
| Anonymous | Login | 2025-10-25 06:19 EDT |  | 
| Main | My View | View Issues | Change Log | Roadmap | 
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |||
| 0001273 | PacketFence | core | public | 2011-09-21 15:54 | 2011-10-24 20:17 | |||
| Reporter | dwuelfrath | |||||||
| Assigned To | obilodeau | |||||||
| Priority | high | Severity | major | Reproducibility | random | |||
| Status | closed | Resolution | fixed | |||||
| Platform | OS | OS Version | ||||||
| Product Version | 3.0.0 | |||||||
| Target Version | 3.0.2 | Fixed in Version | 3.0.2 | |||||
| Summary | 0001273: enforcement calls should be executed by root | |||||||
| Description | got an issue with iptables locks when captive portal (apache) tryed to change the iptables rules and there was a lock issued by a root process (pfcmd) | |||||||
| Additional Information | Sep 21 15:29:06 redir.cgi(0) INFO: 90:e6:ba:70:e7:4b being redirected (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Sep 21 15:29:06 redir.cgi(0) INFO: MAC 90:e6:ba:70:e7:4b shouldn't reach here. Calling access re-evaluation. Make sure your network device configuration is correct. (ModPerl::ROOT::ModPerl::PerlRun::usr_local_pf_html_captive_2dportal_redir_2ecgi::handler) Sep 21 15:29:06 redir.cgi(0) INFO: re-evaluating access for node 90:e6:ba:70:e7:4b (redir.cgi called) (pf::enforcement::reevaluate_access) Sep 21 15:29:06 redir.cgi(0) INFO: MAC: 90:e6:ba:70:e7:4b stated changed, adapting firewall rules for proper enforcement (pf::inline::performInlineEnforcement) Sep 21 15:29:06 redir.cgi(0) FATAL: Cannot access lockfile:[/var/lock/iptables_cmd_lock] Permission denied at /usr/local/pf/lib/IPTables/Interface.pm line 72 | |||||||
| Tags | No tags attached. | |||||||
| fixed in git revision | ||||||||
| fixed in mtn revision | 81d568ba1a2fecffe8e76b3a869c313b596138c0 | |||||||
| Attached Files | ||||||||
|  Notes | |
| (0002230) obilodeau (reporter) 2011-09-21 22:12 | targeted to +1, affecting 3.0. increased priority. If you are bitten by this and desperately need a workaround we probably can come up with something quickly. Contact us here, on the mailing list or on IRC. | 
| (0002376) obilodeau (reporter) 2011-10-24 12:07 | fix committed. Here's the commit entry: refactoring: made sure that access re-evaluation runned in privileged daemons. Fixes 0001273 Quite an intrusive fix: Everyone except pfdhcplistener in inline enforcement now calls pf::enforcement to request a VLAN or firewall rule change. This includes captive portal, pfcmd, pfcmd_vlan (previously flip.pl). pf::enforcement now emit proper traps to pfsetvlan (reAssignVlan, desAssociate and the new firewallRequest) and then pfsetvlan takes care of calling SNMP modules (port-sec), pfcmd_vlan (dot1x, MAC-Auth) or pf::inline (firewall). pfsetvlan runs as root so firewall changes are done as root. Doing so we also chopped one or two locationlog lookups so that's a good thing. - Inline API bump: new method call in pf::inline: isInlineEnforcementRequired - chopped advanced.adjustswitchportvlanscript config parameter since everything is now through pf::enforcement http://www.packetfence.org/bugs/view.php?id=1273 [^] | 
| (0002389) obilodeau (reporter) 2011-10-24 20:15 | fix released in 3.0.2 | 
|  Issue History | |||
| Date Modified | Username | Field | Change | 
| 2011-09-21 15:54 | dwuelfrath | New Issue | |
| 2011-09-21 22:12 | obilodeau | Note Added: 0002230 | |
| 2011-09-21 22:12 | obilodeau | Priority | normal => high | 
| 2011-09-21 22:12 | obilodeau | Severity | minor => major | 
| 2011-09-21 22:12 | obilodeau | Product Version | => 3.0.0 | 
| 2011-09-21 22:12 | obilodeau | Target Version | 3.0.0 => +1 | 
| 2011-10-24 08:53 | obilodeau | Status | new => assigned | 
| 2011-10-24 08:53 | obilodeau | Assigned To | => obilodeau | 
| 2011-10-24 12:07 | obilodeau | mtn revision | => 81d568ba1a2fecffe8e76b3a869c313b596138c0 | 
| 2011-10-24 12:07 | obilodeau | Note Added: 0002376 | |
| 2011-10-24 12:07 | obilodeau | Status | assigned => resolved | 
| 2011-10-24 12:07 | obilodeau | Fixed in Version | => +1 | 
| 2011-10-24 12:07 | obilodeau | Resolution | open => fixed | 
| 2011-10-24 20:15 | obilodeau | Target Version | +1 => 3.0.2 | 
| 2011-10-24 20:15 | obilodeau | Note Added: 0002389 | |
| 2011-10-24 20:16 | obilodeau | Status | resolved => closed | 
| 2011-10-24 20:17 | obilodeau | Fixed in Version | +1 => 3.0.2 | 
| Copyright © 2000 - 2012 MantisBT Group |