pfSense

CP fix check for used mac db content. Fixes #14446

Remove unnecessary utf8_encode'ing to pfSense_kill_states arguments. Partial #9270

Safety belt check for CP used mac db content. Fixes #14172

Add bandwidth selections for pipes regardless of whether passthrumac is set. Fixes #13853

Change captive portal counter keys to string keys. Fixes #13418.

String keys for rule counters are introduced in php-pfSense-module v0.89

Include all interface IPs and VIPs in cpip table. #13391

The cpzoneid_<zone>_cpips tables only include the IP and VIPS of the final
interface searched, causing captive portal zone associated with multiple
interfaces to work improperly.

The revision prior to this erroneously reassigned $cpiplist at each iteration...

Remove rules before unlinking the db files

Rector direct global g accesses

Rector some direct config gets with complex paths.

Rector some config unsets with complex paths.

Spelling fixes. Fix #13357

• Incorrect input validation for `dhcp6c` `keyinfo expire` `forever` keyword in `interfaces.inc`.
• Incorrect input validation for associated rule's `Source Port` in `firewall_rules_edit.php`.
• Incorrect `voucher*.` file lock reference in `status_captiveportal_voucher_rolls.php`....

Correctly count pf eth rule counters. Fix #13418

Correct anchors passed to pfSense_pf_cp functions. Fix #13418
Anchors for each client IP address include the CIDR size

captiveportal: fix comment

Restore the correct comment, as pointed out by "Fole Systems" in
https://redmine.pfsense.org/issues/13323#change-62565

Ensure we apply policy routing on whitelisted captive portal MAC addresses

We cannot simply 'pass in quick' for the _patthru tagged packets,
because that means we don't process any subsequent policy routing (or
other user) rules.

We want the _passthru tagged (i.e. whitelisted by MAC address) packets...

Set CP pipeno consistently when null. Fixes #13265

Change Captive Portal anchors order and remove tagged option from L2 rules.

Do not duplicate Captive Portal passthru rule if HTTPS login is enabled

Reload Captive Portal rules on nomacfilter or per-user bandwidth change. Fixes #13216

Check CP rules tag on all steps. Fixes #13215

captiveportal: Add both https/http rules for cps with https. Fixes #13212

Alter captiveportal_zone_portalports to return an array of alias/port pairs
rather than a single pair. If https is enabled on the cp zone, then both https
and http sets are returned....

Captive Portal pipes reserve fix. Fixes #13204

Captive Portal hostname pipes delete fix. Issue #13193

captiveportal: Only apply per-user default bw to pipes for user auth. Fixes #13192

captiveportal_pipe_configure() was unaware of the context of the pipes it was
creating (user auth vs. allowed mac/ip/host), and always applied the default
pipe bandwidths in the absence of form specified values. This change allows the...

captiveportal: Correct errors in passthru mac deletion. Fixes #13192

Correct identifier mismatches in captiveportal_passthrumac_delete_entry()
($hostent vs $mac)

Correct and rename captiveportal_get_dn_passthru_ruleno() to
captiveportal_get_dn_passthru_pipes. This function was called to retrieve a...

captiveportal_ether_delete_entry() anchors/pipes delete fix. Issue #13169

pfSense: Fix missing global decl in captiveportal_get_last_activity. Fixes #13147

Captive Portal per user bandwidths fix. Issue #13150

Captive Portal host remove fix. Issue #13146

Correct CP status function call. Fixes #13123

Correct CP status function call. Fixes #13122

pfSense: Utilize pf captiveportal funcs from php-pfSense - Feature #12945

Captive Portal remove unused ipfw code. Todo #13100

Captive Portal ipfw->pf transition. Todo #13100

Revert "captiveportal: fix ipfw rules"

This reverts commit 9dac41af43a5b977a604098688776987c4f76722.

Update the Copyright year of the files owned by Rubicon/Netgate.

Add tag 1 to Captive Portal passthrough MAC table. Fixes #12615

Remove stale captiveportal_online_users file on boot. Fixes #12455

Reset CP DB on unclean shutdown if preservedb option is not enabled. Fixes #12355

captiveportal: fix ipfw rules

When we authorise a client we add it to the *auth(up|down) tables.
This means traffic will pass and not be forwarded, as piped traffic does
not pass through the firewall again (if net.inet.ip.fw.one_pass is set).

However, these rules are 'layer2', so when the traffic is passed it's...

Portal logout updates. Fixes #12138

• Change "Connected" page to also include a logout button
• Style page the same way as the login page for a more consistent user
  experience
• Show the "Connected" page when a user navigates back to the portal
  URL no matter the setting of the logout popup option...

Portal Redir URL scheme check. Fixes #11843

• Add support to is_URL() to check that the scheme only matches HTTP or
  HTTPS
• Use the new is_URL() feature in Captive Portal redirect URL tests

Fix variable being used before assignment. Fixes #11842

Improve Captive Portal redirect URL handling.

• Fix handling of after auth redir URL value so it gets properly
  respected as stated in the GUI. Fixes #11842
• Fix up and optimize the redirect code in general, there were several
  ordering issues (using values before they were set), logic problems,...

route_del() optimization. Issue #11475

Captive Portal custom logo fix. Issue #11360

Update the Copyright year.

A subsequent commit will deal with .po's.

Avoid flooding the logs

Ticket #9270: Make sure parameters are UTF-8

As described on ticket, for some reason we still don't know, when
pfSense_kill_states() is called with subnet as parameter (n.n.n.n/n) it
makes changes on $_POST content that can lead system to unpredictable
results....

Merge pull request #4326 from vktg/voucherviaurl

Allow to submit voucher via URL. Implements #1984

Rework route functions

- Created route_table() that returns an array containing all items from
route table. It uses --libxo to get a json object
- Created route_get() that return an array with route items to desired
target
- Created route_get_default() to get current default route for inet or...

Captive Portal UsedMACs sync. Issue #10857

Merge pull request #4386 from vktg/captivednsmultiip

Fix unparenthesized expression deprecation notice

Allowed Hostnames add/delete multiple A entries. Fixes #10724

Block additional Captive Portal Logins. Implements #9432

Merge pull request #4322 from vktg/captivedisableperuserbw

Merge pull request #4323 from vktg/captiveautomacfix

Captive Portal keep Pass-through MAC Auto Entry. Issue #9933

Captive Portal per-user bandwidth input validation fix. Issue #9311

Refresh connected users on primary when becoming master node.
Redmine #97

Forward "Disconnect all" to the other node
Redmine #97

Forward an user disconnection to the other node
Redmine #97

Forward an user connection to the backup node
Redmine #97

Do not perform RADIUS accounting/prune operations when node is in backup mode
Implement Redmine #97

Create a new page dedicated to backward sync
Implement Redmine #97

Fix backward vouchers synchronization
Redmine #7972

Merge pull request #4149 from Augustin-FL/nginx

Wait 0.2 seconds after stopping Nginx.
Redmine #10159

This is 2020. Issue #9245

Fix random typos

Merge pull request #4042 from plumbeo/fix-reconfig

Fix copyright message years to reflect BSDP -> ESF -> Netgate

Captive portal: fix locking when reinitialising rules

Don't take the lock in captiveportal_init_rules() if
captiveportal_configure_zone() has already taken it.

Captive portal: don't reset auth rules unless actually needed

Captive portal: make possible to preserve authorized users' rules and pipes

Merge pull request #4024 from plumbeo/fix-session-timeout

Merge pull request #4054 from Augustin-FL/save-users-accross-reboot

Restore connected users on boot when associated setting is enabled
Implement redmine #5644

Add allowed bandwith settings to sqlite DB
Implement redmine #5644

do not look for other servers when an auth is successful
fix #9255

Update copyright notices to 2019. Happy New Year

Captive portal: fix per-user traffic quotas

Don't overwrite the global traffic quota value with a user's radius-provided value
that would then be reused in the same run for users without a custom quota.

Captive portal: fix per-user session timeouts

Don't overwrite the global session timeout value with a user's radius-provided timeout
that would then be reused in the same run for users without a custom session timeout.

Merge pull request #4016 from Augustin-FL/captiveportal-spelling

Merge pull request #9131 from Augustin-FL/patch-accounting

Fix few spelling issues
Ticket #9134

Send MAC address as username if radmac is used for connecting an user
Ticket #9131

Merge pull request #4000 from Augustin-FL/patch-cp-3

Restore the RADIUS NAS ID option to Captive Portal. Fixes #8998

Keeps the default of using CaptivePortal-<zonename> when not set,
otherwise uses the value supplied by the user as with older versions.

generate a flag even if trying to perform RADIUS MAC authentication on a non-RADIUS server.

Implement login fallback for RADIUS MAC authentication

Include zone name in Nas-Identifier

Automatically store username of the MAC created pass-through

Revise T&C text area height

Fix syntax

Merge pull request #3972 from Augustin-FL/patch-passthrough

Added PORTAL_MESSAGE to template, fixed some wording and styling

Readded second authentication type to default captiveportal login