entrouvert
/
univnautes
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity
24,218 Commits 3 Branches 21 Tags 59 MiB
Commit Graph

270 Commits

Author SHA1 Message Date
Renato Botelho 340ce958d9 Add an extra protection to avoid having an empty group created 2014-11-13 09:10:44 -02:00
Ermal c7f5b55a28 Actually require group name! 2014-11-11 21:36:57 +01:00
Ermal baca968c29 Do not do operations for empty group members 2014-11-11 21:35:29 +01:00
Chris Buechler 41367b9c2a remove old DISABLE_PHP_LINT_CHECKING, which dates way back to the CVS days and hasn't been relevant in years. 2014-11-04 18:34:03 -06:00
Renato Botelho dd030de935 Detect when protocol changes and invalidate session to get a new cookie with secure flag set according. It fixes #3714 2014-07-18 14:18:50 -03:00
Renato Botelho 16789caa90 Always set httponly attribute on cookies 2014-06-18 07:38:24 -03:00
Renato Botelho 526f5b114a Add comment I forgot on last commit 2014-06-17 14:28:00 -03:00
Renato Botelho 8588095f85 Re-generate session ID on a successful login to avoid session fixation 2014-06-17 14:27:00 -03:00
Renato Botelho 6f3d20631d Replace Header() calls by lowercase 2014-06-13 08:59:57 -03:00
Renato Botelho 7f7626ba44 Merge branch 'master-br' of https://github.com/ayvis/pfsense into ayvis-master-br 2014-03-17 11:17:29 -03:00
Chris Buechler 0734024c9e standardize URLs 2014-03-14 19:28:10 -05:00
ayvis 8cd558b61b xhtml Compliance 
replaced <br>, <br/> and </br> with <br />
 2014-03-14 21:24:03 +01:00
Ermal aa205c3b69 Rmoeve register_long_arrays from php.ini and from php code the use of HTTP_*_VARS as its deprecated and luckily low use in pfSense to win memory and compativility 2013-12-20 22:08:34 +00:00
Renato Botelho 2b41df9c4d Provide a more safe way to avoid pw userdel being interactive because of a crontab existance 2013-11-14 15:54:05 -02:00
Renato Botelho 0f84dee3eb Revert "local_sync_accounts: provides empty STDIN to pw userdel command" 
This reverts commit c6b156bfa5.
 2013-11-14 15:54:05 -02:00
Ky-Anh Huynh c6b156bfa5 local_sync_accounts: provides empty STDIN to pw userdel command 
The /usr/sbin/pw command may wait for user input. For example,
if there is a manual crontab settings for :foobar account, then
when this account is requested to be deleted, the command will
ask if user wants to delete crontab settings for the account.

Because the command waits for user input, the boot process will
hang at the "Synchronizing user settings..." step, unless user
presses any key.

To avoid this problem, we use the /bin/echo command to give
empty input for /usr/bin/pw command. This is an alternative of
typing "no" or "n".

This is a not the best way. Maybe closing STDIN is good. Or
force users to change account settings from webUI.

See also #852 (pull request). Renato Botelho points out that
"pw userdel" will call "crontab -u %user -r" that is interative.
"pw groupdel" will never be interative, though.
 2013-11-13 06:29:53 +07:00
Renato Botelho 23b5b16ac6 Revert "Add conf_mount_rw calls on functions that changes user/groups. It fixes #3294" 
This reverts commit b1e5a286bb.
 2013-11-02 08:48:05 -02:00
Renato Botelho b1e5a286bb Add conf_mount_rw calls on functions that changes user/groups. It fixes #3294 2013-11-01 10:55:49 -02:00
jim-p a5cd1c5a42 Add LDAP server options to control UTF8-encoding of parameters. Fixes #2227. While I'm here, add a checkbox to prevent the stripping of @ from the LDAP username if the user wants the full name transmitted. 2013-07-17 10:13:08 -04:00
Ermal 23c652cd21 Ignore errors/warnings from these calls 2013-07-15 14:02:17 +00:00
jim-p 9f0bee025d Include both dyndns and rfc2136 hosts in referer check 2013-07-02 16:58:08 -04:00
jim-p fa08761224 Include RFC2136 hosts in DNS rebinding checks. 2013-07-02 16:58:07 -04:00
Andrew MacIsaac 3d3081ecbb Set LDAP option to dereference aliases when searching 2013-04-02 11:36:23 -07:00
jim-p 3697adb236 Print the error message from LDAP in the log for a bind failure. 2013-03-06 08:37:27 -05:00
jim-p bddd2be844 Add a knob in the GUI to set the RADIUS authentication timeout. Previous default was 3s, new is 5s. When using two-factor auth via external (e.g. phone), this needs to be set much higher, 60-120. 2013-02-13 15:55:55 -05:00
jim-p b2a0a8e939 Something in the LDAP libraries has changed and it no longer likes spaces in the CA filename. Use the refid for the CA filename since it will always be unqiue, and it will never contain any spaces, unlike authname or the CA's descr. 2013-01-14 16:28:40 -05:00
Vinicius Coque 9656852187 Removing gettext from strins that should not be translated 2013-01-05 15:03:24 -02:00
Ermal 2004def595 Put these logs under debug since that's their purpose 2012-11-19 19:23:29 +00:00
Ermal 3ac8324f5b Put these logs under debug since that's their purpose 2012-11-19 19:21:28 +00:00
PiBa-NL 9a98a89e79 authentication, don't log 'errors' on normal procedure 2012-11-18 14:10:19 +01:00
Ermal eff0526e60 Not sure why this has been hidden so deep but putting that in the right place should help with error displayed related to HEADER already sent in PHP errors.log 2012-11-15 10:41:38 +00:00
Warren Baker 323dc2e792 Supress the error message if the ldap bind doesnt happen 2012-07-27 23:19:41 +02:00
jim-p 83e0d4c85c Fix LDAP over IPv6 (works fine, just needed slight adjustment to URI) 2012-06-30 18:11:17 -04:00
Ermal 1492e02cb4 Import OpenVPN cisco style radius attributes applying policy to logged in users. Feature #2100 2012-06-05 19:37:45 +00:00
Ermal 88165371ef Do not allow empty passwords since this might cause problems for some authentication servers like ldap. Fixes #2326 2012-05-30 20:51:11 +00:00
jim-p c886fed9ba As suggested by wagonza, using SAMEORIGIN for X-Frame-Options is sufficient here, and does allow the traffic graphs to work. Fixes #2419 2012-05-15 11:44:38 -04:00
Scott Ullrich babac37a3b Add click jacking support. Ticket #2419 2012-05-10 11:51:09 -04:00
Warren Baker 49ddf9a10f Handle HTTPOnly and Secure flags on cookies 2012-05-09 19:08:17 +02:00
Ermal 1cb94b24ef Looking at pw code : chars are invalid in a comment fieldgit diff! Replace those to just space 2012-03-12 19:28:48 +00:00
Ermal 9252d093fa Another try to eliminate the warning 'PHP Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/authgui.inc:201) in /usr/local/www/guiconfig.inc on line 47' 2012-02-08 07:59:09 +00:00
Erik Fonnesbeck c28fae2fd1 Revert "Check if a session already exists to avoid errors issued by php on sesion_start being called on existing session" 
This reverts commit 9b2de7e2a6.
 2012-02-07 22:32:41 -07:00
Ermal 9b2de7e2a6 Check if a session already exists to avoid errors issued by php on sesion_start being called on existing session 2012-02-07 20:35:51 +00:00
jim-p 6763033dd5 Include admin user in bootup account sync 2012-01-25 15:39:33 -05:00
jim-p 9fd145911d Be more careful when creating and removing a user, to only alter a user if it really matches the passwd entry. Fixes #2066 
pw usershow likes to ignore what you want even with -n and if the user is numeric and doesn't exist, it fetches by uid. Can cause major problems if you try to remove a numeric user.
 2012-01-23 14:15:14 -05:00
smos 2ce660ad4d Unbreak a number of explode() replacements which required preg_split() 2012-01-20 12:18:13 +01:00
smos cfbfd9412b The function split() is replaced by the function explode(). Starting with PHP 5.3 this is deprecated and with version 6 gone. 
Replacing it surpresses all the warnings
 2012-01-19 20:33:41 +01:00
jim-p 6ac18f9d11 mhash -> hash change from Ermal 2012-01-19 14:50:15 -05:00
Ermal 906daddcf5 Ticket #1052. Merge patch referenced in ticket. 2011-11-14 13:42:32 +00:00
jim-p 9f27de6d2f Do not pass the ldap port separately, but add it to the LDAP URL. PHP's ldap_connect() ignores the passed port parameter if the first parameter is a URL instead of a hostname. 2011-10-25 11:05:11 -04:00
jim-p 007e59d2bf Include certs.inc before calling lookup_ca in auth.inc. Fixes #1927 2011-10-05 10:15:41 -04:00