/src/usr/local/www/system_authservers.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_authservers.php @ 2031be9c

1	fbf672cb	Matthew Grooms	<?php
2			/*
3	ce77a9c4	Phil Davis	system_authservers.php
4	fbf672cb	Matthew Grooms	*/
5	ac9d8bed	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7	df8fca9d	Stephen Beaver	* Copyright (c) 2008 Shrew Soft Inc.
8	ac9d8bed	Stephen Beaver	*
9			* Redistribution and use in source and binary forms, with or without modification,
10			* are permitted provided that the following conditions are met:
11			*
12			* 1. Redistributions of source code must retain the above copyright notice,
13			* this list of conditions and the following disclaimer.
14			*
15			* 2. Redistributions in binary form must reproduce the above copyright
16			* notice, this list of conditions and the following disclaimer in
17			* the documentation and/or other materials provided with the
18			* distribution.
19			*
20			* 3. All advertising materials mentioning features or use of this software
21			* must display the following acknowledgment:
22			* "This product includes software developed by the pfSense Project
23			* for use in the pfSense software distribution. (http://www.pfsense.org/).
24			*
25			* 4. The names "pfSense" and "pfSense Project" must not be used to
26			* endorse or promote products derived from this software without
27			* prior written permission. For written permission, please contact
28			* coreteam@pfsense.org.
29			*
30			* 5. Products derived from this software may not be called "pfSense"
31			* nor may "pfSense" appear in their names without prior written
32			* permission of the Electric Sheep Fencing, LLC.
33			*
34			* 6. Redistributions of any form whatsoever must retain the following
35			* acknowledgment:
36			*
37			* "This product includes software developed by the pfSense Project
38			* for use in the pfSense software distribution (http://www.pfsense.org/).
39			*
40			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
41			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
44			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51			* OF THE POSSIBILITY OF SUCH DAMAGE.
52			*
53			* ====================================================================
54			*
55			*/
56	fbf672cb	Matthew Grooms
57			##\|+PRIV
58			##\|*IDENT=page-system-authservers
59			##\|*NAME=System: Authentication Servers
60			##\|*DESCR=Allow access to the 'System: Authentication Servers' page.
61			##\|MATCH=system_authservers.php
62			##\|-PRIV
63
64			require("guiconfig.inc");
65	acee624f	Ermal Lu?i	require_once("auth.inc");
66	fbf672cb	Matthew Grooms
67	098604d3	Stephen Beaver	// Have we been called to populate the "Select a container" modal?
68			if ($_REQUEST['ajax']) {
69
70			$ous = array();
71			$authcfg = array();
72
73			$authcfg['ldap_port'] = $_REQUEST['port'];
74			$authcfg['ldap_basedn'] = $_REQUEST['basedn'];
75			$authcfg['host'] = $_REQUEST['host'];
76			$authcfg['ldap_scope'] = $_REQUEST['scope'];
77			$authcfg['ldap_binddn'] = $_REQUEST['binddn'];
78			$authcfg['ldap_bindpw'] = $_REQUEST['bindpw'];
79			$authcfg['ldap_urltype'] = $_REQUEST['urltype'];
80			$authcfg['ldap_protver'] = $_REQUEST['proto'];
81			$authcfg['ldap_authcn'] = explode(";", $_REQUEST['authcn']);
82			$authcfg['ldap_caref'] = $_REQUEST['cert'];
83
84			$ous = ldap_get_user_ous(true, $authcfg);
85
86			if (empty($ous)) {
87	89140b63	NOYB	print('<span class="text-danger">Could not connect to the LDAP server. Please check the LDAP configuration.</span>');
88	098604d3	Stephen Beaver	} else {
89	697b1e07	Stephen Beaver	$modal = new Modal("Select LDAP containers for authentication", "containers", true);
90	098604d3	Stephen Beaver	$group = new Form_MultiCheckboxGroup('Containers');
91
92			if (is_array($ous)) {
93			$idx = 0;
94
95			foreach ($ous as $ou) {
96			$group->add(new Form_MultiCheckbox(
97			'ou' . $idx,
98			'',
99			$ou,
100			in_array($ou, $authcfg['ldap_authcn']),
101			$ou
102			));
103
104			$idx++;
105			}
106			}
107
108	697b1e07	Stephen Beaver	$modal->add($group);
109	098604d3	Stephen Beaver
110			// Create a "Save button"
111	697b1e07	Stephen Beaver
112			$btnsv = new Form_Button(
113	098604d3	Stephen Beaver	'svcontbtn',
114			'Save',
115			null,
116			'fa-save'
117			);
118
119	697b1e07	Stephen Beaver	$btnsv->removeClass("btn-default)")->addClass("btn-primary");
120	098604d3	Stephen Beaver
121	697b1e07	Stephen Beaver	$modal->addInput(new Form_StaticText(
122	098604d3	Stephen Beaver	'',
123	697b1e07	Stephen Beaver	$btnsv
124	098604d3	Stephen Beaver	));
125
126	697b1e07	Stephen Beaver	print($modal);
127	098604d3	Stephen Beaver	}
128
129			exit;
130			}
131
132	2ee8dea1	Phil Davis	if (is_numericint($_GET['id'])) {
133	e41ec584	Renato Botelho	$id = $_GET['id'];
134	2ee8dea1	Phil Davis	}
135	098604d3	Stephen Beaver
136	2ee8dea1	Phil Davis	if (isset($_POST['id']) && is_numericint($_POST['id'])) {
137	fbf672cb	Matthew Grooms	$id = $_POST['id'];
138	2ee8dea1	Phil Davis	}
139	fbf672cb	Matthew Grooms
140	2ee8dea1	Phil Davis	if (!is_array($config['system']['authserver'])) {
141	fbf672cb	Matthew Grooms	$config['system']['authserver'] = array();
142	2ee8dea1	Phil Davis	}
143	fbf672cb	Matthew Grooms
144	6306b5dd	Ermal Lu?i	$a_servers = auth_get_authserver_list();
145	2ee8dea1	Phil Davis	foreach ($a_servers as $servers) {
146	6306b5dd	Ermal Lu?i	$a_server[] = $servers;
147	2ee8dea1	Phil Davis	}
148	fbf672cb	Matthew Grooms
149	2ee8dea1	Phil Davis	if (!is_array($config['ca'])) {
150	a0165602	Sjon Hortensius	$config['ca'] = array();
151	2ee8dea1	Phil Davis	}
152	fe2031ab	Ermal	$a_ca =& $config['ca'];
153
154	fbf672cb	Matthew Grooms	$act = $_GET['act'];
155	2ee8dea1	Phil Davis	if ($_POST['act']) {
156	fbf672cb	Matthew Grooms	$act = $_POST['act'];
157	2ee8dea1	Phil Davis	}
158	fbf672cb	Matthew Grooms
159			if ($act == "del") {
160
161			if (!$a_server[$_GET['id']]) {
162			pfSenseHeader("system_authservers.php");
163			exit;
164			}
165
166	9db6993f	jim-p	/* Remove server from main list. */
167	fbf672cb	Matthew Grooms	$serverdeleted = $a_server[$_GET['id']]['name'];
168	9db6993f	jim-p	foreach ($config['system']['authserver'] as $k => $as) {
169	2ee8dea1	Phil Davis	if ($config['system']['authserver'][$k]['name'] == $serverdeleted) {
170	9db6993f	jim-p	unset($config['system']['authserver'][$k]);
171	2ee8dea1	Phil Davis	}
172	9db6993f	jim-p	}
173
174			/* Remove server from temp list used later on this page. */
175	fbf672cb	Matthew Grooms	unset($a_server[$_GET['id']]);
176	9db6993f	jim-p
177	8545adde	k-paulius	$savemsg = sprintf(gettext("Authentication Server %s deleted."), htmlspecialchars($serverdeleted));
178	9db6993f	jim-p	write_config($savemsg);
179	fbf672cb	Matthew Grooms	}
180
181			if ($act == "edit") {
182			if (isset($id) && $a_server[$id]) {
183
184			$pconfig['type'] = $a_server[$id]['type'];
185			$pconfig['name'] = $a_server[$id]['name'];
186
187			if ($pconfig['type'] == "ldap") {
188	fe2031ab	Ermal	$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
189	fbf672cb	Matthew Grooms	$pconfig['ldap_host'] = $a_server[$id]['host'];
190			$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
191	d6b4dfe3	jim-p	$pconfig['ldap_timeout'] = $a_server[$id]['ldap_timeout'];
192	fbf672cb	Matthew Grooms	$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
193			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
194			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
195			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
196	c61e4626	Ermal Lu?i	$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
197	c7073ebf	namezero111111	$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
198			$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
199	fbf672cb	Matthew Grooms	$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
200			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
201			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
202			$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
203			$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
204	149efbea	jim-p	$pconfig['ldap_attr_groupobj'] = $a_server[$id]['ldap_attr_groupobj'];
205	a5cd1c5a	jim-p	$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
206			$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
207	149efbea	jim-p	$pconfig['ldap_rfc2307'] = isset($a_server[$id]['ldap_rfc2307']);
208	fbf672cb	Matthew Grooms
209	2ee8dea1	Phil Davis	if (!$pconfig['ldap_binddn'] \|\| !$pconfig['ldap_bindpw']) {
210	fbf672cb	Matthew Grooms	$pconfig['ldap_anon'] = true;
211	2ee8dea1	Phil Davis	}
212	fbf672cb	Matthew Grooms	}
213
214			if ($pconfig['type'] == "radius") {
215			$pconfig['radius_host'] = $a_server[$id]['host'];
216			$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
217			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
218	e8a58de4	Ermal Lu?i	$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
219	bddd2be8	jim-p	$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
220	fbf672cb	Matthew Grooms
221			if ($pconfig['radius_auth_port'] &&
222	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
223	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "both";
224			}
225
226	2ee8dea1	Phil Davis	if ($pconfig['radius_auth_port'] &&
227	ac9d8bed	Stephen Beaver	!$pconfig['radius_acct_port']) {
228	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "auth";
229	acee624f	Ermal Lu?i	$pconfig['radius_acct_port'] = 1813;
230	fbf672cb	Matthew Grooms	}
231
232			if (!$pconfig['radius_auth_port'] &&
233	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
234	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "acct";
235	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = 1812;
236	fbf672cb	Matthew Grooms	}
237
238			}
239			}
240			}
241
242			if ($act == "new") {
243			$pconfig['ldap_protver'] = 3;
244			$pconfig['ldap_anon'] = true;
245			$pconfig['radius_srvcs'] = "both";
246	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = "1812";
247			$pconfig['radius_acct_port'] = "1813";
248	fbf672cb	Matthew Grooms	}
249
250			if ($_POST) {
251			unset($input_errors);
252			$pconfig = $_POST;
253
254			/* input validation */
255
256			if ($pconfig['type'] == "ldap") {
257	2ee8dea1	Phil Davis	$reqdfields = explode(" ",
258			"name type ldap_host ldap_port " .
259			"ldap_urltype ldap_protver ldap_scope " .
260			"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
261	7b4b0ad3	Stephen Beaver
262	257705ca	Renato Botelho	$reqdfieldsn = array(
263			gettext("Descriptive name"),
264			gettext("Type"),
265			gettext("Hostname or IP"),
266			gettext("Port value"),
267			gettext("Transport"),
268			gettext("Protocol version"),
269			gettext("Search level"),
270			gettext("User naming Attribute"),
271			gettext("Group naming Attribute"),
272			gettext("Group member attribute"),
273			gettext("Authentication container"));
274	fbf672cb	Matthew Grooms
275			if (!$pconfig['ldap_anon']) {
276			$reqdfields[] = "ldap_binddn";
277			$reqdfields[] = "ldap_bindpw";
278	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Bind user DN");
279			$reqdfieldsn[] = gettext("Bind Password");
280	fbf672cb	Matthew Grooms	}
281			}
282
283			if ($pconfig['type'] == "radius") {
284			$reqdfields = explode(" ", "name type radius_host radius_srvcs");
285	257705ca	Renato Botelho	$reqdfieldsn = array(
286			gettext("Descriptive name"),
287			gettext("Type"),
288			gettext("Hostname or IP"),
289			gettext("Services"));
290	fbf672cb	Matthew Grooms
291			if ($pconfig['radisu_srvcs'] == "both" \|\|
292	ac9d8bed	Stephen Beaver	$pconfig['radisu_srvcs'] == "auth") {
293	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_auth_port";
294	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Authentication port");
295	fbf672cb	Matthew Grooms	}
296
297			if ($pconfig['radisu_srvcs'] == "both" \|\|
298	ac9d8bed	Stephen Beaver	$pconfig['radisu_srvcs'] == "acct") {
299	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_acct_port";
300	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Accounting port");
301	fbf672cb	Matthew Grooms	}
302
303			if (!isset($id)) {
304			$reqdfields[] = "radius_secret";
305	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Shared Secret");
306	fbf672cb	Matthew Grooms	}
307			}
308
309	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
310	fbf672cb	Matthew Grooms
311	2ee8dea1	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host'])) {
312	fbf672cb	Matthew Grooms	$input_errors[] = gettext("The host name contains invalid characters.");
313	2ee8dea1	Phil Davis	}
314	fbf672cb	Matthew Grooms
315	2ee8dea1	Phil Davis	if (auth_get_authserver($pconfig['name']) && !isset($id)) {
316	257705ca	Renato Botelho	$input_errors[] = gettext("An authentication server with the same name already exists.");
317	2ee8dea1	Phil Davis	}
318	acee624f	Ermal Lu?i
319	d6b4dfe3	jim-p	if (($pconfig['type'] == "ldap") \|\| ($pconfig['type'] == "radius")) {
320			$to_field = "{$pconfig['type']}_timeout";
321			if (isset($_POST[$to_field]) && !empty($_POST[$to_field]) && (!is_numeric($_POST[$to_field]) \|\| (is_numeric($_POST[$to_field]) && ($_POST[$to_field] <= 0)))) {
322			$input_errors[] = sprintf(gettext("%s Timeout value must be numeric and positive."), strtoupper($pconfig['type']));
323			}
324	2ee8dea1	Phil Davis	}
325	bddd2be8	jim-p
326	fbf672cb	Matthew Grooms	/* if this is an AJAX caller then handle via JSON */
327			if (isAjax() && is_array($input_errors)) {
328			input_errors2Ajax($input_errors);
329			exit;
330			}
331
332			if (!$input_errors) {
333			$server = array();
334			$server['refid'] = uniqid();
335	2ee8dea1	Phil Davis	if (isset($id) && $a_server[$id]) {
336	fbf672cb	Matthew Grooms	$server = $a_server[$id];
337	2ee8dea1	Phil Davis	}
338	fbf672cb	Matthew Grooms
339			$server['type'] = $pconfig['type'];
340			$server['name'] = $pconfig['name'];
341
342			if ($server['type'] == "ldap") {
343
344	2ee8dea1	Phil Davis	if (!empty($pconfig['ldap_caref'])) {
345	fe2031ab	Ermal	$server['ldap_caref'] = $pconfig['ldap_caref'];
346	2ee8dea1	Phil Davis	}
347	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['ldap_host'];
348			$server['ldap_port'] = $pconfig['ldap_port'];
349			$server['ldap_urltype'] = $pconfig['ldap_urltype'];
350			$server['ldap_protver'] = $pconfig['ldap_protver'];
351			$server['ldap_scope'] = $pconfig['ldap_scope'];
352			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
353	c61e4626	Ermal Lu?i	$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
354	c7073ebf	namezero111111	$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
355			$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
356	fbf672cb	Matthew Grooms	$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
357			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
358			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
359	149efbea	jim-p
360			$server['ldap_attr_groupobj'] = empty($pconfig['ldap_attr_groupobj']) ? "posixGroup" : $pconfig['ldap_attr_groupobj'];
361
362	2ee8dea1	Phil Davis	if ($pconfig['ldap_utf8'] == "yes") {
363	a5cd1c5a	jim-p	$server['ldap_utf8'] = true;
364	2ee8dea1	Phil Davis	} else {
365	a5cd1c5a	jim-p	unset($server['ldap_utf8']);
366	2ee8dea1	Phil Davis	}
367			if ($pconfig['ldap_nostrip_at'] == "yes") {
368	a5cd1c5a	jim-p	$server['ldap_nostrip_at'] = true;
369	2ee8dea1	Phil Davis	} else {
370	a5cd1c5a	jim-p	unset($server['ldap_nostrip_at']);
371	2ee8dea1	Phil Davis	}
372	149efbea	jim-p	if ($pconfig['ldap_rfc2307'] == "yes") {
373			$server['ldap_rfc2307'] = true;
374			} else {
375			unset($server['ldap_rfc2307']);
376			}
377	a5cd1c5a	jim-p
378	fbf672cb	Matthew Grooms
379			if (!$pconfig['ldap_anon']) {
380			$server['ldap_binddn'] = $pconfig['ldap_binddn'];
381			$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
382			} else {
383			unset($server['ldap_binddn']);
384			unset($server['ldap_bindpw']);
385			}
386	d6b4dfe3	jim-p
387			if ($pconfig['ldap_timeout']) {
388			$server['ldap_timeout'] = $pconfig['ldap_timeout'];
389			} else {
390			$server['ldap_timeout'] = 25;
391			}
392	fbf672cb	Matthew Grooms	}
393
394			if ($server['type'] == "radius") {
395
396			$server['host'] = $pconfig['radius_host'];
397
398	2ee8dea1	Phil Davis	if ($pconfig['radius_secret']) {
399	fbf672cb	Matthew Grooms	$server['radius_secret'] = $pconfig['radius_secret'];
400	2ee8dea1	Phil Davis	}
401	fbf672cb	Matthew Grooms
402	2ee8dea1	Phil Davis	if ($pconfig['radius_timeout']) {
403	bddd2be8	jim-p	$server['radius_timeout'] = $pconfig['radius_timeout'];
404	2ee8dea1	Phil Davis	} else {
405	afdf29d3	jim-p	$server['radius_timeout'] = 5;
406	2ee8dea1	Phil Davis	}
407	bddd2be8	jim-p
408	fbf672cb	Matthew Grooms	if ($pconfig['radius_srvcs'] == "both") {
409			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
410			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
411			}
412
413			if ($pconfig['radius_srvcs'] == "auth") {
414			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
415			unset($server['radius_acct_port']);
416			}
417
418			if ($pconfig['radius_srvcs'] == "acct") {
419			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
420			unset($server['radius_auth_port']);
421			}
422			}
423
424	2ee8dea1	Phil Davis	if (isset($id) && $config['system']['authserver'][$id]) {
425	6306b5dd	Ermal Lu?i	$config['system']['authserver'][$id] = $server;
426	2ee8dea1	Phil Davis	} else {
427	6306b5dd	Ermal Lu?i	$config['system']['authserver'][] = $server;
428	2ee8dea1	Phil Davis	}
429	fbf672cb	Matthew Grooms
430			write_config();
431
432			pfSenseHeader("system_authservers.php");
433			}
434			}
435
436	1d3259b5	Stephen Beaver	// On error, restore the form contents so the user doesn't have to re-enter too much
437	504bd882	Stephen Beaver	if($_POST && $input_errors) {
438			$pconfig = $_POST;
439			$pconfig['ldap_authcn'] = $_POST['ldapauthcontainers'];
440	b1f0f7e1	Stephen Beaver	$pconfig['ldap_template'] = $_POST['ldap_tmpltype'];
441	504bd882	Stephen Beaver	}
442
443	8f1ab2a4	k-paulius	$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Authentication Servers"));
444
445			if ($act == "new" \|\| $act == "edit" \|\| $input_errors) {
446			$pgtitle[] = gettext('Edit');
447			}
448			$shortcut_section = "authentication";
449	fbf672cb	Matthew Grooms	include("head.inc");
450
451	762faef5	Phil Davis	if ($input_errors) {
452	a0165602	Sjon Hortensius	print_input_errors($input_errors);
453	762faef5	Phil Davis	}
454	7b4b0ad3	Stephen Beaver
455	762faef5	Phil Davis	if ($savemsg) {
456	ea342b0f	Stephen Beaver	print_info_box($savemsg, 'success');
457	762faef5	Phil Davis	}
458	a0165602	Sjon Hortensius
459			$tab_array = array();
460			$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
461			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
462			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
463	2d1f33d9	k-paulius	$tab_array[] = array(gettext("Authentication Servers"), true, "system_authservers.php");
464	a0165602	Sjon Hortensius	display_top_tabs($tab_array);
465
466	762faef5	Phil Davis	if (!($act == "new" \|\| $act == "edit" \|\| $input_errors)) {
467	060ed238	Stephen Beaver	?>
468			<div class="panel panel-default">
469	70dc5cd6	Phil Davis	<div class="panel-heading"><h2 class="panel-title"><?=gettext('Authentication Servers')?></h2></div>
470	060ed238	Stephen Beaver	<div class="panel-body">
471			<div class="table-responsive">
472			<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable>
473			<thead>
474			<tr>
475			<th><?=gettext("Server Name")?></th>
476			<th><?=gettext("Type")?></th>
477			<th><?=gettext("Host Name")?></th>
478			<th><?=gettext("Actions")?></th>
479			</tr>
480			</thead>
481			<tbody>
482			<?php foreach($a_server as $i => $server): ?>
483			<tr>
484			<td><?=htmlspecialchars($server['name'])?></td>
485			<td><?=htmlspecialchars($auth_server_types[$server['type']])?></td>
486			<td><?=htmlspecialchars($server['host'])?></td>
487			<td>
488			<?php if ($i < (count($a_server) - 1)): ?>
489			<a class="fa fa-pencil" title="<?=gettext("Edit server"); ?>" href="system_authservers.php?act=edit&id=<?=$i?>"></a>
490			<a class="fa fa-trash" title="<?=gettext("Delete server")?>" href="system_authservers.php?act=del&id=<?=$i?>"></a>
491			<?php endif?>
492			</td>
493			</tr>
494			<?php endforeach; ?>
495			</tbody>
496			</table>
497			</div>
498	94404d94	Sander van Leeuwen	</div>
499	060ed238	Stephen Beaver	</div>
500
501			<nav class="action-buttons">
502			<a href="?act=new" class="btn btn-success btn-sm">
503			<i class="fa fa-plus icon-embed-btn"></i>
504			<?=gettext("Add")?>
505			</a>
506			</nav>
507	fbf672cb	Matthew Grooms	<?php
508	a0165602	Sjon Hortensius	include("foot.inc");
509			exit;
510	fbf672cb	Matthew Grooms	}
511
512	a0165602	Sjon Hortensius	$form = new Form;
513			$form->setAction('system_authservers.php?act=edit');
514	ea342b0f	Stephen Beaver
515	a0165602	Sjon Hortensius	$form->addGlobal(new Form_Input(
516			'userid',
517			null,
518			'hidden',
519			$id
520			));
521
522	5f88f964	k-paulius	$section = new Form_Section('Server Settings');
523	a0165602	Sjon Hortensius
524			$section->addInput($input = new Form_Input(
525			'name',
526			'Descriptive name',
527			'text',
528			$pconfig['name']
529			));
530
531			$section->addInput($input = new Form_Select(
532			'type',
533			'Type',
534			$pconfig['type'],
535			$auth_server_types
536	44d906ca	Sjon Hortensius	))->toggles();
537	a0165602	Sjon Hortensius
538			$form->add($section);
539	6157f724	Stephen Beaver
540			// ==== LDAP settings =========================================================
541	a0165602	Sjon Hortensius	$section = new Form_Section('LDAP Server Settings');
542	44d906ca	Sjon Hortensius	$section->addClass('toggle-ldap collapse');
543	a0165602	Sjon Hortensius
544			if (!isset($pconfig['type']) \|\| $pconfig['type'] == 'ldap')
545			$section->addClass('in');
546
547			$section->addInput(new Form_Input(
548			'ldap_host',
549			'Hostname or IP address',
550			'text',
551			$pconfig['ldap_host']
552			))->setHelp('NOTE: When using SSL, this hostname MUST match the Common Name '.
553	5585e65d	Chris Buechler	'(CN) of the LDAP server\'s SSL Certificate.');
554	a0165602	Sjon Hortensius
555			$section->addInput(new Form_Input(
556			'ldap_port',
557			'Port value',
558			'number',
559			$pconfig['ldap_port']
560			));
561
562			$section->addInput(new Form_Select(
563			'ldap_urltype',
564			'Transport',
565			$pconfig['ldap_urltype'],
566			array_combine(array_keys($ldap_urltypes), array_keys($ldap_urltypes))
567			));
568
569			if (empty($a_ca))
570			{
571			$section->addInput(new Form_StaticText(
572			'Peer Certificate Authority',
573	d4a744b2	k-paulius	'No Certificate Authorities defined.<br/>Create one under <a href="system_camanager.php">System > Cert. Manager</a>.'
574	a0165602	Sjon Hortensius	));
575	fbf672cb	Matthew Grooms	}
576	a0165602	Sjon Hortensius	else
577			{
578			$ldapCaRef = [];
579			foreach ($a_ca as $ca)
580			$ldapCaRef[ $ca['refid'] ] = $ca['descr'];
581
582			$section->addInput(new Form_Select(
583			'ldap_caref',
584			'Peer Certificate Authority',
585			$pconfig['ldap_caref'],
586			$ldapCaRef
587			))->setHelp('This option is used if \'SSL Encrypted\' option is choosen. '.
588			'It must match with the CA in the AD otherwise problems will arise.');
589	fbf672cb	Matthew Grooms	}
590
591	a0165602	Sjon Hortensius	$section->addInput(new Form_Select(
592			'ldap_protver',
593			'Protocol version',
594			$pconfig['ldap_protver'],
595			array_combine($ldap_protvers, $ldap_protvers)
596			));
597
598	d6b4dfe3	jim-p	$section->addInput(new Form_Input(
599			'ldap_timeout',
600			'Server Timeout',
601			'number',
602			$pconfig['ldap_timeout'],
603			['placeholder' => 25]
604			))->setHelp('Timeout for LDAP operations (seconds)');
605
606	905f6119	Stephen Beaver	$group = new Form_Group('Search scope');
607
608	c84db5bb	Stephen Beaver	$SSF = new Form_Select(
609	a0165602	Sjon Hortensius	'ldap_scope',
610	c84db5bb	Stephen Beaver	'Level',
611	a0165602	Sjon Hortensius	$pconfig['ldap_scope'],
612			$ldap_scopes
613	c84db5bb	Stephen Beaver	);
614	df8fca9d	Stephen Beaver
615	c84db5bb	Stephen Beaver	$SSB = new Form_Input(
616	a0165602	Sjon Hortensius	'ldap_basedn',
617			'Base DN',
618			'text',
619			$pconfig['ldap_basedn']
620	c84db5bb	Stephen Beaver	);
621	905f6119	Stephen Beaver
622	c84db5bb	Stephen Beaver
623			$section->addInput(new Form_StaticText(
624			'Search scope',
625			'Level ' . $SSF . '<br />' . 'Base DN' . $SSB
626			));
627	a0165602	Sjon Hortensius
628			$group = new Form_Group('Authentication containers');
629			$group->add(new Form_Input(
630			'ldapauthcontainers',
631			'Containers',
632			'text',
633			$pconfig['ldap_authcn']
634			))->setHelp('Note: Semi-Colon separated. This will be prepended to the search '.
635	89140b63	NOYB	'base dn above or the full container path can be specified containing a dc= '.
636	a0165602	Sjon Hortensius	'component.<br/>Example: CN=Users;DC=example,DC=com or OU=Staff;OU=Freelancers');
637	504bd882	Stephen Beaver
638	a0165602	Sjon Hortensius	$group->add(new Form_Button(
639			'Select',
640	faab522f	Renato Botelho	'Select a container',
641	2e7fa7ca	jim-p	null,
642			'fa-search'
643	347c0214	Phil Davis	))->setAttribute('type','button')->addClass('btn-info');
644	501efbd2	Stephen Beaver
645	a0165602	Sjon Hortensius	$section->add($group);
646
647	2e101d89	Sander van Leeuwen	$section->addInput(new Form_Checkbox(
648	a0165602	Sjon Hortensius	'ldap_extended_enabled',
649	2e101d89	Sander van Leeuwen	'Extended query',
650			'Enable extended query',
651	a0165602	Sjon Hortensius	$pconfig['ldap_extended_enabled']
652	e39a41e9	Stephen Beaver	));
653	a0165602	Sjon Hortensius
654	2e101d89	Sander van Leeuwen	$group = new Form_Group('Query');
655	e39a41e9	Stephen Beaver	$group->addClass('extended');
656
657	a0165602	Sjon Hortensius	$group->add(new Form_Input(
658			'ldap_extended_query',
659	2e101d89	Sander van Leeuwen	'Query',
660	a0165602	Sjon Hortensius	'text',
661			$pconfig['ldap_extended_query']
662	2e101d89	Sander van Leeuwen	))->setHelp('Example: &(objectClass=inetOrgPerson)(mail=*@example.com)');
663
664	a0165602	Sjon Hortensius	$section->add($group);
665
666			$section->addInput(new Form_Checkbox(
667			'ldap_anon',
668			'Bind anonymous',
669			'Use anonymous binds to resolve distinguished names',
670			$pconfig['ldap_anon']
671	b0909f2e	Stephen Beaver	));
672	a0165602	Sjon Hortensius
673			$group = new Form_Group('Bind credentials');
674	b0909f2e	Stephen Beaver	$group->addClass('ldapanon');
675
676	a0165602	Sjon Hortensius	$group->add(new Form_Input(
677			'ldap_binddn',
678			'User DN:',
679			'text',
680			$pconfig['ldap_binddn']
681			));
682	b0909f2e	Stephen Beaver
683	a0165602	Sjon Hortensius	$group->add(new Form_Input(
684			'ldap_bindpw',
685			'Password',
686			'text',
687			$pconfig['ldap_bindpw']
688			));
689			$section->add($group);
690
691	ac9d8bed	Stephen Beaver	if (!isset($id)) {
692			$template_list = array();
693
694			foreach($ldap_templates as $option => $template) {
695			$template_list[$option] = $template['desc'];
696			}
697	a0165602	Sjon Hortensius
698			$section->addInput(new Form_Select(
699			'ldap_tmpltype',
700			'Initial Template',
701			$pconfig['ldap_template'],
702	ac9d8bed	Stephen Beaver	$template_list
703	a0165602	Sjon Hortensius	));
704	fbf672cb	Matthew Grooms	}
705
706	a0165602	Sjon Hortensius	$section->addInput(new Form_Input(
707			'ldap_attr_user',
708			'User naming attribute',
709			'text',
710			$pconfig['ldap_attr_user']
711			));
712
713			$section->addInput(new Form_Input(
714			'ldap_attr_group',
715			'Group naming attribute',
716			'text',
717			$pconfig['ldap_attr_group']
718			));
719
720			$section->addInput(new Form_Input(
721			'ldap_attr_member',
722			'Group member attribute',
723			'text',
724			$pconfig['ldap_attr_member']
725			));
726
727	149efbea	jim-p	$section->addInput(new Form_Checkbox(
728			'ldap_rfc2307',
729			'RFC 2307 Groups',
730			'LDAP Server uses RFC 2307 style group membership',
731			$pconfig['ldap_rfc2307']
732			))->setHelp('RFC 2307 style group membership has members listed on the group '.
733			'object rather than using groups listed on user object. Leave unchecked '.
734			'for Active Directory style group membership (RFC 2307bis).');
735
736			$section->addInput(new Form_Input(
737			'ldap_attr_groupobj',
738			'Group Object Class',
739			'text',
740			$pconfig['ldap_attr_groupobj'],
741			['placeholder' => 'posixGroup']
742			))->setHelp('Object class used for groups in RFC2307 mode. '.
743			'Typically "posixGroup" or "group".');
744
745	a0165602	Sjon Hortensius	$section->addInput(new Form_Checkbox(
746			'ldap_utf8',
747			'UTF8 Encode',
748			'UTF8 encode LDAP parameters before sending them to the server.',
749			$pconfig['ldap_utf8']
750			))->setHelp('Required to support international characters, but may not be '.
751			'supported by every LDAP server.');
752
753			$section->addInput(new Form_Checkbox(
754			'ldap_nostrip_at',
755			'Username Alterations',
756			'Do not strip away parts of the username after the @ symbol',
757			$pconfig['ldap_nostrip_at']
758			))->setHelp('e.g. user@host becomes user when unchecked.');
759
760			$form->add($section);
761	6157f724	Stephen Beaver
762			// ==== RADIUS section ========================================================
763	7aaf60a8	k-paulius	$section = new Form_Section('RADIUS Server Settings');
764	44d906ca	Sjon Hortensius	$section->addClass('toggle-radius collapse');
765	a0165602	Sjon Hortensius
766			$section->addInput(new Form_Input(
767			'radius_host',
768			'Hostname or IP address',
769			'text',
770			$pconfig['radius_host']
771			));
772
773			$section->addInput(new Form_Input(
774			'radius_secret',
775			'Shared Secret',
776			'text',
777			$pconfig['radius_secret']
778			));
779
780			$section->addInput(new Form_Select(
781			'radius_srvcs',
782			'Services offered',
783			$pconfig['radius_srvcs'],
784			$radius_srvcs
785			));
786
787			$section->addInput(new Form_Input(
788			'radius_auth_port',
789	81ec3187	Chris Buechler	'Authentication port',
790	a0165602	Sjon Hortensius	'number',
791	df5d8616	Stephen Beaver	$pconfig['radius_auth_port']
792	a0165602	Sjon Hortensius	));
793
794			$section->addInput(new Form_Input(
795			'radius_acct_port',
796	df5d8616	Stephen Beaver	'Accounting port',
797	a0165602	Sjon Hortensius	'number',
798			$pconfig['radius_acct_port']
799			));
800
801			$section->addInput(new Form_Input(
802			'radius_timeout',
803			'Authentication Timeout',
804			'number',
805			$pconfig['radius_timeout']
806			))->setHelp('This value controls how long, in seconds, that the RADIUS '.
807			'server may take to respond to an authentication request. If left blank, the '.
808	89140b63	NOYB	'default value is 5 seconds. NOTE: If using an interactive two-factor '.
809	a0165602	Sjon Hortensius	'authentication system, increase this timeout to account for how long it will '.
810			'take the user to receive and enter a token.');
811
812			if (isset($id) && $a_server[$id])
813			{
814			$section->addInput(new Form_Input(
815			'id',
816			null,
817			'hidden',
818			$id
819			));
820	6306b5dd	Ermal Lu?i	}
821	a0165602	Sjon Hortensius
822			$form->add($section);
823	098604d3	Stephen Beaver
824			// Create a largely empty modal to show the available containers. We will populate it via AJAX later
825			$modal = new Modal("LDAP containers", "containers", true);
826
827			$form->add($modal);
828
829	a0165602	Sjon Hortensius	print $form;
830	ac9d8bed	Stephen Beaver	?>
831	8fd9052f	Colin Fleming	<script type="text/javascript">
832	ac9d8bed	Stephen Beaver	//<![CDATA[
833	098604d3	Stephen Beaver	events.push(function() {
834
835			// Create an AJAX request (to this page) to get the container list and controls
836	501efbd2	Stephen Beaver	function select_clicked() {
837			if (document.getElementById("ldap_port").value == '' \|\|
838	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_host").value == '' \|\|
839			document.getElementById("ldap_scope").value == '' \|\|
840			document.getElementById("ldap_basedn").value == '' \|\|
841			document.getElementById("ldapauthcontainers").value == '') {
842	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the required values.");?>");
843			return;
844			}
845	7b4b0ad3	Stephen Beaver
846	501efbd2	Stephen Beaver	if (!document.getElementById("ldap_anon").checked) {
847			if (document.getElementById("ldap_binddn").value == '' \|\|
848	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_bindpw").value == '') {
849	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the bind username/password.");?>");
850			return;
851			}
852			}
853	098604d3	Stephen Beaver
854			var ajaxRequest;
855			var authserver = $('#authmode').val();
856			var cert;
857
858			<?php if (count($a_ca) > 0): ?>
859			cert = $('#ldap_caref').val();
860			<?php else: ?>
861			cert = '';
862			<?php endif; ?>
863	697b1e07	Stephen Beaver	/*
864	098604d3	Stephen Beaver	$('#containers').modal('show');
865	79df3d68	Stephen Beaver	$('#serverlist').parent('div').prev('label').remove();
866			$('#serverlist').parent('div').removeClass("col-sm-10");
867			$('#serverlist').parent('div').addClass("col-sm-12");
868	697b1e07	Stephen Beaver	*/
869	098604d3	Stephen Beaver	ajaxRequest = $.ajax(
870			{
871			url: "/system_authservers.php",
872			type: "post",
873			data: {
874			ajax: "ajax",
875			port: $('#ldap_port').val(),
876			host: $('#ldap_host').val(),
877			scope: $('#ldap_scope').val(),
878			basedn: $('#ldap_basedn').val(),
879			binddn: $('#ldap_binddn').val(),
880			bindpw: $('#ldap_bindpw').val(),
881			urltype:$('#ldap_urltype').val(),
882			proto: $('#ldap_protver').val(),
883			authcn: $('#ldapauthcontainers').val(),
884			cert: cert
885			}
886			}
887			);
888
889			// Deal with the results of the above ajax call
890			ajaxRequest.done(function (response, textStatus, jqXHR) {
891	697b1e07	Stephen Beaver	$('#containers').replaceWith(response);
892
893			$('#containers').modal('show');
894	098604d3	Stephen Beaver
895			// The button handler needs to be here because until the modal has been populated
896			// the controls we need to attach handlers to do not exist
897			$('#svcontbtn').prop("type", "button");
898			$('#svcontbtn').removeAttr("href");
899
900			$('#svcontbtn').click(function () {
901			var ous = $('[id^=ou]').length;
902			var i;
903
904			$('#ldapauthcontainers').val("");
905
906			for (i = 0; i < ous; i++) {
907			if ($('#ou' + i).prop("checked")) {
908			if ($('#ldapauthcontainers').val() != "") {
909			$('#ldapauthcontainers').val($('#ldapauthcontainers').val() +";");
910			}
911
912			$('#ldapauthcontainers').val($('#ldapauthcontainers').val() + $('#ou' + i).val());
913			}
914			}
915
916			$('#containers').modal('hide');
917			});
918			});
919
920	501efbd2	Stephen Beaver	}
921	7b4b0ad3	Stephen Beaver
922	f3a43095	Stephen Beaver	function set_ldap_port() {
923	7b4b0ad3	Stephen Beaver	if($('#ldap_urltype').find(":selected").index() == 0)
924	f3a43095	Stephen Beaver	$('#ldap_port').val('389');
925			else
926	7b4b0ad3	Stephen Beaver	$('#ldap_port').val('636');
927			}
928
929			// Hides all elements of the specified class. This will usually be a section
930			function hideClass(s_class, hide) {
931			if(hide)
932			$('.' + s_class).hide();
933			else
934			$('.' + s_class).show();
935	f3a43095	Stephen Beaver	}
936	7b4b0ad3	Stephen Beaver
937	ac9d8bed	Stephen Beaver	function ldap_tmplchange() {
938			switch ($('#ldap_tmpltype').find(":selected").index()) {
939			<?php
940			$index = 0;
941			foreach ($ldap_templates as $tmpldata):
942			?>
943			case <?=$index;?>:
944			$('#ldap_attr_user').val("<?=$tmpldata['attr_user'];?>");
945			$('#ldap_attr_group').val("<?=$tmpldata['attr_group'];?>");
946			$('#ldap_attr_member').val("<?=$tmpldata['attr_member'];?>");
947			break;
948			<?php
949			$index++;
950			endforeach;
951			?>
952			}
953			}
954	a0165602	Sjon Hortensius
955	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
956	782922c2	Stephen Beaver
957	c4302457	Stephen Beaver	<?php if ($act != 'edit') : ?>
958	ac9d8bed	Stephen Beaver	ldap_tmplchange();
959	c4302457	Stephen Beaver	<?php endif; ?>
960
961	b0909f2e	Stephen Beaver	hideClass('ldapanon', $('#ldap_anon').prop('checked'));
962	e39a41e9	Stephen Beaver	hideClass('extended', !$('#ldap_extended_enabled').prop('checked'));
963	7b4b0ad3	Stephen Beaver
964	f3a43095	Stephen Beaver	if($('#ldap_port').val() == "")
965			set_ldap_port();
966	ac9d8bed	Stephen Beaver
967	ea342b0f	Stephen Beaver	<?php
968			if($act == 'edit') {
969			?>
970	6157f724	Stephen Beaver	$('#type option:not(:selected)').each(function(){
971	7b4b0ad3	Stephen Beaver	$(this).attr('disabled', 'disabled');
972	6157f724	Stephen Beaver	});
973	7b4b0ad3	Stephen Beaver
974	2138c41b	Stephen Beaver	<?php
975			if(!$input_errors) {
976	7b4b0ad3	Stephen Beaver	?>
977	6157f724	Stephen Beaver	$('#name').prop("readonly", true);
978	ea342b0f	Stephen Beaver	<?php
979	2138c41b	Stephen Beaver	}
980	ea342b0f	Stephen Beaver	}
981			?>
982	eef93144	Jared Dillard	// ---------- Click checkbox handlers ---------------------------------------------------------
983	782922c2	Stephen Beaver
984	ac9d8bed	Stephen Beaver	$('#ldap_tmpltype').on('change', function() {
985			ldap_tmplchange();
986			});
987	b0909f2e	Stephen Beaver
988	7b4b0ad3	Stephen Beaver	$('#ldap_anon').click(function () {
989			hideClass('ldapanon', this.checked);
990			});
991
992	f3a43095	Stephen Beaver	$('#ldap_urltype').on('change', function() {
993			set_ldap_port();
994	7b4b0ad3	Stephen Beaver	});
995
996			$('#Select').click(function () {
997			select_clicked();
998			});
999	504bd882	Stephen Beaver
1000	e39a41e9	Stephen Beaver	$('#ldap_extended_enabled').click(function () {
1001			hideClass('extended', !this.checked);
1002			});
1003	504bd882	Stephen Beaver
1004	ac9d8bed	Stephen Beaver	});
1005			//]]>
1006			</script>
1007			<?php
1008	81ec3187	Chris Buechler	include("foot.inc");

Project

General

Profile

pfSense