pfSense

Captive Portal ipfw->pf transition. Todo #13100

LDAP authentication extended query fix. Issue #13093

CLI history option optimization. Fixes #12675

There is no longer a need to use the ~/.keephistory flag file. Scripts
can check the config.xml value for a user directly.

Fix syntax errors. Issue #12940

Always change .ssh directory permission. Issue #12940

Delete user home directory on user delete XMLRPC sync. Fixes #12940

Add user opt to keep history. Implements #12675

Add option for pw hash algo. Implements #12855

Use random_bytes() to generate salt for SHA512 password hashing. Fixes #12801

Keep command line history WebGUI option. Implements #12675

ldap_get_groups() return value fix. Issue #12699

Update the Copyright year of the files owned by Rubicon/Netgate.

Use SHA512 to hash user password. Implements #10298

Original commit by Viktor Gurov

HTTP Referer Message accurate path. Fixes #11873

Shell LDAP authentication fix. Issue #11644

Update the Copyright year.

A subsequent commit will deal with .po's.

Add product_label global variable

Introduce product_label global variable, by default with same value of
product_name. The idea is to make it easier for rebranded products to
change the name on all visual texts while internal structures are
preserved.

While here, remove deprecated $g['platform'] and also replace places...

Use first interface with IP as fallback for NAS-IP-Address. Fixes #11109

Ticket #9270: Make sure parameters are UTF-8

As described on ticket, for some reason we still don't know, when
pfSense_kill_states() is called with subnet as parameter (n.n.n.n/n) it
makes changes on $_POST content that can lead system to unpredictable
results....

Remove old nss_ldap.conf if it exists before symlinking. Fixes #8698

LDAP shell authentication. Implements #8698

LDAP group search fix. Issue #10942

Use user DN for RFC2307 membership search (updated). Issue #9527

Revert "Use user DN for RFC2307 membership search. Issue #9527"

This reverts commit e924485c9e681771806fe3ee63ed746152fcbcb9.

Use correct LDAP_OPT_X_TLS_* syntax. Fixes #9417

Also clean up the code a little, use the proper CA hash for filename.

Revert "Revert LDAP_OPT_X_TLS changes since they do not work. Issue #9417"

This reverts commit 7729c5a163fb8acaca8d3f43b557176a9ed4a8db.

Merge pull request #4315 from vktg/localradiusauth

Use user DN for RFC2307 membership search. Issue #9527

RADIUS authentication via shell/ssh. Implement #10545

Ignore user-config-readonly for admin/admins. Fixes #10492

Merge pull request #4221 from vktg/adminsync

Synchronize admin accounts. Issue #9622

Merge pull request #4116 from Augustin-FL/ldap

This is 2020. Issue #9245

Add option to disallow unauthenticated LDAP binds

Merge pull request #4067 from crypto-powers/master

Fix random typos

Revert LDAP_OPT_X_TLS changes since they do not work. Issue #9417

Add some exception handling to auth attempts. Fixes #9150

Fix copyright message years to reflect BSDP -> ESF -> Netgate

Merge pull request #4025 from kantlivelong/nas_identifier_webui

Feature #9527 - LDAP extended query on groups in RFC2307 containers.

Use correct certificate path for LDAP

LDAP TLS option update. Implements #9417

Initialized entries variable before use. Fixes #9359

Use only sshguard table for blocking ssh/gui attacks. Issue #9223

Update copyright notices to 2019. Happy New Year

Add hostname to webConfigurator NAS ID

webConfigurator/RADIUS: Set NAS Identifier to 'webConfigurator'

Fix #9121: Initialize arrays to prevent PHP 7 errors

Fix 9086: Remove gettext() from all 'Local Databases' strings

Fix processing of the 'all' group. Fixes #9051

All the 'all' group to the list of groups at the end, rather than the
start. This way it will be considered no matter how users login. This
also fixes issues some users had with the original changes.

Consider the "all" group when determining privileges. Fixes #9051

Handle HTTP_REFERER better when changing IP addr. Fixes #8822

Fall back to probing active interface addresses rather than config.xml to allow changed addresses that have not yet been applied.

Add a missed case for auth source detection. Fixes #8817

User login source & proxy fwd addr to user data. Fixes #8813 Fixes #8816

While here, use this info more consistently across log messages and
places where user info is recorded when making changes.

Make captiveportal use user manager as auth source

Normalize RADIUS authentication

Removes some legacy code in auth.inc

There was a compat issue between PHP's $2y$ bcrypt hashes and
older versions of FreeBSD. However, this compat issue was fixed
long ago and appeared in FreeBSD 11.0-RELEASE
https://reviews.freebsd.org/D2742

Revise page footer text and centralize footer output for consistency

Escape LDAP username when searching. Fixes #8626

Fix 8553: When creating a new user, make sure it's added to desired groups

Fix #7024: Fix Radius include extension

Fix #7024: Deprecate /etc/inc/radius.inc in favor of pear-Auth_RADIUS port

Fixed #7013
Added warning requiring reboot if group scope is changed

misspelled ldap bind username variable

• $ldapbndun -> $ldapbindun

Report correct auth server host when testing LDAP auth server

Fix #7469

Sort users / groups alphabetically on config.xml

Be more verbose about users/groups sync

Fix #7469

• Rename local_sync_accounts() to local_reset_accounts() and keep it
  only being used /etc/rc.bootup
• Reimplement local_sync_accounts() receiving a list of users and
  groups to be added and/or deleted
• Remove call to filter_configure xmlrpc method from...

Update the Copyright notice for pfSense.

Add an option for LDAP servers to use the global root CA list as a peer CA. Fixes #8044

Use the full CA chain when sending an LDAP SSL query. Fixes #7830
While here, fix a couple more ldap_start_tls() calls that need a preceding @.

Restore bad username or password message

Don't print a PHP error if LDAP STARTTLS fails.

If a client address is in the webConfiguratorlockout table, do not allow them to access the GUI. Print an error and kill their states. Ticket #7693
Extra check to be sure that an existing open state cannot bypass lockout controls.

Experimental login page design
Set your favorite color in System->General->"Login CSS file"

Merge pull request #3598 from PiBa-NL/phpsessionmanager

Add user option to sort interface names

Redmine #7381 Disable detail in alias popup

phpsessionmanager, this helps starting and committing the php session preventing other requests from being blocked longer than required.

GET/POST conversion

Merge pull request #3540 from phil-davis/get_user_privileges-cache

Use cached groups in get_user_privileges

Fix ldap_get_groups return value when down

In some places ldap_get_groups has:
```
return memberof;
```
It should have the "$" in front, so it will return the $memberof array (that is empty when this happens).

This causes issues for callers that expect to have a return value that is either false, an empty array, or an array of the groups.

logout via POST

Remove \n from gettext strings

Add protocol selection to Radius server configuration

It should fix #7111

Submitted by @ubawurinna at https://github.com/pfsense/pfsense/pull/2687

Ensure that the more secure option is used if both user-copy-files and user-copy-files-chroot is granted

Add support for chrooted SCP

Merge pull request #3240 from derelict-pf/ldap_starttls

increase webgui usability when the remote ldap server isn't available

Added STARTTLS to LDAP Auth Server Config

Remove all calls to conf_mount_r* functions

Move copyright from ESF to Netgate

Save widget settings per user

For users that have "custom settings" enabled, save the "tool" settings
of their widgets on a per-user basis.
User that do not have "custom settings" enabled will continue to use and
save widget settings to/from the system-wide settings.

Move to Apache License 2.0

Review license / copyright on all files (1st round)

Merge pull request #2764 from NewEraCracker/redmine-6011

Feature #6388 custom GUI preference settings per user