Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

captive portal: group-based login selector #1377

Closed
fichtner opened this issue Feb 6, 2017 · 4 comments
Closed

captive portal: group-based login selector #1377

fichtner opened this issue Feb 6, 2017 · 4 comments
Assignees
@AdSchellevis
Labels
feature Adding new functionality
Milestone
17.7

Comments

@fichtner
Copy link
Member

fichtner commented Feb 6, 2017

Hi Ad,

This was reported / asked about a few times. Our web proxy has this privilege, but the captive portal one got lost during the transition. It's not so easy to migrate it back, though it should definitely be back eventually.

Maybe we can have a optional setting in each zone to honour the new privilege (off by default to prevent lockout of current installations).

What do you think?

Cheers,
Franco
@fichtner fichtner added the feature Adding new functionality label Feb 6, 2017
@fichtner fichtner added this to the 17.7 milestone Feb 6, 2017
@AdSchellevis
Copy link
Member

@fichtner you mean the lighttpd-api-dispatcher.conf ? the cp zones use www

@fichtner
Copy link
Member Author

fichtner commented Feb 6, 2017

no, system: access: users: privileges

@AdSchellevis
Copy link
Member

ah, you mean use local groups / user privs as additional auth criteria. The proxy (and ipsec if I'm not mistaken) indeed uses that, but implementation isn't really neat.

I think it would be better to be able to specify a group which the user should belong to, so we don't need additional acl's with no real meaning.

@fichtner
Copy link
Member Author

fichtner commented Feb 6, 2017

wrapping the ACL into a group is trivial. we still need the ACL though, group or not. :)

@fichtner fichtner changed the title captive portal: bring back user privilege for login? captive portal: group-based login selector Feb 6, 2017
AdSchellevis added a commit that referenced this issue Feb 7, 2017
@AdSchellevis
(mvc) add group selector field type, requirement for #1377
85c00a5
AdSchellevis added a commit that referenced this issue Feb 7, 2017
@AdSchellevis
move local auth functions to abstract base, add groupAllowed(). requi…
0d104a9 
…rement for #1377
djGrrr pushed a commit to djGrrr/opnsense-core that referenced this issue Feb 7, 2017
@AdSchellevis @djGrrr
(mvc) add group selector field type, requirement for opnsense#1377
0f3d1b1
djGrrr pushed a commit to djGrrr/opnsense-core that referenced this issue Feb 7, 2017
@AdSchellevis @djGrrr
move local auth functions to abstract base, add groupAllowed(). requi…
68411a0 
…rement for opnsense#1377
djGrrr pushed a commit to djGrrr/opnsense-core that referenced this issue Feb 7, 2017
@AdSchellevis @djGrrr
(captive portal) add group enforcement, closes opnsense#1377
b2e09a1
fichtner pushed a commit that referenced this issue Feb 12, 2017
@AdSchellevis @fichtner
(captive portal) add group enforcement
3b783cb 
PR: #1377

(cherry picked from commit 85c00a5)
(cherry picked from commit 324bd75)
(cherry picked from commit 0d104a9)
(cherry picked from commit a7ef419)
(cherry picked from commit 7606873)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AdSchellevis AdSchellevis

Labels
feature Adding new functionality
Milestone
17.7
Development

No branches or pull requests
2 participants
@fichtner @AdSchellevis