summaryrefslogtreecommitdiffstats
path: root/etc/inc/auth.inc
Commit message (Collapse)AuthorAgeFilesLines
* Supress the error message if the ldap bind doesnt happenWarren Baker2012-07-271-1/+1
|
* Wrong branchErmal2012-06-051-5/+3
| | | | | | Revert "Import OpenVPN cisco style radius attributes applying policy to logged in users. Feature #2100" This reverts commit 477cc2bc24b4b0a36b2bc765c1bb4d79a2eacaed.
* Import OpenVPN cisco style radius attributes applying policy to logged in ↵Ermal2012-06-051-3/+5
| | | | users. Feature #2100
* Do not allow empty passwords since this might cause problems for some ↵Ermal2012-05-301-1/+1
| | | | authentication servers like ldap. Fixes #2326
* Handle HTTPOnly and Secure flags on cookiesWarren Baker2012-05-091-0/+12
|
* Looking at pw code : chars are invalid in a comment fieldgit diff! Replace ↵Ermal2012-03-121-1/+2
| | | | those to just space
* Another try to eliminate the warning 'PHP Warning: Cannot modify header ↵Ermal2012-02-081-1/+2
| | | | information - headers already sent by (output started at /etc/inc/authgui.inc:201) in /usr/local/www/guiconfig.inc on line 47'
* Include admin user in bootup account syncjim-p2012-01-251-6/+2
|
* Be more careful when creating and removing a user, to only alter a user if ↵jim-p2012-01-231-3/+15
| | | | | | it really matches the passwd entry. Fixes #2066 pw usershow likes to ignore what you want even with -n and if the user is numeric and doesn't exist, it fetches by uid. Can cause major problems if you try to remove a numeric user.
* Ticket #1052. Merge patch referenced in ticket.Ermal2011-11-141-5/+5
|
* Do not pass the ldap port separately, but add it to the LDAP URL. PHP's ↵jim-p2011-10-251-24/+19
| | | | ldap_connect() ignores the passed port parameter if the first parameter is a URL instead of a hostname.
* Include certs.inc before calling lookup_ca in auth.inc. Fixes #1927jim-p2011-10-051-0/+1
|
* Check that we have user password otherwise strange things happen if tehre is ↵Ermal2011-09-281-0/+5
| | | | nothing stored in the config
* Correct array key typo mistake. Ticket #1052Ermal2011-08-081-3/+3
|
* Ticket #1052. Enforce certificates if they are present for authenticating to ↵Ermal2011-07-151-5/+43
| | | | ldap. Allow to select a CA under ldap type authentication backend to be used for this.
* Add proper checks in auth code for testing if the section has been set in ↵Ermal2011-06-281-6/+10
| | | | the config. Also do the same in the ugprade code
* Add an IPsec xauth permission. Try to use the nologin shell first (just ↵jim-p2011-04-081-0/+2
| | | | unlock the account). Ticket #1202
* Make it possible to turn off successful login messages, this should quiet ↵smos2011-03-021-1/+3
| | | | the console, system logs
* Silence warnings.Ermal2011-01-261-2/+2
|
* allow 127.0.0.1 and localhost for HTTP_REFERER checksChris Buechler2011-01-091-0/+4
|
* Correct webConfgurator auth/error messagesScott Ullrich2010-12-101-2/+2
|
* Add log_auth() which with send items to syslogd using LOG_AUTH facilities. ↵Scott Ullrich2010-12-101-3/+2
| | | | Use this new log_authh() for login error and success entries
* Switches must come after the user name when using pw lock/unlock.Erik Fonnesbeck2010-12-031-1/+1
|
* Remove authorized_keys file when there are no authorized keys for the user.Erik Fonnesbeck2010-12-031-1/+2
|
* Add successful user for sshlockoutScott Ullrich2010-11-301-1/+1
|
* Reword auth error message to match ssh for the most partScott Ullrich2010-11-301-2/+3
|
* Revert "Add Active Directory group membership checking Ticket #1009"Scott Ullrich2010-11-291-83/+78
| | | | This reverts commit ef17372492fb3d271497160a816eba64b3bcf436.
* Add Active Directory group membership checking Ticket #1009Scott Ullrich2010-11-291-78/+83
|
* Don't consider the HTTP referrer check as passing if it was skipped. Ticket ↵Erik Fonnesbeck2010-11-211-1/+2
| | | | #1027
* Upon restoring a config, replacing whole sections, or editing config.xml in ↵Erik Fonnesbeck2010-11-211-4/+18
| | | | edit.php, prevent possible accidental lockout from DNS rebind and HTTP referrer checks by disabling them until reboot or the next time they pass, whichever comes sooner. Ticket #1027
* Various fixes and improvements for the DNS rebind and HTTP referrer checks.Erik Fonnesbeck2010-11-181-33/+34
| | | | | | | | | | * Only compare with full host from referrer, since someone can put whatever they want at the left side of the period to the left of the domain name. * Now can check for hostname as well, not just hostname.domain, in referrer check. * Fix althostnames case for referrer check. * Move the simpler, more commonly used cases above the ones involving foreach loops and skip the loops when a name match has already been found. * Break out of foreach loops when a match has already been found. * Do case-insensitive matching of hosts and domains. * Remove useless checks of non-IP addresses against SERVER_ADDR.
* Add workaround for referrer check to not be triggered on the previous IP ↵Erik Fonnesbeck2010-11-171-9/+20
| | | | address when redirected by the setup wizard.
* Make sure this isn't searching the referrer using a blank host or IP, which ↵Erik Fonnesbeck2010-11-151-3/+12
| | | | will always match the referrer.
* Fix case for testing the referrer check setting. Ticket #1011Erik Fonnesbeck2010-11-151-1/+1
|
* Don't perform referer check if display_error_form is not defined (captive ↵Erik Fonnesbeck2010-11-141-1/+1
| | | | portal), just like as is done for the DNS rebind check. Ticket #1007
* Unset this reference before reusing the variable name to prevent corruption ↵Erik Fonnesbeck2010-11-131-0/+2
| | | | of groups.
* Fix a theoretical/potential XSS in the http_referer check warning.jim-p2010-11-121-1/+1
|
* Correct HTTP_REFERER check when using an IP Address vs the Firewalls hostnameScott Ullrich2010-11-101-1/+1
|
* Remove trailing carriage returnScott Ullrich2010-11-101-1/+1
|
* * Adding function get_configured_ip_addresses() which returns all interfaces ↵Scott Ullrich2010-11-101-0/+26
| | | | | | | | | and their configured IP address * Add checkbox to System -> Advanced -> Admin for HTTP_REFERER checks * Add and enforce HTTP_REFERER check if checkbox is not checked. This will prevent HTML pages from crafting HTML GETs against the web interface and will prevent firewall admins from being "tricked" into clicking on links that may be harmful to their firewall.
* Do not require LDAP search base DN. Requiring this can prevent some valid ↵jim-p2010-10-271-1/+1
| | | | LDAP configurations from properly authenticating. (See GDD-550841).
* Add a note to the DNS Rebinding protection error letting the user know to ↵jim-p2010-10-251-1/+1
| | | | try by IP address.
* Convert fullname field on users to descr, so it gains CDATA protection.jim-p2010-10-191-1/+1
|
* Test before working on what could be an empty value, otherwise it ends up ↵jim-p2010-09-281-0/+2
| | | | set and causing an unexpected duplication. Fixes duplicate groups when editing users, as reported here: http://forum.pfsense.org/index.php/topic,26612.0.html
* Check for proper type.Ermal2010-09-081-2/+2
|
* Avoid a warning on this code when there is no member for a group.Ermal2010-08-171-2/+2
|
* Adapt to use 2.0's accountsScott Ullrich2010-08-151-3/+3
|
* Make sure this variable is an array before performing array operations upon it.jim-p2010-08-021-3/+5
|
* Move the required once in a more appropriate place.Ermal2010-07-281-1/+2
|
* Don't maintain a membership for the 'all' group when it includes everyone. ↵jim-p2010-07-281-0/+3
| | | | Just return it for everyone if the 'all' group is requested. For the count of the 'all' group, just return a count of all the users on the system. Fixes #613
OpenPOWER on IntegriCloud