LogMailer Bug

I have updated the LogMailer program for .4-0. Instead of mv'ing the logs, i am cp'ying then rm'ing them. I don't technically know why this is neccessary, but i can make an educated guess.... I think it has something to do with the filesystem being in RAM and mv'ing the file while it is being written. I guess the file handle also gets mv'ed and when the system is done writing and closes the file handle it considers the file to be the same one it opened. Somehow this creates a link in memory to the new location in /tmp. I am guessing(please tell me if you know) that mv only changes the reference in memory, while cp creates a new reference. So i will just have the logmailer program create a cp of the existing file in /tmp then rm the original........ this should fix any short-term memory loss.

If i stop the services to mv the logs then your users will be kicked - not good.

BTW - On the ZoneCD I have done `rm -f filename` then `rm -f *` and the system gives an error "cannot remove 'filename' the file doesn't exist". Eventhough the file was already removed it is still referenced in RAM someplace.... crazy.

ZoneCD Access Program Patched

I have noticed sometimes my wireless session does not expire the way it is suppose to... or when i logout, i'm not logged-out. It's very rare, but it happens. A user will be left with access after they logout.

There was a recent discussion on the NoCat mailing list that suggested a patch to access.fw. It seems that somehow NoCat will occasionaly write two identical rules for the same client. When the user logs out or the session expires, only one rule is removed and the second rule allows the client to still have access to the Internet. Not good. I updated access.fw based on the info shared on the NoCat list. This will be in version .4-0.

Public IP Testers

You guys are starting to provide a lot of great feedback!! I am almost overwhelmed with things to fix, but i'm hangin in there.... To cut back on generating confusion in the forums, I have created a mailing list on Sourceforge for those of you that want to join in and tell me what i am doing wrong. It might be good to get several opinions on the same fix... What might appear broken to you may work for another user...

Join the list:
https://lists.sourceforge.net/lists/listinfo/publicip-testers

ZoneCD .4-0 Anybody?

Can somebody please provide me some feedback on .4-0. Looking at the logs, it appears that either no one has tried to use the server, or it doesn't work. Yesturday, things were screwed up because i had to change the machine's hostname.... never a good thing, but mail to publicip.net was not working. When the box got setup by the new hosting company they named the machine publicip.net. This means that all mail sent to publicip.net from that box tried to deliver on the same box instead of going to the real publicip.net. I got mail working, and the db connections were failing.... should be good now. If the server didn't work yesturday, please try again.....

http://www.publicip.org/mirror/dists/beta/

Control Server Updates

I am making some updates to the server that may screw things up... Please let me know if any thing is broken....

Preemie ZoneCD

OK here it is - http://www.publicip.org/mirror/dists/beta/ This ZoneCD uses the new server! You must create a login on the new Control Server here: http://xml.publicip.net/manage/ . Then run the wizards to setup your zone.

Do not use this CD in production!! Use for testing ONLY!!!

Here are some issues that i know of:

The GUI for the ZoneCD has a new toolbar that has icons to reload NoCat, run iptraf, and to goto the new control server(web shortcut). The NoCat reload and iptraf icons don't work.

On the Control Server, I still need to complete the email validation email programming, and i need to go over the customized login screens again to update them. I need to create a couple more smaller wizards for moving users from the old system to the new, and between the user tables on the Control Server.

Report all problems either by commenting on this blog or in the Control Freak forum. I don't care if you find a typo, i want to know about it. Please be brutally honest.

ZoneCD 4-0(preemie) Preview Release

I am going to make a new ZoneCD release available before the control server is "finished" so those of you that want to help me can get a copy of the iso and test it. I expect to have the iso available for download tommorrow.

The server is fully functional, but still needs to be finalized in several areas that i know of. I am a bit overwhelmed and can use some new eyes looking things over. I am sure that i have missed a few things here and there that i am not even aware of, which is why i decided to do the preemie release...

Check back here tommorow for a dl link.

Get the Message

I've been slacking a little the last few days cause my wife just gave birth to my fourth daughter, plus i am on "vacation" from my usual daily grind 8-5 job. But in typical workloholic fashion, i have found time to make some advances in the development of the new system.

Aside from some fine tuning(which is far from over), i am working on adding all of the translated messages into the db as aposed the current method of having seperate files or includes for each language...

I have also done more work on the customization screens. If you decide not to use the Public IP template, you will need to stage the login page on your web server for the login program to GET. I will have a detailed how_to for this soon...

Back to work...

Control Server "Preview"

If you want to play with the new Control Server( http://xml.publicip.net/manage/ ) , please do. I can use the feedback on the interface. But you can not use it until the next ZoneCD release. The ZoneCD needs updates to a few things to make it work with the new server...

Other than the program updates, the ZoneCD also needs to be pointed at a new server. The new server is a new server. It has a different IP address than the "old" Authserver. The next ZoneCD will have an entry in the /etc/hosts file to point ssl.publicip.net at the new server using dnsmasq. This way no one using an older ZoneCD is disrupted by an sudden change to a new system where nothing works until they upgrade the ZoneCD and configure Zone Control. Once the new server is debugged, i will make the DNS change to point everyone at the new server, but that's a month or so away...

We're off to see the Wizard...

I am "finishing-up" the interface for the new Control Server. If you would like to preview the new server, login here: http://xml.publicip.net/manage/ (You will have to create a new login using the link on that page). It would be nice to get some feedback at this point.

As the title implies, the new Control Server uses wizards to setup and configure your zones. Here's an excerpt from the welcome screen:

Public IP's Zone Control provides an easy way to configure and manage your
hotspots, or "Zones" as they are referred to here. Most of the configurations
are done using two wizards i have developed (an introduction to each is provided
to the left). The Master wizard is a concept i developed to aid in the
implementation of multiple Zones. Running the Master Wizard will create a
"blueprint" for you to build your Zones. When you run the Zone Wizard you will
create an instance of a zone described in you master template or "blueprint".
Once you have a Zone you can modify the settings and configurations for that
Zone separately for exact customization.

Now it's back to work on the authentication programs and the ZoneCD. It's time to start pulling it all together (and fixing a few bugs). It's hard to say how development will move the next few days, my wife is about to give birth to my fourth daughter :-0 If she doesn't go into labor by Saturday, the doctor is inducing her...

Wanta be Zone Master

I have completed work on the authentication and registration JAVA programs, at least for now... Now it's back to PHP for the new web ui for Zone Control. I'm still leaving the frigin $'s off my variables sometimes...

Anyway, you can forget everything you know about the current logic that is in place for new zone registration. "Zones" will no longer be directly register with publicip.net. When you register on the new control server, you will not create a zone account like you do currently, you will actually create a master account. From your master account, you will create your zones and logins for each zone.

Huh? Ok, it's like this.... You register with your email address for a master login(all master logins must be valid email addresses). Once you login, you will run a wizard that generates a default style, or template with your preferences that will be used to generate your new zone or zones... After you complete the wizard, you can create a new zone with a separate login for that zone. This newly created zone will inherit the properties you defined in your master template, but can still be tweaked separately. The login you create for the zone must not be an email address. This login will be used during the boot of the ZoneCD and can be used to directly login to Zone Control for that zone. Of course you will have access to all zones from the master login.

Anyway, back to work... I've got a lot of stuff to do....

The reNew Zoo Review

I am finishing up the new authentication service. I've got good news and bad news. Good news is - it kicks ass! It's working very nicely and looks great. I've made some big improvements to the interface and programs. I'll get to all that when i get more time .... The bad news - It's not compatible with "stock" NoCat gateways.

I had some trouble with a couple things, both related to session renewals. The renewal itself is a lot more tricky than it appears at the surface. Those of you that are familiar with NoCat, might have noticed that the renewals re-submit or refresh to the Authserver, not the gateway. This is done to re-authenticate the user.

# Add a refresh time of five seconds... unless one is already set.
$vars{redirect} = $redirect = "5; URL=$redirect" unless $redirect =~ /^\d+;/o;

push @headers, -Refresh => $redirect;

This looks like a simple meta refresh tag... but it's not. It's a http header attribute used during renew mode in NoCat's Authserver.pm. After the user is re-authenticated, this is pushed to the popup window to silently send the gateway a renew ticket. The gateway responds to the renew request with a 204(no content) http reponse code whick tells the browser to stay where it is... pretty clever Rob. For whatever reason the combination of JAVA, IE(netscape and opera worked fine) and the Refresh header just doesn't work. I think it is related to the url length because i could hardcode a short (but invalid) ticket and the gateway would respond, but using the full gpg encoded ticket parameter would not work.... nothing - nothing shows up in the nocat.log and the session eventually expires. I am using another method to notify the gateway of renews.....

The "token" was also a pain in my ass. The NoCat gateway creates a random token that is shared between the itself and the authserver. It gets 'crypt'ed and incremented with every session renew. The problem is JAVA has no 'crypt' class to match perl's. Soooo, i came up with a new scheme.

Regardless, I am making great progress. I'll update more in a couple days.