMap->{$fh} = $interface; - } +# for each interface, spawn a thread and push it into the filehandle group +foreach my $interface (@interfaces) { + my $sniffer = pcapDescriptor($interface); + push @threads, new threads (\&threadEntry, $sniffer, $interface); } -while(!$programExit) { - - # check to see if any of the filehandles have input - if (my @fhs = $fhGroup->can_read(0)) { - - # @fhs is an array of the filehandle that have input waiting to be read - - # foreach filehandle that has input to be read, get the input and parse it - foreach my $fh (@fhs) { - - my $line = $fh->getline; - my ($srcEth, $dstEth, $srcIp, $dstIp) = ('','','',''); +#print "Parent thread waiting\n" if $debug; +#$threads[0]->join; +#print "Parent thread joined\n" if $debug; - ($srcEth, $dstEth, $srcIp, $dstIp) = $line =~ /(\w+\:\w+\:\w+\:\w+\:\w+\:\w+) (\w+\:\w+\:\w+\:\w+\:\w+\:\w+)*.+ (\d+\.\d+\.\d+\.\d+)\.bootps > (\d+\.\d+\.\d+\.\d+).+/; +# wait for all threads to finish +$_->join foreach @threads; - if(!$srcIp) { - # this filter catches bad matches - print "NOMATCH:\t$line" if($debug); +exit 0; - } elsif($srcIp =~ /\.25\d$/) { - # this filter catches dhcrelays - print "DHCRELAY:\t$srcIp - $srcEth\n" if($debug); +######################################################################## - } elsif( $allowed->{$srcIp} ) { - # this filter catches our exceptions - print "EXCEPTION:\t$srcIp - $srcEth\n" if($debug); +sub threadEntry { + my $sniffer = shift; + my $interface = shift; - } else { - # anything else, should be a rogue server - $roguesFound->{$srcEth}->{'ip'} = $srcIp; - $roguesFound->{$srcEth}->{'vlan'} = $fhIfMap->{$fh}; - $roguesFound->{$srcEth}->{'count'}++; - print "ROGUE:\t$srcIp - $srcEth - " . $fhIfMap->{$fh} . " - " . $roguesFound->{$srcEth}->{'count'} . "\n" if(!$quiet); - } - } + #my $tid = threads->tid(); + #print "$tid"; # causes segfault?? wtf! + if(ref($sniffer)) { + _log("DEBUG", "Thread [tid] - Listening on interface $interface\n"); +# Net::Pcap::loop($sniffer, -1, \&processPacket, 0); + Net::Pcap::close($sniffer); + _log("DEBUG", "Thread [tid] - Done Listening on interface $interface\n"); } else { - print "no line\n" if($debug); + _log("DEBUG", "Not Listening on interface $interface\n"); } - - # if it's time to report, report - if((time - $lastReport) >= $reportFrequency) { - sendReport(); - $lastReport = time; - $roguesFound = {}; - } - - # let's sleep for a while and wait for some input to queue up - sleep($checkFrequency); - -# $programExit = 1; - } -# if we're exiting, close all the filehandles -print "Stop Listening...\n" if(!$quiet); -foreach my $fh ( @{$fhGroup->handles} ) { - $fh->close; +sub processPacket { + my($user_data, $hdr, $pkt) = @_; + print "got one!\n"; + return; } -exit; - -######################################################################## - -sub ifConfigured { - my ($interface) = @_; - - return 0 if(!defined($interface)); - - # check that the interface exists on this machine - if(system("/sbin/ifconfig -s $interface > /dev/null 2>&1") == 0) { - return 1; - } - print "Interface $interface is not configured on this device\n" if(!$quiet); - return 0; - -} # end sub - -sub sendReport { - - my $msg = ''; - - foreach my $eth ( keys %$roguesFound ) { - my $ip = $roguesFound->{$eth}->{'ip'}; - my $vlan = $roguesFound->{$eth}->{'vlan'}; - my $count = $roguesFound->{$eth}->{'count'}; - - $eth = sprintf('%02s:%02s:%02s:%02s:%02s:%02s', split(':', $eth)); - - $msg .= "ip: $ip - eth: $eth - vlan: $vlan - requests: $count"; +sub pcapDescriptor { + my ($device) = @_; - my $lookup = sprintf('%02s:%02s:%02s', split(':', $eth)); + # promiscuous mode on + my $promisc = 1; + + my $snaplen = 96; - $msg .= " - manufacturer: " . $ouiCache->{$lookup} if($ouiCache->{$lookup}); - $msg .= "\n"; - } + my $timeout = 0; # timeout (ms) + my $optimize = 1; # optimize flag + + # dhcp + my $filter = "udp src port 67"; - if($msg ne '') { - $msg = "ROGUE DHCP SERVERS DETECTED:\n\n" . $msg; - print "$msg\n"; - } + my ($err, $net, $mask, $filterCompiled); + + if ( (Net::Pcap::lookupnet($device, \$net, \$mask, \$err) ) == -1 ) { + _log("DEBUG", "$err\n"); + return undef; + } + + # open the descriptor + my $descriptor = Net::Pcap::open_live($device, $snaplen, $promisc, $timeout, \$err); + $descriptor || die "Can't create packet descriptor. Error was $err"; + + if ( Net::Pcap::compile($descriptor, \$filterCompiled, $filter, $optimize, $net) == -1 ) { + die "Unable to compile filter string '$filter'\n"; + } - return 1; + # Make sure our sniffer only captures those bytes we want in + # our filter. + Net::Pcap::setfilter($descriptor, $filterCompiled); -} # end sub + # Return our pcap descriptor + return $descriptor; +} sub loadOUI { my ($filename) = @_; |
|
From: rcolantuoni <rco...@us...> - 2005-04-26 15:40:07
|
Update of /cvsroot/netpass/NetPass/lib/Bundle In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv28844 Modified Files: NetPass2.pm Log Message: added Net::Pcap for use in rogue dhcp sniffer Index: NetPass2.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/Bundle/NetPass2.pm,v retrieving revision 1.9 retrieving revision 1.10 diff -u -d -r1.9 -r1.10 --- NetPass2.pm 21 Apr 2005 18:51:49 -0000 1.9 +++ NetPass2.pm 26 Apr 2005 15:39:58 -0000 1.10 @@ -32,6 +32,8 @@ Proc::ProcessTable::Process +Net::Pcap + Net::Ping Net::Ping::External |
|
From: rcolantuoni <rco...@us...> - 2005-04-25 20:04:03
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19949 Modified Files: rogue-dhcp-detect.pl Log Message: Added comments, standard option checking Index: rogue-dhcp-detect.pl =================================================================== RCS file: /cvsroot/netpass/NetPass/bin/rogue-dhcp-detect.pl,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -r1.1 -r1.2 --- rogue-dhcp-detect.pl 25 Apr 2005 19:08:13 -0000 1.1 +++ rogue-dhcp-detect.pl 25 Apr 2005 20:03:35 -0000 1.2 @@ -1,6 +1,60 @@ #!/opt/perl/bin/perl -w +# +# $Header$ +# +# (c) 2004 University at Buffalo. +# Available under the "Artistic License" +# http://www.gnu.org/licenses/license-list.html#ArtisticLicense + +=head1 NAME + +rogue-dhcp-detect.pl - sniffs NetPass interfaces for traffic from rogue dhcp servers. + +=head1 SYNOPSIS + + rogue-dhcp-detect.pl [-q] [-D] [-c cstr] [-U dbuser/dbpass] + -q be quiet. exit status only. + -D enable debugging + -c db connect string + -U db user[/pass] + +=head1 OPTIONS + +=over 8 + +=item B<-q> + +Be quiet, don't print anything. Just exit with non-zero status if +an error occurred. Otherwise, exit with zero status. + +=item B<-D> + +Enable debugging output. + +=item B<-c cstr> + +Connect to alternate database. + +=item B<-U user/pass> + +Credentials to connect to the database with. + +=back + +=head1 DESCRIPTION + +This script fetches all configured interfaces (see L<netpass.conf>) and will continuously +scan each interface for dhcp server traffic from unknown devices. +If an invalid device is sending dhcp server traffic, the port is disabled. + +=head1 AUTHOR + +Rob Colantuoni <rg...@bu...> + +=cut use strict; +use threads; use Getopt::Std; use Pod::Usage; @@ -12,9 +66,12 @@ use FileHandle; use IO::Select; -#NetPass::LOG::init [ 'reset', 'local0' ]; #*STDOUT; +BEGIN { + use Config; + $Config{useithreads} or die "Recompile Perl with threads to run this program."; +} -#$SIG{CHLD} = "IGNORE"; +#NetPass::LOG::init [ 'rogue-dhcp', 'local0' ]; #*STDOUT; my %opts; |
|
From: jeff m. <jef...@us...> - 2005-04-25 19:15:56
|
Update of /cvsroot/netpass/NetPass/www/components/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20130/www/components/Admin Modified Files: LockConfig Log Message: gui config lock management Index: LockConfig =================================================================== RCS file: /cvsroot/netpass/NetPass/www/components/Admin/LockConfig,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -r1.1 -r1.2 --- LockConfig 25 Apr 2005 02:55:16 -0000 1.1 +++ LockConfig 25 Apr 2005 19:15:01 -0000 1.2 @@ -8,13 +8,14 @@ var lockOpPending = false; function lockConfig_results(r) { - alert(r); var b = document.getElementById('lockButton'); if (b) { b.disabled = ''; b.textContent = "Lock Config"; } lockOpPending = false; + var ra = r.split(' '); + alert(ra.length + "/ ra0='" +ra[0]+"'"); } function lockConfig(lock, force) { |
|
From: jeff m. <jef...@us...> - 2005-04-25 19:15:41
|
Update of /cvsroot/netpass/NetPass/www/components/style/back In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20130/www/components/style/back Modified Files: end_content end_sidebar start_sidebar Log Message: gui config lock management Index: start_sidebar =================================================================== RCS file: /cvsroot/netpass/NetPass/www/components/style/back/start_sidebar,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- start_sidebar 25 Apr 2005 02:52:47 -0000 1.2 +++ start_sidebar 25 Apr 2005 19:15:01 -0000 1.3 @@ -5,11 +5,9 @@ # Available under the "Artistic License" # http://www.gnu.org/licenses/license-list.html#ArtisticLicense </%doc> - <%args> $printable => 0; </%args> - %if (!$printable) { <table width="100%" border="0" cellspacing="0" cellpadding="8"> <tr> Index: end_sidebar =================================================================== RCS file: /cvsroot/netpass/NetPass/www/components/style/back/end_sidebar,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- end_sidebar 25 Apr 2005 02:52:47 -0000 1.2 +++ end_sidebar 25 Apr 2005 19:15:01 -0000 1.3 @@ -1,4 +1,3 @@ - <%doc> # $Header$ @@ -6,12 +5,10 @@ # Available under the "Artistic License" # http://www.gnu.org/licenses/license-list.html#ArtisticLicense </%doc> - <%args> $resource_root => "/resources"; $printable => 0; </%args> - %if (! $printable) { </p> Index: end_content =================================================================== RCS file: /cvsroot/netpass/NetPass/www/components/style/back/end_content,v retrieving revision 1.2 retrieving revision 1.3 diff -u -d -r1.2 -r1.3 --- end_content 25 Apr 2005 02:52:47 -0000 1.2 +++ end_content 25 Apr 2005 19:15:01 -0000 1.3 @@ -5,11 +5,9 @@ # Available under the "Artistic License" # http://www.gnu.org/licenses/license-list.html#ArtisticLicense </%doc> - <%args> $printable => 0; </%args> - % if (!$printable) { </td> </tr> |
|
From: jeff m. <jef...@us...> - 2005-04-25 19:15:40
|
Update of /cvsroot/netpass/NetPass/lib/NetPass In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20130/lib/NetPass Modified Files: DB.pm Log Message: gui config lock management Index: DB.pm =================================================================== RCS file: /cvsroot/netpass/NetPass/lib/NetPass/DB.pm,v retrieving revision 1.33 retrieving revision 1.34 diff -u -d -r1.33 -r1.34 --- DB.pm 25 Apr 2005 05:44:55 -0000 1.33 +++ DB.pm 25 Apr 2005 19:15:00 -0000 1.34 @@ -2454,14 +2454,14 @@ return "invalid parameters (rev)" unless ($r >= 0); return "invalid parameters (user)" unless ($u ne ""); - my $sql = "SELECT xlock, rev FROM config WHERE xlock = 1"; + my $sql = "SELECT xlock, rev, user FROM config WHERE xlock = 1"; my $rv = $self->dbh->selectall_arrayref($sql); return "db failure ".$self->dbh->errstr unless (ref($rv) eq "ARRAY"); if ($#{$rv} > -1) { - return "lock failed alreadyLockedRev=".$rv->[0]->[1]; + return "lock failed alreadyLocked rev=".$rv->[0]->[1]. " user=".$rv->[0]->[2]; } - $sql = "UPDATE config SET xlock = 1 WHERE rev = ".$self->dbh->quote($r); + $sql = "UPDATE config SET xlock = 1, user = ".$self->dbh->quote($u)." WHERE rev = ".$self->dbh->quote($r); $rv = $self->dbh->do($sql); if (!defined($rv)) { |
|
From: jeff m. <jef...@us...> - 2005-04-25 19:15:33
|
Update of /cvsroot/netpass/NetPass/www/components/style/front In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20130/www/components/style/front Modified Files: footer header Log Message: gui config lock management Index: header =================================================================== RCS file: /cvsroot/netpass/NetPass/www/components/style/front/header,v retrieving revision 1.7 retrieving revision 1.8 diff -u -d -r1.7 -r1.8 --- header 25 Apr 2005 02:52:48 -0000 1.7 +++ header 25 Apr 2005 19:15:02 -0000 1.8 @@ -5,22 +5,17 @@ # Available under the "Artistic License" # http://www.gnu.org/licenses/license-list.html#ArtisticLicense </%doc> - - <%args> $resource_root => "/resources"; $printable => 0; </%args> - <%perl> my $ip = $ENV{'REMOTE_ADDR'}; my $compName = $np->cfg->policy(-key => 'COMPANY_NAME', -network => $ip) || ""; my $compSName = $np->cfg->policy(-key => 'COMPANY_SHORT_NAME', -network => $ip) || ""; my $compUnit = $np->cfg->policy(-key => 'COMPANY_UNIT_NAME', -network => $ip) || ""; </%perl> - % return '' if ($printable == 2); - <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" Index: footer =================================================================== RCS file: /cvsroot/netpass/NetPass/www/components/style/front/footer,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- footer 25 Apr 2005 03:08:02 -0000 1.6 +++ footer 25 Apr 2005 19:15:01 -0000 1.7 @@ -5,14 +5,10 @@ # Available under the "Artistic License" # http://www.gnu.org/licenses/license-list.html#ArtisticLicense </%doc> - - <%args> $resource_root => "/resources"; $printable => 0; </%args> - - <%perl> return '' if ($printable == 2); # aggressive printable if ($printable == 0) { # 1 = less aggressive printable |
|
From: jeff m. <jef...@us...> - 2005-04-25 19:15:33
|
Update of /cvsroot/netpass/NetPass/www/htdocs In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20130/www/htdocs Modified Files: autohandler Log Message: gui config lock management Index: autohandler =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/autohandler,v retrieving revision 1.5 retrieving revision 1.6 diff -u -d -r1.5 -r1.6 --- autohandler 21 Apr 2005 12:49:31 -0000 1.5 +++ autohandler 25 Apr 2005 19:15:02 -0000 1.6 @@ -5,11 +5,8 @@ # Available under the "Artistic License" # http://www.gnu.org/licenses/license-list.html#ArtisticLicense </%doc> - - <%args> </%args> - <%init> use NetPass; @@ -38,7 +35,6 @@ } </%init> - <%cleanup> if (defined ($np) ) { $np->DESTROY() ; } </%cleanup> |
|
From: jeff m. <jef...@us...> - 2005-04-25 19:15:15
|
Update of /cvsroot/netpass/NetPass/www/htdocs/Admin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20130/www/htdocs/Admin Modified Files: autohandler lockcfg.mhtml Log Message: gui config lock management Index: autohandler =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/autohandler,v retrieving revision 1.8 retrieving revision 1.9 diff -u -d -r1.8 -r1.9 --- autohandler 25 Apr 2005 02:52:48 -0000 1.8 +++ autohandler 25 Apr 2005 19:15:03 -0000 1.9 @@ -1,4 +1,3 @@ - <%doc> # $Header$ @@ -6,12 +5,9 @@ # Available under the "Artistic License" # http://www.gnu.org/licenses/license-list.html#ArtisticLicense </%doc> - <%args> $printable => 0; </%args> - - <%perl> use Sys::Hostname; my $serverType = "PRODUCTION"; @@ -24,9 +20,6 @@ print qq{<script src="/resources/js/xmlhttp.js" type="text/javascript"></script>}; $m->comp('/style/back/start_sidebar', %ARGS); </%perl> - - - <center> <div class="sbHeader">NetPass Admin</div> <div class="sbHeader"><%$serverType%> SERVER</div> @@ -67,13 +60,8 @@ <a class="sbLinks" href="/Admin/reports.mhtml" title="">Reports</a><br> </DIV> <P><P> - - <BR><H6><I><%join('.', (split(/\./, hostname))[0,1])%></I></H6> - % } - - <%perl> } Index: lockcfg.mhtml =================================================================== RCS file: /cvsroot/netpass/NetPass/www/htdocs/Admin/lockcfg.mhtml,v retrieving revision 1.1 retrieving revision 1.2 diff -u -d -r1.1 -r1.2 --- lockcfg.mhtml 25 Apr 2005 02:55:16 -0000 1.1 +++ lockcfg.mhtml 25 Apr 2005 19:15:03 -0000 1.2 @@ -4,5 +4,103 @@ $lock => 0; $force => 0; </%args> -lock: <%$lock%> force: <%$force%> user: <%$m->session->{'username'}%> +<%perl> + +my $lstat = $np->db->isConfigLocked(); +my $rv; + +if ($lock) { + # we want to lock the config + + if (ref($lstat) eq "HASH") { + # config is already locked + if ($lstat->{'user'} ne $m->session->{'username'}) { + # and not by us + if ($force) { + # we're willing to force the issue + $rv = $np->db->unlockConfig(-rev => $lstat->{'rev'}, + -user => $m->session->{'username'}); + if ($rv) { + # fail + print "NOK lock unlockfailed $rv\n"; + } else { + $rv = $np->db->lockConfig(-rev => $lstat->{'rev'}, + -user => $m->session->{'username'}); + if ($rv) { + # fail + print "NOK lock $rv\n"; + } else { + # success + print "OK lock\n"; + } + } + } else { + # we're not willing to break the lock + print "NOK lock lockedby=".$lstat->{'user'}."\n"; + } + } else { + # config is already locked by us + print "OK lock alreadylocked\n"; + } + } + elsif ($lstat) { + # an error occurred + print "NOK lock $lstat\n"; + } + else { + # config is not locked, lock it + $rv = $np->db->getConfig(); + $rv = $np->db->lockConfig(-rev => $rv->{'rev'}, + -user => $m->session->{'username'}); + if ($rv) { + # fail + print "NOK lock $rv\n"; + } else { + # success + print "OK lock\n"; + } + } +} else { + # we want to unlock the config + + if (ref($lstat) eq "HASH") { + # config is locked + if ($lstat->{'user'} ne $m->session->{'username'}) { + # and not by us + if ($force) { + # we're willing to force the issue + $rv = $np->db->unlockConfig(-rev => $lstat->{'rev'}, + -user => $m->session->{'username'}); + if ($rv) { + # error + print "NOK unlock $rv\n"; + } else { + print "OK unlock\n"; + } + } else { + # we're not willing to break the lock + print "NOK unlock lockedby=".$lstat->{'user'}."\n"; + } + } else { + # config is locked by us: unlock it + $rv = $np->db->unlockConfig(-rev => $lstat->{'rev'}, + -user => $m->session->{'username'}); + if ($rv) { + # fail + print "NOK unlock $rv\n"; + } else { + print "OK unlock\n"; + } + } + } + elsif ($lstat) { + # an error occurred + print "NOK unlock $lstat\n"; + } + else { + # config is not locked: NOP + print "OK unlock\n"; + } +} +</%perl> |
|
From: rcolantuoni <rco...@us...> - 2005-04-25 19:10:08
|
Update of /cvsroot/netpass/NetPass/etc In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv16513/etc Added Files: oui.txt Log Message: Initial Checkin. This file is used to map ethernet addresses to manufacturer. --- NEW FILE: oui.txt --- 00-00-00|XEROX CORPORATION 00-00-01|XEROX CORPORATION 00-00-02|XEROX CORPORATION 00-00-03|XEROX CORPORATION 00-00-04|XEROX CORPORATION 00-00-05|XEROX CORPORATION 00-00-06|XEROX CORPORATION 00-00-07|XEROX CORPORATION 00-00-08|XEROX CORPORATION 00-00-09|XEROX CORPORATION 00-00-0A|OMRON TATEISI ELECTRONICS CO. 00-00-0B|MATRIX CORPORATION 00-00-0C|CISCO SYSTEMS, INC. 00-00-0D|FIBRONICS LTD. 00-00-0E|FUJITSU LIMITED 00-00-0F|NEXT, INC. 00-00-10|SYTEK INC. 00-00-11|NORMEREL SYSTEMES 00-00-12|INFORMATION TECHNOLOGY LIMITED [...7901 lines suppressed...] 08-00-8B|PYRAMID TECHNOLOGY CORP. 08-00-8C|NETWORK RESEARCH CORPORATION 08-00-8D|XYVISION INC. 08-00-8E|TANDEM COMPUTERS 08-00-8F|CHIPCOM CORPORATION 08-00-90|SONOMA SYSTEMS 08-14-43|UNIBRAIN S.A. 08-BB-CC|AK-NORD EDV VERTRIEBSGES. mbH 10-00-00|PRIVATE 10-00-5A|IBM CORPORATION 10-00-E8|NATIONAL SEMICONDUCTOR 11-00-AA|PRIVATE 80-00-10|ATT BELL LABORATORIES A0-6A-00|Verilink Corporation AA-00-00|DIGITAL EQUIPMENT CORPORATION AA-00-01|DIGITAL EQUIPMENT CORPORATION AA-00-02|DIGITAL EQUIPMENT CORPORATION AA-00-03|DIGITAL EQUIPMENT CORPORATION AA-00-04|DIGITAL EQUIPMENT CORPORATION AC-DE-48|PRIVATE |
|
From: rcolantuoni <rco...@us...> - 2005-04-25 19:08:46
|
Update of /cvsroot/netpass/NetPass/bin In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv15686 Added Files: rogue-dhcp-detect.pl Log Message: Initial Check-in. Netpass::Config options partially added. --- NEW FILE: rogue-dhcp-detect.pl --- #!/opt/perl/bin/perl -w use strict; use Getopt::Std; use Pod::Usage; use lib qw(../lib); use NetPass::LOG qw(_log _cont); use NetPass; use NetPass::Config; use FileHandle; use IO::Select; #NetPass::LOG::init [ 'reset', 'local0' ]; #*STDOUT; #$SIG{CHLD} = "IGNORE"; my %opts; getopts('U:Dqhc:', \%opts); pod2usage(2) if exists $opts{'h'} || exists $opts{'?'}; my ($dbuser, $dbpass) = exists $opts{'U'} ? split('/', $opts{'U'}) : (undef, undef); my $np = new NetPass( -cstr => exists $opts{'c'} ? $opts{'c'} : undef, -dbuser => $dbuser, -dbpass => $dbpass, -debug => exists $opts{'D'} ? 1 : 0, -quiet => exists $opts{'q'} ? 1 : 0, ); die "failed to create NetPass object" unless defined $np; my @interfaces = (); foreach my $network ( @{$np->cfg->getNetworks()} ) { my $interface = $np->cfg->interface($network); if( defined($np->cfg->nonquarantineVlan($network)) ) { push(@interfaces, "$interface.".$np->cfg->nonquarantineVlan($network)); } if( defined($np->cfg->quarantineVlan($network)) ) { push(@interfaces, "$interface.".$np->cfg->quarantineVlan($network)); } } die "no interfaces to listen on" if($#interfaces<0); #exit; ###################### CONFIG VARS #################################### my $debug = 1; my $quiet = 0; my $allowed = { '128.205.1.32' => 'ccdhcp-resnet3', '128.205.1.33' => 'ccdhcp-resnet4', '128.205.1.26' => 'npw1', '128.205.1.27' => 'npw2', '128.205.159.122' => 'dhcp relay exception', '128.205.159.123' => 'dhcp relay exception', '128.205.159.126' => 'dhcp relay exception', }; my $checkFrequency = 3; # how often (in seconds) to check the tcpdump filehandles for input my $reportFrequency = 20; # how often (in minutes) to send the report of rogues found # file containing a map of the first half of a mac address to manufacturer my $ouiFile = "../etc/oui.txt"; my $fhIfMap = {}; ######################################################################## # convert to seconds $reportFrequency = $reportFrequency * 60; # unbuffer output $|=1; # create a filehandle group my $fhGroup = IO::Select->new(); # when true, we exit my $programExit = 0; # a hash, indexed by the ethernet address, of any rogues found. # $roguesFound->{ethernet address} = ip address my $roguesFound = {}; # the last time a report was sent out my $lastReport = time; # use oui file for determining what manufacturer made this device my $ouiCache = loadOUI($ouiFile); # for each VLAN, open a tcpdump filehandle and push it into the filehandle group foreach my $interface (@interfaces) { next if(!ifConfigured($interface)); # the -S in the tcpdump command is very important... without -S, tcpdump keeps track of # all the connections it has seen so it can generate relative sequence numbers rather # than absolute sequence numbers. over time, this will increase the address space used # by tcpdump, simulating a memory leak. my $fh = new FileHandle "/usr/sbin/tcpdump -Slne -i$interface udp src port 67 2>&1 |"; if(defined($fh)) { print "Listening to traffic on IF $interface\n" if(!$quiet); $fhGroup->add($fh); $fhIfMap->{$fh} = $interface; } } while(!$programExit) { # check to see if any of the filehandles have input if (my @fhs = $fhGroup->can_read(0)) { # @fhs is an array of the filehandle that have input waiting to be read # foreach filehandle that has input to be read, get the input and parse it foreach my $fh (@fhs) { my $line = $fh->getline; my ($srcEth, $dstEth, $srcIp, $dstIp) = ('','','',''); ($srcEth, $dstEth, $srcIp, $dstIp) = $line =~ /(\w+\:\w+\:\w+\:\w+\:\w+\:\w+) (\w+\:\w+\:\w+\:\w+\:\w+\:\w+)*.+ (\d+\.\d+\.\d+\.\d+)\.bootps > (\d+\.\d+\.\d+\.\d+).+/; if(!$srcIp) { # this filter catches bad matches print "NOMATCH:\t$line" if($debug); } elsif($srcIp =~ /\.25\d$/) { # this filter catches dhcrelays print "DHCRELAY:\t$srcIp - $srcEth\n" if($debug); } elsif( $allowed->{$srcIp} ) { # this filter catches our exceptions print "EXCEPTION:\t$srcIp - $srcEth\n" if($debug); } else { # anything else, should be a rogue server $roguesFound->{$srcEth}->{'ip'} = $srcIp; $roguesFound->{$srcEth}->{'vlan'} = $fhIfMap->{$fh}; $roguesFound->{$srcEth}->{'count'}++; print "ROGUE:\t$srcIp - $srcEth - " . $fhIfMap->{$fh} . " - " . $roguesFound->{$srcEth}->{'count'} . "\n" if(!$quiet); } } } else { print "no line\n" if($debug); } # if it's time to report, report if((time - $lastReport) >= $reportFrequency) { sendReport(); $lastReport = time; $roguesFound = {}; } # let's sleep for a while and wait for some input to queue up sleep($checkFrequency); # $programExit = 1; } # if we're exiting, close all the filehandles print "Stop Listening...\n" if(!$quiet); foreach my $fh ( @{$fhGroup->handles} ) { $fh->close; } exit; ######################################################################## sub ifConfigured { my ($interface) = @_; return 0 if(!defined($interface)); # check that the interface exists on this machine if(system("/sbin/ifconfig -s $interface > /dev/null 2>&1") == 0) { return 1; } print "Interface $interface is not configured on this device\n" if(!$quiet); return 0; } # end sub sub sendReport { my $msg = ''; foreach my $eth ( keys %$roguesFound ) { my $ip = $roguesFound->{$eth}->{'ip'}; my $vlan = $roguesFound->{$eth}->{'vlan'}; my $count = $roguesFound->{$eth}->{'count'}; $eth = sprintf('%02s:%02s:%02s:%02s:%02s:%02s', split(':', $eth)); $msg .= "ip: $ip - eth: $eth - vlan: $vlan - requests: $count"; my $lookup = sprintf('%02s:%02s:%02s', split(':', $eth)); $msg .= " - manufacturer: " . $ouiCache->{$lookup} if($ouiCache->{$lookup}); $msg .= "\n"; } if($msg ne '') { $msg = "ROGUE DHCP SERVERS DETECTED:\n\n" . $msg; print "$msg\n"; } return 1; } # end sub sub loadOUI { my ($filename) = @_; my $cache = {}; my $fh = new FileHandle; $fh->open($filename) || die "Couldn't open oui file: $filename!\n"; while( my $line = <$fh>) { my($eth, $company) = split(/\|/, $line); $eth =~ s/\-/\:/g; $eth = lc($eth); $cache->{$eth} = $company; } $fh->close; return $cache; } # end sub |
|
From: Jeff M. <jcm...@je...> - 2005-04-25 19:08:45
|
i've redirected cvs log files to this list rather than send them to the individual developers. |
|
From: jeff m. <jcm...@os...> - 2004-09-02 01:05:29
|
initial message |
