/src/usr/local/www/system_authservers.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_authservers.php @ a68539ca

1	fbf672cb	Matthew Grooms	<?php
2			/*
3	ce77a9c4	Phil Davis	system_authservers.php
4	fbf672cb	Matthew Grooms	*/
5	ac9d8bed	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7	df8fca9d	Stephen Beaver	* Copyright (c) 2008 Shrew Soft Inc.
8	ac9d8bed	Stephen Beaver	*
9			* Redistribution and use in source and binary forms, with or without modification,
10			* are permitted provided that the following conditions are met:
11			*
12			* 1. Redistributions of source code must retain the above copyright notice,
13			* this list of conditions and the following disclaimer.
14			*
15			* 2. Redistributions in binary form must reproduce the above copyright
16			* notice, this list of conditions and the following disclaimer in
17			* the documentation and/or other materials provided with the
18			* distribution.
19			*
20			* 3. All advertising materials mentioning features or use of this software
21			* must display the following acknowledgment:
22			* "This product includes software developed by the pfSense Project
23			* for use in the pfSense software distribution. (http://www.pfsense.org/).
24			*
25			* 4. The names "pfSense" and "pfSense Project" must not be used to
26			* endorse or promote products derived from this software without
27			* prior written permission. For written permission, please contact
28			* coreteam@pfsense.org.
29			*
30			* 5. Products derived from this software may not be called "pfSense"
31			* nor may "pfSense" appear in their names without prior written
32			* permission of the Electric Sheep Fencing, LLC.
33			*
34			* 6. Redistributions of any form whatsoever must retain the following
35			* acknowledgment:
36			*
37			* "This product includes software developed by the pfSense Project
38			* for use in the pfSense software distribution (http://www.pfsense.org/).
39			*
40			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
41			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
44			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51			* OF THE POSSIBILITY OF SUCH DAMAGE.
52			*
53			* ====================================================================
54			*
55			*/
56	1d333258	Scott Ullrich	/*
57	ac9d8bed	Stephen Beaver	pfSense_MODULE: auth
58	1d333258	Scott Ullrich	*/
59	fbf672cb	Matthew Grooms
60			##\|+PRIV
61			##\|*IDENT=page-system-authservers
62			##\|*NAME=System: Authentication Servers
63			##\|*DESCR=Allow access to the 'System: Authentication Servers' page.
64			##\|MATCH=system_authservers.php
65			##\|-PRIV
66
67			require("guiconfig.inc");
68	acee624f	Ermal Lu?i	require_once("auth.inc");
69	fbf672cb	Matthew Grooms
70	257705ca	Renato Botelho	$pgtitle = array(gettext("System"), gettext("Authentication Servers"));
71	d71fc5d3	jim-p	$shortcut_section = "authentication";
72	fbf672cb	Matthew Grooms
73	2ee8dea1	Phil Davis	if (is_numericint($_GET['id'])) {
74	e41ec584	Renato Botelho	$id = $_GET['id'];
75	2ee8dea1	Phil Davis	}
76			if (isset($_POST['id']) && is_numericint($_POST['id'])) {
77	fbf672cb	Matthew Grooms	$id = $_POST['id'];
78	2ee8dea1	Phil Davis	}
79	fbf672cb	Matthew Grooms
80	2ee8dea1	Phil Davis	if (!is_array($config['system']['authserver'])) {
81	fbf672cb	Matthew Grooms	$config['system']['authserver'] = array();
82	2ee8dea1	Phil Davis	}
83	fbf672cb	Matthew Grooms
84	6306b5dd	Ermal Lu?i	$a_servers = auth_get_authserver_list();
85	2ee8dea1	Phil Davis	foreach ($a_servers as $servers) {
86	6306b5dd	Ermal Lu?i	$a_server[] = $servers;
87	2ee8dea1	Phil Davis	}
88	fbf672cb	Matthew Grooms
89	2ee8dea1	Phil Davis	if (!is_array($config['ca'])) {
90	a0165602	Sjon Hortensius	$config['ca'] = array();
91	2ee8dea1	Phil Davis	}
92	fe2031ab	Ermal	$a_ca =& $config['ca'];
93
94	fbf672cb	Matthew Grooms	$act = $_GET['act'];
95	2ee8dea1	Phil Davis	if ($_POST['act']) {
96	fbf672cb	Matthew Grooms	$act = $_POST['act'];
97	2ee8dea1	Phil Davis	}
98	fbf672cb	Matthew Grooms
99			if ($act == "del") {
100
101			if (!$a_server[$_GET['id']]) {
102			pfSenseHeader("system_authservers.php");
103			exit;
104			}
105
106	9db6993f	jim-p	/* Remove server from main list. */
107	fbf672cb	Matthew Grooms	$serverdeleted = $a_server[$_GET['id']]['name'];
108	9db6993f	jim-p	foreach ($config['system']['authserver'] as $k => $as) {
109	2ee8dea1	Phil Davis	if ($config['system']['authserver'][$k]['name'] == $serverdeleted) {
110	9db6993f	jim-p	unset($config['system']['authserver'][$k]);
111	2ee8dea1	Phil Davis	}
112	9db6993f	jim-p	}
113
114			/* Remove server from temp list used later on this page. */
115	fbf672cb	Matthew Grooms	unset($a_server[$_GET['id']]);
116	9db6993f	jim-p
117	2ee8dea1	Phil Davis	$savemsg = gettext("Authentication Server") . " " . htmlspecialchars($serverdeleted) . " " . gettext("deleted") . "<br />";
118	9db6993f	jim-p	write_config($savemsg);
119	fbf672cb	Matthew Grooms	}
120
121			if ($act == "edit") {
122			if (isset($id) && $a_server[$id]) {
123
124			$pconfig['type'] = $a_server[$id]['type'];
125			$pconfig['name'] = $a_server[$id]['name'];
126
127			if ($pconfig['type'] == "ldap") {
128	fe2031ab	Ermal	$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
129	fbf672cb	Matthew Grooms	$pconfig['ldap_host'] = $a_server[$id]['host'];
130			$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
131	d6b4dfe3	jim-p	$pconfig['ldap_timeout'] = $a_server[$id]['ldap_timeout'];
132	fbf672cb	Matthew Grooms	$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
133			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
134			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
135			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
136	c61e4626	Ermal Lu?i	$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
137	c7073ebf	namezero111111	$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
138			$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
139	fbf672cb	Matthew Grooms	$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
140			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
141			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
142			$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
143			$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
144	149efbea	jim-p	$pconfig['ldap_attr_groupobj'] = $a_server[$id]['ldap_attr_groupobj'];
145	a5cd1c5a	jim-p	$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
146			$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
147	149efbea	jim-p	$pconfig['ldap_rfc2307'] = isset($a_server[$id]['ldap_rfc2307']);
148	fbf672cb	Matthew Grooms
149	2ee8dea1	Phil Davis	if (!$pconfig['ldap_binddn'] \|\| !$pconfig['ldap_bindpw']) {
150	fbf672cb	Matthew Grooms	$pconfig['ldap_anon'] = true;
151	2ee8dea1	Phil Davis	}
152	fbf672cb	Matthew Grooms	}
153
154			if ($pconfig['type'] == "radius") {
155			$pconfig['radius_host'] = $a_server[$id]['host'];
156			$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
157			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
158	e8a58de4	Ermal Lu?i	$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
159	bddd2be8	jim-p	$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
160	fbf672cb	Matthew Grooms
161			if ($pconfig['radius_auth_port'] &&
162	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
163	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "both";
164			}
165
166	2ee8dea1	Phil Davis	if ($pconfig['radius_auth_port'] &&
167	ac9d8bed	Stephen Beaver	!$pconfig['radius_acct_port']) {
168	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "auth";
169	acee624f	Ermal Lu?i	$pconfig['radius_acct_port'] = 1813;
170	fbf672cb	Matthew Grooms	}
171
172			if (!$pconfig['radius_auth_port'] &&
173	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
174	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "acct";
175	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = 1812;
176	fbf672cb	Matthew Grooms	}
177
178			}
179			}
180			}
181
182			if ($act == "new") {
183			$pconfig['ldap_protver'] = 3;
184			$pconfig['ldap_anon'] = true;
185			$pconfig['radius_srvcs'] = "both";
186	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = "1812";
187			$pconfig['radius_acct_port'] = "1813";
188	fbf672cb	Matthew Grooms	}
189
190			if ($_POST) {
191			unset($input_errors);
192			$pconfig = $_POST;
193
194			/* input validation */
195
196			if ($pconfig['type'] == "ldap") {
197	2ee8dea1	Phil Davis	$reqdfields = explode(" ",
198			"name type ldap_host ldap_port " .
199			"ldap_urltype ldap_protver ldap_scope " .
200			"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
201	7b4b0ad3	Stephen Beaver
202	257705ca	Renato Botelho	$reqdfieldsn = array(
203			gettext("Descriptive name"),
204			gettext("Type"),
205			gettext("Hostname or IP"),
206			gettext("Port value"),
207			gettext("Transport"),
208			gettext("Protocol version"),
209			gettext("Search level"),
210			gettext("User naming Attribute"),
211			gettext("Group naming Attribute"),
212			gettext("Group member attribute"),
213			gettext("Authentication container"));
214	fbf672cb	Matthew Grooms
215			if (!$pconfig['ldap_anon']) {
216			$reqdfields[] = "ldap_binddn";
217			$reqdfields[] = "ldap_bindpw";
218	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Bind user DN");
219			$reqdfieldsn[] = gettext("Bind Password");
220	fbf672cb	Matthew Grooms	}
221			}
222
223			if ($pconfig['type'] == "radius") {
224			$reqdfields = explode(" ", "name type radius_host radius_srvcs");
225	257705ca	Renato Botelho	$reqdfieldsn = array(
226			gettext("Descriptive name"),
227			gettext("Type"),
228			gettext("Hostname or IP"),
229			gettext("Services"));
230	fbf672cb	Matthew Grooms
231			if ($pconfig['radisu_srvcs'] == "both" \|\|
232	ac9d8bed	Stephen Beaver	$pconfig['radisu_srvcs'] == "auth") {
233	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_auth_port";
234	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Authentication port");
235	fbf672cb	Matthew Grooms	}
236
237			if ($pconfig['radisu_srvcs'] == "both" \|\|
238	ac9d8bed	Stephen Beaver	$pconfig['radisu_srvcs'] == "acct") {
239	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_acct_port";
240	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Accounting port");
241	fbf672cb	Matthew Grooms	}
242
243			if (!isset($id)) {
244			$reqdfields[] = "radius_secret";
245	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Shared Secret");
246	fbf672cb	Matthew Grooms	}
247			}
248
249	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
250	fbf672cb	Matthew Grooms
251	2ee8dea1	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host'])) {
252	fbf672cb	Matthew Grooms	$input_errors[] = gettext("The host name contains invalid characters.");
253	2ee8dea1	Phil Davis	}
254	fbf672cb	Matthew Grooms
255	2ee8dea1	Phil Davis	if (auth_get_authserver($pconfig['name']) && !isset($id)) {
256	257705ca	Renato Botelho	$input_errors[] = gettext("An authentication server with the same name already exists.");
257	2ee8dea1	Phil Davis	}
258	acee624f	Ermal Lu?i
259	d6b4dfe3	jim-p	if (($pconfig['type'] == "ldap") \|\| ($pconfig['type'] == "radius")) {
260			$to_field = "{$pconfig['type']}_timeout";
261			if (isset($_POST[$to_field]) && !empty($_POST[$to_field]) && (!is_numeric($_POST[$to_field]) \|\| (is_numeric($_POST[$to_field]) && ($_POST[$to_field] <= 0)))) {
262			$input_errors[] = sprintf(gettext("%s Timeout value must be numeric and positive."), strtoupper($pconfig['type']));
263			}
264	2ee8dea1	Phil Davis	}
265	bddd2be8	jim-p
266	fbf672cb	Matthew Grooms	/* if this is an AJAX caller then handle via JSON */
267			if (isAjax() && is_array($input_errors)) {
268			input_errors2Ajax($input_errors);
269			exit;
270			}
271
272			if (!$input_errors) {
273			$server = array();
274			$server['refid'] = uniqid();
275	2ee8dea1	Phil Davis	if (isset($id) && $a_server[$id]) {
276	fbf672cb	Matthew Grooms	$server = $a_server[$id];
277	2ee8dea1	Phil Davis	}
278	fbf672cb	Matthew Grooms
279			$server['type'] = $pconfig['type'];
280			$server['name'] = $pconfig['name'];
281
282			if ($server['type'] == "ldap") {
283
284	2ee8dea1	Phil Davis	if (!empty($pconfig['ldap_caref'])) {
285	fe2031ab	Ermal	$server['ldap_caref'] = $pconfig['ldap_caref'];
286	2ee8dea1	Phil Davis	}
287	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['ldap_host'];
288			$server['ldap_port'] = $pconfig['ldap_port'];
289			$server['ldap_urltype'] = $pconfig['ldap_urltype'];
290			$server['ldap_protver'] = $pconfig['ldap_protver'];
291			$server['ldap_scope'] = $pconfig['ldap_scope'];
292			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
293	c61e4626	Ermal Lu?i	$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
294	c7073ebf	namezero111111	$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
295			$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
296	fbf672cb	Matthew Grooms	$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
297			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
298			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
299	149efbea	jim-p
300			$server['ldap_attr_groupobj'] = empty($pconfig['ldap_attr_groupobj']) ? "posixGroup" : $pconfig['ldap_attr_groupobj'];
301
302	2ee8dea1	Phil Davis	if ($pconfig['ldap_utf8'] == "yes") {
303	a5cd1c5a	jim-p	$server['ldap_utf8'] = true;
304	2ee8dea1	Phil Davis	} else {
305	a5cd1c5a	jim-p	unset($server['ldap_utf8']);
306	2ee8dea1	Phil Davis	}
307			if ($pconfig['ldap_nostrip_at'] == "yes") {
308	a5cd1c5a	jim-p	$server['ldap_nostrip_at'] = true;
309	2ee8dea1	Phil Davis	} else {
310	a5cd1c5a	jim-p	unset($server['ldap_nostrip_at']);
311	2ee8dea1	Phil Davis	}
312	149efbea	jim-p	if ($pconfig['ldap_rfc2307'] == "yes") {
313			$server['ldap_rfc2307'] = true;
314			} else {
315			unset($server['ldap_rfc2307']);
316			}
317	a5cd1c5a	jim-p
318	fbf672cb	Matthew Grooms
319			if (!$pconfig['ldap_anon']) {
320			$server['ldap_binddn'] = $pconfig['ldap_binddn'];
321			$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
322			} else {
323			unset($server['ldap_binddn']);
324			unset($server['ldap_bindpw']);
325			}
326	d6b4dfe3	jim-p
327			if ($pconfig['ldap_timeout']) {
328			$server['ldap_timeout'] = $pconfig['ldap_timeout'];
329			} else {
330			$server['ldap_timeout'] = 25;
331			}
332	fbf672cb	Matthew Grooms	}
333
334			if ($server['type'] == "radius") {
335
336			$server['host'] = $pconfig['radius_host'];
337
338	2ee8dea1	Phil Davis	if ($pconfig['radius_secret']) {
339	fbf672cb	Matthew Grooms	$server['radius_secret'] = $pconfig['radius_secret'];
340	2ee8dea1	Phil Davis	}
341	fbf672cb	Matthew Grooms
342	2ee8dea1	Phil Davis	if ($pconfig['radius_timeout']) {
343	bddd2be8	jim-p	$server['radius_timeout'] = $pconfig['radius_timeout'];
344	2ee8dea1	Phil Davis	} else {
345	afdf29d3	jim-p	$server['radius_timeout'] = 5;
346	2ee8dea1	Phil Davis	}
347	bddd2be8	jim-p
348	fbf672cb	Matthew Grooms	if ($pconfig['radius_srvcs'] == "both") {
349			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
350			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
351			}
352
353			if ($pconfig['radius_srvcs'] == "auth") {
354			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
355			unset($server['radius_acct_port']);
356			}
357
358			if ($pconfig['radius_srvcs'] == "acct") {
359			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
360			unset($server['radius_auth_port']);
361			}
362			}
363
364	2ee8dea1	Phil Davis	if (isset($id) && $config['system']['authserver'][$id]) {
365	6306b5dd	Ermal Lu?i	$config['system']['authserver'][$id] = $server;
366	2ee8dea1	Phil Davis	} else {
367	6306b5dd	Ermal Lu?i	$config['system']['authserver'][] = $server;
368	2ee8dea1	Phil Davis	}
369	fbf672cb	Matthew Grooms
370			write_config();
371
372			pfSenseHeader("system_authservers.php");
373			}
374			}
375
376	1d3259b5	Stephen Beaver	// On error, restore the form contents so the user doesn't have to re-enter too much
377	504bd882	Stephen Beaver	if($_POST && $input_errors) {
378			$pconfig = $_POST;
379			$pconfig['ldap_authcn'] = $_POST['ldapauthcontainers'];
380	b1f0f7e1	Stephen Beaver	$pconfig['ldap_template'] = $_POST['ldap_tmpltype'];
381	504bd882	Stephen Beaver	}
382
383	fbf672cb	Matthew Grooms	include("head.inc");
384
385	a0165602	Sjon Hortensius	if ($input_errors)
386			print_input_errors($input_errors);
387	7b4b0ad3	Stephen Beaver
388	a0165602	Sjon Hortensius	if ($savemsg)
389	ea342b0f	Stephen Beaver	print_info_box($savemsg, 'success');
390	a0165602	Sjon Hortensius
391			$tab_array = array();
392			$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
393			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
394			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
395			$tab_array[] = array(gettext("Servers"), true, "system_authservers.php");
396			display_top_tabs($tab_array);
397
398			if (!($act == "new" \|\| $act == "edit" \|\| $input_errors))
399			{
400			?>
401	94404d94	Sander van Leeuwen	<div class="table-responsive">
402	10fe1eb5	Stephen Beaver	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable>
403	94404d94	Sander van Leeuwen	<thead>
404			<tr>
405			<th><?=gettext("Server Name")?></th>
406			<th><?=gettext("Type")?></th>
407			<th><?=gettext("Host Name")?></th>
408	782922c2	Stephen Beaver	<th><?=gettext("Actions")?></th>
409	94404d94	Sander van Leeuwen	</tr>
410			</thead>
411			<tbody>
412			<?php foreach($a_server as $i => $server): ?>
413			<tr>
414			<td><?=htmlspecialchars($server['name'])?></td>
415			<td><?=htmlspecialchars($auth_server_types[$server['type']])?></td>
416			<td><?=htmlspecialchars($server['host'])?></td>
417			<td>
418			<?php if ($i < (count($a_server) - 1)): ?>
419	f9dd6a4b	heper	<a class="fa fa-pencil" title="<?=gettext("Edit server"); ?>" href="system_authservers.php?act=edit&id=<?=$i?>"></a>
420	33f0b0d5	Stephen Beaver	<a class="fa fa-trash" title="<?=gettext("Delete server")?>" href="system_authservers.php?act=del&id=<?=$i?>"></a>
421	94404d94	Sander van Leeuwen	<?php endif?>
422			</td>
423			</tr>
424			<?php endforeach; ?>
425			</tbody>
426			</table>
427			</div>
428
429	c10cb196	Stephen Beaver	<nav class="action-buttons">
430	782922c2	Stephen Beaver	<a href="?act=new" class="btn btn-success btn-sm">
431	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
432	782922c2	Stephen Beaver	<?=gettext("Add")?>
433			</a>
434	94404d94	Sander van Leeuwen	</nav>
435	fbf672cb	Matthew Grooms	<?php
436	a0165602	Sjon Hortensius	include("foot.inc");
437			exit;
438	fbf672cb	Matthew Grooms	}
439
440	ad2879b8	PiBa-NL	require_once('classes/Form.class.php');
441	a0165602	Sjon Hortensius	$form = new Form;
442			$form->setAction('system_authservers.php?act=edit');
443	ea342b0f	Stephen Beaver
444	a0165602	Sjon Hortensius	$form->addGlobal(new Form_Input(
445			'userid',
446			null,
447			'hidden',
448			$id
449			));
450
451			$section = new Form_Section('Server settings');
452
453			$section->addInput($input = new Form_Input(
454			'name',
455			'Descriptive name',
456			'text',
457			$pconfig['name']
458			));
459
460			$section->addInput($input = new Form_Select(
461			'type',
462			'Type',
463			$pconfig['type'],
464			$auth_server_types
465	44d906ca	Sjon Hortensius	))->toggles();
466	a0165602	Sjon Hortensius
467			$form->add($section);
468	6157f724	Stephen Beaver
469			// ==== LDAP settings =========================================================
470	a0165602	Sjon Hortensius	$section = new Form_Section('LDAP Server Settings');
471	44d906ca	Sjon Hortensius	$section->addClass('toggle-ldap collapse');
472	a0165602	Sjon Hortensius
473			if (!isset($pconfig['type']) \|\| $pconfig['type'] == 'ldap')
474			$section->addClass('in');
475
476			$section->addInput(new Form_Input(
477			'ldap_host',
478			'Hostname or IP address',
479			'text',
480			$pconfig['ldap_host']
481			))->setHelp('NOTE: When using SSL, this hostname MUST match the Common Name '.
482	5585e65d	Chris Buechler	'(CN) of the LDAP server\'s SSL Certificate.');
483	a0165602	Sjon Hortensius
484			$section->addInput(new Form_Input(
485			'ldap_port',
486			'Port value',
487			'number',
488			$pconfig['ldap_port']
489			));
490
491			$section->addInput(new Form_Select(
492			'ldap_urltype',
493			'Transport',
494			$pconfig['ldap_urltype'],
495			array_combine(array_keys($ldap_urltypes), array_keys($ldap_urltypes))
496			));
497
498			if (empty($a_ca))
499			{
500			$section->addInput(new Form_StaticText(
501			'Peer Certificate Authority',
502			'No Certificate Authorities defined.<br/>Create one under <a href="system_camanager.php">System > Cert Manager</a>.'
503			));
504	fbf672cb	Matthew Grooms	}
505	a0165602	Sjon Hortensius	else
506			{
507			$ldapCaRef = [];
508			foreach ($a_ca as $ca)
509			$ldapCaRef[ $ca['refid'] ] = $ca['descr'];
510
511			$section->addInput(new Form_Select(
512			'ldap_caref',
513			'Peer Certificate Authority',
514			$pconfig['ldap_caref'],
515			$ldapCaRef
516			))->setHelp('This option is used if \'SSL Encrypted\' option is choosen. '.
517			'It must match with the CA in the AD otherwise problems will arise.');
518	fbf672cb	Matthew Grooms	}
519
520	a0165602	Sjon Hortensius	$section->addInput(new Form_Select(
521			'ldap_protver',
522			'Protocol version',
523			$pconfig['ldap_protver'],
524			array_combine($ldap_protvers, $ldap_protvers)
525			));
526
527	d6b4dfe3	jim-p	$section->addInput(new Form_Input(
528			'ldap_timeout',
529			'Server Timeout',
530			'number',
531			$pconfig['ldap_timeout'],
532			['placeholder' => 25]
533			))->setHelp('Timeout for LDAP operations (seconds)');
534
535	905f6119	Stephen Beaver	$group = new Form_Group('Search scope');
536
537	c84db5bb	Stephen Beaver	$SSF = new Form_Select(
538	a0165602	Sjon Hortensius	'ldap_scope',
539	c84db5bb	Stephen Beaver	'Level',
540	a0165602	Sjon Hortensius	$pconfig['ldap_scope'],
541			$ldap_scopes
542	c84db5bb	Stephen Beaver	);
543	df8fca9d	Stephen Beaver
544	c84db5bb	Stephen Beaver	$SSB = new Form_Input(
545	a0165602	Sjon Hortensius	'ldap_basedn',
546			'Base DN',
547			'text',
548			$pconfig['ldap_basedn']
549	c84db5bb	Stephen Beaver	);
550	905f6119	Stephen Beaver
551	c84db5bb	Stephen Beaver
552			$section->addInput(new Form_StaticText(
553			'Search scope',
554			'Level ' . $SSF . '<br />' . 'Base DN' . $SSB
555			));
556	a0165602	Sjon Hortensius
557			$group = new Form_Group('Authentication containers');
558			$group->add(new Form_Input(
559			'ldapauthcontainers',
560			'Containers',
561			'text',
562			$pconfig['ldap_authcn']
563			))->setHelp('Note: Semi-Colon separated. This will be prepended to the search '.
564			'base dn above or you can specify full container path containing a dc= '.
565			'component.<br/>Example: CN=Users;DC=example,DC=com or OU=Staff;OU=Freelancers');
566	504bd882	Stephen Beaver
567	a0165602	Sjon Hortensius	$group->add(new Form_Button(
568			'Select',
569	501efbd2	Stephen Beaver	'Select a container'
570			))->removeClass('btn-primary')->addClass('btn-default');
571
572	a0165602	Sjon Hortensius	$section->add($group);
573
574	2e101d89	Sander van Leeuwen	$section->addInput(new Form_Checkbox(
575	a0165602	Sjon Hortensius	'ldap_extended_enabled',
576	2e101d89	Sander van Leeuwen	'Extended query',
577			'Enable extended query',
578	a0165602	Sjon Hortensius	$pconfig['ldap_extended_enabled']
579	e39a41e9	Stephen Beaver	));
580	a0165602	Sjon Hortensius
581	2e101d89	Sander van Leeuwen	$group = new Form_Group('Query');
582	e39a41e9	Stephen Beaver	$group->addClass('extended');
583
584	a0165602	Sjon Hortensius	$group->add(new Form_Input(
585			'ldap_extended_query',
586	2e101d89	Sander van Leeuwen	'Query',
587	a0165602	Sjon Hortensius	'text',
588			$pconfig['ldap_extended_query']
589	2e101d89	Sander van Leeuwen	))->setHelp('Example: &(objectClass=inetOrgPerson)(mail=*@example.com)');
590
591	a0165602	Sjon Hortensius	$section->add($group);
592
593			$section->addInput(new Form_Checkbox(
594			'ldap_anon',
595			'Bind anonymous',
596			'Use anonymous binds to resolve distinguished names',
597			$pconfig['ldap_anon']
598	b0909f2e	Stephen Beaver	));
599	a0165602	Sjon Hortensius
600			$group = new Form_Group('Bind credentials');
601	b0909f2e	Stephen Beaver	$group->addClass('ldapanon');
602
603	a0165602	Sjon Hortensius	$group->add(new Form_Input(
604			'ldap_binddn',
605			'User DN:',
606			'text',
607			$pconfig['ldap_binddn']
608			));
609	b0909f2e	Stephen Beaver
610	a0165602	Sjon Hortensius	$group->add(new Form_Input(
611			'ldap_bindpw',
612			'Password',
613			'text',
614			$pconfig['ldap_bindpw']
615			));
616			$section->add($group);
617
618	ac9d8bed	Stephen Beaver	if (!isset($id)) {
619			$template_list = array();
620
621			foreach($ldap_templates as $option => $template) {
622			$template_list[$option] = $template['desc'];
623			}
624	a0165602	Sjon Hortensius
625			$section->addInput(new Form_Select(
626			'ldap_tmpltype',
627			'Initial Template',
628			$pconfig['ldap_template'],
629	ac9d8bed	Stephen Beaver	$template_list
630	a0165602	Sjon Hortensius	));
631	fbf672cb	Matthew Grooms	}
632
633	a0165602	Sjon Hortensius	$section->addInput(new Form_Input(
634			'ldap_attr_user',
635			'User naming attribute',
636			'text',
637			$pconfig['ldap_attr_user']
638			));
639
640			$section->addInput(new Form_Input(
641			'ldap_attr_group',
642			'Group naming attribute',
643			'text',
644			$pconfig['ldap_attr_group']
645			));
646
647			$section->addInput(new Form_Input(
648			'ldap_attr_member',
649			'Group member attribute',
650			'text',
651			$pconfig['ldap_attr_member']
652			));
653
654	149efbea	jim-p	$section->addInput(new Form_Checkbox(
655			'ldap_rfc2307',
656			'RFC 2307 Groups',
657			'LDAP Server uses RFC 2307 style group membership',
658			$pconfig['ldap_rfc2307']
659			))->setHelp('RFC 2307 style group membership has members listed on the group '.
660			'object rather than using groups listed on user object. Leave unchecked '.
661			'for Active Directory style group membership (RFC 2307bis).');
662
663			$section->addInput(new Form_Input(
664			'ldap_attr_groupobj',
665			'Group Object Class',
666			'text',
667			$pconfig['ldap_attr_groupobj'],
668			['placeholder' => 'posixGroup']
669			))->setHelp('Object class used for groups in RFC2307 mode. '.
670			'Typically "posixGroup" or "group".');
671
672	a0165602	Sjon Hortensius	$section->addInput(new Form_Checkbox(
673			'ldap_utf8',
674			'UTF8 Encode',
675			'UTF8 encode LDAP parameters before sending them to the server.',
676			$pconfig['ldap_utf8']
677			))->setHelp('Required to support international characters, but may not be '.
678			'supported by every LDAP server.');
679
680			$section->addInput(new Form_Checkbox(
681			'ldap_nostrip_at',
682			'Username Alterations',
683			'Do not strip away parts of the username after the @ symbol',
684			$pconfig['ldap_nostrip_at']
685			))->setHelp('e.g. user@host becomes user when unchecked.');
686
687			$form->add($section);
688	6157f724	Stephen Beaver
689			// ==== RADIUS section ========================================================
690	a0165602	Sjon Hortensius	$section = new Form_Section('Radius Server Settings');
691	44d906ca	Sjon Hortensius	$section->addClass('toggle-radius collapse');
692	a0165602	Sjon Hortensius
693			$section->addInput(new Form_Input(
694			'radius_host',
695			'Hostname or IP address',
696			'text',
697			$pconfig['radius_host']
698			));
699
700			$section->addInput(new Form_Input(
701			'radius_secret',
702			'Shared Secret',
703			'text',
704			$pconfig['radius_secret']
705			));
706
707			$section->addInput(new Form_Select(
708			'radius_srvcs',
709			'Services offered',
710			$pconfig['radius_srvcs'],
711			$radius_srvcs
712			));
713
714			$section->addInput(new Form_Input(
715			'radius_auth_port',
716	81ec3187	Chris Buechler	'Authentication port',
717	a0165602	Sjon Hortensius	'number',
718	df5d8616	Stephen Beaver	$pconfig['radius_auth_port']
719	a0165602	Sjon Hortensius	));
720
721			$section->addInput(new Form_Input(
722			'radius_acct_port',
723	df5d8616	Stephen Beaver	'Accounting port',
724	a0165602	Sjon Hortensius	'number',
725			$pconfig['radius_acct_port']
726			));
727
728			$section->addInput(new Form_Input(
729			'radius_timeout',
730			'Authentication Timeout',
731			'number',
732			$pconfig['radius_timeout']
733			))->setHelp('This value controls how long, in seconds, that the RADIUS '.
734			'server may take to respond to an authentication request. If left blank, the '.
735			'default value is 5 seconds. NOTE: If you are using an interactive two-factor '.
736			'authentication system, increase this timeout to account for how long it will '.
737			'take the user to receive and enter a token.');
738
739			if (isset($id) && $a_server[$id])
740			{
741			$section->addInput(new Form_Input(
742			'id',
743			null,
744			'hidden',
745			$id
746			));
747	6306b5dd	Ermal Lu?i	}
748	a0165602	Sjon Hortensius
749			$form->add($section);
750			print $form;
751	ac9d8bed	Stephen Beaver	?>
752			<script>
753			//<![CDATA[
754			events.push(function(){
755	501efbd2	Stephen Beaver	function select_clicked() {
756			if (document.getElementById("ldap_port").value == '' \|\|
757	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_host").value == '' \|\|
758			document.getElementById("ldap_scope").value == '' \|\|
759			document.getElementById("ldap_basedn").value == '' \|\|
760			document.getElementById("ldapauthcontainers").value == '') {
761	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the required values.");?>");
762			return;
763			}
764	7b4b0ad3	Stephen Beaver
765	501efbd2	Stephen Beaver	if (!document.getElementById("ldap_anon").checked) {
766			if (document.getElementById("ldap_binddn").value == '' \|\|
767	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_bindpw").value == '') {
768	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the bind username/password.");?>");
769			return;
770			}
771			}
772			var url = 'system_usermanager_settings_ldapacpicker.php?';
773			url += 'port=' + document.getElementById("ldap_port").value;
774			url += '&host=' + document.getElementById("ldap_host").value;
775			url += '&scope=' + document.getElementById("ldap_scope").value;
776			url += '&basedn=' + document.getElementById("ldap_basedn").value;
777			url += '&binddn=' + document.getElementById("ldap_binddn").value;
778			url += '&bindpw=' + document.getElementById("ldap_bindpw").value;
779			url += '&urltype=' + document.getElementById("ldap_urltype").value;
780			url += '&proto=' + document.getElementById("ldap_protver").value;
781			url += '&authcn=' + document.getElementById("ldapauthcontainers").value;
782			<?php if (count($a_ca) > 0): ?>
783			url += '&cert=' + document.getElementById("ldap_caref").value;
784			<?php else: ?>
785			url += '&cert=';
786			<?php endif; ?>
787	7b4b0ad3	Stephen Beaver
788	501efbd2	Stephen Beaver	var oWin = window.open(url, "pfSensePop", "width=620,height=400,top=150,left=150");
789			if (oWin == null \|\| typeof(oWin) == "undefined") {
790	7b4b0ad3	Stephen Beaver	alert("<?=gettext('Popup blocker detected. Action aborted.');?>");
791	501efbd2	Stephen Beaver	}
792			}
793	7b4b0ad3	Stephen Beaver
794	f3a43095	Stephen Beaver	function set_ldap_port() {
795	7b4b0ad3	Stephen Beaver	if($('#ldap_urltype').find(":selected").index() == 0)
796	f3a43095	Stephen Beaver	$('#ldap_port').val('389');
797			else
798	7b4b0ad3	Stephen Beaver	$('#ldap_port').val('636');
799			}
800
801			// Hides all elements of the specified class. This will usually be a section
802			function hideClass(s_class, hide) {
803			if(hide)
804			$('.' + s_class).hide();
805			else
806			$('.' + s_class).show();
807	f3a43095	Stephen Beaver	}
808	7b4b0ad3	Stephen Beaver
809	ac9d8bed	Stephen Beaver	function ldap_tmplchange() {
810			switch ($('#ldap_tmpltype').find(":selected").index()) {
811			<?php
812			$index = 0;
813			foreach ($ldap_templates as $tmpldata):
814			?>
815			case <?=$index;?>:
816			$('#ldap_attr_user').val("<?=$tmpldata['attr_user'];?>");
817			$('#ldap_attr_group').val("<?=$tmpldata['attr_group'];?>");
818			$('#ldap_attr_member').val("<?=$tmpldata['attr_member'];?>");
819			break;
820			<?php
821			$index++;
822			endforeach;
823			?>
824			}
825			}
826	a0165602	Sjon Hortensius
827	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
828	782922c2	Stephen Beaver
829	c4302457	Stephen Beaver	<?php if ($act != 'edit') : ?>
830	ac9d8bed	Stephen Beaver	ldap_tmplchange();
831	c4302457	Stephen Beaver	<?php endif; ?>
832
833	b0909f2e	Stephen Beaver	hideClass('ldapanon', $('#ldap_anon').prop('checked'));
834	501efbd2	Stephen Beaver	$("#Select").prop('type','button');
835	e39a41e9	Stephen Beaver	hideClass('extended', !$('#ldap_extended_enabled').prop('checked'));
836	7b4b0ad3	Stephen Beaver
837	f3a43095	Stephen Beaver	if($('#ldap_port').val() == "")
838			set_ldap_port();
839	ac9d8bed	Stephen Beaver
840	ea342b0f	Stephen Beaver	<?php
841			if($act == 'edit') {
842			?>
843	6157f724	Stephen Beaver	$('#type option:not(:selected)').each(function(){
844	7b4b0ad3	Stephen Beaver	$(this).attr('disabled', 'disabled');
845	6157f724	Stephen Beaver	});
846	7b4b0ad3	Stephen Beaver
847	2138c41b	Stephen Beaver	<?php
848			if(!$input_errors) {
849	7b4b0ad3	Stephen Beaver	?>
850	6157f724	Stephen Beaver	$('#name').prop("readonly", true);
851	ea342b0f	Stephen Beaver	<?php
852	2138c41b	Stephen Beaver	}
853	ea342b0f	Stephen Beaver	}
854			?>
855	eef93144	Jared Dillard	// ---------- Click checkbox handlers ---------------------------------------------------------
856	782922c2	Stephen Beaver
857	ac9d8bed	Stephen Beaver	$('#ldap_tmpltype').on('change', function() {
858			ldap_tmplchange();
859			});
860	b0909f2e	Stephen Beaver
861	7b4b0ad3	Stephen Beaver	$('#ldap_anon').click(function () {
862			hideClass('ldapanon', this.checked);
863			});
864
865	f3a43095	Stephen Beaver	$('#ldap_urltype').on('change', function() {
866			set_ldap_port();
867	7b4b0ad3	Stephen Beaver	});
868
869			$('#Select').click(function () {
870			select_clicked();
871			});
872	504bd882	Stephen Beaver
873	e39a41e9	Stephen Beaver	$('#ldap_extended_enabled').click(function () {
874			hideClass('extended', !this.checked);
875			});
876	504bd882	Stephen Beaver
877	ac9d8bed	Stephen Beaver	});
878			//]]>
879			</script>
880			<?php
881	81ec3187	Chris Buechler	include("foot.inc");

Project

General

Profile

pfSense