OpenNDS lists nodogsplash a conflict as well.
This causes a circular reference that is not allowed.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc and arm_cortex-a7_neon-vfpv4
This release adds significant new functionality yet is compatible with the previous version.
From the changelog:
* Add Client Network Zone detection supporting local interfaces and 802.11s mesh [bluewavenet]
* Add client zone and user agent to FAS/PreAuth logs [bluewavenet]
* Add requirements for retrieving https remote image for login page [bluewavenet]
* Add htmlentity encode and decode to preauth scripts [bluewavenet]
* Implement unescape callback for MHD allowing url special characters to be used in login forms [bluewavenet]
* Create get_client_interface library utility [bluewavenet]
* Create unescape library utility [bluewavenet]
* Update demo-preauth, login-option and fas scripts [bluewavenet]
* Update fwhook restart - do not use ndsctl to check if nds is running [bluewavenet]
* Update config files [bluewavenet]
* Fix - allow comma space to be used in PreAuth variables [bluewavenet]
* Fix - final redirect for fas-aes [bluewavenet]
* Fix - ignore trusted mac if invalid [bluewavenet]
* Documentation updates [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc and arm_cortex-a7_neon-vfpv4
This version fixes two issues that can cause NDS to lock or crash, one, a coding error that leads to memory corruption and two, deadlocks in iptables and ndsctl. Both of these issues occur at high loads and/or at high CPD detection rates.
In addition, in some circumstances, a deauthenticated client running a vpn may have suffered from querystring truncation causing vpn failure.
Some minor updates are also included.
Extract from changelog:
* Fix Memory corruption at high loads [bluewavenet]
* Prevent iptables and ndsctl deadlocks [lynxis]
* Prevent query string truncation for deauthenticated client when client is using some types of vpn software [bluewavenet]
* Add debuglevel logging in the case of a firewall restart in OpenWrt [bluewavenet]
* Return error 403(forbidden) when client attempts to use a forbidden http method [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc and arm_cortex-a7_neon-vfpv4
This release has major new functionality in the form of token hashing,
(extension to fas_secure level 1) mitigating the problems with remote FAS
where access to the local ndsctl would be otherwise required.
Although not as flexible as level 2, this extension has much smaller
memory and storage requirements so is ideal for implementation on
legacy hardware.
There are also numerous enhancements, updates and fixes.
All changes are compatible with the previous release.
Latest changelog:
* Create switch option to select preinstalled templated splash or preauth login [bluewavenet]
* Limit PreAuth and BinAuth log size in example scripts [bluewavenet]
* Reduce memory requirements and autoselect logfile location [bluewavenet]
* Create fas-hid example script [bluewavenet]
* Update FAS, PreAuth and BinAuth example scripts [bluewavenet]
* Hash client token (hid) for remote FAS enabling secure FAS for legacy/low-flash/low-ram hardware [bluewavenet]
* Fix NDS Uptime if NTP client is enabled [bluewavenet]
* Documentation updates for this release [bluewavenet]
* Fix numerous compiler warnings [mwarning]
* Fix openwrt fw_mark option type [mwarning]
Signed-off-by: Rob White rob@blue-wave.net
Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc and arm_cortex-a7_neon-vfpv4
This release adds significant functionality in the form of capturing the client User-Agent string and passing to both PreAuth and BinAuth scripts. Compatibility is maintained with previous versions.
Changelog since last OpenWrt release:
* BinAuth - Send User Agent string and client-ip to the binauth script [bluewavenet]
* BinAuth - Update the two example BinAuth scripts showing use of passed arguments [bluewavenet]
* Documentation - Update BinAuth section [bluewavenet]
* PreAuth - Send User Agent string to the preauth script [bluewavenet]
* PreAuth - Update the example PreAuth script showing use of passed arguments [bluewavenet]
* Documentation - Update PreAuth section [bluewavenet]
* BinAuth - Send redir variable to the binauth script, allow passing of custom variable payload [bluewavenet]
* BinAuth - Provide two example BinAuth scripts [bluewavenet]
* Documentation - Rework Binauth section plus numerous minor updates [bluewavenet]
* Deprecate RedirectURL config option as it is rendered obsolete by many CPD implementations, use FAS instead [bluewavenet]
* Numerous minor updates to html, css and script files [bluewavenet]
* Fix bug - faskey, exit gracefully if not set and fas_secure_enabled = 2 [bluewavenet]
* Fix bug - Systemd, Do not set debug level in nodogsplash.service [bluewavenet]
* Fix bug - ndsctl, delete lock file if NDS is not started [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc
This release has numerous bug fixes and enhancements:
* Fix bug - fas_remotefqdn not supported with option fas_secure_enabled 0 [bluewavenet]
* Fix bug - prevent deadlock causing ndsctl to hang and NDS to become unresponsive [bluewavenet]
* PreAuth - Override FAS settings making configuration foolproof [bluewavenet]
* ndsctl - make json parsing consistent for all client variables [bluewavenet]
* Fix memory leak in template generation [lynxis]
* When executing the ndsctl stop command, cleanup all structures [lynxis]
* Check for positive errno in thread_ndsctl [lynxis]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc
* Make debuglevel platform independent [mwarning]
* Add/move/reword some debug output lines [mwarning]
* Numerous code cleanups [mwarning]
* Put fas code into block [mwarning]
* Fix coding error in fas-aes.php incorrectly passing redir back to NDS [bluewavenet]
* Numerous documentation updates [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc and arm_cortex-a5_neon-vfpv4/
* Introduce aes encryption of the query string passed to remote FAS, allowing authdir and client token to be transferred securely. Uses php-cli and php-openssl. These are required if encryption is enabled but are not dependencies [bluewavenet]
* Introduce fasremotefqdn, specifying the FQDN of the remote FAS. This facilitates simplified support for FAS operation on shared hosting systems [bluewavenet]
* Add a FAS php script supporting aes encrypted query string sent from NDS [bluewavenet]
* Numerous Documentation updates [bluewavenet]
* Remove unused pagesdir and imagesdir [mwarning]
* Add Preauth script that displays images from remote servers [bluewavenet]
* Use elegant check for valid ip addresses [mwarning]
* openwrt initscript - add missing macmechanism in the config file [lynxis]
Signed-off-by: Rob White <rob@blue-wave.net>
Maintainer: Moritz Warning <moritzwarning@web.de>
Compiled and tested on snapshot SDK mips_24kc and arm_cortex-a5_neon-vfpv4/
* Fix Issue introduced in v3.3.0 with the addition of Improvements towards usable IPv6 support, that caused CPD on client devices to fail with "Too Many Redirects" error. NDS now terminates gracefully with a console error if fasremoteip is set AND fasport=80 [bluewavenet]
* Validate fasremoteip to ensure that if it is set, then it is a valid dotted format IPv4 address [bluewavenet]
* Numerous Documentation updates [bluewavenet]
* Fix to Known Issue on OpenWrt >18.x.x with v3.3.1. This was caused by misconfigured Makefile for libmicrohttpd; this has been fixed there [bluewavenet]
Signed-off-by: Rob White <rob@blue-wave.net>
Due to rearrangements of the libmicrohttpd the non
ssl variant is now called libmicrohttpd.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
The tagging of the release was wrong, as a result, the hash of the downloaded files is different from the usual download package.
The content has been verified to be the same.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
sessiontimeout (minutes) until client is forced out
checkinterval (seconds) interval at which nodogsplash checks client timeout status
Add real world useful values to timeout options.
Signed-off-by: Rob White <rob@blue-wave.net>
- package now conflicts with nodogsplash2
- properly close heredoc block
- quiet uci when removing previous firewall hook
Signed-off-by: Moritz Warning <moritzwarning@web.de>
This is a very basic cleanup, several packages needs more work
but this at least drops git for https and removes the use of
PKG_MD5SUM and some minor fixes.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
- Replace nonstandard `sys/unistd.h` includes with `unistd.h` ones
- Add missing `fcntl.h` include to `libhttpd/protocol.c` in order to
provide declarations for `open()`, `O_RDONLY` etc.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Drop arguement config_counterpart from append_config_option(). append_config_option
took an additional argument named config_counterpart which represents the
configuration name in configfile.This is needed for configuration variable names isn't the same
as in uci. Nodogsplash ignores the case of configuration variables and makes this feature optional.
Introduce new func append_config_option_map() which does the old behaviour.