The use of plugins_argument_map() makes it fully backwards
compatible now although external callers need to cope with
the new reality of handling arrays (maps) going forward with
25.1 to avoid having two events one of which slows down the
processing.
All the endpoints added here have no other reference and merely
exist as dashboard core additions. Rename the visible ACL name
to hint at users that this is needed although it would be good to
offer this in the documentation for clarity.
Reusing this for maximum effect and least impact since it already
tried to create a dashboard minimal setup and here we also add the
license page and scrub the extra privilege as it does not seem to
be high profile and required.
Do not point to a location the user may not have access to.
It's not ideal, but this way we avoid future complaints and
perhaps need to document where to set the picture in the docs.
Not sure where this comes from but the concensus is that
closelog() is relatively useless and testing verifies that
it works as expected without it.
Now we just have to make sure that each component using
openlog() will reopen the actual GUI log so that it can
keep logging correctly.
auth-gen-token should only be offered (and validated) in server mode, move the validation into the server block and split the patameter handling into generic and specific mode specific types.
Although the ca-file directive works, it's better to use the hashed values in /etc/ssl/certs/ as deployed by certctl.
While here, also make sure we do not trust revoked certificates when a CRL was deployed.
According to rfc5280 an CRL update should be issued before "next update", but does not seem to define a validity. Various sources seem to indicate updates should be fetched at least every couple of hours, in which case an hourly update sounds reasonable.
To avoid excessive writes, we compare each CRL offered with the last one received before flushing it to disk and keep track of actual changes. When nothing changes, no rehash is neede, which the configd action takes care of.
Distribution points could either be HTTP or LDAP, LDAPS and HTTPS may not be used according to the RFC (CAs SHOULD NOT include URIs that specify https, ldaps, or similar schemes in extensions.)
If we don't know the issuer, according to security standards. we should prevent the new certificate being imported.
While here, wrap a recurring pattern for proc_open() in our Store implementation and keep the CSR for reuse after import.
Recent feature addition to apply time constraint fails in cases where
a log line does not contain a timestamp, as in the case of multi-line
log entries. This change just moves on when a line contains no
timestamp, as we will eventually find the line that contains the
start of the log entry (and the timestamp).
fixes#7888
