/usr/local/www/system_authservers.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_authservers.php @ 8cd0dba6

1	fbf672cb	Matthew Grooms	<?php
2			/*
3			system_authservers.php
4
5			Copyright (C) 2008 Shrew Soft Inc.
6	29aef6c4	Jim Thompson	Copyright (C) 2010 Ermal Luçi
7			Copyright (C) 2013-2014 Electric Sheep Fencing, LP
8	fbf672cb	Matthew Grooms	All rights reserved.
9
10			Redistribution and use in source and binary forms, with or without
11			modification, are permitted provided that the following conditions are met:
12
13			1. Redistributions of source code must retain the above copyright notice,
14			this list of conditions and the following disclaimer.
15
16			2. Redistributions in binary form must reproduce the above copyright
17			notice, this list of conditions and the following disclaimer in the
18			documentation and/or other materials provided with the distribution.
19
20			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
21			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
22			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
24			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29			POSSIBILITY OF SUCH DAMAGE.
30			*/
31	1d333258	Scott Ullrich	/*
32			pfSense_MODULE: auth
33			*/
34	fbf672cb	Matthew Grooms
35			##\|+PRIV
36			##\|*IDENT=page-system-authservers
37			##\|*NAME=System: Authentication Servers
38			##\|*DESCR=Allow access to the 'System: Authentication Servers' page.
39			##\|MATCH=system_authservers.php
40			##\|-PRIV
41
42			require("guiconfig.inc");
43	acee624f	Ermal Lu?i	require_once("auth.inc");
44	fbf672cb	Matthew Grooms
45	257705ca	Renato Botelho	$pgtitle = array(gettext("System"), gettext("Authentication Servers"));
46	d71fc5d3	jim-p	$shortcut_section = "authentication";
47	fbf672cb	Matthew Grooms
48	e41ec584	Renato Botelho	if (is_numericint($_GET['id']))
49			$id = $_GET['id'];
50			if (isset($_POST['id']) && is_numericint($_POST['id']))
51	fbf672cb	Matthew Grooms	$id = $_POST['id'];
52
53			if (!is_array($config['system']['authserver']))
54			$config['system']['authserver'] = array();
55
56	6306b5dd	Ermal Lu?i	$a_servers = auth_get_authserver_list();
57			foreach ($a_servers as $servers)
58			$a_server[] = $servers;
59	fbf672cb	Matthew Grooms
60	fe2031ab	Ermal	if (!is_array($config['ca']))
61			$config['ca'] = array();
62			$a_ca =& $config['ca'];
63
64	fbf672cb	Matthew Grooms	$act = $_GET['act'];
65			if ($_POST['act'])
66			$act = $_POST['act'];
67
68			if ($act == "del") {
69
70			if (!$a_server[$_GET['id']]) {
71			pfSenseHeader("system_authservers.php");
72			exit;
73			}
74
75	9db6993f	jim-p	/* Remove server from main list. */
76	fbf672cb	Matthew Grooms	$serverdeleted = $a_server[$_GET['id']]['name'];
77	9db6993f	jim-p	foreach ($config['system']['authserver'] as $k => $as) {
78			if ($config['system']['authserver'][$k]['name'] == $serverdeleted)
79			unset($config['system']['authserver'][$k]);
80			}
81
82			/* Remove server from temp list used later on this page. */
83	fbf672cb	Matthew Grooms	unset($a_server[$_GET['id']]);
84	9db6993f	jim-p
85	fbf672cb	Matthew Grooms	$savemsg = gettext("Authentication Server")." {$serverdeleted} ".
86	8cd558b6	ayvis	gettext("deleted")."<br />";
87	9db6993f	jim-p	write_config($savemsg);
88	fbf672cb	Matthew Grooms	}
89
90			if ($act == "edit") {
91			if (isset($id) && $a_server[$id]) {
92
93			$pconfig['type'] = $a_server[$id]['type'];
94			$pconfig['name'] = $a_server[$id]['name'];
95
96			if ($pconfig['type'] == "ldap") {
97	fe2031ab	Ermal	$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
98	fbf672cb	Matthew Grooms	$pconfig['ldap_host'] = $a_server[$id]['host'];
99			$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
100			$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
101			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
102			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
103			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
104	c61e4626	Ermal Lu?i	$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
105	c7073ebf	namezero111111	$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
106			$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
107	fbf672cb	Matthew Grooms	$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
108			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
109			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
110			$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
111			$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
112	a5cd1c5a	jim-p	$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
113			$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
114	fbf672cb	Matthew Grooms
115			if (!$pconfig['ldap_binddn'] \|\| !$pconfig['ldap_bindpw'])
116			$pconfig['ldap_anon'] = true;
117			}
118
119			if ($pconfig['type'] == "radius") {
120			$pconfig['radius_host'] = $a_server[$id]['host'];
121			$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
122			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
123	e8a58de4	Ermal Lu?i	$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
124	bddd2be8	jim-p	$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
125	fbf672cb	Matthew Grooms
126			if ($pconfig['radius_auth_port'] &&
127			$pconfig['radius_acct_port'] ) {
128			$pconfig['radius_srvcs'] = "both";
129			}
130
131			if ( $pconfig['radius_auth_port'] &&
132			!$pconfig['radius_acct_port'] ) {
133			$pconfig['radius_srvcs'] = "auth";
134	acee624f	Ermal Lu?i	$pconfig['radius_acct_port'] = 1813;
135	fbf672cb	Matthew Grooms	}
136
137			if (!$pconfig['radius_auth_port'] &&
138			$pconfig['radius_acct_port'] ) {
139			$pconfig['radius_srvcs'] = "acct";
140	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = 1812;
141	fbf672cb	Matthew Grooms	}
142
143			}
144			}
145			}
146
147			if ($act == "new") {
148			$pconfig['ldap_protver'] = 3;
149			$pconfig['ldap_anon'] = true;
150			$pconfig['radius_srvcs'] = "both";
151	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = "1812";
152			$pconfig['radius_acct_port'] = "1813";
153	fbf672cb	Matthew Grooms	}
154
155			if ($_POST) {
156			unset($input_errors);
157			$pconfig = $_POST;
158
159			/* input validation */
160
161			if ($pconfig['type'] == "ldap") {
162			$reqdfields = explode(" ", "name type ldap_host ldap_port ".
163	64ce9d72	jim-p	"ldap_urltype ldap_protver ldap_scope ".
164	c61e4626	Ermal Lu?i	"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
165	257705ca	Renato Botelho	$reqdfieldsn = array(
166			gettext("Descriptive name"),
167			gettext("Type"),
168			gettext("Hostname or IP"),
169			gettext("Port value"),
170			gettext("Transport"),
171			gettext("Protocol version"),
172			gettext("Search level"),
173			gettext("User naming Attribute"),
174			gettext("Group naming Attribute"),
175			gettext("Group member attribute"),
176			gettext("Authentication container"));
177	fbf672cb	Matthew Grooms
178			if (!$pconfig['ldap_anon']) {
179			$reqdfields[] = "ldap_binddn";
180			$reqdfields[] = "ldap_bindpw";
181	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Bind user DN");
182			$reqdfieldsn[] = gettext("Bind Password");
183	fbf672cb	Matthew Grooms	}
184			}
185
186			if ($pconfig['type'] == "radius") {
187			$reqdfields = explode(" ", "name type radius_host radius_srvcs");
188	257705ca	Renato Botelho	$reqdfieldsn = array(
189			gettext("Descriptive name"),
190			gettext("Type"),
191			gettext("Hostname or IP"),
192			gettext("Services"));
193	fbf672cb	Matthew Grooms
194			if ($pconfig['radisu_srvcs'] == "both" \|\|
195			$pconfig['radisu_srvcs'] == "auth") {
196			$reqdfields[] = "radius_auth_port";
197	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Authentication port value");
198	fbf672cb	Matthew Grooms	}
199
200			if ($pconfig['radisu_srvcs'] == "both" \|\|
201			$pconfig['radisu_srvcs'] == "acct") {
202			$reqdfields[] = "radius_acct_port";
203	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Accounting port value");
204	fbf672cb	Matthew Grooms	}
205
206			if (!isset($id)) {
207			$reqdfields[] = "radius_secret";
208	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Shared Secret");
209	fbf672cb	Matthew Grooms	}
210			}
211
212	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
213	fbf672cb	Matthew Grooms
214			if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host']))
215			$input_errors[] = gettext("The host name contains invalid characters.");
216
217	6306b5dd	Ermal Lu?i	if (auth_get_authserver($pconfig['name']) && !isset($id))
218	257705ca	Renato Botelho	$input_errors[] = gettext("An authentication server with the same name already exists.");
219	acee624f	Ermal Lu?i
220	afdf29d3	jim-p	if (($pconfig['type'] == "radius") && isset($_POST['radius_timeout']) && !empty($_POST['radius_timeout']) && (!is_numeric($_POST['radius_timeout']) \|\| (is_numeric($_POST['radius_timeout']) && ($_POST['radius_timeout'] <= 0))))
221	bddd2be8	jim-p	$input_errors[] = gettext("RADIUS Timeout value must be numeric and positive.");
222
223	fbf672cb	Matthew Grooms	/* if this is an AJAX caller then handle via JSON */
224			if (isAjax() && is_array($input_errors)) {
225			input_errors2Ajax($input_errors);
226			exit;
227			}
228
229			if (!$input_errors) {
230			$server = array();
231			$server['refid'] = uniqid();
232			if (isset($id) && $a_server[$id])
233			$server = $a_server[$id];
234
235			$server['type'] = $pconfig['type'];
236			$server['name'] = $pconfig['name'];
237
238			if ($server['type'] == "ldap") {
239
240	fe2031ab	Ermal	if (!empty($pconfig['ldap_caref']))
241			$server['ldap_caref'] = $pconfig['ldap_caref'];
242	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['ldap_host'];
243			$server['ldap_port'] = $pconfig['ldap_port'];
244			$server['ldap_urltype'] = $pconfig['ldap_urltype'];
245			$server['ldap_protver'] = $pconfig['ldap_protver'];
246			$server['ldap_scope'] = $pconfig['ldap_scope'];
247			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
248	c61e4626	Ermal Lu?i	$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
249	c7073ebf	namezero111111	$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
250			$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
251	fbf672cb	Matthew Grooms	$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
252			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
253			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
254	a5cd1c5a	jim-p	if ($pconfig['ldap_utf8'] == "yes")
255			$server['ldap_utf8'] = true;
256			else
257			unset($server['ldap_utf8']);
258			if ($pconfig['ldap_nostrip_at'] == "yes")
259			$server['ldap_nostrip_at'] = true;
260			else
261			unset($server['ldap_nostrip_at']);
262
263	fbf672cb	Matthew Grooms
264			if (!$pconfig['ldap_anon']) {
265			$server['ldap_binddn'] = $pconfig['ldap_binddn'];
266			$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
267			} else {
268			unset($server['ldap_binddn']);
269			unset($server['ldap_bindpw']);
270			}
271			}
272
273			if ($server['type'] == "radius") {
274
275			$server['host'] = $pconfig['radius_host'];
276
277			if ($pconfig['radius_secret'])
278			$server['radius_secret'] = $pconfig['radius_secret'];
279
280	bddd2be8	jim-p	if ($pconfig['radius_timeout'])
281			$server['radius_timeout'] = $pconfig['radius_timeout'];
282	afdf29d3	jim-p	else
283			$server['radius_timeout'] = 5;
284	bddd2be8	jim-p
285	fbf672cb	Matthew Grooms	if ($pconfig['radius_srvcs'] == "both") {
286			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
287			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
288			}
289
290			if ($pconfig['radius_srvcs'] == "auth") {
291			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
292			unset($server['radius_acct_port']);
293			}
294
295			if ($pconfig['radius_srvcs'] == "acct") {
296			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
297			unset($server['radius_auth_port']);
298			}
299			}
300
301	6306b5dd	Ermal Lu?i	if (isset($id) && $config['system']['authserver'][$id])
302			$config['system']['authserver'][$id] = $server;
303	fbf672cb	Matthew Grooms	else
304	6306b5dd	Ermal Lu?i	$config['system']['authserver'][] = $server;
305	fbf672cb	Matthew Grooms
306			write_config();
307
308			pfSenseHeader("system_authservers.php");
309			}
310			}
311
312			include("head.inc");
313			?>
314
315			<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
316			<?php include("fbegin.inc"); ?>
317			<script type="text/javascript">
318	0f3a8925	Colin Fleming	//<![CDATA[
319	fbf672cb	Matthew Grooms
320	6306b5dd	Ermal Lu?i	function server_typechange(typ) {
321	fbf672cb	Matthew Grooms
322	6306b5dd	Ermal Lu?i	var idx = 0;
323			if (!typ) {
324			idx = document.getElementById("type").selectedIndex;
325			typ = document.getElementById("type").options[idx].value;
326	fbf672cb	Matthew Grooms	}
327
328	6306b5dd	Ermal Lu?i	switch (typ) {
329	fbf672cb	Matthew Grooms	case "ldap":
330			document.getElementById("ldap").style.display="";
331			document.getElementById("radius").style.display="none";
332			break;
333			case "radius":
334			document.getElementById("ldap").style.display="none";
335			document.getElementById("radius").style.display="";
336			break;
337			}
338			}
339
340			function ldap_urlchange() {
341	6306b5dd	Ermal Lu?i	switch (document.getElementById("ldap_urltype").selectedIndex) {
342	fbf672cb	Matthew Grooms	<?php
343			$index = 0;
344			foreach ($ldap_urltypes as $urltype => $urlport):
345			?>
346			case <?=$index;?>:
347	6306b5dd	Ermal Lu?i	document.getElementById("ldap_port").value = "<?=$urlport;?>";
348	fbf672cb	Matthew Grooms	break;
349			<?php
350			$index++;
351			endforeach;
352			?>
353			}
354			}
355
356			function ldap_bindchange() {
357
358	6306b5dd	Ermal Lu?i	if (document.getElementById("ldap_anon").checked)
359	fbf672cb	Matthew Grooms	document.getElementById("ldap_bind").style.display="none";
360			else
361			document.getElementById("ldap_bind").style.display="";
362			}
363
364			function ldap_tmplchange(){
365	6306b5dd	Ermal Lu?i	switch (document.getElementById("ldap_tmpltype").selectedIndex) {
366	fbf672cb	Matthew Grooms	<?php
367			$index = 0;
368			foreach ($ldap_templates as $tmpldata):
369			?>
370			case <?=$index;?>:
371	6306b5dd	Ermal Lu?i	document.getElementById("ldap_attr_user").value = "<?=$tmpldata['attr_user'];?>";
372			document.getElementById("ldap_attr_group").value = "<?=$tmpldata['attr_group'];?>";
373			document.getElementById("ldap_attr_member").value = "<?=$tmpldata['attr_member'];?>";
374	fbf672cb	Matthew Grooms	break;
375			<?php
376			$index++;
377			endforeach;
378			?>
379			}
380			}
381
382			function radius_srvcschange(){
383	6306b5dd	Ermal Lu?i	switch (document.getElementById("radius_srvcs").selectedIndex) {
384	fbf672cb	Matthew Grooms	case 0: // both
385			document.getElementById("radius_auth").style.display="";
386			document.getElementById("radius_acct").style.display="";
387			break;
388			case 1: // authentication
389			document.getElementById("radius_auth").style.display="";
390			document.getElementById("radius_acct").style.display="none";
391			break;
392			case 2: // accounting
393			document.getElementById("radius_auth").style.display="none";
394			document.getElementById("radius_acct").style.display="";
395			break;
396			}
397			}
398
399	6306b5dd	Ermal Lu?i	function select_clicked() {
400	7a938f1b	Ermal	if (document.getElementById("ldap_port").value == '' \|\|
401			document.getElementById("ldap_host").value == '' \|\|
402			document.getElementById("ldap_scope").value == '' \|\|
403			document.getElementById("ldap_basedn").value == '' \|\|
404			document.getElementById("ldapauthcontainers").value == '') {
405	257705ca	Renato Botelho	alert("<?=gettext("Please fill the required values.");?>");
406	7a938f1b	Ermal	return;
407			}
408			if (!document.getElementById("ldap_anon").checked) {
409			if (document.getElementById("ldap_binddn").value == '' \|\|
410			document.getElementById("ldap_bindpw").value == '') {
411	257705ca	Renato Botelho	alert("<?=gettext("Please fill the bind username/password.");?>");
412	7a938f1b	Ermal	return;
413			}
414			}
415	6306b5dd	Ermal Lu?i	var url = 'system_usermanager_settings_ldapacpicker.php?';
416			url += 'port=' + document.getElementById("ldap_port").value;
417			url += '&host=' + document.getElementById("ldap_host").value;
418			url += '&scope=' + document.getElementById("ldap_scope").value;
419			url += '&basedn=' + document.getElementById("ldap_basedn").value;
420			url += '&binddn=' + document.getElementById("ldap_binddn").value;
421			url += '&bindpw=' + document.getElementById("ldap_bindpw").value;
422			url += '&urltype=' + document.getElementById("ldap_urltype").value;
423			url += '&proto=' + document.getElementById("ldap_protver").value;
424			url += '&authcn=' + document.getElementById("ldapauthcontainers").value;
425	0aee7a76	Ermal	<?php if (count($a_ca) > 0): ?>
426			url += '&cert=' + document.getElementById("ldap_caref").value;
427			<?php else: ?>
428			url += '&cert=';
429			<?php endif; ?>
430	6306b5dd	Ermal Lu?i
431			var oWin = window.open(url,"pfSensePop","width=620,height=400,top=150,left=150");
432			if (oWin==null \|\| typeof(oWin)=="undefined")
433	257705ca	Renato Botelho	alert("<?=gettext('Popup blocker detected. Action aborted.');?>");
434	6306b5dd	Ermal Lu?i	}
435	0f3a8925	Colin Fleming	//]]>
436	fbf672cb	Matthew Grooms	</script>
437			<?php
438			if ($input_errors)
439			print_input_errors($input_errors);
440			if ($savemsg)
441			print_info_box($savemsg);
442			?>
443	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="auth servers">
444	fbf672cb	Matthew Grooms	<tr>
445	e30001cf	Matthew Grooms	<td>
446	fbf672cb	Matthew Grooms	<?php
447			$tab_array = array();
448			$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
449			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
450			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
451	d799787e	Matthew Grooms	$tab_array[] = array(gettext("Servers"), true, "system_authservers.php");
452	fbf672cb	Matthew Grooms	display_top_tabs($tab_array);
453			?>
454			</td>
455			</tr>
456			<tr>
457	e30001cf	Matthew Grooms	<td id="mainarea">
458			<div class="tabcont">
459
460			<?php if ($act == "new" \|\| $act == "edit" \|\| $input_errors): ?>
461
462			<form action="system_authservers.php" method="post" name="iform" id="iform">
463	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
464	e30001cf	Matthew Grooms	<tr>
465			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
466			<td width="78%" class="vtable">
467	3de94477	Ermal Lu?i	<?php if (!isset($id)): ?>
468	e30001cf	Matthew Grooms	<input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"/>
469	3de94477	Ermal Lu?i	<?php else: ?>
470	dd5bf424	Scott Ullrich	<strong><?=htmlspecialchars($pconfig['name']);?></strong>
471	3de94477	Ermal Lu?i	<input name='name' type='hidden' id='name' value="<?=htmlspecialchars($pconfig['name']);?>"/>
472			<?php endif; ?>
473	e30001cf	Matthew Grooms	</td>
474			</tr>
475			<tr>
476			<td width="22%" valign="top" class="vncellreq"><?=gettext("Type");?></td>
477			<td width="78%" class="vtable">
478			<?php if (!isset($id)): ?>
479			<select name='type' id='type' class="formselect" onchange='server_typechange()'>
480			<?php
481			foreach ($auth_server_types as $typename => $typedesc ):
482			$selected = "";
483			if ($pconfig['type'] == $typename)
484	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
485	e30001cf	Matthew Grooms	?>
486			<option value="<?=$typename;?>" <?=$selected;?>><?=$typedesc;?></option>
487			<?php endforeach; ?>
488			</select>
489			<?php else: ?>
490			<strong><?=$auth_server_types[$pconfig['type']];?></strong>
491			<input name='type' type='hidden' id='type' value="<?=htmlspecialchars($pconfig['type']);?>"/>
492			<?php endif; ?>
493			</td>
494			</tr>
495			</table>
496
497	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="ldap" style="display:none" summary="">
498	e30001cf	Matthew Grooms	<tr>
499			<td colspan="2" class="list" height="12"></td>
500			</tr>
501			<tr>
502	257705ca	Renato Botelho	<td colspan="2" valign="top" class="listtopic"><?=gettext("LDAP Server Settings");?></td>
503	e30001cf	Matthew Grooms	</tr>
504			<tr>
505			<td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP address");?></td>
506			<td width="78%" class="vtable">
507			<input name="ldap_host" type="text" class="formfld unknown" id="ldap_host" size="20" value="<?=htmlspecialchars($pconfig['ldap_host']);?>"/>
508	9d793187	jim-p	<br /><?= gettext("NOTE: When using SSL, this hostname MUST match the Common Name (CN) of the LDAP server's SSL Certificate."); ?>
509	e30001cf	Matthew Grooms	</td>
510			</tr>
511			<tr>
512			<td width="22%" valign="top" class="vncellreq"><?=gettext("Port value");?></td>
513			<td width="78%" class="vtable">
514			<input name="ldap_port" type="text" class="formfld unknown" id="ldap_port" size="5" value="<?=htmlspecialchars($pconfig['ldap_port']);?>"/>
515			</td>
516			</tr>
517			<tr>
518			<td width="22%" valign="top" class="vncellreq"><?=gettext("Transport");?></td>
519			<td width="78%" class="vtable">
520			<select name='ldap_urltype' id='ldap_urltype' class="formselect" onchange='ldap_urlchange()'>
521			<?php
522			foreach ($ldap_urltypes as $urltype => $urlport):
523			$selected = "";
524			if ($pconfig['ldap_urltype'] == $urltype)
525	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
526	e30001cf	Matthew Grooms	?>
527			<option value="<?=$urltype;?>" <?=$selected;?>><?=$urltype;?></option>
528			<?php endforeach; ?>
529			</select>
530			</td>
531			</tr>
532	fe2031ab	Ermal	<tr id="tls_ca">
533			<td width="22%" valign="top" class="vncell"><?=gettext("Peer Certificate Authority"); ?></td>
534			<td width="78%" class="vtable">
535			<?php if (count($a_ca)): ?>
536	a8db7391	Ermal	<select id='ldap_caref' name='ldap_caref' class="formselect">
537	fe2031ab	Ermal	<?php
538			foreach ($a_ca as $ca):
539			$selected = "";
540			if ($pconfig['ldap_caref'] == $ca['refid'])
541	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
542	fe2031ab	Ermal	?>
543			<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
544			<?php endforeach; ?>
545			</select>
546	8cd558b6	ayvis	<br /><span><?=gettext("This option is used if 'SSL Encrypted' option is choosen.");?> <br />
547	fe2031ab	Ermal	<?=gettext("It must match with the CA in the AD otherwise problems will arise.");?></span>
548			<?php else: ?>
549	8cd558b6	ayvis	<b>No Certificate Authorities defined.</b> <br />Create one under <a href="system_camanager.php">System > Cert Manager</a>.
550	fe2031ab	Ermal	<?php endif; ?>
551			</td>
552			</tr>
553	e30001cf	Matthew Grooms	<tr>
554			<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol version");?></td>
555			<td width="78%" class="vtable">
556			<select name='ldap_protver' id='ldap_protver' class="formselect">
557			<?php
558			foreach ($ldap_protvers as $version):
559			$selected = "";
560			if ($pconfig['ldap_protver'] == $version)
561	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
562	e30001cf	Matthew Grooms	?>
563			<option value="<?=$version;?>" <?=$selected;?>><?=$version;?></option>
564			<?php endforeach; ?>
565			</select>
566			</td>
567			</tr>
568			<tr>
569	64ce9d72	jim-p	<td width="22%" valign="top" class="vncell"><?=gettext("Search scope");?></td>
570	e30001cf	Matthew Grooms	<td width="78%" class="vtable">
571	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="search scope">
572	e30001cf	Matthew Grooms	<tr>
573	ea53e38f	Renato Botelho	<td><?=gettext("Level:");?>  </td>
574	e30001cf	Matthew Grooms	<td>
575			<select name='ldap_scope' id='ldap_scope' class="formselect">
576			<?php
577			foreach ($ldap_scopes as $scopename => $scopedesc):
578			$selected = "";
579			if ($pconfig['ldap_scope'] == $scopename)
580	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
581	e30001cf	Matthew Grooms	?>
582			<option value="<?=$scopename;?>" <?=$selected;?>><?=$scopedesc;?></option>
583			<?php endforeach; ?>
584			</select>
585			</td>
586			</tr>
587			<tr>
588	ea53e38f	Renato Botelho	<td><?=gettext("Base DN:");?>  </td>
589	e30001cf	Matthew Grooms	<td>
590			<input name="ldap_basedn" type="text" class="formfld unknown" id="ldap_basedn" size="40" value="<?=htmlspecialchars($pconfig['ldap_basedn']);?>"/>
591			</td>
592			</tr>
593			</table>
594
595			</td>
596			</tr>
597	c61e4626	Ermal Lu?i	<tr>
598	6d78607d	Renato Botelho	<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication containers");?></td>
599			<td width="78%" class="vtable">
600	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="auth containers">
601	6d78607d	Renato Botelho	<tr>
602	ea53e38f	Renato Botelho	<td><?=gettext("Containers:");?>  </td>
603	6d78607d	Renato Botelho	<td>
604	0f3a8925	Colin Fleming	<input name="ldapauthcontainers" type="text" class="formfld unknown" id="ldapauthcontainers" size="40" value="<?=htmlspecialchars($pconfig['ldap_authcn']);?>"/>
605			<input type="button" onclick="select_clicked();" value="<?=gettext("Select");?>" />
606	04cdae54	Malte S. Stretz	<br /><?=gettext("Note: Semi-Colon separated. This will be prepended to the search base dn above or you can specify full container path containing a dc= component.");?>
607	d345f596	Malte S. Stretz	<br /><?=gettext("Example:");?> CN=Users;DC=example,DC=com
608			<br /><?=gettext("Example:");?> OU=Staff;OU=Freelancers
609	6d78607d	Renato Botelho	</td>
610			</tr>
611			</table>
612			</td>
613			</tr>
614	c7073ebf	namezero111111	<tr>
615			<td width="22%" valign="top" class="vncell"><?=gettext("Extended Query");?></td>
616			<td width="78%" class="vtable">
617	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="query">
618	c7073ebf	namezero111111	<tr>
619			<td>
620	0f3a8925	Colin Fleming	<input name="ldap_extended_enabled" type="checkbox" id="ldap_extended_enabled" value="no" <?php if ($pconfig['ldap_extended_enabled']) echo "checked=\"checked\""; ?> />
621	c7073ebf	namezero111111	</td>
622			<td>
623
624			<input name="ldap_extended_query" type="text" class="formfld unknown" id="ldap_extended_query" size="40" value="<?=htmlspecialchars($pconfig['ldap_extended_query']);?>"/>
625	d345f596	Malte S. Stretz	<br /><?=gettext("Example:");?> &(objectClass=inetOrgPerson)(mail=*@example.com)
626	c7073ebf	namezero111111	</td>
627			</tr>
628			</table>
629			</td>
630			</tr>
631	e30001cf	Matthew Grooms	<tr>
632			<td width="22%" valign="top" class="vncell"><?=gettext("Bind credentials");?></td>
633			<td width="78%" class="vtable">
634	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="bind credentials">
635	e30001cf	Matthew Grooms	<tr>
636			<td>
637	0f3a8925	Colin Fleming	<input name="ldap_anon" type="checkbox" id="ldap_anon" value="yes" <?php if ($pconfig['ldap_anon']) echo "checked=\"checked\""; ?> onclick="ldap_bindchange()" />
638	e30001cf	Matthew Grooms	</td>
639			<td>
640	257705ca	Renato Botelho	<?=gettext("Use anonymous binds to resolve distinguished names");?>
641	e30001cf	Matthew Grooms	</td>
642			</tr>
643			</table>
644	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" id="ldap_bind" summary="bind">
645	e30001cf	Matthew Grooms	<tr>
646			<td colspan="2"></td>
647			</tr>
648			<tr>
649	ea53e38f	Renato Botelho	<td><?=gettext("User DN:");?>  </td>
650	e30001cf	Matthew Grooms	<td>
651	8cd558b6	ayvis	<input name="ldap_binddn" type="text" class="formfld unknown" id="ldap_binddn" size="40" value="<?=htmlspecialchars($pconfig['ldap_binddn']);?>"/><br />
652	e30001cf	Matthew Grooms	</td>
653			</tr>
654			<tr>
655	ea53e38f	Renato Botelho	<td><?=gettext("Password:");?>  </td>
656	e30001cf	Matthew Grooms	<td>
657	8cd558b6	ayvis	<input name="ldap_bindpw" type="password" class="formfld pwd" id="ldap_bindpw" size="20" value="<?=htmlspecialchars($pconfig['ldap_bindpw']);?>"/><br />
658	e30001cf	Matthew Grooms	</td>
659			</tr>
660			</table>
661			</td>
662			</tr>
663			<?php if (!isset($id)): ?>
664			<tr>
665			<td width="22%" valign="top" class="vncell"><?=gettext("Initial Template");?></td>
666			<td width="78%" class="vtable">
667			<select name='ldap_tmpltype' id='ldap_tmpltype' class="formselect" onchange='ldap_tmplchange()'>
668			<?php
669			foreach ($ldap_templates as $tmplname => $tmpldata):
670			$selected = "";
671			if ($pconfig['ldap_template'] == $tmplname)
672	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
673	e30001cf	Matthew Grooms	?>
674			<option value="<?=$tmplname;?>" <?=$selected;?>><?=$tmpldata['desc'];?></option>
675			<?php endforeach; ?>
676			</select>
677			</td>
678			</tr>
679			<?php endif; ?>
680			<tr>
681			<td width="22%" valign="top" class="vncell"><?=gettext("User naming attribute");?></td>
682			<td width="78%" class="vtable">
683			<input name="ldap_attr_user" type="text" class="formfld unknown" id="ldap_attr_user" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_user']);?>"/>
684			</td>
685			</tr>
686			<tr>
687			<td width="22%" valign="top" class="vncell"><?=gettext("Group naming attribute");?></td>
688			<td width="78%" class="vtable">
689			<input name="ldap_attr_group" type="text" class="formfld unknown" id="ldap_attr_group" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_group']);?>"/>
690			</td>
691			</tr>
692			<tr>
693			<td width="22%" valign="top" class="vncell"><?=gettext("Group member attribute");?></td>
694			<td width="78%" class="vtable">
695			<input name="ldap_attr_member" type="text" class="formfld unknown" id="ldap_attr_member" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_member']);?>"/>
696			</td>
697			</tr>
698	a5cd1c5a	jim-p	<tr>
699			<td width="22%" valign="top" class="vncell"><?=gettext("UTF8 Encode");?></td>
700			<td width="78%" class="vtable">
701			<table border="0" cellspacing="0" cellpadding="2" summary="utf8 encoding">
702			<tr>
703			<td>
704			<input name="ldap_utf8" type="checkbox" id="ldap_utf8" value="yes" <?php if ($pconfig['ldap_utf8']) echo "checked=\"checked\""; ?> />
705			</td>
706			<td>
707			<?=gettext("UTF8 encode LDAP parameters before sending them to the server. Required to support international characters, but may not be supported by every LDAP server.");?>
708			</td>
709			</tr>
710			</table>
711			</td>
712			</tr>
713			<tr>
714			<td width="22%" valign="top" class="vncell"><?=gettext("Username Alterations");?></td>
715			<td width="78%" class="vtable">
716			<table border="0" cellspacing="0" cellpadding="2" summary="username alterations">
717			<tr>
718			<td>
719			<input name="ldap_nostrip_at" type="checkbox" id="ldap_nostrip_at" value="yes" <?php if ($pconfig['ldap_nostrip_at']) echo "checked=\"checked\""; ?> />
720			</td>
721			<td>
722			<?=gettext("Do not strip away parts of the username after the @ symbol, e.g. user@host becomes user when unchecked.");?>
723			</td>
724			</tr>
725			</table>
726			</td>
727			</tr>
728	e30001cf	Matthew Grooms	</table>
729
730	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="radius" style="display:none" summary="">
731	e30001cf	Matthew Grooms	<tr>
732			<td colspan="2" class="list" height="12"></td>
733			</tr>
734			<tr>
735	257705ca	Renato Botelho	<td colspan="2" valign="top" class="listtopic"><?=gettext("Radius Server Settings");?></td>
736	e30001cf	Matthew Grooms	</tr>
737			<tr>
738			<td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP address");?></td>
739			<td width="78%" class="vtable">
740			<input name="radius_host" type="text" class="formfld unknown" id="radius_host" size="20" value="<?=htmlspecialchars($pconfig['radius_host']);?>"/>
741			</td>
742			</tr>
743			<tr>
744			<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Secret");?></td>
745			<td width="78%" class="vtable">
746			<input name="radius_secret" type="password" class="formfld pwd" id="radius_secret" size="20" value="<?=htmlspecialchars($pconfig['radius_secret']);?>"/>
747			</td>
748			</tr>
749			<tr>
750			<td width="22%" valign="top" class="vncellreq"><?=gettext("Services offered");?></td>
751			<td width="78%" class="vtable">
752			<select name='radius_srvcs' id='radius_srvcs' class="formselect" onchange='radius_srvcschange()'>
753			<?php
754			foreach ($radius_srvcs as $srvcname => $srvcdesc):
755			$selected = "";
756			if ($pconfig['radius_srvcs'] == $srvcname)
757	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
758	e30001cf	Matthew Grooms	?>
759			<option value="<?=$srvcname;?>" <?=$selected;?>><?=$srvcdesc;?></option>
760			<?php endforeach; ?>
761			</select>
762			</td>
763			</tr>
764			<tr id="radius_auth">
765			<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication port value");?></td>
766			<td width="78%" class="vtable">
767			<input name="radius_auth_port" type="text" class="formfld unknown" id="radius_auth_port" size="5" value="<?=htmlspecialchars($pconfig['radius_auth_port']);?>"/>
768			</td>
769			</tr>
770			<tr id="radius_acct">
771			<td width="22%" valign="top" class="vncellreq"><?=gettext("Accounting port value");?></td>
772			<td width="78%" class="vtable">
773			<input name="radius_acct_port" type="text" class="formfld unknown" id="radius_acct_port" size="5" value="<?=htmlspecialchars($pconfig['radius_acct_port']);?>"/>
774			</td>
775			</tr>
776	bddd2be8	jim-p	<tr>
777			<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication Timeout");?></td>
778			<td width="78%" class="vtable">
779			<input name="radius_timeout" type="text" class="formfld unknown" id="radius_timeout" size="20" value="<?=htmlspecialchars($pconfig['radius_timeout']);?>"/>
780			<br /><?= gettext("This value controls how long, in seconds, that the RADIUS server may take to respond to an authentication request.") ?>
781			<br /><?= gettext("If left blank, the default value is 5 seconds.") ?>
782			<br /><br /><?= gettext("NOTE: If you are using an interactive two-factor authentication system, increase this timeout to account for how long it will take the user to receive and enter a token.") ?>
783			</td>
784			</tr>
785	e30001cf	Matthew Grooms	</table>
786
787	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="">
788	e30001cf	Matthew Grooms	<tr>
789			<td width="22%" valign="top"> </td>
790			<td width="78%">
791	257705ca	Renato Botelho	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
792	e30001cf	Matthew Grooms	<?php if (isset($id) && $a_server[$id]): ?>
793	e41ec584	Renato Botelho	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
794	e30001cf	Matthew Grooms	<?php endif;?>
795			</td>
796			</tr>
797			</table>
798			</form>
799
800			<?php else: ?>
801
802	0f3a8925	Colin Fleming	<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="">
803	5b42a459	bcyrill	<thead>
804			<tr>
805			<th width="25%" class="listhdrr"><?=gettext("Server Name");?></th>
806			<th width="25%" class="listhdrr"><?=gettext("Type");?></th>
807			<th width="35%" class="listhdrr"><?=gettext("Host Name");?></th>
808			<th width="10%" class="list"></th>
809			</tr>
810			</thead>
811	0f3a8925	Colin Fleming	<tfoot>
812			<tr>
813			<td class="list" colspan="3"></td>
814			<td class="list">
815			<a href="system_authservers.php?act=new">
816			<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add server");?>" alt="<?=gettext("add server");?>" width="17" height="17" border="0" />
817			</a>
818			</td>
819			</tr>
820			<tr>
821			<td colspan="3">
822			<p>
823			<?=gettext("Additional authentication servers can be added here.");?>
824			</p>
825			</td>
826			</tr>
827			</tfoot>
828	5b42a459	bcyrill	<tbody>
829			<?php
830			$i = 0;
831			foreach($a_server as $server):
832			$name = htmlspecialchars($server['name']);
833			$type = htmlspecialchars($auth_server_types[$server['type']]);
834			$host = htmlspecialchars($server['host']);
835			?>
836	0f3a8925	Colin Fleming	<tr <?php if ($i < (count($a_server) - 1)): ?> ondblclick="document.location='system_authservers.php?act=edit&id=<?=$i;?>'" <?php endif; ?>>
837	5b42a459	bcyrill	<td class="listlr"><?=$name?> </td>
838			<td class="listr"><?=$type;?> </td>
839			<td class="listr"><?=$host;?> </td>
840	0f3a8925	Colin Fleming	<td valign="middle" class="list nowrap">
841	5b42a459	bcyrill	<?php if ($i < (count($a_server) - 1)): ?>
842	0f3a8925	Colin Fleming	<a href="system_authservers.php?act=edit&id=<?=$i;?>">
843	5b42a459	bcyrill	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit server");?>" alt="<?=gettext("edit server");?>" width="17" height="17" border="0" />
844			</a>
845
846	0f3a8925	Colin Fleming	<a href="system_authservers.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Server?");?>')">
847	5b42a459	bcyrill	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete server");?>" alt="<?=gettext("delete server");?>" width="17" height="17" border="0" />
848			</a>
849			<?php endif; ?>
850			</td>
851			</tr>
852			<?php
853			$i++; endforeach;
854			?>
855			</tbody>
856	fbf672cb	Matthew Grooms	</table>
857
858	e30001cf	Matthew Grooms	<?php endif; ?>
859	fbf672cb	Matthew Grooms
860	e30001cf	Matthew Grooms	</div>
861	fbf672cb	Matthew Grooms	</td>
862			</tr>
863			</table>
864	be934aad	Ermal Lu?i	<?php include("fend.inc"); ?>
865	fbf672cb	Matthew Grooms	<script type="text/javascript">
866	0f3a8925	Colin Fleming	//<![CDATA[
867	dd5bf424	Scott Ullrich	server_typechange('<?=htmlspecialchars($pconfig['type']);?>');
868	fbf672cb	Matthew Grooms	<?php if (!isset($id) \|\| $pconfig['type'] == "ldap"): ?>
869			ldap_bindchange();
870	8f096822	jim-p	if (document.getElementById("ldap_port").value == "")
871			ldap_urlchange();
872	6306b5dd	Ermal Lu?i	<?php if (!isset($id)): ?>
873	fbf672cb	Matthew Grooms	ldap_tmplchange();
874	ee9933b6	Renato Botelho	<?php endif; ?>
875			<?php endif; ?>
876	fbf672cb	Matthew Grooms	<?php if (!isset($id) \|\| $pconfig['type'] == "radius"): ?>
877			radius_srvcschange();
878	ee9933b6	Renato Botelho	<?php endif; ?>
879	0f3a8925	Colin Fleming	//]]>
880	fbf672cb	Matthew Grooms	</script>
881			</body>
882	0f3a8925	Colin Fleming	</html>

Project

General

Profile

pfSense