Update the Copyright year.
A subsequent commit will deal with .po's.
Add product_label global variable
Introduce product_label global variable, by default with same value ofproduct_name. The idea is to make it easier for rebranded products tochange the name on all visual texts while internal structures arepreserved.
While here, remove deprecated $g['platform'] and also replace places...
Use first interface with IP as fallback for NAS-IP-Address. Fixes #11109
Ticket #9270: Make sure parameters are UTF-8
As described on ticket, for some reason we still don't know, whenpfSense_kill_states() is called with subnet as parameter (n.n.n.n/n) itmakes changes on $_POST content that can lead system to unpredictableresults....
Remove old nss_ldap.conf if it exists before symlinking. Fixes #8698
LDAP shell authentication. Implements #8698
LDAP group search fix. Issue #10942
Use user DN for RFC2307 membership search (updated). Issue #9527
Revert "Use user DN for RFC2307 membership search. Issue #9527"
This reverts commit e924485c9e681771806fe3ee63ed746152fcbcb9.
Use correct LDAP_OPT_X_TLS_* syntax. Fixes #9417
Also clean up the code a little, use the proper CA hash for filename.
Revert "Revert LDAP_OPT_X_TLS changes since they do not work. Issue #9417"
This reverts commit 7729c5a163fb8acaca8d3f43b557176a9ed4a8db.
Merge pull request #4315 from vktg/localradiusauth
Use user DN for RFC2307 membership search. Issue #9527
RADIUS authentication via shell/ssh. Implement #10545
Ignore user-config-readonly for admin/admins. Fixes #10492
Merge pull request #4221 from vktg/adminsync
Synchronize admin accounts. Issue #9622
Merge pull request #4116 from Augustin-FL/ldap
This is 2020. Issue #9245
Add option to disallow unauthenticated LDAP binds
Merge pull request #4067 from crypto-powers/master
Fix random typos
Revert LDAP_OPT_X_TLS changes since they do not work. Issue #9417
Add some exception handling to auth attempts. Fixes #9150
Fix copyright message years to reflect BSDP -> ESF -> Netgate
Merge pull request #4025 from kantlivelong/nas_identifier_webui
Feature #9527 - LDAP extended query on groups in RFC2307 containers.
Use correct certificate path for LDAP
LDAP TLS option update. Implements #9417
Initialized entries variable before use. Fixes #9359
Use only sshguard table for blocking ssh/gui attacks. Issue #9223
Update copyright notices to 2019. Happy New Year
Add hostname to webConfigurator NAS ID
webConfigurator/RADIUS: Set NAS Identifier to 'webConfigurator'
Fix #9121: Initialize arrays to prevent PHP 7 errors
Fix 9086: Remove gettext() from all 'Local Databases' strings
Fix processing of the 'all' group. Fixes #9051
All the 'all' group to the list of groups at the end, rather than thestart. This way it will be considered no matter how users login. Thisalso fixes issues some users had with the original changes.
Consider the "all" group when determining privileges. Fixes #9051
Handle HTTP_REFERER better when changing IP addr. Fixes #8822
Fall back to probing active interface addresses rather than config.xml to allow changed addresses that have not yet been applied.
Add a missed case for auth source detection. Fixes #8817
User login source & proxy fwd addr to user data. Fixes #8813 Fixes #8816
While here, use this info more consistently across log messages andplaces where user info is recorded when making changes.
Make captiveportal use user manager as auth source
Normalize RADIUS authentication
Removes some legacy code in auth.inc
There was a compat issue between PHP's $2y$ bcrypt hashes andolder versions of FreeBSD. However, this compat issue was fixedlong ago and appeared in FreeBSD 11.0-RELEASEhttps://reviews.freebsd.org/D2742
Revise page footer text and centralize footer output for consistency
Escape LDAP username when searching. Fixes #8626
Fix 8553: When creating a new user, make sure it's added to desired groups
Fix #7024: Fix Radius include extension
Fix #7024: Deprecate /etc/inc/radius.inc in favor of pear-Auth_RADIUS port
Fixed #7013Added warning requiring reboot if group scope is changed
misspelled ldap bind username variable
Report correct auth server host when testing LDAP auth server
Fix #7469
Sort users / groups alphabetically on config.xml
Be more verbose about users/groups sync
Update the Copyright notice for pfSense.
Add an option for LDAP servers to use the global root CA list as a peer CA. Fixes #8044
Use the full CA chain when sending an LDAP SSL query. Fixes #7830While here, fix a couple more ldap_start_tls() calls that need a preceding @.
Restore bad username or password message
Don't print a PHP error if LDAP STARTTLS fails.
If a client address is in the webConfiguratorlockout table, do not allow them to access the GUI. Print an error and kill their states. Ticket #7693Extra check to be sure that an existing open state cannot bypass lockout controls.
Experimental login page designSet your favorite color in System->General->"Login CSS file"
Merge pull request #3598 from PiBa-NL/phpsessionmanager
Add user option to sort interface names
Redmine #7381 Disable detail in alias popup
phpsessionmanager, this helps starting and committing the php session preventing other requests from being blocked longer than required.
GET/POST conversion
Merge pull request #3540 from phil-davis/get_user_privileges-cache
Use cached groups in get_user_privileges
Fix ldap_get_groups return value when down
In some places ldap_get_groups has:```return memberof;```It should have the "$" in front, so it will return the $memberof array (that is empty when this happens).
This causes issues for callers that expect to have a return value that is either false, an empty array, or an array of the groups.
logout via POST
Remove \n from gettext strings
Add protocol selection to Radius server configuration
It should fix #7111
Submitted by @ubawurinna at https://github.com/pfsense/pfsense/pull/2687
Ensure that the more secure option is used if both user-copy-files and user-copy-files-chroot is granted
Add support for chrooted SCP
Merge pull request #3240 from derelict-pf/ldap_starttls
increase webgui usability when the remote ldap server isn't available
Added STARTTLS to LDAP Auth Server Config
Remove all calls to conf_mount_r* functions
Move copyright from ESF to Netgate
Save widget settings per user
For users that have "custom settings" enabled, save the "tool" settingsof their widgets on a per-user basis.User that do not have "custom settings" enabled will continue to use andsave widget settings to/from the system-wide settings.
Move to Apache License 2.0
Review license / copyright on all files (1st round)
Merge pull request #2764 from NewEraCracker/redmine-6011
Feature #6388 custom GUI preference settings per user
Fix Redmine #6011
This will add linklocal fallback where no IPv6 is otherwise configured to allow login using this IPs
One more escapeshellarg for auth.inc on 2.4. Ticket #6475
Use escapeshellarg on shell calls in auth.inc. Ticket #6475
Copy users config files from skeleton dir
Every time user is added or modified, make sure all default configfiles are copied over from /etc/skel to user's home. It will make sureusers will always get the last version of these files
Improve readability
Lower default LDAP timeout to 5 seconds. Idea from Sandeep1991 in PR 2971. Ticket #6367
Silence mwexec output. Now that the groupdel actually works, it spams the log when group isn't found. Ticket #6352
Use -g with groupdel when passing a GID. Ticket #6352
Respect all Class attributes returned by the RADIUS server, not only the last one received. Fixes #6086
Teach get_user_privileges how to retrieve groups from LDAP/RADIUS, and have getUserEntry fall back to a format that will allow it to function. Net result is that now userHasPrivilege() will respect remote groups as well as local groups, which fixes #6088
Includes - Remove Personalizations
Remove "you" personalizations.
Don't modify the group file for scope remote. Ticket #6012
Check whether group exists using GID rather than name. Users can change the name, but not the GID. Check return code of pw for whether group exists. Ticket #6013
Fix CSS paths missed by 9d1be24ef72c0c27fe7a297bf79ec5e4f552a390
Fix RADIUS spelling. It is written in all caps.