/src/usr/local/www/system_usermanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_usermanager.php @ 16897690

1	1df17ba9	Scott Ullrich	<?php
2	fab7ff44	Bill Marquette	/*
3	4c291f4c	Renato Botelho	system_usermanager.php
4	fab7ff44	Bill Marquette	*/
5	7d2e572f	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7			* Copyright (c) 2008 Shrew Soft Inc.
8			* Copyright (c) 2005 Paul Taylor <paultaylor@winn-dixie.com>
9			*
10	cb41dd63	Renato Botelho	* Some or all of this file is based on the m0n0wall project which is
11			* Copyright (c) 2004 Manuel Kasper (BSD 2 clause)
12	191cb31d	Stephen Beaver	*
13	7d2e572f	Stephen Beaver	* Redistribution and use in source and binary forms, with or without modification,
14			* are permitted provided that the following conditions are met:
15			*
16			* 1. Redistributions of source code must retain the above copyright notice,
17			* this list of conditions and the following disclaimer.
18			*
19			* 2. Redistributions in binary form must reproduce the above copyright
20			* notice, this list of conditions and the following disclaimer in
21			* the documentation and/or other materials provided with the
22			* distribution.
23			*
24			* 3. All advertising materials mentioning features or use of this software
25			* must display the following acknowledgment:
26			* "This product includes software developed by the pfSense Project
27			* for use in the pfSense software distribution. (http://www.pfsense.org/).
28			*
29			* 4. The names "pfSense" and "pfSense Project" must not be used to
30			* endorse or promote products derived from this software without
31			* prior written permission. For written permission, please contact
32			* coreteam@pfsense.org.
33			*
34			* 5. Products derived from this software may not be called "pfSense"
35			* nor may "pfSense" appear in their names without prior written
36			* permission of the Electric Sheep Fencing, LLC.
37			*
38			* 6. Redistributions of any form whatsoever must retain the following
39			* acknowledgment:
40			*
41			* "This product includes software developed by the pfSense Project
42			* for use in the pfSense software distribution (http://www.pfsense.org/).
43			*
44			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
45			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
46			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
47			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
48			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
49			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
50			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
51			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
53			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
55			* OF THE POSSIBILITY OF SUCH DAMAGE.
56			*
57			* ====================================================================
58			*
59			*/
60	fab7ff44	Bill Marquette
61	6b07c15a	Matthew Grooms	##\|+PRIV
62			##\|*IDENT=page-system-usermanager
63	5230f468	jim-p	##\|*NAME=System: User Manager
64	6b07c15a	Matthew Grooms	##\|*DESCR=Allow access to the 'System: User Manager' page.
65			##\|MATCH=system_usermanager.php
66			##\|-PRIV
67
68	ead24d63	sullrich	require("certs.inc");
69	fab7ff44	Bill Marquette	require("guiconfig.inc");
70
71	e33be77c	Ermal	// start admin user code
72	73fa304b	Phil Davis	if (isset($_POST['userid']) && is_numericint($_POST['userid'])) {
73	1a6769a6	Renato Botelho	$id = $_POST['userid'];
74	73fa304b	Phil Davis	}
75	1df17ba9	Scott Ullrich
76	7411c285	Stephen Beaver	if (isset($_GET['userid']) && is_numericint($_GET['userid'])) {
77			$id = $_GET['userid'];
78			}
79
80	73fa304b	Phil Davis	if (!isset($config['system']['user']) \|\| !is_array($config['system']['user'])) {
81	e33be77c	Ermal	$config['system']['user'] = array();
82	73fa304b	Phil Davis	}
83	1df17ba9	Scott Ullrich
84	e33be77c	Ermal	$a_user = &$config['system']['user'];
85	7411c285	Stephen Beaver	$act = $_GET['act'];
86	45ee90ed	Matthew Grooms
87	73fa304b	Phil Davis	if (isset($_SERVER['HTTP_REFERER'])) {
88	7c2d0050	Renato Botelho	$referer = $_SERVER['HTTP_REFERER'];
89	73fa304b	Phil Davis	} else {
90	7c2d0050	Renato Botelho	$referer = '/system_usermanager.php';
91	73fa304b	Phil Davis	}
92	7c2d0050	Renato Botelho
93	adacdf5f	jim-p	if (isset($id) && $a_user[$id]) {
94			$pconfig['usernamefld'] = $a_user[$id]['name'];
95			$pconfig['descr'] = $a_user[$id]['descr'];
96			$pconfig['expires'] = $a_user[$id]['expires'];
97			$pconfig['groups'] = local_user_get_groups($a_user[$id]);
98			$pconfig['utype'] = $a_user[$id]['scope'];
99			$pconfig['uid'] = $a_user[$id]['uid'];
100			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
101			$pconfig['priv'] = $a_user[$id]['priv'];
102			$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
103			$pconfig['disabled'] = isset($a_user[$id]['disabled']);
104			}
105
106	43acaa2f	Stephen Beaver	if ($_GET['act'] == "deluser") {
107	45ee90ed	Matthew Grooms
108	43acaa2f	Stephen Beaver	if (!isset($_GET['username']) \|\| !isset($a_user[$id]) \|\| ($_GET['username'] != $a_user[$id]['name'])) {
109	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
110			exit;
111	6b07c15a	Matthew Grooms	}
112
113	8a0ae97f	Renato Botelho	conf_mount_rw();
114	e33be77c	Ermal	local_user_del($a_user[$id]);
115	8a0ae97f	Renato Botelho	conf_mount_ro();
116	e33be77c	Ermal	$userdeleted = $a_user[$id]['name'];
117			unset($a_user[$id]);
118			write_config();
119	8545adde	k-paulius	$savemsg = sprintf(gettext("User %s successfully deleted."), $userdeleted);
120	d61309a0	Phil Davis	} else if ($act == "new") {
121	e33be77c	Ermal	/*
122			* set this value cause the text field is read only
123			* and the user should not be able to mess with this
124			* setting.
125			*/
126			$pconfig['utype'] = "user";
127			$pconfig['lifetime'] = 3650;
128			}
129	45ee90ed	Matthew Grooms
130	64c31615	Stephen Beaver	if (isset($_POST['dellall'])) {
131	4e21c82e	bruno
132			$del_users = $_POST['delete_check'];
133
134	73fa304b	Phil Davis	if (!empty($del_users)) {
135			foreach ($del_users as $userid) {
136	4e21c82e	bruno	if (isset($a_user[$userid]) && $a_user[$userid]['scope'] != "system") {
137			conf_mount_rw();
138			local_user_del($a_user[$userid]);
139	64c31615	Stephen Beaver	conf_mount_ro();
140	4e21c82e	bruno	unset($a_user[$userid]);
141			}
142			}
143	8545adde	k-paulius	$savemsg = gettext("Selected users removed successfully.");
144	4e21c82e	bruno	write_config($savemsg);
145			}
146			}
147
148	98402844	Stephen Beaver	if ($_POST['act'] == "delcert") {
149
150			if (!$a_user[$id]) {
151			pfSenseHeader("system_usermanager.php");
152			exit;
153			}
154
155			$certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
156			$certdeleted = $certdeleted['descr'];
157			unset($a_user[$id]['cert'][$_POST['certid']]);
158			write_config();
159			$_POST['act'] = "edit";
160	ed10e389	Phil Davis	$savemsg = sprintf(gettext("Certificate %s association removed."), $certdeleted);
161	98402844	Stephen Beaver	}
162	64c31615	Stephen Beaver
163	945204b1	Stephen Beaver	if ($_POST['act'] == "delprivid") {
164			$privdeleted = $priv_list[$a_user[$id]['priv'][$_POST['privid']]]['name'];
165			unset($a_user[$id]['priv'][$_POST['privid']]);
166			local_user_set($a_user[$id]);
167			write_config();
168			$_POST['act'] = "edit";
169	ed10e389	Phil Davis	$savemsg = sprintf(gettext("Privilege %s removed."), $privdeleted);
170	4c879f95	heper	}
171	98402844	Stephen Beaver
172	1a6769a6	Renato Botelho	if ($_POST['save']) {
173	e33be77c	Ermal	unset($input_errors);
174			$pconfig = $_POST;
175	45ee90ed	Matthew Grooms
176	e33be77c	Ermal	/* input validation */
177			if (isset($id) && ($a_user[$id])) {
178			$reqdfields = explode(" ", "usernamefld");
179			$reqdfieldsn = array(gettext("Username"));
180			} else {
181			if (empty($_POST['name'])) {
182			$reqdfields = explode(" ", "usernamefld passwordfld1");
183			$reqdfieldsn = array(
184			gettext("Username"),
185			gettext("Password"));
186	45ee90ed	Matthew Grooms	} else {
187	e33be77c	Ermal	$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
188			$reqdfieldsn = array(
189			gettext("Username"),
190			gettext("Password"),
191			gettext("Descriptive name"),
192			gettext("Certificate authority"),
193			gettext("Key length"),
194			gettext("Lifetime"));
195	45ee90ed	Matthew Grooms	}
196	e33be77c	Ermal	}
197	45ee90ed	Matthew Grooms
198	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
199	45ee90ed	Matthew Grooms
200	73fa304b	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) {
201	e33be77c	Ermal	$input_errors[] = gettext("The username contains invalid characters.");
202	73fa304b	Phil Davis	}
203	45ee90ed	Matthew Grooms
204	73fa304b	Phil Davis	if (strlen($_POST['usernamefld']) > 16) {
205	e33be77c	Ermal	$input_errors[] = gettext("The username is longer than 16 characters.");
206	73fa304b	Phil Davis	}
207	94d455da	jim-p
208	73fa304b	Phil Davis	if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) {
209	e33be77c	Ermal	$input_errors[] = gettext("The passwords do not match.");
210	73fa304b	Phil Davis	}
211	45ee90ed	Matthew Grooms
212	73fa304b	Phil Davis	if (isset($_POST['ipsecpsk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['ipsecpsk'])) {
213	123d8700	Renato Botelho	$input_errors[] = gettext("IPsec Pre-Shared Key contains invalid characters.");
214	73fa304b	Phil Davis	}
215	123d8700	Renato Botelho
216	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
217	e33be77c	Ermal	$oldusername = $a_user[$id]['name'];
218	73fa304b	Phil Davis	} else {
219	e33be77c	Ermal	$oldusername = "";
220	73fa304b	Phil Davis	}
221	e33be77c	Ermal	/* make sure this user name is unique */
222			if (!$input_errors) {
223			foreach ($a_user as $userent) {
224			if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
225			$input_errors[] = gettext("Another entry with the same username already exists.");
226			break;
227	58664cc9	Scott Ullrich	}
228	3dec33d4	Erik Fonnesbeck	}
229	e33be77c	Ermal	}
230			/* also make sure it is not reserved */
231			if (!$input_errors) {
232			$system_users = explode("\n", file_get_contents("/etc/passwd"));
233			foreach ($system_users as $s_user) {
234			$ent = explode(":", $s_user);
235			if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
236			$input_errors[] = gettext("That username is reserved by the system.");
237			break;
238	8339ab6d	jim-p	}
239	7e4a4513	Scott Ullrich	}
240	e33be77c	Ermal	}
241	1df17ba9	Scott Ullrich
242	e33be77c	Ermal	/*
243	e30050b6	Phil Davis	* Check for a valid expiration date if one is set at all (valid means,
244	4d148b59	Yehuda Katz	* DateTime puts out a time stamp so any DateTime compatible time
245	e33be77c	Ermal	* format may be used. to keep it simple for the enduser, we only
246			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
247			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
248	e30050b6	Phil Davis	* Otherwise such an entry would lead to an invalid expiration data.
249	e33be77c	Ermal	*/
250	73fa304b	Phil Davis	if ($_POST['expires']) {
251	4d148b59	Yehuda Katz	try {
252			$expdate = new DateTime($_POST['expires']);
253			//convert from any DateTime compatible date to MM/DD/YYYY
254			$_POST['expires'] = $expdate->format("m/d/Y");
255	73fa304b	Phil Davis	} catch (Exception $ex) {
256	e33be77c	Ermal	$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
257	0092b3bd	mgrooms	}
258	e33be77c	Ermal	}
259	0092b3bd	mgrooms
260	e33be77c	Ermal	if (!empty($_POST['name'])) {
261			$ca = lookup_ca($_POST['caref']);
262	73fa304b	Phil Davis	if (!$ca) {
263	4c291f4c	Renato Botelho	$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
264	73fa304b	Phil Davis	}
265	e33be77c	Ermal	}
266	c9794c06	Ermal
267	e33be77c	Ermal	/* if this is an AJAX caller then handle via JSON */
268			if (isAjax() && is_array($input_errors)) {
269			input_errors2Ajax($input_errors);
270			exit;
271			}
272	64c31615	Stephen Beaver
273	e33be77c	Ermal	if (!$input_errors) {
274	4ee51131	Sjon Hortensius
275	e33be77c	Ermal	conf_mount_rw();
276			$userent = array();
277	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
278	e33be77c	Ermal	$userent = $a_user[$id];
279	73fa304b	Phil Davis	}
280	e879fc81	Ermal
281	e33be77c	Ermal	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
282
283			/* the user name was modified */
284	926e0a2f	Phil Davis	if (!empty($_POST['oldusername']) && ($_POST['usernamefld'] <> $_POST['oldusername'])) {
285	e33be77c	Ermal	$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
286	fdcf104c	jim-p	local_user_del($userent);
287			}
288	1df17ba9	Scott Ullrich
289	e30050b6	Phil Davis	/* the user password was modified */
290	73fa304b	Phil Davis	if ($_POST['passwordfld1']) {
291	e33be77c	Ermal	local_user_set_password($userent, $_POST['passwordfld1']);
292	73fa304b	Phil Davis	}
293	1df17ba9	Scott Ullrich
294	5cde9005	NewEraCracker	/* only change description if sent */
295			if (isset($_POST['descr'])) {
296			$userent['descr'] = $_POST['descr'];
297			}
298
299	e33be77c	Ermal	$userent['name'] = $_POST['usernamefld'];
300			$userent['expires'] = $_POST['expires'];
301			$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
302			$userent['ipsecpsk'] = $_POST['ipsecpsk'];
303	3ccb9689	Charlie Marshall
304	73fa304b	Phil Davis	if ($_POST['disabled']) {
305	e33be77c	Ermal	$userent['disabled'] = true;
306	73fa304b	Phil Davis	} else {
307	e33be77c	Ermal	unset($userent['disabled']);
308	73fa304b	Phil Davis	}
309	e33be77c	Ermal
310	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
311	e33be77c	Ermal	$a_user[$id] = $userent;
312	73fa304b	Phil Davis	} else {
313	e33be77c	Ermal	if (!empty($_POST['name'])) {
314			$cert = array();
315			$cert['refid'] = uniqid();
316	4c291f4c	Renato Botelho	$userent['cert'] = array();
317	e33be77c	Ermal
318			$cert['descr'] = $_POST['name'];
319
320	4c291f4c	Renato Botelho	$subject = cert_get_subject_array($ca['crt']);
321	e33be77c	Ermal
322	4c291f4c	Renato Botelho	$dn = array(
323			'countryName' => $subject[0]['v'],
324			'stateOrProvinceName' => $subject[1]['v'],
325			'localityName' => $subject[2]['v'],
326			'organizationName' => $subject[3]['v'],
327			'emailAddress' => $subject[4]['v'],
328			'commonName' => $userent['name']);
329	e33be77c	Ermal
330			cert_create($cert, $_POST['caref'], $_POST['keylen'],
331			(int)$_POST['lifetime'], $dn);
332
333	73fa304b	Phil Davis	if (!is_array($config['cert'])) {
334	e33be77c	Ermal	$config['cert'] = array();
335	73fa304b	Phil Davis	}
336	e33be77c	Ermal	$config['cert'][] = $cert;
337			$userent['cert'][] = $cert['refid'];
338			}
339			$userent['uid'] = $config['system']['nextuid']++;
340			/* Add the user to All Users group. */
341			foreach ($config['system']['group'] as $gidx => $group) {
342			if ($group['name'] == "all") {
343	73fa304b	Phil Davis	if (!is_array($config['system']['group'][$gidx]['member'])) {
344	e33be77c	Ermal	$config['system']['group'][$gidx]['member'] = array();
345	73fa304b	Phil Davis	}
346	e33be77c	Ermal	$config['system']['group'][$gidx]['member'][] = $userent['uid'];
347			break;
348			}
349			}
350	970db70b	Scott Ullrich
351	e33be77c	Ermal	$a_user[] = $userent;
352	45ee90ed	Matthew Grooms	}
353	e33be77c	Ermal
354	900ce3b0	jim-p	/* Add user to groups so PHP can see the memberships properly or else the user's shell account does not get proper permissions (if applicable) See #5152. */
355	d61309a0	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
356	e33be77c	Ermal	local_user_set($userent);
357	900ce3b0	jim-p	/* Add user to groups again to ensure they are set everywhere, otherwise the user may not appear to be a member of the group. See commit:5372d26d9d25d751d16865ed9d46869d3b0ec5e1. */
358	73fa304b	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
359	e33be77c	Ermal	write_config();
360
361	73fa304b	Phil Davis	if (is_dir("/etc/inc/privhooks")) {
362	e33be77c	Ermal	run_plugins("/etc/inc/privhooks");
363	73fa304b	Phil Davis	}
364	e33be77c	Ermal
365			conf_mount_ro();
366	3ccb9689	Charlie Marshall
367	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
368	45ee90ed	Matthew Grooms	}
369	e33be77c	Ermal	}
370	fab7ff44	Bill Marquette
371	7411c285	Stephen Beaver	function build_priv_table() {
372			global $a_user, $id;
373
374			$privhtml = '<div class="table-responsive">';
375			$privhtml .= '<table class="table table-striped table-hover table-condensed">';
376			$privhtml .= '<thead>';
377	7d2e572f	Stephen Beaver	$privhtml .= '<tr>';
378			$privhtml .= '<th>' . gettext('Inherited from') . '</th>';
379			$privhtml .= '<th>' . gettext('Name') . '</th>';
380			$privhtml .= '<th>' . gettext('Description') . '</th>';
381	f460db90	NOYB	$privhtml .= '<th>' . gettext('Action') . '</th>';
382	7d2e572f	Stephen Beaver	$privhtml .= '</tr>';
383	7411c285	Stephen Beaver	$privhtml .= '</thead>';
384			$privhtml .= '<tbody>';
385
386	945204b1	Stephen Beaver	$i = 0;
387
388			foreach (get_user_privdesc($a_user[$id]) as $priv) {
389			$group = false;
390			if ($priv['group']) {
391			$group = $priv['group'];
392			}
393
394	7411c285	Stephen Beaver	$privhtml .= '<tr>';
395			$privhtml .= '<td>' . htmlspecialchars($priv['group']) . '</td>';
396			$privhtml .= '<td>' . htmlspecialchars($priv['name']) . '</td>';
397			$privhtml .= '<td>' . htmlspecialchars($priv['descr']) . '</td>';
398	945204b1	Stephen Beaver	$privhtml .= '<td>';
399	d61309a0	Phil Davis	if (!$group) {
400	f460db90	NOYB	$privhtml .= '<a class="fa fa-trash no-confirm icon-pointer" title="' . gettext('Delete Privilege') . '" id="delprivid' . $i . '"></a>';
401	d61309a0	Phil Davis	}
402	945204b1	Stephen Beaver
403			$privhtml .= '</td>';
404	7411c285	Stephen Beaver	$privhtml .= '</tr>';
405	945204b1	Stephen Beaver
406	d61309a0	Phil Davis	if (!$group) {
407	945204b1	Stephen Beaver	$i++;
408	d61309a0	Phil Davis	}
409	7411c285	Stephen Beaver	}
410
411			$privhtml .= '</tbody>';
412			$privhtml .= '</table>';
413			$privhtml .= '</div>';
414
415			$privhtml .= '<nav class="action-buttons">';
416	37676f4e	jim-p	$privhtml .= '<a href="system_usermanager_addprivs.php?userid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>';
417	7411c285	Stephen Beaver	$privhtml .= '</nav>';
418
419			return($privhtml);
420			}
421	98402844	Stephen Beaver
422	7411c285	Stephen Beaver	function build_cert_table() {
423			global $a_user, $id;
424
425			$certhtml = '<div class="table-responsive">';
426			$certhtml .= '<table class="table table-striped table-hover table-condensed">';
427			$certhtml .= '<thead>';
428	7d2e572f	Stephen Beaver	$certhtml .= '<tr>';
429			$certhtml .= '<th>' . gettext('Name') . '</th>';
430			$certhtml .= '<th>' . gettext('CA') . '</th>';
431	98402844	Stephen Beaver	$certhtml .= '<th></th>';
432	7d2e572f	Stephen Beaver	$certhtml .= '</tr>';
433	7411c285	Stephen Beaver	$certhtml .= '</thead>';
434			$certhtml .= '<tbody>';
435
436			$a_cert = $a_user[$id]['cert'];
437			if (is_array($a_cert)) {
438			$i = 0;
439			foreach ($a_cert as $certref) {
440	7d2e572f	Stephen Beaver	$cert = lookup_cert($certref);
441			$ca = lookup_ca($cert['caref']);
442			$revokedstr = is_cert_revoked($cert) ? '<b> Revoked</b>':'';
443
444	7411c285	Stephen Beaver	$certhtml .= '<tr>';
445	7d2e572f	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($cert['descr']) . $revokedstr . '</td>';
446	7411c285	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($ca['descr']) . '</td>';
447	db676e5b	Stephen Beaver	$certhtml .= '<td>';
448	945204b1	Stephen Beaver	$certhtml .= '<a id="delcert' . $i .'" class="fa fa-trash no-confirm icon-pointer" title="';
449	f14ff867	Phil Davis	$certhtml .= gettext('Remove this certificate association? (Certificate will not be deleted)') . '"></a>';
450	db676e5b	Stephen Beaver	$certhtml .= '</td>';
451	7411c285	Stephen Beaver	$certhtml .= '</tr>';
452	db676e5b	Stephen Beaver	$i++;
453	7411c285	Stephen Beaver	}
454	db676e5b	Stephen Beaver
455	7411c285	Stephen Beaver	}
456
457			$certhtml .= '</tbody>';
458			$certhtml .= '</table>';
459			$certhtml .= '</div>';
460
461			$certhtml .= '<nav class="action-buttons">';
462	37676f4e	jim-p	$certhtml .= '<a href="system_certmanager.php?act=new&userid=' . $id . '" class="btn btn-success"><i class="fa fa-plus icon-embed-btn"></i>' . gettext("Add") . '</a>';
463	7411c285	Stephen Beaver	$certhtml .= '</nav>';
464
465			return($certhtml);
466			}
467
468	8f1ab2a4	k-paulius	$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Users"));
469
470			if ($act == "new" \|\| $act == "edit" \|\| $input_errors) {
471			$pgtitle[] = gettext('Edit');
472			}
473	e33be77c	Ermal	include("head.inc");
474	fab7ff44	Bill Marquette
475	d61309a0	Phil Davis	if ($input_errors) {
476	4ee51131	Sjon Hortensius	print_input_errors($input_errors);
477	d61309a0	Phil Davis	}
478	98402844	Stephen Beaver
479	d61309a0	Phil Davis	if ($savemsg) {
480	98402844	Stephen Beaver	print_info_box($savemsg, 'success');
481	d61309a0	Phil Davis	}
482	4ee51131	Sjon Hortensius
483			$tab_array = array();
484			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
485			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
486			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
487	2d1f33d9	k-paulius	$tab_array[] = array(gettext("Authentication Servers"), false, "system_authservers.php");
488	4ee51131	Sjon Hortensius	display_top_tabs($tab_array);
489
490	7411c285	Stephen Beaver	if (!($act == "new" \|\| $act == "edit" \|\| $input_errors)) {
491	64600f94	Sjon Hortensius	?>
492	64c31615	Stephen Beaver	<form method="post">
493	060ed238	Stephen Beaver	<div class="panel panel-default">
494			<div class="panel-heading"><h2 class="panel-title"><?=gettext('Users')?></h2></div>
495			<div class="panel-body">
496			<div class="table-responsive">
497			<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable>
498			<thead>
499			<tr>
500			<th> </th>
501			<th><?=gettext("Username")?></th>
502			<th><?=gettext("Full name")?></th>
503			<th><?=gettext("Disabled")?></th>
504			<th><?=gettext("Groups")?></th>
505	70dc5cd6	Phil Davis	<th><?=gettext("Actions")?></th>
506	060ed238	Stephen Beaver	</tr>
507			</thead>
508			<tbody>
509	a0165602	Sjon Hortensius	<?php
510	d61309a0	Phil Davis	foreach ($a_user as $i => $userent):
511	a0165602	Sjon Hortensius	?>
512	060ed238	Stephen Beaver	<tr>
513			<td>
514			<input type="checkbox" id="frc<?=$i?>" name="delete_check[]" value="<?=$i?>" <?=($userent['scope'] == "system" ? 'disabled' : '')?>/>
515			</td>
516			<td>
517	a0165602	Sjon Hortensius	<?php
518	d61309a0	Phil Davis	if ($userent['scope'] != "user") {
519	a0165602	Sjon Hortensius	$usrimg = 'eye-open';
520	d61309a0	Phil Davis	} else {
521	a0165602	Sjon Hortensius	$usrimg = 'user';
522	d61309a0	Phil Davis	}
523	a0165602	Sjon Hortensius	?>
524	060ed238	Stephen Beaver	<i class="fa fa-<?=$usrimg?>"></i>
525			<?=htmlspecialchars($userent['name'])?>
526			</td>
527			<td><?=htmlspecialchars($userent['descr'])?></td>
528			<td><?php if (isset($userent['disabled'])) echo "*"?></td>
529			<td><?=implode(",", local_user_get_groups($userent))?></td>
530			<td>
531			<a class="fa fa-pencil" title="<?=gettext("Edit user"); ?>" href="?act=edit&userid=<?=$i?>"></a>
532	d61309a0	Phil Davis	<?php if ($userent['scope'] != "system"): ?>
533	060ed238	Stephen Beaver	<a class="fa fa-trash" title="<?=gettext("Delete user")?>" href="?act=deluser&userid=<?=$i?>&username=<?=$userent['name']?>"></a>
534	a0165602	Sjon Hortensius	<?php endif; ?>
535	060ed238	Stephen Beaver	</td>
536			</tr>
537	a0165602	Sjon Hortensius	<?php endforeach; ?>
538	060ed238	Stephen Beaver	</tbody>
539			</table>
540			</div>
541			</div>
542	94404d94	Sander van Leeuwen	</div>
543	c10cb196	Stephen Beaver	<nav class="action-buttons">
544	64c31615	Stephen Beaver	<a href="?act=new" class="btn btn-sm btn-success">
545	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
546	b921ab63	Stephen Beaver	<?=gettext("Add")?>
547			</a>
548	64c31615	Stephen Beaver
549			<button type="submit" class="btn btn-sm btn-danger" name="dellall" value="dellall" title="<?=gettext('Delete selected users')?>">
550			<i class="fa fa-trash icon-embed-btn"></i>
551			<?=gettext("Delete")?>
552			</button>
553	94404d94	Sander van Leeuwen	</nav>
554	d825dfea	NOYB	</form>
555	3c3ede28	Stephen Beaver	<div class="infoblock">
556	a0165602	Sjon Hortensius	<?php
557	a0d084fe	k-paulius	print_callout('<p>' . gettext("Additional users can be added here. User permissions for accessing " .
558			"the webConfigurator can be assigned directly or inherited from group memberships. " .
559			"Some system object properties can be modified but they cannot be deleted.") . '</p>' .
560			'<p>' . gettext("Accounts added here are also used for other parts of the system " .
561			"such as OpenVPN, IPsec, and Captive Portal.") . '</p>'
562			);
563	3c3ede28	Stephen Beaver	?></div><?php
564	a0165602	Sjon Hortensius	include("foot.inc");
565			exit;
566			}
567	4ee51131	Sjon Hortensius
568			$form = new Form;
569
570	7411c285	Stephen Beaver	if ($act == "new" \|\| $act == "edit" \|\| $input_errors):
571	4ee51131	Sjon Hortensius
572	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
573			'act',
574			null,
575			'hidden',
576			''
577			));
578	4ee51131	Sjon Hortensius
579	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
580			'userid',
581			null,
582			'hidden',
583			isset($id) ? $id:''
584			));
585	4ee51131	Sjon Hortensius
586	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
587			'privid',
588			null,
589			'hidden',
590			''
591			));
592	4ee51131	Sjon Hortensius
593	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
594			'certid',
595			null,
596			'hidden',
597			''
598			));
599	4ee51131	Sjon Hortensius
600	7411c285	Stephen Beaver	$ro = "";
601			if ($pconfig['utype'] == "system") {
602	c4b60a9a	Colin Fleming	$ro = "readonly";
603	7411c285	Stephen Beaver	}
604	4ee51131	Sjon Hortensius
605	7411c285	Stephen Beaver	$section = new Form_Section('User Properties');
606	4ee51131	Sjon Hortensius
607	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
608			'Defined by',
609			strtoupper($pconfig['utype'])
610			));
611	4ee51131	Sjon Hortensius
612	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
613			'utype',
614			null,
615			'hidden',
616			$pconfig['utype']
617			));
618	4ee51131	Sjon Hortensius
619	7411c285	Stephen Beaver	$section->addInput(new Form_Checkbox(
620			'disabled',
621			'Disabled',
622			'This user cannot login',
623			$pconfig['disabled']
624			));
625	6b07c15a	Matthew Grooms
626	7411c285	Stephen Beaver	$section->addInput($input = new Form_Input(
627			'usernamefld',
628			'Username',
629			'text',
630			$pconfig['usernamefld']
631			));
632	61dec0b0	Renato Botelho
633	d61309a0	Phil Davis	if ($ro) {
634	1fe9cc38	Stephen Beaver	$input->setReadonly();
635	d61309a0	Phil Davis	}
636	7411c285	Stephen Beaver
637			$form->addGlobal(new Form_Input(
638			'oldusername',
639	4ee51131	Sjon Hortensius	null,
640	7411c285	Stephen Beaver	'hidden',
641			$pconfig['usernamefld']
642	4ee51131	Sjon Hortensius	));
643	6b07c15a	Matthew Grooms
644	7411c285	Stephen Beaver	$group = new Form_Group('Password');
645			$group->add(new Form_Input(
646			'passwordfld1',
647			'Password',
648			'password'
649			));
650			$group->add(new Form_Input(
651			'passwordfld2',
652			'Confirm Password',
653			'password'
654			));
655
656			$section->add($group);
657
658			$section->addInput($input = new Form_Input(
659			'descr',
660			'Full name',
661			'text',
662			htmlspecialchars($pconfig['descr'])
663	89140b63	NOYB	))->setHelp('User\'s full name, for administrative information only');
664	7411c285	Stephen Beaver
665	d61309a0	Phil Davis	if ($ro) {
666	7411c285	Stephen Beaver	$input->setDisabled();
667	d61309a0	Phil Davis	}
668	7411c285	Stephen Beaver
669			$section->addInput(new Form_Input(
670			'expires',
671			'Expiration date',
672			'date',
673			$pconfig['expires']
674			))->setHelp('Leave blank if the account shouldn\'t expire, otherwise enter '.
675			'the expiration date');
676
677			// ==== Group membership ==================================================
678			$group = new Form_Group('Group membership');
679
680	7d2e572f	Stephen Beaver	// Make a list of all the groups configured on the system, and a list of
681	7411c285	Stephen Beaver	// those which this user is a member of
682			$systemGroups = array();
683			$usersGroups = array();
684
685			$usergid = [$pconfig['usernamefld']];
686
687			foreach ($config['system']['group'] as $Ggroup) {
688	d61309a0	Phil Davis	if ($Ggroup['name'] != "all") {
689			if (($act == 'edit') && $Ggroup['member'] && in_array($pconfig['uid'], $Ggroup['member'])) {
690	b4333696	Stephen Beaver	$usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list
691	d61309a0	Phil Davis	} else {
692	b4333696	Stephen Beaver	$systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list
693	d61309a0	Phil Davis	}
694	b4333696	Stephen Beaver	}
695	7411c285	Stephen Beaver	}
696
697			$group->add(new Form_Select(
698			'sysgroups',
699			null,
700			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
701			$systemGroups,
702			true
703	953385a3	heper	))->setHelp('Not member of');
704	6b07c15a	Matthew Grooms
705	7411c285	Stephen Beaver	$group->add(new Form_Select(
706			'groups',
707			null,
708			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
709			$usersGroups,
710			true
711	953385a3	heper	))->setHelp('Member of');
712	7411c285	Stephen Beaver
713			$section->add($group);
714
715			$group = new Form_Group('');
716
717			$group->add(new Form_Button(
718			'movetoenabled',
719	faab522f	Renato Botelho	'Move to "Member of" list',
720	37676f4e	jim-p	null,
721			'fa-angle-double-right'
722	347c0214	Phil Davis	))->setAttribute('type','button')->removeClass('btn-primary')->addClass('btn-info btn-sm');
723	7411c285	Stephen Beaver
724			$group->add(new Form_Button(
725			'movetodisabled',
726	faab522f	Renato Botelho	'Move to "Not member of" list',
727	37676f4e	jim-p	null,
728			'fa-angle-double-left'
729	347c0214	Phil Davis	))->setAttribute('type','button')->removeClass('btn-primary')->addClass('btn-info btn-sm');
730	4ee51131	Sjon Hortensius
731	7411c285	Stephen Beaver	$group->setHelp('Hold down CTRL (pc)/COMMAND (mac) key to select multiple items');
732			$section->add($group);
733	4ee51131	Sjon Hortensius
734	7411c285	Stephen Beaver	// ==== Button for adding user certificate ================================
735	d61309a0	Phil Davis	if ($act == 'new') {
736	4ee51131	Sjon Hortensius	$section->addInput(new Form_Checkbox(
737	7411c285	Stephen Beaver	'showcert',
738			'Certificate',
739			'Click to create a user certificate',
740			false
741	4ee51131	Sjon Hortensius	));
742	6b07c15a	Matthew Grooms	}
743
744	7411c285	Stephen Beaver	$form->add($section);
745	6b07c15a	Matthew Grooms
746	7411c285	Stephen Beaver	// ==== Effective privileges section ======================================
747			if (isset($pconfig['uid'])) {
748			// We are going to build an HTML table and add it to an Input_StaticText. It may be ugly, but it
749			// is the best way to make the display we need.
750	6b07c15a	Matthew Grooms
751	7411c285	Stephen Beaver	$section = new Form_Section('Effective Privileges');
752	4ee51131	Sjon Hortensius
753	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
754			null,
755			build_priv_table()
756			));
757	4ee51131	Sjon Hortensius
758	7411c285	Stephen Beaver	$form->add($section);
759	4ee51131	Sjon Hortensius
760	7411c285	Stephen Beaver	// ==== Certificate table section =====================================
761	5f88f964	k-paulius	$section = new Form_Section('User Certificates');
762	7411c285	Stephen Beaver
763			$section->addInput(new Form_StaticText(
764			null,
765			build_cert_table()
766			));
767	64600f94	Sjon Hortensius
768			$form->add($section);
769	c9794c06	Ermal	}
770	7411c285	Stephen Beaver
771	f14ff867	Phil Davis	// ==== Add user certificate for a new user
772			if (is_array($config['ca']) && count($config['ca']) > 0) {
773	5f88f964	k-paulius	$section = new Form_Section('Create Certificate for User');
774	f14ff867	Phil Davis	$section->addClass('cert-options');
775	c9794c06	Ermal
776	f14ff867	Phil Davis	$nonPrvCas = array();
777			foreach($config['ca'] as $ca) {
778			if (!$ca['prv']) {
779			continue;
780			}
781	7411c285	Stephen Beaver
782	f14ff867	Phil Davis	$nonPrvCas[ $ca['refid'] ] = $ca['descr'];
783			}
784	7411c285	Stephen Beaver
785	f14ff867	Phil Davis	if (!empty($nonPrvCas)) {
786			$section->addInput(new Form_Input(
787			'name',
788			'Descriptive name',
789			'text',
790			$pconfig['name']
791			));
792	7411c285	Stephen Beaver
793	f14ff867	Phil Davis	$section->addInput(new Form_Select(
794			'caref',
795			'Certificate authority',
796			null,
797			$nonPrvCas
798			));
799	7411c285	Stephen Beaver
800	f14ff867	Phil Davis	$section->addInput(new Form_Select(
801			'keylen',
802			'Key length',
803			2048,
804			array(
805			512 => '512 bits',
806			1024 => '1024 bits',
807	16897690	jim-p	2048 => '2048 bits',
808	f14ff867	Phil Davis	4096 => '4096 bits',
809			)
810			));
811	7411c285	Stephen Beaver
812	f14ff867	Phil Davis	$section->addInput(new Form_Input(
813			'lifetime',
814			'Lifetime',
815			'number',
816			$pconfig['lifetime']
817			));
818	7411c285	Stephen Beaver	}
819
820	f14ff867	Phil Davis	$form->add($section);
821			}
822
823	7411c285	Stephen Beaver	endif;
824			// ==== Paste a key for the new user
825	4ee51131	Sjon Hortensius	$section = new Form_Section('Keys');
826
827	35e0cd70	Stephen Beaver	$section->addInput(new Form_Checkbox(
828			'showkey',
829			'Authorized keys',
830			'Click to paste an authorized key',
831			false
832			));
833
834	4ee51131	Sjon Hortensius	$section->addInput(new Form_Textarea(
835			'authorizedkeys',
836	d1e73829	Stephen Beaver	'Authorized SSH Keys',
837	4ee51131	Sjon Hortensius	$pconfig['authorizedkeys']
838	d1e73829	Stephen Beaver	))->setHelp('Enter authorized SSH keys for this user');
839	4ee51131	Sjon Hortensius
840	35e0cd70	Stephen Beaver	$section->addInput(new Form_Input(
841	4ee51131	Sjon Hortensius	'ipsecpsk',
842			'IPsec Pre-Shared Key',
843			'text',
844			$pconfig['ipsecpsk']
845			));
846
847			$form->add($section);
848	7411c285	Stephen Beaver
849	a0165602	Sjon Hortensius	print $form;
850	7411c285	Stephen Beaver	?>
851	8fd9052f	Colin Fleming	<script type="text/javascript">
852	7411c285	Stephen Beaver	//<![CDATA[
853	d61309a0	Phil Davis	events.push(function() {
854	7411c285	Stephen Beaver
855			// On click . .
856			$("#movetodisabled").click(function() {
857			moveOptions($('[name="groups[]"] option'), $('[name="sysgroups[]"]'));
858			});
859
860			$("#movetoenabled").click(function() {
861			moveOptions($('[name="sysgroups[]"] option'), $('[name="groups[]"]'));
862			});
863
864			$("#showcert").click(function() {
865			hideClass('cert-options', !this.checked);
866			});
867
868			$("#showkey").click(function() {
869	35e0cd70	Stephen Beaver	hideInput('authorizedkeys', false);
870			hideCheckbox('showkey', true);
871	7411c285	Stephen Beaver	});
872
873	98402844	Stephen Beaver	$('[id^=delcert]').click(function(event) {
874	d61309a0	Phil Davis	if (confirm(event.target.title)) {
875	98402844	Stephen Beaver	$('#certid').val(event.target.id.match(/\d+$/)[0]);
876			$('#userid').val('<?=$id;?>');
877			$('#act').val('delcert');
878			$('form').submit();
879			}
880			});
881	945204b1	Stephen Beaver
882	408d0882	heper	$('[id^=delprivid]').click(function(event) {
883	d61309a0	Phil Davis	if (confirm(event.target.title)) {
884	4c879f95	heper	$('#privid').val(event.target.id.match(/\d+$/)[0]);
885	408d0882	heper	$('#userid').val('<?=$id;?>');
886			$('#act').val('delprivid');
887			$('form').submit();
888			}
889			});
890	64c31615	Stephen Beaver
891	98402844	Stephen Beaver
892	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
893
894			hideClass('cert-options', true);
895			//hideInput('authorizedkeys', true);
896	d1e73829	Stephen Beaver	hideCheckbox('showkey', true);
897	7411c285	Stephen Beaver
898			// On submit mark all the user's groups as "selected"
899	d61309a0	Phil Davis	$('form').submit(function() {
900	7411c285	Stephen Beaver	AllServers($('[name="groups[]"] option'), true);
901			});
902			});
903			//]]>
904			</script>
905			<?php
906	bb1b5c6f	heper	include('foot.inc');
907	d825dfea	NOYB	?>

Project

General

Profile

pfSense