/src/usr/local/www/system_usermanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_usermanager.php @ 83b4d0f9

1	1df17ba9	Scott Ullrich	<?php
2			/* $Id$ */
3	fab7ff44	Bill Marquette	/*
4	4c291f4c	Renato Botelho	system_usermanager.php
5	fab7ff44	Bill Marquette	*/
6	7d2e572f	Stephen Beaver	/* ====================================================================
7			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
8			* Copyright (c) 2004, 2005 Scott Ullrich
9			* Copyright (c) 2003-2005 Manuel Kasper <mk@neon1.net>
10			* Copyright (c) 2008 Shrew Soft Inc.
11			* Copyright (c) 2005 Paul Taylor <paultaylor@winn-dixie.com>
12			*
13			* Redistribution and use in source and binary forms, with or without modification,
14			* are permitted provided that the following conditions are met:
15			*
16			* 1. Redistributions of source code must retain the above copyright notice,
17			* this list of conditions and the following disclaimer.
18			*
19			* 2. Redistributions in binary form must reproduce the above copyright
20			* notice, this list of conditions and the following disclaimer in
21			* the documentation and/or other materials provided with the
22			* distribution.
23			*
24			* 3. All advertising materials mentioning features or use of this software
25			* must display the following acknowledgment:
26			* "This product includes software developed by the pfSense Project
27			* for use in the pfSense software distribution. (http://www.pfsense.org/).
28			*
29			* 4. The names "pfSense" and "pfSense Project" must not be used to
30			* endorse or promote products derived from this software without
31			* prior written permission. For written permission, please contact
32			* coreteam@pfsense.org.
33			*
34			* 5. Products derived from this software may not be called "pfSense"
35			* nor may "pfSense" appear in their names without prior written
36			* permission of the Electric Sheep Fencing, LLC.
37			*
38			* 6. Redistributions of any form whatsoever must retain the following
39			* acknowledgment:
40			*
41			* "This product includes software developed by the pfSense Project
42			* for use in the pfSense software distribution (http://www.pfsense.org/).
43			*
44			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
45			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
46			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
47			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
48			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
49			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
50			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
51			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
53			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
55			* OF THE POSSIBILITY OF SUCH DAMAGE.
56			*
57			* ====================================================================
58			*
59			*/
60	1d333258	Scott Ullrich	/*
61	3ccb9689	Charlie Marshall	pfSense_BUILDER_BINARIES:
62	7411c285	Stephen Beaver	pfSense_MODULE: auth
63	1d333258	Scott Ullrich	*/
64	fab7ff44	Bill Marquette
65	6b07c15a	Matthew Grooms	##\|+PRIV
66			##\|*IDENT=page-system-usermanager
67			##\|*NAME=System: User Manager page
68			##\|*DESCR=Allow access to the 'System: User Manager' page.
69			##\|MATCH=system_usermanager.php
70			##\|-PRIV
71
72	ead24d63	sullrich	require("certs.inc");
73	fab7ff44	Bill Marquette	require("guiconfig.inc");
74
75	e33be77c	Ermal	// start admin user code
76	73fa304b	Phil Davis	$pgtitle = array(gettext("System"), gettext("User Manager"));
77	fab7ff44	Bill Marquette
78	73fa304b	Phil Davis	if (isset($_POST['userid']) && is_numericint($_POST['userid'])) {
79	1a6769a6	Renato Botelho	$id = $_POST['userid'];
80	73fa304b	Phil Davis	}
81	1df17ba9	Scott Ullrich
82	7411c285	Stephen Beaver	if (isset($_GET['userid']) && is_numericint($_GET['userid'])) {
83			$id = $_GET['userid'];
84			}
85
86	73fa304b	Phil Davis	if (!isset($config['system']['user']) \|\| !is_array($config['system']['user'])) {
87	e33be77c	Ermal	$config['system']['user'] = array();
88	73fa304b	Phil Davis	}
89	1df17ba9	Scott Ullrich
90	e33be77c	Ermal	$a_user = &$config['system']['user'];
91	7411c285	Stephen Beaver	$act = $_GET['act'];
92	45ee90ed	Matthew Grooms
93	73fa304b	Phil Davis	if (isset($_SERVER['HTTP_REFERER'])) {
94	7c2d0050	Renato Botelho	$referer = $_SERVER['HTTP_REFERER'];
95	73fa304b	Phil Davis	} else {
96	7c2d0050	Renato Botelho	$referer = '/system_usermanager.php';
97	73fa304b	Phil Davis	}
98	7c2d0050	Renato Botelho
99	adacdf5f	jim-p	if (isset($id) && $a_user[$id]) {
100			$pconfig['usernamefld'] = $a_user[$id]['name'];
101			$pconfig['descr'] = $a_user[$id]['descr'];
102			$pconfig['expires'] = $a_user[$id]['expires'];
103			$pconfig['groups'] = local_user_get_groups($a_user[$id]);
104			$pconfig['utype'] = $a_user[$id]['scope'];
105			$pconfig['uid'] = $a_user[$id]['uid'];
106			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
107			$pconfig['priv'] = $a_user[$id]['priv'];
108			$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
109			$pconfig['disabled'] = isset($a_user[$id]['disabled']);
110			}
111
112	43acaa2f	Stephen Beaver	if ($_GET['act'] == "deluser") {
113	45ee90ed	Matthew Grooms
114	43acaa2f	Stephen Beaver	if (!isset($_GET['username']) \|\| !isset($a_user[$id]) \|\| ($_GET['username'] != $a_user[$id]['name'])) {
115	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
116			exit;
117	6b07c15a	Matthew Grooms	}
118
119	8a0ae97f	Renato Botelho	conf_mount_rw();
120	e33be77c	Ermal	local_user_del($a_user[$id]);
121	8a0ae97f	Renato Botelho	conf_mount_ro();
122	e33be77c	Ermal	$userdeleted = $a_user[$id]['name'];
123			unset($a_user[$id]);
124			write_config();
125			$savemsg = gettext("User")." {$userdeleted} ".
126	8cd558b6	ayvis	gettext("successfully deleted")."<br />";
127	e33be77c	Ermal	}
128	7411c285	Stephen Beaver	else if ($act == "new") {
129	e33be77c	Ermal	/*
130			* set this value cause the text field is read only
131			* and the user should not be able to mess with this
132			* setting.
133			*/
134			$pconfig['utype'] = "user";
135			$pconfig['lifetime'] = 3650;
136			}
137	45ee90ed	Matthew Grooms
138	73fa304b	Phil Davis	if (isset($_POST['dellall_x'])) {
139	4e21c82e	bruno
140			$del_users = $_POST['delete_check'];
141
142	73fa304b	Phil Davis	if (!empty($del_users)) {
143			foreach ($del_users as $userid) {
144	4e21c82e	bruno	if (isset($a_user[$userid]) && $a_user[$userid]['scope'] != "system") {
145			conf_mount_rw();
146			local_user_del($a_user[$userid]);
147			conf_mount_ro();
148			unset($a_user[$userid]);
149			}
150			}
151			$savemsg = gettext("Selected users removed successfully!");
152			write_config($savemsg);
153			}
154			}
155
156	98402844	Stephen Beaver	if ($_POST['act'] == "delcert") {
157
158			if (!$a_user[$id]) {
159			pfSenseHeader("system_usermanager.php");
160			exit;
161			}
162
163			$certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
164			$certdeleted = $certdeleted['descr'];
165			unset($a_user[$id]['cert'][$_POST['certid']]);
166			write_config();
167			$_POST['act'] = "edit";
168			$savemsg = gettext("Certificate") . " {$certdeleted} " . gettext("association removed.") . "<br />";
169			}
170
171	1a6769a6	Renato Botelho	if ($_POST['save']) {
172	e33be77c	Ermal	unset($input_errors);
173			$pconfig = $_POST;
174	45ee90ed	Matthew Grooms
175	e33be77c	Ermal	/* input validation */
176			if (isset($id) && ($a_user[$id])) {
177			$reqdfields = explode(" ", "usernamefld");
178			$reqdfieldsn = array(gettext("Username"));
179			} else {
180			if (empty($_POST['name'])) {
181			$reqdfields = explode(" ", "usernamefld passwordfld1");
182			$reqdfieldsn = array(
183			gettext("Username"),
184			gettext("Password"));
185	45ee90ed	Matthew Grooms	} else {
186	e33be77c	Ermal	$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
187			$reqdfieldsn = array(
188			gettext("Username"),
189			gettext("Password"),
190			gettext("Descriptive name"),
191			gettext("Certificate authority"),
192			gettext("Key length"),
193			gettext("Lifetime"));
194	45ee90ed	Matthew Grooms	}
195	e33be77c	Ermal	}
196	45ee90ed	Matthew Grooms
197	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
198	45ee90ed	Matthew Grooms
199	73fa304b	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) {
200	e33be77c	Ermal	$input_errors[] = gettext("The username contains invalid characters.");
201	73fa304b	Phil Davis	}
202	45ee90ed	Matthew Grooms
203	73fa304b	Phil Davis	if (strlen($_POST['usernamefld']) > 16) {
204	e33be77c	Ermal	$input_errors[] = gettext("The username is longer than 16 characters.");
205	73fa304b	Phil Davis	}
206	94d455da	jim-p
207	73fa304b	Phil Davis	if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) {
208	e33be77c	Ermal	$input_errors[] = gettext("The passwords do not match.");
209	73fa304b	Phil Davis	}
210	45ee90ed	Matthew Grooms
211	73fa304b	Phil Davis	if (isset($_POST['ipsecpsk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['ipsecpsk'])) {
212	123d8700	Renato Botelho	$input_errors[] = gettext("IPsec Pre-Shared Key contains invalid characters.");
213	73fa304b	Phil Davis	}
214	123d8700	Renato Botelho
215	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
216	e33be77c	Ermal	$oldusername = $a_user[$id]['name'];
217	73fa304b	Phil Davis	} else {
218	e33be77c	Ermal	$oldusername = "";
219	73fa304b	Phil Davis	}
220	e33be77c	Ermal	/* make sure this user name is unique */
221			if (!$input_errors) {
222			foreach ($a_user as $userent) {
223			if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
224			$input_errors[] = gettext("Another entry with the same username already exists.");
225			break;
226	58664cc9	Scott Ullrich	}
227	3dec33d4	Erik Fonnesbeck	}
228	e33be77c	Ermal	}
229			/* also make sure it is not reserved */
230			if (!$input_errors) {
231			$system_users = explode("\n", file_get_contents("/etc/passwd"));
232			foreach ($system_users as $s_user) {
233			$ent = explode(":", $s_user);
234			if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
235			$input_errors[] = gettext("That username is reserved by the system.");
236			break;
237	8339ab6d	jim-p	}
238	7e4a4513	Scott Ullrich	}
239	e33be77c	Ermal	}
240	1df17ba9	Scott Ullrich
241	e33be77c	Ermal	/*
242	e30050b6	Phil Davis	* Check for a valid expiration date if one is set at all (valid means,
243	4d148b59	Yehuda Katz	* DateTime puts out a time stamp so any DateTime compatible time
244	e33be77c	Ermal	* format may be used. to keep it simple for the enduser, we only
245			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
246			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
247	e30050b6	Phil Davis	* Otherwise such an entry would lead to an invalid expiration data.
248	e33be77c	Ermal	*/
249	73fa304b	Phil Davis	if ($_POST['expires']) {
250	4d148b59	Yehuda Katz	try {
251			$expdate = new DateTime($_POST['expires']);
252			//convert from any DateTime compatible date to MM/DD/YYYY
253			$_POST['expires'] = $expdate->format("m/d/Y");
254	73fa304b	Phil Davis	} catch (Exception $ex) {
255	e33be77c	Ermal	$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
256	0092b3bd	mgrooms	}
257	e33be77c	Ermal	}
258	0092b3bd	mgrooms
259	e33be77c	Ermal	if (!empty($_POST['name'])) {
260			$ca = lookup_ca($_POST['caref']);
261	73fa304b	Phil Davis	if (!$ca) {
262	4c291f4c	Renato Botelho	$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
263	73fa304b	Phil Davis	}
264	e33be77c	Ermal	}
265	c9794c06	Ermal
266	e33be77c	Ermal	/* if this is an AJAX caller then handle via JSON */
267			if (isAjax() && is_array($input_errors)) {
268			input_errors2Ajax($input_errors);
269			exit;
270			}
271	1df17ba9	Scott Ullrich
272	e33be77c	Ermal	if (!$input_errors) {
273	4ee51131	Sjon Hortensius	// This used to be a separate act=delpriv
274			if ($a_user[$id] && !empty($_POST['privid'])) {
275			foreach ($_POST['privid'] as $i)
276			unset($a_user[$id]['priv'][$i]);
277
278	98402844	Stephen Beaver	local_user_set($a_user[$id]);
279	4ee51131	Sjon Hortensius	write_config();
280			}
281
282	e33be77c	Ermal	conf_mount_rw();
283			$userent = array();
284	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
285	e33be77c	Ermal	$userent = $a_user[$id];
286	73fa304b	Phil Davis	}
287	e879fc81	Ermal
288	e33be77c	Ermal	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
289
290			/* the user name was modified */
291	926e0a2f	Phil Davis	if (!empty($_POST['oldusername']) && ($_POST['usernamefld'] <> $_POST['oldusername'])) {
292	e33be77c	Ermal	$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
293	fdcf104c	jim-p	local_user_del($userent);
294			}
295	1df17ba9	Scott Ullrich
296	e30050b6	Phil Davis	/* the user password was modified */
297	73fa304b	Phil Davis	if ($_POST['passwordfld1']) {
298	e33be77c	Ermal	local_user_set_password($userent, $_POST['passwordfld1']);
299	73fa304b	Phil Davis	}
300	1df17ba9	Scott Ullrich
301	e33be77c	Ermal	$userent['name'] = $_POST['usernamefld'];
302			$userent['descr'] = $_POST['descr'];
303			$userent['expires'] = $_POST['expires'];
304			$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
305			$userent['ipsecpsk'] = $_POST['ipsecpsk'];
306	3ccb9689	Charlie Marshall
307	73fa304b	Phil Davis	if ($_POST['disabled']) {
308	e33be77c	Ermal	$userent['disabled'] = true;
309	73fa304b	Phil Davis	} else {
310	e33be77c	Ermal	unset($userent['disabled']);
311	73fa304b	Phil Davis	}
312	e33be77c	Ermal
313	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
314	e33be77c	Ermal	$a_user[$id] = $userent;
315	73fa304b	Phil Davis	} else {
316	e33be77c	Ermal	if (!empty($_POST['name'])) {
317			$cert = array();
318			$cert['refid'] = uniqid();
319	4c291f4c	Renato Botelho	$userent['cert'] = array();
320	e33be77c	Ermal
321			$cert['descr'] = $_POST['name'];
322
323	4c291f4c	Renato Botelho	$subject = cert_get_subject_array($ca['crt']);
324	e33be77c	Ermal
325	4c291f4c	Renato Botelho	$dn = array(
326			'countryName' => $subject[0]['v'],
327			'stateOrProvinceName' => $subject[1]['v'],
328			'localityName' => $subject[2]['v'],
329			'organizationName' => $subject[3]['v'],
330			'emailAddress' => $subject[4]['v'],
331			'commonName' => $userent['name']);
332	e33be77c	Ermal
333			cert_create($cert, $_POST['caref'], $_POST['keylen'],
334			(int)$_POST['lifetime'], $dn);
335
336	73fa304b	Phil Davis	if (!is_array($config['cert'])) {
337	e33be77c	Ermal	$config['cert'] = array();
338	73fa304b	Phil Davis	}
339	e33be77c	Ermal	$config['cert'][] = $cert;
340			$userent['cert'][] = $cert['refid'];
341			}
342			$userent['uid'] = $config['system']['nextuid']++;
343			/* Add the user to All Users group. */
344			foreach ($config['system']['group'] as $gidx => $group) {
345			if ($group['name'] == "all") {
346	73fa304b	Phil Davis	if (!is_array($config['system']['group'][$gidx]['member'])) {
347	e33be77c	Ermal	$config['system']['group'][$gidx]['member'] = array();
348	73fa304b	Phil Davis	}
349	e33be77c	Ermal	$config['system']['group'][$gidx]['member'][] = $userent['uid'];
350			break;
351			}
352			}
353	970db70b	Scott Ullrich
354	e33be77c	Ermal	$a_user[] = $userent;
355	45ee90ed	Matthew Grooms	}
356	e33be77c	Ermal
357	900ce3b0	jim-p	/* Add user to groups so PHP can see the memberships properly or else the user's shell account does not get proper permissions (if applicable) See #5152. */
358			local_user_set_groups($userent,$_POST['groups']);
359	e33be77c	Ermal	local_user_set($userent);
360	900ce3b0	jim-p	/* Add user to groups again to ensure they are set everywhere, otherwise the user may not appear to be a member of the group. See commit:5372d26d9d25d751d16865ed9d46869d3b0ec5e1. */
361	73fa304b	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
362	e33be77c	Ermal	write_config();
363
364	73fa304b	Phil Davis	if (is_dir("/etc/inc/privhooks")) {
365	e33be77c	Ermal	run_plugins("/etc/inc/privhooks");
366	73fa304b	Phil Davis	}
367	e33be77c	Ermal
368			conf_mount_ro();
369	3ccb9689	Charlie Marshall
370	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
371	45ee90ed	Matthew Grooms	}
372	e33be77c	Ermal	}
373	fab7ff44	Bill Marquette
374	7411c285	Stephen Beaver	function build_priv_table() {
375			global $a_user, $id;
376
377			$privhtml = '<div class="table-responsive">';
378			$privhtml .= '<table class="table table-striped table-hover table-condensed">';
379			$privhtml .= '<thead>';
380	7d2e572f	Stephen Beaver	$privhtml .= '<tr>';
381			$privhtml .= '<th>' . gettext('Inherited from') . '</th>';
382			$privhtml .= '<th>' . gettext('Name') . '</th>';
383			$privhtml .= '<th>' . gettext('Description') . '</th>';
384			$privhtml .= '</tr>';
385	7411c285	Stephen Beaver	$privhtml .= '</thead>';
386			$privhtml .= '<tbody>';
387
388			foreach (get_user_privdesc($a_user[$id]) as $i => $priv) {
389			$privhtml .= '<tr>';
390			$privhtml .= '<td>' . htmlspecialchars($priv['group']) . '</td>';
391			$privhtml .= '<td>' . htmlspecialchars($priv['name']) . '</td>';
392			$privhtml .= '<td>' . htmlspecialchars($priv['descr']) . '</td>';
393			$privhtml .= '</tr>';
394			}
395
396			$privhtml .= '</tbody>';
397			$privhtml .= '</table>';
398			$privhtml .= '</div>';
399
400			$privhtml .= '<nav class="action-buttons">';
401			$privhtml .= '<a href="system_usermanager_addprivs.php?userid=' . $id . '" class="btn btn-success">' . gettext("Add") . '</a>';
402			$privhtml .= '</nav>';
403
404			return($privhtml);
405			}
406	98402844	Stephen Beaver
407	7411c285	Stephen Beaver	function build_cert_table() {
408			global $a_user, $id;
409
410			$certhtml = '<div class="table-responsive">';
411			$certhtml .= '<table class="table table-striped table-hover table-condensed">';
412			$certhtml .= '<thead>';
413	7d2e572f	Stephen Beaver	$certhtml .= '<tr>';
414			$certhtml .= '<th>' . gettext('Name') . '</th>';
415			$certhtml .= '<th>' . gettext('CA') . '</th>';
416	98402844	Stephen Beaver	$certhtml .= '<th></th>';
417	7d2e572f	Stephen Beaver	$certhtml .= '</tr>';
418	7411c285	Stephen Beaver	$certhtml .= '</thead>';
419			$certhtml .= '<tbody>';
420
421			$a_cert = $a_user[$id]['cert'];
422			if (is_array($a_cert)) {
423			$i = 0;
424			foreach ($a_cert as $certref) {
425	7d2e572f	Stephen Beaver	$cert = lookup_cert($certref);
426			$ca = lookup_ca($cert['caref']);
427			$revokedstr = is_cert_revoked($cert) ? '<b> Revoked</b>':'';
428
429	7411c285	Stephen Beaver	$certhtml .= '<tr>';
430	7d2e572f	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($cert['descr']) . $revokedstr . '</td>';
431	7411c285	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($ca['descr']) . '</td>';
432	db676e5b	Stephen Beaver	$certhtml .= '<td>';
433	98402844	Stephen Beaver	$certhtml .= '<a id="delcert' . $i .'" class="btn btn-xs btn-warning" title="';
434			$certhtml .= gettext('Remove this certificate association? (Certificate will not be deleted)') . '">Delete</a>';
435	db676e5b	Stephen Beaver	$certhtml .= '</td>';
436	7411c285	Stephen Beaver	$certhtml .= '</tr>';
437	db676e5b	Stephen Beaver	$i++;
438	7411c285	Stephen Beaver	}
439	db676e5b	Stephen Beaver
440	7411c285	Stephen Beaver	}
441
442			$certhtml .= '</tbody>';
443			$certhtml .= '</table>';
444			$certhtml .= '</div>';
445
446			$certhtml .= '<nav class="action-buttons">';
447			$certhtml .= '<a href="system_certmanager.php?act=new&userid=' . $id . '" class="btn btn-success">' . gettext("Add") . '</a>';
448			$certhtml .= '</nav>';
449
450			return($certhtml);
451			}
452
453	9ef4289c	Colin Fleming	$closehead = false;
454	e33be77c	Ermal	include("head.inc");
455	fab7ff44	Bill Marquette
456	4ee51131	Sjon Hortensius	if ($input_errors)
457			print_input_errors($input_errors);
458	98402844	Stephen Beaver
459	4ee51131	Sjon Hortensius	if ($savemsg)
460	98402844	Stephen Beaver	print_info_box($savemsg, 'success');
461	4ee51131	Sjon Hortensius
462			$tab_array = array();
463			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
464			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
465			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
466			$tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
467			display_top_tabs($tab_array);
468
469	7411c285	Stephen Beaver	if (!($act == "new" \|\| $act == "edit" \|\| $input_errors)) {
470	64600f94	Sjon Hortensius	?>
471	94404d94	Sander van Leeuwen
472			<div class="table-responsive">
473	7411c285	Stephen Beaver	<table class="table table-striped table-hover">
474			<thead>
475			<tr>
476			<th> </th>
477			<th><?=gettext("Username")?></th>
478			<th><?=gettext("Full name")?></th>
479			<th><?=gettext("Disabled")?></th>
480			<th><?=gettext("Groups")?></th>
481			</tr>
482			</thead>
483			<tbody>
484			</tbody>
485			<tbody>
486	a0165602	Sjon Hortensius	<?php
487			foreach($a_user as $i => $userent):
488			?>
489	7411c285	Stephen Beaver	<tr>
490			<td>
491			<input type="checkbox" id="frc<?=$i?>" name="delete_check[]" value="<?=$i?>" <?=($userent['scope'] == "system" ? 'disabled="disabled"' : '')?>/>
492			</td>
493			<td>
494	a0165602	Sjon Hortensius	<?php
495			if($userent['scope'] != "user")
496			$usrimg = 'eye-open';
497			else
498			$usrimg = 'user';
499			?>
500	7411c285	Stephen Beaver	<i class="icon icon-<?=$usrimg?>"></i>
501			<?=htmlspecialchars($userent['name'])?>
502			</td>
503			<td><?=htmlspecialchars($userent['descr'])?></td>
504			<td><?php if(isset($userent['disabled'])) echo "*"?></td>
505			<td><?=implode(",",local_user_get_groups($userent))?></td>
506			<td>
507			<a href="?act=edit&userid=<?=$i?>" class="btn btn-xs btn-primary">edit</a>
508	a0165602	Sjon Hortensius	<?php if($userent['scope'] != "system"): ?>
509	43acaa2f	Stephen Beaver	<a href="?act=deluser&userid=<?=$i?>&username=<?=$userent['name']?>" class="btn btn-xs btn-danger">delete</a>
510	a0165602	Sjon Hortensius	<?php endif; ?>
511	7411c285	Stephen Beaver	</td>
512			</tr>
513	a0165602	Sjon Hortensius	<?php endforeach; ?>
514	7411c285	Stephen Beaver	</tbody>
515			</table>
516	94404d94	Sander van Leeuwen	</div>
517			<nav class="action-buttons">
518			<a href="?act=new" class="btn btn-success">add new</a>
519			</nav>
520	a0165602	Sjon Hortensius	<p>
521			<?=gettext("Additional users can be added here. User permissions for accessing " .
522			"the webConfigurator can be assigned directly or inherited from group memberships. " .
523			"An icon that appears grey indicates that it is a system defined object. " .
524			"Some system object properties can be modified but they cannot be deleted.")?>
525			<br /><br />
526			<?=gettext("Accounts created here are also used for other parts of the system " .
527			"such as OpenVPN, IPsec, and Captive Portal.")?>
528			</p>
529			<?php
530			include("foot.inc");
531			exit;
532			}
533	4ee51131	Sjon Hortensius
534	ad2879b8	PiBa-NL	require_once('classes/Form.class.php');
535	4ee51131	Sjon Hortensius	$form = new Form;
536
537	7411c285	Stephen Beaver	if ($act == "new" \|\| $act == "edit" \|\| $input_errors):
538	4ee51131	Sjon Hortensius
539	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
540			'act',
541			null,
542			'hidden',
543			''
544			));
545	4ee51131	Sjon Hortensius
546	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
547			'userid',
548			null,
549			'hidden',
550			isset($id) ? $id:''
551			));
552	4ee51131	Sjon Hortensius
553	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
554			'privid',
555			null,
556			'hidden',
557			''
558			));
559	4ee51131	Sjon Hortensius
560	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
561			'certid',
562			null,
563			'hidden',
564			''
565			));
566	4ee51131	Sjon Hortensius
567	7411c285	Stephen Beaver	$ro = "";
568			if ($pconfig['utype'] == "system") {
569			$ro = "readonly=\"readonly\"";
570			}
571	4ee51131	Sjon Hortensius
572	7411c285	Stephen Beaver	$section = new Form_Section('User Properties');
573	4ee51131	Sjon Hortensius
574	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
575			'Defined by',
576			strtoupper($pconfig['utype'])
577			));
578	4ee51131	Sjon Hortensius
579	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
580			'utype',
581			null,
582			'hidden',
583			$pconfig['utype']
584			));
585	4ee51131	Sjon Hortensius
586	7411c285	Stephen Beaver	$section->addInput(new Form_Checkbox(
587			'disabled',
588			'Disabled',
589			'This user cannot login',
590			$pconfig['disabled']
591			));
592	6b07c15a	Matthew Grooms
593	7411c285	Stephen Beaver	$section->addInput($input = new Form_Input(
594			'usernamefld',
595			'Username',
596			'text',
597			$pconfig['usernamefld']
598			));
599	61dec0b0	Renato Botelho
600	7411c285	Stephen Beaver	if ($ro)
601	1fe9cc38	Stephen Beaver	$input->setReadonly();
602	7411c285	Stephen Beaver
603			$form->addGlobal(new Form_Input(
604			'oldusername',
605	4ee51131	Sjon Hortensius	null,
606	7411c285	Stephen Beaver	'hidden',
607			$pconfig['usernamefld']
608	4ee51131	Sjon Hortensius	));
609	6b07c15a	Matthew Grooms
610	7411c285	Stephen Beaver	$group = new Form_Group('Password');
611			$group->add(new Form_Input(
612			'passwordfld1',
613			'Password',
614			'password'
615			));
616			$group->add(new Form_Input(
617			'passwordfld2',
618			'Confirm Password',
619			'password'
620			));
621
622			$section->add($group);
623
624			$section->addInput($input = new Form_Input(
625			'descr',
626			'Full name',
627			'text',
628			htmlspecialchars($pconfig['descr'])
629			))->setHelp('User\'s full name, for your own information only');
630
631			if ($ro)
632			$input->setDisabled();
633
634			$section->addInput(new Form_Input(
635			'expires',
636			'Expiration date',
637			'date',
638			$pconfig['expires']
639			))->setHelp('Leave blank if the account shouldn\'t expire, otherwise enter '.
640			'the expiration date');
641
642			// ==== Group membership ==================================================
643			$group = new Form_Group('Group membership');
644
645	7d2e572f	Stephen Beaver	// Make a list of all the groups configured on the system, and a list of
646	7411c285	Stephen Beaver	// those which this user is a member of
647			$systemGroups = array();
648			$usersGroups = array();
649
650			$usergid = [$pconfig['usernamefld']];
651
652			foreach ($config['system']['group'] as $Ggroup) {
653	b4333696	Stephen Beaver	if($Ggroup['name'] != "all") {
654			if(($act == 'edit') && $Ggroup['member'] && in_array($pconfig['uid'], $Ggroup['member']))
655			$usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list
656			else
657			$systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list
658			}
659	7411c285	Stephen Beaver	}
660
661			$group->add(new Form_Select(
662			'sysgroups',
663			null,
664			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
665			$systemGroups,
666			true
667			))->setHelp('Not member of');
668	6b07c15a	Matthew Grooms
669	7411c285	Stephen Beaver	$group->add(new Form_Select(
670			'groups',
671			null,
672			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
673			$usersGroups,
674			true
675			))->setHelp('Member of');
676
677			$section->add($group);
678
679			$group = new Form_Group('');
680
681			$group->add(new Form_Button(
682			'movetoenabled',
683			'Move to "Member of" list >'
684			))->removeClass('btn-primary')->addClass('btn-default btn-sm');
685
686			$group->add(new Form_Button(
687			'movetodisabled',
688			'< Move to "Not member of" list'
689			))->removeClass('btn-primary')->addClass('btn-default btn-sm');
690	4ee51131	Sjon Hortensius
691	7411c285	Stephen Beaver	$group->setHelp('Hold down CTRL (pc)/COMMAND (mac) key to select multiple items');
692			$section->add($group);
693	4ee51131	Sjon Hortensius
694	7411c285	Stephen Beaver	// ==== Button for adding user certificate ================================
695			if($act == 'new') {
696	4ee51131	Sjon Hortensius	$section->addInput(new Form_Checkbox(
697	7411c285	Stephen Beaver	'showcert',
698			'Certificate',
699			'Click to create a user certificate',
700			false
701	4ee51131	Sjon Hortensius	));
702	6b07c15a	Matthew Grooms	}
703
704	7411c285	Stephen Beaver	$form->add($section);
705	6b07c15a	Matthew Grooms
706	7411c285	Stephen Beaver	// ==== Effective privileges section ======================================
707			if (isset($pconfig['uid'])) {
708			// We are going to build an HTML table and add it to an Input_StaticText. It may be ugly, but it
709			// is the best way to make the display we need.
710	6b07c15a	Matthew Grooms
711	7411c285	Stephen Beaver	$section = new Form_Section('Effective Privileges');
712	4ee51131	Sjon Hortensius
713	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
714			null,
715			build_priv_table()
716			));
717	4ee51131	Sjon Hortensius
718	7411c285	Stephen Beaver	$form->add($section);
719	4ee51131	Sjon Hortensius
720	7411c285	Stephen Beaver	// ==== Certificate table section =====================================
721			$section = new Form_Section('User certificates');
722
723			$section->addInput(new Form_StaticText(
724			null,
725			build_cert_table()
726			));
727	64600f94	Sjon Hortensius
728			$form->add($section);
729	c9794c06	Ermal	}
730	7411c285	Stephen Beaver	else;
731			$section = new Form_Section('User Certificates');
732
733			foreach ((array)$a_user[$id]['cert'] as $i => $certref) {
734			$cert = lookup_cert($certref);
735			$ca = lookup_ca($cert['caref']);
736
737			// We reverse name and action for readability of longer names
738			$section->addInput(new Form_Checkbox(
739			'certid[]',
740			'Delete certificate',
741			$cert['descr']. (is_cert_revoked($cert) ? ' <b>revoked</b>' : ''),
742			false,
743			$i
744			));
745			}
746
747			#FIXME; old ui supplied direct export links to each certificate
748	c9794c06	Ermal
749	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
750			null,
751			new Form_Button(null, 'add certificate', 'system_certmanager.php?act=new&userid='. $id).
752			new Form_Button(null, 'export certificates', 'system_certmanager.php')
753			));
754
755			// ==== Add user certificate for a new user
756			if (is_array($config['ca']) && count($config['ca']) > 0) {
757			$section = new Form_Section('Create certificate for user');
758			$section->addClass('cert-options');
759
760			$nonPrvCas = array();
761			foreach( $config['ca'] as $ca) {
762			if (!$ca['prv'])
763			continue;
764
765			$nonPrvCas[ $ca['refid'] ] = $ca['descr'];
766			}
767
768			if (!empty($nonPrvCas)) {
769			$section->addInput(new Form_Input(
770			'name',
771			'Descriptive name',
772			'text',
773			$pconfig['name']
774			));
775
776			$section->addInput(new Form_Select(
777			'caref',
778			'Certificate authority',
779			null,
780			$nonPrvCas
781			));
782
783			$section->addInput(new Form_Select(
784			'keylen',
785			'Key length',
786			2048,
787			array(
788			512 => '512 bits',
789			1024 => '1024 bits',
790			2048 => '2049 bits',
791			4096 => '4096 bits',
792			)
793			));
794
795			$section->addInput(new Form_Input(
796			'lifetime',
797			'Lifetime',
798			'number',
799			$pconfig['lifetime']
800			));
801			}
802
803			$form->add($section);
804			}
805
806			endif;
807			// ==== Paste a key for the new user
808	4ee51131	Sjon Hortensius	$section = new Form_Section('Keys');
809
810	35e0cd70	Stephen Beaver	$section->addInput(new Form_Checkbox(
811			'showkey',
812			'Authorized keys',
813			'Click to paste an authorized key',
814			false
815			));
816
817	4ee51131	Sjon Hortensius	$section->addInput(new Form_Textarea(
818			'authorizedkeys',
819	d1e73829	Stephen Beaver	'Authorized SSH Keys',
820	4ee51131	Sjon Hortensius	$pconfig['authorizedkeys']
821	d1e73829	Stephen Beaver	))->setHelp('Enter authorized SSH keys for this user');
822	4ee51131	Sjon Hortensius
823	35e0cd70	Stephen Beaver	$section->addInput(new Form_Input(
824	4ee51131	Sjon Hortensius	'ipsecpsk',
825			'IPsec Pre-Shared Key',
826			'text',
827			$pconfig['ipsecpsk']
828			));
829
830			$form->add($section);
831	7411c285	Stephen Beaver
832	a0165602	Sjon Hortensius	print $form;
833	7411c285	Stephen Beaver	?>
834			<script>
835			//<![CDATA[
836			events.push(function(){
837	eef93144	Jared Dillard	//---------- "Standard" show/hide functions ---------------------------------------------------
838
839	7411c285	Stephen Beaver	// Hides all elements of the specified class.
840			function hideClass(s_class, hide) {
841			if(hide)
842			$('.' + s_class).hide();
843			else
844			$('.' + s_class).show();
845			}
846
847			// Hides the <div> in which the specified input element lives so that the input, its label and help text are hidden
848			function hideInput(id, hide) {
849			if(hide)
850			$('#' + id).parent().parent('div').addClass('hidden');
851			else
852			$('#' + id).parent().parent('div').removeClass('hidden');
853			}
854
855	35e0cd70	Stephen Beaver	// Hides the <div> in which the specified checkbox lives so that the checkbox, its label and help text are hidden
856			function hideCheckbox(id, hide) {
857			if(hide)
858			$('#' + id).parent().parent().parent('div').addClass('hidden');
859			else
860			$('#' + id).parent().parent().parent('div').removeClass('hidden');
861			}
862
863	7411c285	Stephen Beaver	// Select every option in the specified multiselect
864			function AllServers(id, selectAll) {
865			for (i = 0; i < id.length; i++) {
866			id.eq(i).prop('selected', selectAll);
867			}
868			}
869
870			// Move all selected options from one multiselect to another
871			function moveOptions(From, To) {
872			var len = From.length;
873			var option;
874
875	32b84ded	Stephen Beaver	if(len > 0) {
876	7411c285	Stephen Beaver	for(i=0; i<len; i++) {
877			if(From.eq(i).is(':selected')) {
878			option = From.eq(i).val();
879			To.append(new Option(option, option));
880			From.eq(i).remove();
881			}
882			}
883			}
884			}
885
886			// Make buttons plain buttons, not submit
887			$("#movetodisabled").prop('type','button');
888			$("#movetoenabled").prop('type','button');
889
890			// On click . .
891			$("#movetodisabled").click(function() {
892			moveOptions($('[name="groups[]"] option'), $('[name="sysgroups[]"]'));
893			});
894
895			$("#movetoenabled").click(function() {
896			moveOptions($('[name="sysgroups[]"] option'), $('[name="groups[]"]'));
897			});
898
899			$("#showcert").click(function() {
900			hideClass('cert-options', !this.checked);
901			});
902
903			$("#showkey").click(function() {
904	35e0cd70	Stephen Beaver	hideInput('authorizedkeys', false);
905			hideCheckbox('showkey', true);
906	7411c285	Stephen Beaver	});
907
908	98402844	Stephen Beaver	$('[id^=delcert]').click(function(event) {
909			if(confirm(event.target.title)) {
910			$('#certid').val(event.target.id.match(/\d+$/)[0]);
911			$('#userid').val('<?=$id;?>');
912			$('#act').val('delcert');
913			$('form').submit();
914			}
915			});
916
917	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
918
919			hideClass('cert-options', true);
920			//hideInput('authorizedkeys', true);
921	d1e73829	Stephen Beaver	hideCheckbox('showkey', true);
922	7411c285	Stephen Beaver
923			// On submit mark all the user's groups as "selected"
924			$('form').submit(function(){
925			AllServers($('[name="groups[]"] option'), true);
926			});
927			});
928			//]]>
929			</script>
930			<?php
931	4ee51131	Sjon Hortensius
932	a0165602	Sjon Hortensius	include('foot.inc');

Project

General

Profile

pfSense