Merge branch 'devel' into feature/netdata-upgrade14

inverse-inc · Dec 5, 2024 · 061f4cf · 061f4cf
2 parents 90d9964 + ecc1b21
commit 061f4cf
Show file tree

Hide file tree

Showing 301 changed files with 10,559 additions and 4,390 deletions.
diff --git a/.github/workflows/packetfence-perl_build_image_package.yml b/.github/workflows/packetfence-perl_build_image_package.yml
@@ -101,7 +101,7 @@ jobs:
           PATH_PACKAGE: ${{ inputs._IMAGE_TYPE == 'rhel8' &&  'rhel8' || 'debian' }}
 
       - name: Upload the package to artifactory ${{inputs._IMAGE_TYPE}}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4.4.3
         with:
           name: ${{ env.ARTIFACTORY_NAME }}
           path:  ${{ inputs._OUTPUT_DIRECTORY }}/${{ env.PATH_PACKAGE }}/packages/${{ env.PACKAGE_NAME }}

diff --git a/.github/workflows/perl-client_build_package.yml b/.github/workflows/perl-client_build_package.yml
@@ -70,7 +70,7 @@ jobs:
           CI_COMMIT_REF_NAME: ${{ inputs._BRANCH_NAME }}
 
       - name: Upload the package to artifactory ${{inputs._IMAGE_TYPE}}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4.4.3
         with:
           name: ${{ env.ARTIFACTORY_NAME }}
 #          path:  /__w/packetfence/packetfence/addons/perl-client/result/${{ inputs._IMAGE_TYPE == 'rhel8' && 'centos/8' || inputs._IMAGE_TYPE == 'debian11' && 'debian/bookworm'}}/${{ env.PACKAGE_NAME }}

diff --git a/.gitignore b/.gitignore
@@ -49,9 +49,11 @@ conf/mfa.conf
 conf/proxysql.conf
 conf/uploads
 conf/kafka.conf
+conf/config.toml
 db/upgrade-tenant-11.2-12.0.sql
-bin/pfcmd
 bin/ntlm_auth_wrapper
+bin/pfcmd
+bin/pfcrypt
 src/mariadb_udf/*.o
 src/mariadb_udf/*.so
 src/mariadb_udf/test_pf_udf
@@ -219,6 +221,7 @@ conf/templates/emails-guest_sponsor_preregistration.txt.tt
 conf/dns_filters.conf
 conf/mariadb/*.tt
 conf/unified_api_system_pass
+conf/system_init_key
 html/pfappserver/pfappserver.conf
 html/captive-portal/captiveportal.conf
 nytprof/

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -389,6 +389,10 @@ variables:
     DST_FILE: layouts/partials/about/material.html
   script:
     - ${BUILDDIR}/generate-material.sh
+  artifacts:
+    expire_in: 1 day
+    paths:
+      - result/material.html
   tags:
     - shell
 
@@ -630,7 +634,6 @@ pfdeb_based_dev:
           - "httpd.aaa"
           - "httpd.admin_dispatcher"
           - "httpd.webservices"
-          - "radiusd"
           - "pfsetacls"
           - "pfsso"
           - "pfperl-api"
@@ -662,7 +665,20 @@ rad_based_dev:
   extends:
     - .build_img_container_job_dev
     - .build_img_container_devel_rules
-  needs: ["pfdeb_based_dev"]
+  needs: ["pfdeb_dev"]
+  variables:
+    IMAGE_TAGS: "${CI_COMMIT_REF_SLUG},latest"
+  parallel:
+    # /!\ Be sure to update this list in all other matrix /!\
+    matrix:
+      - IMAGE_NAME:
+          - "radiusd"
+
+rad_extend_dev:
+  extends:
+    - .build_img_container_job_dev
+    - .build_img_container_devel_rules
+  needs: ["rad_based_dev"]
   variables:
     IMAGE_TAGS: "${CI_COMMIT_REF_SLUG},latest"
   parallel:
@@ -714,7 +730,6 @@ pfdeb_based_br_maint:
           - "httpd.aaa"
           - "httpd.admin_dispatcher"
           - "httpd.webservices"
-          - "radiusd"
           - "pfsetacls"
           - "pfsso"
           - "pfperl-api"
@@ -746,7 +761,20 @@ rad_based_br_maint:
   extends:
     - .build_img_container_job_br_maint
     - .build_img_container_branches_and_maintenance_rules
-  needs: ["pfdeb_based_br_maint"]
+  needs: ["pfdeb_br_maint"]
+  variables:
+    IMAGE_TAGS: ${CI_COMMIT_REF_SLUG}
+  parallel:
+    # /!\ Be sure to update this list in all other matrix /!\
+    matrix:
+      - IMAGE_NAME:
+          - "radiusd"
+
+rad_extend_br_maint:
+  extends:
+    - .build_img_container_job_br_maint
+    - .build_img_container_branches_and_maintenance_rules
+  needs: ["rad_based_br_maint"]
   variables:
     IMAGE_TAGS: ${CI_COMMIT_REF_SLUG}
   parallel:
@@ -798,7 +826,6 @@ pfdeb_based_cloud_nac:
           - "httpd.aaa"
           - "httpd.admin_dispatcher"
           - "httpd.webservices"
-          - "radiusd"
           - "pfsetacls"
           - "pfsso"
           - "pfperl-api"
@@ -830,7 +857,20 @@ rad_based_cloud_nac:
   extends:
     - .build_img_container_job_cloud_nac
     - .build_img_container_cloud_nac_rules
-  needs: ["pfdeb_based_cloud_nac"]
+  needs: ["pfdeb_cloud_nac"]
+  variables:
+    IMAGE_TAGS: ${CI_COMMIT_REF_SLUG}-${CI_PIPELINE_ID}
+  parallel:
+    # /!\ Be sure to update this list in all other matrix /!\
+    matrix:
+      - IMAGE_NAME:
+          - "radiusd"
+
+rad_extend_cloud_nac:
+  extends:
+    - .build_img_container_job_cloud_nac
+    - .build_img_container_cloud_nac_rules
+  needs: ["rad_based_cloud_nac"]
   variables:
     IMAGE_TAGS: ${CI_COMMIT_REF_SLUG}-${CI_PIPELINE_ID}
   parallel:
@@ -882,7 +922,6 @@ pfdeb_based_rel:
           - "httpd.aaa"
           - "httpd.admin_dispatcher"
           - "httpd.webservices"
-          - "radiusd"
           - "pfsetacls"
           - "pfsso"
           - "pfperl-api"
@@ -914,7 +953,20 @@ rad_based_rel:
   extends:
     - .build_img_container_job_rel
     - .release_only_rules
-  needs: ["pfdeb_based_rel"]
+  needs: ["pfdeb_rel"]
+  variables:
+   IMAGE_TAGS: ${CI_COMMIT_TAG}
+  parallel:
+    # /!\ Be sure to update this list in all other matrix /!\
+    matrix:
+      - IMAGE_NAME:
+          - "radiusd"
+
+rad_extend_rel:
+  extends:
+    - .build_img_container_job_rel
+    - .release_only_rules
+  needs: ["rad_based_rel"]
   variables:
     IMAGE_TAGS: ${CI_COMMIT_TAG}
   parallel:
@@ -1105,14 +1157,14 @@ build_artifacts_website_release:
     - .release_only_rules
 
 # build_artificats_material job for development
-material_devel_and_branches:
+build_artifacts_material_devel_and_branches:
   image: ${PFBUILD_DEB_IMG}:${PFBUILD_DEFAULT_DEV_TAG}
   extends:
     - .build_artifacts_material_job
     - .build_artifacts_material_devel_and_branches_rules
 
 # build_artificats_material job for release
-material_release:
+build_artifacts_material_release:
   image: ${PFBUILD_DEB_IMG}:${CI_COMMIT_TAG}
   extends:
     - .build_artifacts_material_job

diff --git a/Makefile b/Makefile
@@ -106,6 +106,9 @@ conf/local_secret:
 conf/unified_api_system_pass:
 	date +%s | sha256sum | base64 | head -c 32 > conf/unified_api_system_pass
 
+conf/system_init_key:
+	hexdump -e '/1 "%x"' < /dev/urandom | head -c 32 > /usr/local/pf/conf/system_init_key
+
 bin/pfcmd: src/pfcmd.c
 	$(CC) -O2 -g -std=c99  -Wall $< -o $@
 
@@ -185,7 +188,8 @@ systemd:
 pf-dal:
 	perl /usr/local/pf/addons/dev-helpers/bin/generator-data-access-layer.pl
 
-devel: configurations conf/ssl/server.key conf/ssl/server.crt conf/local_secret bin/pfcmd raddb/certs/server.crt sudo translation mysql-schema raddb/sites-enabled fingerbank chown_pf permissions bin/ntlm_auth_wrapper conf/unified_api_system_pass
+devel: configurations conf/ssl/server.key conf/ssl/server.crt conf/local_secret bin/pfcmd raddb/certs/server.crt \
+	sudo translation mysql-schema raddb/sites-enabled fingerbank chown_pf permissions bin/ntlm_auth_wrapper conf/unified_api_system_pass conf/system_init_key
 
 test:
 	cd t && ./smoke.t

diff --git a/NEWS.asciidoc b/NEWS.asciidoc
@@ -28,22 +28,44 @@ For a list of compatibility related changes see the <<PacketFence_Upgrade_Guide.
 === New Features
 
  * Upgrade to FreeRADIUS 3.2.6 (#8290)
+ * NTLM Auth multi-threaded machine-accounts (#8335)
+ * OS based Cisco Switch Modules (#8365)
+ * Secrets encrypted at rest (#8406)
 
 === Enhancements
 
  * Use proxysql packages in the docker image instead of compilling from the sources (#8267)
  * Move SSO options to Firewall SSO from Advanced (#8303)
  * PKI - Multiple certificate with same Common Name (#8310)
  * Improved Ruckus Unbound DPSK (#8315)
+ * Improved Docker images (#8337)
+ * Support for case-insensitive LDAP Explorer attributes (#8366) @E-ThanG
+ * Custom taggable LDAP Explorer attributes (e6435e8)
+ * Performance improvements on pfacct (#8369)
+ * Added Aruba-MPSK-password attribute (#6957)
+ * Reduce time to flush the RADIUS log (#8397)
+ * Improve DPSK (#8356)
+ * Improve Mikrotik Disconnect (#8418)
+ * Select the first device that matches MFA (#8400)
+ * Improve pfdhcp DB connection (#8419)
+ * Track TLS certificate attributes per node (#8416)
+ * Kafka UI Config (#8421)
 
 === Bug Fixes
 
  * Don't generate all the time a mac address when using the GenericVPN switch module (#8270)
  * Add missing parameters for authentication rule match (#8306)
+ * Fixed the dynamic role assignment issue for Aruba switch modules (#8331)
+ * Show only registered nodes on status page (#8382)
+ * Fixed pfperl-api restart (#8391)
+ * Fixed deauthOnPrevious with webauth (#7319)
+ * Fixed IP resolution on LDAP SSL verification (#6808)
+ * Fixed NAS-Port to ifIndex on Comware v7 switches (#8062) @bmp96
+ * Fix Debian sudoers (#7908) @andrew-grasso
 
 === Security Fixes
 
- * Library updates (#8307)
+ * Library updates (#8307, #8328, #8329, #8336, #8341, #8353, #8371, #8404, #8405, #8407, #8408, #8409, #8410, #8412, #8422, #8423, #8424, #8425)
 
 == Version 14.0.0 released on 2024-09-06
 

diff --git a/README.md b/README.md
@@ -95,4 +95,3 @@ Licensed under the GNU General Public License v2.
 
 [mailing_lists]: https://packetfence.org/support/index.html#/community "Community Mailing Lists"
 
-
diff --git a/addons/AD/migrate.pl b/addons/AD/migrate.pl
@@ -86,7 +86,7 @@ BEGIN
   print "Please re-run the script again or configure the domain directly through the admin UI in 'Configuration->Domain' \n";
 }
 
-pf_run("chown pf.pf $domain_config_file");
+pf_run("chown pf:pf $domain_config_file");
 
 =head1 AUTHOR
Original file line number	Diff line number	Diff line change
Expand Up		@@ -95,4 +95,3 @@ Licensed under the GNU General Public License v2.

		[mailing_lists]: https://packetfence.org/support/index.html#/community "Community Mailing Lists"