| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Implements #935
The RADIUS server must populate the Class attribute with a string, semicolon-separated, of user groups. Similar to LDAP, local groups must exist with matching names, and privileges are determined by the local matching groups.
|
|
|
|
| |
if the groups could not be found from LDAP and there is a local user.
|
|
|
|
| |
that do not effect anything.
|
|
|
|
|
| |
and module names and other bits of formatting and typos in header
comment sections.
|
|
|
|
| |
and hasn't been relevant in years.
|
|
|
|
| |
access to
|
| |
|
|
|
|
| |
those permissions, they get redirected there first and not to another page.
|
|
|
|
| |
leading.
|
| |
|
| |
|
|
|
|
| |
Fix quite a few problems down the way.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
/etc/inc/user.priv.inc. New privs can be added to this /etc/inc/priv/ directory and they will be automatically processed (packages, etc).
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Simplify get_memory(). Tested on mips/i386
|
| |
|
|
|
|
|
|
|
|
|
| |
* Remove some recursive dependency on some includes
* Remove ^M or \r from files
* Remove some entries from functions.inc to avoid including them twice
* Remove some unneccessary includes from some files
NOTE: There is some more work to be done for pkg-utils.inc to be removed from backend as a dependency.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to the Advanced admin access tab. The thought is that they should be next
to each other. The certificate management has also been modified to use
the centralized certificate manager. I took the liberty of removing the
default certificate/key definitions from the web server configuration
function as it is now trivial to create these locally.
The global SSH authorized keys have also been removed. Any existing key
data will be migrated to the admin account. I also added some new checks
to ensure the sshd process is only restarted when its configuration has
actually changed.
|
|
|
|
|
|
|
| |
feature was confusing and offered little utility that I could see. If we
really need to provide serialized access to sections of the webui, IMO it
should be a global lock option and enabled or disabled manually and not a
privilege that is on all the time.
|
|
|
|
| |
matched correctly. Reported by Seth.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and pam backing functions have been removed. The basic auth method was
legacy code and the backing functions were redundant with no added value
that I could see. A simplified replacement backing function named
local_backed has been added that authenticates to the local configuration
info which should be identical to system pwdb credentials. Since the
htpassword file is no longer required, sync_webgui_passwords and its
wrapper function system_password_configure have been removed.
The local account management functions were renamed for consistency. A few
minor bugs related to setting local passwords have also been corrected.
|
|
1) Redefine page privileges to not use static urls
2) Accurate generation of privilege definitions from source
3) Merging the user and group privileges into a single set
4) Allow any privilege to be added to users or groups w/ inheritance
5) Cleaning up the related WebUI pages
|