Project

General

Profile

Download (13.9 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/* $Id$ */
3
/*
4
	system_advanced_admin.php
5
	part of pfSense
6
	Copyright (C) 2005-2007 Scott Ullrich
7

    
8
	Copyright (C) 2008 Shrew Soft Inc
9

    
10
	originally part of m0n0wall (http://m0n0.ch/wall)
11
	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
12
	All rights reserved.
13

    
14
	Redistribution and use in source and binary forms, with or without
15
	modification, are permitted provided that the following conditions are met:
16

    
17
	1. Redistributions of source code must retain the above copyright notice,
18
	   this list of conditions and the following disclaimer.
19

    
20
	2. Redistributions in binary form must reproduce the above copyright
21
	   notice, this list of conditions and the following disclaimer in the
22
	   documentation and/or other materials provided with the distribution.
23

    
24
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
25
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
26
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
27
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
28
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
29
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
30
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
31
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33
	POSSIBILITY OF SUCH DAMAGE.
34
*/
35

    
36
##|+PRIV
37
##|*IDENT=page-system-advanced-admin
38
##|*NAME=System: Advanced: Admin Access Page
39
##|*DESCR=Allow access to the 'System: Advanced: Admin Access' page.
40
##|*MATCH=system_advanced_admin.php*
41
##|-PRIV
42

    
43

    
44
require("guiconfig.inc");
45

    
46
$pconfig['webguiproto'] = $config['system']['webgui']['protocol'];
47
$pconfig['webguiport'] = $config['system']['webgui']['port'];
48
$pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref'];
49
$pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']);
50
$pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']);
51
$pconfig['enableserial'] = $config['system']['enableserial'];
52
$pconfig['enablesshd'] = $config['system']['enablesshd'];
53
$pconfig['sshport'] = $config['system']['ssh']['port'];
54
$pconfig['sshdkeyonly'] = isset($config['system']['ssh']['sshdkeyonly']);
55

    
56
$a_cert =& $config['system']['cert'];
57

    
58
$certs_available = false;
59
if (is_array($a_cert) && count($a_cert))
60
	$certs_available = true;
61

    
62
if (!$pconfig['webguiproto'] || !$certs_available)
63
	$pconfig['webguiproto'] = "http";
64

    
65
if ($_POST) {
66

    
67
	unset($input_errors);
68
	$pconfig = $_POST;
69

    
70
	/* input validation */
71
	if ($_POST['webguiport'])
72
		if(!is_port($_POST['webguiport']))
73
			$input_errors[] = "You must specify a valid webConfigurator port number";
74

    
75
	if ($_POST['sshport'])
76
		if(!is_port($_POST['sshport']))
77
			$input_errors[] = "You must specify a valid port number";
78

    
79
	if($_POST['sshdkeyonly'] == "yes")
80
		$config['system']['ssh']['sshdkeyonly'] = "enabled";
81
	else if (isset($config['system']['ssh']['sshdkeyonly']))
82
		unset($config['system']['ssh']['sshdkeyonly']);
83

    
84
	ob_flush();
85
	flush();
86

    
87
	if (!$input_errors) {
88

    
89
		if (update_if_changed("webgui protocol", $config['system']['webgui']['protocol'], $_POST['webguiproto']))
90
			$restart_webgui = true;
91
		if (update_if_changed("webgui port", $config['system']['webgui']['port'], $_POST['webguiport']))
92
			$restart_webgui = true;
93
		if (update_if_changed("webgui certificate", $config['system']['webgui']['ssl-certref'], $_POST['ssl-certref']))
94
			$restart_webgui = true;
95

    
96
		if($_POST['disableconsolemenu'] == "yes") {
97
			$config['system']['disableconsolemenu'] = true;
98
			auto_login(true);
99
		} else {
100
			unset($config['system']['disableconsolemenu']);
101
			auto_login(false);
102
		}
103

    
104
		if ($_POST['noantilockout'] == "yes")
105
			$config['system']['webgui']['noantilockout'] = true;
106
		else
107
			unset($config['system']['webgui']['noantilockout']);
108

    
109
		if ($_POST['enableserial'] == "yes")
110
			$config['system']['enableserial'] = true;
111
		else
112
			unset($config['system']['enableserial']);
113

    
114
		$sshd_enabled = $config['system']['enablesshd'];
115
		if($_POST['enablesshd'])
116
			$config['system']['enablesshd'] = "enabled";
117
		else
118
			unset($config['system']['enablesshd']);
119

    
120
		$sshd_keyonly = $config['system']['sshdkeyonly'];
121
		if ($_POST['sshdkeyonly'])
122
			$config['system']['sshdkeyonly'] = true;
123
		else
124
			unset($config['system']['sshdkeyonly']);
125

    
126
		$sshd_port = $config['system']['ssh']['port'];
127
		if ($_POST['sshport'])
128
			$config['system']['ssh']['port'] = $_POST['sshport'];
129
		else if (isset($config['system']['ssh']['port']))
130
			unset($config['system']['ssh']['port']);
131

    
132
		if (($sshd_enabled != $config['system']['enablesshd']) ||
133
			($sshd_keyonly != $config['system']['sshdkeyonly']) ||
134
			($sshd_port != $config['system']['ssh']['port']))
135
			$restart_sshd = true;
136

    
137
		if ($restart_webgui) {
138
			global $_SERVER;
139
			list($host) = explode(":", $_SERVER['HTTP_HOST']);
140
			$prot = $config['system']['webgui']['protocol'];
141
			$port = $config['system']['webgui']['port'];
142
			if ($port)
143
				$url = "{$prot}://{$host}:{$port}/system_advanced_admin.php";
144
			else
145
				$url = "{$prot}://{$host}/system.php";
146
		}
147

    
148
		write_config();
149

    
150
		$retval = filter_configure();
151
	    $savemsg = get_std_save_message($retval);
152

    
153
		if ($restart_webgui)
154
			$savemsg .= "<br />One moment...redirecting to {$url} in 20 seconds.";
155

    
156
		conf_mount_rw();
157
		setup_serial_port();
158
		conf_mount_ro();
159
	}
160
}
161

    
162
$pgtitle = array("System","Advanced: Admin Access");
163
include("head.inc");
164

    
165
?>
166

    
167
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
168
<?php include("fbegin.inc"); ?>
169
<script language="JavaScript">
170
<!--
171

    
172
function prot_change() {
173

    
174
	if (document.iform.https_proto.checked)
175
		document.getElementById("ssl_opts").style.display="";
176
	else
177
		document.getElementById("ssl_opts").style.display="none";
178
}
179

    
180
//-->
181
</script>
182
<?php
183
	if ($input_errors)
184
		print_input_errors($input_errors);
185
	if ($savemsg)
186
		print_info_box($savemsg);
187
?>
188
	<form action="system_advanced_admin.php" method="post" name="iform" id="iform">
189
		<table width="100%" border="0" cellpadding="0" cellspacing="0">
190
			<tr>
191
				<td>
192
					<?php
193
						$tab_array = array();
194
						$tab_array[] = array("Admin Access", true, "system_advanced_admin.php");
195
						$tab_array[] = array("Firewall / NAT", false, "system_advanced_firewall.php");
196
						$tab_array[] = array("Networking", false, "system_advanced_network.php");
197
						$tab_array[] = array("Miscellaneous", false, "system_advanced_misc.php");
198
						$tab_array[] = array("System Tunables", false, "system_advanced_sysctl.php");
199
						$tab_array[] = array("Notifications", false, "system_advanced_notifications.php");
200
						display_top_tabs($tab_array);
201
					?>
202
				</td>
203
			</tr>
204
			<tr>
205
				<td id="mainarea">
206
					<div class="tabcont">
207
						<span class="vexpl">
208
							<span class="red">
209
								<strong>NOTE:&nbsp</strong>
210
							</span>
211
							The options on this page are intended for use by advanced users only.
212
							<br/>
213
						</span>
214
						<br/>
215
						<table width="100%" border="0" cellpadding="6" cellspacing="0">
216
							<tr>
217
								<td colspan="2" valign="top" class="listtopic">webConfigurator</td>
218
							</tr>
219
							<tr>
220
								<td width="22%" valign="top" class="vncell">Protocol</td>
221
								<td width="78%" class="vtable">
222
									<?php
223
										if ($pconfig['webguiproto'] == "http")
224
											$http_chk = "checked";
225
										if ($pconfig['webguiproto'] == "https")
226
											$https_chk = "checked";
227
										if (!$certs_available)
228
											$https_disabled = "disabled";
229
									?>
230
									<input name="webguiproto" id="http_proto" type="radio" value="http" <?=$http_chk;?> onClick="prot_change()">
231
									HTTP
232
									&nbsp;&nbsp;&nbsp;
233
									<input name="webguiproto" id="https_proto" type="radio" value="https" <?=$https_chk;?> <?=$https_disabled;?> onClick="prot_change()">
234
									HTTPS
235
									<?php if (!$certs_available): ?>
236
									<br/>
237
									No Certificates have been defined. You must
238
									<a href="system_certmanager.php">Create or Import</a>
239
									a Certificate before SSL can be enabled.
240
									<?php endif; ?>
241
								</td>
242
							</tr>
243
							<tr id="ssl_opts">
244
								<td width="22%" valign="top" class="vncell">SSL Certificate</td>
245
								<td width="78%" class="vtable">
246
									<select name="ssl-certref" id="ssl-certref" class="formselect">
247
										<?php
248
											foreach($a_cert as $cert):
249
												$selected = "";
250
												if ($pconfig['ssl-certref'] == $cert['refid'])
251
													$selected = "selected";
252
										?>
253
										<option value="<?=$cert['refid'];?>"<?=$selected;?>><?=$cert['name'];?></option>
254
										<?php endforeach; ?>
255
									</select>
256
								</td>
257
							</tr>
258
							<tr>
259
								<td valign="top" class="vncell">TCP port</td>
260
								<td class="vtable">
261
									<input name="webguiport" type="text" class="formfld unknown" id="webguiport" "size="5" value="<?=htmlspecialchars($config['system']['webgui']['port']);?>">
262
									<br>
263
									<span class="vexpl">
264
										Enter a custom port number for the webConfigurator
265
										above if you want to override the default (80 for HTTP, 443
266
										for HTTPS). Changes will take effect immediately after save.
267
									</span>
268
								</td>
269
							</tr>
270
							<tr>
271
								<td width="22%" valign="top" class="vncell">Anti-lockout</td>
272
								<td width="78%" class="vtable">
273
									<?php
274
										if($config['interfaces']['lan']) 
275
											$lockout_interface = "LAN";
276
										else 
277
											$lockout_interface = "WAN";
278
									?>
279
									<input name="noantilockout" type="checkbox" id="noantilockout" value="yes" <?php if ($pconfig['noantilockout']) echo "checked"; ?> />
280
									<strong>Disable webConfigurator anti-lockout rule</strong>
281
									<br/>
282
									By default, access to the webConfigurator on the <?=$lockout_interface;?>
283
									interface is always permitted, regardless of the user-defined filter
284
									rule set. Enable this feature to control webConfigurator access (make
285
									sure to have a filter rule in place that allows you in, or you will
286
									lock yourself out!). <em> Hint: the &quot;set configure IP address&quot;
287
									option in the console menu resets this setting as well. </em>
288
								</td>
289
							</tr>
290
							<tr>
291
								<td colspan="2" class="list" height="12">&nbsp;</td>
292
							</tr>
293
							<tr>
294
								<td colspan="2" valign="top" class="listtopic">Secure Shell</td>
295
							</tr>
296
							<tr>
297
								<td width="22%" valign="top" class="vncell">Secure Shell Server</td>
298
								<td width="78%" class="vtable">
299
									<input name="enablesshd" type="checkbox" id="enablesshd" value="yes" <?php if (isset($pconfig['enablesshd'])) echo "checked"; ?> />
300
									<strong>Enable Secure Shell</strong>
301
								</td>
302
							</tr>
303
							<tr>
304
								<td width="22%" valign="top" class="vncell">Authentication Method</td>
305
								<td width="78%" class="vtable">
306
									<input name="sshdkeyonly" type="checkbox" id="sshdkeyonly" value="yes" <?php if ($pconfig['sshdkeyonly']) echo "checked"; ?> />
307
									<strong>Disable Password login for Secure Shell (rsa key only)</strong>
308
									<br/>
309
									When enabled, authorized keys need to be configured for each
310
									<a href="system_usermanager.php">user</a>
311
									that has been granted secure shell access.
312
								</td>
313
							</tr>
314
							<tr>
315
								<td width="22%" valign="top" class="vncell">SSH port</td>
316
								<td width="78%" class="vtable">
317
									<input name="sshport" type="text" id="sshport" value="<?php echo $pconfig['sshport']; ?>" />
318
									<br/>
319
									<span class="vexpl">Note:  Leave this blank for the default of 22</span>
320
								</td>
321
							</tr>
322
							<tr>
323
								<td colspan="2" class="list" height="12">&nbsp;</td>
324
							</tr>
325
							<?php if($g['platform'] == "pfSense" || $g['platform'] == "cdrom"): ?>
326
							<tr>
327
								<td colspan="2" valign="top" class="listtopic">Serial Communcations</td>
328
							</tr>
329
							<tr>
330
								<td width="22%" valign="top" class="vncell">Serial Terminal</td>
331
								<td width="78%" class="vtable">
332
									<input name="enableserial" type="checkbox" id="enableserial" value="yes" <?php if (isset($pconfig['enableserial'])) echo "checked"; ?> />
333
									<strong>This will enable the first serial port with 9600/8/N/1</strong>
334
									<br>
335
									<span class="vexpl">Note:  This will disable the internal video card/keyboard</span>
336
								</td>
337
							</tr>
338
							<tr>
339
								<td colspan="2" class="list" height="12">&nbsp;</td>
340
							</tr>
341
							<?php endif; ?>
342
							<tr>
343
								<td colspan="2" valign="top" class="listtopic">Console Options</td>
344
							</tr>
345
							<tr>
346
								<td width="22%" valign="top" class="vncell">Console menu</td>
347
								<td width="78%" class="vtable">
348
									<input name="disableconsolemenu" type="checkbox" id="disableconsolemenu" value="yes" <?php if ($pconfig['disableconsolemenu']) echo "checked"; ?>  />
349
									<strong>Password protect the console menu</strong>
350
									<br/>
351
									<span class="vexpl">Changes to this option will take effect after a reboot.</span>
352
								</td>
353
							</tr>
354
							<tr>
355
								<td colspan="2" class="list" height="12">&nbsp;</td>
356
							</tr>							
357
							<tr>
358
								<td width="22%" valign="top">&nbsp;</td>
359
								<td width="78%"><input name="Submit" type="submit" class="formbtn" value="Save" /></td>
360
							</tr>
361
							<tr>
362
								<td colspan="2" class="list" height="12">&nbsp;</td>
363
							</tr>
364
						</table>
365
					</div>
366
				</td>
367
			</tr>
368
		</table>
369
	</form>
370
	<script language="JavaScript" type="text/javascript">
371
	<!--
372
		prot_change();
373
	//-->
374
	</script>
375

    
376
<?php include("fend.inc"); ?>
377
<?php
378
	if ($restart_webgui)
379
		echo "<meta http-equiv=\"refresh\" content=\"20;url={$url}\">";
380
?>
381
</body>
382
</html>
383

    
384
<?php
385
if ($restart_sshd) {
386

    
387
	mwexec("/usr/bin/killall sshd");
388
	log_error("secure shell configuration has changed. Stopping sshd.");
389

    
390
	if ($config['system']['enablesshd']) {
391
		log_error("secure shell configuration has changed. Restarting sshd.");
392
		touch("{$g['tmp_path']}/start_sshd");
393
	}
394
}
395
if ($restart_webgui) {
396
	ob_flush();
397
	flush();
398
	log_error("webConfigurator configuration has changed. Restarting webConfigurator.");
399
	touch("{$g['tmp_path']}/restart_webgui");
400
}
401
?>
(169-169/217)