=== renamed file 'ebuild/vultureng-1.90p2.ebuild' => 'ebuild/vultureng-1.90p3.ebuild' === modified file 'ChangeLog' --- ChangeLog +++ ChangeLog @@ -1,9 +1,17 @@ VultureNG ChangeLog + +Version 1.90p3 +2-Jun-2006 + * Bug with SSO Forward + * Bug in interface (some blank pages) + * Some translation updates Version 1.90p2 30-May-2006 * Bug with ACL http://groups.open-source.fr/viewtopic.php?t=306#724 * Missing "Profiles" in menu + * Bug with ACL in the administration interface + * Some translation updates Version 1.90p1 25-May-2006 === modified file 'INSTALL' --- INSTALL +++ INSTALL @@ -1,6 +1,7 @@ D O C U M E N T A T I O N - The full Vulture documentation is available at http://vulture.open-source.fr + The full Vulture documentation is available at : + http://arnaud.desmons.free.fr/wordpress/?page_id=36 I N S T A L L A T I O N @@ -11,9 +12,9 @@ packages for the following distributions: o Gentoo Linux, which is the recommended system - o Redhat AS3 - o Fedora Core 2 - o Mandrake 9.2 + o Redhat Entreprise and CentOS + o Fedora Core + o Mandrake The simpliest way to install Vulture is to use Gentoo. You only need to type `emerge vultureng' and almost everything is done for you. @@ -24,12 +25,13 @@ mod_perl o VultureNG - These packages can be downloaded from http://vulture.open-source.fr. + Those packages can be downloaded from : + http://arnaud.desmons.free.fr/wordpress/?page_id=25 Be adviced that INTRINsec-common is DISTRIBUTION DEPENDANT, thus you need to - download the right package, according to the distribution you're using. + download this package according to the distribution you're using. - VultureNG is independant, as it only contains PHP files. + VultureNG is architecture and distribution independant, as it only contains PHP files. Here is the way to install Vulture on RPM systems: @@ -37,4 +39,4 @@ $ rpm -ivh VultureNG-*.rpm If you want Vulture to be packaged for other distributions, send a mail to - dev-vulture@open-source.fr + vulture-users@open-source.fr === modified file 'Makefile' --- Makefile +++ Makefile @@ -1,5 +1,5 @@ NAME = vultureng -VERSION = 1.90p2 +VERSION = 1.90p3 PREFIX = /opt/INTRINsec DIRS = sql www conf === modified file 'lib/Vulture/lib/Vulture/ResponseHandler.pm' --- lib/Vulture/lib/Vulture/ResponseHandler.pm +++ lib/Vulture/lib/Vulture/ResponseHandler.pm @@ -18,7 +18,7 @@ use Apache::SSLLookup; use Authen::Radius; #use Log::Log4perl; -use Data::Dumper; +#use Data::Dumper; use Vulture qw($db_uri $auth_url $proxy_name $proto &get_app &session &get_cookie $path); @@ -72,7 +72,7 @@ $filter_member = $ldap_uid_attr . "=" . $user; } $mesg = $ldap->search(base => $ldap_base_dn, - filter => "(&(|(objectclass=posixGroup)(objectclass=group))(|".$filter_groups.")(".$filter_member."))" + filter => "(&(|(objectclass=posixGroup)(objectclass=group)(objectclass=groupofuniquenames))(|".$filter_groups.")(".$filter_member."))" ); $mesg->code and return 0; $object = $mesg->entry(0); @@ -595,39 +595,38 @@ if ($proxy{$app->{auth}}) { my $user = $session{user}; $user ||= $proxy{$app->{auth}}->{user}; + my ($ret, $post); if (acl($app, $dbh, $user)) { - my ($ret, $post); - - $session{user} ||= $proxy{$app->{auth}}->{user}; - # Application is configured for SSO forward - if ($app->{is_post}) { - ($ret, $post) = sso_forward($dbh, $app, \%proxy, \%session, $is_one_time_password); - } - # Display pin form - if ($ret and $ret == NEED_PIN) { + + $session{user} ||= $proxy{$app->{auth}}->{user}; + # Application is configured for SSO forward + if ($app->{is_post}) { + ($ret, $post) = sso_forward($dbh, $app, \%proxy, \%session, $is_one_time_password); + } + # Display pin form + if ($ret and $ret == NEED_PIN) { + $session{post} = undef; + $r->status(200); + $r->content_type('text/html'); + + $r->print(pin_form($app->{id}, $dbh, $id, $is_one_time_password ? undef : $session{pass})); + return Apache2::Const::OK; + } + if (!$app->{is_post} or ($app->{is_post} and $ret and $ret != INVALID_PIN)) { + chomp($post) if ($post); + $post ||= 1; + $session{post} = $post; + $r->headers_out->set('Location' => $session{proto}."://". $session{site} . ":".$session{port}. $session{uri}); + $r->status(Apache2::Const::REDIRECT); + return Apache2::Const::OK; + } + # Display profile form $session{post} = undef; $r->status(200); $r->content_type('text/html'); - - $r->print(pin_form($app->{id}, $dbh, $id, $is_one_time_password ? undef : $session{pass})); + $r->print(app_form($app->{id}, $dbh, $id, $is_one_time_password ? ($ask_pin ? undef : "") : $session{pass})); return Apache2::Const::OK; } - - if (!$app->{is_post} or ($app->{is_post} and $ret and $ret != INVALID_PIN)) { - chomp($post) if ($post); - $post ||= 1; - $session{post} = $post; - $r->headers_out->set('Location' => $session{proto}."://". $session{site} . ":".$session{port}. $session{uri}); - $r->status(Apache2::Const::REDIRECT); - return Apache2::Const::OK; - } - # Display profile form - $session{post} = undef; - $r->status(200); - $r->content_type('text/html'); - $r->print(app_form($app->{id}, $dbh, $id, $is_one_time_password ? ($ask_pin ? undef : "") : $session{pass})); - return Apache2::Const::OK; - } } # No cookie my $auth = auth($app, $dbh, \%session); === modified file 'lib/Vulture/lib/Vulture/TransHandler.pm' --- lib/Vulture/lib/Vulture/TransHandler.pm +++ lib/Vulture/lib/Vulture/TransHandler.pm @@ -13,7 +13,7 @@ use Apache2::Connection; use Apache::SSLLookup; use Vulture qw(&get_app $proto &read_conf $db_uri &get_cookie &session); -use Data::Dumper; +#use Data::Dumper; sub REMOTE_ADDR { 1 }; @@ -69,7 +69,7 @@ my ($id) = get_cookie($r->headers_in->{Cookie}, 'vulture_app=([^;]*)'); my %session; session(\%session, $app->{timeout}, $id) if ($id); - if ($session{_session_id} and $session{post} or !$app->{'auth'} ) { + if (($session{_session_id} and exists $session{post}) or !$app->{'auth'} ) { if ($session{posted} or !$app->{'auth'} or ($session{post} @@ -126,16 +126,16 @@ $r->proxyreq(2); return Apache2::Const::OK; } - } - $r->headers_out->add('Set-Cookie' => 'vulture_app='.$session{_session_id}.'; path=/'); - my $request = HTTP::Request->new('POST', $app->{post_url}, undef, $session{post}); - $session{posted} = 1; - $request->push_header('Content-Type' => 'application/x-www-form-urlencoded'); - my $ua = LWP::UserAgent->new; - my $response = $ua->request($request); - if ($response->headers->header('Set-Cookie')) { - foreach ($response->headers->header('Set-Cookie')) { - $r->headers_out->add('Set-Cookie' => $_ . "; path=/"); + $r->headers_out->add('Set-Cookie' => 'vulture_app='.$session{_session_id}.'; path=/'); + my $request = HTTP::Request->new('POST', $app->{post_url}, undef, $session{post}); + $session{posted} = 1; + $request->push_header('Content-Type' => 'application/x-www-form-urlencoded'); + my $ua = LWP::UserAgent->new; + my $response = $ua->request($request); + if ($response->headers->header('Set-Cookie')) { + foreach ($response->headers->header('Set-Cookie')) { + $r->headers_out->add('Set-Cookie' => $_ . "; path=/"); + } } } } === modified file 'rpm/vultureng.spec' --- rpm/vultureng.spec +++ rpm/vultureng.spec @@ -15,7 +15,7 @@ %endif %define name vultureng -%define version 1.90p2 +%define version 1.90p3 Summary: VultureNG Reverse Proxy Name: %name @@ -102,6 +102,9 @@ %changelog +* Thu May 30 2006 Arnaud Desmons 1.90p3 +- 1.90p3 + * Thu May 30 2006 Arnaud Desmons 1.90p2 - 1.90p2 === modified file 'sql/sqlite.dump' --- sql/sqlite.dump +++ sql/sqlite.dump @@ -9,7 +9,7 @@ INSERT INTO auth VALUES(1,3,1); CREATE TABLE ca (id INTEGER PRIMARY KEY, name TEXT NOT NULL, crt TEXT NOT NULL, ssl_constraint TEXT, require TEXT NOT NULL); CREATE TABLE conf (var TEXT NOT NULL, value TEXT); -INSERT INTO conf VALUES('version','1.90p2'); +INSERT INTO conf VALUES('version','1.90p3'); CREATE TABLE config (default_filter_config TEXT NOT NULL, default_access_config TEXT NOT NULL); INSERT INTO config VALUES('#Default mod_security config SecFilterCheckURLEncoding On === modified file 'sql/sqlite.dump.1.90' --- sql/sqlite.dump.1.90 +++ sql/sqlite.dump.1.90 @@ -15,4 +15,4 @@ DROP TABLE tmp; UPDATE sql SET uri='dbi:SQLite:dbname=/opt/INTRINsec/vultureng/sql/db' WHERE uri='dbi:SQLite:dbname=/opt/INTRINsec/VultureNG/sql/db'; -UPDATE conf SET value='1.90p2' WHERE var='version'; +UPDATE conf SET value='1.90p3' WHERE var='version'; === modified file 'www/WEB-INF/classes/ACL.php' --- www/WEB-INF/classes/ACL.php +++ www/WEB-INF/classes/ACL.php @@ -169,7 +169,9 @@ function getLDAPGroups($cnx) { $ldap = new LDAP(); $ldap->select($this->db, $this->id_method); - $search = ldap_search($cnx, $ldap->getBaseDN(), "(|(objectclass=posixGroup)(objectclass=group))", array($ldap->getGroupAttr())); + $search = ldap_search($cnx, $ldap->getBaseDN(), + "(|(objectclass=posixGroup)(objectclass=group)(objectclass=groupofuniquenames))", + array($ldap->getGroupAttr())); ldap_sort($cnx, $search, $ldap->getGroupAttr()); $result = ldap_get_entries($cnx, $search); for ($user = 0; $user < $result["count"]; $user++) { === modified file 'www/WEB-INF/classes/addCA.php' --- www/WEB-INF/classes/addCA.php +++ www/WEB-INF/classes/addCA.php @@ -4,10 +4,6 @@ include_once "CA.php"; class addCA extends AbstractAction { - - function addCA() { - parent::AbstractAction(); - } function execute($mapping, $form, &$request, &$response) { === modified file 'www/WEB-INF/classes/addFilter.php' --- www/WEB-INF/classes/addFilter.php +++ www/WEB-INF/classes/addFilter.php @@ -4,10 +4,6 @@ include_once "Filter.php"; class addFilter extends AbstractAction { - - function addFilter() { - parent::AbstractAction(); - } function execute($mapping, $form, &$request, &$response) { === modified file 'www/WEB-INF/classes/editFilter.php' --- www/WEB-INF/classes/editFilter.php +++ www/WEB-INF/classes/editFilter.php @@ -4,10 +4,6 @@ include_once "Filter.php"; class editFilter extends AbstractAction { - - function editFilter() { - parent::AbstractAction(); - } function execute($mapping, $form, &$request, &$response) { === modified file 'www/WEB-INF/tpl/edit_if_ssl.tpl' --- www/WEB-INF/tpl/edit_if_ssl.tpl +++ www/WEB-INF/tpl/edit_if_ssl.tpl @@ -52,7 +52,7 @@
-

".$i18n["edit_if"]."

+

".$i18n["edit_if"]."

=== modified file 'www/locales/en.inc.php' --- www/locales/en.inc.php +++ www/locales/en.inc.php @@ -29,6 +29,7 @@ /* User */ $i18n ["user"] = "Users"; + $i18n ["users"] = "Users"; $i18n ["login"] = "Login"; $i18n ["lastname"] = "Last name"; $i18n ["firstname"] = "First name"; @@ -45,6 +46,7 @@ $i18n["internet"] = "Internet name"; $i18n["alias"] = "Alias"; $i18n["private"] = "Private URL"; + $i18n["timeout"] = "Timeout"; $i18n["auth_method"] = "Authentication Methods"; $i18n["rewrite"] = "Rewriting rules"; $i18n["access"] = "Access Control"; @@ -52,15 +54,19 @@ $i18n["activate_rewrite"] = "URL rewriting"; $i18n["deactivate_rewrite"] = "No URL rewriting"; $i18n["activate_access"] = "Access control"; - $i18n["deactivate_access"] = "NO Access control"; + $i18n["deactivate_access"] = "No Access control"; $i18n["activate_security"] = "URL filtering"; $i18n["deactivate_security"] = "No URL filtering"; - $i18n["activate_post"] = "SSO Forward ®"; - $i18n["deactivate_post"] = "NO SSO Forward ®"; - $i18n["sso_forward"] = "SSO Forward ® : Authentication propagation"; + $i18n["activate_post"] = "SSO Forward"; + $i18n["deactivate_post"] = "No SSO Forward"; + $i18n["sso_forward"] = "SSO Forward"; $i18n["profiles"] = "Profiles"; $i18n["_profiles"] = "profiles"; - + $i18n["activate_header"] = "HTTP headers"; + $i18n["deactivate_header"] = "No HTTP headers"; + $i18n["activate_load_balancing"] = "Load balancing"; + $i18n["deactivate_load_balancing"] = "No load balancing"; + $i18n["post"] = "Form authentication"; $i18n["post_url"] = "Authentication Form URL"; $i18n["add_field"] = "Add a field"; @@ -75,6 +81,9 @@ $i18n["autologon"] = "Application's login/password and Vulture's login/password are identical"; $i18n["autologon_missing"] = "Please define a 'autologon_user' field and a 'autologon_password' field"; + $i18n["enable_proxy"] = "Enable SSO portal"; + $i18n["disable_proxy"] = "Disable SSO portal"; + $i18n["proxy_name"] = "SSO portal name"; /* Interfaces */ $i18n["interface"] = "Interfaces"; @@ -82,7 +91,7 @@ $i18n["ip_port"] = "Port"; $i18n["status"] = "Status"; $i18n["add_if"] = "Interface add"; - $i18n["edit_if"] = "Interface edit"; + $i18n["edit_if"] = "Interface edition"; $i18n["activate_ssl"] = "SSL activation"; $i18n["deactivate_ssl"] = "SSL canceling"; $i18n["ca_crt"] = "Certification authority certificate"; @@ -107,8 +116,9 @@ $i18n["sql"] = "SQL"; $i18n["ldap"] = "LDAP"; $i18n["ssl"] = "SSL"; - $i18n["htpasswd"] = "Htpasswd"; + $i18n["radius"] = "RADIUS"; $i18n["auth_used"] = "This authentication method is used by some applications"; + $i18n["radius_auth"] = "RADIUS authentication"; $i18n["bdd"] = "Database"; $i18n["bdd_host"] = "Database address"; @@ -127,11 +137,11 @@ $i18n["ldap_group_member"]= "Searching attribute in groups"; $i18n["ldap_group_is_dn"]= "Searching attibute is a DN"; - $i18n["enable_acl"] = "Access list administration"; + $i18n["enable_acl"] = "ACL administration"; $i18n["acl_enabled"] = "Adminitrate an access list"; $i18n["disable_acl"] = "Allow for all"; - $i18n["user_access"] = "Access list by user"; - $i18n["group_access"] = "Acess list by group"; + $i18n["user_access"] = "ACL by user"; + $i18n["group_access"] = "ACL by group"; $i18n["avail_user"] = "Available users list"; $i18n["in_user"] = "Authorized users list"; $i18n["avail_group"] = "Available groups list"; @@ -148,9 +158,9 @@ $i18n["stat"] = "Statistics"; /* Filtering */ - $i18n["filter"] = "Applicatives filter"; + $i18n["filter"] = "Applicatives filters"; $i18n["filter_config"] = "Mod_security configuration"; - $i18n["rules"] = "Règles de filtrage"; + $i18n["rules"] = "Filter rules"; $i18n["add_filter"] = "Add an applicative filter"; $i18n["edit_filter"] = "Edit an applicative filter"; $i18n["filter_used"] = "This filter is used by some applications"; @@ -162,6 +172,9 @@ $i18n["edit_log"] = "Edit a log format"; $i18n["log_used"] = "This log format is used"; $i18n["log_rules"] = "Apache Directives"; + + /* Help */ + $i18n["check_update"] = "Check for updates"; ?>