PacketFence - BTS - PacketFence
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0001242PacketFenceconfigurationpublic2011-08-04 15:442011-10-24 20:17
Reporterfgaudreault 
Assigned Tofgaudreault 
PrioritylowSeveritytweakReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Versiondevel 
Target Version3.0.2Fixed in Version3.0.2 
fixed in git revision
fixed in mtn revision358aae97063184220ec65b41464eb271defbe536
Summary0001242: Doubled allow network subnets in generated captive-portal-common.conf
DescriptionWith the latest trunk release, we are seeing the generated captive-portal-common.conf file double the authorized network subnets for the captive portal.

Steps To Reproduce
Additional InformationExemple:

# Access control
<DirectoryMatch "/usr/local/pf/html/captive-portal">
  Order deny,allow
  Deny from all
  allow from 192.168.2.0/24 192.168.3.0/24 192.168.4.0/24 192.168.6.0/24 127.0.0.0/24 192.168.3.0/24 192.168.2.0/24 127.0.0.1 10.0.1.10
</DirectoryMatch>

We can see 192.168.2.0 and 192.168.3.0 generated twice.
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2011-08-04 15:44fgaudreaultNew Issue
2011-08-17 16:36obilodeauTarget Version => +1
2011-09-29 16:45fgaudreaultNote Added: 0002306
2011-09-29 16:46fgaudreaultNote Edited: 0002306
2011-09-29 16:46fgaudreaultNote Edited: 0002306
2011-09-30 16:17fgaudreaultmtn revision => 358aae97063184220ec65b41464eb271defbe536
2011-09-30 16:17fgaudreaultNote Added: 0002307
2011-09-30 16:17fgaudreaultStatusnew => resolved
2011-09-30 16:17fgaudreaultFixed in Version => +1
2011-09-30 16:17fgaudreaultResolutionopen => fixed
2011-09-30 16:17fgaudreaultAssigned To => fgaudreault
2011-10-24 20:15obilodeauTarget Version+1 => 3.0.2
2011-10-24 20:15obilodeauNote Added: 0002390
2011-10-24 20:16obilodeauStatusresolved => closed
2011-10-24 20:17obilodeauFixed in Version+1 => 3.0.2

Notes
(0002306)
fgaudreault   
2011-09-29 16:45   
(edited on: 2011-09-29 16:46)
Problematic code identified :
# Access control
<DirectoryMatch "%%install_dir%%/html/captive-portal">
  Order deny,allow
  Deny from all
  allow from %%internal-nets%% %%routed-nets%% 127.0.0.1
</DirectoryMatch>

Since vlan-registration or vlan-isolation are considered as routed-nets, we will print them in double because they are also internal-nets in some cases.

Suggestion: Use routed-nets only, and use another variable to add the inline subnets.
(0002307)
fgaudreault   
2011-09-30 16:17   
Inline VLAN in networks.conf are included in the template variable routed-nets.
(0002390)
obilodeau   
2011-10-24 20:15   
fix released in 3.0.2