| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Commit 5a28c352a2f6de525 forgot to update the byte used for
hash offset index. Fix that.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Can't call blob_push_formatted_username unless authentication is
successfully completed.
|
| |
|
| |
|
|
|
|
|
|
| |
This makes sure the other session things are not reset when the
squid helper cache needs revalidation. Fixes premature reset of
override timestamp amongst other issues.
|
| |
|
| |
|
| |
|
|
|
|
| |
it was hard-blocking everything incorrectly.
|
|
|
|
| |
fixes #719
|
|
|
|
|
|
| |
The queries use Q-BRIDGE-MIB's qVlanId which is switch specific
mapping. Exception seems to be 1810G's which use the real VLAN
index.
|
|
|
|
|
|
| |
so no captive portal, snmp or squid authentication is required.
fixes #737.
|
|
|
|
|
|
|
|
| |
Certain switches seem to export FIB of tagged VLANs only in the
Q-BRIDGE-MIB only. Detect if switch support Q-BRIDGE-MIB during
information discovery, and prefer it over the older BRIDGE-MIB.
Q-BRIDGE-MIB should be used anyway, since it's the only reliable
way to trace MAC properly when it appears in multiple VLANs.
|
|
|
|
|
|
| |
Instead of having separate modes (which would likely need to be
configurable on per-subnet or per-user, anyway), honour just the
squid reported username.
|
|
|
|
| |
This reverts commit a1277ab45a9d2bab9ca28baf05f978bf8066d928.
|
|
|
|
| |
This reverts commit a4180db79a80882f81bc8c880ec1e2db5ee9bf6d.
|
|
|
|
|
| |
Also, make sure the categorize mode is not touching authdb
datastructures as they are invalid in that mode.
|
| |
|
|
|
|
| |
Relatively simple set of pages done in haserl. Fixes #448.
|
|
|
|
|
| |
return the analysis back to squid as urlgroup. it can be then used
in squid config acl's and logging (with patch). ref #447.
|
|
|
|
| |
Including some information where it fails.
|
| |
|
|
|
|
|
|
|
|
| |
* authdb: change to use squark.conf instead of filter.conf
* authdb: config option logout_timeout added (defaults to 15mins)
* auth-ip: add -r parameter to refresh login time
fixes #452
|
|
|
|
|
| |
so we don't crash on startup if essential files are missing.
fixes #454
|
| |
|
| |
|
| |
|
|
|
|
| |
It has dot. So it's P.1 series which is buggy.
|
|
|
|
| |
Don't enable the workaroudn if new enough firmware is detected.
|
|
|
|
|
| |
Otherwise we might attempt to access invalid or even unreceived data
(e.g. if switch was swapped, is offline, or just did not respond to us).
|
| |
|
|
|
|
|
| |
properly calculate module of the hash bucket, and when cleaning up
free the correct entry (instead of the next one).
|
|
|
|
| |
and cache the information to authdb properly.
|
|
|
|
| |
so we can dump information from http cgi-bin scripts.
|
|
|
|
|
|
| |
this way multiple users can access the shm areas (e.g. www-data
for captive portal, and proxy for squid). all system users needing
to use squark tools need to belong to this group.
|
|
|
|
| |
with additional info.
|
|
|
|
| |
and tweak the authdb a bit.
|
|
|
|
|
|
|
| |
do not have filter process to do auto login. this is required since
squid might have stale login info in cache, and we should not honor it.
need to fix auth-snmp to record logins in authdb too (should do that
anyway to store the additional snmp information in authdb).
|
|
|
|
| |
get rid of sscanf and use the blob api.
|
|
|
|
| |
Implement logout function and some minor fixes.
|
|
|
|
| |
fix also some authdb bugs, and make it actually usable.
|
|
|
|
|
|
|
|
|
| |
Implement a shared memory based authentication cache. It's a simple
local cache indexed by IP-address, and keeps track of that IP's
auth info such as username, allowed categories and timeouts. This
provides basis for captive portal, per-user definable category
restrictions and implementation of soft blocks (block which can
be overridden by user by clicking a button on the blocked page).
|
|
|
|
|
| |
Will implement 'captive portal' style authentication with separate
DB later.
|
|
|
|
| |
will need authentication db later too.
|
| |
|
|
|
|
|
|
|
| |
Keep the modifications (which are needed for key lookup) inside the
lookup routine. This includes e.g. lower casing the URL. This way
can pass the exact original request string to our block page script.
This also changes the way 'www123.' is stripped from the request.
|
|
|
|
|
|
| |
Ability to force reauthentication (HP ProCurve specific) for the
switch port to which we traced the IP. This works currently only with
the HP WebAuth scheme (should be possible with MAC auth scheme too).
|