/src/usr/local/www/system_authservers.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_authservers.php @ 78f2621c

1	fbf672cb	Matthew Grooms	<?php
2			/*
3	ce77a9c4	Phil Davis	system_authservers.php
4	fbf672cb	Matthew Grooms	*/
5	ac9d8bed	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7	df8fca9d	Stephen Beaver	* Copyright (c) 2008 Shrew Soft Inc.
8	ac9d8bed	Stephen Beaver	*
9			* Redistribution and use in source and binary forms, with or without modification,
10			* are permitted provided that the following conditions are met:
11			*
12			* 1. Redistributions of source code must retain the above copyright notice,
13			* this list of conditions and the following disclaimer.
14			*
15			* 2. Redistributions in binary form must reproduce the above copyright
16			* notice, this list of conditions and the following disclaimer in
17			* the documentation and/or other materials provided with the
18			* distribution.
19			*
20			* 3. All advertising materials mentioning features or use of this software
21			* must display the following acknowledgment:
22			* "This product includes software developed by the pfSense Project
23			* for use in the pfSense software distribution. (http://www.pfsense.org/).
24			*
25			* 4. The names "pfSense" and "pfSense Project" must not be used to
26			* endorse or promote products derived from this software without
27			* prior written permission. For written permission, please contact
28			* coreteam@pfsense.org.
29			*
30			* 5. Products derived from this software may not be called "pfSense"
31			* nor may "pfSense" appear in their names without prior written
32			* permission of the Electric Sheep Fencing, LLC.
33			*
34			* 6. Redistributions of any form whatsoever must retain the following
35			* acknowledgment:
36			*
37			* "This product includes software developed by the pfSense Project
38			* for use in the pfSense software distribution (http://www.pfsense.org/).
39			*
40			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
41			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
44			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51			* OF THE POSSIBILITY OF SUCH DAMAGE.
52			*
53			* ====================================================================
54			*
55			*/
56	fbf672cb	Matthew Grooms
57			##\|+PRIV
58			##\|*IDENT=page-system-authservers
59			##\|*NAME=System: Authentication Servers
60			##\|*DESCR=Allow access to the 'System: Authentication Servers' page.
61			##\|MATCH=system_authservers.php
62			##\|-PRIV
63
64			require("guiconfig.inc");
65	acee624f	Ermal Lu?i	require_once("auth.inc");
66	fbf672cb	Matthew Grooms
67	461487c2	Phil Davis	$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Authentication Servers"));
68	d71fc5d3	jim-p	$shortcut_section = "authentication";
69	fbf672cb	Matthew Grooms
70	2ee8dea1	Phil Davis	if (is_numericint($_GET['id'])) {
71	e41ec584	Renato Botelho	$id = $_GET['id'];
72	2ee8dea1	Phil Davis	}
73			if (isset($_POST['id']) && is_numericint($_POST['id'])) {
74	fbf672cb	Matthew Grooms	$id = $_POST['id'];
75	2ee8dea1	Phil Davis	}
76	fbf672cb	Matthew Grooms
77	2ee8dea1	Phil Davis	if (!is_array($config['system']['authserver'])) {
78	fbf672cb	Matthew Grooms	$config['system']['authserver'] = array();
79	2ee8dea1	Phil Davis	}
80	fbf672cb	Matthew Grooms
81	6306b5dd	Ermal Lu?i	$a_servers = auth_get_authserver_list();
82	2ee8dea1	Phil Davis	foreach ($a_servers as $servers) {
83	6306b5dd	Ermal Lu?i	$a_server[] = $servers;
84	2ee8dea1	Phil Davis	}
85	fbf672cb	Matthew Grooms
86	2ee8dea1	Phil Davis	if (!is_array($config['ca'])) {
87	a0165602	Sjon Hortensius	$config['ca'] = array();
88	2ee8dea1	Phil Davis	}
89	fe2031ab	Ermal	$a_ca =& $config['ca'];
90
91	fbf672cb	Matthew Grooms	$act = $_GET['act'];
92	2ee8dea1	Phil Davis	if ($_POST['act']) {
93	fbf672cb	Matthew Grooms	$act = $_POST['act'];
94	2ee8dea1	Phil Davis	}
95	fbf672cb	Matthew Grooms
96			if ($act == "del") {
97
98			if (!$a_server[$_GET['id']]) {
99			pfSenseHeader("system_authservers.php");
100			exit;
101			}
102
103	9db6993f	jim-p	/* Remove server from main list. */
104	fbf672cb	Matthew Grooms	$serverdeleted = $a_server[$_GET['id']]['name'];
105	9db6993f	jim-p	foreach ($config['system']['authserver'] as $k => $as) {
106	2ee8dea1	Phil Davis	if ($config['system']['authserver'][$k]['name'] == $serverdeleted) {
107	9db6993f	jim-p	unset($config['system']['authserver'][$k]);
108	2ee8dea1	Phil Davis	}
109	9db6993f	jim-p	}
110
111			/* Remove server from temp list used later on this page. */
112	fbf672cb	Matthew Grooms	unset($a_server[$_GET['id']]);
113	9db6993f	jim-p
114	2ee8dea1	Phil Davis	$savemsg = gettext("Authentication Server") . " " . htmlspecialchars($serverdeleted) . " " . gettext("deleted") . "<br />";
115	9db6993f	jim-p	write_config($savemsg);
116	fbf672cb	Matthew Grooms	}
117
118			if ($act == "edit") {
119			if (isset($id) && $a_server[$id]) {
120
121			$pconfig['type'] = $a_server[$id]['type'];
122			$pconfig['name'] = $a_server[$id]['name'];
123
124			if ($pconfig['type'] == "ldap") {
125	fe2031ab	Ermal	$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
126	fbf672cb	Matthew Grooms	$pconfig['ldap_host'] = $a_server[$id]['host'];
127			$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
128	d6b4dfe3	jim-p	$pconfig['ldap_timeout'] = $a_server[$id]['ldap_timeout'];
129	fbf672cb	Matthew Grooms	$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
130			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
131			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
132			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
133	c61e4626	Ermal Lu?i	$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
134	c7073ebf	namezero111111	$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
135			$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
136	fbf672cb	Matthew Grooms	$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
137			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
138			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
139			$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
140			$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
141	149efbea	jim-p	$pconfig['ldap_attr_groupobj'] = $a_server[$id]['ldap_attr_groupobj'];
142	a5cd1c5a	jim-p	$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
143			$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
144	149efbea	jim-p	$pconfig['ldap_rfc2307'] = isset($a_server[$id]['ldap_rfc2307']);
145	fbf672cb	Matthew Grooms
146	2ee8dea1	Phil Davis	if (!$pconfig['ldap_binddn'] \|\| !$pconfig['ldap_bindpw']) {
147	fbf672cb	Matthew Grooms	$pconfig['ldap_anon'] = true;
148	2ee8dea1	Phil Davis	}
149	fbf672cb	Matthew Grooms	}
150
151			if ($pconfig['type'] == "radius") {
152			$pconfig['radius_host'] = $a_server[$id]['host'];
153			$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
154			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
155	e8a58de4	Ermal Lu?i	$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
156	bddd2be8	jim-p	$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
157	fbf672cb	Matthew Grooms
158			if ($pconfig['radius_auth_port'] &&
159	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
160	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "both";
161			}
162
163	2ee8dea1	Phil Davis	if ($pconfig['radius_auth_port'] &&
164	ac9d8bed	Stephen Beaver	!$pconfig['radius_acct_port']) {
165	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "auth";
166	acee624f	Ermal Lu?i	$pconfig['radius_acct_port'] = 1813;
167	fbf672cb	Matthew Grooms	}
168
169			if (!$pconfig['radius_auth_port'] &&
170	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
171	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "acct";
172	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = 1812;
173	fbf672cb	Matthew Grooms	}
174
175			}
176			}
177			}
178
179			if ($act == "new") {
180			$pconfig['ldap_protver'] = 3;
181			$pconfig['ldap_anon'] = true;
182			$pconfig['radius_srvcs'] = "both";
183	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = "1812";
184			$pconfig['radius_acct_port'] = "1813";
185	fbf672cb	Matthew Grooms	}
186
187			if ($_POST) {
188			unset($input_errors);
189			$pconfig = $_POST;
190
191			/* input validation */
192
193			if ($pconfig['type'] == "ldap") {
194	2ee8dea1	Phil Davis	$reqdfields = explode(" ",
195			"name type ldap_host ldap_port " .
196			"ldap_urltype ldap_protver ldap_scope " .
197			"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
198	7b4b0ad3	Stephen Beaver
199	257705ca	Renato Botelho	$reqdfieldsn = array(
200			gettext("Descriptive name"),
201			gettext("Type"),
202			gettext("Hostname or IP"),
203			gettext("Port value"),
204			gettext("Transport"),
205			gettext("Protocol version"),
206			gettext("Search level"),
207			gettext("User naming Attribute"),
208			gettext("Group naming Attribute"),
209			gettext("Group member attribute"),
210			gettext("Authentication container"));
211	fbf672cb	Matthew Grooms
212			if (!$pconfig['ldap_anon']) {
213			$reqdfields[] = "ldap_binddn";
214			$reqdfields[] = "ldap_bindpw";
215	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Bind user DN");
216			$reqdfieldsn[] = gettext("Bind Password");
217	fbf672cb	Matthew Grooms	}
218			}
219
220			if ($pconfig['type'] == "radius") {
221			$reqdfields = explode(" ", "name type radius_host radius_srvcs");
222	257705ca	Renato Botelho	$reqdfieldsn = array(
223			gettext("Descriptive name"),
224			gettext("Type"),
225			gettext("Hostname or IP"),
226			gettext("Services"));
227	fbf672cb	Matthew Grooms
228			if ($pconfig['radisu_srvcs'] == "both" \|\|
229	ac9d8bed	Stephen Beaver	$pconfig['radisu_srvcs'] == "auth") {
230	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_auth_port";
231	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Authentication port");
232	fbf672cb	Matthew Grooms	}
233
234			if ($pconfig['radisu_srvcs'] == "both" \|\|
235	ac9d8bed	Stephen Beaver	$pconfig['radisu_srvcs'] == "acct") {
236	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_acct_port";
237	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Accounting port");
238	fbf672cb	Matthew Grooms	}
239
240			if (!isset($id)) {
241			$reqdfields[] = "radius_secret";
242	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Shared Secret");
243	fbf672cb	Matthew Grooms	}
244			}
245
246	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
247	fbf672cb	Matthew Grooms
248	2ee8dea1	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host'])) {
249	fbf672cb	Matthew Grooms	$input_errors[] = gettext("The host name contains invalid characters.");
250	2ee8dea1	Phil Davis	}
251	fbf672cb	Matthew Grooms
252	2ee8dea1	Phil Davis	if (auth_get_authserver($pconfig['name']) && !isset($id)) {
253	257705ca	Renato Botelho	$input_errors[] = gettext("An authentication server with the same name already exists.");
254	2ee8dea1	Phil Davis	}
255	acee624f	Ermal Lu?i
256	d6b4dfe3	jim-p	if (($pconfig['type'] == "ldap") \|\| ($pconfig['type'] == "radius")) {
257			$to_field = "{$pconfig['type']}_timeout";
258			if (isset($_POST[$to_field]) && !empty($_POST[$to_field]) && (!is_numeric($_POST[$to_field]) \|\| (is_numeric($_POST[$to_field]) && ($_POST[$to_field] <= 0)))) {
259			$input_errors[] = sprintf(gettext("%s Timeout value must be numeric and positive."), strtoupper($pconfig['type']));
260			}
261	2ee8dea1	Phil Davis	}
262	bddd2be8	jim-p
263	fbf672cb	Matthew Grooms	/* if this is an AJAX caller then handle via JSON */
264			if (isAjax() && is_array($input_errors)) {
265			input_errors2Ajax($input_errors);
266			exit;
267			}
268
269			if (!$input_errors) {
270			$server = array();
271			$server['refid'] = uniqid();
272	2ee8dea1	Phil Davis	if (isset($id) && $a_server[$id]) {
273	fbf672cb	Matthew Grooms	$server = $a_server[$id];
274	2ee8dea1	Phil Davis	}
275	fbf672cb	Matthew Grooms
276			$server['type'] = $pconfig['type'];
277			$server['name'] = $pconfig['name'];
278
279			if ($server['type'] == "ldap") {
280
281	2ee8dea1	Phil Davis	if (!empty($pconfig['ldap_caref'])) {
282	fe2031ab	Ermal	$server['ldap_caref'] = $pconfig['ldap_caref'];
283	2ee8dea1	Phil Davis	}
284	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['ldap_host'];
285			$server['ldap_port'] = $pconfig['ldap_port'];
286			$server['ldap_urltype'] = $pconfig['ldap_urltype'];
287			$server['ldap_protver'] = $pconfig['ldap_protver'];
288			$server['ldap_scope'] = $pconfig['ldap_scope'];
289			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
290	c61e4626	Ermal Lu?i	$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
291	c7073ebf	namezero111111	$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
292			$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
293	fbf672cb	Matthew Grooms	$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
294			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
295			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
296	149efbea	jim-p
297			$server['ldap_attr_groupobj'] = empty($pconfig['ldap_attr_groupobj']) ? "posixGroup" : $pconfig['ldap_attr_groupobj'];
298
299	2ee8dea1	Phil Davis	if ($pconfig['ldap_utf8'] == "yes") {
300	a5cd1c5a	jim-p	$server['ldap_utf8'] = true;
301	2ee8dea1	Phil Davis	} else {
302	a5cd1c5a	jim-p	unset($server['ldap_utf8']);
303	2ee8dea1	Phil Davis	}
304			if ($pconfig['ldap_nostrip_at'] == "yes") {
305	a5cd1c5a	jim-p	$server['ldap_nostrip_at'] = true;
306	2ee8dea1	Phil Davis	} else {
307	a5cd1c5a	jim-p	unset($server['ldap_nostrip_at']);
308	2ee8dea1	Phil Davis	}
309	149efbea	jim-p	if ($pconfig['ldap_rfc2307'] == "yes") {
310			$server['ldap_rfc2307'] = true;
311			} else {
312			unset($server['ldap_rfc2307']);
313			}
314	a5cd1c5a	jim-p
315	fbf672cb	Matthew Grooms
316			if (!$pconfig['ldap_anon']) {
317			$server['ldap_binddn'] = $pconfig['ldap_binddn'];
318			$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
319			} else {
320			unset($server['ldap_binddn']);
321			unset($server['ldap_bindpw']);
322			}
323	d6b4dfe3	jim-p
324			if ($pconfig['ldap_timeout']) {
325			$server['ldap_timeout'] = $pconfig['ldap_timeout'];
326			} else {
327			$server['ldap_timeout'] = 25;
328			}
329	fbf672cb	Matthew Grooms	}
330
331			if ($server['type'] == "radius") {
332
333			$server['host'] = $pconfig['radius_host'];
334
335	2ee8dea1	Phil Davis	if ($pconfig['radius_secret']) {
336	fbf672cb	Matthew Grooms	$server['radius_secret'] = $pconfig['radius_secret'];
337	2ee8dea1	Phil Davis	}
338	fbf672cb	Matthew Grooms
339	2ee8dea1	Phil Davis	if ($pconfig['radius_timeout']) {
340	bddd2be8	jim-p	$server['radius_timeout'] = $pconfig['radius_timeout'];
341	2ee8dea1	Phil Davis	} else {
342	afdf29d3	jim-p	$server['radius_timeout'] = 5;
343	2ee8dea1	Phil Davis	}
344	bddd2be8	jim-p
345	fbf672cb	Matthew Grooms	if ($pconfig['radius_srvcs'] == "both") {
346			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
347			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
348			}
349
350			if ($pconfig['radius_srvcs'] == "auth") {
351			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
352			unset($server['radius_acct_port']);
353			}
354
355			if ($pconfig['radius_srvcs'] == "acct") {
356			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
357			unset($server['radius_auth_port']);
358			}
359			}
360
361	2ee8dea1	Phil Davis	if (isset($id) && $config['system']['authserver'][$id]) {
362	6306b5dd	Ermal Lu?i	$config['system']['authserver'][$id] = $server;
363	2ee8dea1	Phil Davis	} else {
364	6306b5dd	Ermal Lu?i	$config['system']['authserver'][] = $server;
365	2ee8dea1	Phil Davis	}
366	fbf672cb	Matthew Grooms
367			write_config();
368
369			pfSenseHeader("system_authservers.php");
370			}
371			}
372
373	1d3259b5	Stephen Beaver	// On error, restore the form contents so the user doesn't have to re-enter too much
374	504bd882	Stephen Beaver	if($_POST && $input_errors) {
375			$pconfig = $_POST;
376			$pconfig['ldap_authcn'] = $_POST['ldapauthcontainers'];
377	b1f0f7e1	Stephen Beaver	$pconfig['ldap_template'] = $_POST['ldap_tmpltype'];
378	504bd882	Stephen Beaver	}
379
380	fbf672cb	Matthew Grooms	include("head.inc");
381
382	a0165602	Sjon Hortensius	if ($input_errors)
383			print_input_errors($input_errors);
384	7b4b0ad3	Stephen Beaver
385	a0165602	Sjon Hortensius	if ($savemsg)
386	ea342b0f	Stephen Beaver	print_info_box($savemsg, 'success');
387	a0165602	Sjon Hortensius
388			$tab_array = array();
389			$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
390			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
391			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
392			$tab_array[] = array(gettext("Servers"), true, "system_authservers.php");
393			display_top_tabs($tab_array);
394
395			if (!($act == "new" \|\| $act == "edit" \|\| $input_errors))
396			{
397			?>
398	94404d94	Sander van Leeuwen	<div class="table-responsive">
399	10fe1eb5	Stephen Beaver	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable>
400	94404d94	Sander van Leeuwen	<thead>
401			<tr>
402			<th><?=gettext("Server Name")?></th>
403			<th><?=gettext("Type")?></th>
404			<th><?=gettext("Host Name")?></th>
405	782922c2	Stephen Beaver	<th><?=gettext("Actions")?></th>
406	94404d94	Sander van Leeuwen	</tr>
407			</thead>
408			<tbody>
409			<?php foreach($a_server as $i => $server): ?>
410			<tr>
411			<td><?=htmlspecialchars($server['name'])?></td>
412			<td><?=htmlspecialchars($auth_server_types[$server['type']])?></td>
413			<td><?=htmlspecialchars($server['host'])?></td>
414			<td>
415			<?php if ($i < (count($a_server) - 1)): ?>
416	f9dd6a4b	heper	<a class="fa fa-pencil" title="<?=gettext("Edit server"); ?>" href="system_authservers.php?act=edit&id=<?=$i?>"></a>
417	33f0b0d5	Stephen Beaver	<a class="fa fa-trash" title="<?=gettext("Delete server")?>" href="system_authservers.php?act=del&id=<?=$i?>"></a>
418	94404d94	Sander van Leeuwen	<?php endif?>
419			</td>
420			</tr>
421			<?php endforeach; ?>
422			</tbody>
423			</table>
424			</div>
425
426	c10cb196	Stephen Beaver	<nav class="action-buttons">
427	782922c2	Stephen Beaver	<a href="?act=new" class="btn btn-success btn-sm">
428	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
429	782922c2	Stephen Beaver	<?=gettext("Add")?>
430			</a>
431	94404d94	Sander van Leeuwen	</nav>
432	fbf672cb	Matthew Grooms	<?php
433	a0165602	Sjon Hortensius	include("foot.inc");
434			exit;
435	fbf672cb	Matthew Grooms	}
436
437	a0165602	Sjon Hortensius	$form = new Form;
438			$form->setAction('system_authservers.php?act=edit');
439	ea342b0f	Stephen Beaver
440	a0165602	Sjon Hortensius	$form->addGlobal(new Form_Input(
441			'userid',
442			null,
443			'hidden',
444			$id
445			));
446
447			$section = new Form_Section('Server settings');
448
449			$section->addInput($input = new Form_Input(
450			'name',
451			'Descriptive name',
452			'text',
453			$pconfig['name']
454			));
455
456			$section->addInput($input = new Form_Select(
457			'type',
458			'Type',
459			$pconfig['type'],
460			$auth_server_types
461	44d906ca	Sjon Hortensius	))->toggles();
462	a0165602	Sjon Hortensius
463			$form->add($section);
464	6157f724	Stephen Beaver
465			// ==== LDAP settings =========================================================
466	a0165602	Sjon Hortensius	$section = new Form_Section('LDAP Server Settings');
467	44d906ca	Sjon Hortensius	$section->addClass('toggle-ldap collapse');
468	a0165602	Sjon Hortensius
469			if (!isset($pconfig['type']) \|\| $pconfig['type'] == 'ldap')
470			$section->addClass('in');
471
472			$section->addInput(new Form_Input(
473			'ldap_host',
474			'Hostname or IP address',
475			'text',
476			$pconfig['ldap_host']
477			))->setHelp('NOTE: When using SSL, this hostname MUST match the Common Name '.
478	5585e65d	Chris Buechler	'(CN) of the LDAP server\'s SSL Certificate.');
479	a0165602	Sjon Hortensius
480			$section->addInput(new Form_Input(
481			'ldap_port',
482			'Port value',
483			'number',
484			$pconfig['ldap_port']
485			));
486
487			$section->addInput(new Form_Select(
488			'ldap_urltype',
489			'Transport',
490			$pconfig['ldap_urltype'],
491			array_combine(array_keys($ldap_urltypes), array_keys($ldap_urltypes))
492			));
493
494			if (empty($a_ca))
495			{
496			$section->addInput(new Form_StaticText(
497			'Peer Certificate Authority',
498			'No Certificate Authorities defined.<br/>Create one under <a href="system_camanager.php">System > Cert Manager</a>.'
499			));
500	fbf672cb	Matthew Grooms	}
501	a0165602	Sjon Hortensius	else
502			{
503			$ldapCaRef = [];
504			foreach ($a_ca as $ca)
505			$ldapCaRef[ $ca['refid'] ] = $ca['descr'];
506
507			$section->addInput(new Form_Select(
508			'ldap_caref',
509			'Peer Certificate Authority',
510			$pconfig['ldap_caref'],
511			$ldapCaRef
512			))->setHelp('This option is used if \'SSL Encrypted\' option is choosen. '.
513			'It must match with the CA in the AD otherwise problems will arise.');
514	fbf672cb	Matthew Grooms	}
515
516	a0165602	Sjon Hortensius	$section->addInput(new Form_Select(
517			'ldap_protver',
518			'Protocol version',
519			$pconfig['ldap_protver'],
520			array_combine($ldap_protvers, $ldap_protvers)
521			));
522
523	d6b4dfe3	jim-p	$section->addInput(new Form_Input(
524			'ldap_timeout',
525			'Server Timeout',
526			'number',
527			$pconfig['ldap_timeout'],
528			['placeholder' => 25]
529			))->setHelp('Timeout for LDAP operations (seconds)');
530
531	905f6119	Stephen Beaver	$group = new Form_Group('Search scope');
532
533	c84db5bb	Stephen Beaver	$SSF = new Form_Select(
534	a0165602	Sjon Hortensius	'ldap_scope',
535	c84db5bb	Stephen Beaver	'Level',
536	a0165602	Sjon Hortensius	$pconfig['ldap_scope'],
537			$ldap_scopes
538	c84db5bb	Stephen Beaver	);
539	df8fca9d	Stephen Beaver
540	c84db5bb	Stephen Beaver	$SSB = new Form_Input(
541	a0165602	Sjon Hortensius	'ldap_basedn',
542			'Base DN',
543			'text',
544			$pconfig['ldap_basedn']
545	c84db5bb	Stephen Beaver	);
546	905f6119	Stephen Beaver
547	c84db5bb	Stephen Beaver
548			$section->addInput(new Form_StaticText(
549			'Search scope',
550			'Level ' . $SSF . '<br />' . 'Base DN' . $SSB
551			));
552	a0165602	Sjon Hortensius
553			$group = new Form_Group('Authentication containers');
554			$group->add(new Form_Input(
555			'ldapauthcontainers',
556			'Containers',
557			'text',
558			$pconfig['ldap_authcn']
559			))->setHelp('Note: Semi-Colon separated. This will be prepended to the search '.
560			'base dn above or you can specify full container path containing a dc= '.
561			'component.<br/>Example: CN=Users;DC=example,DC=com or OU=Staff;OU=Freelancers');
562	504bd882	Stephen Beaver
563	a0165602	Sjon Hortensius	$group->add(new Form_Button(
564			'Select',
565	501efbd2	Stephen Beaver	'Select a container'
566			))->removeClass('btn-primary')->addClass('btn-default');
567
568	a0165602	Sjon Hortensius	$section->add($group);
569
570	2e101d89	Sander van Leeuwen	$section->addInput(new Form_Checkbox(
571	a0165602	Sjon Hortensius	'ldap_extended_enabled',
572	2e101d89	Sander van Leeuwen	'Extended query',
573			'Enable extended query',
574	a0165602	Sjon Hortensius	$pconfig['ldap_extended_enabled']
575	e39a41e9	Stephen Beaver	));
576	a0165602	Sjon Hortensius
577	2e101d89	Sander van Leeuwen	$group = new Form_Group('Query');
578	e39a41e9	Stephen Beaver	$group->addClass('extended');
579
580	a0165602	Sjon Hortensius	$group->add(new Form_Input(
581			'ldap_extended_query',
582	2e101d89	Sander van Leeuwen	'Query',
583	a0165602	Sjon Hortensius	'text',
584			$pconfig['ldap_extended_query']
585	2e101d89	Sander van Leeuwen	))->setHelp('Example: &(objectClass=inetOrgPerson)(mail=*@example.com)');
586
587	a0165602	Sjon Hortensius	$section->add($group);
588
589			$section->addInput(new Form_Checkbox(
590			'ldap_anon',
591			'Bind anonymous',
592			'Use anonymous binds to resolve distinguished names',
593			$pconfig['ldap_anon']
594	b0909f2e	Stephen Beaver	));
595	a0165602	Sjon Hortensius
596			$group = new Form_Group('Bind credentials');
597	b0909f2e	Stephen Beaver	$group->addClass('ldapanon');
598
599	a0165602	Sjon Hortensius	$group->add(new Form_Input(
600			'ldap_binddn',
601			'User DN:',
602			'text',
603			$pconfig['ldap_binddn']
604			));
605	b0909f2e	Stephen Beaver
606	a0165602	Sjon Hortensius	$group->add(new Form_Input(
607			'ldap_bindpw',
608			'Password',
609			'text',
610			$pconfig['ldap_bindpw']
611			));
612			$section->add($group);
613
614	ac9d8bed	Stephen Beaver	if (!isset($id)) {
615			$template_list = array();
616
617			foreach($ldap_templates as $option => $template) {
618			$template_list[$option] = $template['desc'];
619			}
620	a0165602	Sjon Hortensius
621			$section->addInput(new Form_Select(
622			'ldap_tmpltype',
623			'Initial Template',
624			$pconfig['ldap_template'],
625	ac9d8bed	Stephen Beaver	$template_list
626	a0165602	Sjon Hortensius	));
627	fbf672cb	Matthew Grooms	}
628
629	a0165602	Sjon Hortensius	$section->addInput(new Form_Input(
630			'ldap_attr_user',
631			'User naming attribute',
632			'text',
633			$pconfig['ldap_attr_user']
634			));
635
636			$section->addInput(new Form_Input(
637			'ldap_attr_group',
638			'Group naming attribute',
639			'text',
640			$pconfig['ldap_attr_group']
641			));
642
643			$section->addInput(new Form_Input(
644			'ldap_attr_member',
645			'Group member attribute',
646			'text',
647			$pconfig['ldap_attr_member']
648			));
649
650	149efbea	jim-p	$section->addInput(new Form_Checkbox(
651			'ldap_rfc2307',
652			'RFC 2307 Groups',
653			'LDAP Server uses RFC 2307 style group membership',
654			$pconfig['ldap_rfc2307']
655			))->setHelp('RFC 2307 style group membership has members listed on the group '.
656			'object rather than using groups listed on user object. Leave unchecked '.
657			'for Active Directory style group membership (RFC 2307bis).');
658
659			$section->addInput(new Form_Input(
660			'ldap_attr_groupobj',
661			'Group Object Class',
662			'text',
663			$pconfig['ldap_attr_groupobj'],
664			['placeholder' => 'posixGroup']
665			))->setHelp('Object class used for groups in RFC2307 mode. '.
666			'Typically "posixGroup" or "group".');
667
668	a0165602	Sjon Hortensius	$section->addInput(new Form_Checkbox(
669			'ldap_utf8',
670			'UTF8 Encode',
671			'UTF8 encode LDAP parameters before sending them to the server.',
672			$pconfig['ldap_utf8']
673			))->setHelp('Required to support international characters, but may not be '.
674			'supported by every LDAP server.');
675
676			$section->addInput(new Form_Checkbox(
677			'ldap_nostrip_at',
678			'Username Alterations',
679			'Do not strip away parts of the username after the @ symbol',
680			$pconfig['ldap_nostrip_at']
681			))->setHelp('e.g. user@host becomes user when unchecked.');
682
683			$form->add($section);
684	6157f724	Stephen Beaver
685			// ==== RADIUS section ========================================================
686	a0165602	Sjon Hortensius	$section = new Form_Section('Radius Server Settings');
687	44d906ca	Sjon Hortensius	$section->addClass('toggle-radius collapse');
688	a0165602	Sjon Hortensius
689			$section->addInput(new Form_Input(
690			'radius_host',
691			'Hostname or IP address',
692			'text',
693			$pconfig['radius_host']
694			));
695
696			$section->addInput(new Form_Input(
697			'radius_secret',
698			'Shared Secret',
699			'text',
700			$pconfig['radius_secret']
701			));
702
703			$section->addInput(new Form_Select(
704			'radius_srvcs',
705			'Services offered',
706			$pconfig['radius_srvcs'],
707			$radius_srvcs
708			));
709
710			$section->addInput(new Form_Input(
711			'radius_auth_port',
712	81ec3187	Chris Buechler	'Authentication port',
713	a0165602	Sjon Hortensius	'number',
714	df5d8616	Stephen Beaver	$pconfig['radius_auth_port']
715	a0165602	Sjon Hortensius	));
716
717			$section->addInput(new Form_Input(
718			'radius_acct_port',
719	df5d8616	Stephen Beaver	'Accounting port',
720	a0165602	Sjon Hortensius	'number',
721			$pconfig['radius_acct_port']
722			));
723
724			$section->addInput(new Form_Input(
725			'radius_timeout',
726			'Authentication Timeout',
727			'number',
728			$pconfig['radius_timeout']
729			))->setHelp('This value controls how long, in seconds, that the RADIUS '.
730			'server may take to respond to an authentication request. If left blank, the '.
731			'default value is 5 seconds. NOTE: If you are using an interactive two-factor '.
732			'authentication system, increase this timeout to account for how long it will '.
733			'take the user to receive and enter a token.');
734
735			if (isset($id) && $a_server[$id])
736			{
737			$section->addInput(new Form_Input(
738			'id',
739			null,
740			'hidden',
741			$id
742			));
743	6306b5dd	Ermal Lu?i	}
744	a0165602	Sjon Hortensius
745			$form->add($section);
746			print $form;
747	ac9d8bed	Stephen Beaver	?>
748	8fd9052f	Colin Fleming	<script type="text/javascript">
749	ac9d8bed	Stephen Beaver	//<![CDATA[
750			events.push(function(){
751	501efbd2	Stephen Beaver	function select_clicked() {
752			if (document.getElementById("ldap_port").value == '' \|\|
753	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_host").value == '' \|\|
754			document.getElementById("ldap_scope").value == '' \|\|
755			document.getElementById("ldap_basedn").value == '' \|\|
756			document.getElementById("ldapauthcontainers").value == '') {
757	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the required values.");?>");
758			return;
759			}
760	7b4b0ad3	Stephen Beaver
761	501efbd2	Stephen Beaver	if (!document.getElementById("ldap_anon").checked) {
762			if (document.getElementById("ldap_binddn").value == '' \|\|
763	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_bindpw").value == '') {
764	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the bind username/password.");?>");
765			return;
766			}
767			}
768			var url = 'system_usermanager_settings_ldapacpicker.php?';
769			url += 'port=' + document.getElementById("ldap_port").value;
770			url += '&host=' + document.getElementById("ldap_host").value;
771			url += '&scope=' + document.getElementById("ldap_scope").value;
772			url += '&basedn=' + document.getElementById("ldap_basedn").value;
773			url += '&binddn=' + document.getElementById("ldap_binddn").value;
774			url += '&bindpw=' + document.getElementById("ldap_bindpw").value;
775			url += '&urltype=' + document.getElementById("ldap_urltype").value;
776			url += '&proto=' + document.getElementById("ldap_protver").value;
777			url += '&authcn=' + document.getElementById("ldapauthcontainers").value;
778			<?php if (count($a_ca) > 0): ?>
779			url += '&cert=' + document.getElementById("ldap_caref").value;
780			<?php else: ?>
781			url += '&cert=';
782			<?php endif; ?>
783	7b4b0ad3	Stephen Beaver
784	501efbd2	Stephen Beaver	var oWin = window.open(url, "pfSensePop", "width=620,height=400,top=150,left=150");
785			if (oWin == null \|\| typeof(oWin) == "undefined") {
786	7b4b0ad3	Stephen Beaver	alert("<?=gettext('Popup blocker detected. Action aborted.');?>");
787	501efbd2	Stephen Beaver	}
788			}
789	7b4b0ad3	Stephen Beaver
790	f3a43095	Stephen Beaver	function set_ldap_port() {
791	7b4b0ad3	Stephen Beaver	if($('#ldap_urltype').find(":selected").index() == 0)
792	f3a43095	Stephen Beaver	$('#ldap_port').val('389');
793			else
794	7b4b0ad3	Stephen Beaver	$('#ldap_port').val('636');
795			}
796
797			// Hides all elements of the specified class. This will usually be a section
798			function hideClass(s_class, hide) {
799			if(hide)
800			$('.' + s_class).hide();
801			else
802			$('.' + s_class).show();
803	f3a43095	Stephen Beaver	}
804	7b4b0ad3	Stephen Beaver
805	ac9d8bed	Stephen Beaver	function ldap_tmplchange() {
806			switch ($('#ldap_tmpltype').find(":selected").index()) {
807			<?php
808			$index = 0;
809			foreach ($ldap_templates as $tmpldata):
810			?>
811			case <?=$index;?>:
812			$('#ldap_attr_user').val("<?=$tmpldata['attr_user'];?>");
813			$('#ldap_attr_group').val("<?=$tmpldata['attr_group'];?>");
814			$('#ldap_attr_member').val("<?=$tmpldata['attr_member'];?>");
815			break;
816			<?php
817			$index++;
818			endforeach;
819			?>
820			}
821			}
822	a0165602	Sjon Hortensius
823	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
824	782922c2	Stephen Beaver
825	c4302457	Stephen Beaver	<?php if ($act != 'edit') : ?>
826	ac9d8bed	Stephen Beaver	ldap_tmplchange();
827	c4302457	Stephen Beaver	<?php endif; ?>
828
829	b0909f2e	Stephen Beaver	hideClass('ldapanon', $('#ldap_anon').prop('checked'));
830	501efbd2	Stephen Beaver	$("#Select").prop('type','button');
831	e39a41e9	Stephen Beaver	hideClass('extended', !$('#ldap_extended_enabled').prop('checked'));
832	7b4b0ad3	Stephen Beaver
833	f3a43095	Stephen Beaver	if($('#ldap_port').val() == "")
834			set_ldap_port();
835	ac9d8bed	Stephen Beaver
836	ea342b0f	Stephen Beaver	<?php
837			if($act == 'edit') {
838			?>
839	6157f724	Stephen Beaver	$('#type option:not(:selected)').each(function(){
840	7b4b0ad3	Stephen Beaver	$(this).attr('disabled', 'disabled');
841	6157f724	Stephen Beaver	});
842	7b4b0ad3	Stephen Beaver
843	2138c41b	Stephen Beaver	<?php
844			if(!$input_errors) {
845	7b4b0ad3	Stephen Beaver	?>
846	6157f724	Stephen Beaver	$('#name').prop("readonly", true);
847	ea342b0f	Stephen Beaver	<?php
848	2138c41b	Stephen Beaver	}
849	ea342b0f	Stephen Beaver	}
850			?>
851	eef93144	Jared Dillard	// ---------- Click checkbox handlers ---------------------------------------------------------
852	782922c2	Stephen Beaver
853	ac9d8bed	Stephen Beaver	$('#ldap_tmpltype').on('change', function() {
854			ldap_tmplchange();
855			});
856	b0909f2e	Stephen Beaver
857	7b4b0ad3	Stephen Beaver	$('#ldap_anon').click(function () {
858			hideClass('ldapanon', this.checked);
859			});
860
861	f3a43095	Stephen Beaver	$('#ldap_urltype').on('change', function() {
862			set_ldap_port();
863	7b4b0ad3	Stephen Beaver	});
864
865			$('#Select').click(function () {
866			select_clicked();
867			});
868	504bd882	Stephen Beaver
869	e39a41e9	Stephen Beaver	$('#ldap_extended_enabled').click(function () {
870			hideClass('extended', !this.checked);
871			});
872	504bd882	Stephen Beaver
873	ac9d8bed	Stephen Beaver	});
874			//]]>
875			</script>
876			<?php
877	81ec3187	Chris Buechler	include("foot.inc");

Project

General

Profile

pfSense