lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-13 08:09:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,376 Commits 1 Branch 0 Tags
Commit Graph

17376 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stephan de Wit
04f9e5cfc2
OpenVPN: Instances: add Require Client Provisioning option (#7956) 2024-10-09 10:46:43 +02:00
Franco Fichtner
a890e5f6e2 firmware: add other pkg mirrors to CRL check and connectivity audit 2024-10-09 10:28:52 +02:00
Franco Fichtner
d3a655f76b firmware: add CRL validation for business mirror 2024-10-08 14:39:04 +02:00
Ad Schellevis
bf6ce7a34c System: Trust - add crl bundle collector for updates 2024-10-08 13:43:23 +02:00
Franco Fichtner
954fc82f24 firmware: collect TLS hostnames to check 
We will reuse this for CRL verification in a bit.
 2024-10-08 13:35:47 +02:00
Franco Fichtner
a383331f57 system: improve context of changed/modified message in certctl.py 2024-10-08 08:41:20 +02:00
Franco Fichtner
2adda3edd1 system: copyright header style 2024-10-08 08:08:40 +02:00
Ad Schellevis
9a33aeb07e system/trust - link location could be a file or link, but when it exists, it should be removed. fixes: 
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...
Traceback (most recent call last):
  File "/usr/local/opnsense/scripts/system/certctl.py", line 195, in <module>
    cmds[sys.argv[1]]()
  File "/usr/local/opnsense/scripts/system/certctl.py", line 152, in cmd_rehash
    os.symlink(src_filename, dst_filename)
FileExistsError: [Errno 17] File exists:
 2024-10-07 19:47:25 +02:00
Mathieu
96a37c2763 tests: Add failing unit tests for ComparedToFieldConstraintTest 2024-10-07 09:36:24 +02:00
Ad Schellevis
e648aefb76 Firewall: Automation: Filter - add gateway groups to the list, closes https://github.com/opnsense/core/issues/7625 2024-10-05 18:22:30 +02:00
Ad Schellevis
0cae921340 Services: Kea DHCP: Kea DHCPv4 - add editAlert message for grid edits, closes https://github.com/opnsense/core/issues/7937 2024-10-05 17:47:40 +02:00
Ad Schellevis
9ce4add4db System: Trust: Certificates - show user icon when not otherwise used, but commonname matches any of our registered usernames. closes https://github.com/opnsense/core/issues/7920 2024-10-05 17:34:43 +02:00
Ad Schellevis
1a048805d7 VPN: OpenVPN: Instances - add "interface invoke registration" event to reconfigure action, closes https://github.com/opnsense/core/issues/7869 2024-10-05 17:09:04 +02:00
Ad Schellevis
415b280959 Services: Kea DHCP: Kea DHCPv4 / Reservations - add missing constraint on ip address, closes https://github.com/opnsense/core/issues/7944 2024-10-05 11:06:29 +02:00
Stephan de Wit
b49b935bb9 system: general: handle picture deletion via hidden input 2024-10-03 09:39:27 +02:00
Stephan de Wit
b9b2a10ba2 plugins: invert volatile check 2024-10-02 15:26:15 +02:00
Ad Schellevis
58dee6f789 System: Trust - add descriptions on download, closes https://github.com/opnsense/core/pull/7932 2024-10-02 11:30:48 +02:00
Franco Fichtner
b5ca261e18 interface: fix typo in menu 2024-10-01 09:30:45 +02:00
Franco Fichtner
3cee5afa61 system: fix ACLs redirecting to API page by default (mea culpa) 2024-10-01 09:02:17 +02:00
Franco Fichtner
ce1fae3913 interfaces: go full circle on newwanip even handler 
The use of plugins_argument_map() makes it fully backwards
compatible now although external callers need to cope with
the new reality of handling arrays (maps) going forward with
25.1 to avoid having two events one of which slows down the
processing.
 2024-10-01 08:15:27 +02:00
Franco Fichtner
f4e13c2a6a interfaces: refactor previous slightly 2024-10-01 07:41:15 +02:00
Monviech
f8d0ca5e1c
vxlan: fix interface being busy when vxlanlocal or vxlanremote is changed (#7872) 
* vxlan: fix interface being busy when vxlanlocal or vxlanremote is changed.
 2024-09-30 17:19:52 +02:00
Franco Fichtner
a94b31f0f8 system: small cleanup after the fact 
Discussed with: @adschellevis
 2024-09-30 17:16:54 +02:00
Franco Fichtner
6b70fcf113 system: remove page-dashboard-all, move remnants to page-login-logout; closes #7907 
All the endpoints added here have no other reference and merely
exist as dashboard core additions.  Rename the visible ACL name
to hint at users that this is needed although it would be good to
offer this in the documentation for clarity.

Reusing this for maximum effect and least impact since it already
tried to create a dashboard minimal setup and here we also add the
license page and scrub the extra privilege as it does not seem to
be high profile and required.
 2024-09-30 16:04:03 +02:00
Franco Fichtner
3fe3591f6b system: put picture link back and fix type conversion issue #7907 2024-09-30 16:03:05 +02:00
Stephan de Wit
3d1cac71ce dashboard: exclude non-reachable links from being rendered 2024-09-30 15:46:00 +02:00
Franco Fichtner
eb7b2daa38 system: make picture widget available for non-root users #7907 
Do not point to a location the user may not have access to.
It's not ideal, but this way we avoid future complaints and
perhaps need to document where to set the picture in the docs.
 2024-09-30 15:35:49 +02:00
Franco Fichtner
43e3be8248 system: remove unreachable page-getstats #7907 
The license is only visible due to 1fd55b121142.  Scrub unreachable
and annotate the other one as that may still be reachable.
 2024-09-30 15:21:22 +02:00
Franco Fichtner
30d46892c4 mvc: remove closelog() plainly for now 
Fixing this fully is probably quite some work as the API isn't
tailored for multi-log-location.
 2024-09-30 13:55:37 +02:00
Franco Fichtner
b563c223bf system: closelog() has timing issues 
Not sure where this comes from but the concensus is that
closelog() is relatively useless and testing verifies that
it works as expected without it.

Now we just have to make sure that each component using
openlog() will reopen the actual GUI log so that it can
keep logging correctly.
 2024-09-30 13:19:26 +02:00
Franco Fichtner
3612583d58 system: adjust a bit of ACL confusion and drop separate entities from dashboard-all #7907 2024-09-30 09:26:37 +02:00
Franco Fichtner
ff73ec9c90 make: do not waste development time by clearing caches on install 2024-09-30 09:26:37 +02:00
Franco Fichtner
a5579cf3d7 monit: fix ACL metadata loosely related to #7907 2024-09-30 09:26:37 +02:00
Ad Schellevis
f454a2d335 VPN: OpenVPN: Instances - fix "auth-gen-token" being supplied in server mode introduced by ec23ffc0ef, closes https://github.com/opnsense/core/issues/7919 
auth-gen-token should only be offered (and validated) in server mode, move the validation into the server block and split the patameter handling into generic and specific mode specific types.
 2024-09-30 08:54:39 +02:00
Franco Fichtner
1d8e5fec36 plugins: improve the pattern handling in devices 
Always bootstrap (an impossible) pattern to match devices.  On the
console end try the implied method now.
 2024-09-30 07:46:21 +02:00
kumy
f81c2e864a
fix: Correct template helper exists() return type (#7918) 
Closes #7917
 2024-09-29 19:18:20 +02:00
Ad Schellevis
66e62f4a89 System: Settings: Logging - configure proper CA and CRL directories conform standards. 
Although the ca-file directive works, it's better to use the hashed values in /etc/ssl/certs/ as deployed by certctl.
While here, also make sure we do not trust revoked certificates when a CRL was deployed.
 2024-09-29 13:35:36 +02:00
Franco Fichtner
f3a8c28c0e firmware: remove escaped slashes workaround, works since 24.7.5 2024-09-27 10:25:47 +02:00
Ad Schellevis
492885988d model update 2024-09-26 11:42:18 +02:00
Monviech
db0232d643
ipsec: settings: Add make_before_break option (#7855) 2024-09-26 11:35:22 +02:00
Ad Schellevis
de8210ba12 Services: Kea DHCP: Kea DHCPv4 - add configurable max-unacked-clients parameter and change default to 2 to make it more responsive. closes https://github.com/opnsense/core/issues/7458 2024-09-26 11:03:49 +02:00
Franco Fichtner
a27d3313eb pkg: sort ;) 2024-09-26 09:39:02 +02:00
Ad Schellevis
ebb407e997 System: Trust - add dependency for crl_fetch.py 2024-09-26 09:29:34 +02:00
Ad Schellevis
429b8e38b2 System: Trust - optimize certctl.py to prevent unneeded disk writes and flush certificates to ports openssl location (/usr/local/openssl/certs) 2024-09-25 19:55:02 +02:00
Ad Schellevis
ba2e9d485f System: Trust: Settings - strictly validate if any of the custom options are set when config constraints are enabled , without options openssl won't accept the config file which lead to breakage 2024-09-25 11:52:33 +02:00
Ad Schellevis
a3fd07bd4e VPN: OpenVPN: Client Export - push data-ciphers-fallback when configured to align with legacy setup, closes https://github.com/opnsense/core/issues/7893 2024-09-24 21:17:46 +02:00
Ad Schellevis
b709232e44 System: Trust: Authorities - finish crl fetch script for installed certificates and hook into form and cron updates. 
According to rfc5280 an CRL update should be issued before "next update", but does not seem to define a validity. Various sources seem to indicate updates should be fetched at least every couple of hours, in which case an hourly update sounds reasonable.

To avoid excessive writes, we compare each CRL offered with the last one received before flushing it to disk and keep track of actual changes. When nothing changes, no rehash is neede, which the configd action takes care of.

Distribution points could either be HTTP or LDAP, LDAPS and HTTPS may not be used according to the RFC (CAs SHOULD NOT include URIs that specify https, ldaps, or similar schemes in extensions.)
 2024-09-24 20:58:04 +02:00
Ad Schellevis
6f79579537 System: Trust: Authorities - (work in progress) crl fetch script for installed certificates. 
The overal structure is there, but needs the final bits and pieces added to it. committing it now as a backup
 2024-09-24 18:38:53 +02:00
Franco Fichtner
61e47d7f9a interfaces: fix undefined function error in Monit CARP script 
PR: https://www.reddit.com/r/opnsense/comments/1fobode/daily_errors/
 2024-09-24 15:01:59 +02:00
Franco Fichtner
8684443b65 plugins: enforce defaults on devices 2024-09-24 12:40:11 +02:00