/src/usr/local/www/system_authservers.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_authservers.php @ d0c6bc9a

1	fbf672cb	Matthew Grooms	<?php
2			/*
3	c5d81585	Renato Botelho	* system_authservers.php
4	ac9d8bed	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	8f585441	Luiz Souza	* Copyright (c) 2014-2021 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* Copyright (c) 2008 Shrew Soft Inc
10			* All rights reserved.
11	ac9d8bed	Stephen Beaver	*
12	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
13			* you may not use this file except in compliance with the License.
14			* You may obtain a copy of the License at
15	ac9d8bed	Stephen Beaver	*
16	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
17	ac9d8bed	Stephen Beaver	*
18	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
19			* distributed under the License is distributed on an "AS IS" BASIS,
20			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21			* See the License for the specific language governing permissions and
22			* limitations under the License.
23	ac9d8bed	Stephen Beaver	*/
24	fbf672cb	Matthew Grooms
25			##\|+PRIV
26			##\|*IDENT=page-system-authservers
27			##\|*NAME=System: Authentication Servers
28			##\|*DESCR=Allow access to the 'System: Authentication Servers' page.
29	57188e47	Phil Davis	##\|*WARN=standard-warning-root
30	fbf672cb	Matthew Grooms	##\|MATCH=system_authservers.php
31			##\|-PRIV
32
33	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
34	acee624f	Ermal Lu?i	require_once("auth.inc");
35	b4097bca	doktornotor	require_once("pfsense-utils.inc");
36	fbf672cb	Matthew Grooms
37	098604d3	Stephen Beaver	// Have we been called to populate the "Select a container" modal?
38			if ($_REQUEST['ajax']) {
39
40			$ous = array();
41			$authcfg = array();
42
43			$authcfg['ldap_port'] = $_REQUEST['port'];
44			$authcfg['ldap_basedn'] = $_REQUEST['basedn'];
45			$authcfg['host'] = $_REQUEST['host'];
46			$authcfg['ldap_scope'] = $_REQUEST['scope'];
47			$authcfg['ldap_binddn'] = $_REQUEST['binddn'];
48			$authcfg['ldap_bindpw'] = $_REQUEST['bindpw'];
49			$authcfg['ldap_urltype'] = $_REQUEST['urltype'];
50			$authcfg['ldap_protver'] = $_REQUEST['proto'];
51			$authcfg['ldap_authcn'] = explode(";", $_REQUEST['authcn']);
52			$authcfg['ldap_caref'] = $_REQUEST['cert'];
53
54			$ous = ldap_get_user_ous(true, $authcfg);
55
56			if (empty($ous)) {
57	89140b63	NOYB	print('<span class="text-danger">Could not connect to the LDAP server. Please check the LDAP configuration.</span>');
58	098604d3	Stephen Beaver	} else {
59	697b1e07	Stephen Beaver	$modal = new Modal("Select LDAP containers for authentication", "containers", true);
60	098604d3	Stephen Beaver	$group = new Form_MultiCheckboxGroup('Containers');
61
62			if (is_array($ous)) {
63			$idx = 0;
64
65			foreach ($ous as $ou) {
66			$group->add(new Form_MultiCheckbox(
67			'ou' . $idx,
68			'',
69			$ou,
70			in_array($ou, $authcfg['ldap_authcn']),
71			$ou
72			));
73
74			$idx++;
75			}
76			}
77
78	697b1e07	Stephen Beaver	$modal->add($group);
79	098604d3	Stephen Beaver
80			// Create a "Save button"
81	697b1e07	Stephen Beaver
82			$btnsv = new Form_Button(
83	098604d3	Stephen Beaver	'svcontbtn',
84			'Save',
85			null,
86			'fa-save'
87			);
88
89	697b1e07	Stephen Beaver	$btnsv->removeClass("btn-default)")->addClass("btn-primary");
90	098604d3	Stephen Beaver
91	697b1e07	Stephen Beaver	$modal->addInput(new Form_StaticText(
92	098604d3	Stephen Beaver	'',
93	697b1e07	Stephen Beaver	$btnsv
94	098604d3	Stephen Beaver	));
95
96	697b1e07	Stephen Beaver	print($modal);
97	098604d3	Stephen Beaver	}
98
99			exit;
100			}
101
102	4611e283	Steve Beaver	$id = $_REQUEST['id'];
103	fbf672cb	Matthew Grooms
104	2ee8dea1	Phil Davis	if (!is_array($config['system']['authserver'])) {
105	fbf672cb	Matthew Grooms	$config['system']['authserver'] = array();
106	2ee8dea1	Phil Davis	}
107	fbf672cb	Matthew Grooms
108	4e4cac0d	jim-p	$a_server = array_values(auth_get_authserver_list());
109	59d06739	Steve Beaver
110	c6c398c6	jim-p	init_config_arr(array('ca'));
111			$a_ca = &$config['ca'];
112	fe2031ab	Ermal
113	4611e283	Steve Beaver	$act = $_REQUEST['act'];
114	fbf672cb	Matthew Grooms
115	57dc81ea	Viktor G	if ($act == 'dup') {
116			$dup = true;
117			$act = 'edit';
118			}
119
120	4611e283	Steve Beaver	if ($_POST['act'] == "del") {
121	fbf672cb	Matthew Grooms
122	59d06739	Steve Beaver	if (!$a_server[$_POST['id']]) {
123	fbf672cb	Matthew Grooms	pfSenseHeader("system_authservers.php");
124			exit;
125			}
126
127	9db6993f	jim-p	/* Remove server from main list. */
128	59d06739	Steve Beaver	$serverdeleted = $a_server[$_POST['id']]['name'];
129	9db6993f	jim-p	foreach ($config['system']['authserver'] as $k => $as) {
130	2ee8dea1	Phil Davis	if ($config['system']['authserver'][$k]['name'] == $serverdeleted) {
131	9db6993f	jim-p	unset($config['system']['authserver'][$k]);
132	2ee8dea1	Phil Davis	}
133	9db6993f	jim-p	}
134
135			/* Remove server from temp list used later on this page. */
136	59d06739	Steve Beaver	unset($a_server[$_POST['id']]);
137	4e4cac0d	jim-p	$a_server = array_values($a_server);
138	9db6993f	jim-p
139	8545adde	k-paulius	$savemsg = sprintf(gettext("Authentication Server %s deleted."), htmlspecialchars($serverdeleted));
140	9db6993f	jim-p	write_config($savemsg);
141	fbf672cb	Matthew Grooms	}
142
143			if ($act == "edit") {
144			if (isset($id) && $a_server[$id]) {
145
146			$pconfig['type'] = $a_server[$id]['type'];
147	57dc81ea	Viktor G	if (!$dup) {
148			$pconfig['name'] = $a_server[$id]['name'];
149			}
150	fbf672cb	Matthew Grooms
151			if ($pconfig['type'] == "ldap") {
152	fe2031ab	Ermal	$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
153	fbf672cb	Matthew Grooms	$pconfig['ldap_host'] = $a_server[$id]['host'];
154			$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
155	d6b4dfe3	jim-p	$pconfig['ldap_timeout'] = $a_server[$id]['ldap_timeout'];
156	fbf672cb	Matthew Grooms	$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
157			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
158			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
159			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
160	c61e4626	Ermal Lu?i	$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
161	c7073ebf	namezero111111	$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
162			$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
163	fbf672cb	Matthew Grooms	$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
164			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
165			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
166			$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
167			$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
168	149efbea	jim-p	$pconfig['ldap_attr_groupobj'] = $a_server[$id]['ldap_attr_groupobj'];
169	ca8459cd	Viktor G	$pconfig['ldap_pam_groupdn'] = $a_server[$id]['ldap_pam_groupdn'];
170	a5cd1c5a	jim-p	$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
171			$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
172	eeceb2ca	Augustin-FL	$pconfig['ldap_allow_unauthenticated'] = isset($a_server[$id]['ldap_allow_unauthenticated']);
173	149efbea	jim-p	$pconfig['ldap_rfc2307'] = isset($a_server[$id]['ldap_rfc2307']);
174	3f6151d7	Viktor G	$pconfig['ldap_rfc2307_userdn'] = isset($a_server[$id]['ldap_rfc2307_userdn']);
175	fbf672cb	Matthew Grooms
176	2ee8dea1	Phil Davis	if (!$pconfig['ldap_binddn'] \|\| !$pconfig['ldap_bindpw']) {
177	fbf672cb	Matthew Grooms	$pconfig['ldap_anon'] = true;
178	2ee8dea1	Phil Davis	}
179	fbf672cb	Matthew Grooms	}
180
181			if ($pconfig['type'] == "radius") {
182	9da4a575	Renato Botelho	$pconfig['radius_protocol'] = $a_server[$id]['radius_protocol'];
183	fbf672cb	Matthew Grooms	$pconfig['radius_host'] = $a_server[$id]['host'];
184	f15fdef3	Augustin FL	$pconfig['radius_nasip_attribute'] = $a_server[$id]['radius_nasip_attribute'];
185	fbf672cb	Matthew Grooms	$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
186			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
187	e8a58de4	Ermal Lu?i	$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
188	bddd2be8	jim-p	$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
189	fbf672cb	Matthew Grooms
190			if ($pconfig['radius_auth_port'] &&
191	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
192	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "both";
193			}
194
195	2ee8dea1	Phil Davis	if ($pconfig['radius_auth_port'] &&
196	ac9d8bed	Stephen Beaver	!$pconfig['radius_acct_port']) {
197	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "auth";
198	acee624f	Ermal Lu?i	$pconfig['radius_acct_port'] = 1813;
199	fbf672cb	Matthew Grooms	}
200
201			if (!$pconfig['radius_auth_port'] &&
202	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
203	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "acct";
204	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = 1812;
205	fbf672cb	Matthew Grooms	}
206
207			}
208			}
209			}
210
211			if ($act == "new") {
212			$pconfig['ldap_protver'] = 3;
213			$pconfig['ldap_anon'] = true;
214	9da4a575	Renato Botelho	$pconfig['radius_protocol'] = "MSCHAPv2";
215	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "both";
216	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = "1812";
217			$pconfig['radius_acct_port'] = "1813";
218	fbf672cb	Matthew Grooms	}
219
220	57dc81ea	Viktor G	if ($dup) {
221			unset($id);
222			}
223
224	59d06739	Steve Beaver	if ($_POST['save']) {
225	fbf672cb	Matthew Grooms	unset($input_errors);
226			$pconfig = $_POST;
227
228			/* input validation */
229
230			if ($pconfig['type'] == "ldap") {
231	2ee8dea1	Phil Davis	$reqdfields = explode(" ",
232			"name type ldap_host ldap_port " .
233			"ldap_urltype ldap_protver ldap_scope " .
234			"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
235	7b4b0ad3	Stephen Beaver
236	257705ca	Renato Botelho	$reqdfieldsn = array(
237			gettext("Descriptive name"),
238			gettext("Type"),
239			gettext("Hostname or IP"),
240			gettext("Port value"),
241			gettext("Transport"),
242			gettext("Protocol version"),
243			gettext("Search level"),
244			gettext("User naming Attribute"),
245			gettext("Group naming Attribute"),
246			gettext("Group member attribute"),
247			gettext("Authentication container"));
248	fbf672cb	Matthew Grooms
249			if (!$pconfig['ldap_anon']) {
250			$reqdfields[] = "ldap_binddn";
251			$reqdfields[] = "ldap_bindpw";
252	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Bind user DN");
253			$reqdfieldsn[] = gettext("Bind Password");
254	fbf672cb	Matthew Grooms	}
255			}
256
257			if ($pconfig['type'] == "radius") {
258	9da4a575	Renato Botelho	$reqdfields = explode(" ", "name type radius_protocol radius_host radius_srvcs");
259	257705ca	Renato Botelho	$reqdfieldsn = array(
260			gettext("Descriptive name"),
261			gettext("Type"),
262	9da4a575	Renato Botelho	gettext("Radius Protocol"),
263	257705ca	Renato Botelho	gettext("Hostname or IP"),
264			gettext("Services"));
265	fbf672cb	Matthew Grooms
266	0a6ab475	hamnur	if ($pconfig['radius_srvcs'] == "both" \|\|
267			$pconfig['radius_srvcs'] == "auth") {
268	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_auth_port";
269	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Authentication port");
270	fbf672cb	Matthew Grooms	}
271
272	0a6ab475	hamnur	if ($pconfig['radius_srvcs'] == "both" \|\|
273			$pconfig['radius_srvcs'] == "acct") {
274	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_acct_port";
275	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Accounting port");
276	fbf672cb	Matthew Grooms	}
277
278			if (!isset($id)) {
279			$reqdfields[] = "radius_secret";
280	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Shared Secret");
281	fbf672cb	Matthew Grooms	}
282			}
283
284	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
285	fbf672cb	Matthew Grooms
286	2ee8dea1	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host'])) {
287	fbf672cb	Matthew Grooms	$input_errors[] = gettext("The host name contains invalid characters.");
288	2ee8dea1	Phil Davis	}
289	fbf672cb	Matthew Grooms
290	2ee8dea1	Phil Davis	if (auth_get_authserver($pconfig['name']) && !isset($id)) {
291	257705ca	Renato Botelho	$input_errors[] = gettext("An authentication server with the same name already exists.");
292	2ee8dea1	Phil Davis	}
293	acee624f	Ermal Lu?i
294	24c4275d	jim-p	if (isset($id) && $config['system']['authserver'][$id] &&
295			($config['system']['authserver'][$id]['name'] != $pconfig['name'])) {
296			$input_errors[] = gettext("The name of an authentication server cannot be changed.");
297			}
298
299	d6b4dfe3	jim-p	if (($pconfig['type'] == "ldap") \|\| ($pconfig['type'] == "radius")) {
300			$to_field = "{$pconfig['type']}_timeout";
301			if (isset($_POST[$to_field]) && !empty($_POST[$to_field]) && (!is_numeric($_POST[$to_field]) \|\| (is_numeric($_POST[$to_field]) && ($_POST[$to_field] <= 0)))) {
302			$input_errors[] = sprintf(gettext("%s Timeout value must be numeric and positive."), strtoupper($pconfig['type']));
303			}
304	2ee8dea1	Phil Davis	}
305	bddd2be8	jim-p
306	ca8459cd	Viktor G	if (($pconfig['type'] == 'ldap') && isset($config['system']['webgui']['shellauth']) &&
307			($config['system']['webgui']['authmode'] == $pconfig['name']) && empty($pconfig['ldap_pam_groupdn'])) {
308			$input_errors[] = gettext("Shell Authentication Group DN must be specified if " .
309			"Shell Authentication is enabled for appliance.");
310			}
311
312	c4a6015b	doktornotor	// https://redmine.pfsense.org/issues/4154
313	a6b610cb	doktornotor	if ($pconfig['type'] == "radius") {
314	c4a6015b	doktornotor	if (is_ipaddrv6($_POST['radius_host'])) {
315			$input_errors[] = gettext("IPv6 does not work for RADIUS authentication, see Bug #4154.");
316			}
317			}
318
319	fbf672cb	Matthew Grooms	if (!$input_errors) {
320			$server = array();
321			$server['refid'] = uniqid();
322	2ee8dea1	Phil Davis	if (isset($id) && $a_server[$id]) {
323	fbf672cb	Matthew Grooms	$server = $a_server[$id];
324	2ee8dea1	Phil Davis	}
325	fbf672cb	Matthew Grooms
326			$server['type'] = $pconfig['type'];
327			$server['name'] = $pconfig['name'];
328
329			if ($server['type'] == "ldap") {
330
331	2ee8dea1	Phil Davis	if (!empty($pconfig['ldap_caref'])) {
332	fe2031ab	Ermal	$server['ldap_caref'] = $pconfig['ldap_caref'];
333	2ee8dea1	Phil Davis	}
334	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['ldap_host'];
335			$server['ldap_port'] = $pconfig['ldap_port'];
336			$server['ldap_urltype'] = $pconfig['ldap_urltype'];
337			$server['ldap_protver'] = $pconfig['ldap_protver'];
338			$server['ldap_scope'] = $pconfig['ldap_scope'];
339			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
340	c61e4626	Ermal Lu?i	$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
341	c7073ebf	namezero111111	$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
342			$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
343	fbf672cb	Matthew Grooms	$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
344			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
345			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
346	149efbea	jim-p
347			$server['ldap_attr_groupobj'] = empty($pconfig['ldap_attr_groupobj']) ? "posixGroup" : $pconfig['ldap_attr_groupobj'];
348	ca8459cd	Viktor G	$server['ldap_pam_groupdn'] = $pconfig['ldap_pam_groupdn'];
349	149efbea	jim-p
350	2ee8dea1	Phil Davis	if ($pconfig['ldap_utf8'] == "yes") {
351	a5cd1c5a	jim-p	$server['ldap_utf8'] = true;
352	2ee8dea1	Phil Davis	} else {
353	a5cd1c5a	jim-p	unset($server['ldap_utf8']);
354	2ee8dea1	Phil Davis	}
355			if ($pconfig['ldap_nostrip_at'] == "yes") {
356	a5cd1c5a	jim-p	$server['ldap_nostrip_at'] = true;
357	2ee8dea1	Phil Davis	} else {
358	a5cd1c5a	jim-p	unset($server['ldap_nostrip_at']);
359	2ee8dea1	Phil Davis	}
360	eeceb2ca	Augustin-FL	if ($pconfig['ldap_allow_unauthenticated'] == "yes") {
361			$server['ldap_allow_unauthenticated'] = true;
362			} else {
363			unset($server['ldap_allow_unauthenticated']);
364			}
365	149efbea	jim-p	if ($pconfig['ldap_rfc2307'] == "yes") {
366			$server['ldap_rfc2307'] = true;
367			} else {
368			unset($server['ldap_rfc2307']);
369			}
370	3f6151d7	Viktor G	if ($pconfig['ldap_rfc2307_userdn'] == "yes") {
371			$server['ldap_rfc2307_userdn'] = true;
372			} else {
373			unset($server['ldap_rfc2307_userdn']);
374			}
375	a5cd1c5a	jim-p
376	fbf672cb	Matthew Grooms
377			if (!$pconfig['ldap_anon']) {
378			$server['ldap_binddn'] = $pconfig['ldap_binddn'];
379			$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
380			} else {
381			unset($server['ldap_binddn']);
382			unset($server['ldap_bindpw']);
383			}
384	d6b4dfe3	jim-p
385			if ($pconfig['ldap_timeout']) {
386			$server['ldap_timeout'] = $pconfig['ldap_timeout'];
387			} else {
388			$server['ldap_timeout'] = 25;
389			}
390	fbf672cb	Matthew Grooms	}
391
392			if ($server['type'] == "radius") {
393
394	9da4a575	Renato Botelho	$server['radius_protocol'] = $pconfig['radius_protocol'];
395	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['radius_host'];
396	f15fdef3	Augustin FL	$server['radius_nasip_attribute'] = $pconfig['radius_nasip_attribute'];
397	fbf672cb	Matthew Grooms
398	2ee8dea1	Phil Davis	if ($pconfig['radius_secret']) {
399	fbf672cb	Matthew Grooms	$server['radius_secret'] = $pconfig['radius_secret'];
400	2ee8dea1	Phil Davis	}
401	fbf672cb	Matthew Grooms
402	2ee8dea1	Phil Davis	if ($pconfig['radius_timeout']) {
403	bddd2be8	jim-p	$server['radius_timeout'] = $pconfig['radius_timeout'];
404	2ee8dea1	Phil Davis	} else {
405	afdf29d3	jim-p	$server['radius_timeout'] = 5;
406	2ee8dea1	Phil Davis	}
407	bddd2be8	jim-p
408	fbf672cb	Matthew Grooms	if ($pconfig['radius_srvcs'] == "both") {
409			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
410			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
411			}
412
413			if ($pconfig['radius_srvcs'] == "auth") {
414			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
415			unset($server['radius_acct_port']);
416			}
417
418			if ($pconfig['radius_srvcs'] == "acct") {
419			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
420			unset($server['radius_auth_port']);
421			}
422			}
423
424	2ee8dea1	Phil Davis	if (isset($id) && $config['system']['authserver'][$id]) {
425	6306b5dd	Ermal Lu?i	$config['system']['authserver'][$id] = $server;
426	2ee8dea1	Phil Davis	} else {
427	6306b5dd	Ermal Lu?i	$config['system']['authserver'][] = $server;
428	2ee8dea1	Phil Davis	}
429	fbf672cb	Matthew Grooms
430	ca8459cd	Viktor G	if (isset($config['system']['webgui']['shellauth']) &&
431			($config['system']['webgui']['authmode'] == $pconfig['name'])) {
432			set_pam_auth();
433			}
434
435	e85ae672	Renato Botelho do Couto	write_config("Authentication Servers settings saved");
436	fbf672cb	Matthew Grooms
437			pfSenseHeader("system_authservers.php");
438			}
439			}
440
441	f15fdef3	Augustin FL	function build_radiusnas_list() {
442			global $config;
443			$list = array();
444
445			$iflist = get_configured_interface_with_descr();
446			foreach ($iflist as $ifdesc => $ifdescr) {
447			$ipaddr = get_interface_ip($ifdesc);
448			if (is_ipaddr($ipaddr)) {
449			$list[$ifdesc] = $ifdescr . ' - ' . $ipaddr;
450			}
451			}
452
453			if (is_array($config['virtualip']['vip'])) {
454			foreach ($config['virtualip']['vip'] as $sn) {
455			if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
456			$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
457			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
458			$len = $end - $start;
459
460			for ($i = 0; $i <= $len; $i++) {
461			$snip = long2ip32($start+$i);
462			$list[$snip] = $sn['descr'] . ' - ' . $snip;
463			}
464			} else {
465			$list[$sn['subnet']] = $sn['descr'] . ' - ' . $sn['subnet'];
466			}
467			}
468			}
469
470			return($list);
471			}
472
473	1d3259b5	Stephen Beaver	// On error, restore the form contents so the user doesn't have to re-enter too much
474	9d3e8723	Phil Davis	if ($_POST && $input_errors) {
475	504bd882	Stephen Beaver	$pconfig = $_POST;
476			$pconfig['ldap_authcn'] = $_POST['ldapauthcontainers'];
477	b1f0f7e1	Stephen Beaver	$pconfig['ldap_template'] = $_POST['ldap_tmpltype'];
478	504bd882	Stephen Beaver	}
479
480	8f1ab2a4	k-paulius	$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Authentication Servers"));
481	edcd7535	Phil Davis	$pglinks = array("", "system_usermanager.php", "system_authservers.php");
482	8f1ab2a4	k-paulius
483			if ($act == "new" \|\| $act == "edit" \|\| $input_errors) {
484			$pgtitle[] = gettext('Edit');
485	edcd7535	Phil Davis	$pglinks[] = "@self";
486	8f1ab2a4	k-paulius	}
487			$shortcut_section = "authentication";
488	fbf672cb	Matthew Grooms	include("head.inc");
489
490	762faef5	Phil Davis	if ($input_errors) {
491	a0165602	Sjon Hortensius	print_input_errors($input_errors);
492	762faef5	Phil Davis	}
493	7b4b0ad3	Stephen Beaver
494	762faef5	Phil Davis	if ($savemsg) {
495	ea342b0f	Stephen Beaver	print_info_box($savemsg, 'success');
496	762faef5	Phil Davis	}
497	a0165602	Sjon Hortensius
498			$tab_array = array();
499	451b6419	Augustin-FL	if (!isAllowedPage("system_usermanager.php")) {
500	f94e5cc6	Augustin-FL	$tab_array[] = array(gettext("User Password"), false, "system_usermanager_passwordmg.php");
501			} else {
502			$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
503			}
504	a0165602	Sjon Hortensius	$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
505			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
506	2d1f33d9	k-paulius	$tab_array[] = array(gettext("Authentication Servers"), true, "system_authservers.php");
507	a0165602	Sjon Hortensius	display_top_tabs($tab_array);
508
509	762faef5	Phil Davis	if (!($act == "new" \|\| $act == "edit" \|\| $input_errors)) {
510	060ed238	Stephen Beaver	?>
511			<div class="panel panel-default">
512	70dc5cd6	Phil Davis	<div class="panel-heading"><h2 class="panel-title"><?=gettext('Authentication Servers')?></h2></div>
513	060ed238	Stephen Beaver	<div class="panel-body">
514			<div class="table-responsive">
515	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
516	060ed238	Stephen Beaver	<thead>
517			<tr>
518			<th><?=gettext("Server Name")?></th>
519			<th><?=gettext("Type")?></th>
520			<th><?=gettext("Host Name")?></th>
521			<th><?=gettext("Actions")?></th>
522			</tr>
523			</thead>
524			<tbody>
525	9d3e8723	Phil Davis	<?php foreach ($a_server as $i => $server): ?>
526	060ed238	Stephen Beaver	<tr>
527			<td><?=htmlspecialchars($server['name'])?></td>
528			<td><?=htmlspecialchars($auth_server_types[$server['type']])?></td>
529			<td><?=htmlspecialchars($server['host'])?></td>
530			<td>
531			<?php if ($i < (count($a_server) - 1)): ?>
532	4611e283	Steve Beaver	<a class="fa fa-pencil" title="<?=gettext("Edit server"); ?>" href="system_authservers.php?act=edit&id=<?=$i?>"></a>
533	57dc81ea	Viktor G	<a class="fa fa-clone" title="<?=gettext("Copy server"); ?>" href="system_authservers.php?act=dup&id=<?=$i?>"></a>
534	59d06739	Steve Beaver	<a class="fa fa-trash" title="<?=gettext("Delete server")?>" href="system_authservers.php?act=del&id=<?=$i?>" usepost></a>
535	060ed238	Stephen Beaver	<?php endif?>
536			</td>
537			</tr>
538			<?php endforeach; ?>
539			</tbody>
540			</table>
541			</div>
542	94404d94	Sander van Leeuwen	</div>
543	060ed238	Stephen Beaver	</div>
544
545			<nav class="action-buttons">
546	4611e283	Steve Beaver	<a href="?act=new" class="btn btn-success btn-sm">
547	060ed238	Stephen Beaver	<i class="fa fa-plus icon-embed-btn"></i>
548			<?=gettext("Add")?>
549			</a>
550			</nav>
551	fbf672cb	Matthew Grooms	<?php
552	a0165602	Sjon Hortensius	include("foot.inc");
553			exit;
554	fbf672cb	Matthew Grooms	}
555
556	a0165602	Sjon Hortensius	$form = new Form;
557			$form->setAction('system_authservers.php?act=edit');
558	ea342b0f	Stephen Beaver
559	a0165602	Sjon Hortensius	$form->addGlobal(new Form_Input(
560			'userid',
561			null,
562			'hidden',
563			$id
564			));
565
566	5f88f964	k-paulius	$section = new Form_Section('Server Settings');
567	a0165602	Sjon Hortensius
568			$section->addInput($input = new Form_Input(
569			'name',
570	153c3aa6	Phil Davis	'*Descriptive name',
571	a0165602	Sjon Hortensius	'text',
572			$pconfig['name']
573			));
574
575			$section->addInput($input = new Form_Select(
576			'type',
577	153c3aa6	Phil Davis	'*Type',
578	a0165602	Sjon Hortensius	$pconfig['type'],
579			$auth_server_types
580	44d906ca	Sjon Hortensius	))->toggles();
581	a0165602	Sjon Hortensius
582			$form->add($section);
583	6157f724	Stephen Beaver
584			// ==== LDAP settings =========================================================
585	a0165602	Sjon Hortensius	$section = new Form_Section('LDAP Server Settings');
586	44d906ca	Sjon Hortensius	$section->addClass('toggle-ldap collapse');
587	a0165602	Sjon Hortensius
588			if (!isset($pconfig['type']) \|\| $pconfig['type'] == 'ldap')
589			$section->addClass('in');
590
591			$section->addInput(new Form_Input(
592			'ldap_host',
593	153c3aa6	Phil Davis	'*Hostname or IP address',
594	a0165602	Sjon Hortensius	'text',
595			$pconfig['ldap_host']
596	f764f63a	jim-p	))->setHelp('NOTE: When using SSL/TLS or STARTTLS, this hostname MUST match a Subject '.
597			'Alternative Name (SAN) or the Common Name (CN) of the LDAP server SSL/TLS Certificate.');
598	a0165602	Sjon Hortensius
599			$section->addInput(new Form_Input(
600			'ldap_port',
601	153c3aa6	Phil Davis	'*Port value',
602	a0165602	Sjon Hortensius	'number',
603			$pconfig['ldap_port']
604			));
605
606			$section->addInput(new Form_Select(
607			'ldap_urltype',
608	153c3aa6	Phil Davis	'*Transport',
609	a0165602	Sjon Hortensius	$pconfig['ldap_urltype'],
610			array_combine(array_keys($ldap_urltypes), array_keys($ldap_urltypes))
611			));
612
613			if (empty($a_ca))
614			{
615			$section->addInput(new Form_StaticText(
616			'Peer Certificate Authority',
617	d4a744b2	k-paulius	'No Certificate Authorities defined.<br/>Create one under <a href="system_camanager.php">System > Cert. Manager</a>.'
618	a0165602	Sjon Hortensius	));
619	fbf672cb	Matthew Grooms	}
620	a0165602	Sjon Hortensius	else
621			{
622	87c67243	jim-p	$ldapCaRef = array( 'global' => 'Global Root CA List' );
623	a0165602	Sjon Hortensius	foreach ($a_ca as $ca)
624			$ldapCaRef[ $ca['refid'] ] = $ca['descr'];
625
626			$section->addInput(new Form_Select(
627			'ldap_caref',
628			'Peer Certificate Authority',
629			$pconfig['ldap_caref'],
630			$ldapCaRef
631	f764f63a	jim-p	))->setHelp('This CA is used to validate the LDAP server certificate when '.
632			'\'SSL/TLS Encrypted\' or \'STARTTLS Encrypted\' Transport is active. '.
633			'This CA must match the CA used by the LDAP server.');
634	fbf672cb	Matthew Grooms	}
635
636	a0165602	Sjon Hortensius	$section->addInput(new Form_Select(
637			'ldap_protver',
638	153c3aa6	Phil Davis	'*Protocol version',
639	a0165602	Sjon Hortensius	$pconfig['ldap_protver'],
640			array_combine($ldap_protvers, $ldap_protvers)
641			));
642
643	d6b4dfe3	jim-p	$section->addInput(new Form_Input(
644			'ldap_timeout',
645			'Server Timeout',
646			'number',
647			$pconfig['ldap_timeout'],
648			['placeholder' => 25]
649			))->setHelp('Timeout for LDAP operations (seconds)');
650
651	905f6119	Stephen Beaver	$group = new Form_Group('Search scope');
652
653	c84db5bb	Stephen Beaver	$SSF = new Form_Select(
654	a0165602	Sjon Hortensius	'ldap_scope',
655	153c3aa6	Phil Davis	'*Level',
656	a0165602	Sjon Hortensius	$pconfig['ldap_scope'],
657			$ldap_scopes
658	c84db5bb	Stephen Beaver	);
659	df8fca9d	Stephen Beaver
660	c84db5bb	Stephen Beaver	$SSB = new Form_Input(
661	a0165602	Sjon Hortensius	'ldap_basedn',
662			'Base DN',
663			'text',
664			$pconfig['ldap_basedn']
665	c84db5bb	Stephen Beaver	);
666	905f6119	Stephen Beaver
667	c84db5bb	Stephen Beaver
668			$section->addInput(new Form_StaticText(
669			'Search scope',
670			'Level ' . $SSF . '<br />' . 'Base DN' . $SSB
671			));
672	a0165602	Sjon Hortensius
673	5520839e	Phil Davis	$group = new Form_Group('*Authentication containers');
674	a0165602	Sjon Hortensius	$group->add(new Form_Input(
675			'ldapauthcontainers',
676	5520839e	Phil Davis	'Containers',
677	a0165602	Sjon Hortensius	'text',
678			$pconfig['ldap_authcn']
679			))->setHelp('Note: Semi-Colon separated. This will be prepended to the search '.
680	89140b63	NOYB	'base dn above or the full container path can be specified containing a dc= '.
681	781d9ce4	Phil Davis	'component.%1$sExample: CN=Users;DC=example,DC=com or OU=Staff;OU=Freelancers', '<br/>');
682	504bd882	Stephen Beaver
683	a0165602	Sjon Hortensius	$group->add(new Form_Button(
684			'Select',
685	faab522f	Renato Botelho	'Select a container',
686	2e7fa7ca	jim-p	null,
687			'fa-search'
688	347c0214	Phil Davis	))->setAttribute('type','button')->addClass('btn-info');
689	501efbd2	Stephen Beaver
690	a0165602	Sjon Hortensius	$section->add($group);
691
692	2e101d89	Sander van Leeuwen	$section->addInput(new Form_Checkbox(
693	a0165602	Sjon Hortensius	'ldap_extended_enabled',
694	2e101d89	Sander van Leeuwen	'Extended query',
695			'Enable extended query',
696	a0165602	Sjon Hortensius	$pconfig['ldap_extended_enabled']
697	e39a41e9	Stephen Beaver	));
698	a0165602	Sjon Hortensius
699	2e101d89	Sander van Leeuwen	$group = new Form_Group('Query');
700	e39a41e9	Stephen Beaver	$group->addClass('extended');
701
702	a0165602	Sjon Hortensius	$group->add(new Form_Input(
703			'ldap_extended_query',
704	2e101d89	Sander van Leeuwen	'Query',
705	a0165602	Sjon Hortensius	'text',
706			$pconfig['ldap_extended_query']
707	0a9163aa	Steve Powers	))->setHelp('Example (MSAD): memberOf=CN=Groupname,OU=MyGroups,DC=example,DC=com<br>Example (2307): \|(&(objectClass=posixGroup)(cn=Groupname)(memberUid=))(&(objectClass=posixGroup)(cn=anotherGroup)(memberUid=))');
708	2e101d89	Sander van Leeuwen
709	a0165602	Sjon Hortensius	$section->add($group);
710
711			$section->addInput(new Form_Checkbox(
712			'ldap_anon',
713			'Bind anonymous',
714			'Use anonymous binds to resolve distinguished names',
715			$pconfig['ldap_anon']
716	b0909f2e	Stephen Beaver	));
717	a0165602	Sjon Hortensius
718	153c3aa6	Phil Davis	$group = new Form_Group('*Bind credentials');
719	b0909f2e	Stephen Beaver	$group->addClass('ldapanon');
720
721	a0165602	Sjon Hortensius	$group->add(new Form_Input(
722			'ldap_binddn',
723			'User DN:',
724			'text',
725			$pconfig['ldap_binddn']
726			));
727	b0909f2e	Stephen Beaver
728	a0165602	Sjon Hortensius	$group->add(new Form_Input(
729			'ldap_bindpw',
730			'Password',
731	1c1f08f9	Stephen Beaver	'password',
732	a0165602	Sjon Hortensius	$pconfig['ldap_bindpw']
733			));
734			$section->add($group);
735
736	ac9d8bed	Stephen Beaver	if (!isset($id)) {
737			$template_list = array();
738
739	9d3e8723	Phil Davis	foreach ($ldap_templates as $option => $template) {
740	ac9d8bed	Stephen Beaver	$template_list[$option] = $template['desc'];
741			}
742	a0165602	Sjon Hortensius
743			$section->addInput(new Form_Select(
744			'ldap_tmpltype',
745			'Initial Template',
746			$pconfig['ldap_template'],
747	ac9d8bed	Stephen Beaver	$template_list
748	a0165602	Sjon Hortensius	));
749	fbf672cb	Matthew Grooms	}
750
751	a0165602	Sjon Hortensius	$section->addInput(new Form_Input(
752			'ldap_attr_user',
753	153c3aa6	Phil Davis	'*User naming attribute',
754	a0165602	Sjon Hortensius	'text',
755			$pconfig['ldap_attr_user']
756			));
757
758			$section->addInput(new Form_Input(
759			'ldap_attr_group',
760	153c3aa6	Phil Davis	'*Group naming attribute',
761	a0165602	Sjon Hortensius	'text',
762			$pconfig['ldap_attr_group']
763			));
764
765			$section->addInput(new Form_Input(
766			'ldap_attr_member',
767	153c3aa6	Phil Davis	'*Group member attribute',
768	a0165602	Sjon Hortensius	'text',
769			$pconfig['ldap_attr_member']
770			));
771
772	149efbea	jim-p	$section->addInput(new Form_Checkbox(
773			'ldap_rfc2307',
774			'RFC 2307 Groups',
775			'LDAP Server uses RFC 2307 style group membership',
776			$pconfig['ldap_rfc2307']
777			))->setHelp('RFC 2307 style group membership has members listed on the group '.
778			'object rather than using groups listed on user object. Leave unchecked '.
779			'for Active Directory style group membership (RFC 2307bis).');
780
781	3f6151d7	Viktor G	$group = new Form_Group('RFC 2307 User DN');
782			$group->addClass('ldap_rfc2307_userdn');
783
784			$group->add(new Form_Checkbox(
785			'ldap_rfc2307_userdn',
786			'RFC 2307 user DN',
787			'RFC 2307 Use DN for username search.',
788			$pconfig['ldap_rfc2307_userdn']
789			))->setHelp('Use DN for username search, i.e. "(member=CN=Username,CN=Users,DC=example,DC=com)".');
790
791			$section->add($group);
792
793	149efbea	jim-p	$section->addInput(new Form_Input(
794			'ldap_attr_groupobj',
795			'Group Object Class',
796			'text',
797			$pconfig['ldap_attr_groupobj'],
798			['placeholder' => 'posixGroup']
799			))->setHelp('Object class used for groups in RFC2307 mode. '.
800			'Typically "posixGroup" or "group".');
801
802	ca8459cd	Viktor G	$section->addInput(new Form_Input(
803			'ldap_pam_groupdn',
804			'Shell Authentication Group DN',
805			'text',
806			$pconfig['ldap_pam_groupdn']
807			))->setHelp('If LDAP server is used for shell authentication, user must be a member ' .
808			'of this group and have a valid posixAccount attributes to be able to login.%s Example: CN=Remoteshellusers,CN=Users,DC=example,DC=com',
809			'<br/>');
810
811	a0165602	Sjon Hortensius	$section->addInput(new Form_Checkbox(
812			'ldap_utf8',
813			'UTF8 Encode',
814			'UTF8 encode LDAP parameters before sending them to the server.',
815			$pconfig['ldap_utf8']
816			))->setHelp('Required to support international characters, but may not be '.
817			'supported by every LDAP server.');
818
819			$section->addInput(new Form_Checkbox(
820			'ldap_nostrip_at',
821			'Username Alterations',
822			'Do not strip away parts of the username after the @ symbol',
823			$pconfig['ldap_nostrip_at']
824			))->setHelp('e.g. user@host becomes user when unchecked.');
825
826	eeceb2ca	Augustin-FL	$section->addInput(new Form_Checkbox(
827			'ldap_allow_unauthenticated',
828			'Allow unauthenticated bind',
829			'Allow unauthenticated bind',
830	322f9f6c	jim-p	$pconfig['ldap_allow_unauthenticated']
831	eeceb2ca	Augustin-FL	))->setHelp('Unauthenticated binds are bind with an existing login but with an empty password. '.
832			'Some LDAP servers (Microsoft AD) allow this type of bind without any possiblity to disable it.');
833
834	a0165602	Sjon Hortensius	$form->add($section);
835	6157f724	Stephen Beaver
836			// ==== RADIUS section ========================================================
837	7aaf60a8	k-paulius	$section = new Form_Section('RADIUS Server Settings');
838	44d906ca	Sjon Hortensius	$section->addClass('toggle-radius collapse');
839	a0165602	Sjon Hortensius
840	9da4a575	Renato Botelho	$section->addInput(new Form_Select(
841			'radius_protocol',
842	153c3aa6	Phil Davis	'*Protocol',
843	9da4a575	Renato Botelho	$pconfig['radius_protocol'],
844			$radius_protocol
845			));
846
847	a0165602	Sjon Hortensius	$section->addInput(new Form_Input(
848			'radius_host',
849	153c3aa6	Phil Davis	'*Hostname or IP address',
850	a0165602	Sjon Hortensius	'text',
851			$pconfig['radius_host']
852			));
853
854			$section->addInput(new Form_Input(
855			'radius_secret',
856	153c3aa6	Phil Davis	'*Shared Secret',
857	406a904b	jim-p	'password',
858	a0165602	Sjon Hortensius	$pconfig['radius_secret']
859			));
860
861			$section->addInput(new Form_Select(
862			'radius_srvcs',
863	153c3aa6	Phil Davis	'*Services offered',
864	a0165602	Sjon Hortensius	$pconfig['radius_srvcs'],
865			$radius_srvcs
866			));
867
868			$section->addInput(new Form_Input(
869			'radius_auth_port',
870	81ec3187	Chris Buechler	'Authentication port',
871	a0165602	Sjon Hortensius	'number',
872	df5d8616	Stephen Beaver	$pconfig['radius_auth_port']
873	a0165602	Sjon Hortensius	));
874
875			$section->addInput(new Form_Input(
876			'radius_acct_port',
877	df5d8616	Stephen Beaver	'Accounting port',
878	a0165602	Sjon Hortensius	'number',
879			$pconfig['radius_acct_port']
880			));
881
882			$section->addInput(new Form_Input(
883			'radius_timeout',
884			'Authentication Timeout',
885			'number',
886			$pconfig['radius_timeout']
887			))->setHelp('This value controls how long, in seconds, that the RADIUS '.
888			'server may take to respond to an authentication request. If left blank, the '.
889	89140b63	NOYB	'default value is 5 seconds. NOTE: If using an interactive two-factor '.
890	a0165602	Sjon Hortensius	'authentication system, increase this timeout to account for how long it will '.
891			'take the user to receive and enter a token.');
892
893	f15fdef3	Augustin FL	$section->addInput(new Form_Select(
894			'radius_nasip_attribute',
895			'RADIUS NAS IP Attribute',
896			$pconfig['radius_nasip_attribute'],
897			build_radiusnas_list()
898			))->setHelp('Enter the IP to use for the "NAS-IP-Address" attribute during RADIUS Acccess-Requests.<br />'.
899			'Please note that this choice won\'t change the interface used for contacting the RADIUS server.');
900
901	a0165602	Sjon Hortensius	if (isset($id) && $a_server[$id])
902			{
903	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
904	a0165602	Sjon Hortensius	'id',
905			null,
906			'hidden',
907			$id
908			));
909	6306b5dd	Ermal Lu?i	}
910	a0165602	Sjon Hortensius
911			$form->add($section);
912	098604d3	Stephen Beaver
913			// Create a largely empty modal to show the available containers. We will populate it via AJAX later
914			$modal = new Modal("LDAP containers", "containers", true);
915
916			$form->add($modal);
917
918	a0165602	Sjon Hortensius	print $form;
919	ac9d8bed	Stephen Beaver	?>
920	8fd9052f	Colin Fleming	<script type="text/javascript">
921	ac9d8bed	Stephen Beaver	//<![CDATA[
922	098604d3	Stephen Beaver	events.push(function() {
923
924			// Create an AJAX request (to this page) to get the container list and controls
925	501efbd2	Stephen Beaver	function select_clicked() {
926			if (document.getElementById("ldap_port").value == '' \|\|
927	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_host").value == '' \|\|
928			document.getElementById("ldap_scope").value == '' \|\|
929			document.getElementById("ldap_basedn").value == '' \|\|
930			document.getElementById("ldapauthcontainers").value == '') {
931	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the required values.");?>");
932			return;
933			}
934	7b4b0ad3	Stephen Beaver
935	501efbd2	Stephen Beaver	if (!document.getElementById("ldap_anon").checked) {
936			if (document.getElementById("ldap_binddn").value == '' \|\|
937	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_bindpw").value == '') {
938	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the bind username/password.");?>");
939			return;
940			}
941			}
942	098604d3	Stephen Beaver
943			var ajaxRequest;
944			var authserver = $('#authmode').val();
945			var cert;
946
947			<?php if (count($a_ca) > 0): ?>
948			cert = $('#ldap_caref').val();
949			<?php else: ?>
950			cert = '';
951			<?php endif; ?>
952	697b1e07	Stephen Beaver	/*
953	098604d3	Stephen Beaver	$('#containers').modal('show');
954	79df3d68	Stephen Beaver	$('#serverlist').parent('div').prev('label').remove();
955			$('#serverlist').parent('div').removeClass("col-sm-10");
956			$('#serverlist').parent('div').addClass("col-sm-12");
957	697b1e07	Stephen Beaver	*/
958	098604d3	Stephen Beaver	ajaxRequest = $.ajax(
959			{
960			url: "/system_authservers.php",
961			type: "post",
962			data: {
963			ajax: "ajax",
964			port: $('#ldap_port').val(),
965			host: $('#ldap_host').val(),
966			scope: $('#ldap_scope').val(),
967			basedn: $('#ldap_basedn').val(),
968			binddn: $('#ldap_binddn').val(),
969			bindpw: $('#ldap_bindpw').val(),
970			urltype:$('#ldap_urltype').val(),
971			proto: $('#ldap_protver').val(),
972			authcn: $('#ldapauthcontainers').val(),
973			cert: cert
974			}
975			}
976			);
977
978			// Deal with the results of the above ajax call
979			ajaxRequest.done(function (response, textStatus, jqXHR) {
980	697b1e07	Stephen Beaver	$('#containers').replaceWith(response);
981
982			$('#containers').modal('show');
983	098604d3	Stephen Beaver
984			// The button handler needs to be here because until the modal has been populated
985			// the controls we need to attach handlers to do not exist
986			$('#svcontbtn').prop("type", "button");
987			$('#svcontbtn').removeAttr("href");
988
989			$('#svcontbtn').click(function () {
990			var ous = $('[id^=ou]').length;
991			var i;
992
993			$('#ldapauthcontainers').val("");
994
995			for (i = 0; i < ous; i++) {
996			if ($('#ou' + i).prop("checked")) {
997			if ($('#ldapauthcontainers').val() != "") {
998			$('#ldapauthcontainers').val($('#ldapauthcontainers').val() +";");
999			}
1000
1001			$('#ldapauthcontainers').val($('#ldapauthcontainers').val() + $('#ou' + i).val());
1002			}
1003			}
1004
1005			$('#containers').modal('hide');
1006			});
1007			});
1008
1009	501efbd2	Stephen Beaver	}
1010	7b4b0ad3	Stephen Beaver
1011	f3a43095	Stephen Beaver	function set_ldap_port() {
1012	d672403c	derelict-pf	if ($('#ldap_urltype').find(":selected").index() == 2)
1013	7b4b0ad3	Stephen Beaver	$('#ldap_port').val('636');
1014	d672403c	derelict-pf	else
1015			$('#ldap_port').val('389');
1016	7b4b0ad3	Stephen Beaver	}
1017
1018	153c3aa6	Phil Davis	function set_required_port_fields() {
1019			if (document.getElementById("radius_srvcs").value == 'auth') {
1020			setRequired('radius_auth_port', true);
1021			setRequired('radius_acct_port', false);
1022			} else if (document.getElementById("radius_srvcs").value == 'acct') {
1023			setRequired('radius_auth_port', false);
1024			setRequired('radius_acct_port', true);
1025			} else { // both
1026			setRequired('radius_auth_port', true);
1027			setRequired('radius_acct_port', true);
1028			}
1029			}
1030
1031	7b4b0ad3	Stephen Beaver	// Hides all elements of the specified class. This will usually be a section
1032			function hideClass(s_class, hide) {
1033	9d3e8723	Phil Davis	if (hide)
1034	7b4b0ad3	Stephen Beaver	$('.' + s_class).hide();
1035			else
1036			$('.' + s_class).show();
1037	f3a43095	Stephen Beaver	}
1038	7b4b0ad3	Stephen Beaver
1039	ac9d8bed	Stephen Beaver	function ldap_tmplchange() {
1040			switch ($('#ldap_tmpltype').find(":selected").index()) {
1041			<?php
1042			$index = 0;
1043			foreach ($ldap_templates as $tmpldata):
1044			?>
1045			case <?=$index;?>:
1046			$('#ldap_attr_user').val("<?=$tmpldata['attr_user'];?>");
1047			$('#ldap_attr_group').val("<?=$tmpldata['attr_group'];?>");
1048			$('#ldap_attr_member').val("<?=$tmpldata['attr_member'];?>");
1049	eeceb2ca	Augustin-FL	$("#ldap_allow_unauthenticated").attr("checked", <?=$tmpldata['allow_unauthenticated'];?>);
1050	ac9d8bed	Stephen Beaver	break;
1051			<?php
1052			$index++;
1053			endforeach;
1054			?>
1055			}
1056			}
1057	a0165602	Sjon Hortensius
1058	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
1059	782922c2	Stephen Beaver
1060	c4302457	Stephen Beaver	<?php if ($act != 'edit') : ?>
1061	ac9d8bed	Stephen Beaver	ldap_tmplchange();
1062	c4302457	Stephen Beaver	<?php endif; ?>
1063
1064	b0909f2e	Stephen Beaver	hideClass('ldapanon', $('#ldap_anon').prop('checked'));
1065	e39a41e9	Stephen Beaver	hideClass('extended', !$('#ldap_extended_enabled').prop('checked'));
1066	3f6151d7	Viktor G	hideClass('ldap_rfc2307_userdn', !$('#ldap_rfc2307').prop('checked'));
1067	153c3aa6	Phil Davis	set_required_port_fields();
1068	7b4b0ad3	Stephen Beaver
1069	9d3e8723	Phil Davis	if ($('#ldap_port').val() == "")
1070	f3a43095	Stephen Beaver	set_ldap_port();
1071	ac9d8bed	Stephen Beaver
1072	ea342b0f	Stephen Beaver	<?php
1073	9d3e8723	Phil Davis	if ($act == 'edit') {
1074	ea342b0f	Stephen Beaver	?>
1075	6157f724	Stephen Beaver	$('#type option:not(:selected)').each(function(){
1076	7b4b0ad3	Stephen Beaver	$(this).attr('disabled', 'disabled');
1077	6157f724	Stephen Beaver	});
1078	7b4b0ad3	Stephen Beaver
1079	2138c41b	Stephen Beaver	<?php
1080	57dc81ea	Viktor G	if (!$input_errors && !$dup) {
1081	7b4b0ad3	Stephen Beaver	?>
1082	6157f724	Stephen Beaver	$('#name').prop("readonly", true);
1083	ea342b0f	Stephen Beaver	<?php
1084	2138c41b	Stephen Beaver	}
1085	ea342b0f	Stephen Beaver	}
1086			?>
1087	eef93144	Jared Dillard	// ---------- Click checkbox handlers ---------------------------------------------------------
1088	782922c2	Stephen Beaver
1089	ac9d8bed	Stephen Beaver	$('#ldap_tmpltype').on('change', function() {
1090			ldap_tmplchange();
1091			});
1092	b0909f2e	Stephen Beaver
1093	7b4b0ad3	Stephen Beaver	$('#ldap_anon').click(function () {
1094			hideClass('ldapanon', this.checked);
1095			});
1096
1097	f3a43095	Stephen Beaver	$('#ldap_urltype').on('change', function() {
1098			set_ldap_port();
1099	7b4b0ad3	Stephen Beaver	});
1100
1101			$('#Select').click(function () {
1102			select_clicked();
1103			});
1104	504bd882	Stephen Beaver
1105	e39a41e9	Stephen Beaver	$('#ldap_extended_enabled').click(function () {
1106			hideClass('extended', !this.checked);
1107			});
1108	504bd882	Stephen Beaver
1109	3f6151d7	Viktor G	$('#ldap_rfc2307').click(function () {
1110			hideClass('ldap_rfc2307_userdn', !this.checked);
1111			});
1112
1113	153c3aa6	Phil Davis	$('#radius_srvcs').on('change', function() {
1114			set_required_port_fields();
1115			});
1116
1117	ac9d8bed	Stephen Beaver	});
1118			//]]>
1119			</script>
1120			<?php
1121	81ec3187	Chris Buechler	include("foot.inc");

Project

General

Profile

pfSense