/src/usr/local/www/system_authservers.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_authservers.php @ 401ccf37

1	fbf672cb	Matthew Grooms	<?php
2			/*
3	ce77a9c4	Phil Davis	system_authservers.php
4	fbf672cb	Matthew Grooms	*/
5	ac9d8bed	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7			* Copyright (c) 2004, 2005 Scott Ullrich
8	df8fca9d	Stephen Beaver	* Copyright (c) 2008 Shrew Soft Inc.
9			* Copyright (c) 2010 Ermal Luçi
10	ac9d8bed	Stephen Beaver	*
11			* Redistribution and use in source and binary forms, with or without modification,
12			* are permitted provided that the following conditions are met:
13			*
14			* 1. Redistributions of source code must retain the above copyright notice,
15			* this list of conditions and the following disclaimer.
16			*
17			* 2. Redistributions in binary form must reproduce the above copyright
18			* notice, this list of conditions and the following disclaimer in
19			* the documentation and/or other materials provided with the
20			* distribution.
21			*
22			* 3. All advertising materials mentioning features or use of this software
23			* must display the following acknowledgment:
24			* "This product includes software developed by the pfSense Project
25			* for use in the pfSense software distribution. (http://www.pfsense.org/).
26			*
27			* 4. The names "pfSense" and "pfSense Project" must not be used to
28			* endorse or promote products derived from this software without
29			* prior written permission. For written permission, please contact
30			* coreteam@pfsense.org.
31			*
32			* 5. Products derived from this software may not be called "pfSense"
33			* nor may "pfSense" appear in their names without prior written
34			* permission of the Electric Sheep Fencing, LLC.
35			*
36			* 6. Redistributions of any form whatsoever must retain the following
37			* acknowledgment:
38			*
39			* "This product includes software developed by the pfSense Project
40			* for use in the pfSense software distribution (http://www.pfsense.org/).
41			*
42			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
43			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
44			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
45			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
46			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
47			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
48			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
49			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
51			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
52			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
53			* OF THE POSSIBILITY OF SUCH DAMAGE.
54			*
55			* ====================================================================
56			*
57			*/
58	1d333258	Scott Ullrich	/*
59	ac9d8bed	Stephen Beaver	pfSense_MODULE: auth
60	1d333258	Scott Ullrich	*/
61	fbf672cb	Matthew Grooms
62			##\|+PRIV
63			##\|*IDENT=page-system-authservers
64			##\|*NAME=System: Authentication Servers
65			##\|*DESCR=Allow access to the 'System: Authentication Servers' page.
66			##\|MATCH=system_authservers.php
67			##\|-PRIV
68
69			require("guiconfig.inc");
70	acee624f	Ermal Lu?i	require_once("auth.inc");
71	fbf672cb	Matthew Grooms
72	257705ca	Renato Botelho	$pgtitle = array(gettext("System"), gettext("Authentication Servers"));
73	d71fc5d3	jim-p	$shortcut_section = "authentication";
74	fbf672cb	Matthew Grooms
75	2ee8dea1	Phil Davis	if (is_numericint($_GET['id'])) {
76	e41ec584	Renato Botelho	$id = $_GET['id'];
77	2ee8dea1	Phil Davis	}
78			if (isset($_POST['id']) && is_numericint($_POST['id'])) {
79	fbf672cb	Matthew Grooms	$id = $_POST['id'];
80	2ee8dea1	Phil Davis	}
81	fbf672cb	Matthew Grooms
82	2ee8dea1	Phil Davis	if (!is_array($config['system']['authserver'])) {
83	fbf672cb	Matthew Grooms	$config['system']['authserver'] = array();
84	2ee8dea1	Phil Davis	}
85	fbf672cb	Matthew Grooms
86	6306b5dd	Ermal Lu?i	$a_servers = auth_get_authserver_list();
87	2ee8dea1	Phil Davis	foreach ($a_servers as $servers) {
88	6306b5dd	Ermal Lu?i	$a_server[] = $servers;
89	2ee8dea1	Phil Davis	}
90	fbf672cb	Matthew Grooms
91	2ee8dea1	Phil Davis	if (!is_array($config['ca'])) {
92	a0165602	Sjon Hortensius	$config['ca'] = array();
93	2ee8dea1	Phil Davis	}
94	fe2031ab	Ermal	$a_ca =& $config['ca'];
95
96	fbf672cb	Matthew Grooms	$act = $_GET['act'];
97	2ee8dea1	Phil Davis	if ($_POST['act']) {
98	fbf672cb	Matthew Grooms	$act = $_POST['act'];
99	2ee8dea1	Phil Davis	}
100	fbf672cb	Matthew Grooms
101			if ($act == "del") {
102
103			if (!$a_server[$_GET['id']]) {
104			pfSenseHeader("system_authservers.php");
105			exit;
106			}
107
108	9db6993f	jim-p	/* Remove server from main list. */
109	fbf672cb	Matthew Grooms	$serverdeleted = $a_server[$_GET['id']]['name'];
110	9db6993f	jim-p	foreach ($config['system']['authserver'] as $k => $as) {
111	2ee8dea1	Phil Davis	if ($config['system']['authserver'][$k]['name'] == $serverdeleted) {
112	9db6993f	jim-p	unset($config['system']['authserver'][$k]);
113	2ee8dea1	Phil Davis	}
114	9db6993f	jim-p	}
115
116			/* Remove server from temp list used later on this page. */
117	fbf672cb	Matthew Grooms	unset($a_server[$_GET['id']]);
118	9db6993f	jim-p
119	2ee8dea1	Phil Davis	$savemsg = gettext("Authentication Server") . " " . htmlspecialchars($serverdeleted) . " " . gettext("deleted") . "<br />";
120	9db6993f	jim-p	write_config($savemsg);
121	fbf672cb	Matthew Grooms	}
122
123			if ($act == "edit") {
124			if (isset($id) && $a_server[$id]) {
125
126			$pconfig['type'] = $a_server[$id]['type'];
127			$pconfig['name'] = $a_server[$id]['name'];
128
129			if ($pconfig['type'] == "ldap") {
130	fe2031ab	Ermal	$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
131	fbf672cb	Matthew Grooms	$pconfig['ldap_host'] = $a_server[$id]['host'];
132			$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
133	d6b4dfe3	jim-p	$pconfig['ldap_timeout'] = $a_server[$id]['ldap_timeout'];
134	fbf672cb	Matthew Grooms	$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
135			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
136			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
137			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
138	c61e4626	Ermal Lu?i	$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
139	c7073ebf	namezero111111	$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
140			$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
141	fbf672cb	Matthew Grooms	$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
142			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
143			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
144			$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
145			$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
146	149efbea	jim-p	$pconfig['ldap_attr_groupobj'] = $a_server[$id]['ldap_attr_groupobj'];
147	a5cd1c5a	jim-p	$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
148			$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
149	149efbea	jim-p	$pconfig['ldap_rfc2307'] = isset($a_server[$id]['ldap_rfc2307']);
150	fbf672cb	Matthew Grooms
151	2ee8dea1	Phil Davis	if (!$pconfig['ldap_binddn'] \|\| !$pconfig['ldap_bindpw']) {
152	fbf672cb	Matthew Grooms	$pconfig['ldap_anon'] = true;
153	2ee8dea1	Phil Davis	}
154	fbf672cb	Matthew Grooms	}
155
156			if ($pconfig['type'] == "radius") {
157			$pconfig['radius_host'] = $a_server[$id]['host'];
158			$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
159			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
160	e8a58de4	Ermal Lu?i	$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
161	bddd2be8	jim-p	$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
162	fbf672cb	Matthew Grooms
163			if ($pconfig['radius_auth_port'] &&
164	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
165	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "both";
166			}
167
168	2ee8dea1	Phil Davis	if ($pconfig['radius_auth_port'] &&
169	ac9d8bed	Stephen Beaver	!$pconfig['radius_acct_port']) {
170	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "auth";
171	acee624f	Ermal Lu?i	$pconfig['radius_acct_port'] = 1813;
172	fbf672cb	Matthew Grooms	}
173
174			if (!$pconfig['radius_auth_port'] &&
175	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
176	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "acct";
177	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = 1812;
178	fbf672cb	Matthew Grooms	}
179
180			}
181			}
182			}
183
184			if ($act == "new") {
185			$pconfig['ldap_protver'] = 3;
186			$pconfig['ldap_anon'] = true;
187			$pconfig['radius_srvcs'] = "both";
188	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = "1812";
189			$pconfig['radius_acct_port'] = "1813";
190	fbf672cb	Matthew Grooms	}
191
192			if ($_POST) {
193			unset($input_errors);
194			$pconfig = $_POST;
195
196			/* input validation */
197
198			if ($pconfig['type'] == "ldap") {
199	2ee8dea1	Phil Davis	$reqdfields = explode(" ",
200			"name type ldap_host ldap_port " .
201			"ldap_urltype ldap_protver ldap_scope " .
202			"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
203	7b4b0ad3	Stephen Beaver
204	257705ca	Renato Botelho	$reqdfieldsn = array(
205			gettext("Descriptive name"),
206			gettext("Type"),
207			gettext("Hostname or IP"),
208			gettext("Port value"),
209			gettext("Transport"),
210			gettext("Protocol version"),
211			gettext("Search level"),
212			gettext("User naming Attribute"),
213			gettext("Group naming Attribute"),
214			gettext("Group member attribute"),
215			gettext("Authentication container"));
216	fbf672cb	Matthew Grooms
217			if (!$pconfig['ldap_anon']) {
218			$reqdfields[] = "ldap_binddn";
219			$reqdfields[] = "ldap_bindpw";
220	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Bind user DN");
221			$reqdfieldsn[] = gettext("Bind Password");
222	fbf672cb	Matthew Grooms	}
223			}
224
225			if ($pconfig['type'] == "radius") {
226			$reqdfields = explode(" ", "name type radius_host radius_srvcs");
227	257705ca	Renato Botelho	$reqdfieldsn = array(
228			gettext("Descriptive name"),
229			gettext("Type"),
230			gettext("Hostname or IP"),
231			gettext("Services"));
232	fbf672cb	Matthew Grooms
233			if ($pconfig['radisu_srvcs'] == "both" \|\|
234	ac9d8bed	Stephen Beaver	$pconfig['radisu_srvcs'] == "auth") {
235	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_auth_port";
236	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Authentication port");
237	fbf672cb	Matthew Grooms	}
238
239			if ($pconfig['radisu_srvcs'] == "both" \|\|
240	ac9d8bed	Stephen Beaver	$pconfig['radisu_srvcs'] == "acct") {
241	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_acct_port";
242	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Accounting port");
243	fbf672cb	Matthew Grooms	}
244
245			if (!isset($id)) {
246			$reqdfields[] = "radius_secret";
247	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Shared Secret");
248	fbf672cb	Matthew Grooms	}
249			}
250
251	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
252	fbf672cb	Matthew Grooms
253	2ee8dea1	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host'])) {
254	fbf672cb	Matthew Grooms	$input_errors[] = gettext("The host name contains invalid characters.");
255	2ee8dea1	Phil Davis	}
256	fbf672cb	Matthew Grooms
257	2ee8dea1	Phil Davis	if (auth_get_authserver($pconfig['name']) && !isset($id)) {
258	257705ca	Renato Botelho	$input_errors[] = gettext("An authentication server with the same name already exists.");
259	2ee8dea1	Phil Davis	}
260	acee624f	Ermal Lu?i
261	d6b4dfe3	jim-p	if (($pconfig['type'] == "ldap") \|\| ($pconfig['type'] == "radius")) {
262			$to_field = "{$pconfig['type']}_timeout";
263			if (isset($_POST[$to_field]) && !empty($_POST[$to_field]) && (!is_numeric($_POST[$to_field]) \|\| (is_numeric($_POST[$to_field]) && ($_POST[$to_field] <= 0)))) {
264			$input_errors[] = sprintf(gettext("%s Timeout value must be numeric and positive."), strtoupper($pconfig['type']));
265			}
266	2ee8dea1	Phil Davis	}
267	bddd2be8	jim-p
268	fbf672cb	Matthew Grooms	/* if this is an AJAX caller then handle via JSON */
269			if (isAjax() && is_array($input_errors)) {
270			input_errors2Ajax($input_errors);
271			exit;
272			}
273
274			if (!$input_errors) {
275			$server = array();
276			$server['refid'] = uniqid();
277	2ee8dea1	Phil Davis	if (isset($id) && $a_server[$id]) {
278	fbf672cb	Matthew Grooms	$server = $a_server[$id];
279	2ee8dea1	Phil Davis	}
280	fbf672cb	Matthew Grooms
281			$server['type'] = $pconfig['type'];
282			$server['name'] = $pconfig['name'];
283
284			if ($server['type'] == "ldap") {
285
286	2ee8dea1	Phil Davis	if (!empty($pconfig['ldap_caref'])) {
287	fe2031ab	Ermal	$server['ldap_caref'] = $pconfig['ldap_caref'];
288	2ee8dea1	Phil Davis	}
289	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['ldap_host'];
290			$server['ldap_port'] = $pconfig['ldap_port'];
291			$server['ldap_urltype'] = $pconfig['ldap_urltype'];
292			$server['ldap_protver'] = $pconfig['ldap_protver'];
293			$server['ldap_scope'] = $pconfig['ldap_scope'];
294			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
295	c61e4626	Ermal Lu?i	$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
296	c7073ebf	namezero111111	$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
297			$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
298	fbf672cb	Matthew Grooms	$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
299			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
300			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
301	149efbea	jim-p
302			$server['ldap_attr_groupobj'] = empty($pconfig['ldap_attr_groupobj']) ? "posixGroup" : $pconfig['ldap_attr_groupobj'];
303
304	2ee8dea1	Phil Davis	if ($pconfig['ldap_utf8'] == "yes") {
305	a5cd1c5a	jim-p	$server['ldap_utf8'] = true;
306	2ee8dea1	Phil Davis	} else {
307	a5cd1c5a	jim-p	unset($server['ldap_utf8']);
308	2ee8dea1	Phil Davis	}
309			if ($pconfig['ldap_nostrip_at'] == "yes") {
310	a5cd1c5a	jim-p	$server['ldap_nostrip_at'] = true;
311	2ee8dea1	Phil Davis	} else {
312	a5cd1c5a	jim-p	unset($server['ldap_nostrip_at']);
313	2ee8dea1	Phil Davis	}
314	149efbea	jim-p	if ($pconfig['ldap_rfc2307'] == "yes") {
315			$server['ldap_rfc2307'] = true;
316			} else {
317			unset($server['ldap_rfc2307']);
318			}
319	a5cd1c5a	jim-p
320	fbf672cb	Matthew Grooms
321			if (!$pconfig['ldap_anon']) {
322			$server['ldap_binddn'] = $pconfig['ldap_binddn'];
323			$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
324			} else {
325			unset($server['ldap_binddn']);
326			unset($server['ldap_bindpw']);
327			}
328	d6b4dfe3	jim-p
329			if ($pconfig['ldap_timeout']) {
330			$server['ldap_timeout'] = $pconfig['ldap_timeout'];
331			} else {
332			$server['ldap_timeout'] = 25;
333			}
334	fbf672cb	Matthew Grooms	}
335
336			if ($server['type'] == "radius") {
337
338			$server['host'] = $pconfig['radius_host'];
339
340	2ee8dea1	Phil Davis	if ($pconfig['radius_secret']) {
341	fbf672cb	Matthew Grooms	$server['radius_secret'] = $pconfig['radius_secret'];
342	2ee8dea1	Phil Davis	}
343	fbf672cb	Matthew Grooms
344	2ee8dea1	Phil Davis	if ($pconfig['radius_timeout']) {
345	bddd2be8	jim-p	$server['radius_timeout'] = $pconfig['radius_timeout'];
346	2ee8dea1	Phil Davis	} else {
347	afdf29d3	jim-p	$server['radius_timeout'] = 5;
348	2ee8dea1	Phil Davis	}
349	bddd2be8	jim-p
350	fbf672cb	Matthew Grooms	if ($pconfig['radius_srvcs'] == "both") {
351			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
352			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
353			}
354
355			if ($pconfig['radius_srvcs'] == "auth") {
356			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
357			unset($server['radius_acct_port']);
358			}
359
360			if ($pconfig['radius_srvcs'] == "acct") {
361			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
362			unset($server['radius_auth_port']);
363			}
364			}
365
366	2ee8dea1	Phil Davis	if (isset($id) && $config['system']['authserver'][$id]) {
367	6306b5dd	Ermal Lu?i	$config['system']['authserver'][$id] = $server;
368	2ee8dea1	Phil Davis	} else {
369	6306b5dd	Ermal Lu?i	$config['system']['authserver'][] = $server;
370	2ee8dea1	Phil Davis	}
371	fbf672cb	Matthew Grooms
372			write_config();
373
374			pfSenseHeader("system_authservers.php");
375			}
376			}
377
378	1d3259b5	Stephen Beaver	// On error, restore the form contents so the user doesn't have to re-enter too much
379	504bd882	Stephen Beaver	if($_POST && $input_errors) {
380			$pconfig = $_POST;
381			$pconfig['ldap_authcn'] = $_POST['ldapauthcontainers'];
382	b1f0f7e1	Stephen Beaver	$pconfig['ldap_template'] = $_POST['ldap_tmpltype'];
383	504bd882	Stephen Beaver	}
384
385	fbf672cb	Matthew Grooms	include("head.inc");
386
387	a0165602	Sjon Hortensius	if ($input_errors)
388			print_input_errors($input_errors);
389	7b4b0ad3	Stephen Beaver
390	a0165602	Sjon Hortensius	if ($savemsg)
391	ea342b0f	Stephen Beaver	print_info_box($savemsg, 'success');
392	a0165602	Sjon Hortensius
393			$tab_array = array();
394			$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
395			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
396			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
397			$tab_array[] = array(gettext("Servers"), true, "system_authservers.php");
398			display_top_tabs($tab_array);
399
400			if (!($act == "new" \|\| $act == "edit" \|\| $input_errors))
401			{
402			?>
403	94404d94	Sander van Leeuwen	<div class="table-responsive">
404			<table class="table table-striped table-hover">
405			<thead>
406			<tr>
407			<th><?=gettext("Server Name")?></th>
408			<th><?=gettext("Type")?></th>
409			<th><?=gettext("Host Name")?></th>
410			<th></th>
411			</tr>
412			</thead>
413			<tbody>
414			<?php foreach($a_server as $i => $server): ?>
415			<tr>
416			<td><?=htmlspecialchars($server['name'])?></td>
417			<td><?=htmlspecialchars($auth_server_types[$server['type']])?></td>
418			<td><?=htmlspecialchars($server['host'])?></td>
419			<td>
420			<?php if ($i < (count($a_server) - 1)): ?>
421			<a href="system_authservers.php?act=edit&id=<?=$i?>" class="btn btn-xs btn-primary">edit</a>
422	45d6ada5	Sjon Hortensius	<a href="system_authservers.php?act=del&id=<?=$i?>" class="btn btn-xs btn-danger">delete</a>
423	94404d94	Sander van Leeuwen	<?php endif?>
424			</td>
425			</tr>
426			<?php endforeach; ?>
427			</tbody>
428			</table>
429			</div>
430
431			<nav class="action-buttons">
432			<a href="?act=new" class="btn btn-success">add new</a>
433			</nav>
434	fbf672cb	Matthew Grooms	<?php
435	a0165602	Sjon Hortensius	include("foot.inc");
436			exit;
437	fbf672cb	Matthew Grooms	}
438
439	ad2879b8	PiBa-NL	require_once('classes/Form.class.php');
440	a0165602	Sjon Hortensius	$form = new Form;
441			$form->setAction('system_authservers.php?act=edit');
442	ea342b0f	Stephen Beaver
443	a0165602	Sjon Hortensius	$form->addGlobal(new Form_Input(
444			'userid',
445			null,
446			'hidden',
447			$id
448			));
449
450			$section = new Form_Section('Server settings');
451
452			$section->addInput($input = new Form_Input(
453			'name',
454			'Descriptive name',
455			'text',
456			$pconfig['name']
457			));
458
459			$section->addInput($input = new Form_Select(
460			'type',
461			'Type',
462			$pconfig['type'],
463			$auth_server_types
464	44d906ca	Sjon Hortensius	))->toggles();
465	a0165602	Sjon Hortensius
466			$form->add($section);
467	6157f724	Stephen Beaver
468			// ==== LDAP settings =========================================================
469	a0165602	Sjon Hortensius	$section = new Form_Section('LDAP Server Settings');
470	44d906ca	Sjon Hortensius	$section->addClass('toggle-ldap collapse');
471	a0165602	Sjon Hortensius
472			if (!isset($pconfig['type']) \|\| $pconfig['type'] == 'ldap')
473			$section->addClass('in');
474
475			$section->addInput(new Form_Input(
476			'ldap_host',
477			'Hostname or IP address',
478			'text',
479			$pconfig['ldap_host']
480			))->setHelp('NOTE: When using SSL, this hostname MUST match the Common Name '.
481	5585e65d	Chris Buechler	'(CN) of the LDAP server\'s SSL Certificate.');
482	a0165602	Sjon Hortensius
483			$section->addInput(new Form_Input(
484			'ldap_port',
485			'Port value',
486			'number',
487			$pconfig['ldap_port']
488			));
489
490			$section->addInput(new Form_Select(
491			'ldap_urltype',
492			'Transport',
493			$pconfig['ldap_urltype'],
494			array_combine(array_keys($ldap_urltypes), array_keys($ldap_urltypes))
495			));
496
497			if (empty($a_ca))
498			{
499			$section->addInput(new Form_StaticText(
500			'Peer Certificate Authority',
501			'No Certificate Authorities defined.<br/>Create one under <a href="system_camanager.php">System > Cert Manager</a>.'
502			));
503	fbf672cb	Matthew Grooms	}
504	a0165602	Sjon Hortensius	else
505			{
506			$ldapCaRef = [];
507			foreach ($a_ca as $ca)
508			$ldapCaRef[ $ca['refid'] ] = $ca['descr'];
509
510			$section->addInput(new Form_Select(
511			'ldap_caref',
512			'Peer Certificate Authority',
513			$pconfig['ldap_caref'],
514			$ldapCaRef
515			))->setHelp('This option is used if \'SSL Encrypted\' option is choosen. '.
516			'It must match with the CA in the AD otherwise problems will arise.');
517	fbf672cb	Matthew Grooms	}
518
519	a0165602	Sjon Hortensius	$section->addInput(new Form_Select(
520			'ldap_protver',
521			'Protocol version',
522			$pconfig['ldap_protver'],
523			array_combine($ldap_protvers, $ldap_protvers)
524			));
525
526	d6b4dfe3	jim-p	$section->addInput(new Form_Input(
527			'ldap_timeout',
528			'Server Timeout',
529			'number',
530			$pconfig['ldap_timeout'],
531			['placeholder' => 25]
532			))->setHelp('Timeout for LDAP operations (seconds)');
533
534	905f6119	Stephen Beaver	$group = new Form_Group('Search scope');
535
536	c84db5bb	Stephen Beaver	$SSF = new Form_Select(
537	a0165602	Sjon Hortensius	'ldap_scope',
538	c84db5bb	Stephen Beaver	'Level',
539	a0165602	Sjon Hortensius	$pconfig['ldap_scope'],
540			$ldap_scopes
541	c84db5bb	Stephen Beaver	);
542	df8fca9d	Stephen Beaver
543	c84db5bb	Stephen Beaver	$SSB = new Form_Input(
544	a0165602	Sjon Hortensius	'ldap_basedn',
545			'Base DN',
546			'text',
547			$pconfig['ldap_basedn']
548	c84db5bb	Stephen Beaver	);
549	905f6119	Stephen Beaver
550	c84db5bb	Stephen Beaver
551			$section->addInput(new Form_StaticText(
552			'Search scope',
553			'Level ' . $SSF . '<br />' . 'Base DN' . $SSB
554			));
555	a0165602	Sjon Hortensius
556			$group = new Form_Group('Authentication containers');
557			$group->add(new Form_Input(
558			'ldapauthcontainers',
559			'Containers',
560			'text',
561			$pconfig['ldap_authcn']
562			))->setHelp('Note: Semi-Colon separated. This will be prepended to the search '.
563			'base dn above or you can specify full container path containing a dc= '.
564			'component.<br/>Example: CN=Users;DC=example,DC=com or OU=Staff;OU=Freelancers');
565	504bd882	Stephen Beaver
566	a0165602	Sjon Hortensius	$group->add(new Form_Button(
567			'Select',
568	501efbd2	Stephen Beaver	'Select a container'
569			))->removeClass('btn-primary')->addClass('btn-default');
570
571	a0165602	Sjon Hortensius	$section->add($group);
572
573	2e101d89	Sander van Leeuwen	$section->addInput(new Form_Checkbox(
574	a0165602	Sjon Hortensius	'ldap_extended_enabled',
575	2e101d89	Sander van Leeuwen	'Extended query',
576			'Enable extended query',
577	a0165602	Sjon Hortensius	$pconfig['ldap_extended_enabled']
578	e39a41e9	Stephen Beaver	));
579	a0165602	Sjon Hortensius
580	2e101d89	Sander van Leeuwen	$group = new Form_Group('Query');
581	e39a41e9	Stephen Beaver	$group->addClass('extended');
582
583	a0165602	Sjon Hortensius	$group->add(new Form_Input(
584			'ldap_extended_query',
585	2e101d89	Sander van Leeuwen	'Query',
586	a0165602	Sjon Hortensius	'text',
587			$pconfig['ldap_extended_query']
588	2e101d89	Sander van Leeuwen	))->setHelp('Example: &(objectClass=inetOrgPerson)(mail=*@example.com)');
589
590	a0165602	Sjon Hortensius	$section->add($group);
591
592			$section->addInput(new Form_Checkbox(
593			'ldap_anon',
594			'Bind anonymous',
595			'Use anonymous binds to resolve distinguished names',
596			$pconfig['ldap_anon']
597	b0909f2e	Stephen Beaver	));
598	a0165602	Sjon Hortensius
599			$group = new Form_Group('Bind credentials');
600	b0909f2e	Stephen Beaver	$group->addClass('ldapanon');
601
602	a0165602	Sjon Hortensius	$group->add(new Form_Input(
603			'ldap_binddn',
604			'User DN:',
605			'text',
606			$pconfig['ldap_binddn']
607			));
608	b0909f2e	Stephen Beaver
609	a0165602	Sjon Hortensius	$group->add(new Form_Input(
610			'ldap_bindpw',
611			'Password',
612			'text',
613			$pconfig['ldap_bindpw']
614			));
615			$section->add($group);
616
617	ac9d8bed	Stephen Beaver	if (!isset($id)) {
618			$template_list = array();
619
620			foreach($ldap_templates as $option => $template) {
621			$template_list[$option] = $template['desc'];
622			}
623	a0165602	Sjon Hortensius
624			$section->addInput(new Form_Select(
625			'ldap_tmpltype',
626			'Initial Template',
627			$pconfig['ldap_template'],
628	ac9d8bed	Stephen Beaver	$template_list
629	a0165602	Sjon Hortensius	));
630	fbf672cb	Matthew Grooms	}
631
632	a0165602	Sjon Hortensius	$section->addInput(new Form_Input(
633			'ldap_attr_user',
634			'User naming attribute',
635			'text',
636			$pconfig['ldap_attr_user']
637			));
638
639			$section->addInput(new Form_Input(
640			'ldap_attr_group',
641			'Group naming attribute',
642			'text',
643			$pconfig['ldap_attr_group']
644			));
645
646			$section->addInput(new Form_Input(
647			'ldap_attr_member',
648			'Group member attribute',
649			'text',
650			$pconfig['ldap_attr_member']
651			));
652
653	149efbea	jim-p	$section->addInput(new Form_Checkbox(
654			'ldap_rfc2307',
655			'RFC 2307 Groups',
656			'LDAP Server uses RFC 2307 style group membership',
657			$pconfig['ldap_rfc2307']
658			))->setHelp('RFC 2307 style group membership has members listed on the group '.
659			'object rather than using groups listed on user object. Leave unchecked '.
660			'for Active Directory style group membership (RFC 2307bis).');
661
662			$section->addInput(new Form_Input(
663			'ldap_attr_groupobj',
664			'Group Object Class',
665			'text',
666			$pconfig['ldap_attr_groupobj'],
667			['placeholder' => 'posixGroup']
668			))->setHelp('Object class used for groups in RFC2307 mode. '.
669			'Typically "posixGroup" or "group".');
670
671	a0165602	Sjon Hortensius	$section->addInput(new Form_Checkbox(
672			'ldap_utf8',
673			'UTF8 Encode',
674			'UTF8 encode LDAP parameters before sending them to the server.',
675			$pconfig['ldap_utf8']
676			))->setHelp('Required to support international characters, but may not be '.
677			'supported by every LDAP server.');
678
679			$section->addInput(new Form_Checkbox(
680			'ldap_nostrip_at',
681			'Username Alterations',
682			'Do not strip away parts of the username after the @ symbol',
683			$pconfig['ldap_nostrip_at']
684			))->setHelp('e.g. user@host becomes user when unchecked.');
685
686			$form->add($section);
687	6157f724	Stephen Beaver
688			// ==== RADIUS section ========================================================
689	a0165602	Sjon Hortensius	$section = new Form_Section('Radius Server Settings');
690	44d906ca	Sjon Hortensius	$section->addClass('toggle-radius collapse');
691	a0165602	Sjon Hortensius
692			$section->addInput(new Form_Input(
693			'radius_host',
694			'Hostname or IP address',
695			'text',
696			$pconfig['radius_host']
697			));
698
699			$section->addInput(new Form_Input(
700			'radius_secret',
701			'Shared Secret',
702			'text',
703			$pconfig['radius_secret']
704			));
705
706			$section->addInput(new Form_Select(
707			'radius_srvcs',
708			'Services offered',
709			$pconfig['radius_srvcs'],
710			$radius_srvcs
711			));
712
713			$section->addInput(new Form_Input(
714			'radius_auth_port',
715	81ec3187	Chris Buechler	'Authentication port',
716	a0165602	Sjon Hortensius	'number',
717	df5d8616	Stephen Beaver	$pconfig['radius_auth_port']
718	a0165602	Sjon Hortensius	));
719
720			$section->addInput(new Form_Input(
721			'radius_acct_port',
722	df5d8616	Stephen Beaver	'Accounting port',
723	a0165602	Sjon Hortensius	'number',
724			$pconfig['radius_acct_port']
725			));
726
727			$section->addInput(new Form_Input(
728			'radius_timeout',
729			'Authentication Timeout',
730			'number',
731			$pconfig['radius_timeout']
732			))->setHelp('This value controls how long, in seconds, that the RADIUS '.
733			'server may take to respond to an authentication request. If left blank, the '.
734			'default value is 5 seconds. NOTE: If you are using an interactive two-factor '.
735			'authentication system, increase this timeout to account for how long it will '.
736			'take the user to receive and enter a token.');
737
738			if (isset($id) && $a_server[$id])
739			{
740			$section->addInput(new Form_Input(
741			'id',
742			null,
743			'hidden',
744			$id
745			));
746	6306b5dd	Ermal Lu?i	}
747	a0165602	Sjon Hortensius
748			$form->add($section);
749			print $form;
750	ac9d8bed	Stephen Beaver	?>
751			<script>
752			//<![CDATA[
753			events.push(function(){
754	501efbd2	Stephen Beaver	function select_clicked() {
755			if (document.getElementById("ldap_port").value == '' \|\|
756	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_host").value == '' \|\|
757			document.getElementById("ldap_scope").value == '' \|\|
758			document.getElementById("ldap_basedn").value == '' \|\|
759			document.getElementById("ldapauthcontainers").value == '') {
760	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the required values.");?>");
761			return;
762			}
763	7b4b0ad3	Stephen Beaver
764	501efbd2	Stephen Beaver	if (!document.getElementById("ldap_anon").checked) {
765			if (document.getElementById("ldap_binddn").value == '' \|\|
766	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_bindpw").value == '') {
767	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the bind username/password.");?>");
768			return;
769			}
770			}
771			var url = 'system_usermanager_settings_ldapacpicker.php?';
772			url += 'port=' + document.getElementById("ldap_port").value;
773			url += '&host=' + document.getElementById("ldap_host").value;
774			url += '&scope=' + document.getElementById("ldap_scope").value;
775			url += '&basedn=' + document.getElementById("ldap_basedn").value;
776			url += '&binddn=' + document.getElementById("ldap_binddn").value;
777			url += '&bindpw=' + document.getElementById("ldap_bindpw").value;
778			url += '&urltype=' + document.getElementById("ldap_urltype").value;
779			url += '&proto=' + document.getElementById("ldap_protver").value;
780			url += '&authcn=' + document.getElementById("ldapauthcontainers").value;
781			<?php if (count($a_ca) > 0): ?>
782			url += '&cert=' + document.getElementById("ldap_caref").value;
783			<?php else: ?>
784			url += '&cert=';
785			<?php endif; ?>
786	7b4b0ad3	Stephen Beaver
787	501efbd2	Stephen Beaver	var oWin = window.open(url, "pfSensePop", "width=620,height=400,top=150,left=150");
788			if (oWin == null \|\| typeof(oWin) == "undefined") {
789	7b4b0ad3	Stephen Beaver	alert("<?=gettext('Popup blocker detected. Action aborted.');?>");
790	501efbd2	Stephen Beaver	}
791			}
792	7b4b0ad3	Stephen Beaver
793	f3a43095	Stephen Beaver	function set_ldap_port() {
794	7b4b0ad3	Stephen Beaver	if($('#ldap_urltype').find(":selected").index() == 0)
795	f3a43095	Stephen Beaver	$('#ldap_port').val('389');
796			else
797	7b4b0ad3	Stephen Beaver	$('#ldap_port').val('636');
798			}
799
800			// Hides all elements of the specified class. This will usually be a section
801			function hideClass(s_class, hide) {
802			if(hide)
803			$('.' + s_class).hide();
804			else
805			$('.' + s_class).show();
806	f3a43095	Stephen Beaver	}
807	7b4b0ad3	Stephen Beaver
808	ac9d8bed	Stephen Beaver	function ldap_tmplchange() {
809			switch ($('#ldap_tmpltype').find(":selected").index()) {
810			<?php
811			$index = 0;
812			foreach ($ldap_templates as $tmpldata):
813			?>
814			case <?=$index;?>:
815			$('#ldap_attr_user').val("<?=$tmpldata['attr_user'];?>");
816			$('#ldap_attr_group').val("<?=$tmpldata['attr_group'];?>");
817			$('#ldap_attr_member').val("<?=$tmpldata['attr_member'];?>");
818			break;
819			<?php
820			$index++;
821			endforeach;
822			?>
823			}
824			}
825	a0165602	Sjon Hortensius
826	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
827	c4302457	Stephen Beaver
828			<?php if ($act != 'edit') : ?>
829	ac9d8bed	Stephen Beaver	ldap_tmplchange();
830	c4302457	Stephen Beaver	<?php endif; ?>
831
832	b0909f2e	Stephen Beaver	hideClass('ldapanon', $('#ldap_anon').prop('checked'));
833	501efbd2	Stephen Beaver	$("#Select").prop('type','button');
834	e39a41e9	Stephen Beaver	hideClass('extended', !$('#ldap_extended_enabled').prop('checked'));
835	7b4b0ad3	Stephen Beaver
836	f3a43095	Stephen Beaver	if($('#ldap_port').val() == "")
837			set_ldap_port();
838	ac9d8bed	Stephen Beaver
839	ea342b0f	Stephen Beaver	<?php
840			if($act == 'edit') {
841			?>
842	6157f724	Stephen Beaver	$('#type option:not(:selected)').each(function(){
843	7b4b0ad3	Stephen Beaver	$(this).attr('disabled', 'disabled');
844	6157f724	Stephen Beaver	});
845	7b4b0ad3	Stephen Beaver
846	2138c41b	Stephen Beaver	<?php
847			if(!$input_errors) {
848	7b4b0ad3	Stephen Beaver	?>
849	6157f724	Stephen Beaver	$('#name').prop("readonly", true);
850	ea342b0f	Stephen Beaver	<?php
851	2138c41b	Stephen Beaver	}
852	ea342b0f	Stephen Beaver	}
853			?>
854	eef93144	Jared Dillard	// ---------- Click checkbox handlers ---------------------------------------------------------
855
856	ac9d8bed	Stephen Beaver	$('#ldap_tmpltype').on('change', function() {
857			ldap_tmplchange();
858			});
859	b0909f2e	Stephen Beaver
860	7b4b0ad3	Stephen Beaver	$('#ldap_anon').click(function () {
861			hideClass('ldapanon', this.checked);
862			});
863
864	f3a43095	Stephen Beaver	$('#ldap_urltype').on('change', function() {
865			set_ldap_port();
866	7b4b0ad3	Stephen Beaver	});
867
868			$('#Select').click(function () {
869			select_clicked();
870			});
871	504bd882	Stephen Beaver
872	e39a41e9	Stephen Beaver	$('#ldap_extended_enabled').click(function () {
873			hideClass('extended', !this.checked);
874			});
875	504bd882	Stephen Beaver
876	ac9d8bed	Stephen Beaver	});
877			//]]>
878			</script>
879			<?php
880	81ec3187	Chris Buechler	include("foot.inc");

Project

General

Profile

pfSense