pfSense bugtracker: Issueshttps://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162013-12-31T04:56:43ZpfSense bugtracker
Redmine pfSense - Feature #3377 (New): OAuth2 authentication in captive portalhttps://redmine.pfsense.org/issues/33772013-12-31T04:56:43ZThomas NOEL
<p>In Captive Portal we have native, ldap and radius authentication. Today, a lot of authentication systems provide OAuth2 backend. As CP authenticate users trought web, it can be a OAuth2 client.</p>
<p>My idea is to add a new "OAuth2 Authentication" after "RADIUS Authentication" on CP configuration.</p>
<pre>
O RADIUS Authentication
Radius Protocol
O PAP
O CHAP_MD5
O MSCHAPv1
O MSCHAPv2
O OAuth2 Authentication
OAuth2 accepted providers
[ ] Amazon
[ ] BitLy
[ ] Box
[ ] Dailymotion
[ ] Dropbox
[ ] Facebook
[ ] Foursquare
[ ] GitHub
[ ] Google
[ ] Heroku
[ ] Instagram
[ ] LinkedIn
[ ] Microsoft
[ ] PayPal
[ ] RunKeeper
[ ] SoundCloud
[ ] Vkontakte
[ ] Yammer
[ ] Reddit
[ ] Local1
[ ] Local2
</pre>
<p>Local1, Local2, ... are local providers found in /usr/local/oauth2/local-providers/, for example.</p>
<p>Of course, there is other parameters (key/secret for each oauth2 provider). And we have to open HTTPS for all selected OAuth2 providers -- tat is not very hard with "allowed hostnames".</p>
<p>I think that <a class="external" href="https://github.com/Lusitanian/PHPoAuthLib">https://github.com/Lusitanian/PHPoAuthLib</a> could be a good OAuth2 implementation to use. Add local providers is easy with this module.</p>
<p>Do you think such a feature is a good idea ? If there is no rebuttal, I can write a first proposal for a patch...</p> pfSense - Bug #2680 (Rejected): PHP Fatal error in /tmp/PHP_errors.loghttps://redmine.pfsense.org/issues/26802012-11-12T05:43:33ZThomas NOEL
<p>I have this error in /tmp/PHP_errors.log... but I don't know where it comes from, and when it occurs... sorry :-/</p>
<pre>
PHP Fatal error: Call to undefined function parse_xml_config() in /etc/inc/config.lib.inc on line 143
</pre> pfSense - Bug #2679 (Resolved): PHP warnings in diag_states_summary.phphttps://redmine.pfsense.org/issues/26792012-11-12T05:38:15ZThomas NOEL
<p>When there is a lot of clients, there is a lot of these warnings in /tmp/PHP_erros.log :</p>
<pre>
[12-Nov-2012 12:32:04] PHP Warning: asort() expects parameter 1 to be array, null given in /usr/local/www/diag_states_summary.php on line 107
[12-Nov-2012 12:32:04] PHP Warning: array_reverse(): The argument should be an array in /usr/local/www/diag_states_summary.php on line 108
[12-Nov-2012 12:32:04] PHP Warning: Invalid argument supplied for foreach() in /usr/local/www/diag_states_summary.php on line 108
</pre>
<p>Here is a patch :</p>
<pre>
--- a/usr/local/www/diag_states_summary.php
+++ b/usr/local/www/diag_states_summary.php
@@ -103,6 +103,8 @@ function sort_by_ip($a, $b) {
}
function build_port_info($portarr, $proto) {
+ if (! $portarr)
+ return '';
$ports = array();
asort($portarr);
foreach (array_reverse($portarr, TRUE) as $port => $count) {
</pre>
<p>(However, I don't understand why we need this function, because its result is not shown ; it is just used in two "span title=...").</p> pfSense - Bug #2678 (Resolved): disk full because of big /tmp/PHP_errors.loghttps://redmine.pfsense.org/issues/26782012-11-12T05:03:18ZThomas NOEL
<p>I have a big /tmp/PHP_errors.log on my pfSense 2.0 machine, with line like :</p>
<pre>[12-Nov-2012 11:40:17] PHP Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:201) in /usr/local/www/guiconfig.inc on line 47
[12-Nov-2012 11:40:17] PHP Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:201) in /usr/local/www/guiconfig.inc on line 48
[12-Nov-2012 11:40:17] PHP Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:201) in /usr/local/www/guiconfig.inc on line 49
[12-Nov-2012 11:40:17] PHP Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:201) in /usr/local/www/guiconfig.inc on line 50
[12-Nov-2012 11:40:17] PHP Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:201) in /usr/local/www/guiconfig.inc on line 51
</pre>
<p>I propose this patch :</p>
<pre>
--- a/usr/local/www/guiconfig.inc
+++ b/usr/local/www/guiconfig.inc
@@ -32,6 +32,15 @@
pfSense_MODULE: base
*/
+/* make sure nothing is cached */
+if (!$omit_nocacheheaders) {
+ header("Expires: 0");
+ header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+ header("Cache-Control: no-store, no-cache, must-revalidate");
+ header("Cache-Control: post-check=0, pre-check=0", false);
+ header("Pragma: no-cache");
+}
+
/* Include authentication routines */
/* THIS MUST BE ABOVE ALL OTHER CODE */
if(!$nocsrf) {
@@ -44,15 +53,6 @@ if(!$nocsrf) {
}
require_once("authgui.inc");
-/* make sure nothing is cached */
-if (!$omit_nocacheheaders) {
- header("Expires: 0");
- header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
- header("Cache-Control: no-store, no-cache, must-revalidate");
- header("Cache-Control: post-check=0, pre-check=0", false);
- header("Pragma: no-cache");
-}
-
/* parse the configuration and include all configuration functions */
require_once("functions.inc");
</pre> pfSense - Bug #2675 (Resolved): /tmp/.rc.prunecaptiveportal.running can be present on boothttps://redmine.pfsense.org/issues/26752012-11-08T07:00:02ZThomas NOEL
<p>This morning after a crash, a /tmp/.rc.prunecaptiveportal.running is present has not been deleted (I think the crash occured during execution of /etc/rc.prunecaptiveportail).</p>
<p>So, rc.prunecaptiveportal is not executed anymore, captive portail clients are never disconnected.</p>
<p>I propose this patch (for 2.0.x) :</p>
<pre>
diff --git a/etc/inc/captiveportal.inc b/etc/inc/captiveportal.inc
index b48b64c..ebcfd1b 100644
--- a/etc/inc/captiveportal.inc
+++ b/etc/inc/captiveportal.inc
@@ -348,6 +348,8 @@ EOD;
/* Kill any existing prunecaptiveportal processes */
if(file_exists("{$g['varrun_path']}/cp_prunedb.pid"))
killbypid("{$g['varrun_path']}/cp_prunedb.pid");
+ /* delete lock file */
+ @unlink("{$g['tmp_path']}/.rc.prunecaptiveportal.running");
/* start pruning process (interval defaults to 60 seconds) */
mwexec("/usr/local/bin/minicron $croninterval {$g['varrun_path']}/cp_prunedb.pid " .
</pre> pfSense - Bug #1889 (Rejected): "route change" doesn't work (after commit:fb85533d)https://redmine.pfsense.org/issues/18892011-09-19T11:08:41ZThomas NOEL
<p>It seems that <a class="changeset" title="Resolve issues that made php core dump or eat a lot of memory when big routing tables are present" href="https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/fb85533d54d4ad2dfcbda5a7b0b8007b5e4eac43">fb85533d</a> (or related ones) breaks my pfSense. When I add a static route (even the default route), I have this error :</p>
<pre>
php: /interfaces.php: The command '/sbin/route change -inet default '172.16.16.1'' returned exit code '1', the output was 'route: writing to routing socket: No such process change net default: gateway 172.16.16.1: not in table'
</pre>
<p>The correct action should be "add" (it works if I type it in the console).</p>
<p>Thanks</p> pfSense - Bug #1541 (Resolved): /etc/rc.start/stop_packages do not start/stop .sh fileshttps://redmine.pfsense.org/issues/15412011-05-19T08:25:40ZThomas NOEL
<p>Hi,</p>
<p>foreach doesn't works after array_flip()...</p>
<p>=================</p>
<p>--- ./etc/rc.start_packages.orig 2011-05-19 12:13:09.000000000 <ins>0000<br /></ins>++ ./etc/rc.start_packages 2011-05-19 12:18:47.000000000 +0000<br /><code>@ -61,7 +61,7 </code>@</p>
<pre><code>$shell = @popen("/bin/sh", "w");<br /> if ($shell) {<br />- foreach ($rcfiles as $rcfile) {<br />+ foreach ($rcfiles as $rcfile => $number) {<br /> echo " Starting {$rcfile}...";<br /> fwrite($shell, "{$rcfile} start >>/tmp/bootup_messages 2>&1 &");<br /> echo "done.\n";</code></pre>
<p>=================</p>
<p>(idem for rc.stop_services)</p> pfSense - Todo #1539 (Closed): difference between git repository and this redmine repohttps://redmine.pfsense.org/issues/15392011-05-18T20:48:29ZThomas NOEL
<p><em>I know it's not really a bug, but this problem prevents me to properly follow the evolution of pfSense.</em></p>
<p>On this redmine repo, there is a lot of recent commits in pfSense : <a class="external" href="http://redmine.pfsense.org/projects/pfsense/repository">http://redmine.pfsense.org/projects/pfsense/repository</a></p>
<p>But commits stop on may 12 on git <a class="external" href="http://gitweb.pfsense.org/pfsense/mainline.git">http://gitweb.pfsense.org/pfsense/mainline.git</a> -- same thing on <a class="external" href="https://rcs.pfsense.org/projects/pfsense/repos/mainline/logs/master">https://rcs.pfsense.org/projects/pfsense/repos/mainline/logs/master</a>. The last commit is <a class="changeset" title="Fix comment" href="https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/042578fd634f8c54a158417527d018e0f8f56b95">042578fd634f8c54a158417527d018e0f8f56b95</a> (Thu May 12 14:04:04 2011 -0400, by Jim).</p>
<p>Is there any explanation ?</p>
<p>Thanks a lot.</p> pfSense - Feature #1357 (Needs Patch): captive portal informations throught SNMPhttps://redmine.pfsense.org/issues/13572011-03-16T07:33:04ZThomas NOEL
<p>Hi,</p>
<p>It seems that bsnmpd, used in pfSense, is not very extensible.</p>
<p>However, I must get -- throught SNMP -- the number of CP sessions. How can I do this ? Could we think about an "captiveportal" extension for bsnmpd ?</p>
<p>Thanks for any idea. I can code in C.</p> pfSense - Bug #1342 (Closed): kernel crash with RC1 on vmwarehttps://redmine.pfsense.org/issues/13422011-03-10T05:17:41ZThomas NOEL
<p>Attached, a screenshot of a kernel crash... do you have any idea ?</p>
<p>It's RC1 on a VMWare guest.</p>
<p>Thanks by advance for your advices...</p> pfSense - Bug #1338 (Closed): captiveportal_prune_old no longer workshttps://redmine.pfsense.org/issues/13382011-03-08T08:21:31ZThomas NOEL
<p>In /etc/inc/captiveportal.inc, captiveportal_read_db now returns a array() with sessionid.</p>
<p>captiveportal_prune_old() must be adapted to use this new return value. <strong>Currently, it doesn't close any session...</strong></p>
<p>Patch below (tested).</p>
<p>Thanks.</p> pfSense - Bug #1278 (Resolved): log when captive portal restartshttps://redmine.pfsense.org/issues/12782011-02-11T08:28:18ZThomas NOEL
<p>Hi,</p>
<p>When captive portal is reconfigured, it restarts and disconnects all clients. We have a message on the service/captiveportal page. I think we could log some information too. Here is a patch against /etc/inc/captiveportal.inc :</p>
<pre>
--- orig/captiveportal.inc 2011-02-11 12:00:14.085710379 +0100
+++ new/captiveportal.inc 2011-02-11 14:25:56.361552795 +0100
@@ -211,6 +211,8 @@
if ($g['booting'])
echo "Starting captive portal... ";
+ else
+ captiveportal_syslog("restarting captive portal -- disconnect all clients");
/* kill any running mini_httpd */
killbypid("{$g['varrun_path']}/lighty-CaptivePortal.pid");
</pre>
<p>Thanks<br />--<br />Thomas</p> pfSense - Bug #1273 (Resolved): bugs if pfs_version_comparehttps://redmine.pfsense.org/issues/12732011-02-10T08:21:54ZThomas NOEL
<p>There are two bugs in functions which compare pfSense versions.<br />It doesn't work when update version is older than the installed one...</p>
<p>Here is a patch against /etc/inc/pfsense-utils.inc (also attached) :</p>
<pre>
--- pfsense-utils.inc.orig 2011-02-10 14:19:31.669065996 +0100
+++ pfsense-utils.inc 2011-02-10 14:19:05.809065993 +0100
@@ -1674,9 +1674,9 @@
if ((!$a_time) || (!$b_time)) {
return FALSE;
} else {
- if ($a < $b)
+ if ($a_time < $b_time)
return -1;
- elseif ($a == $b)
+ elseif ($a_time == $b_time)
return 0;
else
return 1;
@@ -1735,7 +1735,7 @@
}
function pfs_version_compare($cur_time, $cur_text, $remote) {
// First try date compare
- $v = version_compare_dates($cur_time, $b);
+ $v = version_compare_dates($cur_time, $remote);
if ($v === FALSE) {
// If that fails, try to compare by string
// Before anything else, simply test if the strings are equal
</pre>
<p>Thanks.</p> pfSense - Bug #1270 (Resolved): bug with captive portal widgethttps://redmine.pfsense.org/issues/12702011-02-09T11:00:26ZThomas NOEL
<p>Hi,</p>
<p>Small but annoying bug with the captive portal <strong>widget</strong>.</p>
<p>If I click on the "disconnect" button, the user is disconnect. But the URL<br />now contains arguments : <a class="external" href="https://.../index.php?order=&showact=&act=del&id=2">https://.../index.php?order=&showact=&act=del&id=2</a></p>
<p>Now, if I reload the dashboard (for example, pressing F5), it reload this<br />URL... and re-disconnect the "id=2" user !</p>
<p>As we cannot modify the URL (we're in a widget), I suggest to delete the<br />"disconnect" button and add a link to the /status_captiveportal.php<br />at the bottom of the widget.</p>
<p>Patch attached...</p>
<p>Thanks.</p> pfSense - Bug #1265 (Resolved): config.console asks for WAN & LAN but displays LAN & WANhttps://redmine.pfsense.org/issues/12652011-02-08T08:44:35ZThomas NOEL
<p>Very small bug, but, hey... we want a perfect system, aren't we ? :)</p>
<p>On the very first configuration (first boot on console), pfSense ask for WAN, and LAN configuration.<br />But on configuration, it displays LAN, and WAN...<br />It confuses some users (at least one on mine).</p>
<p>Here is a patch :<br /><pre>
--- orig/config.console.inc 2011-01-29 13:09:14.917053997 +0100
+++ new/config.console.inc 2011-01-29 14:07:10.965054340 +0100
@@ -303,9 +303,9 @@
echo "\nThe interfaces will be assigned as follows: \n\n";
+ echo "WAN -> " . $wanif . "\n";
if ($lanif != "")
echo "LAN -> " . $lanif . "\n";
- echo "WAN -> " . $wanif . "\n";
for ($i = 0; $i < count($optif); $i++) {
echo "OPT" . ($i+1) . " -> " . $optif[$i] . "\n";
}
</pre></p>