/src/usr/local/www/system_usermanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_usermanager.php @ 01a0385e

1	1df17ba9	Scott Ullrich	<?php
2	fab7ff44	Bill Marquette	/*
3	4c291f4c	Renato Botelho	system_usermanager.php
4	fab7ff44	Bill Marquette	*/
5	7d2e572f	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7			* Copyright (c) 2008 Shrew Soft Inc.
8			* Copyright (c) 2005 Paul Taylor <paultaylor@winn-dixie.com>
9			*
10	cb41dd63	Renato Botelho	* Some or all of this file is based on the m0n0wall project which is
11			* Copyright (c) 2004 Manuel Kasper (BSD 2 clause)
12	191cb31d	Stephen Beaver	*
13	7d2e572f	Stephen Beaver	* Redistribution and use in source and binary forms, with or without modification,
14			* are permitted provided that the following conditions are met:
15			*
16			* 1. Redistributions of source code must retain the above copyright notice,
17			* this list of conditions and the following disclaimer.
18			*
19			* 2. Redistributions in binary form must reproduce the above copyright
20			* notice, this list of conditions and the following disclaimer in
21			* the documentation and/or other materials provided with the
22			* distribution.
23			*
24			* 3. All advertising materials mentioning features or use of this software
25			* must display the following acknowledgment:
26			* "This product includes software developed by the pfSense Project
27			* for use in the pfSense software distribution. (http://www.pfsense.org/).
28			*
29			* 4. The names "pfSense" and "pfSense Project" must not be used to
30			* endorse or promote products derived from this software without
31			* prior written permission. For written permission, please contact
32			* coreteam@pfsense.org.
33			*
34			* 5. Products derived from this software may not be called "pfSense"
35			* nor may "pfSense" appear in their names without prior written
36			* permission of the Electric Sheep Fencing, LLC.
37			*
38			* 6. Redistributions of any form whatsoever must retain the following
39			* acknowledgment:
40			*
41			* "This product includes software developed by the pfSense Project
42			* for use in the pfSense software distribution (http://www.pfsense.org/).
43			*
44			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
45			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
46			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
47			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
48			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
49			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
50			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
51			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
53			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
55			* OF THE POSSIBILITY OF SUCH DAMAGE.
56			*
57			* ====================================================================
58			*
59			*/
60	fab7ff44	Bill Marquette
61	6b07c15a	Matthew Grooms	##\|+PRIV
62			##\|*IDENT=page-system-usermanager
63	5230f468	jim-p	##\|*NAME=System: User Manager
64	6b07c15a	Matthew Grooms	##\|*DESCR=Allow access to the 'System: User Manager' page.
65			##\|MATCH=system_usermanager.php
66			##\|-PRIV
67
68	ead24d63	sullrich	require("certs.inc");
69	fab7ff44	Bill Marquette	require("guiconfig.inc");
70
71	e33be77c	Ermal	// start admin user code
72	73fa304b	Phil Davis	if (isset($_POST['userid']) && is_numericint($_POST['userid'])) {
73	1a6769a6	Renato Botelho	$id = $_POST['userid'];
74	73fa304b	Phil Davis	}
75	1df17ba9	Scott Ullrich
76	7411c285	Stephen Beaver	if (isset($_GET['userid']) && is_numericint($_GET['userid'])) {
77			$id = $_GET['userid'];
78			}
79
80	73fa304b	Phil Davis	if (!isset($config['system']['user']) \|\| !is_array($config['system']['user'])) {
81	e33be77c	Ermal	$config['system']['user'] = array();
82	73fa304b	Phil Davis	}
83	1df17ba9	Scott Ullrich
84	e33be77c	Ermal	$a_user = &$config['system']['user'];
85	7411c285	Stephen Beaver	$act = $_GET['act'];
86	45ee90ed	Matthew Grooms
87	73fa304b	Phil Davis	if (isset($_SERVER['HTTP_REFERER'])) {
88	7c2d0050	Renato Botelho	$referer = $_SERVER['HTTP_REFERER'];
89	73fa304b	Phil Davis	} else {
90	7c2d0050	Renato Botelho	$referer = '/system_usermanager.php';
91	73fa304b	Phil Davis	}
92	7c2d0050	Renato Botelho
93	adacdf5f	jim-p	if (isset($id) && $a_user[$id]) {
94			$pconfig['usernamefld'] = $a_user[$id]['name'];
95			$pconfig['descr'] = $a_user[$id]['descr'];
96			$pconfig['expires'] = $a_user[$id]['expires'];
97			$pconfig['groups'] = local_user_get_groups($a_user[$id]);
98			$pconfig['utype'] = $a_user[$id]['scope'];
99			$pconfig['uid'] = $a_user[$id]['uid'];
100			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
101			$pconfig['priv'] = $a_user[$id]['priv'];
102			$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
103			$pconfig['disabled'] = isset($a_user[$id]['disabled']);
104			}
105
106	43acaa2f	Stephen Beaver	if ($_GET['act'] == "deluser") {
107	45ee90ed	Matthew Grooms
108	43acaa2f	Stephen Beaver	if (!isset($_GET['username']) \|\| !isset($a_user[$id]) \|\| ($_GET['username'] != $a_user[$id]['name'])) {
109	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
110			exit;
111	6b07c15a	Matthew Grooms	}
112
113	01a0385e	Phil Davis	if ($_GET['username'] == $_SESSION['Username']) {
114			$delete_errors[] = sprintf(gettext("Cannot delete user %s because you are currently logged in as that user."), $_GET['username']);
115			} else {
116			conf_mount_rw();
117			local_user_del($a_user[$id]);
118			conf_mount_ro();
119			$userdeleted = $a_user[$id]['name'];
120			unset($a_user[$id]);
121			write_config();
122			$savemsg = sprintf(gettext("User %s successfully deleted."), $userdeleted);
123			}
124	d61309a0	Phil Davis	} else if ($act == "new") {
125	e33be77c	Ermal	/*
126			* set this value cause the text field is read only
127			* and the user should not be able to mess with this
128			* setting.
129			*/
130			$pconfig['utype'] = "user";
131			$pconfig['lifetime'] = 3650;
132			}
133	45ee90ed	Matthew Grooms
134	64c31615	Stephen Beaver	if (isset($_POST['dellall'])) {
135	4e21c82e	bruno
136			$del_users = $_POST['delete_check'];
137	01a0385e	Phil Davis	$deleted_users = "";
138			$deleted_count = 0;
139			$comma = "";
140	4e21c82e	bruno
141	73fa304b	Phil Davis	if (!empty($del_users)) {
142			foreach ($del_users as $userid) {
143	4e21c82e	bruno	if (isset($a_user[$userid]) && $a_user[$userid]['scope'] != "system") {
144	01a0385e	Phil Davis	if ($a_user[$userid]['name'] == $_SESSION['Username']) {
145			$delete_errors[] = sprintf(gettext("Cannot delete user %s because you are currently logged in as that user."), $a_user[$userid]['name']);
146			} else {
147			conf_mount_rw();
148			$deleted_users = $deleted_users . $comma . $a_user[$userid]['name'];
149			$comma = ", ";
150			$deleted_count++;
151			local_user_del($a_user[$userid]);
152			conf_mount_ro();
153			unset($a_user[$userid]);
154			}
155			} else {
156			$delete_errors[] = sprintf(gettext("Cannot delete user %s because it is a system user."), $a_user[$userid]['name']);
157	4e21c82e	bruno	}
158			}
159	01a0385e	Phil Davis
160			if ($deleted_count > 0) {
161			if ($deleted_count == 1) {
162			$savemsg = sprintf(gettext("User %s successfully deleted."), $deleted_users);
163			} else {
164			$savemsg = sprintf(gettext("Users %s successfully deleted."), $deleted_users);
165			}
166			write_config($savemsg);
167			}
168	4e21c82e	bruno	}
169			}
170
171	98402844	Stephen Beaver	if ($_POST['act'] == "delcert") {
172
173			if (!$a_user[$id]) {
174			pfSenseHeader("system_usermanager.php");
175			exit;
176			}
177
178			$certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
179			$certdeleted = $certdeleted['descr'];
180			unset($a_user[$id]['cert'][$_POST['certid']]);
181			write_config();
182			$_POST['act'] = "edit";
183	ed10e389	Phil Davis	$savemsg = sprintf(gettext("Certificate %s association removed."), $certdeleted);
184	98402844	Stephen Beaver	}
185	64c31615	Stephen Beaver
186	945204b1	Stephen Beaver	if ($_POST['act'] == "delprivid") {
187			$privdeleted = $priv_list[$a_user[$id]['priv'][$_POST['privid']]]['name'];
188			unset($a_user[$id]['priv'][$_POST['privid']]);
189			local_user_set($a_user[$id]);
190			write_config();
191			$_POST['act'] = "edit";
192	ed10e389	Phil Davis	$savemsg = sprintf(gettext("Privilege %s removed."), $privdeleted);
193	4c879f95	heper	}
194	98402844	Stephen Beaver
195	1a6769a6	Renato Botelho	if ($_POST['save']) {
196	e33be77c	Ermal	unset($input_errors);
197			$pconfig = $_POST;
198	45ee90ed	Matthew Grooms
199	e33be77c	Ermal	/* input validation */
200			if (isset($id) && ($a_user[$id])) {
201			$reqdfields = explode(" ", "usernamefld");
202			$reqdfieldsn = array(gettext("Username"));
203			} else {
204			if (empty($_POST['name'])) {
205			$reqdfields = explode(" ", "usernamefld passwordfld1");
206			$reqdfieldsn = array(
207			gettext("Username"),
208			gettext("Password"));
209	45ee90ed	Matthew Grooms	} else {
210	e33be77c	Ermal	$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
211			$reqdfieldsn = array(
212			gettext("Username"),
213			gettext("Password"),
214			gettext("Descriptive name"),
215			gettext("Certificate authority"),
216			gettext("Key length"),
217			gettext("Lifetime"));
218	45ee90ed	Matthew Grooms	}
219	e33be77c	Ermal	}
220	45ee90ed	Matthew Grooms
221	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
222	45ee90ed	Matthew Grooms
223	73fa304b	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) {
224	e33be77c	Ermal	$input_errors[] = gettext("The username contains invalid characters.");
225	73fa304b	Phil Davis	}
226	45ee90ed	Matthew Grooms
227	73fa304b	Phil Davis	if (strlen($_POST['usernamefld']) > 16) {
228	e33be77c	Ermal	$input_errors[] = gettext("The username is longer than 16 characters.");
229	73fa304b	Phil Davis	}
230	94d455da	jim-p
231	73fa304b	Phil Davis	if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) {
232	e33be77c	Ermal	$input_errors[] = gettext("The passwords do not match.");
233	73fa304b	Phil Davis	}
234	45ee90ed	Matthew Grooms
235	73fa304b	Phil Davis	if (isset($_POST['ipsecpsk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['ipsecpsk'])) {
236	123d8700	Renato Botelho	$input_errors[] = gettext("IPsec Pre-Shared Key contains invalid characters.");
237	73fa304b	Phil Davis	}
238	123d8700	Renato Botelho
239	b2267ff9	jim-p	/* Check the POSTed groups to ensure they are valid and exist */
240			foreach ($_POST['groups'] as $newgroup) {
241			if (empty(getGroupEntry($newgroup))) {
242			$input_errors[] = gettext("One or more invalid groups was submitted.");
243			}
244			}
245
246	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
247	e33be77c	Ermal	$oldusername = $a_user[$id]['name'];
248	73fa304b	Phil Davis	} else {
249	e33be77c	Ermal	$oldusername = "";
250	73fa304b	Phil Davis	}
251	e33be77c	Ermal	/* make sure this user name is unique */
252			if (!$input_errors) {
253			foreach ($a_user as $userent) {
254			if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
255			$input_errors[] = gettext("Another entry with the same username already exists.");
256			break;
257	58664cc9	Scott Ullrich	}
258	3dec33d4	Erik Fonnesbeck	}
259	e33be77c	Ermal	}
260			/* also make sure it is not reserved */
261			if (!$input_errors) {
262			$system_users = explode("\n", file_get_contents("/etc/passwd"));
263			foreach ($system_users as $s_user) {
264			$ent = explode(":", $s_user);
265			if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
266			$input_errors[] = gettext("That username is reserved by the system.");
267			break;
268	8339ab6d	jim-p	}
269	7e4a4513	Scott Ullrich	}
270	e33be77c	Ermal	}
271	1df17ba9	Scott Ullrich
272	e33be77c	Ermal	/*
273	e30050b6	Phil Davis	* Check for a valid expiration date if one is set at all (valid means,
274	4d148b59	Yehuda Katz	* DateTime puts out a time stamp so any DateTime compatible time
275	e33be77c	Ermal	* format may be used. to keep it simple for the enduser, we only
276			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
277			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
278	e30050b6	Phil Davis	* Otherwise such an entry would lead to an invalid expiration data.
279	e33be77c	Ermal	*/
280	73fa304b	Phil Davis	if ($_POST['expires']) {
281	4d148b59	Yehuda Katz	try {
282			$expdate = new DateTime($_POST['expires']);
283			//convert from any DateTime compatible date to MM/DD/YYYY
284			$_POST['expires'] = $expdate->format("m/d/Y");
285	73fa304b	Phil Davis	} catch (Exception $ex) {
286	e33be77c	Ermal	$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
287	0092b3bd	mgrooms	}
288	e33be77c	Ermal	}
289	0092b3bd	mgrooms
290	e33be77c	Ermal	if (!empty($_POST['name'])) {
291			$ca = lookup_ca($_POST['caref']);
292	73fa304b	Phil Davis	if (!$ca) {
293	4c291f4c	Renato Botelho	$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
294	73fa304b	Phil Davis	}
295	e33be77c	Ermal	}
296	c9794c06	Ermal
297	e33be77c	Ermal	/* if this is an AJAX caller then handle via JSON */
298			if (isAjax() && is_array($input_errors)) {
299			input_errors2Ajax($input_errors);
300			exit;
301			}
302	64c31615	Stephen Beaver
303	e33be77c	Ermal	if (!$input_errors) {
304	4ee51131	Sjon Hortensius
305	e33be77c	Ermal	conf_mount_rw();
306			$userent = array();
307	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
308	e33be77c	Ermal	$userent = $a_user[$id];
309	73fa304b	Phil Davis	}
310	e879fc81	Ermal
311	e33be77c	Ermal	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
312
313			/* the user name was modified */
314	926e0a2f	Phil Davis	if (!empty($_POST['oldusername']) && ($_POST['usernamefld'] <> $_POST['oldusername'])) {
315	e33be77c	Ermal	$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
316	fdcf104c	jim-p	local_user_del($userent);
317			}
318	1df17ba9	Scott Ullrich
319	e30050b6	Phil Davis	/* the user password was modified */
320	73fa304b	Phil Davis	if ($_POST['passwordfld1']) {
321	e33be77c	Ermal	local_user_set_password($userent, $_POST['passwordfld1']);
322	73fa304b	Phil Davis	}
323	1df17ba9	Scott Ullrich
324	5cde9005	NewEraCracker	/* only change description if sent */
325			if (isset($_POST['descr'])) {
326			$userent['descr'] = $_POST['descr'];
327			}
328
329	e33be77c	Ermal	$userent['name'] = $_POST['usernamefld'];
330			$userent['expires'] = $_POST['expires'];
331			$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
332			$userent['ipsecpsk'] = $_POST['ipsecpsk'];
333	3ccb9689	Charlie Marshall
334	73fa304b	Phil Davis	if ($_POST['disabled']) {
335	e33be77c	Ermal	$userent['disabled'] = true;
336	73fa304b	Phil Davis	} else {
337	e33be77c	Ermal	unset($userent['disabled']);
338	73fa304b	Phil Davis	}
339	e33be77c	Ermal
340	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
341	e33be77c	Ermal	$a_user[$id] = $userent;
342	73fa304b	Phil Davis	} else {
343	e33be77c	Ermal	if (!empty($_POST['name'])) {
344			$cert = array();
345			$cert['refid'] = uniqid();
346	4c291f4c	Renato Botelho	$userent['cert'] = array();
347	e33be77c	Ermal
348			$cert['descr'] = $_POST['name'];
349
350	4c291f4c	Renato Botelho	$subject = cert_get_subject_array($ca['crt']);
351	e33be77c	Ermal
352	4c291f4c	Renato Botelho	$dn = array(
353			'countryName' => $subject[0]['v'],
354			'stateOrProvinceName' => $subject[1]['v'],
355			'localityName' => $subject[2]['v'],
356			'organizationName' => $subject[3]['v'],
357			'emailAddress' => $subject[4]['v'],
358			'commonName' => $userent['name']);
359	e33be77c	Ermal
360			cert_create($cert, $_POST['caref'], $_POST['keylen'],
361			(int)$_POST['lifetime'], $dn);
362
363	73fa304b	Phil Davis	if (!is_array($config['cert'])) {
364	e33be77c	Ermal	$config['cert'] = array();
365	73fa304b	Phil Davis	}
366	e33be77c	Ermal	$config['cert'][] = $cert;
367			$userent['cert'][] = $cert['refid'];
368			}
369			$userent['uid'] = $config['system']['nextuid']++;
370			/* Add the user to All Users group. */
371			foreach ($config['system']['group'] as $gidx => $group) {
372			if ($group['name'] == "all") {
373	73fa304b	Phil Davis	if (!is_array($config['system']['group'][$gidx]['member'])) {
374	e33be77c	Ermal	$config['system']['group'][$gidx]['member'] = array();
375	73fa304b	Phil Davis	}
376	e33be77c	Ermal	$config['system']['group'][$gidx]['member'][] = $userent['uid'];
377			break;
378			}
379			}
380	970db70b	Scott Ullrich
381	e33be77c	Ermal	$a_user[] = $userent;
382	45ee90ed	Matthew Grooms	}
383	e33be77c	Ermal
384	900ce3b0	jim-p	/* Add user to groups so PHP can see the memberships properly or else the user's shell account does not get proper permissions (if applicable) See #5152. */
385	d61309a0	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
386	e33be77c	Ermal	local_user_set($userent);
387	900ce3b0	jim-p	/* Add user to groups again to ensure they are set everywhere, otherwise the user may not appear to be a member of the group. See commit:5372d26d9d25d751d16865ed9d46869d3b0ec5e1. */
388	73fa304b	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
389	e33be77c	Ermal	write_config();
390
391	73fa304b	Phil Davis	if (is_dir("/etc/inc/privhooks")) {
392	e33be77c	Ermal	run_plugins("/etc/inc/privhooks");
393	73fa304b	Phil Davis	}
394	e33be77c	Ermal
395			conf_mount_ro();
396	3ccb9689	Charlie Marshall
397	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
398	45ee90ed	Matthew Grooms	}
399	e33be77c	Ermal	}
400	fab7ff44	Bill Marquette
401	7411c285	Stephen Beaver	function build_priv_table() {
402			global $a_user, $id;
403
404			$privhtml = '<div class="table-responsive">';
405			$privhtml .= '<table class="table table-striped table-hover table-condensed">';
406			$privhtml .= '<thead>';
407	7d2e572f	Stephen Beaver	$privhtml .= '<tr>';
408			$privhtml .= '<th>' . gettext('Inherited from') . '</th>';
409			$privhtml .= '<th>' . gettext('Name') . '</th>';
410			$privhtml .= '<th>' . gettext('Description') . '</th>';
411	f460db90	NOYB	$privhtml .= '<th>' . gettext('Action') . '</th>';
412	7d2e572f	Stephen Beaver	$privhtml .= '</tr>';
413	7411c285	Stephen Beaver	$privhtml .= '</thead>';
414			$privhtml .= '<tbody>';
415
416	945204b1	Stephen Beaver	$i = 0;
417
418			foreach (get_user_privdesc($a_user[$id]) as $priv) {
419			$group = false;
420			if ($priv['group']) {
421			$group = $priv['group'];
422			}
423
424	7411c285	Stephen Beaver	$privhtml .= '<tr>';
425			$privhtml .= '<td>' . htmlspecialchars($priv['group']) . '</td>';
426			$privhtml .= '<td>' . htmlspecialchars($priv['name']) . '</td>';
427			$privhtml .= '<td>' . htmlspecialchars($priv['descr']) . '</td>';
428	945204b1	Stephen Beaver	$privhtml .= '<td>';
429	d61309a0	Phil Davis	if (!$group) {
430	f460db90	NOYB	$privhtml .= '<a class="fa fa-trash no-confirm icon-pointer" title="' . gettext('Delete Privilege') . '" id="delprivid' . $i . '"></a>';
431	d61309a0	Phil Davis	}
432	945204b1	Stephen Beaver
433			$privhtml .= '</td>';
434	7411c285	Stephen Beaver	$privhtml .= '</tr>';
435	945204b1	Stephen Beaver
436	d61309a0	Phil Davis	if (!$group) {
437	945204b1	Stephen Beaver	$i++;
438	d61309a0	Phil Davis	}
439	7411c285	Stephen Beaver	}
440
441			$privhtml .= '</tbody>';
442			$privhtml .= '</table>';
443			$privhtml .= '</div>';
444
445			$privhtml .= '<nav class="action-buttons">';
446	37676f4e	jim-p	$privhtml .= '<a href="system_usermanager_addprivs.php?userid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>';
447	7411c285	Stephen Beaver	$privhtml .= '</nav>';
448
449			return($privhtml);
450			}
451	98402844	Stephen Beaver
452	7411c285	Stephen Beaver	function build_cert_table() {
453			global $a_user, $id;
454
455			$certhtml = '<div class="table-responsive">';
456			$certhtml .= '<table class="table table-striped table-hover table-condensed">';
457			$certhtml .= '<thead>';
458	7d2e572f	Stephen Beaver	$certhtml .= '<tr>';
459			$certhtml .= '<th>' . gettext('Name') . '</th>';
460			$certhtml .= '<th>' . gettext('CA') . '</th>';
461	98402844	Stephen Beaver	$certhtml .= '<th></th>';
462	7d2e572f	Stephen Beaver	$certhtml .= '</tr>';
463	7411c285	Stephen Beaver	$certhtml .= '</thead>';
464			$certhtml .= '<tbody>';
465
466			$a_cert = $a_user[$id]['cert'];
467			if (is_array($a_cert)) {
468			$i = 0;
469			foreach ($a_cert as $certref) {
470	7d2e572f	Stephen Beaver	$cert = lookup_cert($certref);
471			$ca = lookup_ca($cert['caref']);
472			$revokedstr = is_cert_revoked($cert) ? '<b> Revoked</b>':'';
473
474	7411c285	Stephen Beaver	$certhtml .= '<tr>';
475	7d2e572f	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($cert['descr']) . $revokedstr . '</td>';
476	7411c285	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($ca['descr']) . '</td>';
477	db676e5b	Stephen Beaver	$certhtml .= '<td>';
478	945204b1	Stephen Beaver	$certhtml .= '<a id="delcert' . $i .'" class="fa fa-trash no-confirm icon-pointer" title="';
479	f14ff867	Phil Davis	$certhtml .= gettext('Remove this certificate association? (Certificate will not be deleted)') . '"></a>';
480	db676e5b	Stephen Beaver	$certhtml .= '</td>';
481	7411c285	Stephen Beaver	$certhtml .= '</tr>';
482	db676e5b	Stephen Beaver	$i++;
483	7411c285	Stephen Beaver	}
484	db676e5b	Stephen Beaver
485	7411c285	Stephen Beaver	}
486
487			$certhtml .= '</tbody>';
488			$certhtml .= '</table>';
489			$certhtml .= '</div>';
490
491			$certhtml .= '<nav class="action-buttons">';
492	37676f4e	jim-p	$certhtml .= '<a href="system_certmanager.php?act=new&userid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>';
493	7411c285	Stephen Beaver	$certhtml .= '</nav>';
494
495			return($certhtml);
496			}
497
498	8f1ab2a4	k-paulius	$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Users"));
499
500			if ($act == "new" \|\| $act == "edit" \|\| $input_errors) {
501			$pgtitle[] = gettext('Edit');
502			}
503	e33be77c	Ermal	include("head.inc");
504	fab7ff44	Bill Marquette
505	01a0385e	Phil Davis	if ($delete_errors) {
506			print_input_errors($delete_errors);
507			}
508
509	d61309a0	Phil Davis	if ($input_errors) {
510	4ee51131	Sjon Hortensius	print_input_errors($input_errors);
511	d61309a0	Phil Davis	}
512	98402844	Stephen Beaver
513	d61309a0	Phil Davis	if ($savemsg) {
514	98402844	Stephen Beaver	print_info_box($savemsg, 'success');
515	d61309a0	Phil Davis	}
516	4ee51131	Sjon Hortensius
517			$tab_array = array();
518			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
519			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
520			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
521	2d1f33d9	k-paulius	$tab_array[] = array(gettext("Authentication Servers"), false, "system_authservers.php");
522	4ee51131	Sjon Hortensius	display_top_tabs($tab_array);
523
524	7411c285	Stephen Beaver	if (!($act == "new" \|\| $act == "edit" \|\| $input_errors)) {
525	64600f94	Sjon Hortensius	?>
526	64c31615	Stephen Beaver	<form method="post">
527	060ed238	Stephen Beaver	<div class="panel panel-default">
528			<div class="panel-heading"><h2 class="panel-title"><?=gettext('Users')?></h2></div>
529			<div class="panel-body">
530			<div class="table-responsive">
531			<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable>
532			<thead>
533			<tr>
534			<th> </th>
535			<th><?=gettext("Username")?></th>
536			<th><?=gettext("Full name")?></th>
537			<th><?=gettext("Disabled")?></th>
538			<th><?=gettext("Groups")?></th>
539	70dc5cd6	Phil Davis	<th><?=gettext("Actions")?></th>
540	060ed238	Stephen Beaver	</tr>
541			</thead>
542			<tbody>
543	a0165602	Sjon Hortensius	<?php
544	d61309a0	Phil Davis	foreach ($a_user as $i => $userent):
545	a0165602	Sjon Hortensius	?>
546	060ed238	Stephen Beaver	<tr>
547			<td>
548	01a0385e	Phil Davis	<input type="checkbox" id="frc<?=$i?>" name="delete_check[]" value="<?=$i?>" <?=((($userent['scope'] == "system") \|\| ($userent['name'] == $_SESSION['Username'])) ? 'disabled' : '')?>/>
549	060ed238	Stephen Beaver	</td>
550			<td>
551	a0165602	Sjon Hortensius	<?php
552	d61309a0	Phil Davis	if ($userent['scope'] != "user") {
553	a0165602	Sjon Hortensius	$usrimg = 'eye-open';
554	d61309a0	Phil Davis	} else {
555	a0165602	Sjon Hortensius	$usrimg = 'user';
556	d61309a0	Phil Davis	}
557	a0165602	Sjon Hortensius	?>
558	060ed238	Stephen Beaver	<i class="fa fa-<?=$usrimg?>"></i>
559			<?=htmlspecialchars($userent['name'])?>
560			</td>
561			<td><?=htmlspecialchars($userent['descr'])?></td>
562			<td><?php if (isset($userent['disabled'])) echo "*"?></td>
563			<td><?=implode(",", local_user_get_groups($userent))?></td>
564			<td>
565			<a class="fa fa-pencil" title="<?=gettext("Edit user"); ?>" href="?act=edit&userid=<?=$i?>"></a>
566	01a0385e	Phil Davis	<?php if (($userent['scope'] != "system") && ($userent['name'] != $_SESSION['Username'])): ?>
567	060ed238	Stephen Beaver	<a class="fa fa-trash" title="<?=gettext("Delete user")?>" href="?act=deluser&userid=<?=$i?>&username=<?=$userent['name']?>"></a>
568	a0165602	Sjon Hortensius	<?php endif; ?>
569	060ed238	Stephen Beaver	</td>
570			</tr>
571	a0165602	Sjon Hortensius	<?php endforeach; ?>
572	060ed238	Stephen Beaver	</tbody>
573			</table>
574			</div>
575			</div>
576	94404d94	Sander van Leeuwen	</div>
577	c10cb196	Stephen Beaver	<nav class="action-buttons">
578	64c31615	Stephen Beaver	<a href="?act=new" class="btn btn-sm btn-success">
579	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
580	b921ab63	Stephen Beaver	<?=gettext("Add")?>
581			</a>
582	64c31615	Stephen Beaver
583			<button type="submit" class="btn btn-sm btn-danger" name="dellall" value="dellall" title="<?=gettext('Delete selected users')?>">
584			<i class="fa fa-trash icon-embed-btn"></i>
585			<?=gettext("Delete")?>
586			</button>
587	94404d94	Sander van Leeuwen	</nav>
588	d825dfea	NOYB	</form>
589	3c3ede28	Stephen Beaver	<div class="infoblock">
590	a0165602	Sjon Hortensius	<?php
591	a0d084fe	k-paulius	print_callout('<p>' . gettext("Additional users can be added here. User permissions for accessing " .
592			"the webConfigurator can be assigned directly or inherited from group memberships. " .
593			"Some system object properties can be modified but they cannot be deleted.") . '</p>' .
594			'<p>' . gettext("Accounts added here are also used for other parts of the system " .
595			"such as OpenVPN, IPsec, and Captive Portal.") . '</p>'
596			);
597	3c3ede28	Stephen Beaver	?></div><?php
598	a0165602	Sjon Hortensius	include("foot.inc");
599			exit;
600			}
601	4ee51131	Sjon Hortensius
602			$form = new Form;
603
604	7411c285	Stephen Beaver	if ($act == "new" \|\| $act == "edit" \|\| $input_errors):
605	4ee51131	Sjon Hortensius
606	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
607			'act',
608			null,
609			'hidden',
610			''
611			));
612	4ee51131	Sjon Hortensius
613	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
614			'userid',
615			null,
616			'hidden',
617			isset($id) ? $id:''
618			));
619	4ee51131	Sjon Hortensius
620	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
621			'privid',
622			null,
623			'hidden',
624			''
625			));
626	4ee51131	Sjon Hortensius
627	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
628			'certid',
629			null,
630			'hidden',
631			''
632			));
633	4ee51131	Sjon Hortensius
634	7411c285	Stephen Beaver	$ro = "";
635			if ($pconfig['utype'] == "system") {
636	c4b60a9a	Colin Fleming	$ro = "readonly";
637	7411c285	Stephen Beaver	}
638	4ee51131	Sjon Hortensius
639	7411c285	Stephen Beaver	$section = new Form_Section('User Properties');
640	4ee51131	Sjon Hortensius
641	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
642			'Defined by',
643			strtoupper($pconfig['utype'])
644			));
645	4ee51131	Sjon Hortensius
646	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
647			'utype',
648			null,
649			'hidden',
650			$pconfig['utype']
651			));
652	4ee51131	Sjon Hortensius
653	7411c285	Stephen Beaver	$section->addInput(new Form_Checkbox(
654			'disabled',
655			'Disabled',
656			'This user cannot login',
657			$pconfig['disabled']
658			));
659	6b07c15a	Matthew Grooms
660	7411c285	Stephen Beaver	$section->addInput($input = new Form_Input(
661			'usernamefld',
662			'Username',
663			'text',
664			$pconfig['usernamefld']
665			));
666	61dec0b0	Renato Botelho
667	d61309a0	Phil Davis	if ($ro) {
668	1fe9cc38	Stephen Beaver	$input->setReadonly();
669	d61309a0	Phil Davis	}
670	7411c285	Stephen Beaver
671			$form->addGlobal(new Form_Input(
672			'oldusername',
673	4ee51131	Sjon Hortensius	null,
674	7411c285	Stephen Beaver	'hidden',
675			$pconfig['usernamefld']
676	4ee51131	Sjon Hortensius	));
677	6b07c15a	Matthew Grooms
678	7411c285	Stephen Beaver	$group = new Form_Group('Password');
679			$group->add(new Form_Input(
680			'passwordfld1',
681			'Password',
682			'password'
683			));
684			$group->add(new Form_Input(
685			'passwordfld2',
686			'Confirm Password',
687			'password'
688			));
689
690			$section->add($group);
691
692			$section->addInput($input = new Form_Input(
693			'descr',
694			'Full name',
695			'text',
696			htmlspecialchars($pconfig['descr'])
697	89140b63	NOYB	))->setHelp('User\'s full name, for administrative information only');
698	7411c285	Stephen Beaver
699	d61309a0	Phil Davis	if ($ro) {
700	7411c285	Stephen Beaver	$input->setDisabled();
701	d61309a0	Phil Davis	}
702	7411c285	Stephen Beaver
703			$section->addInput(new Form_Input(
704			'expires',
705			'Expiration date',
706	5ce16fc1	Stephen Beaver	'text',
707	7411c285	Stephen Beaver	$pconfig['expires']
708			))->setHelp('Leave blank if the account shouldn\'t expire, otherwise enter '.
709			'the expiration date');
710
711			// ==== Group membership ==================================================
712			$group = new Form_Group('Group membership');
713
714	7d2e572f	Stephen Beaver	// Make a list of all the groups configured on the system, and a list of
715	7411c285	Stephen Beaver	// those which this user is a member of
716			$systemGroups = array();
717			$usersGroups = array();
718
719			$usergid = [$pconfig['usernamefld']];
720
721			foreach ($config['system']['group'] as $Ggroup) {
722	d61309a0	Phil Davis	if ($Ggroup['name'] != "all") {
723			if (($act == 'edit') && $Ggroup['member'] && in_array($pconfig['uid'], $Ggroup['member'])) {
724	b4333696	Stephen Beaver	$usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list
725	d61309a0	Phil Davis	} else {
726	b4333696	Stephen Beaver	$systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list
727	d61309a0	Phil Davis	}
728	b4333696	Stephen Beaver	}
729	7411c285	Stephen Beaver	}
730
731			$group->add(new Form_Select(
732			'sysgroups',
733			null,
734			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
735			$systemGroups,
736			true
737	953385a3	heper	))->setHelp('Not member of');
738	6b07c15a	Matthew Grooms
739	7411c285	Stephen Beaver	$group->add(new Form_Select(
740			'groups',
741			null,
742			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
743			$usersGroups,
744			true
745	953385a3	heper	))->setHelp('Member of');
746	7411c285	Stephen Beaver
747			$section->add($group);
748
749			$group = new Form_Group('');
750
751			$group->add(new Form_Button(
752			'movetoenabled',
753	faab522f	Renato Botelho	'Move to "Member of" list',
754	37676f4e	jim-p	null,
755			'fa-angle-double-right'
756	347c0214	Phil Davis	))->setAttribute('type','button')->removeClass('btn-primary')->addClass('btn-info btn-sm');
757	7411c285	Stephen Beaver
758			$group->add(new Form_Button(
759			'movetodisabled',
760	faab522f	Renato Botelho	'Move to "Not member of" list',
761	37676f4e	jim-p	null,
762			'fa-angle-double-left'
763	347c0214	Phil Davis	))->setAttribute('type','button')->removeClass('btn-primary')->addClass('btn-info btn-sm');
764	4ee51131	Sjon Hortensius
765	48d321ca	NewEraCracker	$group->setHelp('Hold down CTRL (PC)/COMMAND (Mac) key to select multiple items.');
766	7411c285	Stephen Beaver	$section->add($group);
767	4ee51131	Sjon Hortensius
768	7411c285	Stephen Beaver	// ==== Button for adding user certificate ================================
769	d61309a0	Phil Davis	if ($act == 'new') {
770	4ee51131	Sjon Hortensius	$section->addInput(new Form_Checkbox(
771	7411c285	Stephen Beaver	'showcert',
772			'Certificate',
773			'Click to create a user certificate',
774			false
775	4ee51131	Sjon Hortensius	));
776	6b07c15a	Matthew Grooms	}
777
778	7411c285	Stephen Beaver	$form->add($section);
779	6b07c15a	Matthew Grooms
780	7411c285	Stephen Beaver	// ==== Effective privileges section ======================================
781			if (isset($pconfig['uid'])) {
782			// We are going to build an HTML table and add it to an Input_StaticText. It may be ugly, but it
783			// is the best way to make the display we need.
784	6b07c15a	Matthew Grooms
785	7411c285	Stephen Beaver	$section = new Form_Section('Effective Privileges');
786	4ee51131	Sjon Hortensius
787	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
788			null,
789			build_priv_table()
790			));
791	4ee51131	Sjon Hortensius
792	7411c285	Stephen Beaver	$form->add($section);
793	4ee51131	Sjon Hortensius
794	7411c285	Stephen Beaver	// ==== Certificate table section =====================================
795	5f88f964	k-paulius	$section = new Form_Section('User Certificates');
796	7411c285	Stephen Beaver
797			$section->addInput(new Form_StaticText(
798			null,
799			build_cert_table()
800			));
801	64600f94	Sjon Hortensius
802			$form->add($section);
803	c9794c06	Ermal	}
804	7411c285	Stephen Beaver
805	f14ff867	Phil Davis	// ==== Add user certificate for a new user
806			if (is_array($config['ca']) && count($config['ca']) > 0) {
807	5f88f964	k-paulius	$section = new Form_Section('Create Certificate for User');
808	f14ff867	Phil Davis	$section->addClass('cert-options');
809	c9794c06	Ermal
810	f14ff867	Phil Davis	$nonPrvCas = array();
811			foreach($config['ca'] as $ca) {
812			if (!$ca['prv']) {
813			continue;
814			}
815	7411c285	Stephen Beaver
816	f14ff867	Phil Davis	$nonPrvCas[ $ca['refid'] ] = $ca['descr'];
817			}
818	7411c285	Stephen Beaver
819	f14ff867	Phil Davis	if (!empty($nonPrvCas)) {
820			$section->addInput(new Form_Input(
821			'name',
822			'Descriptive name',
823			'text',
824			$pconfig['name']
825			));
826	7411c285	Stephen Beaver
827	f14ff867	Phil Davis	$section->addInput(new Form_Select(
828			'caref',
829			'Certificate authority',
830			null,
831			$nonPrvCas
832			));
833	7411c285	Stephen Beaver
834	f14ff867	Phil Davis	$section->addInput(new Form_Select(
835			'keylen',
836			'Key length',
837			2048,
838			array(
839			512 => '512 bits',
840			1024 => '1024 bits',
841	bf408592	jim-p	2048 => '2048 bits',
842	f14ff867	Phil Davis	4096 => '4096 bits',
843			)
844			));
845	7411c285	Stephen Beaver
846	f14ff867	Phil Davis	$section->addInput(new Form_Input(
847			'lifetime',
848			'Lifetime',
849			'number',
850			$pconfig['lifetime']
851			));
852	7411c285	Stephen Beaver	}
853
854	f14ff867	Phil Davis	$form->add($section);
855			}
856
857	7411c285	Stephen Beaver	endif;
858			// ==== Paste a key for the new user
859	4ee51131	Sjon Hortensius	$section = new Form_Section('Keys');
860
861	35e0cd70	Stephen Beaver	$section->addInput(new Form_Checkbox(
862			'showkey',
863			'Authorized keys',
864			'Click to paste an authorized key',
865			false
866			));
867
868	4ee51131	Sjon Hortensius	$section->addInput(new Form_Textarea(
869			'authorizedkeys',
870	d1e73829	Stephen Beaver	'Authorized SSH Keys',
871	4ee51131	Sjon Hortensius	$pconfig['authorizedkeys']
872	d1e73829	Stephen Beaver	))->setHelp('Enter authorized SSH keys for this user');
873	4ee51131	Sjon Hortensius
874	35e0cd70	Stephen Beaver	$section->addInput(new Form_Input(
875	4ee51131	Sjon Hortensius	'ipsecpsk',
876			'IPsec Pre-Shared Key',
877			'text',
878			$pconfig['ipsecpsk']
879			));
880
881			$form->add($section);
882	7411c285	Stephen Beaver
883	a0165602	Sjon Hortensius	print $form;
884	7411c285	Stephen Beaver	?>
885	8fd9052f	Colin Fleming	<script type="text/javascript">
886	7411c285	Stephen Beaver	//<![CDATA[
887	d61309a0	Phil Davis	events.push(function() {
888	7411c285	Stephen Beaver
889			// On click . .
890			$("#movetodisabled").click(function() {
891			moveOptions($('[name="groups[]"] option'), $('[name="sysgroups[]"]'));
892			});
893
894			$("#movetoenabled").click(function() {
895			moveOptions($('[name="sysgroups[]"] option'), $('[name="groups[]"]'));
896			});
897
898			$("#showcert").click(function() {
899			hideClass('cert-options', !this.checked);
900			});
901
902			$("#showkey").click(function() {
903	35e0cd70	Stephen Beaver	hideInput('authorizedkeys', false);
904			hideCheckbox('showkey', true);
905	7411c285	Stephen Beaver	});
906
907	98402844	Stephen Beaver	$('[id^=delcert]').click(function(event) {
908	d61309a0	Phil Davis	if (confirm(event.target.title)) {
909	98402844	Stephen Beaver	$('#certid').val(event.target.id.match(/\d+$/)[0]);
910			$('#userid').val('<?=$id;?>');
911			$('#act').val('delcert');
912			$('form').submit();
913			}
914			});
915	945204b1	Stephen Beaver
916	408d0882	heper	$('[id^=delprivid]').click(function(event) {
917	d61309a0	Phil Davis	if (confirm(event.target.title)) {
918	4c879f95	heper	$('#privid').val(event.target.id.match(/\d+$/)[0]);
919	408d0882	heper	$('#userid').val('<?=$id;?>');
920			$('#act').val('delprivid');
921			$('form').submit();
922			}
923			});
924	64c31615	Stephen Beaver
925	f11862a3	Stephen Beaver	$('#expires').datepicker();
926	98402844	Stephen Beaver
927	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
928
929			hideClass('cert-options', true);
930			//hideInput('authorizedkeys', true);
931	d1e73829	Stephen Beaver	hideCheckbox('showkey', true);
932	7411c285	Stephen Beaver
933			// On submit mark all the user's groups as "selected"
934	d61309a0	Phil Davis	$('form').submit(function() {
935	7411c285	Stephen Beaver	AllServers($('[name="groups[]"] option'), true);
936			});
937			});
938			//]]>
939			</script>
940			<?php
941	bb1b5c6f	heper	include('foot.inc');
942	01a0385e	Phil Davis	?>

Project

General

Profile

pfSense