/src/usr/local/www/system_usermanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_usermanager.php @ 16e3a3e2

1	1df17ba9	Scott Ullrich	<?php
2	fab7ff44	Bill Marquette	/*
3	4c291f4c	Renato Botelho	system_usermanager.php
4	fab7ff44	Bill Marquette	*/
5	7d2e572f	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7			* Copyright (c) 2008 Shrew Soft Inc.
8			* Copyright (c) 2005 Paul Taylor <paultaylor@winn-dixie.com>
9			*
10	cb41dd63	Renato Botelho	* Some or all of this file is based on the m0n0wall project which is
11			* Copyright (c) 2004 Manuel Kasper (BSD 2 clause)
12	191cb31d	Stephen Beaver	*
13	7d2e572f	Stephen Beaver	* Redistribution and use in source and binary forms, with or without modification,
14			* are permitted provided that the following conditions are met:
15			*
16			* 1. Redistributions of source code must retain the above copyright notice,
17			* this list of conditions and the following disclaimer.
18			*
19			* 2. Redistributions in binary form must reproduce the above copyright
20			* notice, this list of conditions and the following disclaimer in
21			* the documentation and/or other materials provided with the
22			* distribution.
23			*
24			* 3. All advertising materials mentioning features or use of this software
25			* must display the following acknowledgment:
26			* "This product includes software developed by the pfSense Project
27			* for use in the pfSense software distribution. (http://www.pfsense.org/).
28			*
29			* 4. The names "pfSense" and "pfSense Project" must not be used to
30			* endorse or promote products derived from this software without
31			* prior written permission. For written permission, please contact
32			* coreteam@pfsense.org.
33			*
34			* 5. Products derived from this software may not be called "pfSense"
35			* nor may "pfSense" appear in their names without prior written
36			* permission of the Electric Sheep Fencing, LLC.
37			*
38			* 6. Redistributions of any form whatsoever must retain the following
39			* acknowledgment:
40			*
41			* "This product includes software developed by the pfSense Project
42			* for use in the pfSense software distribution (http://www.pfsense.org/).
43			*
44			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
45			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
46			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
47			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
48			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
49			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
50			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
51			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
53			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
55			* OF THE POSSIBILITY OF SUCH DAMAGE.
56			*
57			* ====================================================================
58			*
59			*/
60	fab7ff44	Bill Marquette
61	6b07c15a	Matthew Grooms	##\|+PRIV
62			##\|*IDENT=page-system-usermanager
63	5230f468	jim-p	##\|*NAME=System: User Manager
64	6b07c15a	Matthew Grooms	##\|*DESCR=Allow access to the 'System: User Manager' page.
65			##\|MATCH=system_usermanager.php
66			##\|-PRIV
67
68	ead24d63	sullrich	require("certs.inc");
69	fab7ff44	Bill Marquette	require("guiconfig.inc");
70
71	e33be77c	Ermal	// start admin user code
72	461487c2	Phil Davis	$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Users"));
73	fab7ff44	Bill Marquette
74	73fa304b	Phil Davis	if (isset($_POST['userid']) && is_numericint($_POST['userid'])) {
75	1a6769a6	Renato Botelho	$id = $_POST['userid'];
76	73fa304b	Phil Davis	}
77	1df17ba9	Scott Ullrich
78	7411c285	Stephen Beaver	if (isset($_GET['userid']) && is_numericint($_GET['userid'])) {
79			$id = $_GET['userid'];
80			}
81
82	73fa304b	Phil Davis	if (!isset($config['system']['user']) \|\| !is_array($config['system']['user'])) {
83	e33be77c	Ermal	$config['system']['user'] = array();
84	73fa304b	Phil Davis	}
85	1df17ba9	Scott Ullrich
86	e33be77c	Ermal	$a_user = &$config['system']['user'];
87	7411c285	Stephen Beaver	$act = $_GET['act'];
88	45ee90ed	Matthew Grooms
89	73fa304b	Phil Davis	if (isset($_SERVER['HTTP_REFERER'])) {
90	7c2d0050	Renato Botelho	$referer = $_SERVER['HTTP_REFERER'];
91	73fa304b	Phil Davis	} else {
92	7c2d0050	Renato Botelho	$referer = '/system_usermanager.php';
93	73fa304b	Phil Davis	}
94	7c2d0050	Renato Botelho
95	adacdf5f	jim-p	if (isset($id) && $a_user[$id]) {
96			$pconfig['usernamefld'] = $a_user[$id]['name'];
97			$pconfig['descr'] = $a_user[$id]['descr'];
98			$pconfig['expires'] = $a_user[$id]['expires'];
99			$pconfig['groups'] = local_user_get_groups($a_user[$id]);
100			$pconfig['utype'] = $a_user[$id]['scope'];
101			$pconfig['uid'] = $a_user[$id]['uid'];
102			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
103			$pconfig['priv'] = $a_user[$id]['priv'];
104			$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
105			$pconfig['disabled'] = isset($a_user[$id]['disabled']);
106			}
107
108	43acaa2f	Stephen Beaver	if ($_GET['act'] == "deluser") {
109	45ee90ed	Matthew Grooms
110	43acaa2f	Stephen Beaver	if (!isset($_GET['username']) \|\| !isset($a_user[$id]) \|\| ($_GET['username'] != $a_user[$id]['name'])) {
111	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
112			exit;
113	6b07c15a	Matthew Grooms	}
114
115	8a0ae97f	Renato Botelho	conf_mount_rw();
116	e33be77c	Ermal	local_user_del($a_user[$id]);
117	8a0ae97f	Renato Botelho	conf_mount_ro();
118	e33be77c	Ermal	$userdeleted = $a_user[$id]['name'];
119			unset($a_user[$id]);
120			write_config();
121			$savemsg = gettext("User")." {$userdeleted} ".
122	8cd558b6	ayvis	gettext("successfully deleted")."<br />";
123	d61309a0	Phil Davis	} else if ($act == "new") {
124	e33be77c	Ermal	/*
125			* set this value cause the text field is read only
126			* and the user should not be able to mess with this
127			* setting.
128			*/
129			$pconfig['utype'] = "user";
130			$pconfig['lifetime'] = 3650;
131			}
132	45ee90ed	Matthew Grooms
133	64c31615	Stephen Beaver	if (isset($_POST['dellall'])) {
134	4e21c82e	bruno
135			$del_users = $_POST['delete_check'];
136
137	73fa304b	Phil Davis	if (!empty($del_users)) {
138			foreach ($del_users as $userid) {
139	4e21c82e	bruno	if (isset($a_user[$userid]) && $a_user[$userid]['scope'] != "system") {
140			conf_mount_rw();
141			local_user_del($a_user[$userid]);
142	64c31615	Stephen Beaver	conf_mount_ro();
143	4e21c82e	bruno	unset($a_user[$userid]);
144			}
145			}
146			$savemsg = gettext("Selected users removed successfully!");
147			write_config($savemsg);
148			}
149			}
150
151	98402844	Stephen Beaver	if ($_POST['act'] == "delcert") {
152
153			if (!$a_user[$id]) {
154			pfSenseHeader("system_usermanager.php");
155			exit;
156			}
157
158			$certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
159			$certdeleted = $certdeleted['descr'];
160			unset($a_user[$id]['cert'][$_POST['certid']]);
161			write_config();
162			$_POST['act'] = "edit";
163			$savemsg = gettext("Certificate") . " {$certdeleted} " . gettext("association removed.") . "<br />";
164			}
165	64c31615	Stephen Beaver
166	945204b1	Stephen Beaver	if ($_POST['act'] == "delprivid") {
167			$privdeleted = $priv_list[$a_user[$id]['priv'][$_POST['privid']]]['name'];
168			unset($a_user[$id]['priv'][$_POST['privid']]);
169			local_user_set($a_user[$id]);
170			write_config();
171			$_POST['act'] = "edit";
172			$savemsg = gettext("Privilege ") . $privdeleted . gettext(" removed") . "<br />";
173	4c879f95	heper	}
174	98402844	Stephen Beaver
175	1a6769a6	Renato Botelho	if ($_POST['save']) {
176	e33be77c	Ermal	unset($input_errors);
177			$pconfig = $_POST;
178	45ee90ed	Matthew Grooms
179	e33be77c	Ermal	/* input validation */
180			if (isset($id) && ($a_user[$id])) {
181			$reqdfields = explode(" ", "usernamefld");
182			$reqdfieldsn = array(gettext("Username"));
183			} else {
184			if (empty($_POST['name'])) {
185			$reqdfields = explode(" ", "usernamefld passwordfld1");
186			$reqdfieldsn = array(
187			gettext("Username"),
188			gettext("Password"));
189	45ee90ed	Matthew Grooms	} else {
190	e33be77c	Ermal	$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
191			$reqdfieldsn = array(
192			gettext("Username"),
193			gettext("Password"),
194			gettext("Descriptive name"),
195			gettext("Certificate authority"),
196			gettext("Key length"),
197			gettext("Lifetime"));
198	45ee90ed	Matthew Grooms	}
199	e33be77c	Ermal	}
200	45ee90ed	Matthew Grooms
201	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
202	45ee90ed	Matthew Grooms
203	73fa304b	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) {
204	e33be77c	Ermal	$input_errors[] = gettext("The username contains invalid characters.");
205	73fa304b	Phil Davis	}
206	45ee90ed	Matthew Grooms
207	73fa304b	Phil Davis	if (strlen($_POST['usernamefld']) > 16) {
208	e33be77c	Ermal	$input_errors[] = gettext("The username is longer than 16 characters.");
209	73fa304b	Phil Davis	}
210	94d455da	jim-p
211	73fa304b	Phil Davis	if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) {
212	e33be77c	Ermal	$input_errors[] = gettext("The passwords do not match.");
213	73fa304b	Phil Davis	}
214	45ee90ed	Matthew Grooms
215	73fa304b	Phil Davis	if (isset($_POST['ipsecpsk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['ipsecpsk'])) {
216	123d8700	Renato Botelho	$input_errors[] = gettext("IPsec Pre-Shared Key contains invalid characters.");
217	73fa304b	Phil Davis	}
218	123d8700	Renato Botelho
219	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
220	e33be77c	Ermal	$oldusername = $a_user[$id]['name'];
221	73fa304b	Phil Davis	} else {
222	e33be77c	Ermal	$oldusername = "";
223	73fa304b	Phil Davis	}
224	e33be77c	Ermal	/* make sure this user name is unique */
225			if (!$input_errors) {
226			foreach ($a_user as $userent) {
227			if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
228			$input_errors[] = gettext("Another entry with the same username already exists.");
229			break;
230	58664cc9	Scott Ullrich	}
231	3dec33d4	Erik Fonnesbeck	}
232	e33be77c	Ermal	}
233			/* also make sure it is not reserved */
234			if (!$input_errors) {
235			$system_users = explode("\n", file_get_contents("/etc/passwd"));
236			foreach ($system_users as $s_user) {
237			$ent = explode(":", $s_user);
238			if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
239			$input_errors[] = gettext("That username is reserved by the system.");
240			break;
241	8339ab6d	jim-p	}
242	7e4a4513	Scott Ullrich	}
243	e33be77c	Ermal	}
244	1df17ba9	Scott Ullrich
245	e33be77c	Ermal	/*
246	e30050b6	Phil Davis	* Check for a valid expiration date if one is set at all (valid means,
247	4d148b59	Yehuda Katz	* DateTime puts out a time stamp so any DateTime compatible time
248	e33be77c	Ermal	* format may be used. to keep it simple for the enduser, we only
249			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
250			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
251	e30050b6	Phil Davis	* Otherwise such an entry would lead to an invalid expiration data.
252	e33be77c	Ermal	*/
253	73fa304b	Phil Davis	if ($_POST['expires']) {
254	4d148b59	Yehuda Katz	try {
255			$expdate = new DateTime($_POST['expires']);
256			//convert from any DateTime compatible date to MM/DD/YYYY
257			$_POST['expires'] = $expdate->format("m/d/Y");
258	73fa304b	Phil Davis	} catch (Exception $ex) {
259	e33be77c	Ermal	$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
260	0092b3bd	mgrooms	}
261	e33be77c	Ermal	}
262	0092b3bd	mgrooms
263	e33be77c	Ermal	if (!empty($_POST['name'])) {
264			$ca = lookup_ca($_POST['caref']);
265	73fa304b	Phil Davis	if (!$ca) {
266	4c291f4c	Renato Botelho	$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
267	73fa304b	Phil Davis	}
268	e33be77c	Ermal	}
269	c9794c06	Ermal
270	e33be77c	Ermal	/* if this is an AJAX caller then handle via JSON */
271			if (isAjax() && is_array($input_errors)) {
272			input_errors2Ajax($input_errors);
273			exit;
274			}
275	64c31615	Stephen Beaver
276	e33be77c	Ermal	if (!$input_errors) {
277	4ee51131	Sjon Hortensius
278
279	e33be77c	Ermal	conf_mount_rw();
280			$userent = array();
281	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
282	e33be77c	Ermal	$userent = $a_user[$id];
283	73fa304b	Phil Davis	}
284	e879fc81	Ermal
285	e33be77c	Ermal	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
286
287			/* the user name was modified */
288	926e0a2f	Phil Davis	if (!empty($_POST['oldusername']) && ($_POST['usernamefld'] <> $_POST['oldusername'])) {
289	e33be77c	Ermal	$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
290	fdcf104c	jim-p	local_user_del($userent);
291			}
292	1df17ba9	Scott Ullrich
293	e30050b6	Phil Davis	/* the user password was modified */
294	73fa304b	Phil Davis	if ($_POST['passwordfld1']) {
295	e33be77c	Ermal	local_user_set_password($userent, $_POST['passwordfld1']);
296	73fa304b	Phil Davis	}
297	1df17ba9	Scott Ullrich
298	e33be77c	Ermal	$userent['name'] = $_POST['usernamefld'];
299			$userent['descr'] = $_POST['descr'];
300			$userent['expires'] = $_POST['expires'];
301			$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
302			$userent['ipsecpsk'] = $_POST['ipsecpsk'];
303	3ccb9689	Charlie Marshall
304	73fa304b	Phil Davis	if ($_POST['disabled']) {
305	e33be77c	Ermal	$userent['disabled'] = true;
306	73fa304b	Phil Davis	} else {
307	e33be77c	Ermal	unset($userent['disabled']);
308	73fa304b	Phil Davis	}
309	e33be77c	Ermal
310	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
311	e33be77c	Ermal	$a_user[$id] = $userent;
312	73fa304b	Phil Davis	} else {
313	e33be77c	Ermal	if (!empty($_POST['name'])) {
314			$cert = array();
315			$cert['refid'] = uniqid();
316	4c291f4c	Renato Botelho	$userent['cert'] = array();
317	e33be77c	Ermal
318			$cert['descr'] = $_POST['name'];
319
320	4c291f4c	Renato Botelho	$subject = cert_get_subject_array($ca['crt']);
321	e33be77c	Ermal
322	4c291f4c	Renato Botelho	$dn = array(
323			'countryName' => $subject[0]['v'],
324			'stateOrProvinceName' => $subject[1]['v'],
325			'localityName' => $subject[2]['v'],
326			'organizationName' => $subject[3]['v'],
327			'emailAddress' => $subject[4]['v'],
328			'commonName' => $userent['name']);
329	e33be77c	Ermal
330			cert_create($cert, $_POST['caref'], $_POST['keylen'],
331			(int)$_POST['lifetime'], $dn);
332
333	73fa304b	Phil Davis	if (!is_array($config['cert'])) {
334	e33be77c	Ermal	$config['cert'] = array();
335	73fa304b	Phil Davis	}
336	e33be77c	Ermal	$config['cert'][] = $cert;
337			$userent['cert'][] = $cert['refid'];
338			}
339			$userent['uid'] = $config['system']['nextuid']++;
340			/* Add the user to All Users group. */
341			foreach ($config['system']['group'] as $gidx => $group) {
342			if ($group['name'] == "all") {
343	73fa304b	Phil Davis	if (!is_array($config['system']['group'][$gidx]['member'])) {
344	e33be77c	Ermal	$config['system']['group'][$gidx]['member'] = array();
345	73fa304b	Phil Davis	}
346	e33be77c	Ermal	$config['system']['group'][$gidx]['member'][] = $userent['uid'];
347			break;
348			}
349			}
350	970db70b	Scott Ullrich
351	e33be77c	Ermal	$a_user[] = $userent;
352	45ee90ed	Matthew Grooms	}
353	e33be77c	Ermal
354	900ce3b0	jim-p	/* Add user to groups so PHP can see the memberships properly or else the user's shell account does not get proper permissions (if applicable) See #5152. */
355	d61309a0	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
356	e33be77c	Ermal	local_user_set($userent);
357	900ce3b0	jim-p	/* Add user to groups again to ensure they are set everywhere, otherwise the user may not appear to be a member of the group. See commit:5372d26d9d25d751d16865ed9d46869d3b0ec5e1. */
358	73fa304b	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
359	e33be77c	Ermal	write_config();
360
361	73fa304b	Phil Davis	if (is_dir("/etc/inc/privhooks")) {
362	e33be77c	Ermal	run_plugins("/etc/inc/privhooks");
363	73fa304b	Phil Davis	}
364	e33be77c	Ermal
365			conf_mount_ro();
366	3ccb9689	Charlie Marshall
367	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
368	45ee90ed	Matthew Grooms	}
369	e33be77c	Ermal	}
370	fab7ff44	Bill Marquette
371	7411c285	Stephen Beaver	function build_priv_table() {
372			global $a_user, $id;
373
374			$privhtml = '<div class="table-responsive">';
375			$privhtml .= '<table class="table table-striped table-hover table-condensed">';
376			$privhtml .= '<thead>';
377	7d2e572f	Stephen Beaver	$privhtml .= '<tr>';
378			$privhtml .= '<th>' . gettext('Inherited from') . '</th>';
379			$privhtml .= '<th>' . gettext('Name') . '</th>';
380			$privhtml .= '<th>' . gettext('Description') . '</th>';
381			$privhtml .= '</tr>';
382	7411c285	Stephen Beaver	$privhtml .= '</thead>';
383			$privhtml .= '<tbody>';
384
385	945204b1	Stephen Beaver	$i = 0;
386
387			foreach (get_user_privdesc($a_user[$id]) as $priv) {
388			$group = false;
389			if ($priv['group']) {
390			$group = $priv['group'];
391			}
392
393	7411c285	Stephen Beaver	$privhtml .= '<tr>';
394			$privhtml .= '<td>' . htmlspecialchars($priv['group']) . '</td>';
395			$privhtml .= '<td>' . htmlspecialchars($priv['name']) . '</td>';
396			$privhtml .= '<td>' . htmlspecialchars($priv['descr']) . '</td>';
397	945204b1	Stephen Beaver	$privhtml .= '<td>';
398	d61309a0	Phil Davis	if (!$group) {
399	945204b1	Stephen Beaver	$privhtml .= '<a class="fa fa-trash no-confirm icon-pointer" title="'.gettext('Delete Privilege').'" id="delprivid' .$i. '"></a></td>';
400	d61309a0	Phil Davis	}
401	945204b1	Stephen Beaver
402			$privhtml .= '</td>';
403	7411c285	Stephen Beaver	$privhtml .= '</tr>';
404	945204b1	Stephen Beaver
405	d61309a0	Phil Davis	if (!$group) {
406	945204b1	Stephen Beaver	$i++;
407	d61309a0	Phil Davis	}
408	7411c285	Stephen Beaver	}
409
410			$privhtml .= '</tbody>';
411			$privhtml .= '</table>';
412			$privhtml .= '</div>';
413
414			$privhtml .= '<nav class="action-buttons">';
415			$privhtml .= '<a href="system_usermanager_addprivs.php?userid=' . $id . '" class="btn btn-success">' . gettext("Add") . '</a>';
416			$privhtml .= '</nav>';
417
418			return($privhtml);
419			}
420	98402844	Stephen Beaver
421	7411c285	Stephen Beaver	function build_cert_table() {
422			global $a_user, $id;
423
424			$certhtml = '<div class="table-responsive">';
425			$certhtml .= '<table class="table table-striped table-hover table-condensed">';
426			$certhtml .= '<thead>';
427	7d2e572f	Stephen Beaver	$certhtml .= '<tr>';
428			$certhtml .= '<th>' . gettext('Name') . '</th>';
429			$certhtml .= '<th>' . gettext('CA') . '</th>';
430	98402844	Stephen Beaver	$certhtml .= '<th></th>';
431	7d2e572f	Stephen Beaver	$certhtml .= '</tr>';
432	7411c285	Stephen Beaver	$certhtml .= '</thead>';
433			$certhtml .= '<tbody>';
434
435			$a_cert = $a_user[$id]['cert'];
436			if (is_array($a_cert)) {
437			$i = 0;
438			foreach ($a_cert as $certref) {
439	7d2e572f	Stephen Beaver	$cert = lookup_cert($certref);
440			$ca = lookup_ca($cert['caref']);
441			$revokedstr = is_cert_revoked($cert) ? '<b> Revoked</b>':'';
442
443	7411c285	Stephen Beaver	$certhtml .= '<tr>';
444	7d2e572f	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($cert['descr']) . $revokedstr . '</td>';
445	7411c285	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($ca['descr']) . '</td>';
446	db676e5b	Stephen Beaver	$certhtml .= '<td>';
447	945204b1	Stephen Beaver	$certhtml .= '<a id="delcert' . $i .'" class="fa fa-trash no-confirm icon-pointer" title="';
448	f14ff867	Phil Davis	$certhtml .= gettext('Remove this certificate association? (Certificate will not be deleted)') . '"></a>';
449	db676e5b	Stephen Beaver	$certhtml .= '</td>';
450	7411c285	Stephen Beaver	$certhtml .= '</tr>';
451	db676e5b	Stephen Beaver	$i++;
452	7411c285	Stephen Beaver	}
453	db676e5b	Stephen Beaver
454	7411c285	Stephen Beaver	}
455
456			$certhtml .= '</tbody>';
457			$certhtml .= '</table>';
458			$certhtml .= '</div>';
459
460			$certhtml .= '<nav class="action-buttons">';
461			$certhtml .= '<a href="system_certmanager.php?act=new&userid=' . $id . '" class="btn btn-success">' . gettext("Add") . '</a>';
462			$certhtml .= '</nav>';
463
464			return($certhtml);
465			}
466
467	e33be77c	Ermal	include("head.inc");
468	fab7ff44	Bill Marquette
469	d61309a0	Phil Davis	if ($input_errors) {
470	4ee51131	Sjon Hortensius	print_input_errors($input_errors);
471	d61309a0	Phil Davis	}
472	98402844	Stephen Beaver
473	d61309a0	Phil Davis	if ($savemsg) {
474	98402844	Stephen Beaver	print_info_box($savemsg, 'success');
475	d61309a0	Phil Davis	}
476	4ee51131	Sjon Hortensius
477			$tab_array = array();
478			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
479			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
480			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
481			$tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
482			display_top_tabs($tab_array);
483
484	7411c285	Stephen Beaver	if (!($act == "new" \|\| $act == "edit" \|\| $input_errors)) {
485	64600f94	Sjon Hortensius	?>
486	64c31615	Stephen Beaver	<form method="post">
487	060ed238	Stephen Beaver	<div class="panel panel-default">
488			<div class="panel-heading"><h2 class="panel-title"><?=gettext('Users')?></h2></div>
489			<div class="panel-body">
490			<div class="table-responsive">
491			<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable>
492			<thead>
493			<tr>
494			<th> </th>
495			<th><?=gettext("Username")?></th>
496			<th><?=gettext("Full name")?></th>
497			<th><?=gettext("Disabled")?></th>
498			<th><?=gettext("Groups")?></th>
499	70dc5cd6	Phil Davis	<th><?=gettext("Actions")?></th>
500	060ed238	Stephen Beaver	</tr>
501			</thead>
502			<tbody>
503	a0165602	Sjon Hortensius	<?php
504	d61309a0	Phil Davis	foreach ($a_user as $i => $userent):
505	a0165602	Sjon Hortensius	?>
506	060ed238	Stephen Beaver	<tr>
507			<td>
508			<input type="checkbox" id="frc<?=$i?>" name="delete_check[]" value="<?=$i?>" <?=($userent['scope'] == "system" ? 'disabled' : '')?>/>
509			</td>
510			<td>
511	a0165602	Sjon Hortensius	<?php
512	d61309a0	Phil Davis	if ($userent['scope'] != "user") {
513	a0165602	Sjon Hortensius	$usrimg = 'eye-open';
514	d61309a0	Phil Davis	} else {
515	a0165602	Sjon Hortensius	$usrimg = 'user';
516	d61309a0	Phil Davis	}
517	a0165602	Sjon Hortensius	?>
518	060ed238	Stephen Beaver	<i class="fa fa-<?=$usrimg?>"></i>
519			<?=htmlspecialchars($userent['name'])?>
520			</td>
521			<td><?=htmlspecialchars($userent['descr'])?></td>
522			<td><?php if (isset($userent['disabled'])) echo "*"?></td>
523			<td><?=implode(",", local_user_get_groups($userent))?></td>
524			<td>
525			<a class="fa fa-pencil" title="<?=gettext("Edit user"); ?>" href="?act=edit&userid=<?=$i?>"></a>
526	d61309a0	Phil Davis	<?php if ($userent['scope'] != "system"): ?>
527	060ed238	Stephen Beaver	<a class="fa fa-trash" title="<?=gettext("Delete user")?>" href="?act=deluser&userid=<?=$i?>&username=<?=$userent['name']?>"></a>
528	a0165602	Sjon Hortensius	<?php endif; ?>
529	060ed238	Stephen Beaver	</td>
530			</tr>
531	a0165602	Sjon Hortensius	<?php endforeach; ?>
532	060ed238	Stephen Beaver	</tbody>
533			</table>
534			</div>
535			</div>
536	94404d94	Sander van Leeuwen	</div>
537	c10cb196	Stephen Beaver	<nav class="action-buttons">
538	64c31615	Stephen Beaver	<a href="?act=new" class="btn btn-sm btn-success">
539	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
540	b921ab63	Stephen Beaver	<?=gettext("Add")?>
541			</a>
542	64c31615	Stephen Beaver
543			<button type="submit" class="btn btn-sm btn-danger" name="dellall" value="dellall" title="<?=gettext('Delete selected users')?>">
544			<i class="fa fa-trash icon-embed-btn"></i>
545			<?=gettext("Delete")?>
546			</button>
547	94404d94	Sander van Leeuwen	</nav>
548	d825dfea	NOYB	</form>
549	b921ab63	Stephen Beaver
550	35681930	Stephen Beaver	<div class="infoblock">
551	b921ab63	Stephen Beaver	<?=print_info_box(gettext("Additional users can be added here. User permissions for accessing " .
552	a0165602	Sjon Hortensius	"the webConfigurator can be assigned directly or inherited from group memberships. " .
553			"An icon that appears grey indicates that it is a system defined object. " .
554	b921ab63	Stephen Beaver	"Some system object properties can be modified but they cannot be deleted.") .
555			'<br /><br />' .
556	64c31615	Stephen Beaver	gettext("Accounts added here are also used for other parts of the system " .
557	85d29bf5	Stephen Beaver	"such as OpenVPN, IPsec, and Captive Portal."), 'info', false)?>
558	b921ab63	Stephen Beaver	</div>
559
560	a0165602	Sjon Hortensius	<?php
561			include("foot.inc");
562			exit;
563			}
564	4ee51131	Sjon Hortensius
565			$form = new Form;
566
567	7411c285	Stephen Beaver	if ($act == "new" \|\| $act == "edit" \|\| $input_errors):
568	4ee51131	Sjon Hortensius
569	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
570			'act',
571			null,
572			'hidden',
573			''
574			));
575	4ee51131	Sjon Hortensius
576	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
577			'userid',
578			null,
579			'hidden',
580			isset($id) ? $id:''
581			));
582	4ee51131	Sjon Hortensius
583	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
584			'privid',
585			null,
586			'hidden',
587			''
588			));
589	4ee51131	Sjon Hortensius
590	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
591			'certid',
592			null,
593			'hidden',
594			''
595			));
596	4ee51131	Sjon Hortensius
597	7411c285	Stephen Beaver	$ro = "";
598			if ($pconfig['utype'] == "system") {
599	c4b60a9a	Colin Fleming	$ro = "readonly";
600	7411c285	Stephen Beaver	}
601	4ee51131	Sjon Hortensius
602	7411c285	Stephen Beaver	$section = new Form_Section('User Properties');
603	4ee51131	Sjon Hortensius
604	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
605			'Defined by',
606			strtoupper($pconfig['utype'])
607			));
608	4ee51131	Sjon Hortensius
609	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
610			'utype',
611			null,
612			'hidden',
613			$pconfig['utype']
614			));
615	4ee51131	Sjon Hortensius
616	7411c285	Stephen Beaver	$section->addInput(new Form_Checkbox(
617			'disabled',
618			'Disabled',
619			'This user cannot login',
620			$pconfig['disabled']
621			));
622	6b07c15a	Matthew Grooms
623	7411c285	Stephen Beaver	$section->addInput($input = new Form_Input(
624			'usernamefld',
625			'Username',
626			'text',
627			$pconfig['usernamefld']
628			));
629	61dec0b0	Renato Botelho
630	d61309a0	Phil Davis	if ($ro) {
631	1fe9cc38	Stephen Beaver	$input->setReadonly();
632	d61309a0	Phil Davis	}
633	7411c285	Stephen Beaver
634			$form->addGlobal(new Form_Input(
635			'oldusername',
636	4ee51131	Sjon Hortensius	null,
637	7411c285	Stephen Beaver	'hidden',
638			$pconfig['usernamefld']
639	4ee51131	Sjon Hortensius	));
640	6b07c15a	Matthew Grooms
641	7411c285	Stephen Beaver	$group = new Form_Group('Password');
642			$group->add(new Form_Input(
643			'passwordfld1',
644			'Password',
645			'password'
646			));
647			$group->add(new Form_Input(
648			'passwordfld2',
649			'Confirm Password',
650			'password'
651			));
652
653			$section->add($group);
654
655			$section->addInput($input = new Form_Input(
656			'descr',
657			'Full name',
658			'text',
659			htmlspecialchars($pconfig['descr'])
660			))->setHelp('User\'s full name, for your own information only');
661
662	d61309a0	Phil Davis	if ($ro) {
663	7411c285	Stephen Beaver	$input->setDisabled();
664	d61309a0	Phil Davis	}
665	7411c285	Stephen Beaver
666			$section->addInput(new Form_Input(
667			'expires',
668			'Expiration date',
669			'date',
670			$pconfig['expires']
671			))->setHelp('Leave blank if the account shouldn\'t expire, otherwise enter '.
672			'the expiration date');
673
674			// ==== Group membership ==================================================
675			$group = new Form_Group('Group membership');
676
677	7d2e572f	Stephen Beaver	// Make a list of all the groups configured on the system, and a list of
678	7411c285	Stephen Beaver	// those which this user is a member of
679			$systemGroups = array();
680			$usersGroups = array();
681
682			$usergid = [$pconfig['usernamefld']];
683
684			foreach ($config['system']['group'] as $Ggroup) {
685	d61309a0	Phil Davis	if ($Ggroup['name'] != "all") {
686			if (($act == 'edit') && $Ggroup['member'] && in_array($pconfig['uid'], $Ggroup['member'])) {
687	b4333696	Stephen Beaver	$usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list
688	d61309a0	Phil Davis	} else {
689	b4333696	Stephen Beaver	$systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list
690	d61309a0	Phil Davis	}
691	b4333696	Stephen Beaver	}
692	7411c285	Stephen Beaver	}
693
694			$group->add(new Form_Select(
695			'sysgroups',
696			null,
697			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
698			$systemGroups,
699			true
700	953385a3	heper	))->setHelp('Not member of');
701	6b07c15a	Matthew Grooms
702	7411c285	Stephen Beaver	$group->add(new Form_Select(
703			'groups',
704			null,
705			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
706			$usersGroups,
707			true
708	953385a3	heper	))->setHelp('Member of');
709	7411c285	Stephen Beaver
710			$section->add($group);
711
712			$group = new Form_Group('');
713
714			$group->add(new Form_Button(
715			'movetoenabled',
716			'Move to "Member of" list >'
717			))->removeClass('btn-primary')->addClass('btn-default btn-sm');
718
719			$group->add(new Form_Button(
720			'movetodisabled',
721			'< Move to "Not member of" list'
722			))->removeClass('btn-primary')->addClass('btn-default btn-sm');
723	4ee51131	Sjon Hortensius
724	7411c285	Stephen Beaver	$group->setHelp('Hold down CTRL (pc)/COMMAND (mac) key to select multiple items');
725			$section->add($group);
726	4ee51131	Sjon Hortensius
727	7411c285	Stephen Beaver	// ==== Button for adding user certificate ================================
728	d61309a0	Phil Davis	if ($act == 'new') {
729	4ee51131	Sjon Hortensius	$section->addInput(new Form_Checkbox(
730	7411c285	Stephen Beaver	'showcert',
731			'Certificate',
732			'Click to create a user certificate',
733			false
734	4ee51131	Sjon Hortensius	));
735	6b07c15a	Matthew Grooms	}
736
737	7411c285	Stephen Beaver	$form->add($section);
738	6b07c15a	Matthew Grooms
739	7411c285	Stephen Beaver	// ==== Effective privileges section ======================================
740			if (isset($pconfig['uid'])) {
741			// We are going to build an HTML table and add it to an Input_StaticText. It may be ugly, but it
742			// is the best way to make the display we need.
743	6b07c15a	Matthew Grooms
744	7411c285	Stephen Beaver	$section = new Form_Section('Effective Privileges');
745	4ee51131	Sjon Hortensius
746	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
747			null,
748			build_priv_table()
749			));
750	4ee51131	Sjon Hortensius
751	7411c285	Stephen Beaver	$form->add($section);
752	4ee51131	Sjon Hortensius
753	7411c285	Stephen Beaver	// ==== Certificate table section =====================================
754			$section = new Form_Section('User certificates');
755
756			$section->addInput(new Form_StaticText(
757			null,
758			build_cert_table()
759			));
760	64600f94	Sjon Hortensius
761			$form->add($section);
762	c9794c06	Ermal	}
763	7411c285	Stephen Beaver
764	f14ff867	Phil Davis	// ==== Add user certificate for a new user
765			if (is_array($config['ca']) && count($config['ca']) > 0) {
766			$section = new Form_Section('Create certificate for user');
767			$section->addClass('cert-options');
768	c9794c06	Ermal
769	f14ff867	Phil Davis	$nonPrvCas = array();
770			foreach($config['ca'] as $ca) {
771			if (!$ca['prv']) {
772			continue;
773			}
774	7411c285	Stephen Beaver
775	f14ff867	Phil Davis	$nonPrvCas[ $ca['refid'] ] = $ca['descr'];
776			}
777	7411c285	Stephen Beaver
778	f14ff867	Phil Davis	if (!empty($nonPrvCas)) {
779			$section->addInput(new Form_Input(
780			'name',
781			'Descriptive name',
782			'text',
783			$pconfig['name']
784			));
785	7411c285	Stephen Beaver
786	f14ff867	Phil Davis	$section->addInput(new Form_Select(
787			'caref',
788			'Certificate authority',
789			null,
790			$nonPrvCas
791			));
792	7411c285	Stephen Beaver
793	f14ff867	Phil Davis	$section->addInput(new Form_Select(
794			'keylen',
795			'Key length',
796			2048,
797			array(
798			512 => '512 bits',
799			1024 => '1024 bits',
800			2048 => '2049 bits',
801			4096 => '4096 bits',
802			)
803			));
804	7411c285	Stephen Beaver
805	f14ff867	Phil Davis	$section->addInput(new Form_Input(
806			'lifetime',
807			'Lifetime',
808			'number',
809			$pconfig['lifetime']
810			));
811	7411c285	Stephen Beaver	}
812
813	f14ff867	Phil Davis	$form->add($section);
814			}
815
816	7411c285	Stephen Beaver	endif;
817			// ==== Paste a key for the new user
818	4ee51131	Sjon Hortensius	$section = new Form_Section('Keys');
819
820	35e0cd70	Stephen Beaver	$section->addInput(new Form_Checkbox(
821			'showkey',
822			'Authorized keys',
823			'Click to paste an authorized key',
824			false
825			));
826
827	4ee51131	Sjon Hortensius	$section->addInput(new Form_Textarea(
828			'authorizedkeys',
829	d1e73829	Stephen Beaver	'Authorized SSH Keys',
830	4ee51131	Sjon Hortensius	$pconfig['authorizedkeys']
831	d1e73829	Stephen Beaver	))->setHelp('Enter authorized SSH keys for this user');
832	4ee51131	Sjon Hortensius
833	35e0cd70	Stephen Beaver	$section->addInput(new Form_Input(
834	4ee51131	Sjon Hortensius	'ipsecpsk',
835			'IPsec Pre-Shared Key',
836			'text',
837			$pconfig['ipsecpsk']
838			));
839
840			$form->add($section);
841	7411c285	Stephen Beaver
842	a0165602	Sjon Hortensius	print $form;
843	7411c285	Stephen Beaver	?>
844	8fd9052f	Colin Fleming	<script type="text/javascript">
845	7411c285	Stephen Beaver	//<![CDATA[
846	d61309a0	Phil Davis	events.push(function() {
847	7411c285	Stephen Beaver
848			// Select every option in the specified multiselect
849			function AllServers(id, selectAll) {
850			for (i = 0; i < id.length; i++) {
851			id.eq(i).prop('selected', selectAll);
852			}
853			}
854
855			// Move all selected options from one multiselect to another
856			function moveOptions(From, To) {
857			var len = From.length;
858			var option;
859
860	d61309a0	Phil Davis	if (len > 0) {
861			for (i=0; i<len; i++) {
862			if (From.eq(i).is(':selected')) {
863	7411c285	Stephen Beaver	option = From.eq(i).val();
864	95b59cdc	bruno	value = From.eq(i).text();
865			To.append(new Option(value, option));
866	7411c285	Stephen Beaver	From.eq(i).remove();
867			}
868			}
869			}
870			}
871
872			// Make buttons plain buttons, not submit
873			$("#movetodisabled").prop('type','button');
874			$("#movetoenabled").prop('type','button');
875
876			// On click . .
877			$("#movetodisabled").click(function() {
878			moveOptions($('[name="groups[]"] option'), $('[name="sysgroups[]"]'));
879			});
880
881			$("#movetoenabled").click(function() {
882			moveOptions($('[name="sysgroups[]"] option'), $('[name="groups[]"]'));
883			});
884
885			$("#showcert").click(function() {
886			hideClass('cert-options', !this.checked);
887			});
888
889			$("#showkey").click(function() {
890	35e0cd70	Stephen Beaver	hideInput('authorizedkeys', false);
891			hideCheckbox('showkey', true);
892	7411c285	Stephen Beaver	});
893
894	98402844	Stephen Beaver	$('[id^=delcert]').click(function(event) {
895	d61309a0	Phil Davis	if (confirm(event.target.title)) {
896	98402844	Stephen Beaver	$('#certid').val(event.target.id.match(/\d+$/)[0]);
897			$('#userid').val('<?=$id;?>');
898			$('#act').val('delcert');
899			$('form').submit();
900			}
901			});
902	945204b1	Stephen Beaver
903	408d0882	heper	$('[id^=delprivid]').click(function(event) {
904	d61309a0	Phil Davis	if (confirm(event.target.title)) {
905	4c879f95	heper	$('#privid').val(event.target.id.match(/\d+$/)[0]);
906	408d0882	heper	$('#userid').val('<?=$id;?>');
907			$('#act').val('delprivid');
908			$('form').submit();
909			}
910			});
911	64c31615	Stephen Beaver
912	98402844	Stephen Beaver
913	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
914
915			hideClass('cert-options', true);
916			//hideInput('authorizedkeys', true);
917	d1e73829	Stephen Beaver	hideCheckbox('showkey', true);
918	7411c285	Stephen Beaver
919			// On submit mark all the user's groups as "selected"
920	d61309a0	Phil Davis	$('form').submit(function() {
921	7411c285	Stephen Beaver	AllServers($('[name="groups[]"] option'), true);
922			});
923			});
924			//]]>
925			</script>
926			<?php
927	bb1b5c6f	heper	include('foot.inc');
928	d825dfea	NOYB	?>

Project

General

Profile

pfSense