lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-16 01:24:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
16,353 Commits 1 Branch 0 Tags
Commit Graph

15050 Commits

Author SHA1 Message Date
Ad Schellevis
b8734ae852 Services: Unbound DNS - dnsbl_module.py - prevent os.write() on None when another thread closed the pipe (self._pipe_fd) 2024-02-15 13:34:06 +01:00
Franco Fichtner
3cb2f3d794 system: style sweep 2024-02-15 11:49:07 +01:00
kulikov-a
1bd6823838 alias_util.volt: make select width more consistent 2024-02-15 11:10:14 +01:00
Stephan de Wit
fdc8a8fd2c gateways: fix migration issue causing gateways to be skipped 
Properties should be copied 1-to-1 before we apply the required
defaults if necessary. In the previous situation this caused
required properties to be set to an empty value after the default
value had already been written to it. In the failure case we
attempt to be a bit more explicit and refer to the crash reporter.

While here, the master branch has dropped the Phalcon Messages class,
so switch to count() since this seems to inherit array type
and is therefore backwards compatible:

$msgs = new \Phalcon\Messages\Messages();
$count = count($msgs);
// $count == 0

See https://github.com/opnsense/core/issues/6389
 2024-02-14 14:26:50 +01:00
Franco Fichtner
0873d89f3c src: style sweep 2024-02-13 21:18:20 +01:00
Ad Schellevis
8278fbe944 Services: Kea DHCP: Kea DHCPv4 - add domain-name to client, set to firewall's hostname when not offered. closes https://github.com/opnsense/core/pull/7234 2024-02-13 20:51:06 +01:00
Ad Schellevis
75bb361e24 mvc: Phalcon framework dependency (https://github.com/opnsense/core/issues/6389) 
fix regression in c2ea9aa3039eb4d24ba53a7aa2190642150f20eb and amend unit tests.
 2024-02-13 20:20:45 +01:00
Ad Schellevis
098a89b965 Services: Kea DHCP: Kea DHCPv4 - loosen constraints for tftp boot. closes https://github.com/opnsense/core/issues/7235 2024-02-13 19:43:45 +01:00
Ad Schellevis
7d56aafaf2 mvc - cleanup used import 2024-02-13 19:19:14 +01:00
Ad Schellevis
fa6d093b04 mvc: phalcon - drop unused "use Phalcon\Messages\Messages" (https://github.com/opnsense/core/issues/6389) 2024-02-13 18:27:15 +01:00
Ad Schellevis
c2ea9aa303 mvc: Phalcon framework dependency (https://github.com/opnsense/core/issues/6389) 
Add simple Message class and remove "Messages" dependancy in Validation.php, which should be backwards compatible with all existing validations.
By moving  \Phalcon\Filter\Validation() into validate() we're making the validation paths more explicit, if an objects implements ValidatorInterface, it uses phalcon, otherwise it's a simple BaseValidator passing messages back to $this->appendMessage().

The original phalcon Message class has additional fields we don't use, we only use fieldname for tracking purposes and the message itself.
 2024-02-13 18:21:30 +01:00
Franco Fichtner
203a034e93 wireguard: remove duplicate ID column 2024-02-13 14:21:38 +01:00
Ad Schellevis
c79bf84642 MVC - fix Validation.php:44 - Creation of dynamic property OPNsense\Base\Validation::$data is deprecated 2024-02-13 14:00:20 +01:00
Ad Schellevis
cdba294227 MVC - fix /usr/local/opnsense/mvc/app/models/OPNsense/Base/Validation.php:40 - Creation of dynamic property OPNsense\Base\Validation::$phalcon_validation is deprecated 2024-02-13 13:51:13 +01:00
Franco Fichtner
aec970624a mfc: style sweep 2024-02-13 10:11:42 +01:00
Franco Fichtner
a76a4ff21c interfaces: reload related gif/gre late 
This helps serializing the reload flow and also prevents
overlapping messages in verbose mode.
 2024-02-13 10:00:07 +01:00
Franco Fichtner
b9f2bb5000 interfaces: same here 2024-02-13 09:55:26 +01:00
Franco Fichtner
fa22dce74c system: 'gateway' may be unset so set to impossible value (PHP warning) 2024-02-13 09:50:51 +01:00
Franco Fichtner
299dbaa017 mvc: return proper type for readJson() use to fix deprecation warning 2024-02-13 09:37:08 +01:00
Franco Fichtner
b62f22d5ac nterfaces: fix strpos() deprecation null haystack 
We just exit earlier as we don't need the value in that case.
 2024-02-13 09:34:39 +01:00
Ad Schellevis
b76c13be60 VPN: IPsec: Mobile Clients - show eap-radius settings (disabled) when legacy is being used. closes https://github.com/opnsense/core/issues/7233 2024-02-12 20:59:24 +01:00
Franco Fichtner
3ca3bc5c8a Revert "system: exclude deprecated until Phalcon is fixed" 
This reverts commit 1ccb2c9430b92e3f40798d269a1f3dbc94635ef2.
 2024-02-12 15:12:44 +01:00
Ad Schellevis
1c96851043 Firewall: Automation: Filter - obey rule ordering including group sequence. closes https://github.com/opnsense/core/issues/7111 
After giving this some thought, it looks like a good idea to fix this bug anyway. There is a very small chance people combine legacy and mvc rules which contradict eachother, but in the long run this will lead to more issues. Since getPriority() skipped group priority, we'll add the same calculation as being used in db4b90d218/src/etc/inc/filter.lib.inc (L632-L638) too.
 2024-02-12 15:08:46 +01:00
Franco Fichtner
5f855524e3 mvc: fix Phalcon 5.4 and up 
See also: https://github.com/phalcon/cphalcon/issues/16460
 2024-02-12 14:46:52 +01:00
Ad Schellevis
0a17929ec7 VPN: OpenVPN: Instances - when cert_depth is left empty, it should ignore the value. https://github.com/opnsense/core/issues/7228#issuecomment-1938579724 
Changing allowed to the depth found should have this effect.
 2024-02-12 13:28:20 +01:00
Ad Schellevis
3d728420a5 VPN: OpenVPN: Instances - data-ciphers-fallback should be a single option as suggested in https://github.com/opnsense/core/issues/7228 , when multiple values are selected, the instance won't start. Which makes this a rather safe change without migration. 2024-02-12 13:16:13 +01:00
Ad Schellevis
833765fafe VPN: OpenVPN: Instances - tighten validation introduced in 66fd0e4699i closes https://github.com/opnsense/core/issues/7228 2024-02-12 11:02:28 +01:00
Ad Schellevis
0fa6e964ce VPN: WireGuard: Settings - partial revert e385b1cd3e6ebbc9c21b5730e1e0a7bb24e8f2ba as constraints should only apply on peers (not instances). closes https://github.com/opnsense/core/issues/7229 2024-02-12 09:53:53 +01:00
Ad Schellevis
e210c854c3 Services: Kea DHCP: Kea DHCPv4 / Reservations - add address constraint (address should lie inside requested netblock) 2024-02-12 09:46:30 +01:00
Ad Schellevis
27e27f25c5 Services: Kea DHCP: Kea DHCPv4 / Reservations - add unique constraint for mac address + subnet. closes https://github.com/opnsense/core/issues/7230 2024-02-12 09:27:07 +01:00
Ad Schellevis
30862f8711 VPN: WireGuard - Optimize "non fluent" reloading. When wireguard installs its own routes, we are not able to track them properly. If that's the case and the user reconfigures, drop all interface addresses instead of removing the interface (and creating it again). 
There is a small chance of remnants after the fact, but dropping the interface is more problematic to recover from as it will invalidate filter rulesets as well.
The user is still able to force a stop/start using the reload action, which also reloads the filter after the fact.

proposal for https://github.com/opnsense/core/issues/7148
 2024-02-10 21:45:10 +01:00
Ad Schellevis
bf9996989e Services: Kea DHCP : Kea DHCPv4 - be more explicit about what options are being overwritten when option_data_autocollect is used. closes https://github.com/opnsense/core/issues/7225 2024-02-10 09:47:22 +01:00
brotherla
25d06fd812
update traffic graph colors to be contrast and consistent (#7217) 
Co-authored-by: Ilya Bursov <ibursov@servicetitan.com>
 2024-02-09 11:11:42 +01:00
Franco Fichtner
03ffdf511d ipsec: same same but different; closes #6973 
In portait mode the __ml looks odd as the form-inline
is broken off to avoid wide form layouts so we use __mr
on the button div instead.
 2024-02-09 11:04:45 +01:00
Franco Fichtner
66b50c3d51 ipsec: enable placement on connections page for #6973 
Placing this right beside the apply button might make some people
think about not missing this option when using IPsec.
 2024-02-09 10:57:22 +01:00
Franco Fichtner
c1d2d18a72 wireguard: fix copy and paste refactor 2024-02-09 10:09:32 +01:00
Franco Fichtner
0d7d48eb17 wireguard: improve previous 
Since route add with subnet will revert to a strict subnet route
two separate entries 192.168.1.1/24 and 192.168.1.2/24 will both
be added as 192.168.1.0/24 and produce the same error.

Normalize here as well and get rid of the duplicates.  It should
also fix IPv6 compression mismatches.
 2024-02-09 09:59:12 +01:00
Ad Schellevis
56e5f99390 VPN: IPsec: Connections - allow % to support %any in id's. closes https://github.com/opnsense/core/issues/7220 2024-02-09 09:01:13 +01:00
Ad Schellevis
c8adc29212 ui / tokenizer - One minor annoyance of tokenizers is that it's impossible to edit the separate tokens. 
This commit adds a button to switching the items into a textarea and back which eases edits in these cases.
(only aavailable when new items are allowed in the form)
 2024-02-08 21:21:12 +01:00
Franco Fichtner
77fba066bd wireguard: skip attached instance address routes 
These are automatically created by ifconfig alias command above
and cause the (spurious) route add -q log messages.  Functionally
nothing changes because route add declined to add the routes
already.
 2024-02-08 19:57:24 +01:00
Franco Fichtner
84e96a53da src: style sweep 2024-02-08 19:57:05 +01:00
Franco Fichtner
7413ca696d wireguard: improve previous 
wg_start() can detect if the interface was removed, which is
ensured during 'restart' and a fresh 'configure'.  The device
could have been created from wireguard_prepare() in the plugin
code but that should normally be used by interfaces_configure()
which also configures the interface correctly (same as the
interfaces_restart_by_device() call).

We only reload the routing in such cases now either as in the
other case the routes should have been placed and remain.
 2024-02-08 19:27:54 +01:00
Franco Fichtner
b8665c9da0 wireguard: if instances are assigned as interfaces we need to reload them 2024-02-08 17:13:32 +01:00
Ad Schellevis
33894fc6a7 diagnostics/log - add colon [:] to acceptable query characters, closes https://github.com/opnsense/core/issues/7215 2024-02-08 12:36:35 +01:00
Ad Schellevis
20e9bdc459 Services: Kea DHCP: Leases DHCPv4 - gather missing leases by implementing the lease storage as documented in https://github.com/isc-projects/kea/blob/ef1f878f5272d/src/lib/dhcpsrv/memfile_lease_mgr.h#L1039-L1051 
The lfc process is responsible for lease cleanup, but apparantly uses multiple files to get the full picture, which unfortunately wasn't very clear from the upstream documentation (https://kea.readthedocs.io/en/latest/arm/lfc.html + https://kea.readthedocs.io/en/kea-2.0.2/arm/dhcp4-srv.html#memfile-basic-storage-for-leases). The wiki does offer a design document for lfc (https://gitlab.isc.org/isc-projects/kea/-/wikis/designs/Lease-File-Cleanup-design#file-names) which hints about multiple files, but also seem to be less explicit about where the active leases land, the source seem to be more clear in this case.

closes https://github.com/opnsense/core/issues/7204
 2024-02-08 11:27:35 +01:00
Ad Schellevis
ce8b3c878f VPN: WireGuard: Settings - Peer uniqueness should depend on pubkey+endpoint. closes https://github.com/opnsense/core/issues/7213 2024-02-07 18:24:36 +01:00
Ad Schellevis
43c3ca47af ISC DHCP / unbound / dnsmasq - be more explicit of what the feature offers. https://github.com/opnsense/core/issues/7209 2024-02-07 14:00:32 +01:00
Stephan de Wit
d8df599d0d network time: clarify help text for interface selection 
ntpd will also use these interfaces for syncing with a remote
server. Accompanies f85849736d
 2024-02-07 11:04:47 +01:00
Ad Schellevis
e48d3f740e mvc - minor modification in for processing for multiselect tokenizers, when style contains "tokenize" as part of a list of styles, copy/paste buttons won't show. Unfortunately volt templates don't support an inline "split" operator, which means we need to embed php code to split the styles. 2024-02-06 19:57:24 +01:00
Ad Schellevis
12001a32f2 System: Access: Users - add issuer and logo to OTP link, for https://github.com/opnsense/core/issues/7126 2024-02-06 18:39:47 +01:00