pfSense

Revert wrong fix of Bug #1711.

Correctly restart the SSL lighty instance when running.

Remove 'maxproc' since its unused in the code and correctly use maxprocperip to allow the GUI setting to be actually usable. Reported-by: http://forum.pfsense.org/index.php/topic,39155.0.html

Bug #1711. Acct-x-Octets are always 0 in Captive Portal -> Radius acct messages.

Merge remote-tracking branch 'mainline/master' into inc

Conflicts:
etc/inc/priv.defs.inc

Correct pid filename so the instance of lighty for SSL is running.

Merge remote-tracking branch 'mainline/master' into inc

PHP says that arrays cannot be used as keys, protect against this case as reported that some keys are arrays!

Restore this back to allow both users and vouchers enabled at same time.

Do not call time() uselessly every time for each entry. Instead just snapshot it and use it in calculations. This helps performance and useless paranoic time fetching since every 60 seconds the code will be executed again.

Do not test for availbility of voucher session_timeout in the database it is mandatory for vouchers. This will make sure that if ever a corrupted db happens a user will be required to relogin and correct the db. Possibly related to: http://forum.pfsense.org/index.php/topic,37636.0.html

Fixes #1327. Trigger synching of vouchers to config through check_reload_status. Retire the saveinterval option since it is not useful anymore. Use the prune process of captiveportal to sync vouchers as well to fix issues as reported-by: http://forum.pfsense.org/index.php/topic,37636.0.html

Allow a second optional argument to captiveportal_read_db to be able to index the read db by the field in the db.

Correct variable name so voucher disconnect on synchronized vouchers works properly.

Merge remote-tracking branch 'mainline/master' into inc

Conflicts:
etc/inc/voucher.inc
usr/local/www/fbegin.inc

Correct possible lock leak.

Fix whitespace.

Just use the long reference here instead of creating potential dangerous reference.

Merge remote-tracking branch 'mainline/master' into inc

Conflicts:
etc/inc/interfaces.inc
etc/inc/upgrade_config.inc
etc/inc/vpn.inc

If the bandwidth value is coming from radius scale it up to the requested Kbit/s unit.

Merge remote-tracking branch 'mainline/master' into inc

Conflicts:
etc/inc/voucher.inc

Make sure that there is a value before using it as a redirection.

Make the two default page codes similar in regarding to redirurl in hope that when one voucher login succeeds it redirects to the url submmitted.

Display the correct error page if vouchers are active or if normal CP is active when default provided forms are used.

Merge remote-tracking branch 'mainline/master' into inc

Conflicts:
etc/inc/interfaces.inc
etc/inc/priv.defs.inc
etc/inc/shaper.inc
etc/inc/system.inc

Merge remote-tracking branch 'mainline/master' into inc

Conflicts:
etc/inc/auth.inc
etc/inc/config.lib.inc
etc/inc/filter.inc
etc/inc/pfsense-utils.inc
etc/inc/pkg-utils.inc
etc/inc/priv.defs.inc
etc/inc/services.inc...

Try to not stomp rule to each other. Reported-by: http://forum.pfsense.org/index.php/topic,34787.msg180186.html#msg180186

Correct wrong comment.

Fix voucher disconnect sync issue

Make sure we have an ip to kill sessions from.

Make sure we do not write stale data during prunning periods.

Use foreach here to be sure we do not reference unexisting results.

Oops more make code correct.

Oops make code correct.

• Prevent concurrent logins on CP to not be recorded on the DB.
• Make the locking more complex to avoid locking exclusively during pruning task which would hurt a lot CP performance.
• Retire the disconnect_client and make all the disconnect functions use the sessionid as identifier....

missing $

missing $

misc whitespace cleanups

Move all functions from index.php for captiveportal.inc

log when CP is restarted. ticket #1278

There is no need to call the script to reconfigure CP here. Even more when it breaks all kind of things.

minicron is now used on a number of items in the gui. tell the cp prune process to use the pid name cp-prunedb.pid

Do not launch multiple copies of the captive portal database pruner.

Note reinit will disconnect folks

Correctly grab the hostname from config for filterdns.

Merge branch 'master' into inc

Conflicts:
etc/inc/captiveportal.inc
etc/inc/config.console.inc
etc/inc/config.lib.inc
etc/inc/easyrule.inc
etc/inc/filter.inc
etc/inc/ipsec.inc
etc/inc/pkg-utils.inc
etc/inc/shaper.inc...

Ups actually single quotes are needed when / is the first char of a command. Requirment enforced by the parser.

Remove last references to dnswatch.

Switch to filterdns new and shiny for taking care of dns in CP.

Transform PORTAL_REDIRURL variable

remove single quotes

Brute force dnswatch kill if needed

Launch dnswatch correctly.

Allowed hostname is now working. Make bw up and down checks a bit more strict using intval() and comparing >0. Fix bw and upload checks allowing either to be set.

Allowed hostname is now working. Make bw up and down checks a bit more strict using intval() and comparing >0. Fix bw and upload checks allowing either to be set.

Adding preliminary version of allowed hostnames. Allowed hostnames function similar to allowed IP addresses and permit the captive portal to pass traffic out. An example usage of this is to allow access to a hotel web page freely and then require authentcation hotlinking from this point.

Fix formatting. Die, VIM, DIE!

Reformat file. VIM needs to die a flaming death.

Ticket #1128. Ooops pass the right parameter to unlock.

Nuke trailing carriage returns

Make the CP locking more granular and make use correctly of exclusive/shared locks where appripriate. This speeds up CP login process.

• Use exclusive locking for parts of config involving CP db.
• Use more strict checking against empty/not set values for timeout and idletimeout
• Do not overwrite idletimeout value with the per user idletimeout value during processing
• Make distinction between radius accounting and re-authentication with radius to allow the code to be executed correctly. Ticket #1013

Revert "Add voucher backup, configurable from Diagnostics > NanoBSD. Fixes #1087" - voucher db backup already existed under a different name. Ticket is still fixed, just by different code that was already there.

This reverts commit 0d89a2fcac3deea06bdc4a481bbdfae4f18b1ff8.

Add voucher backup, configurable from Diagnostics > NanoBSD. Fixes #1087

Merge remote branch 'mainline/master' into inc

Conflicts:
etc/inc/auth.inc
etc/inc/config.lib.inc
etc/inc/filter.inc
etc/inc/gwlb.inc
etc/inc/interfaces.inc
etc/inc/pfsense-utils.inc
etc/inc/pkg-utils.inc...

Ooops add missing or.

include broadcast address to allow dhcp to work.

Merge remote branch 'mainline/master' into inc

Fix the contents of the captive portal logout popup. Fixes #836

Merge remote branch 'mainline/master' into inc

Conflicts:
etc/inc/filter.inc
etc/inc/pkg-utils.inc
etc/inc/service-utils.inc
etc/inc/system.inc
etc/inc/vpn.inc

Use enable voucher variable

Merge remote branch 'mainline/master' into inc

Conflicts:
etc/inc/captiveportal.inc

Fix formatting in if()

Detect and use a sample voucher page when vouchers are defined. Otherwise default to the user/pass default page.

Escape $ variables

Merge remote branch 'mainline/master' into inc

Conflicts:
etc/inc/interfaces.inc

Improve the standard Captive Portal pages when a custom page is not set

Implement gettext() calls on captiveportal.inc

don't include 255.255.255.255 here

Add a subnet option to allowed ip addresses on CP.

Fixes #741. Restore behaviour of CP in 1.2.x by allowing in ipfw rules anything to the host ip on the interfaces configured for CP.

Use proper locking.

Do not flush all tables unless Save was hit on webgui. This avoids flushing the tables that keep logged in users.

Do not reconfigure CP on every event of interfaces or while reloading the webGUI. Create 2 new function to just rewrite rules and restart the webserver for CP repctively for interface events and webGUI restart events.

Ooops curly missing.

Actually correctly handle some vip types ips for getNasIP.

Teach even getNasIP for the new callingstation ip setting.

correct the limiter, it reversed up/down before

Mute this command so people do not think something went wrong.

Use the new functions on CP code too.

Make the logout page configurable like the other pages. The only difference is that this page/code will be treated as a .php page so it may contain internal php CP variables referenced.

Remove part of the message displayed some people might find its completely ok to use it.

Add a function to find the mac address on a passthrough mac entry by username(if present) in the <username> tag of the entry.

Allow php code to be included in the primary captive portal page. Add new ORIGINAL_PORTAL_IP post item which will be experimenting with a master mutli voucher setup.

Include filter.inc for the ipfw load function.

Check if interface exists before issuing a command when disabling captiveportal.

The gui defaults to https in 2.0 correct it to make sure it is not stopped by CP on the CP interface[s].

Ticket #565. Correct deleting passthru mac entries. revert back to always allow a passthru mac as with allowed ips. Remove the check during login for passthru mac entries they will never make it to the login page.

Ticket #566. Reimplement the allowed ips keeping previous funcitonality and improving by adding a both direction. The problem with previous commit is that it always assumes that allowed ip address would have a pipe configured and entires without one would just get dropped.

Make pasthrough GUI code catch-up with the latest changes.