/src/usr/local/www/system_authservers.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_authservers.php @ b1024c96

1	fbf672cb	Matthew Grooms	<?php
2			/*
3	c5d81585	Renato Botelho	* system_authservers.php
4	ac9d8bed	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	a68f7a3d	Luiz Otavio O Souza	* Copyright (c) 2014-2024 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* Copyright (c) 2008 Shrew Soft Inc
10			* All rights reserved.
11	ac9d8bed	Stephen Beaver	*
12	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
13			* you may not use this file except in compliance with the License.
14			* You may obtain a copy of the License at
15	ac9d8bed	Stephen Beaver	*
16	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
17	ac9d8bed	Stephen Beaver	*
18	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
19			* distributed under the License is distributed on an "AS IS" BASIS,
20			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21			* See the License for the specific language governing permissions and
22			* limitations under the License.
23	ac9d8bed	Stephen Beaver	*/
24	fbf672cb	Matthew Grooms
25			##\|+PRIV
26			##\|*IDENT=page-system-authservers
27			##\|*NAME=System: Authentication Servers
28			##\|*DESCR=Allow access to the 'System: Authentication Servers' page.
29	57188e47	Phil Davis	##\|*WARN=standard-warning-root
30	fbf672cb	Matthew Grooms	##\|MATCH=system_authservers.php
31			##\|-PRIV
32
33	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
34	acee624f	Ermal Lu?i	require_once("auth.inc");
35	b4097bca	doktornotor	require_once("pfsense-utils.inc");
36	fbf672cb	Matthew Grooms
37	098604d3	Stephen Beaver	// Have we been called to populate the "Select a container" modal?
38			if ($_REQUEST['ajax']) {
39
40			$ous = array();
41			$authcfg = array();
42
43			$authcfg['ldap_port'] = $_REQUEST['port'];
44			$authcfg['ldap_basedn'] = $_REQUEST['basedn'];
45			$authcfg['host'] = $_REQUEST['host'];
46			$authcfg['ldap_scope'] = $_REQUEST['scope'];
47			$authcfg['ldap_binddn'] = $_REQUEST['binddn'];
48			$authcfg['ldap_bindpw'] = $_REQUEST['bindpw'];
49			$authcfg['ldap_urltype'] = $_REQUEST['urltype'];
50			$authcfg['ldap_protver'] = $_REQUEST['proto'];
51			$authcfg['ldap_authcn'] = explode(";", $_REQUEST['authcn']);
52			$authcfg['ldap_caref'] = $_REQUEST['cert'];
53
54			$ous = ldap_get_user_ous(true, $authcfg);
55
56			if (empty($ous)) {
57	89140b63	NOYB	print('<span class="text-danger">Could not connect to the LDAP server. Please check the LDAP configuration.</span>');
58	098604d3	Stephen Beaver	} else {
59	697b1e07	Stephen Beaver	$modal = new Modal("Select LDAP containers for authentication", "containers", true);
60	098604d3	Stephen Beaver	$group = new Form_MultiCheckboxGroup('Containers');
61
62			if (is_array($ous)) {
63			$idx = 0;
64
65			foreach ($ous as $ou) {
66			$group->add(new Form_MultiCheckbox(
67			'ou' . $idx,
68			'',
69			$ou,
70			in_array($ou, $authcfg['ldap_authcn']),
71			$ou
72			));
73
74			$idx++;
75			}
76			}
77
78	697b1e07	Stephen Beaver	$modal->add($group);
79	098604d3	Stephen Beaver
80			// Create a "Save button"
81	697b1e07	Stephen Beaver
82			$btnsv = new Form_Button(
83	098604d3	Stephen Beaver	'svcontbtn',
84			'Save',
85			null,
86	e6f78714	Marcos Mendoza	'fa-solid fa-save'
87	098604d3	Stephen Beaver	);
88
89	697b1e07	Stephen Beaver	$btnsv->removeClass("btn-default)")->addClass("btn-primary");
90	098604d3	Stephen Beaver
91	697b1e07	Stephen Beaver	$modal->addInput(new Form_StaticText(
92	098604d3	Stephen Beaver	'',
93	697b1e07	Stephen Beaver	$btnsv
94	098604d3	Stephen Beaver	));
95
96	697b1e07	Stephen Beaver	print($modal);
97	098604d3	Stephen Beaver	}
98
99			exit;
100			}
101
102	4611e283	Steve Beaver	$id = $_REQUEST['id'];
103	fbf672cb	Matthew Grooms
104	63d6bb4f	Marcos Mendoza	config_init_path('system/authserver');
105	fbf672cb	Matthew Grooms
106	4e4cac0d	jim-p	$a_server = array_values(auth_get_authserver_list());
107	59d06739	Steve Beaver
108	26308930	Marcos Mendoza	config_init_path('ca');
109	fe2031ab	Ermal
110	4611e283	Steve Beaver	$act = $_REQUEST['act'];
111	fbf672cb	Matthew Grooms
112	57dc81ea	Viktor G	if ($act == 'dup') {
113			$dup = true;
114			$act = 'edit';
115			}
116
117	4611e283	Steve Beaver	if ($_POST['act'] == "del") {
118	fbf672cb	Matthew Grooms
119	59d06739	Steve Beaver	if (!$a_server[$_POST['id']]) {
120	fbf672cb	Matthew Grooms	pfSenseHeader("system_authservers.php");
121			exit;
122			}
123
124	9db6993f	jim-p	/* Remove server from main list. */
125	59d06739	Steve Beaver	$serverdeleted = $a_server[$_POST['id']]['name'];
126	ac0a027f	Christian McDonald	foreach (config_get_path('system/authserver', []) as $k => $as) {
127			if ($as['name'] == $serverdeleted) {
128	7e3ea4a8	Christian McDonald	config_del_path("system/authserver/{$k}");
129	2ee8dea1	Phil Davis	}
130	9db6993f	jim-p	}
131
132			/* Remove server from temp list used later on this page. */
133	59d06739	Steve Beaver	unset($a_server[$_POST['id']]);
134	4e4cac0d	jim-p	$a_server = array_values($a_server);
135	9db6993f	jim-p
136	8545adde	k-paulius	$savemsg = sprintf(gettext("Authentication Server %s deleted."), htmlspecialchars($serverdeleted));
137	9db6993f	jim-p	write_config($savemsg);
138	fbf672cb	Matthew Grooms	}
139
140			if ($act == "edit") {
141			if (isset($id) && $a_server[$id]) {
142
143			$pconfig['type'] = $a_server[$id]['type'];
144	57dc81ea	Viktor G	if (!$dup) {
145			$pconfig['name'] = $a_server[$id]['name'];
146			}
147	fbf672cb	Matthew Grooms
148			if ($pconfig['type'] == "ldap") {
149	fe2031ab	Ermal	$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
150	fbf672cb	Matthew Grooms	$pconfig['ldap_host'] = $a_server[$id]['host'];
151			$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
152	d6b4dfe3	jim-p	$pconfig['ldap_timeout'] = $a_server[$id]['ldap_timeout'];
153	fbf672cb	Matthew Grooms	$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
154			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
155			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
156			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
157	c61e4626	Ermal Lu?i	$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
158	c7073ebf	namezero111111	$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
159			$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
160	fbf672cb	Matthew Grooms	$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
161			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
162			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
163			$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
164			$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
165	149efbea	jim-p	$pconfig['ldap_attr_groupobj'] = $a_server[$id]['ldap_attr_groupobj'];
166	ca8459cd	Viktor G	$pconfig['ldap_pam_groupdn'] = $a_server[$id]['ldap_pam_groupdn'];
167	a5cd1c5a	jim-p	$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
168			$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
169	eeceb2ca	Augustin-FL	$pconfig['ldap_allow_unauthenticated'] = isset($a_server[$id]['ldap_allow_unauthenticated']);
170	149efbea	jim-p	$pconfig['ldap_rfc2307'] = isset($a_server[$id]['ldap_rfc2307']);
171	3f6151d7	Viktor G	$pconfig['ldap_rfc2307_userdn'] = isset($a_server[$id]['ldap_rfc2307_userdn']);
172	fbf672cb	Matthew Grooms
173	2ee8dea1	Phil Davis	if (!$pconfig['ldap_binddn'] \|\| !$pconfig['ldap_bindpw']) {
174	fbf672cb	Matthew Grooms	$pconfig['ldap_anon'] = true;
175	2ee8dea1	Phil Davis	}
176	fbf672cb	Matthew Grooms	}
177
178			if ($pconfig['type'] == "radius") {
179	9da4a575	Renato Botelho	$pconfig['radius_protocol'] = $a_server[$id]['radius_protocol'];
180	fbf672cb	Matthew Grooms	$pconfig['radius_host'] = $a_server[$id]['host'];
181	f15fdef3	Augustin FL	$pconfig['radius_nasip_attribute'] = $a_server[$id]['radius_nasip_attribute'];
182	fbf672cb	Matthew Grooms	$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
183			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
184	e8a58de4	Ermal Lu?i	$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
185	bddd2be8	jim-p	$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
186	fbf672cb	Matthew Grooms
187			if ($pconfig['radius_auth_port'] &&
188	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
189	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "both";
190			}
191
192	2ee8dea1	Phil Davis	if ($pconfig['radius_auth_port'] &&
193	ac9d8bed	Stephen Beaver	!$pconfig['radius_acct_port']) {
194	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "auth";
195	acee624f	Ermal Lu?i	$pconfig['radius_acct_port'] = 1813;
196	fbf672cb	Matthew Grooms	}
197
198			if (!$pconfig['radius_auth_port'] &&
199	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
200	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "acct";
201	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = 1812;
202	fbf672cb	Matthew Grooms	}
203
204			}
205			}
206			}
207
208			if ($act == "new") {
209			$pconfig['ldap_protver'] = 3;
210			$pconfig['ldap_anon'] = true;
211	9da4a575	Renato Botelho	$pconfig['radius_protocol'] = "MSCHAPv2";
212	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "both";
213	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = "1812";
214			$pconfig['radius_acct_port'] = "1813";
215	fbf672cb	Matthew Grooms	}
216
217	57dc81ea	Viktor G	if ($dup) {
218			unset($id);
219			}
220
221	59d06739	Steve Beaver	if ($_POST['save']) {
222	fbf672cb	Matthew Grooms	unset($input_errors);
223			$pconfig = $_POST;
224
225			/* input validation */
226
227			if ($pconfig['type'] == "ldap") {
228	2ee8dea1	Phil Davis	$reqdfields = explode(" ",
229			"name type ldap_host ldap_port " .
230			"ldap_urltype ldap_protver ldap_scope " .
231			"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
232	7b4b0ad3	Stephen Beaver
233	257705ca	Renato Botelho	$reqdfieldsn = array(
234			gettext("Descriptive name"),
235			gettext("Type"),
236			gettext("Hostname or IP"),
237			gettext("Port value"),
238			gettext("Transport"),
239			gettext("Protocol version"),
240			gettext("Search level"),
241			gettext("User naming Attribute"),
242			gettext("Group naming Attribute"),
243			gettext("Group member attribute"),
244			gettext("Authentication container"));
245	fbf672cb	Matthew Grooms
246			if (!$pconfig['ldap_anon']) {
247			$reqdfields[] = "ldap_binddn";
248			$reqdfields[] = "ldap_bindpw";
249	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Bind user DN");
250			$reqdfieldsn[] = gettext("Bind Password");
251	fbf672cb	Matthew Grooms	}
252			}
253
254			if ($pconfig['type'] == "radius") {
255	9da4a575	Renato Botelho	$reqdfields = explode(" ", "name type radius_protocol radius_host radius_srvcs");
256	257705ca	Renato Botelho	$reqdfieldsn = array(
257			gettext("Descriptive name"),
258			gettext("Type"),
259	9da4a575	Renato Botelho	gettext("Radius Protocol"),
260	257705ca	Renato Botelho	gettext("Hostname or IP"),
261			gettext("Services"));
262	fbf672cb	Matthew Grooms
263	0a6ab475	hamnur	if ($pconfig['radius_srvcs'] == "both" \|\|
264			$pconfig['radius_srvcs'] == "auth") {
265	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_auth_port";
266	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Authentication port");
267	fbf672cb	Matthew Grooms	}
268
269	0a6ab475	hamnur	if ($pconfig['radius_srvcs'] == "both" \|\|
270			$pconfig['radius_srvcs'] == "acct") {
271	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_acct_port";
272	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Accounting port");
273	fbf672cb	Matthew Grooms	}
274
275			if (!isset($id)) {
276			$reqdfields[] = "radius_secret";
277	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Shared Secret");
278	fbf672cb	Matthew Grooms	}
279			}
280
281	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
282	fbf672cb	Matthew Grooms
283	2ee8dea1	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host'])) {
284	fbf672cb	Matthew Grooms	$input_errors[] = gettext("The host name contains invalid characters.");
285	2ee8dea1	Phil Davis	}
286	fbf672cb	Matthew Grooms
287	2ee8dea1	Phil Davis	if (auth_get_authserver($pconfig['name']) && !isset($id)) {
288	257705ca	Renato Botelho	$input_errors[] = gettext("An authentication server with the same name already exists.");
289	2ee8dea1	Phil Davis	}
290	acee624f	Ermal Lu?i
291	63d6bb4f	Marcos Mendoza	if (isset($id) && config_get_path("system/authserver/{$id}") &&
292			(config_get_path("system/authserver/{$id}/name") != $pconfig['name'])) {
293	24c4275d	jim-p	$input_errors[] = gettext("The name of an authentication server cannot be changed.");
294			}
295
296	d6b4dfe3	jim-p	if (($pconfig['type'] == "ldap") \|\| ($pconfig['type'] == "radius")) {
297			$to_field = "{$pconfig['type']}_timeout";
298			if (isset($_POST[$to_field]) && !empty($_POST[$to_field]) && (!is_numeric($_POST[$to_field]) \|\| (is_numeric($_POST[$to_field]) && ($_POST[$to_field] <= 0)))) {
299			$input_errors[] = sprintf(gettext("%s Timeout value must be numeric and positive."), strtoupper($pconfig['type']));
300			}
301	2ee8dea1	Phil Davis	}
302	bddd2be8	jim-p
303	63d6bb4f	Marcos Mendoza	if (($pconfig['type'] == 'ldap') && config_path_enabled('system/webgui', 'shellauth') &&
304			(config_get_path('system/webgui/authmode') == $pconfig['name']) && empty($pconfig['ldap_pam_groupdn'])) {
305	ca8459cd	Viktor G	$input_errors[] = gettext("Shell Authentication Group DN must be specified if " .
306			"Shell Authentication is enabled for appliance.");
307			}
308
309	fbf672cb	Matthew Grooms	if (!$input_errors) {
310			$server = array();
311			$server['refid'] = uniqid();
312	2ee8dea1	Phil Davis	if (isset($id) && $a_server[$id]) {
313	fbf672cb	Matthew Grooms	$server = $a_server[$id];
314	2ee8dea1	Phil Davis	}
315	fbf672cb	Matthew Grooms
316			$server['type'] = $pconfig['type'];
317			$server['name'] = $pconfig['name'];
318
319			if ($server['type'] == "ldap") {
320
321	2ee8dea1	Phil Davis	if (!empty($pconfig['ldap_caref'])) {
322	fe2031ab	Ermal	$server['ldap_caref'] = $pconfig['ldap_caref'];
323	2ee8dea1	Phil Davis	}
324	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['ldap_host'];
325			$server['ldap_port'] = $pconfig['ldap_port'];
326			$server['ldap_urltype'] = $pconfig['ldap_urltype'];
327			$server['ldap_protver'] = $pconfig['ldap_protver'];
328			$server['ldap_scope'] = $pconfig['ldap_scope'];
329			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
330	c61e4626	Ermal Lu?i	$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
331	c7073ebf	namezero111111	$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
332			$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
333	fbf672cb	Matthew Grooms	$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
334			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
335			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
336	149efbea	jim-p
337			$server['ldap_attr_groupobj'] = empty($pconfig['ldap_attr_groupobj']) ? "posixGroup" : $pconfig['ldap_attr_groupobj'];
338	ca8459cd	Viktor G	$server['ldap_pam_groupdn'] = $pconfig['ldap_pam_groupdn'];
339	149efbea	jim-p
340	2ee8dea1	Phil Davis	if ($pconfig['ldap_utf8'] == "yes") {
341	a5cd1c5a	jim-p	$server['ldap_utf8'] = true;
342	2ee8dea1	Phil Davis	} else {
343	a5cd1c5a	jim-p	unset($server['ldap_utf8']);
344	2ee8dea1	Phil Davis	}
345			if ($pconfig['ldap_nostrip_at'] == "yes") {
346	a5cd1c5a	jim-p	$server['ldap_nostrip_at'] = true;
347	2ee8dea1	Phil Davis	} else {
348	a5cd1c5a	jim-p	unset($server['ldap_nostrip_at']);
349	2ee8dea1	Phil Davis	}
350	eeceb2ca	Augustin-FL	if ($pconfig['ldap_allow_unauthenticated'] == "yes") {
351			$server['ldap_allow_unauthenticated'] = true;
352			} else {
353			unset($server['ldap_allow_unauthenticated']);
354			}
355	149efbea	jim-p	if ($pconfig['ldap_rfc2307'] == "yes") {
356			$server['ldap_rfc2307'] = true;
357			} else {
358			unset($server['ldap_rfc2307']);
359			}
360	3f6151d7	Viktor G	if ($pconfig['ldap_rfc2307_userdn'] == "yes") {
361			$server['ldap_rfc2307_userdn'] = true;
362			} else {
363			unset($server['ldap_rfc2307_userdn']);
364			}
365	a5cd1c5a	jim-p
366	fbf672cb	Matthew Grooms
367			if (!$pconfig['ldap_anon']) {
368			$server['ldap_binddn'] = $pconfig['ldap_binddn'];
369			$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
370			} else {
371			unset($server['ldap_binddn']);
372			unset($server['ldap_bindpw']);
373			}
374	d6b4dfe3	jim-p
375			if ($pconfig['ldap_timeout']) {
376			$server['ldap_timeout'] = $pconfig['ldap_timeout'];
377			} else {
378			$server['ldap_timeout'] = 25;
379			}
380	fbf672cb	Matthew Grooms	}
381
382			if ($server['type'] == "radius") {
383
384	9da4a575	Renato Botelho	$server['radius_protocol'] = $pconfig['radius_protocol'];
385	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['radius_host'];
386	f15fdef3	Augustin FL	$server['radius_nasip_attribute'] = $pconfig['radius_nasip_attribute'];
387	fbf672cb	Matthew Grooms
388	2ee8dea1	Phil Davis	if ($pconfig['radius_secret']) {
389	fbf672cb	Matthew Grooms	$server['radius_secret'] = $pconfig['radius_secret'];
390	2ee8dea1	Phil Davis	}
391	fbf672cb	Matthew Grooms
392	2ee8dea1	Phil Davis	if ($pconfig['radius_timeout']) {
393	bddd2be8	jim-p	$server['radius_timeout'] = $pconfig['radius_timeout'];
394	2ee8dea1	Phil Davis	} else {
395	afdf29d3	jim-p	$server['radius_timeout'] = 5;
396	2ee8dea1	Phil Davis	}
397	bddd2be8	jim-p
398	fbf672cb	Matthew Grooms	if ($pconfig['radius_srvcs'] == "both") {
399			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
400			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
401			}
402
403			if ($pconfig['radius_srvcs'] == "auth") {
404			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
405			unset($server['radius_acct_port']);
406			}
407
408			if ($pconfig['radius_srvcs'] == "acct") {
409			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
410			unset($server['radius_auth_port']);
411			}
412			}
413
414	63d6bb4f	Marcos Mendoza	if (isset($id) && config_get_path("system/authserver/{$id}")) {
415			config_set_path("system/authserver/{$id}", $server);
416	2ee8dea1	Phil Davis	} else {
417	63d6bb4f	Marcos Mendoza	config_set_path('system/authserver/', $server);
418	2ee8dea1	Phil Davis	}
419	fbf672cb	Matthew Grooms
420	63d6bb4f	Marcos Mendoza	if (config_path_enabled('system/webgui', 'shellauth') &&
421			(config_get_path('system/webgui/authmode') == $pconfig['name'])) {
422	ca8459cd	Viktor G	set_pam_auth();
423			}
424
425	e85ae672	Renato Botelho do Couto	write_config("Authentication Servers settings saved");
426	fbf672cb	Matthew Grooms
427			pfSenseHeader("system_authservers.php");
428			}
429			}
430
431	f15fdef3	Augustin FL	function build_radiusnas_list() {
432			$list = array();
433
434			$iflist = get_configured_interface_with_descr();
435			foreach ($iflist as $ifdesc => $ifdescr) {
436			$ipaddr = get_interface_ip($ifdesc);
437			if (is_ipaddr($ipaddr)) {
438			$list[$ifdesc] = $ifdescr . ' - ' . $ipaddr;
439			}
440			}
441
442	216cca9c	Christian McDonald	foreach (config_get_path('virtualip/vip', []) as $sn) {
443	79eec8e2	Christian McDonald	if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
444			$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
445			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
446			$len = $end - $start;
447
448			for ($i = 0; $i <= $len; $i++) {
449			$snip = long2ip32($start+$i);
450			$list[$snip] = $sn['descr'] . ' - ' . $snip;
451	f15fdef3	Augustin FL	}
452	79eec8e2	Christian McDonald	} else {
453			$list[$sn['subnet']] = $sn['descr'] . ' - ' . $sn['subnet'];
454	f15fdef3	Augustin FL	}
455			}
456
457	79eec8e2	Christian McDonald
458	f15fdef3	Augustin FL	return($list);
459			}
460
461	1d3259b5	Stephen Beaver	// On error, restore the form contents so the user doesn't have to re-enter too much
462	9d3e8723	Phil Davis	if ($_POST && $input_errors) {
463	504bd882	Stephen Beaver	$pconfig = $_POST;
464			$pconfig['ldap_authcn'] = $_POST['ldapauthcontainers'];
465	b1f0f7e1	Stephen Beaver	$pconfig['ldap_template'] = $_POST['ldap_tmpltype'];
466	504bd882	Stephen Beaver	}
467
468	8f1ab2a4	k-paulius	$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Authentication Servers"));
469	edcd7535	Phil Davis	$pglinks = array("", "system_usermanager.php", "system_authservers.php");
470	8f1ab2a4	k-paulius
471			if ($act == "new" \|\| $act == "edit" \|\| $input_errors) {
472			$pgtitle[] = gettext('Edit');
473	edcd7535	Phil Davis	$pglinks[] = "@self";
474	8f1ab2a4	k-paulius	}
475			$shortcut_section = "authentication";
476	fbf672cb	Matthew Grooms	include("head.inc");
477
478	762faef5	Phil Davis	if ($input_errors) {
479	a0165602	Sjon Hortensius	print_input_errors($input_errors);
480	762faef5	Phil Davis	}
481	7b4b0ad3	Stephen Beaver
482	762faef5	Phil Davis	if ($savemsg) {
483	ea342b0f	Stephen Beaver	print_info_box($savemsg, 'success');
484	762faef5	Phil Davis	}
485	a0165602	Sjon Hortensius
486			$tab_array = array();
487	210eb1d6	jim-p	$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
488	a0165602	Sjon Hortensius	$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
489			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
490	210eb1d6	jim-p	$tab_array[] = array(gettext("Change Password"), false, "system_usermanager_passwordmg.php");
491	2d1f33d9	k-paulius	$tab_array[] = array(gettext("Authentication Servers"), true, "system_authservers.php");
492	a0165602	Sjon Hortensius	display_top_tabs($tab_array);
493
494	762faef5	Phil Davis	if (!($act == "new" \|\| $act == "edit" \|\| $input_errors)) {
495	060ed238	Stephen Beaver	?>
496			<div class="panel panel-default">
497	70dc5cd6	Phil Davis	<div class="panel-heading"><h2 class="panel-title"><?=gettext('Authentication Servers')?></h2></div>
498	060ed238	Stephen Beaver	<div class="panel-body">
499			<div class="table-responsive">
500	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
501	060ed238	Stephen Beaver	<thead>
502			<tr>
503			<th><?=gettext("Server Name")?></th>
504			<th><?=gettext("Type")?></th>
505			<th><?=gettext("Host Name")?></th>
506			<th><?=gettext("Actions")?></th>
507			</tr>
508			</thead>
509			<tbody>
510	9d3e8723	Phil Davis	<?php foreach ($a_server as $i => $server): ?>
511	060ed238	Stephen Beaver	<tr>
512			<td><?=htmlspecialchars($server['name'])?></td>
513			<td><?=htmlspecialchars($auth_server_types[$server['type']])?></td>
514			<td><?=htmlspecialchars($server['host'])?></td>
515			<td>
516			<?php if ($i < (count($a_server) - 1)): ?>
517	e0cb987c	Marcos Mendoza	<a class="fa-solid fa-pencil" title="<?=gettext("Edit server"); ?>" href="system_authservers.php?act=edit&id=<?=$i?>"></a>
518	c1d304b3	Marcos Mendoza	<a class="fa-regular fa-clone" title="<?=gettext("Copy server"); ?>" href="system_authservers.php?act=dup&id=<?=$i?>"></a>
519			<a class="fa-solid fa-trash-can" title="<?=gettext("Delete server")?>" href="system_authservers.php?act=del&id=<?=$i?>" usepost></a>
520	060ed238	Stephen Beaver	<?php endif?>
521			</td>
522			</tr>
523			<?php endforeach; ?>
524			</tbody>
525			</table>
526			</div>
527	94404d94	Sander van Leeuwen	</div>
528	060ed238	Stephen Beaver	</div>
529
530			<nav class="action-buttons">
531	4611e283	Steve Beaver	<a href="?act=new" class="btn btn-success btn-sm">
532	e0cb987c	Marcos Mendoza	<i class="fa-solid fa-plus icon-embed-btn"></i>
533	060ed238	Stephen Beaver	<?=gettext("Add")?>
534			</a>
535			</nav>
536	fbf672cb	Matthew Grooms	<?php
537	a0165602	Sjon Hortensius	include("foot.inc");
538			exit;
539	fbf672cb	Matthew Grooms	}
540
541	a0165602	Sjon Hortensius	$form = new Form;
542			$form->setAction('system_authservers.php?act=edit');
543	ea342b0f	Stephen Beaver
544	a0165602	Sjon Hortensius	$form->addGlobal(new Form_Input(
545			'userid',
546			null,
547			'hidden',
548			$id
549			));
550
551	5f88f964	k-paulius	$section = new Form_Section('Server Settings');
552	a0165602	Sjon Hortensius
553			$section->addInput($input = new Form_Input(
554			'name',
555	153c3aa6	Phil Davis	'*Descriptive name',
556	a0165602	Sjon Hortensius	'text',
557			$pconfig['name']
558			));
559
560			$section->addInput($input = new Form_Select(
561			'type',
562	153c3aa6	Phil Davis	'*Type',
563	a0165602	Sjon Hortensius	$pconfig['type'],
564			$auth_server_types
565	44d906ca	Sjon Hortensius	))->toggles();
566	a0165602	Sjon Hortensius
567			$form->add($section);
568	6157f724	Stephen Beaver
569			// ==== LDAP settings =========================================================
570	a0165602	Sjon Hortensius	$section = new Form_Section('LDAP Server Settings');
571	44d906ca	Sjon Hortensius	$section->addClass('toggle-ldap collapse');
572	a0165602	Sjon Hortensius
573			if (!isset($pconfig['type']) \|\| $pconfig['type'] == 'ldap')
574			$section->addClass('in');
575
576			$section->addInput(new Form_Input(
577			'ldap_host',
578	153c3aa6	Phil Davis	'*Hostname or IP address',
579	a0165602	Sjon Hortensius	'text',
580			$pconfig['ldap_host']
581	f764f63a	jim-p	))->setHelp('NOTE: When using SSL/TLS or STARTTLS, this hostname MUST match a Subject '.
582			'Alternative Name (SAN) or the Common Name (CN) of the LDAP server SSL/TLS Certificate.');
583	a0165602	Sjon Hortensius
584			$section->addInput(new Form_Input(
585			'ldap_port',
586	153c3aa6	Phil Davis	'*Port value',
587	a0165602	Sjon Hortensius	'number',
588			$pconfig['ldap_port']
589			));
590
591			$section->addInput(new Form_Select(
592			'ldap_urltype',
593	153c3aa6	Phil Davis	'*Transport',
594	a0165602	Sjon Hortensius	$pconfig['ldap_urltype'],
595			array_combine(array_keys($ldap_urltypes), array_keys($ldap_urltypes))
596			));
597
598	16a6bf51	Viktor G	$ldapCaRef = array('global' => 'Global Root CA List');
599	26308930	Marcos Mendoza	foreach (config_get_path('ca', []) as $ca) {
600	16a6bf51	Viktor G	$ldapCaRef[$ca['refid']] = $ca['descr'];
601	fbf672cb	Matthew Grooms	}
602
603	16a6bf51	Viktor G	$section->addInput(new Form_Select(
604			'ldap_caref',
605			'Peer Certificate Authority',
606			$pconfig['ldap_caref'],
607			$ldapCaRef
608			))->setHelp('This CA is used to validate the LDAP server certificate when '.
609			'\'SSL/TLS Encrypted\' or \'STARTTLS Encrypted\' Transport is active. '.
610			'This CA must match the CA used by the LDAP server.');
611
612	a0165602	Sjon Hortensius	$section->addInput(new Form_Select(
613			'ldap_protver',
614	153c3aa6	Phil Davis	'*Protocol version',
615	a0165602	Sjon Hortensius	$pconfig['ldap_protver'],
616			array_combine($ldap_protvers, $ldap_protvers)
617			));
618
619	d6b4dfe3	jim-p	$section->addInput(new Form_Input(
620			'ldap_timeout',
621			'Server Timeout',
622			'number',
623			$pconfig['ldap_timeout'],
624			['placeholder' => 25]
625			))->setHelp('Timeout for LDAP operations (seconds)');
626
627	905f6119	Stephen Beaver	$group = new Form_Group('Search scope');
628
629	c84db5bb	Stephen Beaver	$SSF = new Form_Select(
630	a0165602	Sjon Hortensius	'ldap_scope',
631	153c3aa6	Phil Davis	'*Level',
632	a0165602	Sjon Hortensius	$pconfig['ldap_scope'],
633			$ldap_scopes
634	c84db5bb	Stephen Beaver	);
635	df8fca9d	Stephen Beaver
636	c84db5bb	Stephen Beaver	$SSB = new Form_Input(
637	a0165602	Sjon Hortensius	'ldap_basedn',
638			'Base DN',
639			'text',
640			$pconfig['ldap_basedn']
641	c84db5bb	Stephen Beaver	);
642	905f6119	Stephen Beaver
643	c84db5bb	Stephen Beaver
644			$section->addInput(new Form_StaticText(
645			'Search scope',
646			'Level ' . $SSF . '<br />' . 'Base DN' . $SSB
647			));
648	a0165602	Sjon Hortensius
649	5520839e	Phil Davis	$group = new Form_Group('*Authentication containers');
650	a0165602	Sjon Hortensius	$group->add(new Form_Input(
651			'ldapauthcontainers',
652	5520839e	Phil Davis	'Containers',
653	a0165602	Sjon Hortensius	'text',
654			$pconfig['ldap_authcn']
655			))->setHelp('Note: Semi-Colon separated. This will be prepended to the search '.
656	89140b63	NOYB	'base dn above or the full container path can be specified containing a dc= '.
657	781d9ce4	Phil Davis	'component.%1$sExample: CN=Users;DC=example,DC=com or OU=Staff;OU=Freelancers', '<br/>');
658	504bd882	Stephen Beaver
659	a0165602	Sjon Hortensius	$group->add(new Form_Button(
660			'Select',
661	faab522f	Renato Botelho	'Select a container',
662	2e7fa7ca	jim-p	null,
663	e6f78714	Marcos Mendoza	'fa-solid fa-search'
664	347c0214	Phil Davis	))->setAttribute('type','button')->addClass('btn-info');
665	501efbd2	Stephen Beaver
666	a0165602	Sjon Hortensius	$section->add($group);
667
668	2e101d89	Sander van Leeuwen	$section->addInput(new Form_Checkbox(
669	a0165602	Sjon Hortensius	'ldap_extended_enabled',
670	2e101d89	Sander van Leeuwen	'Extended query',
671			'Enable extended query',
672	a0165602	Sjon Hortensius	$pconfig['ldap_extended_enabled']
673	e39a41e9	Stephen Beaver	));
674	a0165602	Sjon Hortensius
675	2e101d89	Sander van Leeuwen	$group = new Form_Group('Query');
676	e39a41e9	Stephen Beaver	$group->addClass('extended');
677
678	a0165602	Sjon Hortensius	$group->add(new Form_Input(
679			'ldap_extended_query',
680	2e101d89	Sander van Leeuwen	'Query',
681	a0165602	Sjon Hortensius	'text',
682			$pconfig['ldap_extended_query']
683	0a9163aa	Steve Powers	))->setHelp('Example (MSAD): memberOf=CN=Groupname,OU=MyGroups,DC=example,DC=com<br>Example (2307): \|(&(objectClass=posixGroup)(cn=Groupname)(memberUid=))(&(objectClass=posixGroup)(cn=anotherGroup)(memberUid=))');
684	2e101d89	Sander van Leeuwen
685	a0165602	Sjon Hortensius	$section->add($group);
686
687			$section->addInput(new Form_Checkbox(
688			'ldap_anon',
689			'Bind anonymous',
690			'Use anonymous binds to resolve distinguished names',
691			$pconfig['ldap_anon']
692	b0909f2e	Stephen Beaver	));
693	a0165602	Sjon Hortensius
694	153c3aa6	Phil Davis	$group = new Form_Group('*Bind credentials');
695	b0909f2e	Stephen Beaver	$group->addClass('ldapanon');
696
697	a0165602	Sjon Hortensius	$group->add(new Form_Input(
698			'ldap_binddn',
699			'User DN:',
700			'text',
701			$pconfig['ldap_binddn']
702			));
703	b0909f2e	Stephen Beaver
704	a0165602	Sjon Hortensius	$group->add(new Form_Input(
705			'ldap_bindpw',
706			'Password',
707	1c1f08f9	Stephen Beaver	'password',
708	a0165602	Sjon Hortensius	$pconfig['ldap_bindpw']
709			));
710			$section->add($group);
711
712	ac9d8bed	Stephen Beaver	if (!isset($id)) {
713			$template_list = array();
714
715	9d3e8723	Phil Davis	foreach ($ldap_templates as $option => $template) {
716	ac9d8bed	Stephen Beaver	$template_list[$option] = $template['desc'];
717			}
718	a0165602	Sjon Hortensius
719			$section->addInput(new Form_Select(
720			'ldap_tmpltype',
721			'Initial Template',
722			$pconfig['ldap_template'],
723	ac9d8bed	Stephen Beaver	$template_list
724	a0165602	Sjon Hortensius	));
725	fbf672cb	Matthew Grooms	}
726
727	a0165602	Sjon Hortensius	$section->addInput(new Form_Input(
728			'ldap_attr_user',
729	153c3aa6	Phil Davis	'*User naming attribute',
730	a0165602	Sjon Hortensius	'text',
731			$pconfig['ldap_attr_user']
732			));
733
734			$section->addInput(new Form_Input(
735			'ldap_attr_group',
736	153c3aa6	Phil Davis	'*Group naming attribute',
737	a0165602	Sjon Hortensius	'text',
738			$pconfig['ldap_attr_group']
739			));
740
741			$section->addInput(new Form_Input(
742			'ldap_attr_member',
743	153c3aa6	Phil Davis	'*Group member attribute',
744	a0165602	Sjon Hortensius	'text',
745			$pconfig['ldap_attr_member']
746			));
747
748	149efbea	jim-p	$section->addInput(new Form_Checkbox(
749			'ldap_rfc2307',
750			'RFC 2307 Groups',
751			'LDAP Server uses RFC 2307 style group membership',
752			$pconfig['ldap_rfc2307']
753			))->setHelp('RFC 2307 style group membership has members listed on the group '.
754			'object rather than using groups listed on user object. Leave unchecked '.
755			'for Active Directory style group membership (RFC 2307bis).');
756
757	3f6151d7	Viktor G	$group = new Form_Group('RFC 2307 User DN');
758			$group->addClass('ldap_rfc2307_userdn');
759
760			$group->add(new Form_Checkbox(
761			'ldap_rfc2307_userdn',
762			'RFC 2307 user DN',
763			'RFC 2307 Use DN for username search.',
764			$pconfig['ldap_rfc2307_userdn']
765			))->setHelp('Use DN for username search, i.e. "(member=CN=Username,CN=Users,DC=example,DC=com)".');
766
767			$section->add($group);
768
769	149efbea	jim-p	$section->addInput(new Form_Input(
770			'ldap_attr_groupobj',
771			'Group Object Class',
772			'text',
773			$pconfig['ldap_attr_groupobj'],
774			['placeholder' => 'posixGroup']
775			))->setHelp('Object class used for groups in RFC2307 mode. '.
776			'Typically "posixGroup" or "group".');
777
778	ca8459cd	Viktor G	$section->addInput(new Form_Input(
779			'ldap_pam_groupdn',
780			'Shell Authentication Group DN',
781			'text',
782			$pconfig['ldap_pam_groupdn']
783			))->setHelp('If LDAP server is used for shell authentication, user must be a member ' .
784			'of this group and have a valid posixAccount attributes to be able to login.%s Example: CN=Remoteshellusers,CN=Users,DC=example,DC=com',
785			'<br/>');
786
787	a0165602	Sjon Hortensius	$section->addInput(new Form_Checkbox(
788			'ldap_utf8',
789			'UTF8 Encode',
790			'UTF8 encode LDAP parameters before sending them to the server.',
791			$pconfig['ldap_utf8']
792			))->setHelp('Required to support international characters, but may not be '.
793			'supported by every LDAP server.');
794
795			$section->addInput(new Form_Checkbox(
796			'ldap_nostrip_at',
797			'Username Alterations',
798			'Do not strip away parts of the username after the @ symbol',
799			$pconfig['ldap_nostrip_at']
800			))->setHelp('e.g. user@host becomes user when unchecked.');
801
802	eeceb2ca	Augustin-FL	$section->addInput(new Form_Checkbox(
803			'ldap_allow_unauthenticated',
804			'Allow unauthenticated bind',
805			'Allow unauthenticated bind',
806	322f9f6c	jim-p	$pconfig['ldap_allow_unauthenticated']
807	eeceb2ca	Augustin-FL	))->setHelp('Unauthenticated binds are bind with an existing login but with an empty password. '.
808	4864d7f6	Josh Soref	'Some LDAP servers (Microsoft AD) allow this type of bind without any possibility to disable it.');
809	eeceb2ca	Augustin-FL
810	a0165602	Sjon Hortensius	$form->add($section);
811	6157f724	Stephen Beaver
812			// ==== RADIUS section ========================================================
813	7aaf60a8	k-paulius	$section = new Form_Section('RADIUS Server Settings');
814	44d906ca	Sjon Hortensius	$section->addClass('toggle-radius collapse');
815	a0165602	Sjon Hortensius
816	9da4a575	Renato Botelho	$section->addInput(new Form_Select(
817			'radius_protocol',
818	153c3aa6	Phil Davis	'*Protocol',
819	9da4a575	Renato Botelho	$pconfig['radius_protocol'],
820			$radius_protocol
821			));
822
823	a0165602	Sjon Hortensius	$section->addInput(new Form_Input(
824			'radius_host',
825	153c3aa6	Phil Davis	'*Hostname or IP address',
826	a0165602	Sjon Hortensius	'text',
827			$pconfig['radius_host']
828			));
829
830			$section->addInput(new Form_Input(
831			'radius_secret',
832	153c3aa6	Phil Davis	'*Shared Secret',
833	406a904b	jim-p	'password',
834	a0165602	Sjon Hortensius	$pconfig['radius_secret']
835			));
836
837			$section->addInput(new Form_Select(
838			'radius_srvcs',
839	153c3aa6	Phil Davis	'*Services offered',
840	a0165602	Sjon Hortensius	$pconfig['radius_srvcs'],
841			$radius_srvcs
842			));
843
844			$section->addInput(new Form_Input(
845			'radius_auth_port',
846	81ec3187	Chris Buechler	'Authentication port',
847	a0165602	Sjon Hortensius	'number',
848	df5d8616	Stephen Beaver	$pconfig['radius_auth_port']
849	a0165602	Sjon Hortensius	));
850
851			$section->addInput(new Form_Input(
852			'radius_acct_port',
853	df5d8616	Stephen Beaver	'Accounting port',
854	a0165602	Sjon Hortensius	'number',
855			$pconfig['radius_acct_port']
856			));
857
858			$section->addInput(new Form_Input(
859			'radius_timeout',
860			'Authentication Timeout',
861			'number',
862			$pconfig['radius_timeout']
863			))->setHelp('This value controls how long, in seconds, that the RADIUS '.
864			'server may take to respond to an authentication request. If left blank, the '.
865	89140b63	NOYB	'default value is 5 seconds. NOTE: If using an interactive two-factor '.
866	a0165602	Sjon Hortensius	'authentication system, increase this timeout to account for how long it will '.
867			'take the user to receive and enter a token.');
868
869	f15fdef3	Augustin FL	$section->addInput(new Form_Select(
870			'radius_nasip_attribute',
871			'RADIUS NAS IP Attribute',
872			$pconfig['radius_nasip_attribute'],
873			build_radiusnas_list()
874	4864d7f6	Josh Soref	))->setHelp('Enter the IP to use for the "NAS-IP-Address" attribute during RADIUS Access-Requests.<br />'.
875	f15fdef3	Augustin FL	'Please note that this choice won\'t change the interface used for contacting the RADIUS server.');
876
877	a0165602	Sjon Hortensius	if (isset($id) && $a_server[$id])
878			{
879	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
880	a0165602	Sjon Hortensius	'id',
881			null,
882			'hidden',
883			$id
884			));
885	6306b5dd	Ermal Lu?i	}
886	a0165602	Sjon Hortensius
887			$form->add($section);
888	098604d3	Stephen Beaver
889			// Create a largely empty modal to show the available containers. We will populate it via AJAX later
890			$modal = new Modal("LDAP containers", "containers", true);
891
892			$form->add($modal);
893
894	a0165602	Sjon Hortensius	print $form;
895	ac9d8bed	Stephen Beaver	?>
896	8fd9052f	Colin Fleming	<script type="text/javascript">
897	ac9d8bed	Stephen Beaver	//<![CDATA[
898	098604d3	Stephen Beaver	events.push(function() {
899
900			// Create an AJAX request (to this page) to get the container list and controls
901	501efbd2	Stephen Beaver	function select_clicked() {
902			if (document.getElementById("ldap_port").value == '' \|\|
903	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_host").value == '' \|\|
904			document.getElementById("ldap_scope").value == '' \|\|
905			document.getElementById("ldap_basedn").value == '' \|\|
906			document.getElementById("ldapauthcontainers").value == '') {
907	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the required values.");?>");
908			return;
909			}
910	7b4b0ad3	Stephen Beaver
911	501efbd2	Stephen Beaver	if (!document.getElementById("ldap_anon").checked) {
912			if (document.getElementById("ldap_binddn").value == '' \|\|
913	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_bindpw").value == '') {
914	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the bind username/password.");?>");
915			return;
916			}
917			}
918	098604d3	Stephen Beaver
919			var ajaxRequest;
920			var authserver = $('#authmode').val();
921			var cert;
922
923	26308930	Marcos Mendoza	<?php if (count(config_get_path('ca', [])) > 0): ?>
924	098604d3	Stephen Beaver	cert = $('#ldap_caref').val();
925			<?php else: ?>
926			cert = '';
927			<?php endif; ?>
928	697b1e07	Stephen Beaver	/*
929	098604d3	Stephen Beaver	$('#containers').modal('show');
930	79df3d68	Stephen Beaver	$('#serverlist').parent('div').prev('label').remove();
931			$('#serverlist').parent('div').removeClass("col-sm-10");
932			$('#serverlist').parent('div').addClass("col-sm-12");
933	697b1e07	Stephen Beaver	*/
934	098604d3	Stephen Beaver	ajaxRequest = $.ajax(
935			{
936			url: "/system_authservers.php",
937			type: "post",
938			data: {
939			ajax: "ajax",
940			port: $('#ldap_port').val(),
941			host: $('#ldap_host').val(),
942			scope: $('#ldap_scope').val(),
943			basedn: $('#ldap_basedn').val(),
944			binddn: $('#ldap_binddn').val(),
945			bindpw: $('#ldap_bindpw').val(),
946			urltype:$('#ldap_urltype').val(),
947			proto: $('#ldap_protver').val(),
948			authcn: $('#ldapauthcontainers').val(),
949			cert: cert
950			}
951			}
952			);
953
954			// Deal with the results of the above ajax call
955			ajaxRequest.done(function (response, textStatus, jqXHR) {
956	697b1e07	Stephen Beaver	$('#containers').replaceWith(response);
957
958			$('#containers').modal('show');
959	098604d3	Stephen Beaver
960			// The button handler needs to be here because until the modal has been populated
961			// the controls we need to attach handlers to do not exist
962			$('#svcontbtn').prop("type", "button");
963			$('#svcontbtn').removeAttr("href");
964
965			$('#svcontbtn').click(function () {
966			var ous = $('[id^=ou]').length;
967			var i;
968
969			$('#ldapauthcontainers').val("");
970
971			for (i = 0; i < ous; i++) {
972			if ($('#ou' + i).prop("checked")) {
973			if ($('#ldapauthcontainers').val() != "") {
974			$('#ldapauthcontainers').val($('#ldapauthcontainers').val() +";");
975			}
976
977			$('#ldapauthcontainers').val($('#ldapauthcontainers').val() + $('#ou' + i).val());
978			}
979			}
980
981			$('#containers').modal('hide');
982			});
983			});
984
985	501efbd2	Stephen Beaver	}
986	7b4b0ad3	Stephen Beaver
987	f3a43095	Stephen Beaver	function set_ldap_port() {
988	d672403c	derelict-pf	if ($('#ldap_urltype').find(":selected").index() == 2)
989	7b4b0ad3	Stephen Beaver	$('#ldap_port').val('636');
990	d672403c	derelict-pf	else
991			$('#ldap_port').val('389');
992	7b4b0ad3	Stephen Beaver	}
993
994	153c3aa6	Phil Davis	function set_required_port_fields() {
995			if (document.getElementById("radius_srvcs").value == 'auth') {
996			setRequired('radius_auth_port', true);
997			setRequired('radius_acct_port', false);
998			} else if (document.getElementById("radius_srvcs").value == 'acct') {
999			setRequired('radius_auth_port', false);
1000			setRequired('radius_acct_port', true);
1001			} else { // both
1002			setRequired('radius_auth_port', true);
1003			setRequired('radius_acct_port', true);
1004			}
1005			}
1006
1007	7b4b0ad3	Stephen Beaver	// Hides all elements of the specified class. This will usually be a section
1008			function hideClass(s_class, hide) {
1009	9d3e8723	Phil Davis	if (hide)
1010	7b4b0ad3	Stephen Beaver	$('.' + s_class).hide();
1011			else
1012			$('.' + s_class).show();
1013	f3a43095	Stephen Beaver	}
1014	7b4b0ad3	Stephen Beaver
1015	ac9d8bed	Stephen Beaver	function ldap_tmplchange() {
1016			switch ($('#ldap_tmpltype').find(":selected").index()) {
1017			<?php
1018			$index = 0;
1019			foreach ($ldap_templates as $tmpldata):
1020			?>
1021			case <?=$index;?>:
1022			$('#ldap_attr_user').val("<?=$tmpldata['attr_user'];?>");
1023			$('#ldap_attr_group').val("<?=$tmpldata['attr_group'];?>");
1024			$('#ldap_attr_member').val("<?=$tmpldata['attr_member'];?>");
1025	eeceb2ca	Augustin-FL	$("#ldap_allow_unauthenticated").attr("checked", <?=$tmpldata['allow_unauthenticated'];?>);
1026	ac9d8bed	Stephen Beaver	break;
1027			<?php
1028			$index++;
1029			endforeach;
1030			?>
1031			}
1032			}
1033	a0165602	Sjon Hortensius
1034	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
1035	782922c2	Stephen Beaver
1036	c4302457	Stephen Beaver	<?php if ($act != 'edit') : ?>
1037	ac9d8bed	Stephen Beaver	ldap_tmplchange();
1038	c4302457	Stephen Beaver	<?php endif; ?>
1039
1040	b0909f2e	Stephen Beaver	hideClass('ldapanon', $('#ldap_anon').prop('checked'));
1041	e39a41e9	Stephen Beaver	hideClass('extended', !$('#ldap_extended_enabled').prop('checked'));
1042	3f6151d7	Viktor G	hideClass('ldap_rfc2307_userdn', !$('#ldap_rfc2307').prop('checked'));
1043	153c3aa6	Phil Davis	set_required_port_fields();
1044	7b4b0ad3	Stephen Beaver
1045	9d3e8723	Phil Davis	if ($('#ldap_port').val() == "")
1046	f3a43095	Stephen Beaver	set_ldap_port();
1047	ac9d8bed	Stephen Beaver
1048	ea342b0f	Stephen Beaver	<?php
1049	9d3e8723	Phil Davis	if ($act == 'edit') {
1050	ea342b0f	Stephen Beaver	?>
1051	6157f724	Stephen Beaver	$('#type option:not(:selected)').each(function(){
1052	7b4b0ad3	Stephen Beaver	$(this).attr('disabled', 'disabled');
1053	6157f724	Stephen Beaver	});
1054	7b4b0ad3	Stephen Beaver
1055	2138c41b	Stephen Beaver	<?php
1056	57dc81ea	Viktor G	if (!$input_errors && !$dup) {
1057	7b4b0ad3	Stephen Beaver	?>
1058	6157f724	Stephen Beaver	$('#name').prop("readonly", true);
1059	ea342b0f	Stephen Beaver	<?php
1060	2138c41b	Stephen Beaver	}
1061	ea342b0f	Stephen Beaver	}
1062			?>
1063	eef93144	Jared Dillard	// ---------- Click checkbox handlers ---------------------------------------------------------
1064	782922c2	Stephen Beaver
1065	ac9d8bed	Stephen Beaver	$('#ldap_tmpltype').on('change', function() {
1066			ldap_tmplchange();
1067			});
1068	b0909f2e	Stephen Beaver
1069	7b4b0ad3	Stephen Beaver	$('#ldap_anon').click(function () {
1070			hideClass('ldapanon', this.checked);
1071			});
1072
1073	f3a43095	Stephen Beaver	$('#ldap_urltype').on('change', function() {
1074			set_ldap_port();
1075	7b4b0ad3	Stephen Beaver	});
1076
1077			$('#Select').click(function () {
1078			select_clicked();
1079			});
1080	504bd882	Stephen Beaver
1081	e39a41e9	Stephen Beaver	$('#ldap_extended_enabled').click(function () {
1082			hideClass('extended', !this.checked);
1083			});
1084	504bd882	Stephen Beaver
1085	3f6151d7	Viktor G	$('#ldap_rfc2307').click(function () {
1086			hideClass('ldap_rfc2307_userdn', !this.checked);
1087			});
1088
1089	153c3aa6	Phil Davis	$('#radius_srvcs').on('change', function() {
1090			set_required_port_fields();
1091			});
1092
1093	ac9d8bed	Stephen Beaver	});
1094			//]]>
1095			</script>
1096			<?php
1097	81ec3187	Chris Buechler	include("foot.inc");

Project

General

Profile

pfSense