Initialized entries variable before use. Fixes #9359
(cherry picked from commit 9146639e722b4d437d19b5ade1157ae01849a313)
Use only sshguard table for blocking ssh/gui attacks. Issue #9223
(cherry picked from commit 555a9ab5c01101ddab7daa41f35d379d1c39b26e)
Fix #9121: Initialize arrays to prevent PHP 7 errors
Fix 9086: Remove gettext() from all 'Local Databases' strings
Fix processing of the 'all' group. Fixes #9051
All the 'all' group to the list of groups at the end, rather than thestart. This way it will be considered no matter how users login. Thisalso fixes issues some users had with the original changes.
(cherry picked from commit 4de15854384e28004b0dc571dc8a40fda7eae694)
Consider the "all" group when determining privileges. Fixes #9051
(cherry picked from commit fe1afbb7549907e0d1cdfbf85d5f36d075a6a916)
Handle HTTP_REFERER better when changing IP addr. Fixes #8822
Fall back to probing active interface addresses rather than config.xml to allow changed addresses that have not yet been applied.
Add a missed case for auth source detection. Fixes #8817
User login source & proxy fwd addr to user data. Fixes #8813 Fixes #8816
While here, use this info more consistently across log messages andplaces where user info is recorded when making changes.
Make captiveportal use user manager as auth source
Normalize RADIUS authentication
Removes some legacy code in auth.inc
There was a compat issue between PHP's $2y$ bcrypt hashes andolder versions of FreeBSD. However, this compat issue was fixedlong ago and appeared in FreeBSD 11.0-RELEASEhttps://reviews.freebsd.org/D2742
Revise page footer text and centralize footer output for consistency
Escape LDAP username when searching. Fixes #8626
Fix 8553: When creating a new user, make sure it's added to desired groups
Fix #7024: Fix Radius include extension
Fix #7024: Deprecate /etc/inc/radius.inc in favor of pear-Auth_RADIUS port
Fixed #7013Added warning requiring reboot if group scope is changed
misspelled ldap bind username variable
Report correct auth server host when testing LDAP auth server
Fix #7469
Sort users / groups alphabetically on config.xml
Be more verbose about users/groups sync
Update the Copyright notice for pfSense.
Add an option for LDAP servers to use the global root CA list as a peer CA. Fixes #8044
Use the full CA chain when sending an LDAP SSL query. Fixes #7830While here, fix a couple more ldap_start_tls() calls that need a preceding @.
Restore bad username or password message
Don't print a PHP error if LDAP STARTTLS fails.
If a client address is in the webConfiguratorlockout table, do not allow them to access the GUI. Print an error and kill their states. Ticket #7693Extra check to be sure that an existing open state cannot bypass lockout controls.
Experimental login page designSet your favorite color in System->General->"Login CSS file"
Merge pull request #3598 from PiBa-NL/phpsessionmanager
Add user option to sort interface names
Redmine #7381 Disable detail in alias popup
phpsessionmanager, this helps starting and committing the php session preventing other requests from being blocked longer than required.
GET/POST conversion
Merge pull request #3540 from phil-davis/get_user_privileges-cache
Use cached groups in get_user_privileges
Fix ldap_get_groups return value when down
In some places ldap_get_groups has:```return memberof;```It should have the "$" in front, so it will return the $memberof array (that is empty when this happens).
This causes issues for callers that expect to have a return value that is either false, an empty array, or an array of the groups.
logout via POST
Remove \n from gettext strings
Add protocol selection to Radius server configuration
It should fix #7111
Submitted by @ubawurinna at https://github.com/pfsense/pfsense/pull/2687
Ensure that the more secure option is used if both user-copy-files and user-copy-files-chroot is granted
Add support for chrooted SCP
Merge pull request #3240 from derelict-pf/ldap_starttls
increase webgui usability when the remote ldap server isn't available
Added STARTTLS to LDAP Auth Server Config
Remove all calls to conf_mount_r* functions
Move copyright from ESF to Netgate
Save widget settings per user
For users that have "custom settings" enabled, save the "tool" settingsof their widgets on a per-user basis.User that do not have "custom settings" enabled will continue to use andsave widget settings to/from the system-wide settings.
Move to Apache License 2.0
Review license / copyright on all files (1st round)
Merge pull request #2764 from NewEraCracker/redmine-6011
Feature #6388 custom GUI preference settings per user
Fix Redmine #6011
This will add linklocal fallback where no IPv6 is otherwise configured to allow login using this IPs
One more escapeshellarg for auth.inc on 2.4. Ticket #6475
Use escapeshellarg on shell calls in auth.inc. Ticket #6475
Copy users config files from skeleton dir
Every time user is added or modified, make sure all default configfiles are copied over from /etc/skel to user's home. It will make sureusers will always get the last version of these files
Improve readability
Lower default LDAP timeout to 5 seconds. Idea from Sandeep1991 in PR 2971. Ticket #6367
Silence mwexec output. Now that the groupdel actually works, it spams the log when group isn't found. Ticket #6352
Use -g with groupdel when passing a GID. Ticket #6352
Respect all Class attributes returned by the RADIUS server, not only the last one received. Fixes #6086
Teach get_user_privileges how to retrieve groups from LDAP/RADIUS, and have getUserEntry fall back to a format that will allow it to function. Net result is that now userHasPrivilege() will respect remote groups as well as local groups, which fixes #6088
Includes - Remove Personalizations
Remove "you" personalizations.
Don't modify the group file for scope remote. Ticket #6012
Check whether group exists using GID rather than name. Users can change the name, but not the GID. Check return code of pw for whether group exists. Ticket #6013
Fix CSS paths missed by 9d1be24ef72c0c27fe7a297bf79ec5e4f552a390
Fix RADIUS spelling. It is written in all caps.
This should prevent the possibility of illegal offsets
If you poke pfSense WebGUI you'll find some funny stuff. Username and Password should never be arrays at all.
Revert chmod change from 9219378b588ce968702be2a7e153aa984504b6aa
Update auth.inc
add XXX prefix.
add note about r284483
more style fixes. unset old fields
style fixes
compatibility with freebsd
switched to bcrypt as per #4120
added bcrypt auth as per #4120
Code style and white space in etc
etc inc delete $Id comments
and bits of white space.Note: There are plenty of files still with old-format copyright sectionsin here.
Copyright and license cleanup
- Remove personal copyright from people who assigned it to employer (ESF)- Remove $Id$- Remove extra spaces
Completed #5333
White space and minor bits in etc
Cleaner version of https://github.com/pfsense/pfsense/pull/1846
Add support for LDAP RFC2307 style group membership. Resolves #4923
Provide an LDAP server timeout field. Default to 25 seconds. Resolves #3383
Merge branch 'master' into bootstrap
pw lock/unlock throws out error messages even when called with -q, send stderr to /dev/null for now
Integrate bootstrap etc/inc with master
This applies the little changes in etc/inc master to the bootstrapbranch so that etc/inc in bootstrap will now just have the realdifferences that are due to real bootstrap changes.
Fixed bug #5028The page was junk as originally converted. It has been re-written to work as required. Links to certificates have yet to be implemented, but that will be added once testing is complete on this version.
Move main pfSense content to src/