system: kill the SSL bundles in default locations
Neither OpenSSL base (/etc/ssl) nor ports (/usr/local/openssl) need
the bundle file now that we use the directory trust store. The downside
is that as soon as the bundle exists OpenSSL library will read both the
directory and the bundle by default defeating the purpose of a single
location and the directory being faster.
Keep the fringe ca_root_nss location /usr/local/etc/ssl since that is
still seeded by the package but controlled and topped up by the user
configured authorities.
(cherry picked from commit 913a5caae3da0cf40087cb46fbc0bda00e69752e)
feat(dhcp): add dhcp-socket-type option to Kea DHCP server (#8069)
* feat(dhcp): add dhcp-socket-type option to Kea DHCP server
This adds the ability to configure the DHCP socket type (UDP/Raw) in the
Kea DHCP server settings through the web UI.
- Added socket type field to model definition
- Added dropdown in general settings form
- Updated config generation to include socket type setting
* changed default value for dhcp_socket_type to raw
* bumped version number for KeaDhcpv4.xml
(cherry picked from commit 37c9deab896748e9db4187cb6b55fdc9db66750f)
firmware: use REQUEST to print a TLS/CRL usage hint
Also create output_text and output_cmd to allow for neater
firmware scripts with less duplication and use it in the
connectivity audit.
(cherry picked from commit f36aacf08f75f2ee24d1614f61c7c481ed1403e0)
mvc:model:JsonKeyValueStoreField - cache configd call for the duration of the session.
After removing the file caches in https://github.com/opnsense/core/issues/7515, we introduced the slight downside of calling configd for every field.
Using this commit, we should only call configd once per session, which prevents each record in a set calling configd.
This should increase overall performance when using these fieldtypes.
(cherry picked from commit 525481c15ba2b7f3dd90418d43b2f943e8662511)
firmware: opnsense-update -Q now installs the tests set
Since the test set follows the kernel it would be better to just
support it in opnsense-update which is done. "qyua" can use this
to bootstrap and we do not have to worry about fetch env for this
optional component as it cannot be installed from the GUI or console
menu.
System: Access: migrate Users and Groups to MVC/API (#8046)
* System: Access: Groups - in preperation for https://github.com/opnsense/core/issues/7904, add support for comma separated member lists.
If we convert groups to a model, we will switch the nested <member> tags into comma separated fields, e.g.
<member>1</member>
<member>12</member>
will convert to:
<member>1,12</member>
using this commit we support both for areas where these are being read.
* System: Access: Users - refactor to MVC (https://github.com/opnsense/core/issues/7904)
* add initial boilerplate
* unpack `<priv/>` field on first access
[65 lines not shown]
System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046)
o align "policy change for %s unlink group" with master (unlink when duplicates exists)
System: Access: Users - refactor to MVC (https://github.com/opnsense/core/issues/7904)
* add initial boilerplate
* unpack `<priv/>` field on first access
* unpack '<apikeys/>' field on first access and implement key actions into ApiKeyField
* add apikey grid in user management view
* change isset() to !empty() for users disabled flag in backend code
* move user atributes into dialog
* hook PrivField type to \OPNsense\Core\ACL()
* refactor Auth/API to use new User class
* otp seed logic with simple api call to generate new seeds and some JS glue for the frontend
* uid autonumber field
* language selector using get_locale_list() via configd (cached)
* add StoreB64Field field for authorizedkeys so we can keep the field contents backwards compatible.
* ExpiresField for custom date parsing, supporting previous input formats as well.
* group membership using a volatile custom field type, controller is responisble for persisting the configuration data to avoid entanglement between models
* add button which links to most likely user certs (based on commonname), to avoid all sorts of magic to reflect certs back into the usermanager.
* add getUserPrivs() to model so we can fetch a full list of privs for a user
* show user icons, long this might be less relevant
[10 lines not shown]
System: Access: Groups - in preperation for https://github.com/opnsense/core/issues/7904, add support for comma separated member lists.
If we convert groups to a model, we will switch the nested <member> tags into comma separated fields, e.g.
<member>1</member>
<member>12</member>
will convert to:
<member>1,12</member>
using this commit we support both for areas where these are being read.
System: Access: Users - refactor to MVC (https://github.com/opnsense/core/issues/7904)
review comments from @Monviech
* "Create and Download API Key for this user" refresh apikeys bootgrid
* "Users" bootgrid, add some columns
* rename "Username" to "Group Name" in group edit
* Disable sorting the bootgrid by "Users" and "Groups" as these are aggregated/formatted columns
System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046)
replace page-system-groupmanager-addprivs with page-system-usermanager-addprivs
System: Access: migrate Users and Groups to MVC/API (https://github.com/opnsense/core/pull/8046)
refactor add user event so it utilizes our new model instead of direct config access, while performing the operation, also make sure we lock/unlock the config.xml
