lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-19 19:15:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,567 Commits 1 Branch 0 Tags
Commit Graph

2031 Commits

Author SHA1 Message Date
Ad Schellevis
99dac4ab7e (webconfigurator) optionally limit ciphers. closes https://github.com/opnsense/core/issues/1301 2016-12-27 17:23:01 +01:00
Franco Fichtner
12882429d1 system: split up Portuguese for upcoming translations 2016-12-21 07:15:49 +01:00
Franco Fichtner
7097b1d016 firewall: consolidate anti-lockout behaviour; closes #1304 
Assume LAN unless we only have one interface and that is WAN.
If LAN is not there, no problem: the text will either show
WAN if it works or show LAN and do nothing.

We could argue that 1 interface that is not WAN or LAN is
possible and should receive anti-lockout too, but this would
change the previous behaviour too much and is not generally
possible from the GUI or console.
 2016-12-20 14:23:51 +01:00
Franco Fichtner
f8959e1a40 rc: oddities with vt(4), keep sc(4) for now 2016-12-20 08:21:38 +01:00
Franco Fichtner
6d46060214 Revert "system: strict serial mode, need to test this" 
Don't need this, it was a comaptibility test.  The gained
flexibility from -D is far more important.

This reverts commit dfb094112e3297911ddbdfa478d3bdc129d22d22.
 2016-12-20 08:00:11 +01:00
Franco Fichtner
7792d8ad7f auth: one more locking vs. no-password issue 2016-12-20 07:02:45 +01:00
Franco Fichtner
23cf4fe10f auth: when auth is integrated, don't write passwords 
This finally repairs ssh key login.  :)
 2016-12-19 23:14:23 +01:00
Ad Schellevis
4ebccaa233 (config) enable aesni in default config, closes https://github.com/opnsense/core/issues/1259 2016-12-19 19:41:36 +01:00
Franco Fichtner
4ac59b3485 auth: one bug down, but I think there's another 2016-12-19 18:59:21 +01:00
Franco Fichtner
7f91fe62b1 src: back out previous, we're further securing PAM 2016-12-19 11:08:08 +01:00
Franco Fichtner
c48cf61f4a rc: remove translations from console 2016-12-19 07:41:47 +01:00
Franco Fichtner
af1928de6e inc: remove unused translations in obsolete migration 2016-12-19 07:20:35 +01:00
Franco Fichtner
d3376f7f10 src: webConfigurator -> web GUI 2016-12-19 07:16:08 +01:00
Franco Fichtner
dfb094112e system: strict serial mode, need to test this 2016-12-18 23:24:17 +01:00
Franco Fichtner
a7f01e99d7 system: "web GUI" is less ambiguous 2016-12-18 23:15:30 +01:00
Franco Fichtner
8837b322a4 rc: reload GUI first to make sure it's executed 2016-12-18 23:12:45 +01:00
Franco Fichtner
24b73afc79 rc: missing require for previous 2016-12-18 23:01:52 +01:00
Franco Fichtner
b542ddf754 rc: switch web GUI reload for reload all, some cleanups 2016-12-18 22:58:07 +01:00
Franco Fichtner
81e205f75e rc: move restore to "initial" section 2016-12-18 22:52:58 +01:00
Franco Fichtner
ce36ff28c4 rc: missing requires for previous 2016-12-18 22:48:01 +01:00
Franco Fichtner
d147e4b8df rc: reload_all like a christmas tree 2016-12-18 22:44:45 +01:00
Franco Fichtner
61567c81c0 rc: light up configure_firmware output 2016-12-18 22:44:13 +01:00
Franco Fichtner
762837685a rc: chain local_sync_accounts() into system_login_configure() 2016-12-18 22:43:26 +01:00
Ad Schellevis
643d2eef83 (auth/installer) force unlocked account, so pam can use standard pam_unix.so 2016-12-18 17:57:22 +01:00
Ad Schellevis
ff8632c2c8 (pam) work in progress: pam helper skip for non local users, for non existing users pam should proceed to the next option. 
When our pam modules is used, we set local auth to disabled (locked) for our users, non local users should automatically use normal unix auth.
For this to work, we should pass PAM_USER_UNKNOWN as return value in our pam module when the user is not local to us and unauthenticated.
 2016-12-18 13:51:23 +01:00
Franco Fichtner
8cfbc3c218 rc: wrap this around for consistency 
Early installer is really about an untained system, so
we defer *all* system setup and only keep the loopback
configuration above it.  This way, after config import
from the installer system_login_configure() is up-to-date.
 2016-12-17 16:49:28 +01:00
Franco Fichtner
4ad78901d6 rc: start loopback earlier, omits manual installer glue 2016-12-17 12:43:51 +01:00
Franco Fichtner
d3ddbf5f46 rc: small tweaks 2016-12-16 09:17:15 +01:00
Franco Fichtner
6124cdc41f dhcp: style fix 2016-12-15 18:30:53 +01:00
Franco Fichtner
26d9815df0 system: fix loading of crypto/thermal modules 
PR: https://forum.opnsense.org/index.php?topic=4094
 2016-12-15 06:35:34 +01:00
Franco Fichtner
3c393d98f3 config: repair installer for 17.1-BETA 
The installer user is injected for install media login, but
we authenticate against our database now instead.  This has
larger consequences that require a persistent installer user,
which is not so easy to disable/defang after installation.

Hopefully this is temporary.
 2016-12-14 07:57:46 +01:00
Franco Fichtner
c5fe0e4c4f interfaces: remove netgraph now that plugins habe stubs, closes #1188 2016-12-13 10:23:23 +01:00
Franco Fichtner
2ee77e70fa interfaces: further defang netgraph for #1188 2016-12-13 10:10:07 +01:00
Franco Fichtner
9d372e0c22 filter: add more reload progress; closes #526 2016-12-13 08:19:41 +01:00
Franco Fichtner
276f7bdb1c src: whitespace and style sweesrc: whitespace and style sweepp 2016-12-11 17:17:32 +01:00
Ad Schellevis
ec4458d181 (traffic shaper) add flush all and reload action, closes https://github.com/opnsense/core/issues/1297 2016-12-07 15:16:46 +01:00
Franco Fichtner
a8f0e8419f pkg: add fingerprint for 17.1 2016-12-10 11:20:43 +01:00
Franco Fichtner
a6a604a58c interfaces: another small issue 2016-12-09 19:55:28 +01:00
Franco Fichtner
ef8671d253 interfaces: fix logic in previous 2016-12-09 19:43:44 +01:00
Franco Fichtner
d9e3f6a26d rc: better cron start print style and start it later 2016-12-09 15:22:58 +01:00
Franco Fichtner
f91abe8dd6 interfaces: print glitch in previous 2016-12-09 15:19:23 +01:00
Franco Fichtner
e23647da77 console: fix port assignment on WAN <-> LAN switch; closes #1272 2016-12-09 15:12:24 +01:00
Franco Fichtner
493ee561aa unbound: "remove" edns support 
edns flag was added in 2014, but it could never be set.
Remove buffer size override along with it to further
simplify the situation.

See: https://github.com/pfsense/pfsense/commit/3b95d9e
 2016-12-09 14:47:17 +01:00
Franco Fichtner
6922394d13 rc: extensive console muting on bootup; closes #1256 2016-12-09 12:28:14 +01:00
Franco Fichtner
81bcdb73e3 rc: $verbose conversion for interfaces_configure() 2016-12-09 12:12:41 +01:00
Franco Fichtner
4346d549ca rc: $verbose conversion for OpenVPN 2016-12-09 10:55:49 +01:00
Franco Fichtner
c1bd019603 rc: unwind nested calls and $verbose for system_resolvconf_generate() 2016-12-09 09:48:07 +01:00
Franco Fichtner
f31e556078 dnsmasq: since this was always based on a hardwired /etc/hosts... 
The regdhcp conditional option never really worked in the first place.
Dhcplease registration is controlled by regdhcp and regdhcpstatic
elsewhere already and we always need to include this file.

PR: https://forum.opnsense.org/index.php?topic=4041
 2016-12-08 23:18:11 +01:00
Franco Fichtner
cd6cdba1bf dnsmasq: work around unclear permission situation on hosts file 2016-12-08 08:00:22 +01:00
Franco Fichtner
afa861d0cd rc: more $verbose conversion 2016-12-07 22:46:52 +01:00