NetReg 1.5.1p11 =============== Changes since 1.5.1p10: All --- Added ability to require all traffic be conducted over an SSL-encrypted connection (HTTPS) so that authentication details cannot be sniffed. Moved usr/lib/perl5/site_perl/Net/NetReg in the tarball to usr/local/share/perl5/Net/NetReg to reflect Red Hat 6's paths. Cookie.pm --------- New module to support cookie-based sessions. Requires these packages: perl-CGI-Session perl-Crypt-CBC perl-Crypt-Rijndael Html.pm ------- Added &ssl_check to force SSL connections. Added no-cache headers. Added ability to not have logos displayed (by setting them to undefined). Added &new_userform. Fixed bug where percent signs in user input would cause sort arrows to fail to display on tables. Added 'nosort' attribute to &display_table. Shared.pm --------- &build_host_entry now puts quotes around ddns-hostname, fixing an issue where periods in the name would cause DHCPd to fail. Fixed a race condition that caused 2 identical registrations submitted at the same (say, if the user submitted the form twice in quick succession) to receive the same serial number. This was fixed by adding a new function, &safe_open_dhcpdconf, that maintains an exclusive lock on the $DHCPDCONF file so that it will not have to be locked twice. Updated &get_input to use "\n" as a separator instead of ":", and to promote the 'remove' field to an array. This is needed by the new self-deletion functionality added to register.cgi. Variables.pm ------------ Added $FORCE_SSL to enable/disable HTTPS connections. $USE_NESSUS is now set off by default. Fixed formatting of Variables.pm man page. Consolidated $FTPSERVER, $IMAPSERVER, $POPSERVER into one $SERVER variable. Made $LOGO_ORG and $LOGO_IT more flexible. They are now arbitrary URLs rather than files that must be under $GFX. Consolidated paths to various files into a single %PATHS hash. Rearranged the sections and added a message about guest support that is only displayed if the guest functionality is enabled. Added $POLICY to hold the usage policy that is part of the personally-owned device and guest registration pages. netreg.css ---------- Added styles for the delete registration table. refresh-dhcpdconf ----------------- Fixed file copy bug that could result in loss of hosts database. register.cgi ------------ Integrated the original static HTML page (registration.html) into this file. Link to guest registration is now dynamic and only displayed if guest access is actually enabled. Added ability to register devices that do not have web browsers. Certain video game consoles and blu-Ray players, for example. Added ability to remove old registrations when the registration limit is reached. register.html ------------- Replaced contents with a redirect to register.cgi. root crontab ------------ Added line to clean up stale sessions. NetReg 1.5.1p10 =============== Changes since 1.5.1p9: All --- Many small code clean-ups. Html.pm ------- Removed need for CGIs to set the SCRIPT constant. Consolidated &print_*_header functions into &print_header. Consolidated &print_*_footer functions into &print_footer. Eliminated &print_*_sucess functions. Error messages printed from command-line applications no longer have HTML formatting. Shared.pm --------- Fixed bug in &safe_open's file locking. Fixed bug that prevented periods from being allowed in user names. Variables.pm ------------ Consolidated organization details such as name and where to get help into %ORG. Consolidated LDAP, Nessus, and RADIUS configuration into hashes. Subnet.pm --------- Calling &parse_subnets is no longer necessary, as it is called automatically when the library is loaded. Changed %masks into @masks since the data it contained was better suited to representation as a list. NetReg 1.5.1p9 ============== Changes since 1.5.1p8: guest.cgi, guest.db, guest.html ------------------------------- New files providing guest access. Html.pm ------- Added &print_guest_footer, &print_guest_header, &print_guest_success Shared.pm --------- &get_mac now returns a valid MAC for hosts with manual and static registrations. Fixed bug where passwords containing octothorpe characters were not working. Updated &iso8601 to take an optional time argument. Variables.pm ------------ Renamed $LDAP_URL to $DIRECTORY_URL. Simplified $LDAP_* variables. Removed %AUTH_MOD since it is static and only register.cgi uses it. Added guest settings: $GUEST_OK, %GUEST Consolidated $HELP_TEXT and $TECH_TEXT into a hash, %SIDEBAR registration.html ----------------- Link to guest.html added. NetReg 1.5.1p8 ============== Changes since 1.5.1p7: Html.pm ------- Reworked table display routines to be more generic so that the subnet overview could use them and take advantage of sorted display. Shared.pm --------- Removed $mac argument from &append_host_entry that was only used by register.cgi. Functionality is maintained by having register.cgi set @FORM{'mac', 'enforce_maxreg'}. Unified &append_host_entry and &remove_registration into one function: &modify_hosts. This was done so modifications (as performed by admin.cgi) can be done with one file lock rather than two, eliminating a potential race condition where a different process could lock the file after the old entry had been deleted but before its replacement had been added. Fixed bug where modifying a record from one registration type to another was not being allowed. Fixed bug where multiple registrations from the same user within the same minute would cause corruption of $DHCPDCONF.new. This was a problem when technicians would register an entire lab at once by visiting each machine in turn. &get_input now canonicalizes MAC fields so it doesn't have to be done throughout the software. Variables.pm ------------ Added $DHCPDPID, used by refresh-dhcpdconf. admin.cgi --------- Subnet overview can now be sorted by column. Deletion of entire lists of MACs is now possible. tech.cgi -------- Technicians may now register multiple machines (aka, an entire lab) at once. refresh-dhcpdconf ----------------- Rewritten in Perl to respect file locking. NetReg 1.5.1p7 ============== Changes since 1.5.1p3: All --- Added a new user type, the technician. Changed the form name "unrip" to "subnet" and "user" to "uid". This was done partially because "unrip" is a non-intuitive name but mostly to make it easier to display required fields differently. Required fields in the admin and tech interfaces are now displayed emphasized. Footnotes for fields in the admin and tech interfaces are now links to the associated footnote text. Admin and tech interfaces now display an error message if not all required form fields were provided. Shared.pm --------- Added new functions: &build_host_entry &modify_hosts Change scanning $DHCPDCONF.new in &append_host_entry. It now uses the slurp method and a case-sensitive MAC search, resulting in roughly two orders of magnitude performance increase. Rewrote &get_mac to fix a subtle bug where if an IP had been reused an invalid MAC could be returned. Added &leases_search to pull information from the leases file. This is only somewhat useful within NetReg proper, but is quite useful when writing extra scripts to do reporting and maintenance on the DHCP and leases databases. Added &validate_host to perform extra checks on potential host entry data to make sure the new entry is legal and does not conflict with any existing entries. Multiple registrations for the same MAC are now allowed if all registrations for the same MAC are of the same type, that type is not dynamic, and there is no more than 1 IP per subnet. This is desireable so that firewalls and network monitoring equipment may be managed via NetReg. Added locking to all file accesses, reducing the likelihood of corrupting the DHCP hosts file. Variables.pm ------------ Merged $LEASESPATH and $LEASESFILE into $LEASESFILE. admin.cgi --------- A column for the IP address was added to view subnet and find user. Manual IPs in view subnet and find user are styled, to differentiate them from static IPs. Active IPs in the lease manager are now styled instead of marked with a red dot. NetReg 1.5.1p3 ============== Changes since 1.5.1: All --- XHTML 1.0 strict compliance, tested with http://validator.w3.org/. Removed unused graphics files. Added graphics for entry modification links. Replaced images with PNG versions that have transparency set properly instead of merely using white backgrounds. Switching to PNG also reduced graphic file size by a factor ranging between 3 and 10. Added a few documents describing network usage policy in greater detail. Naturally, these would have to be customized for another organization's installation. Reformatted function calls to use the newer "&function" style instead of "function()". Editors with a Perl mode should now format the function names correctly. Removed white space at the end of lines. Added optional expiration dates to registrations. Changed dhcpd.hosts format: Manual registrations are like static registrations, but commented out. Added a registrant field to describe who actually registered the device. Added a comment field. Create redirects so URLS of the form http://netreg.example.com/admin and http://netreg.example.com/tech will be redirected to the admin and tech pages, respectively. Html.pm ------- Simplified how the date to be displayed is found in ®err. It could be simplified further if POSIX was loaded, but at the possible expense of reduced portability. Consolidated common code between &admin_error and ®err (created new function &print_error). Added ability to specify extra headers to the output of &print_header. Added "Net::" to synopsis section of POD to correct minor error. Renamed functions to be more consistent. Functions only used by register.cgi have reg in their name now, for example. Added '#Self Registered' to the end of DHCP host records that were registered using register.cgi. At our installation we had previously marked such entries with '#Student', but that isn't generic enough for all installations. Added functions for tech headers and footers. Simplified the @EXPORT_OK variable definition. Changed error log date format to ISO-8601. Shared.pm --------- New library added to contain common functions. Cleaned up serial number calculation in &append_host_entry. For manual registrations, added the actual user who performed the registration to the DHCP comment. Changed date format in hosts file to ISO-8601. Added new functions: &canonical_mac &check_allowed &check_blacklist &get_mac &iso8601 Added an optional expiration date to &append_host_entry. Added more Platform options to the admin form. Changed $MAXREG comparison to use the number of previous registrations rather than the highest registration number. Variables.pm ------------ Added variables: $SELF - URL of the script that is running $LOGO_IT - filename of IT department logo $LOGO_ORG - filename of organization logo $HELP_TEXT - sidebar contents for regular users $TECH_TEXT - sidebar for techs $COPYRIGHT - copyright notice Removed unused $ADMINPATH. Simplified the @EXPORT_OK variable definition. Merged $DHCPDCONFPATH and $DHCPDCONFFILE into $DHCPDCONF. admin.cgi --------- Added "use warnings". Simplified how the date to be displayed is found in &append_host_entry. Fixed $DHCPDCONFFILE.new opened twice in a row in &find_lease. External program ps is now run once instead of thrice in &server_manager. Simplified MAC entry field on the manual registration page. Now it is only 1 field instead of 6, so administrators can cut and paste data into the form from another program rather than having to retype the data in 2 character chunks. Closed the form element in &find_form. Removed useless undef in &get_input. Removed unneeded &get_color function (CSS is used for coloring instead). Deletion functionality moved from &find_lease to its own function &delete_reg because the old structure was not intuitive. Added a delete registration link to the interface, making it easier to delete the current machine's registration, or any other machine that one knows the MAC address of. Moved &append_host_entry and &get_input to Shared.pm. Removed global variable $MAC. Replaced calls to &admin_error with the unified error handler &report_error. Changes to &subnet_overview to improve code readability and memory usage. Consolidated table displays from &find_conf, &find_lease, and &view_subnet into one function. &server_manager and &subnet_overview still create their own tables. Added ability to sort search results for tables displayed by the consolidated table display function. Added ability to register hosts who use statically assigned DHCP, and hosts that are configured fully manually (they just receive a comment in the dhcpd.hosts file for record keeping purposes). Changed several functions to use &dhcpd_search in Shared.pm instead of their own searching routines. Added ability to modify entries. Added ability to edit extra dhcp fields. This is useful, for example, if registering LTSP (Linux Terminal Server Project) machines. In that case entries like this would be put in the extra field: next-server 192.168.0.10; filename "/lts/vmlinuz.ltsp"; option root-path "192.168.0.10:/opt/ltsp/i386"; option host-name "ws001"; register.cgi ------------ Simplified how the date to be displayed is found in &append_host_entry. Tightened regexes in &get_host_info Removed unused variables in the Net::NetReg::Variables import Moved &append_host_entry and &get_input to Shared.pm. Code readability improvements: Split authentication methods into their own functions Changed "unless ($a != $b)" structures to "if ($a == $b)" Simplified some conditionals Removed useless undef in &get_input Replaced calls to ®err with the unified error handler &report_error. tech.cgi -------- New file added to provide a technician user. netreg.css ---------- New file added to provide styles. netreg-admin.css ---------------- New file provides styles specific to admin.cgi's output. These styles were separated from the main netreg.css so regular users won't have to download as large of a file. refresh-dhcpdconf ----------------- Improved error handling. expire-registrations -------------------- New file added to perform registration expirations. NetReg 1.5.1 ============ New features: + Numerous bug fixes + Inclusion of Robert Lowe's CIDR-Kit which provides: o Classless Inter-Domain Routing notation subnet definitions o Improved code organization o Updated script for restarting DHCP o Ability to limit # of registrations per user o New authentication methods -- IMAP, LDAP/ActiveDirectory, and Radius -- with load-balancing for multiple LDAP and Radius servers. o File-locking for safe updates o Manual registration capability for XBoxes, Playstations, etc. o Improved graphing capabilities in the admin GUI + Net::Nessus::ScanLite support + Blacklisting capabilities + Tailored to Apache-2 and BIND-9 + An updated NetReg install "HowTo" guide + New authentication mechanism (LDAP+SSL) Many thanks to everyone in the NetReg community who have so graciously provided feedback, bug reports, code contributions, and most importantly support to each other. Please see NetReg-1.5-HowTo.pdf for installation instructions.