/usr/local/www/system_authservers.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_authservers.php @ 1fe3c758

1	fbf672cb	Matthew Grooms	<?php
2			/*
3			system_authservers.php
4
5	5b42a459	bcyrill	Copyright (C) 2010 Ermal Luçi
6	fbf672cb	Matthew Grooms	Copyright (C) 2008 Shrew Soft Inc.
7			All rights reserved.
8
9			Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11
12			1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14
15			2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18
19			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29			*/
30	1d333258	Scott Ullrich	/*
31			pfSense_MODULE: auth
32			*/
33	fbf672cb	Matthew Grooms
34			##\|+PRIV
35			##\|*IDENT=page-system-authservers
36			##\|*NAME=System: Authentication Servers
37			##\|*DESCR=Allow access to the 'System: Authentication Servers' page.
38			##\|MATCH=system_authservers.php
39			##\|-PRIV
40
41			require("guiconfig.inc");
42	acee624f	Ermal Lu?i	require_once("auth.inc");
43	fbf672cb	Matthew Grooms
44	257705ca	Renato Botelho	$pgtitle = array(gettext("System"), gettext("Authentication Servers"));
45	d71fc5d3	jim-p	$shortcut_section = "authentication";
46	fbf672cb	Matthew Grooms
47			$id = $_GET['id'];
48			if (isset($_POST['id']))
49			$id = $_POST['id'];
50
51			if (!is_array($config['system']['authserver']))
52			$config['system']['authserver'] = array();
53
54	6306b5dd	Ermal Lu?i	$a_servers = auth_get_authserver_list();
55			foreach ($a_servers as $servers)
56			$a_server[] = $servers;
57	fbf672cb	Matthew Grooms
58	fe2031ab	Ermal	if (!is_array($config['ca']))
59			$config['ca'] = array();
60			$a_ca =& $config['ca'];
61
62	fbf672cb	Matthew Grooms	$act = $_GET['act'];
63			if ($_POST['act'])
64			$act = $_POST['act'];
65
66			if ($act == "del") {
67
68			if (!$a_server[$_GET['id']]) {
69			pfSenseHeader("system_authservers.php");
70			exit;
71			}
72
73	9db6993f	jim-p	/* Remove server from main list. */
74	fbf672cb	Matthew Grooms	$serverdeleted = $a_server[$_GET['id']]['name'];
75	9db6993f	jim-p	foreach ($config['system']['authserver'] as $k => $as) {
76			if ($config['system']['authserver'][$k]['name'] == $serverdeleted)
77			unset($config['system']['authserver'][$k]);
78			}
79
80			/* Remove server from temp list used later on this page. */
81	fbf672cb	Matthew Grooms	unset($a_server[$_GET['id']]);
82	9db6993f	jim-p
83	fbf672cb	Matthew Grooms	$savemsg = gettext("Authentication Server")." {$serverdeleted} ".
84	9db6993f	jim-p	gettext("deleted")."<br/>";
85			write_config($savemsg);
86	fbf672cb	Matthew Grooms	}
87
88			if ($act == "edit") {
89			if (isset($id) && $a_server[$id]) {
90
91			$pconfig['type'] = $a_server[$id]['type'];
92			$pconfig['name'] = $a_server[$id]['name'];
93
94			if ($pconfig['type'] == "ldap") {
95	fe2031ab	Ermal	$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
96	fbf672cb	Matthew Grooms	$pconfig['ldap_host'] = $a_server[$id]['host'];
97			$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
98			$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
99			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
100			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
101			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
102	c61e4626	Ermal Lu?i	$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
103	c7073ebf	namezero111111	$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
104			$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
105	fbf672cb	Matthew Grooms	$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
106			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
107			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
108			$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
109			$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
110	298020b2	jim-p	$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
111			$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
112	fbf672cb	Matthew Grooms
113			if (!$pconfig['ldap_binddn'] \|\| !$pconfig['ldap_bindpw'])
114			$pconfig['ldap_anon'] = true;
115			}
116
117			if ($pconfig['type'] == "radius") {
118			$pconfig['radius_host'] = $a_server[$id]['host'];
119			$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
120			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
121	e8a58de4	Ermal Lu?i	$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
122	bddd2be8	jim-p	$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
123	fbf672cb	Matthew Grooms
124			if ($pconfig['radius_auth_port'] &&
125			$pconfig['radius_acct_port'] ) {
126			$pconfig['radius_srvcs'] = "both";
127			}
128
129			if ( $pconfig['radius_auth_port'] &&
130			!$pconfig['radius_acct_port'] ) {
131			$pconfig['radius_srvcs'] = "auth";
132	acee624f	Ermal Lu?i	$pconfig['radius_acct_port'] = 1813;
133	fbf672cb	Matthew Grooms	}
134
135			if (!$pconfig['radius_auth_port'] &&
136			$pconfig['radius_acct_port'] ) {
137			$pconfig['radius_srvcs'] = "acct";
138	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = 1812;
139	fbf672cb	Matthew Grooms	}
140
141			}
142			}
143			}
144
145			if ($act == "new") {
146			$pconfig['ldap_protver'] = 3;
147			$pconfig['ldap_anon'] = true;
148			$pconfig['radius_srvcs'] = "both";
149	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = "1812";
150			$pconfig['radius_acct_port'] = "1813";
151	fbf672cb	Matthew Grooms	}
152
153			if ($_POST) {
154			unset($input_errors);
155			$pconfig = $_POST;
156
157			/* input validation */
158
159			if ($pconfig['type'] == "ldap") {
160			$reqdfields = explode(" ", "name type ldap_host ldap_port ".
161	64ce9d72	jim-p	"ldap_urltype ldap_protver ldap_scope ".
162	c61e4626	Ermal Lu?i	"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
163	257705ca	Renato Botelho	$reqdfieldsn = array(
164			gettext("Descriptive name"),
165			gettext("Type"),
166			gettext("Hostname or IP"),
167			gettext("Port value"),
168			gettext("Transport"),
169			gettext("Protocol version"),
170			gettext("Search level"),
171			gettext("User naming Attribute"),
172			gettext("Group naming Attribute"),
173			gettext("Group member attribute"),
174			gettext("Authentication container"));
175	fbf672cb	Matthew Grooms
176			if (!$pconfig['ldap_anon']) {
177			$reqdfields[] = "ldap_binddn";
178			$reqdfields[] = "ldap_bindpw";
179	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Bind user DN");
180			$reqdfieldsn[] = gettext("Bind Password");
181	fbf672cb	Matthew Grooms	}
182			}
183
184			if ($pconfig['type'] == "radius") {
185			$reqdfields = explode(" ", "name type radius_host radius_srvcs");
186	257705ca	Renato Botelho	$reqdfieldsn = array(
187			gettext("Descriptive name"),
188			gettext("Type"),
189			gettext("Hostname or IP"),
190			gettext("Services"));
191	fbf672cb	Matthew Grooms
192			if ($pconfig['radisu_srvcs'] == "both" \|\|
193			$pconfig['radisu_srvcs'] == "auth") {
194			$reqdfields[] = "radius_auth_port";
195	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Authentication port value");
196	fbf672cb	Matthew Grooms	}
197
198			if ($pconfig['radisu_srvcs'] == "both" \|\|
199			$pconfig['radisu_srvcs'] == "acct") {
200			$reqdfields[] = "radius_acct_port";
201	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Accounting port value");
202	fbf672cb	Matthew Grooms	}
203
204			if (!isset($id)) {
205			$reqdfields[] = "radius_secret";
206	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Shared Secret");
207	fbf672cb	Matthew Grooms	}
208			}
209
210			do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
211
212			if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host']))
213			$input_errors[] = gettext("The host name contains invalid characters.");
214
215	6306b5dd	Ermal Lu?i	if (auth_get_authserver($pconfig['name']) && !isset($id))
216	257705ca	Renato Botelho	$input_errors[] = gettext("An authentication server with the same name already exists.");
217	acee624f	Ermal Lu?i
218	aad5eef2	jim-p	if (($pconfig['type'] == "radius") && isset($_POST['radius_timeout']) && !empty($_POST['radius_timeout']) && (!is_numeric($_POST['radius_timeout']) \|\| (is_numeric($_POST['radius_timeout']) && ($_POST['radius_timeout'] <= 0))))
219	bddd2be8	jim-p	$input_errors[] = gettext("RADIUS Timeout value must be numeric and positive.");
220
221	fbf672cb	Matthew Grooms	/* if this is an AJAX caller then handle via JSON */
222			if (isAjax() && is_array($input_errors)) {
223			input_errors2Ajax($input_errors);
224			exit;
225			}
226
227			if (!$input_errors) {
228			$server = array();
229			$server['refid'] = uniqid();
230			if (isset($id) && $a_server[$id])
231			$server = $a_server[$id];
232
233			$server['type'] = $pconfig['type'];
234			$server['name'] = $pconfig['name'];
235
236			if ($server['type'] == "ldap") {
237
238	fe2031ab	Ermal	if (!empty($pconfig['ldap_caref']))
239			$server['ldap_caref'] = $pconfig['ldap_caref'];
240	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['ldap_host'];
241			$server['ldap_port'] = $pconfig['ldap_port'];
242			$server['ldap_urltype'] = $pconfig['ldap_urltype'];
243			$server['ldap_protver'] = $pconfig['ldap_protver'];
244			$server['ldap_scope'] = $pconfig['ldap_scope'];
245			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
246	c61e4626	Ermal Lu?i	$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
247	c7073ebf	namezero111111	$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
248			$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
249	fbf672cb	Matthew Grooms	$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
250			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
251			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
252	298020b2	jim-p	if ($pconfig['ldap_utf8'] == "yes")
253			$server['ldap_utf8'] = true;
254			else
255			unset($server['ldap_utf8']);
256			if ($pconfig['ldap_nostrip_at'] == "yes")
257			$server['ldap_nostrip_at'] = true;
258			else
259			unset($server['ldap_nostrip_at']);
260
261	fbf672cb	Matthew Grooms
262			if (!$pconfig['ldap_anon']) {
263			$server['ldap_binddn'] = $pconfig['ldap_binddn'];
264			$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
265			} else {
266			unset($server['ldap_binddn']);
267			unset($server['ldap_bindpw']);
268			}
269			}
270
271			if ($server['type'] == "radius") {
272
273			$server['host'] = $pconfig['radius_host'];
274
275			if ($pconfig['radius_secret'])
276			$server['radius_secret'] = $pconfig['radius_secret'];
277
278	bddd2be8	jim-p	if ($pconfig['radius_timeout'])
279			$server['radius_timeout'] = $pconfig['radius_timeout'];
280	aad5eef2	jim-p	else
281			$server['radius_timeout'] = 5;
282	bddd2be8	jim-p
283	fbf672cb	Matthew Grooms	if ($pconfig['radius_srvcs'] == "both") {
284			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
285			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
286			}
287
288			if ($pconfig['radius_srvcs'] == "auth") {
289			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
290			unset($server['radius_acct_port']);
291			}
292
293			if ($pconfig['radius_srvcs'] == "acct") {
294			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
295			unset($server['radius_auth_port']);
296			}
297			}
298
299	6306b5dd	Ermal Lu?i	if (isset($id) && $config['system']['authserver'][$id])
300			$config['system']['authserver'][$id] = $server;
301	fbf672cb	Matthew Grooms	else
302	6306b5dd	Ermal Lu?i	$config['system']['authserver'][] = $server;
303	fbf672cb	Matthew Grooms
304			write_config();
305
306			pfSenseHeader("system_authservers.php");
307			}
308			}
309
310			include("head.inc");
311			?>
312
313			<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
314			<?php include("fbegin.inc"); ?>
315			<script type="text/javascript">
316	0f3a8925	Colin Fleming	//<![CDATA[
317	fbf672cb	Matthew Grooms
318	6306b5dd	Ermal Lu?i	function server_typechange(typ) {
319	fbf672cb	Matthew Grooms
320	6306b5dd	Ermal Lu?i	var idx = 0;
321			if (!typ) {
322			idx = document.getElementById("type").selectedIndex;
323			typ = document.getElementById("type").options[idx].value;
324	fbf672cb	Matthew Grooms	}
325
326	6306b5dd	Ermal Lu?i	switch (typ) {
327	fbf672cb	Matthew Grooms	case "ldap":
328			document.getElementById("ldap").style.display="";
329			document.getElementById("radius").style.display="none";
330			break;
331			case "radius":
332			document.getElementById("ldap").style.display="none";
333			document.getElementById("radius").style.display="";
334			break;
335			}
336			}
337
338			function ldap_urlchange() {
339	6306b5dd	Ermal Lu?i	switch (document.getElementById("ldap_urltype").selectedIndex) {
340	fbf672cb	Matthew Grooms	<?php
341			$index = 0;
342			foreach ($ldap_urltypes as $urltype => $urlport):
343			?>
344			case <?=$index;?>:
345	6306b5dd	Ermal Lu?i	document.getElementById("ldap_port").value = "<?=$urlport;?>";
346	fbf672cb	Matthew Grooms	break;
347			<?php
348			$index++;
349			endforeach;
350			?>
351			}
352			}
353
354			function ldap_bindchange() {
355
356	6306b5dd	Ermal Lu?i	if (document.getElementById("ldap_anon").checked)
357	fbf672cb	Matthew Grooms	document.getElementById("ldap_bind").style.display="none";
358			else
359			document.getElementById("ldap_bind").style.display="";
360			}
361
362			function ldap_tmplchange(){
363	6306b5dd	Ermal Lu?i	switch (document.getElementById("ldap_tmpltype").selectedIndex) {
364	fbf672cb	Matthew Grooms	<?php
365			$index = 0;
366			foreach ($ldap_templates as $tmpldata):
367			?>
368			case <?=$index;?>:
369	6306b5dd	Ermal Lu?i	document.getElementById("ldap_attr_user").value = "<?=$tmpldata['attr_user'];?>";
370			document.getElementById("ldap_attr_group").value = "<?=$tmpldata['attr_group'];?>";
371			document.getElementById("ldap_attr_member").value = "<?=$tmpldata['attr_member'];?>";
372	fbf672cb	Matthew Grooms	break;
373			<?php
374			$index++;
375			endforeach;
376			?>
377			}
378			}
379
380			function radius_srvcschange(){
381	6306b5dd	Ermal Lu?i	switch (document.getElementById("radius_srvcs").selectedIndex) {
382	fbf672cb	Matthew Grooms	case 0: // both
383			document.getElementById("radius_auth").style.display="";
384			document.getElementById("radius_acct").style.display="";
385			break;
386			case 1: // authentication
387			document.getElementById("radius_auth").style.display="";
388			document.getElementById("radius_acct").style.display="none";
389			break;
390			case 2: // accounting
391			document.getElementById("radius_auth").style.display="none";
392			document.getElementById("radius_acct").style.display="";
393			break;
394			}
395			}
396
397	6306b5dd	Ermal Lu?i	function select_clicked() {
398	7a938f1b	Ermal	if (document.getElementById("ldap_port").value == '' \|\|
399			document.getElementById("ldap_host").value == '' \|\|
400			document.getElementById("ldap_scope").value == '' \|\|
401			document.getElementById("ldap_basedn").value == '' \|\|
402			document.getElementById("ldapauthcontainers").value == '') {
403	257705ca	Renato Botelho	alert("<?=gettext("Please fill the required values.");?>");
404	7a938f1b	Ermal	return;
405			}
406			if (!document.getElementById("ldap_anon").checked) {
407			if (document.getElementById("ldap_binddn").value == '' \|\|
408			document.getElementById("ldap_bindpw").value == '') {
409	257705ca	Renato Botelho	alert("<?=gettext("Please fill the bind username/password.");?>");
410	7a938f1b	Ermal	return;
411			}
412			}
413	6306b5dd	Ermal Lu?i	var url = 'system_usermanager_settings_ldapacpicker.php?';
414			url += 'port=' + document.getElementById("ldap_port").value;
415			url += '&host=' + document.getElementById("ldap_host").value;
416			url += '&scope=' + document.getElementById("ldap_scope").value;
417			url += '&basedn=' + document.getElementById("ldap_basedn").value;
418			url += '&binddn=' + document.getElementById("ldap_binddn").value;
419			url += '&bindpw=' + document.getElementById("ldap_bindpw").value;
420			url += '&urltype=' + document.getElementById("ldap_urltype").value;
421			url += '&proto=' + document.getElementById("ldap_protver").value;
422			url += '&authcn=' + document.getElementById("ldapauthcontainers").value;
423	0aee7a76	Ermal	<?php if (count($a_ca) > 0): ?>
424			url += '&cert=' + document.getElementById("ldap_caref").value;
425			<?php else: ?>
426			url += '&cert=';
427			<?php endif; ?>
428	6306b5dd	Ermal Lu?i
429			var oWin = window.open(url,"pfSensePop","width=620,height=400,top=150,left=150");
430			if (oWin==null \|\| typeof(oWin)=="undefined")
431	257705ca	Renato Botelho	alert("<?=gettext('Popup blocker detected. Action aborted.');?>");
432	6306b5dd	Ermal Lu?i	}
433	0f3a8925	Colin Fleming	//]]>
434	fbf672cb	Matthew Grooms	</script>
435			<?php
436			if ($input_errors)
437			print_input_errors($input_errors);
438			if ($savemsg)
439			print_info_box($savemsg);
440			?>
441	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="auth servers">
442	fbf672cb	Matthew Grooms	<tr>
443	e30001cf	Matthew Grooms	<td>
444	fbf672cb	Matthew Grooms	<?php
445			$tab_array = array();
446			$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
447			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
448			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
449	d799787e	Matthew Grooms	$tab_array[] = array(gettext("Servers"), true, "system_authservers.php");
450	fbf672cb	Matthew Grooms	display_top_tabs($tab_array);
451			?>
452			</td>
453			</tr>
454			<tr>
455	e30001cf	Matthew Grooms	<td id="mainarea">
456			<div class="tabcont">
457
458			<?php if ($act == "new" \|\| $act == "edit" \|\| $input_errors): ?>
459
460			<form action="system_authservers.php" method="post" name="iform" id="iform">
461	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
462	e30001cf	Matthew Grooms	<tr>
463			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
464			<td width="78%" class="vtable">
465	3de94477	Ermal Lu?i	<?php if (!isset($id)): ?>
466	e30001cf	Matthew Grooms	<input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"/>
467	3de94477	Ermal Lu?i	<?php else: ?>
468	dd5bf424	Scott Ullrich	<strong><?=htmlspecialchars($pconfig['name']);?></strong>
469	3de94477	Ermal Lu?i	<input name='name' type='hidden' id='name' value="<?=htmlspecialchars($pconfig['name']);?>"/>
470			<?php endif; ?>
471	e30001cf	Matthew Grooms	</td>
472			</tr>
473			<tr>
474			<td width="22%" valign="top" class="vncellreq"><?=gettext("Type");?></td>
475			<td width="78%" class="vtable">
476			<?php if (!isset($id)): ?>
477			<select name='type' id='type' class="formselect" onchange='server_typechange()'>
478			<?php
479			foreach ($auth_server_types as $typename => $typedesc ):
480			$selected = "";
481			if ($pconfig['type'] == $typename)
482	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
483	e30001cf	Matthew Grooms	?>
484			<option value="<?=$typename;?>" <?=$selected;?>><?=$typedesc;?></option>
485			<?php endforeach; ?>
486			</select>
487			<?php else: ?>
488			<strong><?=$auth_server_types[$pconfig['type']];?></strong>
489			<input name='type' type='hidden' id='type' value="<?=htmlspecialchars($pconfig['type']);?>"/>
490			<?php endif; ?>
491			</td>
492			</tr>
493			</table>
494
495	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="ldap" style="display:none" summary="">
496	e30001cf	Matthew Grooms	<tr>
497			<td colspan="2" class="list" height="12"></td>
498			</tr>
499			<tr>
500	257705ca	Renato Botelho	<td colspan="2" valign="top" class="listtopic"><?=gettext("LDAP Server Settings");?></td>
501	e30001cf	Matthew Grooms	</tr>
502			<tr>
503			<td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP address");?></td>
504			<td width="78%" class="vtable">
505			<input name="ldap_host" type="text" class="formfld unknown" id="ldap_host" size="20" value="<?=htmlspecialchars($pconfig['ldap_host']);?>"/>
506	1525fe1f	jim-p	<br /><?= gettext("NOTE: When using SSL, this hostname MUST match the Common Name (CN) of the LDAP server's SSL Certificate."); ?>
507	e30001cf	Matthew Grooms	</td>
508			</tr>
509			<tr>
510			<td width="22%" valign="top" class="vncellreq"><?=gettext("Port value");?></td>
511			<td width="78%" class="vtable">
512			<input name="ldap_port" type="text" class="formfld unknown" id="ldap_port" size="5" value="<?=htmlspecialchars($pconfig['ldap_port']);?>"/>
513			</td>
514			</tr>
515			<tr>
516			<td width="22%" valign="top" class="vncellreq"><?=gettext("Transport");?></td>
517			<td width="78%" class="vtable">
518			<select name='ldap_urltype' id='ldap_urltype' class="formselect" onchange='ldap_urlchange()'>
519			<?php
520			foreach ($ldap_urltypes as $urltype => $urlport):
521			$selected = "";
522			if ($pconfig['ldap_urltype'] == $urltype)
523	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
524	e30001cf	Matthew Grooms	?>
525			<option value="<?=$urltype;?>" <?=$selected;?>><?=$urltype;?></option>
526			<?php endforeach; ?>
527			</select>
528			</td>
529			</tr>
530	fe2031ab	Ermal	<tr id="tls_ca">
531			<td width="22%" valign="top" class="vncell"><?=gettext("Peer Certificate Authority"); ?></td>
532			<td width="78%" class="vtable">
533			<?php if (count($a_ca)): ?>
534	a8db7391	Ermal	<select id='ldap_caref' name='ldap_caref' class="formselect">
535	fe2031ab	Ermal	<?php
536			foreach ($a_ca as $ca):
537			$selected = "";
538			if ($pconfig['ldap_caref'] == $ca['refid'])
539	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
540	fe2031ab	Ermal	?>
541			<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
542			<?php endforeach; ?>
543			</select>
544			<br/><span><?=gettext("This option is used if 'SSL Encrypted' option is choosen.");?> <br/>
545			<?=gettext("It must match with the CA in the AD otherwise problems will arise.");?></span>
546			<?php else: ?>
547			<b>No Certificate Authorities defined.</b> <br/>Create one under <a href="system_camanager.php">System > Cert Manager</a>.
548			<?php endif; ?>
549			</td>
550			</tr>
551	e30001cf	Matthew Grooms	<tr>
552			<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol version");?></td>
553			<td width="78%" class="vtable">
554			<select name='ldap_protver' id='ldap_protver' class="formselect">
555			<?php
556			foreach ($ldap_protvers as $version):
557			$selected = "";
558			if ($pconfig['ldap_protver'] == $version)
559	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
560	e30001cf	Matthew Grooms	?>
561			<option value="<?=$version;?>" <?=$selected;?>><?=$version;?></option>
562			<?php endforeach; ?>
563			</select>
564			</td>
565			</tr>
566			<tr>
567	64ce9d72	jim-p	<td width="22%" valign="top" class="vncell"><?=gettext("Search scope");?></td>
568	e30001cf	Matthew Grooms	<td width="78%" class="vtable">
569	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="search scope">
570	e30001cf	Matthew Grooms	<tr>
571	ea53e38f	Renato Botelho	<td><?=gettext("Level:");?>  </td>
572	e30001cf	Matthew Grooms	<td>
573			<select name='ldap_scope' id='ldap_scope' class="formselect">
574			<?php
575			foreach ($ldap_scopes as $scopename => $scopedesc):
576			$selected = "";
577			if ($pconfig['ldap_scope'] == $scopename)
578	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
579	e30001cf	Matthew Grooms	?>
580			<option value="<?=$scopename;?>" <?=$selected;?>><?=$scopedesc;?></option>
581			<?php endforeach; ?>
582			</select>
583			</td>
584			</tr>
585			<tr>
586	ea53e38f	Renato Botelho	<td><?=gettext("Base DN:");?>  </td>
587	e30001cf	Matthew Grooms	<td>
588			<input name="ldap_basedn" type="text" class="formfld unknown" id="ldap_basedn" size="40" value="<?=htmlspecialchars($pconfig['ldap_basedn']);?>"/>
589			</td>
590			</tr>
591			</table>
592
593			</td>
594			</tr>
595	c61e4626	Ermal Lu?i	<tr>
596	6d78607d	Renato Botelho	<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication containers");?></td>
597			<td width="78%" class="vtable">
598	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="auth containers">
599	6d78607d	Renato Botelho	<tr>
600	ea53e38f	Renato Botelho	<td><?=gettext("Containers:");?>  </td>
601	6d78607d	Renato Botelho	<td>
602	0f3a8925	Colin Fleming	<input name="ldapauthcontainers" type="text" class="formfld unknown" id="ldapauthcontainers" size="40" value="<?=htmlspecialchars($pconfig['ldap_authcn']);?>"/>
603			<input type="button" onclick="select_clicked();" value="<?=gettext("Select");?>" />
604	beaab622	Warren Baker	<br /><?=gettext("Note: Semi-Colon separated. This will be prepended to the search base dn above or you can specify full container path.");?>
605			<br /><?=gettext("Example: CN=Users;DC=example");?>
606			<br /><?=gettext("Example: CN=Users,DC=example,DC=com;OU=OtherUsers,DC=example,DC=com ");?>
607	6d78607d	Renato Botelho	</td>
608			</tr>
609			</table>
610			</td>
611			</tr>
612	c7073ebf	namezero111111	<tr>
613			<td width="22%" valign="top" class="vncell"><?=gettext("Extended Query");?></td>
614			<td width="78%" class="vtable">
615	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="query">
616	c7073ebf	namezero111111	<tr>
617			<td>
618	0f3a8925	Colin Fleming	<input name="ldap_extended_enabled" type="checkbox" id="ldap_extended_enabled" value="no" <?php if ($pconfig['ldap_extended_enabled']) echo "checked=\"checked\""; ?> />
619	c7073ebf	namezero111111	</td>
620			<td>
621
622			<input name="ldap_extended_query" type="text" class="formfld unknown" id="ldap_extended_query" size="40" value="<?=htmlspecialchars($pconfig['ldap_extended_query']);?>"/>
623			<br /><?=gettext("Example: CN=Groupname,OU=MyGroups,DC=example,DC=com;OU=OtherUsers,DC=example,DC=com ");?>
624			</td>
625			</tr>
626			</table>
627			</td>
628			</tr>
629	e30001cf	Matthew Grooms	<tr>
630			<td width="22%" valign="top" class="vncell"><?=gettext("Bind credentials");?></td>
631			<td width="78%" class="vtable">
632	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="bind credentials">
633	e30001cf	Matthew Grooms	<tr>
634			<td>
635	0f3a8925	Colin Fleming	<input name="ldap_anon" type="checkbox" id="ldap_anon" value="yes" <?php if ($pconfig['ldap_anon']) echo "checked=\"checked\""; ?> onclick="ldap_bindchange()" />
636	e30001cf	Matthew Grooms	</td>
637			<td>
638	257705ca	Renato Botelho	<?=gettext("Use anonymous binds to resolve distinguished names");?>
639	e30001cf	Matthew Grooms	</td>
640			</tr>
641			</table>
642	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" id="ldap_bind" summary="bind">
643	e30001cf	Matthew Grooms	<tr>
644			<td colspan="2"></td>
645			</tr>
646			<tr>
647	ea53e38f	Renato Botelho	<td><?=gettext("User DN:");?>  </td>
648	e30001cf	Matthew Grooms	<td>
649			<input name="ldap_binddn" type="text" class="formfld unknown" id="ldap_binddn" size="40" value="<?=htmlspecialchars($pconfig['ldap_binddn']);?>"/><br/>
650			</td>
651			</tr>
652			<tr>
653	ea53e38f	Renato Botelho	<td><?=gettext("Password:");?>  </td>
654	e30001cf	Matthew Grooms	<td>
655			<input name="ldap_bindpw" type="password" class="formfld pwd" id="ldap_bindpw" size="20" value="<?=htmlspecialchars($pconfig['ldap_bindpw']);?>"/><br/>
656			</td>
657			</tr>
658			</table>
659			</td>
660			</tr>
661			<?php if (!isset($id)): ?>
662			<tr>
663			<td width="22%" valign="top" class="vncell"><?=gettext("Initial Template");?></td>
664			<td width="78%" class="vtable">
665			<select name='ldap_tmpltype' id='ldap_tmpltype' class="formselect" onchange='ldap_tmplchange()'>
666			<?php
667			foreach ($ldap_templates as $tmplname => $tmpldata):
668			$selected = "";
669			if ($pconfig['ldap_template'] == $tmplname)
670	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
671	e30001cf	Matthew Grooms	?>
672			<option value="<?=$tmplname;?>" <?=$selected;?>><?=$tmpldata['desc'];?></option>
673			<?php endforeach; ?>
674			</select>
675			</td>
676			</tr>
677			<?php endif; ?>
678			<tr>
679			<td width="22%" valign="top" class="vncell"><?=gettext("User naming attribute");?></td>
680			<td width="78%" class="vtable">
681			<input name="ldap_attr_user" type="text" class="formfld unknown" id="ldap_attr_user" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_user']);?>"/>
682			</td>
683			</tr>
684			<tr>
685			<td width="22%" valign="top" class="vncell"><?=gettext("Group naming attribute");?></td>
686			<td width="78%" class="vtable">
687			<input name="ldap_attr_group" type="text" class="formfld unknown" id="ldap_attr_group" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_group']);?>"/>
688			</td>
689			</tr>
690			<tr>
691			<td width="22%" valign="top" class="vncell"><?=gettext("Group member attribute");?></td>
692			<td width="78%" class="vtable">
693			<input name="ldap_attr_member" type="text" class="formfld unknown" id="ldap_attr_member" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_member']);?>"/>
694			</td>
695			</tr>
696	298020b2	jim-p	<tr>
697			<td width="22%" valign="top" class="vncell"><?=gettext("UTF8 Encode");?></td>
698			<td width="78%" class="vtable">
699			<table border="0" cellspacing="0" cellpadding="2" summary="utf8 encoding">
700			<tr>
701			<td>
702			<input name="ldap_utf8" type="checkbox" id="ldap_utf8" value="yes" <?php if ($pconfig['ldap_utf8']) echo "checked=\"checked\""; ?> />
703			</td>
704			<td>
705			<?=gettext("UTF8 encode LDAP parameters before sending them to the server. Required to support international characters, but may not be supported by every LDAP server.");?>
706			</td>
707			</tr>
708			</table>
709			</td>
710			</tr>
711			<tr>
712			<td width="22%" valign="top" class="vncell"><?=gettext("Username Alterations");?></td>
713			<td width="78%" class="vtable">
714			<table border="0" cellspacing="0" cellpadding="2" summary="username alterations">
715			<tr>
716			<td>
717			<input name="ldap_nostrip_at" type="checkbox" id="ldap_nostrip_at" value="yes" <?php if ($pconfig['ldap_nostrip_at']) echo "checked=\"checked\""; ?> />
718			</td>
719			<td>
720			<?=gettext("Do not strip away parts of the username after the @ symbol, e.g. user@host becomes user when unchecked.");?>
721			</td>
722			</tr>
723			</table>
724			</td>
725			</tr>
726	e30001cf	Matthew Grooms	</table>
727
728	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="radius" style="display:none" summary="">
729	e30001cf	Matthew Grooms	<tr>
730			<td colspan="2" class="list" height="12"></td>
731			</tr>
732			<tr>
733	257705ca	Renato Botelho	<td colspan="2" valign="top" class="listtopic"><?=gettext("Radius Server Settings");?></td>
734	e30001cf	Matthew Grooms	</tr>
735			<tr>
736			<td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP address");?></td>
737			<td width="78%" class="vtable">
738			<input name="radius_host" type="text" class="formfld unknown" id="radius_host" size="20" value="<?=htmlspecialchars($pconfig['radius_host']);?>"/>
739			</td>
740			</tr>
741			<tr>
742			<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Secret");?></td>
743			<td width="78%" class="vtable">
744			<input name="radius_secret" type="password" class="formfld pwd" id="radius_secret" size="20" value="<?=htmlspecialchars($pconfig['radius_secret']);?>"/>
745			</td>
746			</tr>
747			<tr>
748			<td width="22%" valign="top" class="vncellreq"><?=gettext("Services offered");?></td>
749			<td width="78%" class="vtable">
750			<select name='radius_srvcs' id='radius_srvcs' class="formselect" onchange='radius_srvcschange()'>
751			<?php
752			foreach ($radius_srvcs as $srvcname => $srvcdesc):
753			$selected = "";
754			if ($pconfig['radius_srvcs'] == $srvcname)
755	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
756	e30001cf	Matthew Grooms	?>
757			<option value="<?=$srvcname;?>" <?=$selected;?>><?=$srvcdesc;?></option>
758			<?php endforeach; ?>
759			</select>
760			</td>
761			</tr>
762			<tr id="radius_auth">
763			<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication port value");?></td>
764			<td width="78%" class="vtable">
765			<input name="radius_auth_port" type="text" class="formfld unknown" id="radius_auth_port" size="5" value="<?=htmlspecialchars($pconfig['radius_auth_port']);?>"/>
766			</td>
767			</tr>
768			<tr id="radius_acct">
769			<td width="22%" valign="top" class="vncellreq"><?=gettext("Accounting port value");?></td>
770			<td width="78%" class="vtable">
771			<input name="radius_acct_port" type="text" class="formfld unknown" id="radius_acct_port" size="5" value="<?=htmlspecialchars($pconfig['radius_acct_port']);?>"/>
772			</td>
773			</tr>
774	bddd2be8	jim-p	<tr>
775			<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication Timeout");?></td>
776			<td width="78%" class="vtable">
777			<input name="radius_timeout" type="text" class="formfld unknown" id="radius_timeout" size="20" value="<?=htmlspecialchars($pconfig['radius_timeout']);?>"/>
778			<br /><?= gettext("This value controls how long, in seconds, that the RADIUS server may take to respond to an authentication request.") ?>
779			<br /><?= gettext("If left blank, the default value is 5 seconds.") ?>
780			<br /><br /><?= gettext("NOTE: If you are using an interactive two-factor authentication system, increase this timeout to account for how long it will take the user to receive and enter a token.") ?>
781			</td>
782			</tr>
783	e30001cf	Matthew Grooms	</table>
784
785	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="">
786	e30001cf	Matthew Grooms	<tr>
787			<td width="22%" valign="top"> </td>
788			<td width="78%">
789	257705ca	Renato Botelho	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
790	e30001cf	Matthew Grooms	<?php if (isset($id) && $a_server[$id]): ?>
791			<input name="id" type="hidden" value="<?=$id;?>" />
792			<?php endif;?>
793			</td>
794			</tr>
795			</table>
796			</form>
797
798			<?php else: ?>
799
800	0f3a8925	Colin Fleming	<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="">
801	5b42a459	bcyrill	<thead>
802			<tr>
803			<th width="25%" class="listhdrr"><?=gettext("Server Name");?></th>
804			<th width="25%" class="listhdrr"><?=gettext("Type");?></th>
805			<th width="35%" class="listhdrr"><?=gettext("Host Name");?></th>
806			<th width="10%" class="list"></th>
807			</tr>
808			</thead>
809	0f3a8925	Colin Fleming	<tfoot>
810			<tr>
811			<td class="list" colspan="3"></td>
812			<td class="list">
813			<a href="system_authservers.php?act=new">
814			<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add server");?>" alt="<?=gettext("add server");?>" width="17" height="17" border="0" />
815			</a>
816			</td>
817			</tr>
818			<tr>
819			<td colspan="3">
820			<p>
821			<?=gettext("Additional authentication servers can be added here.");?>
822			</p>
823			</td>
824			</tr>
825			</tfoot>
826	5b42a459	bcyrill	<tbody>
827			<?php
828			$i = 0;
829			foreach($a_server as $server):
830			$name = htmlspecialchars($server['name']);
831			$type = htmlspecialchars($auth_server_types[$server['type']]);
832			$host = htmlspecialchars($server['host']);
833			?>
834	0f3a8925	Colin Fleming	<tr <?php if ($i < (count($a_server) - 1)): ?> ondblclick="document.location='system_authservers.php?act=edit&id=<?=$i;?>'" <?php endif; ?>>
835	5b42a459	bcyrill	<td class="listlr"><?=$name?> </td>
836			<td class="listr"><?=$type;?> </td>
837			<td class="listr"><?=$host;?> </td>
838	0f3a8925	Colin Fleming	<td valign="middle" class="list nowrap">
839	5b42a459	bcyrill	<?php if ($i < (count($a_server) - 1)): ?>
840	0f3a8925	Colin Fleming	<a href="system_authservers.php?act=edit&id=<?=$i;?>">
841	5b42a459	bcyrill	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit server");?>" alt="<?=gettext("edit server");?>" width="17" height="17" border="0" />
842			</a>
843
844	0f3a8925	Colin Fleming	<a href="system_authservers.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Server?");?>')">
845	5b42a459	bcyrill	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete server");?>" alt="<?=gettext("delete server");?>" width="17" height="17" border="0" />
846			</a>
847			<?php endif; ?>
848			</td>
849			</tr>
850			<?php
851			$i++; endforeach;
852			?>
853			</tbody>
854	fbf672cb	Matthew Grooms	</table>
855
856	e30001cf	Matthew Grooms	<?php endif; ?>
857	fbf672cb	Matthew Grooms
858	e30001cf	Matthew Grooms	</div>
859	fbf672cb	Matthew Grooms	</td>
860			</tr>
861			</table>
862	be934aad	Ermal Lu?i	<?php include("fend.inc"); ?>
863	fbf672cb	Matthew Grooms	<script type="text/javascript">
864	0f3a8925	Colin Fleming	//<![CDATA[
865	dd5bf424	Scott Ullrich	server_typechange('<?=htmlspecialchars($pconfig['type']);?>');
866	fbf672cb	Matthew Grooms	<?php if (!isset($id) \|\| $pconfig['type'] == "ldap"): ?>
867			ldap_bindchange();
868	8f096822	jim-p	if (document.getElementById("ldap_port").value == "")
869			ldap_urlchange();
870	6306b5dd	Ermal Lu?i	<?php if (!isset($id)): ?>
871	fbf672cb	Matthew Grooms	ldap_tmplchange();
872	ee9933b6	Renato Botelho	<?php endif; ?>
873			<?php endif; ?>
874	fbf672cb	Matthew Grooms	<?php if (!isset($id) \|\| $pconfig['type'] == "radius"): ?>
875			radius_srvcschange();
876	ee9933b6	Renato Botelho	<?php endif; ?>
877	0f3a8925	Colin Fleming	//]]>
878	fbf672cb	Matthew Grooms	</script>
879			</body>
880	0f3a8925	Colin Fleming	</html>

Project

General

Profile

pfSense