# # old_revision [0544757e0c99f59496082b8fca638b9bf4547fad] # # patch "pf/lib/pf/SNMP/AeroHIVE.pm" # from [3f488e068e862e100d4b5635950077d1a453336a] # to [184ee86cfccce3cd3b0b1edac282b6fbed4faca2] # # patch "pf/lib/pf/SNMP/Cisco/Catalyst_2950.pm" # from [88c7d5886a6faf3bd53bb49840c145f28a460057] # to [919f1bd1b0429ffbe15d7d2e237575f2862ff2d5] # # patch "pf/lib/pf/SNMP/Cisco/Catalyst_3500XL.pm" # from [afd873fb6b319cf890cad8d3c3a6579bbe2c45f1] # to [a1fda26055fe3818fbfe2d2e6fe01f07b392204e] # # patch "pf/lib/pf/SNMP/Cisco/ISR_1800.pm" # from [b52cf40a14276ec13afae0a45c12fb75cb108695] # to [7cf45f6aae7aa8aa5b7d38aa919fc9bcc09434c0] # # patch "pf/lib/pf/SNMP/Cisco/WLC_2106.pm" # from [ad6b3bff69de98de90463739c5536648b542f6cc] # to [34aa610cd893c63c79427b3ff4bdf03fb62f43c1] # # patch "pf/lib/pf/SNMP/Extreme.pm" # from [359edbbc24e0e42af83199f1cff20979bc119348] # to [ea3b4ea0f9592e6618cffa1a7328de8635b31b10] # # patch "pf/lib/pf/SNMP/Meru.pm" # from [de0b534622be99341e96e45927c184d2364e0341] # to [082f6738a7f4d33a23bbfd7e0ae9476e5b6be148] # ============================================================ --- pf/lib/pf/SNMP/AeroHIVE.pm 3f488e068e862e100d4b5635950077d1a453336a +++ pf/lib/pf/SNMP/AeroHIVE.pm 184ee86cfccce3cd3b0b1edac282b6fbed4faca2 @@ -124,6 +124,8 @@ Right now te only way to do it is from t Right now te only way to do it is from the CLi (through Telnet or SSH). +Warning: this code doesn't support elevating to privileged mode. See #900 and #1370. + =cut sub _deauthenticateMacTelnet { my ( $this, $mac ) = @_; ============================================================ --- pf/lib/pf/SNMP/Cisco/Catalyst_2950.pm 88c7d5886a6faf3bd53bb49840c145f28a460057 +++ pf/lib/pf/SNMP/Cisco/Catalyst_2950.pm 919f1bd1b0429ffbe15d7d2e237575f2862ff2d5 @@ -204,7 +204,8 @@ sub clearMacAddressTable { Name => $this->{_cliUser}, Password => $this->{_cliPwd} ); - $session->begin_privileged( $this->{_cliEnablePwd} ); + # Session not already privileged are not supported at this point. See #1370 + # $session->begin_privileged( $this->{_cliEnablePwd} ); }; if ($@) { @@ -480,11 +481,12 @@ sub ping { return 1; } - if ( !$session->begin_privileged( $this->{_cliEnablePwd} ) ) { - $logger->error( "ERROR: Cannot enable: " . $session->errmsg ); - $session->close(); - return 1; - } + # Session not already privileged are not supported at this point. See #1370 + #if ( !$session->begin_privileged( $this->{_cliEnablePwd} ) ) { + # $logger->error( "ERROR: Cannot enable: " . $session->errmsg ); + # $session->close(); + # return 1; + #} $session->cmd("ping $ip timeout 0 repeat 1"); $session->close(); @@ -638,6 +640,10 @@ Sets the maximum number of MAC addresses Sets the maximum number of MAC addresses on the data vlan for port-security on a port +Warning: this method should _never_ be called in a thread. Net::Appliance::Session is not thread safe: + +L + =cut sub setPortSecurityMaxSecureMacAddrVlanAccessByIfIndex { my ( $this, $ifIndex, $maxSecureMac ) = @_; @@ -671,17 +677,18 @@ sub setPortSecurityMaxSecureMacAddrVlanA $logger->error("Error connecting to " . $this->{'_ip'} . " using ".$this->{_cliTransport} . ". Error: $!"); } + # Session not already privileged are not supported at this point. See #1370 # are we in enabled mode? - if (!$session->in_privileged_mode()) { + #if (!$session->in_privileged_mode()) { - # let's try to enable - if (!$session->enable($this->{_cliEnablePwd})) { - $logger->error("Cannot get into privileged mode on ".$this->{'ip'}. - ". Are you sure you provided enable password in configuration?"); - $session->close(); - return 0; - } - } + # # let's try to enable + # if (!$session->enable($this->{_cliEnablePwd})) { + # $logger->error("Cannot get into privileged mode on ".$this->{'ip'}. + # ". Are you sure you provided enable password in configuration?"); + # $session->close(); + # return 0; + # } + #} eval { $session->cmd(String => "conf t", Timeout => '10'); ============================================================ --- pf/lib/pf/SNMP/Cisco/Catalyst_3500XL.pm afd873fb6b319cf890cad8d3c3a6579bbe2c45f1 +++ pf/lib/pf/SNMP/Cisco/Catalyst_3500XL.pm a1fda26055fe3818fbfe2d2e6fe01f07b392204e @@ -146,7 +146,8 @@ sub clearMacAddressTable { Name => $this->{_cliUser}, Password => $this->{_cliPwd} ); - $session->begin_privileged( $this->{_cliEnablePwd} ); + # Session not already privileged are not supported at this point. See #1370 + #$session->begin_privileged( $this->{_cliEnablePwd} ); }; if ($@) { $logger->error( ============================================================ --- pf/lib/pf/SNMP/Cisco/ISR_1800.pm b52cf40a14276ec13afae0a45c12fb75cb108695 +++ pf/lib/pf/SNMP/Cisco/ISR_1800.pm 7cf45f6aae7aa8aa5b7d38aa919fc9bcc09434c0 @@ -134,17 +134,18 @@ sub getMacBridgePortHash { return %macBridgePortHash; } + # Session not already privileged are not supported at this point. See #1370 # are we in enabled mode? - if (!$session->in_privileged_mode()) { + #if (!$session->in_privileged_mode()) { - # let's try to enable - if (!$session->enable($this->{_cliEnablePwd})) { - $logger->error("Cannot get into privileged mode on ".$this->{'ip'}. - ". Are you sure you provided enable password in configuration?"); - $session->close(); - return %macBridgePortHash; - } - } + # # let's try to enable + # if (!$session->enable($this->{_cliEnablePwd})) { + # $logger->error("Cannot get into privileged mode on ".$this->{'ip'}. + # ". Are you sure you provided enable password in configuration?"); + # $session->close(); + # return %macBridgePortHash; + # } + #} # command that allows us to get MAC to ifIndex information my $command = "show mac-address-table"; ============================================================ --- pf/lib/pf/SNMP/Cisco/WLC_2106.pm ad6b3bff69de98de90463739c5536648b542f6cc +++ pf/lib/pf/SNMP/Cisco/WLC_2106.pm 34aa610cd893c63c79427b3ff4bdf03fb62f43c1 @@ -82,7 +82,9 @@ sub deauthenticateMac { Name => $this->{_cliUser}, Password => $this->{_cliPwd} ); - $session->begin_privileged( $this->{_cliEnablePwd} ); + # Session not already privileged are not supported at this point. See #1370 + #$session->begin_privileged( $this->{_cliEnablePwd} ); + $session->->do_privileged_mode(0); $session->begin_configure(); }; ============================================================ --- pf/lib/pf/SNMP/Extreme.pm 359edbbc24e0e42af83199f1cff20979bc119348 +++ pf/lib/pf/SNMP/Extreme.pm ea3b4ea0f9592e6618cffa1a7328de8635b31b10 @@ -1392,6 +1392,8 @@ On this switch, the lock-learning is a p On this switch, the lock-learning is a per-vlan attribute so it performs it on the current untagged VLAN of the ifIndex +Warning: this code doesn't support elevating to privileged mode. See #900 and #1370. + =cut sub _setPortSecurityByIfIndexCLI { my ( $this, $ifIndex, $enable ) = @_; ============================================================ --- pf/lib/pf/SNMP/Meru.pm de0b534622be99341e96e45927c184d2364e0341 +++ pf/lib/pf/SNMP/Meru.pm 082f6738a7f4d33a23bbfd7e0ae9476e5b6be148 @@ -157,6 +157,7 @@ sub deauthenticateMac { return; } + # Session not already privileged are not supported at this point. See #1370 #if (!$session->in_privileged_mode()) { # if (!$session->enable($this->{_cliEnablePwd})) { # $logger->error("Cannot get into privileged mode on ".$this->{'ip'}.