lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-13 08:09:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
17,347 Commits 1 Branch 0 Tags
Commit Graph

17347 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Franco Fichtner
b563c223bf system: closelog() has timing issues 
Not sure where this comes from but the concensus is that
closelog() is relatively useless and testing verifies that
it works as expected without it.

Now we just have to make sure that each component using
openlog() will reopen the actual GUI log so that it can
keep logging correctly.
 2024-09-30 13:19:26 +02:00
Franco Fichtner
3612583d58 system: adjust a bit of ACL confusion and drop separate entities from dashboard-all #7907 2024-09-30 09:26:37 +02:00
Franco Fichtner
ff73ec9c90 make: do not waste development time by clearing caches on install 2024-09-30 09:26:37 +02:00
Franco Fichtner
a5579cf3d7 monit: fix ACL metadata loosely related to #7907 2024-09-30 09:26:37 +02:00
Ad Schellevis
f454a2d335 VPN: OpenVPN: Instances - fix "auth-gen-token" being supplied in server mode introduced by ec23ffc0ef, closes https://github.com/opnsense/core/issues/7919 
auth-gen-token should only be offered (and validated) in server mode, move the validation into the server block and split the patameter handling into generic and specific mode specific types.
 2024-09-30 08:54:39 +02:00
Franco Fichtner
1d8e5fec36 plugins: improve the pattern handling in devices 
Always bootstrap (an impossible) pattern to match devices.  On the
console end try the implied method now.
 2024-09-30 07:46:21 +02:00
kumy
f81c2e864a
fix: Correct template helper exists() return type (#7918) 
Closes #7917
 2024-09-29 19:18:20 +02:00
Ad Schellevis
66e62f4a89 System: Settings: Logging - configure proper CA and CRL directories conform standards. 
Although the ca-file directive works, it's better to use the hashed values in /etc/ssl/certs/ as deployed by certctl.
While here, also make sure we do not trust revoked certificates when a CRL was deployed.
 2024-09-29 13:35:36 +02:00
Franco Fichtner
f3a8c28c0e firmware: remove escaped slashes workaround, works since 24.7.5 2024-09-27 10:25:47 +02:00
Ad Schellevis
492885988d model update 2024-09-26 11:42:18 +02:00
Monviech
db0232d643
ipsec: settings: Add make_before_break option (#7855) 2024-09-26 11:35:22 +02:00
Ad Schellevis
de8210ba12 Services: Kea DHCP: Kea DHCPv4 - add configurable max-unacked-clients parameter and change default to 2 to make it more responsive. closes https://github.com/opnsense/core/issues/7458 2024-09-26 11:03:49 +02:00
Franco Fichtner
a27d3313eb pkg: sort ;) 2024-09-26 09:39:02 +02:00
Ad Schellevis
ebb407e997 System: Trust - add dependency for crl_fetch.py 2024-09-26 09:29:34 +02:00
Ad Schellevis
429b8e38b2 System: Trust - optimize certctl.py to prevent unneeded disk writes and flush certificates to ports openssl location (/usr/local/openssl/certs) 2024-09-25 19:55:02 +02:00
Ad Schellevis
ba2e9d485f System: Trust: Settings - strictly validate if any of the custom options are set when config constraints are enabled , without options openssl won't accept the config file which lead to breakage 2024-09-25 11:52:33 +02:00
Ad Schellevis
a3fd07bd4e VPN: OpenVPN: Client Export - push data-ciphers-fallback when configured to align with legacy setup, closes https://github.com/opnsense/core/issues/7893 2024-09-24 21:17:46 +02:00
Ad Schellevis
b709232e44 System: Trust: Authorities - finish crl fetch script for installed certificates and hook into form and cron updates. 
According to rfc5280 an CRL update should be issued before "next update", but does not seem to define a validity. Various sources seem to indicate updates should be fetched at least every couple of hours, in which case an hourly update sounds reasonable.

To avoid excessive writes, we compare each CRL offered with the last one received before flushing it to disk and keep track of actual changes. When nothing changes, no rehash is neede, which the configd action takes care of.

Distribution points could either be HTTP or LDAP, LDAPS and HTTPS may not be used according to the RFC (CAs SHOULD NOT include URIs that specify https, ldaps, or similar schemes in extensions.)
 2024-09-24 20:58:04 +02:00
Ad Schellevis
6f79579537 System: Trust: Authorities - (work in progress) crl fetch script for installed certificates. 
The overal structure is there, but needs the final bits and pieces added to it. committing it now as a backup
 2024-09-24 18:38:53 +02:00
Franco Fichtner
61e47d7f9a interfaces: fix undefined function error in Monit CARP script 
PR: https://www.reddit.com/r/opnsense/comments/1fobode/daily_errors/
 2024-09-24 15:01:59 +02:00
Franco Fichtner
8684443b65 plugins: enforce defaults on devices 2024-09-24 12:40:11 +02:00
Ad Schellevis
b3eb5817ab System: Trust: Certificates - add proper validation when certs are being imported for CSR's. 
If we don't know the issuer, according to security standards. we should prevent the new certificate being imported.
While here, wrap a recurring pattern for proc_open() in our Store implementation and keep the CSR for reuse after import.
 2024-09-24 11:06:10 +02:00
Franco Fichtner
123eed8963 openvpn: squelch a PHP warning 2024-09-24 08:38:34 +02:00
Franco Fichtner
23bf1ee05d interfaces: update the style of the newwanip calls 2024-09-24 07:43:00 +02:00
iain MacDonnell
2a1ccae959
System/Logging - handle lines with no timestamp (#7889) 
Recent feature addition to apply time constraint fails in cases where
a log line does not contain a timestamp, as in the case of multi-line
log entries. This change just moves on when a line contains no
timestamp, as we will eventually find the line that contains the
start of the log entry (and the timestamp).

fixes #7888
 2024-09-23 17:54:11 +02:00
Ad Schellevis
bd037cc655 logging: remove closelog() from auth_log(), in some cases this seems to silence successive lines from the feed for some reason and closelog() doesn't seem needed anyway 2024-09-23 10:57:41 +02:00
Franco Fichtner
d161d7c534 src: style sweep 2024-09-23 08:12:06 +02:00
Mathieu
17270c4275 tests: Add a unit test for ComparedToFieldConstraintTest 2024-09-22 16:33:24 +01:00
Franco Fichtner
7b8c4dbeb0 interfaces: move PPP/wireless to system log #7880 
Unfortunately multiple wireless pages exist so no consolidation for now.
 2024-09-22 16:30:08 +01:00
Ad Schellevis
ec23ffc0ef VPN: OpenVPN: Instances - validate "Auth Token Lifetime" requires a non zero Renegotiate time, closes https://github.com/opnsense/core/issues/7690 2024-09-21 15:22:11 +02:00
Franco Fichtner
3cbc7927db Scripts: do not error on missing directories 2024-09-19 15:33:50 +01:00
Franco Fichtner
89f84780ff interfaces: full-cirle on vpn_map vs. vpn event 
We actually only want the vpn_map event in the stable branch
and move to a backwards compatible format for 25.1 but as a
new coalesced (mapped) caller.
 2024-09-18 12:10:46 +02:00
Franco Fichtner
5fe06a19ba unbound: port to plugins_interface_map() 2024-09-18 11:57:05 +02:00
Franco Fichtner
388281afaa openvpn: port to plugins_argument_map() 2024-09-18 11:51:02 +02:00
Franco Fichtner
9ad018f580 ipsec: port to plugins_interface_map() 
There was a typo here, too.  But it also wasn't fully tested
yet and not in 24.7.x yet.
 2024-09-18 11:36:48 +02:00
Franco Fichtner
6e1be9df8a openssh: port to plugins_argument_map() 2024-09-18 11:32:18 +02:00
Franco Fichtner
9d154beea2 system: port web GUI to plugins_argument_map() 2024-09-18 08:54:44 +02:00
Franco Fichtner
2c718a54f7 dhcrelay: refactor for plugins_argument_map() use 
Shift names around a bit more to make it clearer why we sometimes
handle IDs and other times interfaces and how they relate to each
other.
 2024-09-18 08:47:26 +02:00
Monviech
a1f6987f47 mvc: Remove bold text from base_tabs_header.volt 2024-09-17 15:19:12 +02:00
Franco Fichtner
9422d6435e system: kill these dashboard-only entries 
They are already disabled and do exist elsewhere. lint-acl doesn't
complain either and now the risk of false positives is zero.
 2024-09-17 08:30:08 +02:00
Franco Fichtner
f10604cda7 interfaces: straighten out VIP status ACLs 2024-09-17 08:27:48 +02:00
Franco Fichtner
01e3d9eccc dhcrelay: *_interfaces() is reserved and should not be used here 2024-09-17 08:26:00 +02:00
Franco Fichtner
2d0536c259 system: fix typos, clarify 
PR: https://forum.opnsense.org/index.php?topic=42862.0
 2024-09-17 07:30:07 +02:00
Franco Fichtner
842075ca06 interfaces: move legacy RFC2136 to plugin hook 
We can't remove it now and we can't widen the call since local
and newwanip_map are mostly the same, but also different.

Use the selector trick to just invoke what we need and lose the
configd error.

PR: https://www.reddit.com/r/opnsense/comments/1fi5mw3/rfc2136_errors_in_audit_log/
 2024-09-16 16:49:13 +02:00
Franco Fichtner
5c7f4ab166 system: squelch warning 2024-09-16 14:12:43 +02:00
Stephan de Wit
630d380728 system: typo in previous 2024-09-16 10:36:54 +02:00
Franco Fichtner
05739a0898 system: improve previous and widen its use 2024-09-16 10:13:16 +02:00
Stephan de Wit
4f6b9ec726
system: make dpinger_configure_do map aware (#7867) 2024-09-16 10:01:53 +02:00
Franco Fichtner
0176a47c36 interfaces: refactor a bit for PPP 2024-09-16 08:50:43 +02:00
Franco Fichtner
af62c482e2 interfaces: add 'spoofmac' device option and enforce it 
PR: https://forum.opnsense.org/index.php?topic=42798.0
 2024-09-14 13:37:17 +02:00