michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-06-09 22:40:23 +01:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
25,180 Commits 6 Branches 91 Tags
dev/init-systemd-upgrade
Commit Graph

442 Commits

Author SHA1 Message Date
Joe Cooper
fc6b66fcc0 Fix spaces to tabs 2026-05-20 16:15:40 -05:00
Joe Cooper
3e38e3268e Fix check_ip6address in miniserv 2026-05-20 14:04:53 -05:00
Joe Cooper
6458658bfb Fix encrypt_sha512 so it doesn't always fall back to crypt 2026-05-17 18:06:53 -05:00
Jamie Cameron
e36729f20b Merge branch 'master' of github.com:webmin/webmin
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-05-13 20:56:25 -07:00
Jamie Cameron
96dd0ef65d Harden check for valid SSL SNI hostname 2026-05-13 20:56:18 -07:00
Ilia Ross
d367189711 Fix to reset remaining per-request keep-alive state too
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
https://github.com/webmin/webmin/pull/2699#issuecomment-4435490798
 2026-05-14 00:38:34 +02:00
Jamie Cameron
7dd3902da8 Merge pull request #2699 from swelljoe/keep-alive-auth-state
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
Reset auth state in keep-alive proxied requests
 2026-05-12 19:55:13 -07:00
Ilia Ross
c6647ce76c Fix to scope SSL cert auth user to one request 
* Note: Declare the SSL certificate lookup user as lexical inside `handle_request`, so a previously matched client certificate user cannot survive into later keep-alive requests handled by the same miniserv child.

Enlightened by: https://github.com/webmin/webmin/pull/2699
 2026-05-13 00:46:39 +02:00
Joe Cooper
29952dce1e Also reset already_authuser 2026-05-11 21:57:34 -05:00
Joe Cooper
d202eca8f8 Probably resolve proxied keep-alive requests retain auth state 2026-05-11 21:46:10 -05:00
Jamie Cameron
236c5cf489 Merge pull request #2695 from swelljoe/minserv-as-module
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
Wrap miniserv.pl server loop in unless (caller) so we can require miniserv for unit testing
 2026-05-11 19:38:06 -07:00
Jamie Cameron
2c8ff4ba15 Merge pull request #2692 from swelljoe/session-dbm
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
Prefer SHA over MD5 or crypt for session hash, other minor session tweaks
 2026-05-10 22:03:47 -07:00
Joe Cooper
4472f210b9 Wrap app in unless (caller) so we can require miniserv for unit testing 2026-05-10 22:11:21 -05:00
Joe Cooper
7aeb5e4dd7 Only create session key file when session=1 2026-05-10 20:57:09 -05:00
Joe Cooper
77d817357d Remove login_redirect 2026-05-10 20:52:09 -05:00
Joe Cooper
4c3f7f5bd9 Omit needless words 2026-05-10 10:58:50 -05:00
Joe Cooper
1b5e48841a Don't fall back to weak session hash, use SHA instead 2026-05-10 03:36:07 -05:00
Joe Cooper
241abfe719 Add trusted_proxies config 2026-05-10 01:19:01 -05:00
Jamie Cameron
f03140314e Merge branch 'master' of github.com:webmin/webmin
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-04-16 20:02:02 -07:00
Jamie Cameron
6c77b24da6 The crypt function can natively support SHA512 
https://github.com/webmin/webmin/issues/2656
 2026-04-16 20:01:55 -07:00
Ilia Ross
da18a16c84 Fix to require 2FA for RPC basic auth
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
+ improve remote auth errors
 2026-04-15 22:36:40 +02:00
Jamie Cameron
ba336c297b Make check for 'X-SSL-Client-Verify' header stricter 2026-04-14 16:19:22 -07:00
Ilia Ross
87d8969efb Fix to gate forwarded proxy URL for consistency
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
https://github.com/webmin/webmin/pull/2666#issuecomment-4241962133
 2026-04-14 14:44:57 +02:00
Ilia Ross
bd7e91c712 Fix comment shift ; add missing comments
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-04-12 19:03:12 +02:00
Ilia Ross
67950afe3a Add configurable redaction for logged request parameters 2026-04-12 19:01:14 +02:00
Ilia Ross
a6156ff76b Add configurable websocket origin exceptions (for weird cases) 2026-04-12 18:35:21 +02:00
Ilia Ross
6de6529bba Fix to harden session cookie defaults 2026-04-12 18:17:32 +02:00
Ilia Ross
cf98ce3f55 Fix to normalize websocket path matching 2026-04-12 18:10:22 +02:00
Ilia Ross
c0fb00a6e4 Fix to improve proxied connection validation 
X260412
 2026-04-12 18:08:57 +02:00
Ilia Ross
49b8f1a2fa Fix to improve proxied connection handling 
X260412
 2026-04-12 14:56:51 +02:00
Joe Cooper
316529c8ca typo s/actphost/acpthost/ 2026-04-06 22:27:52 -05:00
Jamie Cameron
3dbeb4e4db Don't trust proxy-provided SSL cert if it's flagged as not verified
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details
2026-04-01 18:17:02 -07:00
Ilia Ross
2397653d55 Fix IPv6 hostname matching for alwaysresolve access rules
Some checks failed
webmin.dev: webmin/webmin / build (push) Has been cancelled
Details 
* Note: Fix Miniserv IPv6 hostname resolution and matching used by access control when `alwaysresolve` is enabled:
  1. Correct `to_ip6address()` success handling (before getaddrinfo result was interpreted backwards)
  2. In `ip_match()`, resolve hostnames with `to_ip6address()` for IPv6 clients instead of IPv4-only `to_ipaddress()`
  3. Canonicalize IPv6 addresses before reverse and forward verification to avoid format-based mismatches.
  4. Mirror the IPv6 logic change in "webmin/webmin-lib.pl"

https://forum.virtualmin.com/t/webmin-access-control-for-domain-names-with-ipv6/136661?u=ilia
 2026-02-21 13:30:08 +02:00
Jamie Cameron
0342f06fc8 Remove dependency on IO::Pty for calling sudo 
https://github.com/webmin/webmin/issues/2587
 2025-11-18 21:04:48 -08:00
Jamie Cameron
3d300b5fb6 Handle perl errors calling PEM_read_bio_X509 more gracefully 2025-11-10 21:24:36 -08:00
Ilia Ross
d694649872 Fix to safely get user hostname from URL 2025-10-03 03:19:54 +03:00
Ilia Ross
991795c296 Fix to redirect to HTTPS when we get the host from the browser URL 2025-10-02 15:52:14 +03:00
Ilia Ross
fc4e2751dc Fix broken redirect when there is no way to get FQDN 
*Note: "$host = &get_socket_name(SOCK, $ipv6fhs{$s});" won't return FQDN if it can't be resolved (or if it isn't in /etc/hosts), breaking some redirects, most likely proxied ones that aren't using HTTPS in its config.
 2025-10-01 01:03:45 +03:00
Jamie Cameron
388f51843f Merge pull request #2558 from webmin/dev/remove-bottleneck-of-shelling-out 
Fix to remove significant bottleneck of shelling out
 2025-09-25 20:28:21 -07:00
Ilia Ross
a027ad5dd6 Fix variable names to avoid ambiguity 
* Note: Discussed here:
https://github.com/webmin/webmin/pull/2553#issuecomment-3328436525
 2025-09-25 15:23:06 +03:00
Ilia Ross
d99a24b045 Fix to remove significant bottleneck of shelling out 2025-09-25 14:48:14 +03:00
Jamie Cameron
d5a22a592f Cache reads of the same cert file 2025-09-23 17:10:55 -07:00
Jamie Cameron
890a4ffd3f Valid http host header against cert name, as it may be different from the SSL hostname 2025-09-23 17:05:32 -07:00
Jamie Cameron
eb02824bfc Detect if SSL hostname is valid for the cert being used, and pass it to an environment variable 2025-09-22 21:13:46 -07:00
Ilia Ross
6191a222ae Revert "Fix to make sure the mail URL uses a well-known host name" 
This reverts commit e88a77d32a.
 2025-09-23 02:22:17 +03:00
Ilia Ross
2ac82016aa Revert "Perfect previous code" 
This reverts commit 8f987d21a9.
 2025-09-23 02:22:06 +03:00
Ilia Ross
8f987d21a9 Perfect previous code 2025-09-21 22:54:25 +03:00
Ilia Ross
e88a77d32a Fix to make sure the mail URL uses a well-known host name 2025-09-21 21:47:12 +03:00
Ilia Ross
6935174133 Fix to consider it a bad request only if there is one 2025-07-13 17:43:47 +03:00
Jamie Cameron
0a0ad2f119 Only update session time when there is actually websockets traffic 
https://github.com/webmin/webmin/pull/2510
 2025-07-10 04:31:36 -07:00