/src/usr/local/www/system_usermanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_usermanager.php @ 69eefb50

1	1df17ba9	Scott Ullrich	<?php
2	fab7ff44	Bill Marquette	/*
3	4c291f4c	Renato Botelho	system_usermanager.php
4	fab7ff44	Bill Marquette	*/
5	7d2e572f	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7			* Copyright (c) 2008 Shrew Soft Inc.
8			* Copyright (c) 2005 Paul Taylor <paultaylor@winn-dixie.com>
9			*
10	cb41dd63	Renato Botelho	* Some or all of this file is based on the m0n0wall project which is
11			* Copyright (c) 2004 Manuel Kasper (BSD 2 clause)
12	191cb31d	Stephen Beaver	*
13	7d2e572f	Stephen Beaver	* Redistribution and use in source and binary forms, with or without modification,
14			* are permitted provided that the following conditions are met:
15			*
16			* 1. Redistributions of source code must retain the above copyright notice,
17			* this list of conditions and the following disclaimer.
18			*
19			* 2. Redistributions in binary form must reproduce the above copyright
20			* notice, this list of conditions and the following disclaimer in
21			* the documentation and/or other materials provided with the
22			* distribution.
23			*
24			* 3. All advertising materials mentioning features or use of this software
25			* must display the following acknowledgment:
26			* "This product includes software developed by the pfSense Project
27			* for use in the pfSense software distribution. (http://www.pfsense.org/).
28			*
29			* 4. The names "pfSense" and "pfSense Project" must not be used to
30			* endorse or promote products derived from this software without
31			* prior written permission. For written permission, please contact
32			* coreteam@pfsense.org.
33			*
34			* 5. Products derived from this software may not be called "pfSense"
35			* nor may "pfSense" appear in their names without prior written
36			* permission of the Electric Sheep Fencing, LLC.
37			*
38			* 6. Redistributions of any form whatsoever must retain the following
39			* acknowledgment:
40			*
41			* "This product includes software developed by the pfSense Project
42			* for use in the pfSense software distribution (http://www.pfsense.org/).
43			*
44			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
45			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
46			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
47			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
48			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
49			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
50			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
51			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
53			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
55			* OF THE POSSIBILITY OF SUCH DAMAGE.
56			*
57			* ====================================================================
58			*
59			*/
60	1d333258	Scott Ullrich	/*
61	3ccb9689	Charlie Marshall	pfSense_BUILDER_BINARIES:
62	7411c285	Stephen Beaver	pfSense_MODULE: auth
63	1d333258	Scott Ullrich	*/
64	fab7ff44	Bill Marquette
65	6b07c15a	Matthew Grooms	##\|+PRIV
66			##\|*IDENT=page-system-usermanager
67	5230f468	jim-p	##\|*NAME=System: User Manager
68	6b07c15a	Matthew Grooms	##\|*DESCR=Allow access to the 'System: User Manager' page.
69			##\|MATCH=system_usermanager.php
70			##\|-PRIV
71
72	ead24d63	sullrich	require("certs.inc");
73	fab7ff44	Bill Marquette	require("guiconfig.inc");
74
75	e33be77c	Ermal	// start admin user code
76	461487c2	Phil Davis	$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Users"));
77	fab7ff44	Bill Marquette
78	73fa304b	Phil Davis	if (isset($_POST['userid']) && is_numericint($_POST['userid'])) {
79	1a6769a6	Renato Botelho	$id = $_POST['userid'];
80	73fa304b	Phil Davis	}
81	1df17ba9	Scott Ullrich
82	7411c285	Stephen Beaver	if (isset($_GET['userid']) && is_numericint($_GET['userid'])) {
83			$id = $_GET['userid'];
84			}
85
86	73fa304b	Phil Davis	if (!isset($config['system']['user']) \|\| !is_array($config['system']['user'])) {
87	e33be77c	Ermal	$config['system']['user'] = array();
88	73fa304b	Phil Davis	}
89	1df17ba9	Scott Ullrich
90	e33be77c	Ermal	$a_user = &$config['system']['user'];
91	7411c285	Stephen Beaver	$act = $_GET['act'];
92	45ee90ed	Matthew Grooms
93	73fa304b	Phil Davis	if (isset($_SERVER['HTTP_REFERER'])) {
94	7c2d0050	Renato Botelho	$referer = $_SERVER['HTTP_REFERER'];
95	73fa304b	Phil Davis	} else {
96	7c2d0050	Renato Botelho	$referer = '/system_usermanager.php';
97	73fa304b	Phil Davis	}
98	7c2d0050	Renato Botelho
99	adacdf5f	jim-p	if (isset($id) && $a_user[$id]) {
100			$pconfig['usernamefld'] = $a_user[$id]['name'];
101			$pconfig['descr'] = $a_user[$id]['descr'];
102			$pconfig['expires'] = $a_user[$id]['expires'];
103			$pconfig['groups'] = local_user_get_groups($a_user[$id]);
104			$pconfig['utype'] = $a_user[$id]['scope'];
105			$pconfig['uid'] = $a_user[$id]['uid'];
106			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
107			$pconfig['priv'] = $a_user[$id]['priv'];
108			$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
109			$pconfig['disabled'] = isset($a_user[$id]['disabled']);
110			}
111
112	43acaa2f	Stephen Beaver	if ($_GET['act'] == "deluser") {
113	45ee90ed	Matthew Grooms
114	43acaa2f	Stephen Beaver	if (!isset($_GET['username']) \|\| !isset($a_user[$id]) \|\| ($_GET['username'] != $a_user[$id]['name'])) {
115	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
116			exit;
117	6b07c15a	Matthew Grooms	}
118
119	8a0ae97f	Renato Botelho	conf_mount_rw();
120	e33be77c	Ermal	local_user_del($a_user[$id]);
121	8a0ae97f	Renato Botelho	conf_mount_ro();
122	e33be77c	Ermal	$userdeleted = $a_user[$id]['name'];
123			unset($a_user[$id]);
124			write_config();
125			$savemsg = gettext("User")." {$userdeleted} ".
126	8cd558b6	ayvis	gettext("successfully deleted")."<br />";
127	e33be77c	Ermal	}
128	7411c285	Stephen Beaver	else if ($act == "new") {
129	e33be77c	Ermal	/*
130			* set this value cause the text field is read only
131			* and the user should not be able to mess with this
132			* setting.
133			*/
134			$pconfig['utype'] = "user";
135			$pconfig['lifetime'] = 3650;
136			}
137	45ee90ed	Matthew Grooms
138	64c31615	Stephen Beaver	if (isset($_POST['dellall'])) {
139	4e21c82e	bruno
140			$del_users = $_POST['delete_check'];
141
142	73fa304b	Phil Davis	if (!empty($del_users)) {
143			foreach ($del_users as $userid) {
144	4e21c82e	bruno	if (isset($a_user[$userid]) && $a_user[$userid]['scope'] != "system") {
145			conf_mount_rw();
146			local_user_del($a_user[$userid]);
147	64c31615	Stephen Beaver	conf_mount_ro();
148	4e21c82e	bruno	unset($a_user[$userid]);
149			}
150			}
151			$savemsg = gettext("Selected users removed successfully!");
152			write_config($savemsg);
153			}
154			}
155
156	98402844	Stephen Beaver	if ($_POST['act'] == "delcert") {
157
158			if (!$a_user[$id]) {
159			pfSenseHeader("system_usermanager.php");
160			exit;
161			}
162
163			$certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
164			$certdeleted = $certdeleted['descr'];
165			unset($a_user[$id]['cert'][$_POST['certid']]);
166			write_config();
167			$_POST['act'] = "edit";
168			$savemsg = gettext("Certificate") . " {$certdeleted} " . gettext("association removed.") . "<br />";
169			}
170	64c31615	Stephen Beaver
171	945204b1	Stephen Beaver	if ($_POST['act'] == "delprivid") {
172			$privdeleted = $priv_list[$a_user[$id]['priv'][$_POST['privid']]]['name'];
173			unset($a_user[$id]['priv'][$_POST['privid']]);
174			local_user_set($a_user[$id]);
175			write_config();
176			$_POST['act'] = "edit";
177			$savemsg = gettext("Privilege ") . $privdeleted . gettext(" removed") . "<br />";
178	4c879f95	heper	}
179	98402844	Stephen Beaver
180	1a6769a6	Renato Botelho	if ($_POST['save']) {
181	e33be77c	Ermal	unset($input_errors);
182			$pconfig = $_POST;
183	45ee90ed	Matthew Grooms
184	e33be77c	Ermal	/* input validation */
185			if (isset($id) && ($a_user[$id])) {
186			$reqdfields = explode(" ", "usernamefld");
187			$reqdfieldsn = array(gettext("Username"));
188			} else {
189			if (empty($_POST['name'])) {
190			$reqdfields = explode(" ", "usernamefld passwordfld1");
191			$reqdfieldsn = array(
192			gettext("Username"),
193			gettext("Password"));
194	45ee90ed	Matthew Grooms	} else {
195	e33be77c	Ermal	$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
196			$reqdfieldsn = array(
197			gettext("Username"),
198			gettext("Password"),
199			gettext("Descriptive name"),
200			gettext("Certificate authority"),
201			gettext("Key length"),
202			gettext("Lifetime"));
203	45ee90ed	Matthew Grooms	}
204	e33be77c	Ermal	}
205	45ee90ed	Matthew Grooms
206	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
207	45ee90ed	Matthew Grooms
208	73fa304b	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) {
209	e33be77c	Ermal	$input_errors[] = gettext("The username contains invalid characters.");
210	73fa304b	Phil Davis	}
211	45ee90ed	Matthew Grooms
212	73fa304b	Phil Davis	if (strlen($_POST['usernamefld']) > 16) {
213	e33be77c	Ermal	$input_errors[] = gettext("The username is longer than 16 characters.");
214	73fa304b	Phil Davis	}
215	94d455da	jim-p
216	73fa304b	Phil Davis	if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) {
217	e33be77c	Ermal	$input_errors[] = gettext("The passwords do not match.");
218	73fa304b	Phil Davis	}
219	45ee90ed	Matthew Grooms
220	73fa304b	Phil Davis	if (isset($_POST['ipsecpsk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['ipsecpsk'])) {
221	123d8700	Renato Botelho	$input_errors[] = gettext("IPsec Pre-Shared Key contains invalid characters.");
222	73fa304b	Phil Davis	}
223	123d8700	Renato Botelho
224	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
225	e33be77c	Ermal	$oldusername = $a_user[$id]['name'];
226	73fa304b	Phil Davis	} else {
227	e33be77c	Ermal	$oldusername = "";
228	73fa304b	Phil Davis	}
229	e33be77c	Ermal	/* make sure this user name is unique */
230			if (!$input_errors) {
231			foreach ($a_user as $userent) {
232			if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
233			$input_errors[] = gettext("Another entry with the same username already exists.");
234			break;
235	58664cc9	Scott Ullrich	}
236	3dec33d4	Erik Fonnesbeck	}
237	e33be77c	Ermal	}
238			/* also make sure it is not reserved */
239			if (!$input_errors) {
240			$system_users = explode("\n", file_get_contents("/etc/passwd"));
241			foreach ($system_users as $s_user) {
242			$ent = explode(":", $s_user);
243			if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
244			$input_errors[] = gettext("That username is reserved by the system.");
245			break;
246	8339ab6d	jim-p	}
247	7e4a4513	Scott Ullrich	}
248	e33be77c	Ermal	}
249	1df17ba9	Scott Ullrich
250	e33be77c	Ermal	/*
251	e30050b6	Phil Davis	* Check for a valid expiration date if one is set at all (valid means,
252	4d148b59	Yehuda Katz	* DateTime puts out a time stamp so any DateTime compatible time
253	e33be77c	Ermal	* format may be used. to keep it simple for the enduser, we only
254			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
255			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
256	e30050b6	Phil Davis	* Otherwise such an entry would lead to an invalid expiration data.
257	e33be77c	Ermal	*/
258	73fa304b	Phil Davis	if ($_POST['expires']) {
259	4d148b59	Yehuda Katz	try {
260			$expdate = new DateTime($_POST['expires']);
261			//convert from any DateTime compatible date to MM/DD/YYYY
262			$_POST['expires'] = $expdate->format("m/d/Y");
263	73fa304b	Phil Davis	} catch (Exception $ex) {
264	e33be77c	Ermal	$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
265	0092b3bd	mgrooms	}
266	e33be77c	Ermal	}
267	0092b3bd	mgrooms
268	e33be77c	Ermal	if (!empty($_POST['name'])) {
269			$ca = lookup_ca($_POST['caref']);
270	73fa304b	Phil Davis	if (!$ca) {
271	4c291f4c	Renato Botelho	$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
272	73fa304b	Phil Davis	}
273	e33be77c	Ermal	}
274	c9794c06	Ermal
275	e33be77c	Ermal	/* if this is an AJAX caller then handle via JSON */
276			if (isAjax() && is_array($input_errors)) {
277			input_errors2Ajax($input_errors);
278			exit;
279			}
280	64c31615	Stephen Beaver
281	e33be77c	Ermal	if (!$input_errors) {
282	4ee51131	Sjon Hortensius
283
284	e33be77c	Ermal	conf_mount_rw();
285			$userent = array();
286	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
287	e33be77c	Ermal	$userent = $a_user[$id];
288	73fa304b	Phil Davis	}
289	e879fc81	Ermal
290	e33be77c	Ermal	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
291
292			/* the user name was modified */
293	926e0a2f	Phil Davis	if (!empty($_POST['oldusername']) && ($_POST['usernamefld'] <> $_POST['oldusername'])) {
294	e33be77c	Ermal	$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
295	fdcf104c	jim-p	local_user_del($userent);
296			}
297	1df17ba9	Scott Ullrich
298	e30050b6	Phil Davis	/* the user password was modified */
299	73fa304b	Phil Davis	if ($_POST['passwordfld1']) {
300	e33be77c	Ermal	local_user_set_password($userent, $_POST['passwordfld1']);
301	73fa304b	Phil Davis	}
302	1df17ba9	Scott Ullrich
303	e33be77c	Ermal	$userent['name'] = $_POST['usernamefld'];
304			$userent['descr'] = $_POST['descr'];
305			$userent['expires'] = $_POST['expires'];
306			$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
307			$userent['ipsecpsk'] = $_POST['ipsecpsk'];
308	3ccb9689	Charlie Marshall
309	73fa304b	Phil Davis	if ($_POST['disabled']) {
310	e33be77c	Ermal	$userent['disabled'] = true;
311	73fa304b	Phil Davis	} else {
312	e33be77c	Ermal	unset($userent['disabled']);
313	73fa304b	Phil Davis	}
314	e33be77c	Ermal
315	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
316	e33be77c	Ermal	$a_user[$id] = $userent;
317	73fa304b	Phil Davis	} else {
318	e33be77c	Ermal	if (!empty($_POST['name'])) {
319			$cert = array();
320			$cert['refid'] = uniqid();
321	4c291f4c	Renato Botelho	$userent['cert'] = array();
322	e33be77c	Ermal
323			$cert['descr'] = $_POST['name'];
324
325	4c291f4c	Renato Botelho	$subject = cert_get_subject_array($ca['crt']);
326	e33be77c	Ermal
327	4c291f4c	Renato Botelho	$dn = array(
328			'countryName' => $subject[0]['v'],
329			'stateOrProvinceName' => $subject[1]['v'],
330			'localityName' => $subject[2]['v'],
331			'organizationName' => $subject[3]['v'],
332			'emailAddress' => $subject[4]['v'],
333			'commonName' => $userent['name']);
334	e33be77c	Ermal
335			cert_create($cert, $_POST['caref'], $_POST['keylen'],
336			(int)$_POST['lifetime'], $dn);
337
338	73fa304b	Phil Davis	if (!is_array($config['cert'])) {
339	e33be77c	Ermal	$config['cert'] = array();
340	73fa304b	Phil Davis	}
341	e33be77c	Ermal	$config['cert'][] = $cert;
342			$userent['cert'][] = $cert['refid'];
343			}
344			$userent['uid'] = $config['system']['nextuid']++;
345			/* Add the user to All Users group. */
346			foreach ($config['system']['group'] as $gidx => $group) {
347			if ($group['name'] == "all") {
348	73fa304b	Phil Davis	if (!is_array($config['system']['group'][$gidx]['member'])) {
349	e33be77c	Ermal	$config['system']['group'][$gidx]['member'] = array();
350	73fa304b	Phil Davis	}
351	e33be77c	Ermal	$config['system']['group'][$gidx]['member'][] = $userent['uid'];
352			break;
353			}
354			}
355	970db70b	Scott Ullrich
356	e33be77c	Ermal	$a_user[] = $userent;
357	45ee90ed	Matthew Grooms	}
358	e33be77c	Ermal
359	900ce3b0	jim-p	/* Add user to groups so PHP can see the memberships properly or else the user's shell account does not get proper permissions (if applicable) See #5152. */
360			local_user_set_groups($userent,$_POST['groups']);
361	e33be77c	Ermal	local_user_set($userent);
362	900ce3b0	jim-p	/* Add user to groups again to ensure they are set everywhere, otherwise the user may not appear to be a member of the group. See commit:5372d26d9d25d751d16865ed9d46869d3b0ec5e1. */
363	73fa304b	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
364	e33be77c	Ermal	write_config();
365
366	73fa304b	Phil Davis	if (is_dir("/etc/inc/privhooks")) {
367	e33be77c	Ermal	run_plugins("/etc/inc/privhooks");
368	73fa304b	Phil Davis	}
369	e33be77c	Ermal
370			conf_mount_ro();
371	3ccb9689	Charlie Marshall
372	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
373	45ee90ed	Matthew Grooms	}
374	e33be77c	Ermal	}
375	fab7ff44	Bill Marquette
376	7411c285	Stephen Beaver	function build_priv_table() {
377			global $a_user, $id;
378
379			$privhtml = '<div class="table-responsive">';
380			$privhtml .= '<table class="table table-striped table-hover table-condensed">';
381			$privhtml .= '<thead>';
382	7d2e572f	Stephen Beaver	$privhtml .= '<tr>';
383			$privhtml .= '<th>' . gettext('Inherited from') . '</th>';
384			$privhtml .= '<th>' . gettext('Name') . '</th>';
385			$privhtml .= '<th>' . gettext('Description') . '</th>';
386			$privhtml .= '</tr>';
387	7411c285	Stephen Beaver	$privhtml .= '</thead>';
388			$privhtml .= '<tbody>';
389
390	945204b1	Stephen Beaver	$i = 0;
391
392			foreach (get_user_privdesc($a_user[$id]) as $priv) {
393			$group = false;
394			if ($priv['group']) {
395			$group = $priv['group'];
396			}
397
398	7411c285	Stephen Beaver	$privhtml .= '<tr>';
399			$privhtml .= '<td>' . htmlspecialchars($priv['group']) . '</td>';
400			$privhtml .= '<td>' . htmlspecialchars($priv['name']) . '</td>';
401			$privhtml .= '<td>' . htmlspecialchars($priv['descr']) . '</td>';
402	945204b1	Stephen Beaver	$privhtml .= '<td>';
403			if (!$group)
404			$privhtml .= '<a class="fa fa-trash no-confirm icon-pointer" title="'.gettext('Delete Privilege').'" id="delprivid' .$i. '"></a></td>';
405
406			$privhtml .= '</td>';
407	7411c285	Stephen Beaver	$privhtml .= '</tr>';
408	945204b1	Stephen Beaver
409			if(!$group)
410			$i++;
411	7411c285	Stephen Beaver	}
412
413			$privhtml .= '</tbody>';
414			$privhtml .= '</table>';
415			$privhtml .= '</div>';
416
417			$privhtml .= '<nav class="action-buttons">';
418			$privhtml .= '<a href="system_usermanager_addprivs.php?userid=' . $id . '" class="btn btn-success">' . gettext("Add") . '</a>';
419			$privhtml .= '</nav>';
420
421			return($privhtml);
422			}
423	98402844	Stephen Beaver
424	7411c285	Stephen Beaver	function build_cert_table() {
425			global $a_user, $id;
426
427			$certhtml = '<div class="table-responsive">';
428			$certhtml .= '<table class="table table-striped table-hover table-condensed">';
429			$certhtml .= '<thead>';
430	7d2e572f	Stephen Beaver	$certhtml .= '<tr>';
431			$certhtml .= '<th>' . gettext('Name') . '</th>';
432			$certhtml .= '<th>' . gettext('CA') . '</th>';
433	98402844	Stephen Beaver	$certhtml .= '<th></th>';
434	7d2e572f	Stephen Beaver	$certhtml .= '</tr>';
435	7411c285	Stephen Beaver	$certhtml .= '</thead>';
436			$certhtml .= '<tbody>';
437
438			$a_cert = $a_user[$id]['cert'];
439			if (is_array($a_cert)) {
440			$i = 0;
441			foreach ($a_cert as $certref) {
442	7d2e572f	Stephen Beaver	$cert = lookup_cert($certref);
443			$ca = lookup_ca($cert['caref']);
444			$revokedstr = is_cert_revoked($cert) ? '<b> Revoked</b>':'';
445
446	7411c285	Stephen Beaver	$certhtml .= '<tr>';
447	7d2e572f	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($cert['descr']) . $revokedstr . '</td>';
448	7411c285	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($ca['descr']) . '</td>';
449	db676e5b	Stephen Beaver	$certhtml .= '<td>';
450	945204b1	Stephen Beaver	$certhtml .= '<a id="delcert' . $i .'" class="fa fa-trash no-confirm icon-pointer" title="';
451	98402844	Stephen Beaver	$certhtml .= gettext('Remove this certificate association? (Certificate will not be deleted)') . '">Delete</a>';
452	db676e5b	Stephen Beaver	$certhtml .= '</td>';
453	7411c285	Stephen Beaver	$certhtml .= '</tr>';
454	db676e5b	Stephen Beaver	$i++;
455	7411c285	Stephen Beaver	}
456	db676e5b	Stephen Beaver
457	7411c285	Stephen Beaver	}
458
459			$certhtml .= '</tbody>';
460			$certhtml .= '</table>';
461			$certhtml .= '</div>';
462
463			$certhtml .= '<nav class="action-buttons">';
464			$certhtml .= '<a href="system_certmanager.php?act=new&userid=' . $id . '" class="btn btn-success">' . gettext("Add") . '</a>';
465			$certhtml .= '</nav>';
466
467			return($certhtml);
468			}
469
470	9ef4289c	Colin Fleming	$closehead = false;
471	e33be77c	Ermal	include("head.inc");
472	fab7ff44	Bill Marquette
473	4ee51131	Sjon Hortensius	if ($input_errors)
474			print_input_errors($input_errors);
475	98402844	Stephen Beaver
476	4ee51131	Sjon Hortensius	if ($savemsg)
477	98402844	Stephen Beaver	print_info_box($savemsg, 'success');
478	4ee51131	Sjon Hortensius
479			$tab_array = array();
480			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
481			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
482			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
483			$tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
484			display_top_tabs($tab_array);
485
486	7411c285	Stephen Beaver	if (!($act == "new" \|\| $act == "edit" \|\| $input_errors)) {
487	64600f94	Sjon Hortensius	?>
488	64c31615	Stephen Beaver	<form method="post">
489	94404d94	Sander van Leeuwen	<div class="table-responsive">
490	10fe1eb5	Stephen Beaver	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable>
491	7411c285	Stephen Beaver	<thead>
492			<tr>
493			<th> </th>
494			<th><?=gettext("Username")?></th>
495			<th><?=gettext("Full name")?></th>
496			<th><?=gettext("Disabled")?></th>
497			<th><?=gettext("Groups")?></th>
498			</tr>
499			</thead>
500			<tbody>
501	a0165602	Sjon Hortensius	<?php
502			foreach($a_user as $i => $userent):
503			?>
504	7411c285	Stephen Beaver	<tr>
505			<td>
506	c4b60a9a	Colin Fleming	<input type="checkbox" id="frc<?=$i?>" name="delete_check[]" value="<?=$i?>" <?=($userent['scope'] == "system" ? 'disabled' : '')?>/>
507	7411c285	Stephen Beaver	</td>
508			<td>
509	a0165602	Sjon Hortensius	<?php
510			if($userent['scope'] != "user")
511			$usrimg = 'eye-open';
512			else
513			$usrimg = 'user';
514			?>
515	1b7379f9	Jared Dillard	<i class="fa fa-<?=$usrimg?>"></i>
516	7411c285	Stephen Beaver	<?=htmlspecialchars($userent['name'])?>
517			</td>
518			<td><?=htmlspecialchars($userent['descr'])?></td>
519			<td><?php if(isset($userent['disabled'])) echo "*"?></td>
520			<td><?=implode(",",local_user_get_groups($userent))?></td>
521			<td>
522	bb1b5c6f	heper	<a class="fa fa-pencil" title="<?=gettext("Edit user"); ?>" href="?act=edit&userid=<?=$i?>"></a>
523	a0165602	Sjon Hortensius	<?php if($userent['scope'] != "system"): ?>
524	33f0b0d5	Stephen Beaver	<a class="fa fa-trash" title="<?=gettext("Delete user")?>" href="?act=deluser&userid=<?=$i?>&username=<?=$userent['name']?>"></a>
525	a0165602	Sjon Hortensius	<?php endif; ?>
526	7411c285	Stephen Beaver	</td>
527			</tr>
528	a0165602	Sjon Hortensius	<?php endforeach; ?>
529	7411c285	Stephen Beaver	</tbody>
530			</table>
531	94404d94	Sander van Leeuwen	</div>
532	c10cb196	Stephen Beaver	<nav class="action-buttons">
533	64c31615	Stephen Beaver	<a href="?act=new" class="btn btn-sm btn-success">
534	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
535	b921ab63	Stephen Beaver	<?=gettext("Add")?>
536			</a>
537	64c31615	Stephen Beaver
538			<button type="submit" class="btn btn-sm btn-danger" name="dellall" value="dellall" title="<?=gettext('Delete selected users')?>">
539			<i class="fa fa-trash icon-embed-btn"></i>
540			<?=gettext("Delete")?>
541			</button>
542	94404d94	Sander van Leeuwen	</nav>
543	b921ab63	Stephen Beaver
544			<div id="infoblock">
545			<?=print_info_box(gettext("Additional users can be added here. User permissions for accessing " .
546	a0165602	Sjon Hortensius	"the webConfigurator can be assigned directly or inherited from group memberships. " .
547			"An icon that appears grey indicates that it is a system defined object. " .
548	b921ab63	Stephen Beaver	"Some system object properties can be modified but they cannot be deleted.") .
549			'<br /><br />' .
550	64c31615	Stephen Beaver	gettext("Accounts added here are also used for other parts of the system " .
551	b921ab63	Stephen Beaver	"such as OpenVPN, IPsec, and Captive Portal."), info)?>
552			</div>
553
554	a0165602	Sjon Hortensius	<?php
555			include("foot.inc");
556			exit;
557			}
558	4ee51131	Sjon Hortensius
559			$form = new Form;
560
561	7411c285	Stephen Beaver	if ($act == "new" \|\| $act == "edit" \|\| $input_errors):
562	4ee51131	Sjon Hortensius
563	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
564			'act',
565			null,
566			'hidden',
567			''
568			));
569	4ee51131	Sjon Hortensius
570	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
571			'userid',
572			null,
573			'hidden',
574			isset($id) ? $id:''
575			));
576	4ee51131	Sjon Hortensius
577	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
578			'privid',
579			null,
580			'hidden',
581			''
582			));
583	4ee51131	Sjon Hortensius
584	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
585			'certid',
586			null,
587			'hidden',
588			''
589			));
590	4ee51131	Sjon Hortensius
591	7411c285	Stephen Beaver	$ro = "";
592			if ($pconfig['utype'] == "system") {
593	c4b60a9a	Colin Fleming	$ro = "readonly";
594	7411c285	Stephen Beaver	}
595	4ee51131	Sjon Hortensius
596	7411c285	Stephen Beaver	$section = new Form_Section('User Properties');
597	4ee51131	Sjon Hortensius
598	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
599			'Defined by',
600			strtoupper($pconfig['utype'])
601			));
602	4ee51131	Sjon Hortensius
603	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
604			'utype',
605			null,
606			'hidden',
607			$pconfig['utype']
608			));
609	4ee51131	Sjon Hortensius
610	7411c285	Stephen Beaver	$section->addInput(new Form_Checkbox(
611			'disabled',
612			'Disabled',
613			'This user cannot login',
614			$pconfig['disabled']
615			));
616	6b07c15a	Matthew Grooms
617	7411c285	Stephen Beaver	$section->addInput($input = new Form_Input(
618			'usernamefld',
619			'Username',
620			'text',
621			$pconfig['usernamefld']
622			));
623	61dec0b0	Renato Botelho
624	7411c285	Stephen Beaver	if ($ro)
625	1fe9cc38	Stephen Beaver	$input->setReadonly();
626	7411c285	Stephen Beaver
627			$form->addGlobal(new Form_Input(
628			'oldusername',
629	4ee51131	Sjon Hortensius	null,
630	7411c285	Stephen Beaver	'hidden',
631			$pconfig['usernamefld']
632	4ee51131	Sjon Hortensius	));
633	6b07c15a	Matthew Grooms
634	7411c285	Stephen Beaver	$group = new Form_Group('Password');
635			$group->add(new Form_Input(
636			'passwordfld1',
637			'Password',
638			'password'
639			));
640			$group->add(new Form_Input(
641			'passwordfld2',
642			'Confirm Password',
643			'password'
644			));
645
646			$section->add($group);
647
648			$section->addInput($input = new Form_Input(
649			'descr',
650			'Full name',
651			'text',
652			htmlspecialchars($pconfig['descr'])
653			))->setHelp('User\'s full name, for your own information only');
654
655			if ($ro)
656			$input->setDisabled();
657
658			$section->addInput(new Form_Input(
659			'expires',
660			'Expiration date',
661			'date',
662			$pconfig['expires']
663			))->setHelp('Leave blank if the account shouldn\'t expire, otherwise enter '.
664			'the expiration date');
665
666			// ==== Group membership ==================================================
667			$group = new Form_Group('Group membership');
668
669	7d2e572f	Stephen Beaver	// Make a list of all the groups configured on the system, and a list of
670	7411c285	Stephen Beaver	// those which this user is a member of
671			$systemGroups = array();
672			$usersGroups = array();
673
674			$usergid = [$pconfig['usernamefld']];
675
676			foreach ($config['system']['group'] as $Ggroup) {
677	b4333696	Stephen Beaver	if($Ggroup['name'] != "all") {
678			if(($act == 'edit') && $Ggroup['member'] && in_array($pconfig['uid'], $Ggroup['member']))
679			$usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list
680			else
681			$systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list
682			}
683	7411c285	Stephen Beaver	}
684
685			$group->add(new Form_Select(
686			'sysgroups',
687			null,
688			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
689			$systemGroups,
690			true
691	953385a3	heper	))->setHelp('Not member of');
692	6b07c15a	Matthew Grooms
693	7411c285	Stephen Beaver	$group->add(new Form_Select(
694			'groups',
695			null,
696			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
697			$usersGroups,
698			true
699	953385a3	heper	))->setHelp('Member of');
700	7411c285	Stephen Beaver
701			$section->add($group);
702
703			$group = new Form_Group('');
704
705			$group->add(new Form_Button(
706			'movetoenabled',
707			'Move to "Member of" list >'
708			))->removeClass('btn-primary')->addClass('btn-default btn-sm');
709
710			$group->add(new Form_Button(
711			'movetodisabled',
712			'< Move to "Not member of" list'
713			))->removeClass('btn-primary')->addClass('btn-default btn-sm');
714	4ee51131	Sjon Hortensius
715	7411c285	Stephen Beaver	$group->setHelp('Hold down CTRL (pc)/COMMAND (mac) key to select multiple items');
716			$section->add($group);
717	4ee51131	Sjon Hortensius
718	7411c285	Stephen Beaver	// ==== Button for adding user certificate ================================
719			if($act == 'new') {
720	4ee51131	Sjon Hortensius	$section->addInput(new Form_Checkbox(
721	7411c285	Stephen Beaver	'showcert',
722			'Certificate',
723			'Click to create a user certificate',
724			false
725	4ee51131	Sjon Hortensius	));
726	6b07c15a	Matthew Grooms	}
727
728	7411c285	Stephen Beaver	$form->add($section);
729	6b07c15a	Matthew Grooms
730	7411c285	Stephen Beaver	// ==== Effective privileges section ======================================
731			if (isset($pconfig['uid'])) {
732			// We are going to build an HTML table and add it to an Input_StaticText. It may be ugly, but it
733			// is the best way to make the display we need.
734	6b07c15a	Matthew Grooms
735	7411c285	Stephen Beaver	$section = new Form_Section('Effective Privileges');
736	4ee51131	Sjon Hortensius
737	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
738			null,
739			build_priv_table()
740			));
741	4ee51131	Sjon Hortensius
742	7411c285	Stephen Beaver	$form->add($section);
743	4ee51131	Sjon Hortensius
744	7411c285	Stephen Beaver	// ==== Certificate table section =====================================
745			$section = new Form_Section('User certificates');
746
747			$section->addInput(new Form_StaticText(
748			null,
749			build_cert_table()
750			));
751	64600f94	Sjon Hortensius
752			$form->add($section);
753	c9794c06	Ermal	}
754	7411c285	Stephen Beaver	else;
755			$section = new Form_Section('User Certificates');
756
757			foreach ((array)$a_user[$id]['cert'] as $i => $certref) {
758			$cert = lookup_cert($certref);
759			$ca = lookup_ca($cert['caref']);
760
761			// We reverse name and action for readability of longer names
762			$section->addInput(new Form_Checkbox(
763			'certid[]',
764			'Delete certificate',
765			$cert['descr']. (is_cert_revoked($cert) ? ' <b>revoked</b>' : ''),
766			false,
767			$i
768			));
769			}
770
771			#FIXME; old ui supplied direct export links to each certificate
772	c9794c06	Ermal
773	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
774			null,
775			new Form_Button(null, 'add certificate', 'system_certmanager.php?act=new&userid='. $id).
776			new Form_Button(null, 'export certificates', 'system_certmanager.php')
777			));
778
779			// ==== Add user certificate for a new user
780			if (is_array($config['ca']) && count($config['ca']) > 0) {
781			$section = new Form_Section('Create certificate for user');
782			$section->addClass('cert-options');
783
784			$nonPrvCas = array();
785			foreach( $config['ca'] as $ca) {
786			if (!$ca['prv'])
787			continue;
788
789			$nonPrvCas[ $ca['refid'] ] = $ca['descr'];
790			}
791
792			if (!empty($nonPrvCas)) {
793			$section->addInput(new Form_Input(
794			'name',
795			'Descriptive name',
796			'text',
797			$pconfig['name']
798			));
799
800			$section->addInput(new Form_Select(
801			'caref',
802			'Certificate authority',
803			null,
804			$nonPrvCas
805			));
806
807			$section->addInput(new Form_Select(
808			'keylen',
809			'Key length',
810			2048,
811			array(
812			512 => '512 bits',
813			1024 => '1024 bits',
814			2048 => '2049 bits',
815			4096 => '4096 bits',
816			)
817			));
818
819			$section->addInput(new Form_Input(
820			'lifetime',
821			'Lifetime',
822			'number',
823			$pconfig['lifetime']
824			));
825			}
826
827			$form->add($section);
828			}
829
830			endif;
831			// ==== Paste a key for the new user
832	4ee51131	Sjon Hortensius	$section = new Form_Section('Keys');
833
834	35e0cd70	Stephen Beaver	$section->addInput(new Form_Checkbox(
835			'showkey',
836			'Authorized keys',
837			'Click to paste an authorized key',
838			false
839			));
840
841	4ee51131	Sjon Hortensius	$section->addInput(new Form_Textarea(
842			'authorizedkeys',
843	d1e73829	Stephen Beaver	'Authorized SSH Keys',
844	4ee51131	Sjon Hortensius	$pconfig['authorizedkeys']
845	d1e73829	Stephen Beaver	))->setHelp('Enter authorized SSH keys for this user');
846	4ee51131	Sjon Hortensius
847	35e0cd70	Stephen Beaver	$section->addInput(new Form_Input(
848	4ee51131	Sjon Hortensius	'ipsecpsk',
849			'IPsec Pre-Shared Key',
850			'text',
851			$pconfig['ipsecpsk']
852			));
853
854			$form->add($section);
855	7411c285	Stephen Beaver
856	a0165602	Sjon Hortensius	print $form;
857	7411c285	Stephen Beaver	?>
858	8fd9052f	Colin Fleming	<script type="text/javascript">
859	7411c285	Stephen Beaver	//<![CDATA[
860			events.push(function(){
861
862			// Select every option in the specified multiselect
863			function AllServers(id, selectAll) {
864			for (i = 0; i < id.length; i++) {
865			id.eq(i).prop('selected', selectAll);
866			}
867			}
868
869			// Move all selected options from one multiselect to another
870			function moveOptions(From, To) {
871			var len = From.length;
872			var option;
873
874	32b84ded	Stephen Beaver	if(len > 0) {
875	7411c285	Stephen Beaver	for(i=0; i<len; i++) {
876			if(From.eq(i).is(':selected')) {
877			option = From.eq(i).val();
878	95b59cdc	bruno	value = From.eq(i).text();
879			To.append(new Option(value, option));
880	7411c285	Stephen Beaver	From.eq(i).remove();
881			}
882			}
883			}
884			}
885
886			// Make buttons plain buttons, not submit
887			$("#movetodisabled").prop('type','button');
888			$("#movetoenabled").prop('type','button');
889
890			// On click . .
891			$("#movetodisabled").click(function() {
892			moveOptions($('[name="groups[]"] option'), $('[name="sysgroups[]"]'));
893			});
894
895			$("#movetoenabled").click(function() {
896			moveOptions($('[name="sysgroups[]"] option'), $('[name="groups[]"]'));
897			});
898
899			$("#showcert").click(function() {
900			hideClass('cert-options', !this.checked);
901			});
902
903			$("#showkey").click(function() {
904	35e0cd70	Stephen Beaver	hideInput('authorizedkeys', false);
905			hideCheckbox('showkey', true);
906	7411c285	Stephen Beaver	});
907
908	98402844	Stephen Beaver	$('[id^=delcert]').click(function(event) {
909			if(confirm(event.target.title)) {
910			$('#certid').val(event.target.id.match(/\d+$/)[0]);
911			$('#userid').val('<?=$id;?>');
912			$('#act').val('delcert');
913			$('form').submit();
914			}
915			});
916	945204b1	Stephen Beaver
917	408d0882	heper	$('[id^=delprivid]').click(function(event) {
918			if(confirm(event.target.title)) {
919	4c879f95	heper	$('#privid').val(event.target.id.match(/\d+$/)[0]);
920	408d0882	heper	$('#userid').val('<?=$id;?>');
921			$('#act').val('delprivid');
922			$('form').submit();
923			}
924			});
925	64c31615	Stephen Beaver
926	98402844	Stephen Beaver
927	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
928
929			hideClass('cert-options', true);
930			//hideInput('authorizedkeys', true);
931	d1e73829	Stephen Beaver	hideCheckbox('showkey', true);
932	7411c285	Stephen Beaver
933			// On submit mark all the user's groups as "selected"
934			$('form').submit(function(){
935			AllServers($('[name="groups[]"] option'), true);
936			});
937			});
938			//]]>
939			</script>
940			<?php
941	4ee51131	Sjon Hortensius
942	bb1b5c6f	heper	include('foot.inc');

Project

General

Profile

pfSense