/src/usr/local/www/system_authservers.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_authservers.php @ 48a44422

1	fbf672cb	Matthew Grooms	<?php
2			/*
3	c5d81585	Renato Botelho	* system_authservers.php
4	ac9d8bed	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	37d60e23	Luiz Souza	* Copyright (c) 2014-2025 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* Copyright (c) 2008 Shrew Soft Inc
10			* All rights reserved.
11	ac9d8bed	Stephen Beaver	*
12	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
13			* you may not use this file except in compliance with the License.
14			* You may obtain a copy of the License at
15	ac9d8bed	Stephen Beaver	*
16	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
17	ac9d8bed	Stephen Beaver	*
18	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
19			* distributed under the License is distributed on an "AS IS" BASIS,
20			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21			* See the License for the specific language governing permissions and
22			* limitations under the License.
23	ac9d8bed	Stephen Beaver	*/
24	fbf672cb	Matthew Grooms
25			##\|+PRIV
26			##\|*IDENT=page-system-authservers
27			##\|*NAME=System: Authentication Servers
28			##\|*DESCR=Allow access to the 'System: Authentication Servers' page.
29	57188e47	Phil Davis	##\|*WARN=standard-warning-root
30	fbf672cb	Matthew Grooms	##\|MATCH=system_authservers.php
31			##\|-PRIV
32
33	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
34	acee624f	Ermal Lu?i	require_once("auth.inc");
35	b4097bca	doktornotor	require_once("pfsense-utils.inc");
36	fbf672cb	Matthew Grooms
37	098604d3	Stephen Beaver	// Have we been called to populate the "Select a container" modal?
38			if ($_REQUEST['ajax']) {
39
40			$ous = array();
41			$authcfg = array();
42
43			$authcfg['ldap_port'] = $_REQUEST['port'];
44			$authcfg['ldap_basedn'] = $_REQUEST['basedn'];
45			$authcfg['host'] = $_REQUEST['host'];
46			$authcfg['ldap_scope'] = $_REQUEST['scope'];
47			$authcfg['ldap_binddn'] = $_REQUEST['binddn'];
48			$authcfg['ldap_bindpw'] = $_REQUEST['bindpw'];
49			$authcfg['ldap_urltype'] = $_REQUEST['urltype'];
50			$authcfg['ldap_protver'] = $_REQUEST['proto'];
51			$authcfg['ldap_authcn'] = explode(";", $_REQUEST['authcn']);
52			$authcfg['ldap_caref'] = $_REQUEST['cert'];
53
54			$ous = ldap_get_user_ous(true, $authcfg);
55
56			if (empty($ous)) {
57	89140b63	NOYB	print('<span class="text-danger">Could not connect to the LDAP server. Please check the LDAP configuration.</span>');
58	098604d3	Stephen Beaver	} else {
59	697b1e07	Stephen Beaver	$modal = new Modal("Select LDAP containers for authentication", "containers", true);
60	098604d3	Stephen Beaver	$group = new Form_MultiCheckboxGroup('Containers');
61
62			if (is_array($ous)) {
63			$idx = 0;
64
65			foreach ($ous as $ou) {
66			$group->add(new Form_MultiCheckbox(
67			'ou' . $idx,
68			'',
69			$ou,
70			in_array($ou, $authcfg['ldap_authcn']),
71			$ou
72			));
73
74			$idx++;
75			}
76			}
77
78	697b1e07	Stephen Beaver	$modal->add($group);
79	098604d3	Stephen Beaver
80			// Create a "Save button"
81	697b1e07	Stephen Beaver
82			$btnsv = new Form_Button(
83	098604d3	Stephen Beaver	'svcontbtn',
84			'Save',
85			null,
86	e6f78714	Marcos Mendoza	'fa-solid fa-save'
87	098604d3	Stephen Beaver	);
88
89	697b1e07	Stephen Beaver	$btnsv->removeClass("btn-default)")->addClass("btn-primary");
90	098604d3	Stephen Beaver
91	697b1e07	Stephen Beaver	$modal->addInput(new Form_StaticText(
92	098604d3	Stephen Beaver	'',
93	697b1e07	Stephen Beaver	$btnsv
94	098604d3	Stephen Beaver	));
95
96	697b1e07	Stephen Beaver	print($modal);
97	098604d3	Stephen Beaver	}
98
99			exit;
100			}
101
102	4cd7b4b4	Marcos Mendoza	$id = is_numericint($_REQUEST['id']) ? $_REQUEST['id'] : null;
103	fbf672cb	Matthew Grooms
104	4e4cac0d	jim-p	$a_server = array_values(auth_get_authserver_list());
105	59d06739	Steve Beaver
106	4611e283	Steve Beaver	$act = $_REQUEST['act'];
107	fbf672cb	Matthew Grooms
108	57dc81ea	Viktor G	if ($act == 'dup') {
109			$dup = true;
110			$act = 'edit';
111			}
112
113	4611e283	Steve Beaver	if ($_POST['act'] == "del") {
114	fbf672cb	Matthew Grooms
115	59d06739	Steve Beaver	if (!$a_server[$_POST['id']]) {
116	fbf672cb	Matthew Grooms	pfSenseHeader("system_authservers.php");
117			exit;
118			}
119
120	9db6993f	jim-p	/* Remove server from main list. */
121	59d06739	Steve Beaver	$serverdeleted = $a_server[$_POST['id']]['name'];
122	ac0a027f	Christian McDonald	foreach (config_get_path('system/authserver', []) as $k => $as) {
123			if ($as['name'] == $serverdeleted) {
124	7e3ea4a8	Christian McDonald	config_del_path("system/authserver/{$k}");
125	2ee8dea1	Phil Davis	}
126	9db6993f	jim-p	}
127
128			/* Remove server from temp list used later on this page. */
129	59d06739	Steve Beaver	unset($a_server[$_POST['id']]);
130	4e4cac0d	jim-p	$a_server = array_values($a_server);
131	9db6993f	jim-p
132	8545adde	k-paulius	$savemsg = sprintf(gettext("Authentication Server %s deleted."), htmlspecialchars($serverdeleted));
133	9db6993f	jim-p	write_config($savemsg);
134	fbf672cb	Matthew Grooms	}
135
136			if ($act == "edit") {
137			if (isset($id) && $a_server[$id]) {
138
139			$pconfig['type'] = $a_server[$id]['type'];
140	57dc81ea	Viktor G	if (!$dup) {
141			$pconfig['name'] = $a_server[$id]['name'];
142			}
143	fbf672cb	Matthew Grooms
144			if ($pconfig['type'] == "ldap") {
145	fe2031ab	Ermal	$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
146	fbf672cb	Matthew Grooms	$pconfig['ldap_host'] = $a_server[$id]['host'];
147			$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
148	d6b4dfe3	jim-p	$pconfig['ldap_timeout'] = $a_server[$id]['ldap_timeout'];
149	fbf672cb	Matthew Grooms	$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
150			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
151			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
152			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
153	c61e4626	Ermal Lu?i	$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
154	c7073ebf	namezero111111	$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
155			$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
156	fbf672cb	Matthew Grooms	$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
157			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
158			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
159			$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
160			$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
161	149efbea	jim-p	$pconfig['ldap_attr_groupobj'] = $a_server[$id]['ldap_attr_groupobj'];
162	ca8459cd	Viktor G	$pconfig['ldap_pam_groupdn'] = $a_server[$id]['ldap_pam_groupdn'];
163	a5cd1c5a	jim-p	$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
164			$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
165	eeceb2ca	Augustin-FL	$pconfig['ldap_allow_unauthenticated'] = isset($a_server[$id]['ldap_allow_unauthenticated']);
166	149efbea	jim-p	$pconfig['ldap_rfc2307'] = isset($a_server[$id]['ldap_rfc2307']);
167	3f6151d7	Viktor G	$pconfig['ldap_rfc2307_userdn'] = isset($a_server[$id]['ldap_rfc2307_userdn']);
168	fbf672cb	Matthew Grooms
169	2ee8dea1	Phil Davis	if (!$pconfig['ldap_binddn'] \|\| !$pconfig['ldap_bindpw']) {
170	fbf672cb	Matthew Grooms	$pconfig['ldap_anon'] = true;
171	2ee8dea1	Phil Davis	}
172	fbf672cb	Matthew Grooms	}
173
174			if ($pconfig['type'] == "radius") {
175	9da4a575	Renato Botelho	$pconfig['radius_protocol'] = $a_server[$id]['radius_protocol'];
176	fbf672cb	Matthew Grooms	$pconfig['radius_host'] = $a_server[$id]['host'];
177	f15fdef3	Augustin FL	$pconfig['radius_nasip_attribute'] = $a_server[$id]['radius_nasip_attribute'];
178	fbf672cb	Matthew Grooms	$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
179			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
180	e8a58de4	Ermal Lu?i	$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
181	bddd2be8	jim-p	$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
182	fbf672cb	Matthew Grooms
183			if ($pconfig['radius_auth_port'] &&
184	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
185	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "both";
186			}
187
188	2ee8dea1	Phil Davis	if ($pconfig['radius_auth_port'] &&
189	ac9d8bed	Stephen Beaver	!$pconfig['radius_acct_port']) {
190	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "auth";
191	acee624f	Ermal Lu?i	$pconfig['radius_acct_port'] = 1813;
192	fbf672cb	Matthew Grooms	}
193
194			if (!$pconfig['radius_auth_port'] &&
195	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
196	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "acct";
197	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = 1812;
198	fbf672cb	Matthew Grooms	}
199
200			}
201			}
202			}
203
204			if ($act == "new") {
205			$pconfig['ldap_protver'] = 3;
206			$pconfig['ldap_anon'] = true;
207	9da4a575	Renato Botelho	$pconfig['radius_protocol'] = "MSCHAPv2";
208	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "both";
209	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = "1812";
210			$pconfig['radius_acct_port'] = "1813";
211	fbf672cb	Matthew Grooms	}
212
213	57dc81ea	Viktor G	if ($dup) {
214			unset($id);
215			}
216
217	59d06739	Steve Beaver	if ($_POST['save']) {
218	fbf672cb	Matthew Grooms	unset($input_errors);
219			$pconfig = $_POST;
220
221			/* input validation */
222
223			if ($pconfig['type'] == "ldap") {
224	2ee8dea1	Phil Davis	$reqdfields = explode(" ",
225			"name type ldap_host ldap_port " .
226			"ldap_urltype ldap_protver ldap_scope " .
227			"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
228	7b4b0ad3	Stephen Beaver
229	257705ca	Renato Botelho	$reqdfieldsn = array(
230			gettext("Descriptive name"),
231			gettext("Type"),
232			gettext("Hostname or IP"),
233			gettext("Port value"),
234			gettext("Transport"),
235			gettext("Protocol version"),
236			gettext("Search level"),
237			gettext("User naming Attribute"),
238			gettext("Group naming Attribute"),
239			gettext("Group member attribute"),
240			gettext("Authentication container"));
241	fbf672cb	Matthew Grooms
242			if (!$pconfig['ldap_anon']) {
243			$reqdfields[] = "ldap_binddn";
244			$reqdfields[] = "ldap_bindpw";
245	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Bind user DN");
246			$reqdfieldsn[] = gettext("Bind Password");
247	fbf672cb	Matthew Grooms	}
248			}
249
250			if ($pconfig['type'] == "radius") {
251	9da4a575	Renato Botelho	$reqdfields = explode(" ", "name type radius_protocol radius_host radius_srvcs");
252	257705ca	Renato Botelho	$reqdfieldsn = array(
253			gettext("Descriptive name"),
254			gettext("Type"),
255	9da4a575	Renato Botelho	gettext("Radius Protocol"),
256	257705ca	Renato Botelho	gettext("Hostname or IP"),
257			gettext("Services"));
258	fbf672cb	Matthew Grooms
259	0a6ab475	hamnur	if ($pconfig['radius_srvcs'] == "both" \|\|
260			$pconfig['radius_srvcs'] == "auth") {
261	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_auth_port";
262	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Authentication port");
263	fbf672cb	Matthew Grooms	}
264
265	0a6ab475	hamnur	if ($pconfig['radius_srvcs'] == "both" \|\|
266			$pconfig['radius_srvcs'] == "acct") {
267	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_acct_port";
268	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Accounting port");
269	fbf672cb	Matthew Grooms	}
270
271			if (!isset($id)) {
272			$reqdfields[] = "radius_secret";
273	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Shared Secret");
274	fbf672cb	Matthew Grooms	}
275			}
276
277	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
278	fbf672cb	Matthew Grooms
279	2ee8dea1	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host'])) {
280	fbf672cb	Matthew Grooms	$input_errors[] = gettext("The host name contains invalid characters.");
281	2ee8dea1	Phil Davis	}
282	fbf672cb	Matthew Grooms
283	2ee8dea1	Phil Davis	if (auth_get_authserver($pconfig['name']) && !isset($id)) {
284	257705ca	Renato Botelho	$input_errors[] = gettext("An authentication server with the same name already exists.");
285	2ee8dea1	Phil Davis	}
286	acee624f	Ermal Lu?i
287	63d6bb4f	Marcos Mendoza	if (isset($id) && config_get_path("system/authserver/{$id}") &&
288			(config_get_path("system/authserver/{$id}/name") != $pconfig['name'])) {
289	24c4275d	jim-p	$input_errors[] = gettext("The name of an authentication server cannot be changed.");
290			}
291
292	d6b4dfe3	jim-p	if (($pconfig['type'] == "ldap") \|\| ($pconfig['type'] == "radius")) {
293			$to_field = "{$pconfig['type']}_timeout";
294			if (isset($_POST[$to_field]) && !empty($_POST[$to_field]) && (!is_numeric($_POST[$to_field]) \|\| (is_numeric($_POST[$to_field]) && ($_POST[$to_field] <= 0)))) {
295			$input_errors[] = sprintf(gettext("%s Timeout value must be numeric and positive."), strtoupper($pconfig['type']));
296			}
297	2ee8dea1	Phil Davis	}
298	bddd2be8	jim-p
299	63d6bb4f	Marcos Mendoza	if (($pconfig['type'] == 'ldap') && config_path_enabled('system/webgui', 'shellauth') &&
300			(config_get_path('system/webgui/authmode') == $pconfig['name']) && empty($pconfig['ldap_pam_groupdn'])) {
301	ca8459cd	Viktor G	$input_errors[] = gettext("Shell Authentication Group DN must be specified if " .
302			"Shell Authentication is enabled for appliance.");
303			}
304
305	fbf672cb	Matthew Grooms	if (!$input_errors) {
306			$server = array();
307			$server['refid'] = uniqid();
308	2ee8dea1	Phil Davis	if (isset($id) && $a_server[$id]) {
309	fbf672cb	Matthew Grooms	$server = $a_server[$id];
310	2ee8dea1	Phil Davis	}
311	fbf672cb	Matthew Grooms
312			$server['type'] = $pconfig['type'];
313			$server['name'] = $pconfig['name'];
314
315			if ($server['type'] == "ldap") {
316
317	2ee8dea1	Phil Davis	if (!empty($pconfig['ldap_caref'])) {
318	fe2031ab	Ermal	$server['ldap_caref'] = $pconfig['ldap_caref'];
319	2ee8dea1	Phil Davis	}
320	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['ldap_host'];
321			$server['ldap_port'] = $pconfig['ldap_port'];
322			$server['ldap_urltype'] = $pconfig['ldap_urltype'];
323			$server['ldap_protver'] = $pconfig['ldap_protver'];
324			$server['ldap_scope'] = $pconfig['ldap_scope'];
325			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
326	c61e4626	Ermal Lu?i	$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
327	c7073ebf	namezero111111	$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
328			$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
329	fbf672cb	Matthew Grooms	$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
330			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
331			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
332	149efbea	jim-p
333			$server['ldap_attr_groupobj'] = empty($pconfig['ldap_attr_groupobj']) ? "posixGroup" : $pconfig['ldap_attr_groupobj'];
334	ca8459cd	Viktor G	$server['ldap_pam_groupdn'] = $pconfig['ldap_pam_groupdn'];
335	149efbea	jim-p
336	2ee8dea1	Phil Davis	if ($pconfig['ldap_utf8'] == "yes") {
337	a5cd1c5a	jim-p	$server['ldap_utf8'] = true;
338	2ee8dea1	Phil Davis	} else {
339	a5cd1c5a	jim-p	unset($server['ldap_utf8']);
340	2ee8dea1	Phil Davis	}
341			if ($pconfig['ldap_nostrip_at'] == "yes") {
342	a5cd1c5a	jim-p	$server['ldap_nostrip_at'] = true;
343	2ee8dea1	Phil Davis	} else {
344	a5cd1c5a	jim-p	unset($server['ldap_nostrip_at']);
345	2ee8dea1	Phil Davis	}
346	eeceb2ca	Augustin-FL	if ($pconfig['ldap_allow_unauthenticated'] == "yes") {
347			$server['ldap_allow_unauthenticated'] = true;
348			} else {
349			unset($server['ldap_allow_unauthenticated']);
350			}
351	149efbea	jim-p	if ($pconfig['ldap_rfc2307'] == "yes") {
352			$server['ldap_rfc2307'] = true;
353			} else {
354			unset($server['ldap_rfc2307']);
355			}
356	3f6151d7	Viktor G	if ($pconfig['ldap_rfc2307_userdn'] == "yes") {
357			$server['ldap_rfc2307_userdn'] = true;
358			} else {
359			unset($server['ldap_rfc2307_userdn']);
360			}
361	a5cd1c5a	jim-p
362	fbf672cb	Matthew Grooms
363			if (!$pconfig['ldap_anon']) {
364			$server['ldap_binddn'] = $pconfig['ldap_binddn'];
365			$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
366			} else {
367			unset($server['ldap_binddn']);
368			unset($server['ldap_bindpw']);
369			}
370	d6b4dfe3	jim-p
371			if ($pconfig['ldap_timeout']) {
372			$server['ldap_timeout'] = $pconfig['ldap_timeout'];
373			} else {
374			$server['ldap_timeout'] = 25;
375			}
376	fbf672cb	Matthew Grooms	}
377
378			if ($server['type'] == "radius") {
379
380	9da4a575	Renato Botelho	$server['radius_protocol'] = $pconfig['radius_protocol'];
381	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['radius_host'];
382	f15fdef3	Augustin FL	$server['radius_nasip_attribute'] = $pconfig['radius_nasip_attribute'];
383	fbf672cb	Matthew Grooms
384	2ee8dea1	Phil Davis	if ($pconfig['radius_secret']) {
385	fbf672cb	Matthew Grooms	$server['radius_secret'] = $pconfig['radius_secret'];
386	2ee8dea1	Phil Davis	}
387	fbf672cb	Matthew Grooms
388	2ee8dea1	Phil Davis	if ($pconfig['radius_timeout']) {
389	bddd2be8	jim-p	$server['radius_timeout'] = $pconfig['radius_timeout'];
390	2ee8dea1	Phil Davis	} else {
391	afdf29d3	jim-p	$server['radius_timeout'] = 5;
392	2ee8dea1	Phil Davis	}
393	bddd2be8	jim-p
394	fbf672cb	Matthew Grooms	if ($pconfig['radius_srvcs'] == "both") {
395			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
396			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
397			}
398
399			if ($pconfig['radius_srvcs'] == "auth") {
400			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
401			unset($server['radius_acct_port']);
402			}
403
404			if ($pconfig['radius_srvcs'] == "acct") {
405			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
406			unset($server['radius_auth_port']);
407			}
408			}
409
410	63d6bb4f	Marcos Mendoza	if (isset($id) && config_get_path("system/authserver/{$id}")) {
411			config_set_path("system/authserver/{$id}", $server);
412	2ee8dea1	Phil Davis	} else {
413	63d6bb4f	Marcos Mendoza	config_set_path('system/authserver/', $server);
414	2ee8dea1	Phil Davis	}
415	fbf672cb	Matthew Grooms
416	63d6bb4f	Marcos Mendoza	if (config_path_enabled('system/webgui', 'shellauth') &&
417			(config_get_path('system/webgui/authmode') == $pconfig['name'])) {
418	ca8459cd	Viktor G	set_pam_auth();
419			}
420
421	e85ae672	Renato Botelho do Couto	write_config("Authentication Servers settings saved");
422	fbf672cb	Matthew Grooms
423			pfSenseHeader("system_authservers.php");
424			}
425			}
426
427	f15fdef3	Augustin FL	function build_radiusnas_list() {
428			$list = array();
429
430			$iflist = get_configured_interface_with_descr();
431			foreach ($iflist as $ifdesc => $ifdescr) {
432			$ipaddr = get_interface_ip($ifdesc);
433			if (is_ipaddr($ipaddr)) {
434			$list[$ifdesc] = $ifdescr . ' - ' . $ipaddr;
435			}
436			}
437
438	216cca9c	Christian McDonald	foreach (config_get_path('virtualip/vip', []) as $sn) {
439	79eec8e2	Christian McDonald	if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
440			$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
441			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
442			$len = $end - $start;
443
444			for ($i = 0; $i <= $len; $i++) {
445			$snip = long2ip32($start+$i);
446			$list[$snip] = $sn['descr'] . ' - ' . $snip;
447	f15fdef3	Augustin FL	}
448	79eec8e2	Christian McDonald	} else {
449			$list[$sn['subnet']] = $sn['descr'] . ' - ' . $sn['subnet'];
450	f15fdef3	Augustin FL	}
451			}
452
453	79eec8e2	Christian McDonald
454	f15fdef3	Augustin FL	return($list);
455			}
456
457	1d3259b5	Stephen Beaver	// On error, restore the form contents so the user doesn't have to re-enter too much
458	9d3e8723	Phil Davis	if ($_POST && $input_errors) {
459	504bd882	Stephen Beaver	$pconfig = $_POST;
460			$pconfig['ldap_authcn'] = $_POST['ldapauthcontainers'];
461	b1f0f7e1	Stephen Beaver	$pconfig['ldap_template'] = $_POST['ldap_tmpltype'];
462	504bd882	Stephen Beaver	}
463
464	8f1ab2a4	k-paulius	$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Authentication Servers"));
465	edcd7535	Phil Davis	$pglinks = array("", "system_usermanager.php", "system_authservers.php");
466	8f1ab2a4	k-paulius
467			if ($act == "new" \|\| $act == "edit" \|\| $input_errors) {
468			$pgtitle[] = gettext('Edit');
469	edcd7535	Phil Davis	$pglinks[] = "@self";
470	8f1ab2a4	k-paulius	}
471			$shortcut_section = "authentication";
472	fbf672cb	Matthew Grooms	include("head.inc");
473
474	762faef5	Phil Davis	if ($input_errors) {
475	a0165602	Sjon Hortensius	print_input_errors($input_errors);
476	762faef5	Phil Davis	}
477	7b4b0ad3	Stephen Beaver
478	762faef5	Phil Davis	if ($savemsg) {
479	ea342b0f	Stephen Beaver	print_info_box($savemsg, 'success');
480	762faef5	Phil Davis	}
481	a0165602	Sjon Hortensius
482			$tab_array = array();
483	210eb1d6	jim-p	$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
484	a0165602	Sjon Hortensius	$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
485			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
486	210eb1d6	jim-p	$tab_array[] = array(gettext("Change Password"), false, "system_usermanager_passwordmg.php");
487	2d1f33d9	k-paulius	$tab_array[] = array(gettext("Authentication Servers"), true, "system_authservers.php");
488	a0165602	Sjon Hortensius	display_top_tabs($tab_array);
489
490	762faef5	Phil Davis	if (!($act == "new" \|\| $act == "edit" \|\| $input_errors)) {
491	060ed238	Stephen Beaver	?>
492			<div class="panel panel-default">
493	70dc5cd6	Phil Davis	<div class="panel-heading"><h2 class="panel-title"><?=gettext('Authentication Servers')?></h2></div>
494	060ed238	Stephen Beaver	<div class="panel-body">
495			<div class="table-responsive">
496	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
497	060ed238	Stephen Beaver	<thead>
498			<tr>
499			<th><?=gettext("Server Name")?></th>
500			<th><?=gettext("Type")?></th>
501			<th><?=gettext("Host Name")?></th>
502			<th><?=gettext("Actions")?></th>
503			</tr>
504			</thead>
505			<tbody>
506	9d3e8723	Phil Davis	<?php foreach ($a_server as $i => $server): ?>
507	060ed238	Stephen Beaver	<tr>
508			<td><?=htmlspecialchars($server['name'])?></td>
509			<td><?=htmlspecialchars($auth_server_types[$server['type']])?></td>
510			<td><?=htmlspecialchars($server['host'])?></td>
511			<td>
512			<?php if ($i < (count($a_server) - 1)): ?>
513	e0cb987c	Marcos Mendoza	<a class="fa-solid fa-pencil" title="<?=gettext("Edit server"); ?>" href="system_authservers.php?act=edit&id=<?=$i?>"></a>
514	c1d304b3	Marcos Mendoza	<a class="fa-regular fa-clone" title="<?=gettext("Copy server"); ?>" href="system_authservers.php?act=dup&id=<?=$i?>"></a>
515			<a class="fa-solid fa-trash-can" title="<?=gettext("Delete server")?>" href="system_authservers.php?act=del&id=<?=$i?>" usepost></a>
516	060ed238	Stephen Beaver	<?php endif?>
517			</td>
518			</tr>
519			<?php endforeach; ?>
520			</tbody>
521			</table>
522			</div>
523	94404d94	Sander van Leeuwen	</div>
524	060ed238	Stephen Beaver	</div>
525
526			<nav class="action-buttons">
527	4611e283	Steve Beaver	<a href="?act=new" class="btn btn-success btn-sm">
528	e0cb987c	Marcos Mendoza	<i class="fa-solid fa-plus icon-embed-btn"></i>
529	060ed238	Stephen Beaver	<?=gettext("Add")?>
530			</a>
531			</nav>
532	fbf672cb	Matthew Grooms	<?php
533	a0165602	Sjon Hortensius	include("foot.inc");
534			exit;
535	fbf672cb	Matthew Grooms	}
536
537	a0165602	Sjon Hortensius	$form = new Form;
538			$form->setAction('system_authservers.php?act=edit');
539	ea342b0f	Stephen Beaver
540	a0165602	Sjon Hortensius	$form->addGlobal(new Form_Input(
541			'userid',
542			null,
543			'hidden',
544			$id
545			));
546
547	5f88f964	k-paulius	$section = new Form_Section('Server Settings');
548	a0165602	Sjon Hortensius
549			$section->addInput($input = new Form_Input(
550			'name',
551	153c3aa6	Phil Davis	'*Descriptive name',
552	a0165602	Sjon Hortensius	'text',
553			$pconfig['name']
554			));
555
556			$section->addInput($input = new Form_Select(
557			'type',
558	153c3aa6	Phil Davis	'*Type',
559	a0165602	Sjon Hortensius	$pconfig['type'],
560			$auth_server_types
561	44d906ca	Sjon Hortensius	))->toggles();
562	a0165602	Sjon Hortensius
563			$form->add($section);
564	6157f724	Stephen Beaver
565			// ==== LDAP settings =========================================================
566	a0165602	Sjon Hortensius	$section = new Form_Section('LDAP Server Settings');
567	44d906ca	Sjon Hortensius	$section->addClass('toggle-ldap collapse');
568	a0165602	Sjon Hortensius
569			if (!isset($pconfig['type']) \|\| $pconfig['type'] == 'ldap')
570			$section->addClass('in');
571
572			$section->addInput(new Form_Input(
573			'ldap_host',
574	153c3aa6	Phil Davis	'*Hostname or IP address',
575	a0165602	Sjon Hortensius	'text',
576			$pconfig['ldap_host']
577	f764f63a	jim-p	))->setHelp('NOTE: When using SSL/TLS or STARTTLS, this hostname MUST match a Subject '.
578			'Alternative Name (SAN) or the Common Name (CN) of the LDAP server SSL/TLS Certificate.');
579	a0165602	Sjon Hortensius
580			$section->addInput(new Form_Input(
581			'ldap_port',
582	153c3aa6	Phil Davis	'*Port value',
583	a0165602	Sjon Hortensius	'number',
584			$pconfig['ldap_port']
585			));
586
587			$section->addInput(new Form_Select(
588			'ldap_urltype',
589	153c3aa6	Phil Davis	'*Transport',
590	a0165602	Sjon Hortensius	$pconfig['ldap_urltype'],
591			array_combine(array_keys($ldap_urltypes), array_keys($ldap_urltypes))
592			));
593
594	16a6bf51	Viktor G	$ldapCaRef = array('global' => 'Global Root CA List');
595	26308930	Marcos Mendoza	foreach (config_get_path('ca', []) as $ca) {
596	16a6bf51	Viktor G	$ldapCaRef[$ca['refid']] = $ca['descr'];
597	fbf672cb	Matthew Grooms	}
598
599	16a6bf51	Viktor G	$section->addInput(new Form_Select(
600			'ldap_caref',
601			'Peer Certificate Authority',
602			$pconfig['ldap_caref'],
603			$ldapCaRef
604			))->setHelp('This CA is used to validate the LDAP server certificate when '.
605			'\'SSL/TLS Encrypted\' or \'STARTTLS Encrypted\' Transport is active. '.
606			'This CA must match the CA used by the LDAP server.');
607
608	a0165602	Sjon Hortensius	$section->addInput(new Form_Select(
609			'ldap_protver',
610	153c3aa6	Phil Davis	'*Protocol version',
611	a0165602	Sjon Hortensius	$pconfig['ldap_protver'],
612			array_combine($ldap_protvers, $ldap_protvers)
613			));
614
615	d6b4dfe3	jim-p	$section->addInput(new Form_Input(
616			'ldap_timeout',
617			'Server Timeout',
618			'number',
619			$pconfig['ldap_timeout'],
620			['placeholder' => 25]
621			))->setHelp('Timeout for LDAP operations (seconds)');
622
623	905f6119	Stephen Beaver	$group = new Form_Group('Search scope');
624
625	c84db5bb	Stephen Beaver	$SSF = new Form_Select(
626	a0165602	Sjon Hortensius	'ldap_scope',
627	153c3aa6	Phil Davis	'*Level',
628	a0165602	Sjon Hortensius	$pconfig['ldap_scope'],
629			$ldap_scopes
630	c84db5bb	Stephen Beaver	);
631	df8fca9d	Stephen Beaver
632	c84db5bb	Stephen Beaver	$SSB = new Form_Input(
633	a0165602	Sjon Hortensius	'ldap_basedn',
634			'Base DN',
635			'text',
636			$pconfig['ldap_basedn']
637	c84db5bb	Stephen Beaver	);
638	905f6119	Stephen Beaver
639	c84db5bb	Stephen Beaver
640			$section->addInput(new Form_StaticText(
641			'Search scope',
642			'Level ' . $SSF . '<br />' . 'Base DN' . $SSB
643			));
644	a0165602	Sjon Hortensius
645	5520839e	Phil Davis	$group = new Form_Group('*Authentication containers');
646	a0165602	Sjon Hortensius	$group->add(new Form_Input(
647			'ldapauthcontainers',
648	5520839e	Phil Davis	'Containers',
649	a0165602	Sjon Hortensius	'text',
650			$pconfig['ldap_authcn']
651			))->setHelp('Note: Semi-Colon separated. This will be prepended to the search '.
652	89140b63	NOYB	'base dn above or the full container path can be specified containing a dc= '.
653	781d9ce4	Phil Davis	'component.%1$sExample: CN=Users;DC=example,DC=com or OU=Staff;OU=Freelancers', '<br/>');
654	504bd882	Stephen Beaver
655	a0165602	Sjon Hortensius	$group->add(new Form_Button(
656			'Select',
657	faab522f	Renato Botelho	'Select a container',
658	2e7fa7ca	jim-p	null,
659	e6f78714	Marcos Mendoza	'fa-solid fa-search'
660	347c0214	Phil Davis	))->setAttribute('type','button')->addClass('btn-info');
661	501efbd2	Stephen Beaver
662	a0165602	Sjon Hortensius	$section->add($group);
663
664	2e101d89	Sander van Leeuwen	$section->addInput(new Form_Checkbox(
665	a0165602	Sjon Hortensius	'ldap_extended_enabled',
666	2e101d89	Sander van Leeuwen	'Extended query',
667			'Enable extended query',
668	a0165602	Sjon Hortensius	$pconfig['ldap_extended_enabled']
669	e39a41e9	Stephen Beaver	));
670	a0165602	Sjon Hortensius
671	2e101d89	Sander van Leeuwen	$group = new Form_Group('Query');
672	e39a41e9	Stephen Beaver	$group->addClass('extended');
673
674	a0165602	Sjon Hortensius	$group->add(new Form_Input(
675			'ldap_extended_query',
676	2e101d89	Sander van Leeuwen	'Query',
677	a0165602	Sjon Hortensius	'text',
678			$pconfig['ldap_extended_query']
679	0a9163aa	Steve Powers	))->setHelp('Example (MSAD): memberOf=CN=Groupname,OU=MyGroups,DC=example,DC=com<br>Example (2307): \|(&(objectClass=posixGroup)(cn=Groupname)(memberUid=))(&(objectClass=posixGroup)(cn=anotherGroup)(memberUid=))');
680	2e101d89	Sander van Leeuwen
681	a0165602	Sjon Hortensius	$section->add($group);
682
683			$section->addInput(new Form_Checkbox(
684			'ldap_anon',
685			'Bind anonymous',
686			'Use anonymous binds to resolve distinguished names',
687			$pconfig['ldap_anon']
688	b0909f2e	Stephen Beaver	));
689	a0165602	Sjon Hortensius
690	153c3aa6	Phil Davis	$group = new Form_Group('*Bind credentials');
691	b0909f2e	Stephen Beaver	$group->addClass('ldapanon');
692
693	a0165602	Sjon Hortensius	$group->add(new Form_Input(
694			'ldap_binddn',
695			'User DN:',
696			'text',
697			$pconfig['ldap_binddn']
698			));
699	b0909f2e	Stephen Beaver
700	a0165602	Sjon Hortensius	$group->add(new Form_Input(
701			'ldap_bindpw',
702			'Password',
703	1c1f08f9	Stephen Beaver	'password',
704	a0165602	Sjon Hortensius	$pconfig['ldap_bindpw']
705			));
706			$section->add($group);
707
708	ac9d8bed	Stephen Beaver	if (!isset($id)) {
709			$template_list = array();
710
711	9d3e8723	Phil Davis	foreach ($ldap_templates as $option => $template) {
712	ac9d8bed	Stephen Beaver	$template_list[$option] = $template['desc'];
713			}
714	a0165602	Sjon Hortensius
715			$section->addInput(new Form_Select(
716			'ldap_tmpltype',
717			'Initial Template',
718			$pconfig['ldap_template'],
719	ac9d8bed	Stephen Beaver	$template_list
720	a0165602	Sjon Hortensius	));
721	fbf672cb	Matthew Grooms	}
722
723	a0165602	Sjon Hortensius	$section->addInput(new Form_Input(
724			'ldap_attr_user',
725	153c3aa6	Phil Davis	'*User naming attribute',
726	a0165602	Sjon Hortensius	'text',
727			$pconfig['ldap_attr_user']
728			));
729
730			$section->addInput(new Form_Input(
731			'ldap_attr_group',
732	153c3aa6	Phil Davis	'*Group naming attribute',
733	a0165602	Sjon Hortensius	'text',
734			$pconfig['ldap_attr_group']
735			));
736
737			$section->addInput(new Form_Input(
738			'ldap_attr_member',
739	153c3aa6	Phil Davis	'*Group member attribute',
740	a0165602	Sjon Hortensius	'text',
741			$pconfig['ldap_attr_member']
742			));
743
744	149efbea	jim-p	$section->addInput(new Form_Checkbox(
745			'ldap_rfc2307',
746			'RFC 2307 Groups',
747			'LDAP Server uses RFC 2307 style group membership',
748			$pconfig['ldap_rfc2307']
749			))->setHelp('RFC 2307 style group membership has members listed on the group '.
750			'object rather than using groups listed on user object. Leave unchecked '.
751			'for Active Directory style group membership (RFC 2307bis).');
752
753	3f6151d7	Viktor G	$group = new Form_Group('RFC 2307 User DN');
754			$group->addClass('ldap_rfc2307_userdn');
755
756			$group->add(new Form_Checkbox(
757			'ldap_rfc2307_userdn',
758			'RFC 2307 user DN',
759			'RFC 2307 Use DN for username search.',
760			$pconfig['ldap_rfc2307_userdn']
761			))->setHelp('Use DN for username search, i.e. "(member=CN=Username,CN=Users,DC=example,DC=com)".');
762
763			$section->add($group);
764
765	149efbea	jim-p	$section->addInput(new Form_Input(
766			'ldap_attr_groupobj',
767			'Group Object Class',
768			'text',
769			$pconfig['ldap_attr_groupobj'],
770			['placeholder' => 'posixGroup']
771			))->setHelp('Object class used for groups in RFC2307 mode. '.
772			'Typically "posixGroup" or "group".');
773
774	ca8459cd	Viktor G	$section->addInput(new Form_Input(
775			'ldap_pam_groupdn',
776			'Shell Authentication Group DN',
777			'text',
778			$pconfig['ldap_pam_groupdn']
779			))->setHelp('If LDAP server is used for shell authentication, user must be a member ' .
780			'of this group and have a valid posixAccount attributes to be able to login.%s Example: CN=Remoteshellusers,CN=Users,DC=example,DC=com',
781			'<br/>');
782
783	a0165602	Sjon Hortensius	$section->addInput(new Form_Checkbox(
784			'ldap_utf8',
785			'UTF8 Encode',
786			'UTF8 encode LDAP parameters before sending them to the server.',
787			$pconfig['ldap_utf8']
788			))->setHelp('Required to support international characters, but may not be '.
789			'supported by every LDAP server.');
790
791			$section->addInput(new Form_Checkbox(
792			'ldap_nostrip_at',
793			'Username Alterations',
794			'Do not strip away parts of the username after the @ symbol',
795			$pconfig['ldap_nostrip_at']
796			))->setHelp('e.g. user@host becomes user when unchecked.');
797
798	eeceb2ca	Augustin-FL	$section->addInput(new Form_Checkbox(
799			'ldap_allow_unauthenticated',
800			'Allow unauthenticated bind',
801			'Allow unauthenticated bind',
802	322f9f6c	jim-p	$pconfig['ldap_allow_unauthenticated']
803	eeceb2ca	Augustin-FL	))->setHelp('Unauthenticated binds are bind with an existing login but with an empty password. '.
804	4864d7f6	Josh Soref	'Some LDAP servers (Microsoft AD) allow this type of bind without any possibility to disable it.');
805	eeceb2ca	Augustin-FL
806	a0165602	Sjon Hortensius	$form->add($section);
807	6157f724	Stephen Beaver
808			// ==== RADIUS section ========================================================
809	7aaf60a8	k-paulius	$section = new Form_Section('RADIUS Server Settings');
810	44d906ca	Sjon Hortensius	$section->addClass('toggle-radius collapse');
811	a0165602	Sjon Hortensius
812	9da4a575	Renato Botelho	$section->addInput(new Form_Select(
813			'radius_protocol',
814	153c3aa6	Phil Davis	'*Protocol',
815	9da4a575	Renato Botelho	$pconfig['radius_protocol'],
816			$radius_protocol
817			));
818
819	a0165602	Sjon Hortensius	$section->addInput(new Form_Input(
820			'radius_host',
821	153c3aa6	Phil Davis	'*Hostname or IP address',
822	a0165602	Sjon Hortensius	'text',
823			$pconfig['radius_host']
824			));
825
826			$section->addInput(new Form_Input(
827			'radius_secret',
828	153c3aa6	Phil Davis	'*Shared Secret',
829	406a904b	jim-p	'password',
830	a0165602	Sjon Hortensius	$pconfig['radius_secret']
831			));
832
833			$section->addInput(new Form_Select(
834			'radius_srvcs',
835	153c3aa6	Phil Davis	'*Services offered',
836	a0165602	Sjon Hortensius	$pconfig['radius_srvcs'],
837			$radius_srvcs
838			));
839
840			$section->addInput(new Form_Input(
841			'radius_auth_port',
842	81ec3187	Chris Buechler	'Authentication port',
843	a0165602	Sjon Hortensius	'number',
844	df5d8616	Stephen Beaver	$pconfig['radius_auth_port']
845	a0165602	Sjon Hortensius	));
846
847			$section->addInput(new Form_Input(
848			'radius_acct_port',
849	df5d8616	Stephen Beaver	'Accounting port',
850	a0165602	Sjon Hortensius	'number',
851			$pconfig['radius_acct_port']
852			));
853
854			$section->addInput(new Form_Input(
855			'radius_timeout',
856			'Authentication Timeout',
857			'number',
858			$pconfig['radius_timeout']
859			))->setHelp('This value controls how long, in seconds, that the RADIUS '.
860			'server may take to respond to an authentication request. If left blank, the '.
861	89140b63	NOYB	'default value is 5 seconds. NOTE: If using an interactive two-factor '.
862	a0165602	Sjon Hortensius	'authentication system, increase this timeout to account for how long it will '.
863			'take the user to receive and enter a token.');
864
865	f15fdef3	Augustin FL	$section->addInput(new Form_Select(
866			'radius_nasip_attribute',
867			'RADIUS NAS IP Attribute',
868			$pconfig['radius_nasip_attribute'],
869			build_radiusnas_list()
870	4864d7f6	Josh Soref	))->setHelp('Enter the IP to use for the "NAS-IP-Address" attribute during RADIUS Access-Requests.<br />'.
871	f15fdef3	Augustin FL	'Please note that this choice won\'t change the interface used for contacting the RADIUS server.');
872
873	a0165602	Sjon Hortensius	if (isset($id) && $a_server[$id])
874			{
875	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
876	a0165602	Sjon Hortensius	'id',
877			null,
878			'hidden',
879			$id
880			));
881	6306b5dd	Ermal Lu?i	}
882	a0165602	Sjon Hortensius
883			$form->add($section);
884	098604d3	Stephen Beaver
885			// Create a largely empty modal to show the available containers. We will populate it via AJAX later
886			$modal = new Modal("LDAP containers", "containers", true);
887
888			$form->add($modal);
889
890	a0165602	Sjon Hortensius	print $form;
891	ac9d8bed	Stephen Beaver	?>
892	8fd9052f	Colin Fleming	<script type="text/javascript">
893	ac9d8bed	Stephen Beaver	//<![CDATA[
894	098604d3	Stephen Beaver	events.push(function() {
895
896			// Create an AJAX request (to this page) to get the container list and controls
897	501efbd2	Stephen Beaver	function select_clicked() {
898			if (document.getElementById("ldap_port").value == '' \|\|
899	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_host").value == '' \|\|
900			document.getElementById("ldap_scope").value == '' \|\|
901			document.getElementById("ldap_basedn").value == '' \|\|
902			document.getElementById("ldapauthcontainers").value == '') {
903	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the required values.");?>");
904			return;
905			}
906	7b4b0ad3	Stephen Beaver
907	501efbd2	Stephen Beaver	if (!document.getElementById("ldap_anon").checked) {
908			if (document.getElementById("ldap_binddn").value == '' \|\|
909	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_bindpw").value == '') {
910	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the bind username/password.");?>");
911			return;
912			}
913			}
914	098604d3	Stephen Beaver
915			var ajaxRequest;
916			var authserver = $('#authmode').val();
917			var cert;
918
919	26308930	Marcos Mendoza	<?php if (count(config_get_path('ca', [])) > 0): ?>
920	098604d3	Stephen Beaver	cert = $('#ldap_caref').val();
921			<?php else: ?>
922			cert = '';
923			<?php endif; ?>
924	697b1e07	Stephen Beaver	/*
925	098604d3	Stephen Beaver	$('#containers').modal('show');
926	79df3d68	Stephen Beaver	$('#serverlist').parent('div').prev('label').remove();
927			$('#serverlist').parent('div').removeClass("col-sm-10");
928			$('#serverlist').parent('div').addClass("col-sm-12");
929	697b1e07	Stephen Beaver	*/
930	098604d3	Stephen Beaver	ajaxRequest = $.ajax(
931			{
932			url: "/system_authservers.php",
933			type: "post",
934			data: {
935			ajax: "ajax",
936			port: $('#ldap_port').val(),
937			host: $('#ldap_host').val(),
938			scope: $('#ldap_scope').val(),
939			basedn: $('#ldap_basedn').val(),
940			binddn: $('#ldap_binddn').val(),
941			bindpw: $('#ldap_bindpw').val(),
942			urltype:$('#ldap_urltype').val(),
943			proto: $('#ldap_protver').val(),
944			authcn: $('#ldapauthcontainers').val(),
945			cert: cert
946			}
947			}
948			);
949
950			// Deal with the results of the above ajax call
951			ajaxRequest.done(function (response, textStatus, jqXHR) {
952	697b1e07	Stephen Beaver	$('#containers').replaceWith(response);
953
954			$('#containers').modal('show');
955	098604d3	Stephen Beaver
956			// The button handler needs to be here because until the modal has been populated
957			// the controls we need to attach handlers to do not exist
958			$('#svcontbtn').prop("type", "button");
959			$('#svcontbtn').removeAttr("href");
960
961			$('#svcontbtn').click(function () {
962			var ous = $('[id^=ou]').length;
963			var i;
964
965			$('#ldapauthcontainers').val("");
966
967			for (i = 0; i < ous; i++) {
968			if ($('#ou' + i).prop("checked")) {
969			if ($('#ldapauthcontainers').val() != "") {
970			$('#ldapauthcontainers').val($('#ldapauthcontainers').val() +";");
971			}
972
973			$('#ldapauthcontainers').val($('#ldapauthcontainers').val() + $('#ou' + i).val());
974			}
975			}
976
977			$('#containers').modal('hide');
978			});
979			});
980
981	501efbd2	Stephen Beaver	}
982	7b4b0ad3	Stephen Beaver
983	f3a43095	Stephen Beaver	function set_ldap_port() {
984	d672403c	derelict-pf	if ($('#ldap_urltype').find(":selected").index() == 2)
985	7b4b0ad3	Stephen Beaver	$('#ldap_port').val('636');
986	d672403c	derelict-pf	else
987			$('#ldap_port').val('389');
988	7b4b0ad3	Stephen Beaver	}
989
990	153c3aa6	Phil Davis	function set_required_port_fields() {
991			if (document.getElementById("radius_srvcs").value == 'auth') {
992			setRequired('radius_auth_port', true);
993			setRequired('radius_acct_port', false);
994			} else if (document.getElementById("radius_srvcs").value == 'acct') {
995			setRequired('radius_auth_port', false);
996			setRequired('radius_acct_port', true);
997			} else { // both
998			setRequired('radius_auth_port', true);
999			setRequired('radius_acct_port', true);
1000			}
1001			}
1002
1003	7b4b0ad3	Stephen Beaver	// Hides all elements of the specified class. This will usually be a section
1004			function hideClass(s_class, hide) {
1005	9d3e8723	Phil Davis	if (hide)
1006	7b4b0ad3	Stephen Beaver	$('.' + s_class).hide();
1007			else
1008			$('.' + s_class).show();
1009	f3a43095	Stephen Beaver	}
1010	7b4b0ad3	Stephen Beaver
1011	ac9d8bed	Stephen Beaver	function ldap_tmplchange() {
1012			switch ($('#ldap_tmpltype').find(":selected").index()) {
1013			<?php
1014			$index = 0;
1015			foreach ($ldap_templates as $tmpldata):
1016			?>
1017			case <?=$index;?>:
1018			$('#ldap_attr_user').val("<?=$tmpldata['attr_user'];?>");
1019			$('#ldap_attr_group').val("<?=$tmpldata['attr_group'];?>");
1020			$('#ldap_attr_member').val("<?=$tmpldata['attr_member'];?>");
1021	eeceb2ca	Augustin-FL	$("#ldap_allow_unauthenticated").attr("checked", <?=$tmpldata['allow_unauthenticated'];?>);
1022	ac9d8bed	Stephen Beaver	break;
1023			<?php
1024			$index++;
1025			endforeach;
1026			?>
1027			}
1028			}
1029	a0165602	Sjon Hortensius
1030	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
1031	782922c2	Stephen Beaver
1032	c4302457	Stephen Beaver	<?php if ($act != 'edit') : ?>
1033	ac9d8bed	Stephen Beaver	ldap_tmplchange();
1034	c4302457	Stephen Beaver	<?php endif; ?>
1035
1036	b0909f2e	Stephen Beaver	hideClass('ldapanon', $('#ldap_anon').prop('checked'));
1037	e39a41e9	Stephen Beaver	hideClass('extended', !$('#ldap_extended_enabled').prop('checked'));
1038	3f6151d7	Viktor G	hideClass('ldap_rfc2307_userdn', !$('#ldap_rfc2307').prop('checked'));
1039	153c3aa6	Phil Davis	set_required_port_fields();
1040	7b4b0ad3	Stephen Beaver
1041	9d3e8723	Phil Davis	if ($('#ldap_port').val() == "")
1042	f3a43095	Stephen Beaver	set_ldap_port();
1043	ac9d8bed	Stephen Beaver
1044	ea342b0f	Stephen Beaver	<?php
1045	9d3e8723	Phil Davis	if ($act == 'edit') {
1046	ea342b0f	Stephen Beaver	?>
1047	6157f724	Stephen Beaver	$('#type option:not(:selected)').each(function(){
1048	7b4b0ad3	Stephen Beaver	$(this).attr('disabled', 'disabled');
1049	6157f724	Stephen Beaver	});
1050	7b4b0ad3	Stephen Beaver
1051	2138c41b	Stephen Beaver	<?php
1052	57dc81ea	Viktor G	if (!$input_errors && !$dup) {
1053	7b4b0ad3	Stephen Beaver	?>
1054	6157f724	Stephen Beaver	$('#name').prop("readonly", true);
1055	ea342b0f	Stephen Beaver	<?php
1056	2138c41b	Stephen Beaver	}
1057	ea342b0f	Stephen Beaver	}
1058			?>
1059	eef93144	Jared Dillard	// ---------- Click checkbox handlers ---------------------------------------------------------
1060	782922c2	Stephen Beaver
1061	ac9d8bed	Stephen Beaver	$('#ldap_tmpltype').on('change', function() {
1062			ldap_tmplchange();
1063			});
1064	b0909f2e	Stephen Beaver
1065	7b4b0ad3	Stephen Beaver	$('#ldap_anon').click(function () {
1066			hideClass('ldapanon', this.checked);
1067			});
1068
1069	f3a43095	Stephen Beaver	$('#ldap_urltype').on('change', function() {
1070			set_ldap_port();
1071	7b4b0ad3	Stephen Beaver	});
1072
1073			$('#Select').click(function () {
1074			select_clicked();
1075			});
1076	504bd882	Stephen Beaver
1077	e39a41e9	Stephen Beaver	$('#ldap_extended_enabled').click(function () {
1078			hideClass('extended', !this.checked);
1079			});
1080	504bd882	Stephen Beaver
1081	3f6151d7	Viktor G	$('#ldap_rfc2307').click(function () {
1082			hideClass('ldap_rfc2307_userdn', !this.checked);
1083			});
1084
1085	153c3aa6	Phil Davis	$('#radius_srvcs').on('change', function() {
1086			set_required_port_fields();
1087			});
1088
1089	ac9d8bed	Stephen Beaver	});
1090			//]]>
1091			</script>
1092			<?php
1093	81ec3187	Chris Buechler	include("foot.inc");

Project

General

Profile

pfSense