pfSense

Avoid a warning on this code when there is no member for a group.

Adapt to use 2.0's accounts

Make sure this variable is an array before performing array operations upon it.

Move the required once in a more appropriate place.

Don't maintain a membership for the 'all' group when it includes everyone. Just return it for everyone if the 'all' group is requested. For the count of the 'all' group, just return a count of all the users on the system. Fixes #613

Require radius.inc if the webGUI is using radius as the method.

Flip this back the other way, the group operation will fail if the user isn't set yet.

Silence this command

Add SSH tunneling privilege to list of available privileges.

Lock out shell accounts that have no OS access, or are expired/disabled.

Add check for user-ssh-tunnel to give users access to the ssh tunnel shell

Flip this test around so it is easier to follow/read.

Sync groups first, since users may rely on group changes.

Make sure a user gets deleted from the 'all' group.

Clean up this code.

Remove home directory when deleting a user.

Bypass the DNS Rebind attack checks if accessing by IP address.

Check for locally configured IPs in DNS rebind checks, so people who port forward from WAN to the LAN IP can still work.

Add a text box where someone can enter in alternate hostnames for the system to bypass the DNS rebind checks.

Add a checkbox to disable DNS rebinding checks if needed.

More fixes for DNS rebinding checks (Most of this code is Scott's, with some minor fixes by me)

Correct check

Correct check

Check for 127.0.0.1 as well

Oops, correct check

Add localhost as a valid host for SSH forwarding cases

Wrap the dns rebind check in a test to see if our error function exists. If it doesn't, it's probably being called from captive portal, so skip the check. Fixes #721

Move the skel dir to /etc/skel, where it's easier to manage from a build point of view.

Slight fix to dyndns check

Check dyndns hostnames as well for DNS Rebind issues

^ Potential

Binding -> Rebinding

Comment what we are doing here and add the ticket #.

More dns-rebind checks. Ticket #708

Give users with ssh access a real shell, but make sure that admin still gets /etc/rc.initial

Set a skeleton directory for pw

Let pw handle the creation of the home directory rather than do it in php.

Give users who have "all" privileges shell access. Part of ticket #614

Remove some redundant code and make sure admin's home directory is /root - Fixes #218

Fixes #613. Add correctly users to all users group.

Do not include functions.inc just for pfSenseHeader which is not really the best place to use!

Fixes #660. Simplify some code and correctly do an exit after a redirect is issued. Thanks-to: Efonne for analysis.

Use mwexec where it does not make sense to use popen for something that does not take any parameters. Create a function to actually remove a user from its groups when the user itself is deleted.

Correct the shell for the admin account, this should be /etc/rc.initial. Not /bin/sh

Fix creation of admin user account with uid of 0. This fixes ticket #574

Allow the webui admin account to have a duplicate user ID of 0.
Make sure to create that account before attempting to modify it's attributes

Ticket #389. Correctly make the ldap object picker work and handle various errors.

Ticket #378. Correctly handle a timeout of 0 to mean never timeout.

Allow users to send in the same POST authentication info and post fields. This will be allowed by authentication code if the special post var 'postafterlogin' isset.

Simplify code.

fix text

Add includes needed. Fix typo.

Fix bug where user wasn't being removed from groups upon deletion.

Add a function to get user groups based on authentication server. Use this function to show the groups the user i member of on Diag Authentication.

Remove the authentication fallback it does not have any meaning now.

Remove dead code.

Overhaul the user login system to use the Servers tab as its base.

Fix quite a few problems down the way.

Remove unused var and stale comment.

Add the neccesary foo for radius.inc to work.

Add copyrights of myself.

Allow the GUI auth API to be used for doing authentication against authentication servers specified. Teach Openvpn to use this API. Allow openvpn to authenticate against multiple servers that can be selected on the server configuration page.

Do not allow login for expired and disabled users. Fix this even in openvpn authentication script. While here clean up the code quite a bit.

User _ instead of so browser does not interpret it as html.

Do not show the passwd used to logon on logs. Also change the replace from $username to <username> so php does not try to do clever stuff.

fix previous commit

Change default session timeout to 4 hours. Clarify text description. Remove limit of < 999 and other invalid/unnecessary input validation. Use product_name

Remove "-G all" as it was causing the useradd operation to fail, leading to other failures. (Users were not added to passwd, home directories were not being made, etc)

Remove extra / to avoid having a double slash in the directory name. Also add curly braces around $user_home.

Home directory of uid 0 should be /root. Ticket #218

Add page global variable

Recommit #161 changes. It appears a different commit has broken firewall rules edit and firewall nat edit.

Revert "Redirect to / when logging in to avoid posting to forms accidently and clearing the form and causing all kinds of chaos. Ticket #161"

This reverts commit 6af7c40b296e0f95ec308d41aea55b3306c5e1ee.

Redirect to / when logging in to avoid posting to forms accidently and clearing the form and causing all kinds of chaos. Ticket #161

Use ['name'] when looking up items

Escape ' Ticket #143

Show ajax properly

Add disabled checkbox. Add code to check for disabled accounts.

Return after setting account expired

Honor account expiration

create a config include that just presents $config to the webgui (no boot code being parsed anymore in webgui now)

Add pfSense_BUILDER_BINARIES: and pfSense_MODULE: additions

We need to be RW to modify user information.

Give admin user special treatment just like root.

• Move functions that output html to guiconfig.inc
• Remove some recursive dependency on some includes
• Remove ^M or \r from files
• Remove some entries from functions.inc to avoid including them twice
• Remove some unneccessary includes from some files
  ...

Remove ^M or \r from this file its impossible to read in vi.

Give proper rights to file when creating since php is run as root and might change permissions in dirs while modifying/creating them. Reported-by: http://forum.pfsense.org/index.php/topic,16890.0.html

Use -q to hopefully git rid of messages such as: pw: WARNING account 'admin' will have a valid id of 0 (superuser access!)

Use mwexec() so we do not see this error on fresh installation:

cp: /root/.. is a directory (not copied).
cp: /root/. is a directory (not copied).

Ensure $user_base directory exists and is writable. Kills ugly warning on
fresh installation.

Modify captive portal to use centralized user management. The user manager has
been modified to include an account expiration option to support this service.

Choose the correct parameter to popen so syncing of a group can work correctly.

Open a write pipe so we can be sure the password goes to the stdinput of the command. This should fix the ssh password problems reported on the forums.

Add missing /

When a new user home directory is created, copy the . (dot) root files.

Use a MFS /home on CD-Rom.

Backout last commit, /var/home is a symlinnk

Use /home, even for embedded

Only mount for rw during sync function.

Another missed needed conf_mount_rw().

Oops, we need to mount rw before creating home dir.