/src/usr/local/www/system_usermanager.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_usermanager.php @ 8545adde

1	1df17ba9	Scott Ullrich	<?php
2	fab7ff44	Bill Marquette	/*
3	4c291f4c	Renato Botelho	system_usermanager.php
4	fab7ff44	Bill Marquette	*/
5	7d2e572f	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7			* Copyright (c) 2008 Shrew Soft Inc.
8			* Copyright (c) 2005 Paul Taylor <paultaylor@winn-dixie.com>
9			*
10	cb41dd63	Renato Botelho	* Some or all of this file is based on the m0n0wall project which is
11			* Copyright (c) 2004 Manuel Kasper (BSD 2 clause)
12	191cb31d	Stephen Beaver	*
13	7d2e572f	Stephen Beaver	* Redistribution and use in source and binary forms, with or without modification,
14			* are permitted provided that the following conditions are met:
15			*
16			* 1. Redistributions of source code must retain the above copyright notice,
17			* this list of conditions and the following disclaimer.
18			*
19			* 2. Redistributions in binary form must reproduce the above copyright
20			* notice, this list of conditions and the following disclaimer in
21			* the documentation and/or other materials provided with the
22			* distribution.
23			*
24			* 3. All advertising materials mentioning features or use of this software
25			* must display the following acknowledgment:
26			* "This product includes software developed by the pfSense Project
27			* for use in the pfSense software distribution. (http://www.pfsense.org/).
28			*
29			* 4. The names "pfSense" and "pfSense Project" must not be used to
30			* endorse or promote products derived from this software without
31			* prior written permission. For written permission, please contact
32			* coreteam@pfsense.org.
33			*
34			* 5. Products derived from this software may not be called "pfSense"
35			* nor may "pfSense" appear in their names without prior written
36			* permission of the Electric Sheep Fencing, LLC.
37			*
38			* 6. Redistributions of any form whatsoever must retain the following
39			* acknowledgment:
40			*
41			* "This product includes software developed by the pfSense Project
42			* for use in the pfSense software distribution (http://www.pfsense.org/).
43			*
44			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
45			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
46			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
47			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
48			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
49			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
50			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
51			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
53			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
55			* OF THE POSSIBILITY OF SUCH DAMAGE.
56			*
57			* ====================================================================
58			*
59			*/
60	fab7ff44	Bill Marquette
61	6b07c15a	Matthew Grooms	##\|+PRIV
62			##\|*IDENT=page-system-usermanager
63	5230f468	jim-p	##\|*NAME=System: User Manager
64	6b07c15a	Matthew Grooms	##\|*DESCR=Allow access to the 'System: User Manager' page.
65			##\|MATCH=system_usermanager.php
66			##\|-PRIV
67
68	ead24d63	sullrich	require("certs.inc");
69	fab7ff44	Bill Marquette	require("guiconfig.inc");
70
71	e33be77c	Ermal	// start admin user code
72	461487c2	Phil Davis	$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Users"));
73	fab7ff44	Bill Marquette
74	73fa304b	Phil Davis	if (isset($_POST['userid']) && is_numericint($_POST['userid'])) {
75	1a6769a6	Renato Botelho	$id = $_POST['userid'];
76	73fa304b	Phil Davis	}
77	1df17ba9	Scott Ullrich
78	7411c285	Stephen Beaver	if (isset($_GET['userid']) && is_numericint($_GET['userid'])) {
79			$id = $_GET['userid'];
80			}
81
82	73fa304b	Phil Davis	if (!isset($config['system']['user']) \|\| !is_array($config['system']['user'])) {
83	e33be77c	Ermal	$config['system']['user'] = array();
84	73fa304b	Phil Davis	}
85	1df17ba9	Scott Ullrich
86	e33be77c	Ermal	$a_user = &$config['system']['user'];
87	7411c285	Stephen Beaver	$act = $_GET['act'];
88	45ee90ed	Matthew Grooms
89	73fa304b	Phil Davis	if (isset($_SERVER['HTTP_REFERER'])) {
90	7c2d0050	Renato Botelho	$referer = $_SERVER['HTTP_REFERER'];
91	73fa304b	Phil Davis	} else {
92	7c2d0050	Renato Botelho	$referer = '/system_usermanager.php';
93	73fa304b	Phil Davis	}
94	7c2d0050	Renato Botelho
95	adacdf5f	jim-p	if (isset($id) && $a_user[$id]) {
96			$pconfig['usernamefld'] = $a_user[$id]['name'];
97			$pconfig['descr'] = $a_user[$id]['descr'];
98			$pconfig['expires'] = $a_user[$id]['expires'];
99			$pconfig['groups'] = local_user_get_groups($a_user[$id]);
100			$pconfig['utype'] = $a_user[$id]['scope'];
101			$pconfig['uid'] = $a_user[$id]['uid'];
102			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
103			$pconfig['priv'] = $a_user[$id]['priv'];
104			$pconfig['ipsecpsk'] = $a_user[$id]['ipsecpsk'];
105			$pconfig['disabled'] = isset($a_user[$id]['disabled']);
106			}
107
108	43acaa2f	Stephen Beaver	if ($_GET['act'] == "deluser") {
109	45ee90ed	Matthew Grooms
110	43acaa2f	Stephen Beaver	if (!isset($_GET['username']) \|\| !isset($a_user[$id]) \|\| ($_GET['username'] != $a_user[$id]['name'])) {
111	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
112			exit;
113	6b07c15a	Matthew Grooms	}
114
115	8a0ae97f	Renato Botelho	conf_mount_rw();
116	e33be77c	Ermal	local_user_del($a_user[$id]);
117	8a0ae97f	Renato Botelho	conf_mount_ro();
118	e33be77c	Ermal	$userdeleted = $a_user[$id]['name'];
119			unset($a_user[$id]);
120			write_config();
121	8545adde	k-paulius	$savemsg = sprintf(gettext("User %s successfully deleted."), $userdeleted);
122	d61309a0	Phil Davis	} else if ($act == "new") {
123	e33be77c	Ermal	/*
124			* set this value cause the text field is read only
125			* and the user should not be able to mess with this
126			* setting.
127			*/
128			$pconfig['utype'] = "user";
129			$pconfig['lifetime'] = 3650;
130			}
131	45ee90ed	Matthew Grooms
132	64c31615	Stephen Beaver	if (isset($_POST['dellall'])) {
133	4e21c82e	bruno
134			$del_users = $_POST['delete_check'];
135
136	73fa304b	Phil Davis	if (!empty($del_users)) {
137			foreach ($del_users as $userid) {
138	4e21c82e	bruno	if (isset($a_user[$userid]) && $a_user[$userid]['scope'] != "system") {
139			conf_mount_rw();
140			local_user_del($a_user[$userid]);
141	64c31615	Stephen Beaver	conf_mount_ro();
142	4e21c82e	bruno	unset($a_user[$userid]);
143			}
144			}
145	8545adde	k-paulius	$savemsg = gettext("Selected users removed successfully.");
146	4e21c82e	bruno	write_config($savemsg);
147			}
148			}
149
150	98402844	Stephen Beaver	if ($_POST['act'] == "delcert") {
151
152			if (!$a_user[$id]) {
153			pfSenseHeader("system_usermanager.php");
154			exit;
155			}
156
157			$certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]);
158			$certdeleted = $certdeleted['descr'];
159			unset($a_user[$id]['cert'][$_POST['certid']]);
160			write_config();
161			$_POST['act'] = "edit";
162	ed10e389	Phil Davis	$savemsg = sprintf(gettext("Certificate %s association removed."), $certdeleted);
163	98402844	Stephen Beaver	}
164	64c31615	Stephen Beaver
165	945204b1	Stephen Beaver	if ($_POST['act'] == "delprivid") {
166			$privdeleted = $priv_list[$a_user[$id]['priv'][$_POST['privid']]]['name'];
167			unset($a_user[$id]['priv'][$_POST['privid']]);
168			local_user_set($a_user[$id]);
169			write_config();
170			$_POST['act'] = "edit";
171	ed10e389	Phil Davis	$savemsg = sprintf(gettext("Privilege %s removed."), $privdeleted);
172	4c879f95	heper	}
173	98402844	Stephen Beaver
174	1a6769a6	Renato Botelho	if ($_POST['save']) {
175	e33be77c	Ermal	unset($input_errors);
176			$pconfig = $_POST;
177	45ee90ed	Matthew Grooms
178	e33be77c	Ermal	/* input validation */
179			if (isset($id) && ($a_user[$id])) {
180			$reqdfields = explode(" ", "usernamefld");
181			$reqdfieldsn = array(gettext("Username"));
182			} else {
183			if (empty($_POST['name'])) {
184			$reqdfields = explode(" ", "usernamefld passwordfld1");
185			$reqdfieldsn = array(
186			gettext("Username"),
187			gettext("Password"));
188	45ee90ed	Matthew Grooms	} else {
189	e33be77c	Ermal	$reqdfields = explode(" ", "usernamefld passwordfld1 name caref keylen lifetime");
190			$reqdfieldsn = array(
191			gettext("Username"),
192			gettext("Password"),
193			gettext("Descriptive name"),
194			gettext("Certificate authority"),
195			gettext("Key length"),
196			gettext("Lifetime"));
197	45ee90ed	Matthew Grooms	}
198	e33be77c	Ermal	}
199	45ee90ed	Matthew Grooms
200	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
201	45ee90ed	Matthew Grooms
202	73fa304b	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) {
203	e33be77c	Ermal	$input_errors[] = gettext("The username contains invalid characters.");
204	73fa304b	Phil Davis	}
205	45ee90ed	Matthew Grooms
206	73fa304b	Phil Davis	if (strlen($_POST['usernamefld']) > 16) {
207	e33be77c	Ermal	$input_errors[] = gettext("The username is longer than 16 characters.");
208	73fa304b	Phil Davis	}
209	94d455da	jim-p
210	73fa304b	Phil Davis	if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) {
211	e33be77c	Ermal	$input_errors[] = gettext("The passwords do not match.");
212	73fa304b	Phil Davis	}
213	45ee90ed	Matthew Grooms
214	73fa304b	Phil Davis	if (isset($_POST['ipsecpsk']) && !preg_match('/^[[:ascii:]]*$/', $_POST['ipsecpsk'])) {
215	123d8700	Renato Botelho	$input_errors[] = gettext("IPsec Pre-Shared Key contains invalid characters.");
216	73fa304b	Phil Davis	}
217	123d8700	Renato Botelho
218	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
219	e33be77c	Ermal	$oldusername = $a_user[$id]['name'];
220	73fa304b	Phil Davis	} else {
221	e33be77c	Ermal	$oldusername = "";
222	73fa304b	Phil Davis	}
223	e33be77c	Ermal	/* make sure this user name is unique */
224			if (!$input_errors) {
225			foreach ($a_user as $userent) {
226			if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
227			$input_errors[] = gettext("Another entry with the same username already exists.");
228			break;
229	58664cc9	Scott Ullrich	}
230	3dec33d4	Erik Fonnesbeck	}
231	e33be77c	Ermal	}
232			/* also make sure it is not reserved */
233			if (!$input_errors) {
234			$system_users = explode("\n", file_get_contents("/etc/passwd"));
235			foreach ($system_users as $s_user) {
236			$ent = explode(":", $s_user);
237			if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) {
238			$input_errors[] = gettext("That username is reserved by the system.");
239			break;
240	8339ab6d	jim-p	}
241	7e4a4513	Scott Ullrich	}
242	e33be77c	Ermal	}
243	1df17ba9	Scott Ullrich
244	e33be77c	Ermal	/*
245	e30050b6	Phil Davis	* Check for a valid expiration date if one is set at all (valid means,
246	4d148b59	Yehuda Katz	* DateTime puts out a time stamp so any DateTime compatible time
247	e33be77c	Ermal	* format may be used. to keep it simple for the enduser, we only
248			* claim to accept MM/DD/YYYY as inputs. Advanced users may use inputs
249			* like "+1 day", which will be converted to MM/DD/YYYY based on "now".
250	e30050b6	Phil Davis	* Otherwise such an entry would lead to an invalid expiration data.
251	e33be77c	Ermal	*/
252	73fa304b	Phil Davis	if ($_POST['expires']) {
253	4d148b59	Yehuda Katz	try {
254			$expdate = new DateTime($_POST['expires']);
255			//convert from any DateTime compatible date to MM/DD/YYYY
256			$_POST['expires'] = $expdate->format("m/d/Y");
257	73fa304b	Phil Davis	} catch (Exception $ex) {
258	e33be77c	Ermal	$input_errors[] = gettext("Invalid expiration date format; use MM/DD/YYYY instead.");
259	0092b3bd	mgrooms	}
260	e33be77c	Ermal	}
261	0092b3bd	mgrooms
262	e33be77c	Ermal	if (!empty($_POST['name'])) {
263			$ca = lookup_ca($_POST['caref']);
264	73fa304b	Phil Davis	if (!$ca) {
265	4c291f4c	Renato Botelho	$input_errors[] = gettext("Invalid internal Certificate Authority") . "\n";
266	73fa304b	Phil Davis	}
267	e33be77c	Ermal	}
268	c9794c06	Ermal
269	e33be77c	Ermal	/* if this is an AJAX caller then handle via JSON */
270			if (isAjax() && is_array($input_errors)) {
271			input_errors2Ajax($input_errors);
272			exit;
273			}
274	64c31615	Stephen Beaver
275	e33be77c	Ermal	if (!$input_errors) {
276	4ee51131	Sjon Hortensius
277	e33be77c	Ermal	conf_mount_rw();
278			$userent = array();
279	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
280	e33be77c	Ermal	$userent = $a_user[$id];
281	73fa304b	Phil Davis	}
282	e879fc81	Ermal
283	e33be77c	Ermal	isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
284
285			/* the user name was modified */
286	926e0a2f	Phil Davis	if (!empty($_POST['oldusername']) && ($_POST['usernamefld'] <> $_POST['oldusername'])) {
287	e33be77c	Ermal	$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
288	fdcf104c	jim-p	local_user_del($userent);
289			}
290	1df17ba9	Scott Ullrich
291	e30050b6	Phil Davis	/* the user password was modified */
292	73fa304b	Phil Davis	if ($_POST['passwordfld1']) {
293	e33be77c	Ermal	local_user_set_password($userent, $_POST['passwordfld1']);
294	73fa304b	Phil Davis	}
295	1df17ba9	Scott Ullrich
296	5cde9005	NewEraCracker	/* only change description if sent */
297			if (isset($_POST['descr'])) {
298			$userent['descr'] = $_POST['descr'];
299			}
300
301	e33be77c	Ermal	$userent['name'] = $_POST['usernamefld'];
302			$userent['expires'] = $_POST['expires'];
303			$userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
304			$userent['ipsecpsk'] = $_POST['ipsecpsk'];
305	3ccb9689	Charlie Marshall
306	73fa304b	Phil Davis	if ($_POST['disabled']) {
307	e33be77c	Ermal	$userent['disabled'] = true;
308	73fa304b	Phil Davis	} else {
309	e33be77c	Ermal	unset($userent['disabled']);
310	73fa304b	Phil Davis	}
311	e33be77c	Ermal
312	73fa304b	Phil Davis	if (isset($id) && $a_user[$id]) {
313	e33be77c	Ermal	$a_user[$id] = $userent;
314	73fa304b	Phil Davis	} else {
315	e33be77c	Ermal	if (!empty($_POST['name'])) {
316			$cert = array();
317			$cert['refid'] = uniqid();
318	4c291f4c	Renato Botelho	$userent['cert'] = array();
319	e33be77c	Ermal
320			$cert['descr'] = $_POST['name'];
321
322	4c291f4c	Renato Botelho	$subject = cert_get_subject_array($ca['crt']);
323	e33be77c	Ermal
324	4c291f4c	Renato Botelho	$dn = array(
325			'countryName' => $subject[0]['v'],
326			'stateOrProvinceName' => $subject[1]['v'],
327			'localityName' => $subject[2]['v'],
328			'organizationName' => $subject[3]['v'],
329			'emailAddress' => $subject[4]['v'],
330			'commonName' => $userent['name']);
331	e33be77c	Ermal
332			cert_create($cert, $_POST['caref'], $_POST['keylen'],
333			(int)$_POST['lifetime'], $dn);
334
335	73fa304b	Phil Davis	if (!is_array($config['cert'])) {
336	e33be77c	Ermal	$config['cert'] = array();
337	73fa304b	Phil Davis	}
338	e33be77c	Ermal	$config['cert'][] = $cert;
339			$userent['cert'][] = $cert['refid'];
340			}
341			$userent['uid'] = $config['system']['nextuid']++;
342			/* Add the user to All Users group. */
343			foreach ($config['system']['group'] as $gidx => $group) {
344			if ($group['name'] == "all") {
345	73fa304b	Phil Davis	if (!is_array($config['system']['group'][$gidx]['member'])) {
346	e33be77c	Ermal	$config['system']['group'][$gidx]['member'] = array();
347	73fa304b	Phil Davis	}
348	e33be77c	Ermal	$config['system']['group'][$gidx]['member'][] = $userent['uid'];
349			break;
350			}
351			}
352	970db70b	Scott Ullrich
353	e33be77c	Ermal	$a_user[] = $userent;
354	45ee90ed	Matthew Grooms	}
355	e33be77c	Ermal
356	900ce3b0	jim-p	/* Add user to groups so PHP can see the memberships properly or else the user's shell account does not get proper permissions (if applicable) See #5152. */
357	d61309a0	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
358	e33be77c	Ermal	local_user_set($userent);
359	900ce3b0	jim-p	/* Add user to groups again to ensure they are set everywhere, otherwise the user may not appear to be a member of the group. See commit:5372d26d9d25d751d16865ed9d46869d3b0ec5e1. */
360	73fa304b	Phil Davis	local_user_set_groups($userent, $_POST['groups']);
361	e33be77c	Ermal	write_config();
362
363	73fa304b	Phil Davis	if (is_dir("/etc/inc/privhooks")) {
364	e33be77c	Ermal	run_plugins("/etc/inc/privhooks");
365	73fa304b	Phil Davis	}
366	e33be77c	Ermal
367			conf_mount_ro();
368	3ccb9689	Charlie Marshall
369	e33be77c	Ermal	pfSenseHeader("system_usermanager.php");
370	45ee90ed	Matthew Grooms	}
371	e33be77c	Ermal	}
372	fab7ff44	Bill Marquette
373	7411c285	Stephen Beaver	function build_priv_table() {
374			global $a_user, $id;
375
376			$privhtml = '<div class="table-responsive">';
377			$privhtml .= '<table class="table table-striped table-hover table-condensed">';
378			$privhtml .= '<thead>';
379	7d2e572f	Stephen Beaver	$privhtml .= '<tr>';
380			$privhtml .= '<th>' . gettext('Inherited from') . '</th>';
381			$privhtml .= '<th>' . gettext('Name') . '</th>';
382			$privhtml .= '<th>' . gettext('Description') . '</th>';
383			$privhtml .= '</tr>';
384	7411c285	Stephen Beaver	$privhtml .= '</thead>';
385			$privhtml .= '<tbody>';
386
387	945204b1	Stephen Beaver	$i = 0;
388
389			foreach (get_user_privdesc($a_user[$id]) as $priv) {
390			$group = false;
391			if ($priv['group']) {
392			$group = $priv['group'];
393			}
394
395	7411c285	Stephen Beaver	$privhtml .= '<tr>';
396			$privhtml .= '<td>' . htmlspecialchars($priv['group']) . '</td>';
397			$privhtml .= '<td>' . htmlspecialchars($priv['name']) . '</td>';
398			$privhtml .= '<td>' . htmlspecialchars($priv['descr']) . '</td>';
399	945204b1	Stephen Beaver	$privhtml .= '<td>';
400	d61309a0	Phil Davis	if (!$group) {
401	ed10e389	Phil Davis	$privhtml .= '<a class="fa fa-trash no-confirm icon-pointer" title="' . gettext('Delete Privilege') . '" id="delprivid' . $i . '"></a></td>';
402	d61309a0	Phil Davis	}
403	945204b1	Stephen Beaver
404			$privhtml .= '</td>';
405	7411c285	Stephen Beaver	$privhtml .= '</tr>';
406	945204b1	Stephen Beaver
407	d61309a0	Phil Davis	if (!$group) {
408	945204b1	Stephen Beaver	$i++;
409	d61309a0	Phil Davis	}
410	7411c285	Stephen Beaver	}
411
412			$privhtml .= '</tbody>';
413			$privhtml .= '</table>';
414			$privhtml .= '</div>';
415
416			$privhtml .= '<nav class="action-buttons">';
417			$privhtml .= '<a href="system_usermanager_addprivs.php?userid=' . $id . '" class="btn btn-success">' . gettext("Add") . '</a>';
418			$privhtml .= '</nav>';
419
420			return($privhtml);
421			}
422	98402844	Stephen Beaver
423	7411c285	Stephen Beaver	function build_cert_table() {
424			global $a_user, $id;
425
426			$certhtml = '<div class="table-responsive">';
427			$certhtml .= '<table class="table table-striped table-hover table-condensed">';
428			$certhtml .= '<thead>';
429	7d2e572f	Stephen Beaver	$certhtml .= '<tr>';
430			$certhtml .= '<th>' . gettext('Name') . '</th>';
431			$certhtml .= '<th>' . gettext('CA') . '</th>';
432	98402844	Stephen Beaver	$certhtml .= '<th></th>';
433	7d2e572f	Stephen Beaver	$certhtml .= '</tr>';
434	7411c285	Stephen Beaver	$certhtml .= '</thead>';
435			$certhtml .= '<tbody>';
436
437			$a_cert = $a_user[$id]['cert'];
438			if (is_array($a_cert)) {
439			$i = 0;
440			foreach ($a_cert as $certref) {
441	7d2e572f	Stephen Beaver	$cert = lookup_cert($certref);
442			$ca = lookup_ca($cert['caref']);
443			$revokedstr = is_cert_revoked($cert) ? '<b> Revoked</b>':'';
444
445	7411c285	Stephen Beaver	$certhtml .= '<tr>';
446	7d2e572f	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($cert['descr']) . $revokedstr . '</td>';
447	7411c285	Stephen Beaver	$certhtml .= '<td>' . htmlspecialchars($ca['descr']) . '</td>';
448	db676e5b	Stephen Beaver	$certhtml .= '<td>';
449	945204b1	Stephen Beaver	$certhtml .= '<a id="delcert' . $i .'" class="fa fa-trash no-confirm icon-pointer" title="';
450	f14ff867	Phil Davis	$certhtml .= gettext('Remove this certificate association? (Certificate will not be deleted)') . '"></a>';
451	db676e5b	Stephen Beaver	$certhtml .= '</td>';
452	7411c285	Stephen Beaver	$certhtml .= '</tr>';
453	db676e5b	Stephen Beaver	$i++;
454	7411c285	Stephen Beaver	}
455	db676e5b	Stephen Beaver
456	7411c285	Stephen Beaver	}
457
458			$certhtml .= '</tbody>';
459			$certhtml .= '</table>';
460			$certhtml .= '</div>';
461
462			$certhtml .= '<nav class="action-buttons">';
463			$certhtml .= '<a href="system_certmanager.php?act=new&userid=' . $id . '" class="btn btn-success">' . gettext("Add") . '</a>';
464			$certhtml .= '</nav>';
465
466			return($certhtml);
467			}
468
469	e33be77c	Ermal	include("head.inc");
470	fab7ff44	Bill Marquette
471	d61309a0	Phil Davis	if ($input_errors) {
472	4ee51131	Sjon Hortensius	print_input_errors($input_errors);
473	d61309a0	Phil Davis	}
474	98402844	Stephen Beaver
475	d61309a0	Phil Davis	if ($savemsg) {
476	98402844	Stephen Beaver	print_info_box($savemsg, 'success');
477	d61309a0	Phil Davis	}
478	4ee51131	Sjon Hortensius
479			$tab_array = array();
480			$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
481			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
482			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
483	2d1f33d9	k-paulius	$tab_array[] = array(gettext("Authentication Servers"), false, "system_authservers.php");
484	4ee51131	Sjon Hortensius	display_top_tabs($tab_array);
485
486	7411c285	Stephen Beaver	if (!($act == "new" \|\| $act == "edit" \|\| $input_errors)) {
487	64600f94	Sjon Hortensius	?>
488	64c31615	Stephen Beaver	<form method="post">
489	060ed238	Stephen Beaver	<div class="panel panel-default">
490			<div class="panel-heading"><h2 class="panel-title"><?=gettext('Users')?></h2></div>
491			<div class="panel-body">
492			<div class="table-responsive">
493			<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable>
494			<thead>
495			<tr>
496			<th> </th>
497			<th><?=gettext("Username")?></th>
498			<th><?=gettext("Full name")?></th>
499			<th><?=gettext("Disabled")?></th>
500			<th><?=gettext("Groups")?></th>
501	70dc5cd6	Phil Davis	<th><?=gettext("Actions")?></th>
502	060ed238	Stephen Beaver	</tr>
503			</thead>
504			<tbody>
505	a0165602	Sjon Hortensius	<?php
506	d61309a0	Phil Davis	foreach ($a_user as $i => $userent):
507	a0165602	Sjon Hortensius	?>
508	060ed238	Stephen Beaver	<tr>
509			<td>
510			<input type="checkbox" id="frc<?=$i?>" name="delete_check[]" value="<?=$i?>" <?=($userent['scope'] == "system" ? 'disabled' : '')?>/>
511			</td>
512			<td>
513	a0165602	Sjon Hortensius	<?php
514	d61309a0	Phil Davis	if ($userent['scope'] != "user") {
515	a0165602	Sjon Hortensius	$usrimg = 'eye-open';
516	d61309a0	Phil Davis	} else {
517	a0165602	Sjon Hortensius	$usrimg = 'user';
518	d61309a0	Phil Davis	}
519	a0165602	Sjon Hortensius	?>
520	060ed238	Stephen Beaver	<i class="fa fa-<?=$usrimg?>"></i>
521			<?=htmlspecialchars($userent['name'])?>
522			</td>
523			<td><?=htmlspecialchars($userent['descr'])?></td>
524			<td><?php if (isset($userent['disabled'])) echo "*"?></td>
525			<td><?=implode(",", local_user_get_groups($userent))?></td>
526			<td>
527			<a class="fa fa-pencil" title="<?=gettext("Edit user"); ?>" href="?act=edit&userid=<?=$i?>"></a>
528	d61309a0	Phil Davis	<?php if ($userent['scope'] != "system"): ?>
529	060ed238	Stephen Beaver	<a class="fa fa-trash" title="<?=gettext("Delete user")?>" href="?act=deluser&userid=<?=$i?>&username=<?=$userent['name']?>"></a>
530	a0165602	Sjon Hortensius	<?php endif; ?>
531	060ed238	Stephen Beaver	</td>
532			</tr>
533	a0165602	Sjon Hortensius	<?php endforeach; ?>
534	060ed238	Stephen Beaver	</tbody>
535			</table>
536			</div>
537			</div>
538	94404d94	Sander van Leeuwen	</div>
539	c10cb196	Stephen Beaver	<nav class="action-buttons">
540	64c31615	Stephen Beaver	<a href="?act=new" class="btn btn-sm btn-success">
541	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
542	b921ab63	Stephen Beaver	<?=gettext("Add")?>
543			</a>
544	64c31615	Stephen Beaver
545			<button type="submit" class="btn btn-sm btn-danger" name="dellall" value="dellall" title="<?=gettext('Delete selected users')?>">
546			<i class="fa fa-trash icon-embed-btn"></i>
547			<?=gettext("Delete")?>
548			</button>
549	94404d94	Sander van Leeuwen	</nav>
550	d825dfea	NOYB	</form>
551	b921ab63	Stephen Beaver
552	35681930	Stephen Beaver	<div class="infoblock">
553	b921ab63	Stephen Beaver	<?=print_info_box(gettext("Additional users can be added here. User permissions for accessing " .
554	a0165602	Sjon Hortensius	"the webConfigurator can be assigned directly or inherited from group memberships. " .
555			"An icon that appears grey indicates that it is a system defined object. " .
556	b921ab63	Stephen Beaver	"Some system object properties can be modified but they cannot be deleted.") .
557			'<br /><br />' .
558	64c31615	Stephen Beaver	gettext("Accounts added here are also used for other parts of the system " .
559	85d29bf5	Stephen Beaver	"such as OpenVPN, IPsec, and Captive Portal."), 'info', false)?>
560	b921ab63	Stephen Beaver	</div>
561
562	a0165602	Sjon Hortensius	<?php
563			include("foot.inc");
564			exit;
565			}
566	4ee51131	Sjon Hortensius
567			$form = new Form;
568
569	7411c285	Stephen Beaver	if ($act == "new" \|\| $act == "edit" \|\| $input_errors):
570	4ee51131	Sjon Hortensius
571	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
572			'act',
573			null,
574			'hidden',
575			''
576			));
577	4ee51131	Sjon Hortensius
578	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
579			'userid',
580			null,
581			'hidden',
582			isset($id) ? $id:''
583			));
584	4ee51131	Sjon Hortensius
585	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
586			'privid',
587			null,
588			'hidden',
589			''
590			));
591	4ee51131	Sjon Hortensius
592	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
593			'certid',
594			null,
595			'hidden',
596			''
597			));
598	4ee51131	Sjon Hortensius
599	7411c285	Stephen Beaver	$ro = "";
600			if ($pconfig['utype'] == "system") {
601	c4b60a9a	Colin Fleming	$ro = "readonly";
602	7411c285	Stephen Beaver	}
603	4ee51131	Sjon Hortensius
604	7411c285	Stephen Beaver	$section = new Form_Section('User Properties');
605	4ee51131	Sjon Hortensius
606	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
607			'Defined by',
608			strtoupper($pconfig['utype'])
609			));
610	4ee51131	Sjon Hortensius
611	7411c285	Stephen Beaver	$form->addGlobal(new Form_Input(
612			'utype',
613			null,
614			'hidden',
615			$pconfig['utype']
616			));
617	4ee51131	Sjon Hortensius
618	7411c285	Stephen Beaver	$section->addInput(new Form_Checkbox(
619			'disabled',
620			'Disabled',
621			'This user cannot login',
622			$pconfig['disabled']
623			));
624	6b07c15a	Matthew Grooms
625	7411c285	Stephen Beaver	$section->addInput($input = new Form_Input(
626			'usernamefld',
627			'Username',
628			'text',
629			$pconfig['usernamefld']
630			));
631	61dec0b0	Renato Botelho
632	d61309a0	Phil Davis	if ($ro) {
633	1fe9cc38	Stephen Beaver	$input->setReadonly();
634	d61309a0	Phil Davis	}
635	7411c285	Stephen Beaver
636			$form->addGlobal(new Form_Input(
637			'oldusername',
638	4ee51131	Sjon Hortensius	null,
639	7411c285	Stephen Beaver	'hidden',
640			$pconfig['usernamefld']
641	4ee51131	Sjon Hortensius	));
642	6b07c15a	Matthew Grooms
643	7411c285	Stephen Beaver	$group = new Form_Group('Password');
644			$group->add(new Form_Input(
645			'passwordfld1',
646			'Password',
647			'password'
648			));
649			$group->add(new Form_Input(
650			'passwordfld2',
651			'Confirm Password',
652			'password'
653			));
654
655			$section->add($group);
656
657			$section->addInput($input = new Form_Input(
658			'descr',
659			'Full name',
660			'text',
661			htmlspecialchars($pconfig['descr'])
662			))->setHelp('User\'s full name, for your own information only');
663
664	d61309a0	Phil Davis	if ($ro) {
665	7411c285	Stephen Beaver	$input->setDisabled();
666	d61309a0	Phil Davis	}
667	7411c285	Stephen Beaver
668			$section->addInput(new Form_Input(
669			'expires',
670			'Expiration date',
671			'date',
672			$pconfig['expires']
673			))->setHelp('Leave blank if the account shouldn\'t expire, otherwise enter '.
674			'the expiration date');
675
676			// ==== Group membership ==================================================
677			$group = new Form_Group('Group membership');
678
679	7d2e572f	Stephen Beaver	// Make a list of all the groups configured on the system, and a list of
680	7411c285	Stephen Beaver	// those which this user is a member of
681			$systemGroups = array();
682			$usersGroups = array();
683
684			$usergid = [$pconfig['usernamefld']];
685
686			foreach ($config['system']['group'] as $Ggroup) {
687	d61309a0	Phil Davis	if ($Ggroup['name'] != "all") {
688			if (($act == 'edit') && $Ggroup['member'] && in_array($pconfig['uid'], $Ggroup['member'])) {
689	b4333696	Stephen Beaver	$usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list
690	d61309a0	Phil Davis	} else {
691	b4333696	Stephen Beaver	$systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list
692	d61309a0	Phil Davis	}
693	b4333696	Stephen Beaver	}
694	7411c285	Stephen Beaver	}
695
696			$group->add(new Form_Select(
697			'sysgroups',
698			null,
699			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
700			$systemGroups,
701			true
702	953385a3	heper	))->setHelp('Not member of');
703	6b07c15a	Matthew Grooms
704	7411c285	Stephen Beaver	$group->add(new Form_Select(
705			'groups',
706			null,
707			array_combine((array)$pconfig['groups'], (array)$pconfig['groups']),
708			$usersGroups,
709			true
710	953385a3	heper	))->setHelp('Member of');
711	7411c285	Stephen Beaver
712			$section->add($group);
713
714			$group = new Form_Group('');
715
716			$group->add(new Form_Button(
717			'movetoenabled',
718			'Move to "Member of" list >'
719			))->removeClass('btn-primary')->addClass('btn-default btn-sm');
720
721			$group->add(new Form_Button(
722			'movetodisabled',
723			'< Move to "Not member of" list'
724			))->removeClass('btn-primary')->addClass('btn-default btn-sm');
725	4ee51131	Sjon Hortensius
726	7411c285	Stephen Beaver	$group->setHelp('Hold down CTRL (pc)/COMMAND (mac) key to select multiple items');
727			$section->add($group);
728	4ee51131	Sjon Hortensius
729	7411c285	Stephen Beaver	// ==== Button for adding user certificate ================================
730	d61309a0	Phil Davis	if ($act == 'new') {
731	4ee51131	Sjon Hortensius	$section->addInput(new Form_Checkbox(
732	7411c285	Stephen Beaver	'showcert',
733			'Certificate',
734			'Click to create a user certificate',
735			false
736	4ee51131	Sjon Hortensius	));
737	6b07c15a	Matthew Grooms	}
738
739	7411c285	Stephen Beaver	$form->add($section);
740	6b07c15a	Matthew Grooms
741	7411c285	Stephen Beaver	// ==== Effective privileges section ======================================
742			if (isset($pconfig['uid'])) {
743			// We are going to build an HTML table and add it to an Input_StaticText. It may be ugly, but it
744			// is the best way to make the display we need.
745	6b07c15a	Matthew Grooms
746	7411c285	Stephen Beaver	$section = new Form_Section('Effective Privileges');
747	4ee51131	Sjon Hortensius
748	7411c285	Stephen Beaver	$section->addInput(new Form_StaticText(
749			null,
750			build_priv_table()
751			));
752	4ee51131	Sjon Hortensius
753	7411c285	Stephen Beaver	$form->add($section);
754	4ee51131	Sjon Hortensius
755	7411c285	Stephen Beaver	// ==== Certificate table section =====================================
756	5f88f964	k-paulius	$section = new Form_Section('User Certificates');
757	7411c285	Stephen Beaver
758			$section->addInput(new Form_StaticText(
759			null,
760			build_cert_table()
761			));
762	64600f94	Sjon Hortensius
763			$form->add($section);
764	c9794c06	Ermal	}
765	7411c285	Stephen Beaver
766	f14ff867	Phil Davis	// ==== Add user certificate for a new user
767			if (is_array($config['ca']) && count($config['ca']) > 0) {
768	5f88f964	k-paulius	$section = new Form_Section('Create Certificate for User');
769	f14ff867	Phil Davis	$section->addClass('cert-options');
770	c9794c06	Ermal
771	f14ff867	Phil Davis	$nonPrvCas = array();
772			foreach($config['ca'] as $ca) {
773			if (!$ca['prv']) {
774			continue;
775			}
776	7411c285	Stephen Beaver
777	f14ff867	Phil Davis	$nonPrvCas[ $ca['refid'] ] = $ca['descr'];
778			}
779	7411c285	Stephen Beaver
780	f14ff867	Phil Davis	if (!empty($nonPrvCas)) {
781			$section->addInput(new Form_Input(
782			'name',
783			'Descriptive name',
784			'text',
785			$pconfig['name']
786			));
787	7411c285	Stephen Beaver
788	f14ff867	Phil Davis	$section->addInput(new Form_Select(
789			'caref',
790			'Certificate authority',
791			null,
792			$nonPrvCas
793			));
794	7411c285	Stephen Beaver
795	f14ff867	Phil Davis	$section->addInput(new Form_Select(
796			'keylen',
797			'Key length',
798			2048,
799			array(
800			512 => '512 bits',
801			1024 => '1024 bits',
802			2048 => '2049 bits',
803			4096 => '4096 bits',
804			)
805			));
806	7411c285	Stephen Beaver
807	f14ff867	Phil Davis	$section->addInput(new Form_Input(
808			'lifetime',
809			'Lifetime',
810			'number',
811			$pconfig['lifetime']
812			));
813	7411c285	Stephen Beaver	}
814
815	f14ff867	Phil Davis	$form->add($section);
816			}
817
818	7411c285	Stephen Beaver	endif;
819			// ==== Paste a key for the new user
820	4ee51131	Sjon Hortensius	$section = new Form_Section('Keys');
821
822	35e0cd70	Stephen Beaver	$section->addInput(new Form_Checkbox(
823			'showkey',
824			'Authorized keys',
825			'Click to paste an authorized key',
826			false
827			));
828
829	4ee51131	Sjon Hortensius	$section->addInput(new Form_Textarea(
830			'authorizedkeys',
831	d1e73829	Stephen Beaver	'Authorized SSH Keys',
832	4ee51131	Sjon Hortensius	$pconfig['authorizedkeys']
833	d1e73829	Stephen Beaver	))->setHelp('Enter authorized SSH keys for this user');
834	4ee51131	Sjon Hortensius
835	35e0cd70	Stephen Beaver	$section->addInput(new Form_Input(
836	4ee51131	Sjon Hortensius	'ipsecpsk',
837			'IPsec Pre-Shared Key',
838			'text',
839			$pconfig['ipsecpsk']
840			));
841
842			$form->add($section);
843	7411c285	Stephen Beaver
844	a0165602	Sjon Hortensius	print $form;
845	7411c285	Stephen Beaver	?>
846	8fd9052f	Colin Fleming	<script type="text/javascript">
847	7411c285	Stephen Beaver	//<![CDATA[
848	d61309a0	Phil Davis	events.push(function() {
849	7411c285	Stephen Beaver
850			// Select every option in the specified multiselect
851			function AllServers(id, selectAll) {
852			for (i = 0; i < id.length; i++) {
853			id.eq(i).prop('selected', selectAll);
854			}
855			}
856
857			// Move all selected options from one multiselect to another
858			function moveOptions(From, To) {
859			var len = From.length;
860			var option;
861
862	d61309a0	Phil Davis	if (len > 0) {
863			for (i=0; i<len; i++) {
864			if (From.eq(i).is(':selected')) {
865	7411c285	Stephen Beaver	option = From.eq(i).val();
866	95b59cdc	bruno	value = From.eq(i).text();
867			To.append(new Option(value, option));
868	7411c285	Stephen Beaver	From.eq(i).remove();
869			}
870			}
871			}
872			}
873
874			// Make buttons plain buttons, not submit
875			$("#movetodisabled").prop('type','button');
876			$("#movetoenabled").prop('type','button');
877
878			// On click . .
879			$("#movetodisabled").click(function() {
880			moveOptions($('[name="groups[]"] option'), $('[name="sysgroups[]"]'));
881			});
882
883			$("#movetoenabled").click(function() {
884			moveOptions($('[name="sysgroups[]"] option'), $('[name="groups[]"]'));
885			});
886
887			$("#showcert").click(function() {
888			hideClass('cert-options', !this.checked);
889			});
890
891			$("#showkey").click(function() {
892	35e0cd70	Stephen Beaver	hideInput('authorizedkeys', false);
893			hideCheckbox('showkey', true);
894	7411c285	Stephen Beaver	});
895
896	98402844	Stephen Beaver	$('[id^=delcert]').click(function(event) {
897	d61309a0	Phil Davis	if (confirm(event.target.title)) {
898	98402844	Stephen Beaver	$('#certid').val(event.target.id.match(/\d+$/)[0]);
899			$('#userid').val('<?=$id;?>');
900			$('#act').val('delcert');
901			$('form').submit();
902			}
903			});
904	945204b1	Stephen Beaver
905	408d0882	heper	$('[id^=delprivid]').click(function(event) {
906	d61309a0	Phil Davis	if (confirm(event.target.title)) {
907	4c879f95	heper	$('#privid').val(event.target.id.match(/\d+$/)[0]);
908	408d0882	heper	$('#userid').val('<?=$id;?>');
909			$('#act').val('delprivid');
910			$('form').submit();
911			}
912			});
913	64c31615	Stephen Beaver
914	98402844	Stephen Beaver
915	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
916
917			hideClass('cert-options', true);
918			//hideInput('authorizedkeys', true);
919	d1e73829	Stephen Beaver	hideCheckbox('showkey', true);
920	7411c285	Stephen Beaver
921			// On submit mark all the user's groups as "selected"
922	d61309a0	Phil Davis	$('form').submit(function() {
923	7411c285	Stephen Beaver	AllServers($('[name="groups[]"] option'), true);
924			});
925			});
926			//]]>
927			</script>
928			<?php
929	bb1b5c6f	heper	include('foot.inc');
930	d825dfea	NOYB	?>

Project

General

Profile

pfSense