This commit wraps our xmlrpc functions via configd and wires them via an api controller.
In the long run we should consider moving to RESTful interfaces, but for now we will keep and cleanup the xmlrpc code.
configd action "system ha services_cached" caches the service list for a couple of seconds to improve searchability via our standard grid functions.
* dashboard: Add certificate widget that displays CAs and Certs sorted by expiration date
* dashboard: Certificate widget, fix certificate hiding configuration, refresh immediately on config change, increase tick timeout
* dashboard: Certificate widget, different text for expired certificates
* dashboard: Certificate widget, create links that fill the search-field of the bootgrid to display the certificate directly
* dashboard: Certificate widget, search for uuid in bootgrid and call corresponding form
ease maintenance in the future by cleanup up our stylesheets, most of our styes are already a decade old and might need some love for future improvements.
This commit removes some of the unused styles and moves color defines in main.scss to its own file, also a dashboard scss file is added to use the same colorscheme.
The hardest part is figuring out the best metric to collect
sensor points. Luckily "IK" type sysctl values are temperature
readings so we use those with a day of caching in configd to
find the values for the dashboard without skimming all sysctl
output all the time.
Remove supoptimal backend call since no longer used. The script
temperature.sh is also unused now. Good-bye.
Since the test set follows the kernel it would be better to just
support it in opnsense-update which is done. "qyua" can use this
to bootstrap and we do not have to worry about fetch env for this
optional component as it cannot be installed from the GUI or console
menu.
* System: Access: Groups - in preperation for https://github.com/opnsense/core/issues/7904, add support for comma separated member lists.
If we convert groups to a model, we will switch the nested <member> tags into comma separated fields, e.g.
<member>1</member>
<member>12</member>
will convert to:
<member>1,12</member>
using this commit we support both for areas where these are being read.
* System: Access: Users - refactor to MVC (https://github.com/opnsense/core/issues/7904)
* add initial boilerplate
* unpack `<priv/>` field on first access
* unpack '<apikeys/>' field on first access and implement key actions into ApiKeyField
* add apikey grid in user management view
* change isset() to !empty() for users disabled flag in backend code
* move user atributes into dialog
* hook PrivField type to \OPNsense\Core\ACL()
* refactor Auth/API to use new User class
* otp seed logic with simple api call to generate new seeds and some JS glue for the frontend
* uid autonumber field
* language selector using get_locale_list() via configd (cached)
* add StoreB64Field field for authorizedkeys so we can keep the field contents backwards compatible.
* ExpiresField for custom date parsing, supporting previous input formats as well.
* group membership using a volatile custom field type, controller is responisble for persisting the configuration data to avoid entanglement between models
* add button which links to most likely user certs (based on commonname), to avoid all sorts of magic to reflect certs back into the usermanager.
* add getUserPrivs() to model so we can fetch a full list of privs for a user
* show user icons, long this might be less relevant
* add addApiKeyAction() to create a new api key for a user (by name)
* download new api key from user view
* implement hashing when setting a new (or scrabled) password
* use new "auth sync user" event to trigger local user db changes
* in API authenticator keep createKey and dropKey as stubs to the new model implementation
* prevent removal of "system" users (root)
* hook ACL and Menu
* add Group administration using the same logic as users
* cleanup unused
* add System: Access: Privileges to manage and change user and group privileges
* System: Access: Users - refactor to MVC (https://github.com/opnsense/core/issues/7904)
review comments from @Monviech
* "Create and Download API Key for this user" refresh apikeys bootgrid
* "Users" bootgrid, add some columns
* rename "Username" to "Group Name" in group edit
* Disable sorting the bootgrid by "Users" and "Groups" as these are aggregated/formatted columns
* System: Access: Privileges - fix updating groups dropping privileges for https://github.com/opnsense/core/pull/8046
* System: Access: Users - hook group model for https://github.com/opnsense/core/issues/7904
* System: Access: Users - add some safety fences to prevent accidental removal of rights https://github.com/opnsense/core/issues/7904
* Update src/opnsense/service/conf/actions.d/actions_auth.conf
* Update src/opnsense/service/conf/actions.d/actions_auth.conf
* System: Access: Users - remove userDNmap support as it belonged to the import https://github.com/opnsense/core/issues/7904
* System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046), review comments
* System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046)
o align "policy change for %s unlink group" with master (unlink when duplicates exists)
* System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046)
refactor add user event so it utilizes our new model instead of direct config access, while performing the operation, also make sure we lock/unlock the config.xml
* System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046)
replace page-system-groupmanager-addprivs with page-system-usermanager-addprivs
* plist
---------
Co-authored-by: Franco Fichtner <franco@opnsense.org>
Be done with the retry and use the launcher.sh -r argument for
the cron-based execution. Leave the backend commands where they
are.
Since the file had no copyright header looking at the old code
it looks like Bill and Scott worked on the file first in 2005.
Not really concerned with consecutive history here for lack of
creating a copyright header for so long.
Unfortunately python requests/urllib3/ssl ignores platform openssl defaults, but do choose defaults which do not always match expectations.
Below per configuration item (system_default_sect) the current situation:
* CipherString --> supported, using ciphers list
* Ciphersuites --> not supported, but does seem to follow configuration defaults. When python adds support, we likely have to change something.
* SignatureAlgorithms --> not supported, but seem as above
* Groups (Curves) --> partly supported, only one may be offered, we select the first item in the list, knowing that is a bit flaky (see: set_ecdh_curve())
* MinProtocol --> supported
Also provide an env_init() call for internal launcher commands
to set up relevant things.We do this to move the special libfetch
handling into the locked spot underneath the launcher.sh invoke.
Add RRD package with a simple factory class and a basic construct to define different rrd output types we support.
This package contains the following:
* RRD/Types -- Output definitions, responsible for generating RRD structures and feeding data
* RRD/Stats -- Statistics gathering classes
* Factory -- binds types and statistics together.
On my end on a simple test this is roughly 40% faster than running /var/db/rrd/updaterrd.sh, which makes caching of metadata (config access) less relevant.
The new script should be able to replace all existing rrd cruft and supports a debug mode to find discrepanties between defined outputs in types and collected data in stats.
```
Usage: updaterrd.php [-h] [-d]
-d debug mode, output errors to stdout
```
More work needed but as discussed with @swhite2 we want this here
before we work on the UX part. These types of notifications need
more screen presence and are non-dismissable.
While here kill an oddity assignment with constant() use.
And adjust comments still refering to "LiveCD" since we have a DVD
image nowadays and the live mode works on all install media.
squid package errors may manifest during major upgrade as well making
it necessary to run the cleanup in advance and not in background mode.
It would be nicer to avoid code duplication, but that can happen the
next time something needs to be adjusted in the actual cleanup routine.
