/src/usr/local/www/system_authservers.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_authservers.php @ de038a27

1	fbf672cb	Matthew Grooms	<?php
2			/*
3	ce77a9c4	Phil Davis	system_authservers.php
4	fbf672cb	Matthew Grooms	*/
5	ac9d8bed	Stephen Beaver	/* ====================================================================
6			* Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved.
7	df8fca9d	Stephen Beaver	* Copyright (c) 2008 Shrew Soft Inc.
8	ac9d8bed	Stephen Beaver	*
9			* Redistribution and use in source and binary forms, with or without modification,
10			* are permitted provided that the following conditions are met:
11			*
12			* 1. Redistributions of source code must retain the above copyright notice,
13			* this list of conditions and the following disclaimer.
14			*
15			* 2. Redistributions in binary form must reproduce the above copyright
16			* notice, this list of conditions and the following disclaimer in
17			* the documentation and/or other materials provided with the
18			* distribution.
19			*
20			* 3. All advertising materials mentioning features or use of this software
21			* must display the following acknowledgment:
22			* "This product includes software developed by the pfSense Project
23			* for use in the pfSense software distribution. (http://www.pfsense.org/).
24			*
25			* 4. The names "pfSense" and "pfSense Project" must not be used to
26			* endorse or promote products derived from this software without
27			* prior written permission. For written permission, please contact
28			* coreteam@pfsense.org.
29			*
30			* 5. Products derived from this software may not be called "pfSense"
31			* nor may "pfSense" appear in their names without prior written
32			* permission of the Electric Sheep Fencing, LLC.
33			*
34			* 6. Redistributions of any form whatsoever must retain the following
35			* acknowledgment:
36			*
37			* "This product includes software developed by the pfSense Project
38			* for use in the pfSense software distribution (http://www.pfsense.org/).
39			*
40			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
41			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
44			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51			* OF THE POSSIBILITY OF SUCH DAMAGE.
52			*
53			* ====================================================================
54			*
55			*/
56	1d333258	Scott Ullrich	/*
57	ac9d8bed	Stephen Beaver	pfSense_MODULE: auth
58	1d333258	Scott Ullrich	*/
59	fbf672cb	Matthew Grooms
60			##\|+PRIV
61			##\|*IDENT=page-system-authservers
62			##\|*NAME=System: Authentication Servers
63			##\|*DESCR=Allow access to the 'System: Authentication Servers' page.
64			##\|MATCH=system_authservers.php
65			##\|-PRIV
66
67			require("guiconfig.inc");
68	acee624f	Ermal Lu?i	require_once("auth.inc");
69	fbf672cb	Matthew Grooms
70	257705ca	Renato Botelho	$pgtitle = array(gettext("System"), gettext("Authentication Servers"));
71	d71fc5d3	jim-p	$shortcut_section = "authentication";
72	fbf672cb	Matthew Grooms
73	2ee8dea1	Phil Davis	if (is_numericint($_GET['id'])) {
74	e41ec584	Renato Botelho	$id = $_GET['id'];
75	2ee8dea1	Phil Davis	}
76			if (isset($_POST['id']) && is_numericint($_POST['id'])) {
77	fbf672cb	Matthew Grooms	$id = $_POST['id'];
78	2ee8dea1	Phil Davis	}
79	fbf672cb	Matthew Grooms
80	2ee8dea1	Phil Davis	if (!is_array($config['system']['authserver'])) {
81	fbf672cb	Matthew Grooms	$config['system']['authserver'] = array();
82	2ee8dea1	Phil Davis	}
83	fbf672cb	Matthew Grooms
84	6306b5dd	Ermal Lu?i	$a_servers = auth_get_authserver_list();
85	2ee8dea1	Phil Davis	foreach ($a_servers as $servers) {
86	6306b5dd	Ermal Lu?i	$a_server[] = $servers;
87	2ee8dea1	Phil Davis	}
88	fbf672cb	Matthew Grooms
89	2ee8dea1	Phil Davis	if (!is_array($config['ca'])) {
90	a0165602	Sjon Hortensius	$config['ca'] = array();
91	2ee8dea1	Phil Davis	}
92	fe2031ab	Ermal	$a_ca =& $config['ca'];
93
94	fbf672cb	Matthew Grooms	$act = $_GET['act'];
95	2ee8dea1	Phil Davis	if ($_POST['act']) {
96	fbf672cb	Matthew Grooms	$act = $_POST['act'];
97	2ee8dea1	Phil Davis	}
98	fbf672cb	Matthew Grooms
99			if ($act == "del") {
100
101			if (!$a_server[$_GET['id']]) {
102			pfSenseHeader("system_authservers.php");
103			exit;
104			}
105
106	9db6993f	jim-p	/* Remove server from main list. */
107	fbf672cb	Matthew Grooms	$serverdeleted = $a_server[$_GET['id']]['name'];
108	9db6993f	jim-p	foreach ($config['system']['authserver'] as $k => $as) {
109	2ee8dea1	Phil Davis	if ($config['system']['authserver'][$k]['name'] == $serverdeleted) {
110	9db6993f	jim-p	unset($config['system']['authserver'][$k]);
111	2ee8dea1	Phil Davis	}
112	9db6993f	jim-p	}
113
114			/* Remove server from temp list used later on this page. */
115	fbf672cb	Matthew Grooms	unset($a_server[$_GET['id']]);
116	9db6993f	jim-p
117	2ee8dea1	Phil Davis	$savemsg = gettext("Authentication Server") . " " . htmlspecialchars($serverdeleted) . " " . gettext("deleted") . "<br />";
118	9db6993f	jim-p	write_config($savemsg);
119	fbf672cb	Matthew Grooms	}
120
121			if ($act == "edit") {
122			if (isset($id) && $a_server[$id]) {
123
124			$pconfig['type'] = $a_server[$id]['type'];
125			$pconfig['name'] = $a_server[$id]['name'];
126
127			if ($pconfig['type'] == "ldap") {
128	fe2031ab	Ermal	$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
129	fbf672cb	Matthew Grooms	$pconfig['ldap_host'] = $a_server[$id]['host'];
130			$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
131	d6b4dfe3	jim-p	$pconfig['ldap_timeout'] = $a_server[$id]['ldap_timeout'];
132	fbf672cb	Matthew Grooms	$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
133			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
134			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
135			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
136	c61e4626	Ermal Lu?i	$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
137	c7073ebf	namezero111111	$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
138			$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
139	fbf672cb	Matthew Grooms	$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
140			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
141			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
142			$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
143			$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
144	149efbea	jim-p	$pconfig['ldap_attr_groupobj'] = $a_server[$id]['ldap_attr_groupobj'];
145	a5cd1c5a	jim-p	$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
146			$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
147	149efbea	jim-p	$pconfig['ldap_rfc2307'] = isset($a_server[$id]['ldap_rfc2307']);
148	fbf672cb	Matthew Grooms
149	2ee8dea1	Phil Davis	if (!$pconfig['ldap_binddn'] \|\| !$pconfig['ldap_bindpw']) {
150	fbf672cb	Matthew Grooms	$pconfig['ldap_anon'] = true;
151	2ee8dea1	Phil Davis	}
152	fbf672cb	Matthew Grooms	}
153
154			if ($pconfig['type'] == "radius") {
155			$pconfig['radius_host'] = $a_server[$id]['host'];
156			$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
157			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
158	e8a58de4	Ermal Lu?i	$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
159	bddd2be8	jim-p	$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
160	fbf672cb	Matthew Grooms
161			if ($pconfig['radius_auth_port'] &&
162	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
163	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "both";
164			}
165
166	2ee8dea1	Phil Davis	if ($pconfig['radius_auth_port'] &&
167	ac9d8bed	Stephen Beaver	!$pconfig['radius_acct_port']) {
168	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "auth";
169	acee624f	Ermal Lu?i	$pconfig['radius_acct_port'] = 1813;
170	fbf672cb	Matthew Grooms	}
171
172			if (!$pconfig['radius_auth_port'] &&
173	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
174	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "acct";
175	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = 1812;
176	fbf672cb	Matthew Grooms	}
177
178			}
179			}
180			}
181
182			if ($act == "new") {
183			$pconfig['ldap_protver'] = 3;
184			$pconfig['ldap_anon'] = true;
185			$pconfig['radius_srvcs'] = "both";
186	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = "1812";
187			$pconfig['radius_acct_port'] = "1813";
188	fbf672cb	Matthew Grooms	}
189
190			if ($_POST) {
191			unset($input_errors);
192			$pconfig = $_POST;
193
194			/* input validation */
195
196			if ($pconfig['type'] == "ldap") {
197	2ee8dea1	Phil Davis	$reqdfields = explode(" ",
198			"name type ldap_host ldap_port " .
199			"ldap_urltype ldap_protver ldap_scope " .
200			"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
201	7b4b0ad3	Stephen Beaver
202	257705ca	Renato Botelho	$reqdfieldsn = array(
203			gettext("Descriptive name"),
204			gettext("Type"),
205			gettext("Hostname or IP"),
206			gettext("Port value"),
207			gettext("Transport"),
208			gettext("Protocol version"),
209			gettext("Search level"),
210			gettext("User naming Attribute"),
211			gettext("Group naming Attribute"),
212			gettext("Group member attribute"),
213			gettext("Authentication container"));
214	fbf672cb	Matthew Grooms
215			if (!$pconfig['ldap_anon']) {
216			$reqdfields[] = "ldap_binddn";
217			$reqdfields[] = "ldap_bindpw";
218	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Bind user DN");
219			$reqdfieldsn[] = gettext("Bind Password");
220	fbf672cb	Matthew Grooms	}
221			}
222
223			if ($pconfig['type'] == "radius") {
224			$reqdfields = explode(" ", "name type radius_host radius_srvcs");
225	257705ca	Renato Botelho	$reqdfieldsn = array(
226			gettext("Descriptive name"),
227			gettext("Type"),
228			gettext("Hostname or IP"),
229			gettext("Services"));
230	fbf672cb	Matthew Grooms
231			if ($pconfig['radisu_srvcs'] == "both" \|\|
232	ac9d8bed	Stephen Beaver	$pconfig['radisu_srvcs'] == "auth") {
233	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_auth_port";
234	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Authentication port");
235	fbf672cb	Matthew Grooms	}
236
237			if ($pconfig['radisu_srvcs'] == "both" \|\|
238	ac9d8bed	Stephen Beaver	$pconfig['radisu_srvcs'] == "acct") {
239	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_acct_port";
240	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Accounting port");
241	fbf672cb	Matthew Grooms	}
242
243			if (!isset($id)) {
244			$reqdfields[] = "radius_secret";
245	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Shared Secret");
246	fbf672cb	Matthew Grooms	}
247			}
248
249	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
250	fbf672cb	Matthew Grooms
251	2ee8dea1	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host'])) {
252	fbf672cb	Matthew Grooms	$input_errors[] = gettext("The host name contains invalid characters.");
253	2ee8dea1	Phil Davis	}
254	fbf672cb	Matthew Grooms
255	2ee8dea1	Phil Davis	if (auth_get_authserver($pconfig['name']) && !isset($id)) {
256	257705ca	Renato Botelho	$input_errors[] = gettext("An authentication server with the same name already exists.");
257	2ee8dea1	Phil Davis	}
258	acee624f	Ermal Lu?i
259	d6b4dfe3	jim-p	if (($pconfig['type'] == "ldap") \|\| ($pconfig['type'] == "radius")) {
260			$to_field = "{$pconfig['type']}_timeout";
261			if (isset($_POST[$to_field]) && !empty($_POST[$to_field]) && (!is_numeric($_POST[$to_field]) \|\| (is_numeric($_POST[$to_field]) && ($_POST[$to_field] <= 0)))) {
262			$input_errors[] = sprintf(gettext("%s Timeout value must be numeric and positive."), strtoupper($pconfig['type']));
263			}
264	2ee8dea1	Phil Davis	}
265	bddd2be8	jim-p
266	fbf672cb	Matthew Grooms	/* if this is an AJAX caller then handle via JSON */
267			if (isAjax() && is_array($input_errors)) {
268			input_errors2Ajax($input_errors);
269			exit;
270			}
271
272			if (!$input_errors) {
273			$server = array();
274			$server['refid'] = uniqid();
275	2ee8dea1	Phil Davis	if (isset($id) && $a_server[$id]) {
276	fbf672cb	Matthew Grooms	$server = $a_server[$id];
277	2ee8dea1	Phil Davis	}
278	fbf672cb	Matthew Grooms
279			$server['type'] = $pconfig['type'];
280			$server['name'] = $pconfig['name'];
281
282			if ($server['type'] == "ldap") {
283
284	2ee8dea1	Phil Davis	if (!empty($pconfig['ldap_caref'])) {
285	fe2031ab	Ermal	$server['ldap_caref'] = $pconfig['ldap_caref'];
286	2ee8dea1	Phil Davis	}
287	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['ldap_host'];
288			$server['ldap_port'] = $pconfig['ldap_port'];
289			$server['ldap_urltype'] = $pconfig['ldap_urltype'];
290			$server['ldap_protver'] = $pconfig['ldap_protver'];
291			$server['ldap_scope'] = $pconfig['ldap_scope'];
292			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
293	c61e4626	Ermal Lu?i	$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
294	c7073ebf	namezero111111	$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
295			$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
296	fbf672cb	Matthew Grooms	$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
297			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
298			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
299	149efbea	jim-p
300			$server['ldap_attr_groupobj'] = empty($pconfig['ldap_attr_groupobj']) ? "posixGroup" : $pconfig['ldap_attr_groupobj'];
301
302	2ee8dea1	Phil Davis	if ($pconfig['ldap_utf8'] == "yes") {
303	a5cd1c5a	jim-p	$server['ldap_utf8'] = true;
304	2ee8dea1	Phil Davis	} else {
305	a5cd1c5a	jim-p	unset($server['ldap_utf8']);
306	2ee8dea1	Phil Davis	}
307			if ($pconfig['ldap_nostrip_at'] == "yes") {
308	a5cd1c5a	jim-p	$server['ldap_nostrip_at'] = true;
309	2ee8dea1	Phil Davis	} else {
310	a5cd1c5a	jim-p	unset($server['ldap_nostrip_at']);
311	2ee8dea1	Phil Davis	}
312	149efbea	jim-p	if ($pconfig['ldap_rfc2307'] == "yes") {
313			$server['ldap_rfc2307'] = true;
314			} else {
315			unset($server['ldap_rfc2307']);
316			}
317	a5cd1c5a	jim-p
318	fbf672cb	Matthew Grooms
319			if (!$pconfig['ldap_anon']) {
320			$server['ldap_binddn'] = $pconfig['ldap_binddn'];
321			$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
322			} else {
323			unset($server['ldap_binddn']);
324			unset($server['ldap_bindpw']);
325			}
326	d6b4dfe3	jim-p
327			if ($pconfig['ldap_timeout']) {
328			$server['ldap_timeout'] = $pconfig['ldap_timeout'];
329			} else {
330			$server['ldap_timeout'] = 25;
331			}
332	fbf672cb	Matthew Grooms	}
333
334			if ($server['type'] == "radius") {
335
336			$server['host'] = $pconfig['radius_host'];
337
338	2ee8dea1	Phil Davis	if ($pconfig['radius_secret']) {
339	fbf672cb	Matthew Grooms	$server['radius_secret'] = $pconfig['radius_secret'];
340	2ee8dea1	Phil Davis	}
341	fbf672cb	Matthew Grooms
342	2ee8dea1	Phil Davis	if ($pconfig['radius_timeout']) {
343	bddd2be8	jim-p	$server['radius_timeout'] = $pconfig['radius_timeout'];
344	2ee8dea1	Phil Davis	} else {
345	afdf29d3	jim-p	$server['radius_timeout'] = 5;
346	2ee8dea1	Phil Davis	}
347	bddd2be8	jim-p
348	fbf672cb	Matthew Grooms	if ($pconfig['radius_srvcs'] == "both") {
349			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
350			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
351			}
352
353			if ($pconfig['radius_srvcs'] == "auth") {
354			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
355			unset($server['radius_acct_port']);
356			}
357
358			if ($pconfig['radius_srvcs'] == "acct") {
359			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
360			unset($server['radius_auth_port']);
361			}
362			}
363
364	2ee8dea1	Phil Davis	if (isset($id) && $config['system']['authserver'][$id]) {
365	6306b5dd	Ermal Lu?i	$config['system']['authserver'][$id] = $server;
366	2ee8dea1	Phil Davis	} else {
367	6306b5dd	Ermal Lu?i	$config['system']['authserver'][] = $server;
368	2ee8dea1	Phil Davis	}
369	fbf672cb	Matthew Grooms
370			write_config();
371
372			pfSenseHeader("system_authservers.php");
373			}
374			}
375
376	1d3259b5	Stephen Beaver	// On error, restore the form contents so the user doesn't have to re-enter too much
377	504bd882	Stephen Beaver	if($_POST && $input_errors) {
378			$pconfig = $_POST;
379			$pconfig['ldap_authcn'] = $_POST['ldapauthcontainers'];
380	b1f0f7e1	Stephen Beaver	$pconfig['ldap_template'] = $_POST['ldap_tmpltype'];
381	504bd882	Stephen Beaver	}
382
383	fbf672cb	Matthew Grooms	include("head.inc");
384
385	a0165602	Sjon Hortensius	if ($input_errors)
386			print_input_errors($input_errors);
387	7b4b0ad3	Stephen Beaver
388	a0165602	Sjon Hortensius	if ($savemsg)
389	ea342b0f	Stephen Beaver	print_info_box($savemsg, 'success');
390	a0165602	Sjon Hortensius
391			$tab_array = array();
392			$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
393			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
394			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
395			$tab_array[] = array(gettext("Servers"), true, "system_authservers.php");
396			display_top_tabs($tab_array);
397
398			if (!($act == "new" \|\| $act == "edit" \|\| $input_errors))
399			{
400			?>
401	94404d94	Sander van Leeuwen	<div class="table-responsive">
402	10fe1eb5	Stephen Beaver	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable>
403	94404d94	Sander van Leeuwen	<thead>
404			<tr>
405			<th><?=gettext("Server Name")?></th>
406			<th><?=gettext("Type")?></th>
407			<th><?=gettext("Host Name")?></th>
408	782922c2	Stephen Beaver	<th><?=gettext("Actions")?></th>
409	94404d94	Sander van Leeuwen	</tr>
410			</thead>
411			<tbody>
412			<?php foreach($a_server as $i => $server): ?>
413			<tr>
414			<td><?=htmlspecialchars($server['name'])?></td>
415			<td><?=htmlspecialchars($auth_server_types[$server['type']])?></td>
416			<td><?=htmlspecialchars($server['host'])?></td>
417			<td>
418			<?php if ($i < (count($a_server) - 1)): ?>
419	f9dd6a4b	heper	<a class="fa fa-pencil" title="<?=gettext("Edit server"); ?>" href="system_authservers.php?act=edit&id=<?=$i?>"></a>
420	33f0b0d5	Stephen Beaver	<a class="fa fa-trash" title="<?=gettext("Delete server")?>" href="system_authservers.php?act=del&id=<?=$i?>"></a>
421	94404d94	Sander van Leeuwen	<?php endif?>
422			</td>
423			</tr>
424			<?php endforeach; ?>
425			</tbody>
426			</table>
427			</div>
428
429	c10cb196	Stephen Beaver	<nav class="action-buttons">
430	782922c2	Stephen Beaver	<a href="?act=new" class="btn btn-success btn-sm">
431	9d5a20cf	heper	<i class="fa fa-plus icon-embed-btn"></i>
432	782922c2	Stephen Beaver	<?=gettext("Add")?>
433			</a>
434	94404d94	Sander van Leeuwen	</nav>
435	fbf672cb	Matthew Grooms	<?php
436	a0165602	Sjon Hortensius	include("foot.inc");
437			exit;
438	fbf672cb	Matthew Grooms	}
439
440	a0165602	Sjon Hortensius	$form = new Form;
441			$form->setAction('system_authservers.php?act=edit');
442	ea342b0f	Stephen Beaver
443	a0165602	Sjon Hortensius	$form->addGlobal(new Form_Input(
444			'userid',
445			null,
446			'hidden',
447			$id
448			));
449
450			$section = new Form_Section('Server settings');
451
452			$section->addInput($input = new Form_Input(
453			'name',
454			'Descriptive name',
455			'text',
456			$pconfig['name']
457			));
458
459			$section->addInput($input = new Form_Select(
460			'type',
461			'Type',
462			$pconfig['type'],
463			$auth_server_types
464	44d906ca	Sjon Hortensius	))->toggles();
465	a0165602	Sjon Hortensius
466			$form->add($section);
467	6157f724	Stephen Beaver
468			// ==== LDAP settings =========================================================
469	a0165602	Sjon Hortensius	$section = new Form_Section('LDAP Server Settings');
470	44d906ca	Sjon Hortensius	$section->addClass('toggle-ldap collapse');
471	a0165602	Sjon Hortensius
472			if (!isset($pconfig['type']) \|\| $pconfig['type'] == 'ldap')
473			$section->addClass('in');
474
475			$section->addInput(new Form_Input(
476			'ldap_host',
477			'Hostname or IP address',
478			'text',
479			$pconfig['ldap_host']
480			))->setHelp('NOTE: When using SSL, this hostname MUST match the Common Name '.
481	5585e65d	Chris Buechler	'(CN) of the LDAP server\'s SSL Certificate.');
482	a0165602	Sjon Hortensius
483			$section->addInput(new Form_Input(
484			'ldap_port',
485			'Port value',
486			'number',
487			$pconfig['ldap_port']
488			));
489
490			$section->addInput(new Form_Select(
491			'ldap_urltype',
492			'Transport',
493			$pconfig['ldap_urltype'],
494			array_combine(array_keys($ldap_urltypes), array_keys($ldap_urltypes))
495			));
496
497			if (empty($a_ca))
498			{
499			$section->addInput(new Form_StaticText(
500			'Peer Certificate Authority',
501			'No Certificate Authorities defined.<br/>Create one under <a href="system_camanager.php">System > Cert Manager</a>.'
502			));
503	fbf672cb	Matthew Grooms	}
504	a0165602	Sjon Hortensius	else
505			{
506			$ldapCaRef = [];
507			foreach ($a_ca as $ca)
508			$ldapCaRef[ $ca['refid'] ] = $ca['descr'];
509
510			$section->addInput(new Form_Select(
511			'ldap_caref',
512			'Peer Certificate Authority',
513			$pconfig['ldap_caref'],
514			$ldapCaRef
515			))->setHelp('This option is used if \'SSL Encrypted\' option is choosen. '.
516			'It must match with the CA in the AD otherwise problems will arise.');
517	fbf672cb	Matthew Grooms	}
518
519	a0165602	Sjon Hortensius	$section->addInput(new Form_Select(
520			'ldap_protver',
521			'Protocol version',
522			$pconfig['ldap_protver'],
523			array_combine($ldap_protvers, $ldap_protvers)
524			));
525
526	d6b4dfe3	jim-p	$section->addInput(new Form_Input(
527			'ldap_timeout',
528			'Server Timeout',
529			'number',
530			$pconfig['ldap_timeout'],
531			['placeholder' => 25]
532			))->setHelp('Timeout for LDAP operations (seconds)');
533
534	905f6119	Stephen Beaver	$group = new Form_Group('Search scope');
535
536	c84db5bb	Stephen Beaver	$SSF = new Form_Select(
537	a0165602	Sjon Hortensius	'ldap_scope',
538	c84db5bb	Stephen Beaver	'Level',
539	a0165602	Sjon Hortensius	$pconfig['ldap_scope'],
540			$ldap_scopes
541	c84db5bb	Stephen Beaver	);
542	df8fca9d	Stephen Beaver
543	c84db5bb	Stephen Beaver	$SSB = new Form_Input(
544	a0165602	Sjon Hortensius	'ldap_basedn',
545			'Base DN',
546			'text',
547			$pconfig['ldap_basedn']
548	c84db5bb	Stephen Beaver	);
549	905f6119	Stephen Beaver
550	c84db5bb	Stephen Beaver
551			$section->addInput(new Form_StaticText(
552			'Search scope',
553			'Level ' . $SSF . '<br />' . 'Base DN' . $SSB
554			));
555	a0165602	Sjon Hortensius
556			$group = new Form_Group('Authentication containers');
557			$group->add(new Form_Input(
558			'ldapauthcontainers',
559			'Containers',
560			'text',
561			$pconfig['ldap_authcn']
562			))->setHelp('Note: Semi-Colon separated. This will be prepended to the search '.
563			'base dn above or you can specify full container path containing a dc= '.
564			'component.<br/>Example: CN=Users;DC=example,DC=com or OU=Staff;OU=Freelancers');
565	504bd882	Stephen Beaver
566	a0165602	Sjon Hortensius	$group->add(new Form_Button(
567			'Select',
568	501efbd2	Stephen Beaver	'Select a container'
569			))->removeClass('btn-primary')->addClass('btn-default');
570
571	a0165602	Sjon Hortensius	$section->add($group);
572
573	2e101d89	Sander van Leeuwen	$section->addInput(new Form_Checkbox(
574	a0165602	Sjon Hortensius	'ldap_extended_enabled',
575	2e101d89	Sander van Leeuwen	'Extended query',
576			'Enable extended query',
577	a0165602	Sjon Hortensius	$pconfig['ldap_extended_enabled']
578	e39a41e9	Stephen Beaver	));
579	a0165602	Sjon Hortensius
580	2e101d89	Sander van Leeuwen	$group = new Form_Group('Query');
581	e39a41e9	Stephen Beaver	$group->addClass('extended');
582
583	a0165602	Sjon Hortensius	$group->add(new Form_Input(
584			'ldap_extended_query',
585	2e101d89	Sander van Leeuwen	'Query',
586	a0165602	Sjon Hortensius	'text',
587			$pconfig['ldap_extended_query']
588	2e101d89	Sander van Leeuwen	))->setHelp('Example: &(objectClass=inetOrgPerson)(mail=*@example.com)');
589
590	a0165602	Sjon Hortensius	$section->add($group);
591
592			$section->addInput(new Form_Checkbox(
593			'ldap_anon',
594			'Bind anonymous',
595			'Use anonymous binds to resolve distinguished names',
596			$pconfig['ldap_anon']
597	b0909f2e	Stephen Beaver	));
598	a0165602	Sjon Hortensius
599			$group = new Form_Group('Bind credentials');
600	b0909f2e	Stephen Beaver	$group->addClass('ldapanon');
601
602	a0165602	Sjon Hortensius	$group->add(new Form_Input(
603			'ldap_binddn',
604			'User DN:',
605			'text',
606			$pconfig['ldap_binddn']
607			));
608	b0909f2e	Stephen Beaver
609	a0165602	Sjon Hortensius	$group->add(new Form_Input(
610			'ldap_bindpw',
611			'Password',
612			'text',
613			$pconfig['ldap_bindpw']
614			));
615			$section->add($group);
616
617	ac9d8bed	Stephen Beaver	if (!isset($id)) {
618			$template_list = array();
619
620			foreach($ldap_templates as $option => $template) {
621			$template_list[$option] = $template['desc'];
622			}
623	a0165602	Sjon Hortensius
624			$section->addInput(new Form_Select(
625			'ldap_tmpltype',
626			'Initial Template',
627			$pconfig['ldap_template'],
628	ac9d8bed	Stephen Beaver	$template_list
629	a0165602	Sjon Hortensius	));
630	fbf672cb	Matthew Grooms	}
631
632	a0165602	Sjon Hortensius	$section->addInput(new Form_Input(
633			'ldap_attr_user',
634			'User naming attribute',
635			'text',
636			$pconfig['ldap_attr_user']
637			));
638
639			$section->addInput(new Form_Input(
640			'ldap_attr_group',
641			'Group naming attribute',
642			'text',
643			$pconfig['ldap_attr_group']
644			));
645
646			$section->addInput(new Form_Input(
647			'ldap_attr_member',
648			'Group member attribute',
649			'text',
650			$pconfig['ldap_attr_member']
651			));
652
653	149efbea	jim-p	$section->addInput(new Form_Checkbox(
654			'ldap_rfc2307',
655			'RFC 2307 Groups',
656			'LDAP Server uses RFC 2307 style group membership',
657			$pconfig['ldap_rfc2307']
658			))->setHelp('RFC 2307 style group membership has members listed on the group '.
659			'object rather than using groups listed on user object. Leave unchecked '.
660			'for Active Directory style group membership (RFC 2307bis).');
661
662			$section->addInput(new Form_Input(
663			'ldap_attr_groupobj',
664			'Group Object Class',
665			'text',
666			$pconfig['ldap_attr_groupobj'],
667			['placeholder' => 'posixGroup']
668			))->setHelp('Object class used for groups in RFC2307 mode. '.
669			'Typically "posixGroup" or "group".');
670
671	a0165602	Sjon Hortensius	$section->addInput(new Form_Checkbox(
672			'ldap_utf8',
673			'UTF8 Encode',
674			'UTF8 encode LDAP parameters before sending them to the server.',
675			$pconfig['ldap_utf8']
676			))->setHelp('Required to support international characters, but may not be '.
677			'supported by every LDAP server.');
678
679			$section->addInput(new Form_Checkbox(
680			'ldap_nostrip_at',
681			'Username Alterations',
682			'Do not strip away parts of the username after the @ symbol',
683			$pconfig['ldap_nostrip_at']
684			))->setHelp('e.g. user@host becomes user when unchecked.');
685
686			$form->add($section);
687	6157f724	Stephen Beaver
688			// ==== RADIUS section ========================================================
689	a0165602	Sjon Hortensius	$section = new Form_Section('Radius Server Settings');
690	44d906ca	Sjon Hortensius	$section->addClass('toggle-radius collapse');
691	a0165602	Sjon Hortensius
692			$section->addInput(new Form_Input(
693			'radius_host',
694			'Hostname or IP address',
695			'text',
696			$pconfig['radius_host']
697			));
698
699			$section->addInput(new Form_Input(
700			'radius_secret',
701			'Shared Secret',
702			'text',
703			$pconfig['radius_secret']
704			));
705
706			$section->addInput(new Form_Select(
707			'radius_srvcs',
708			'Services offered',
709			$pconfig['radius_srvcs'],
710			$radius_srvcs
711			));
712
713			$section->addInput(new Form_Input(
714			'radius_auth_port',
715	81ec3187	Chris Buechler	'Authentication port',
716	a0165602	Sjon Hortensius	'number',
717	df5d8616	Stephen Beaver	$pconfig['radius_auth_port']
718	a0165602	Sjon Hortensius	));
719
720			$section->addInput(new Form_Input(
721			'radius_acct_port',
722	df5d8616	Stephen Beaver	'Accounting port',
723	a0165602	Sjon Hortensius	'number',
724			$pconfig['radius_acct_port']
725			));
726
727			$section->addInput(new Form_Input(
728			'radius_timeout',
729			'Authentication Timeout',
730			'number',
731			$pconfig['radius_timeout']
732			))->setHelp('This value controls how long, in seconds, that the RADIUS '.
733			'server may take to respond to an authentication request. If left blank, the '.
734			'default value is 5 seconds. NOTE: If you are using an interactive two-factor '.
735			'authentication system, increase this timeout to account for how long it will '.
736			'take the user to receive and enter a token.');
737
738			if (isset($id) && $a_server[$id])
739			{
740			$section->addInput(new Form_Input(
741			'id',
742			null,
743			'hidden',
744			$id
745			));
746	6306b5dd	Ermal Lu?i	}
747	a0165602	Sjon Hortensius
748			$form->add($section);
749			print $form;
750	ac9d8bed	Stephen Beaver	?>
751			<script>
752			//<![CDATA[
753			events.push(function(){
754	501efbd2	Stephen Beaver	function select_clicked() {
755			if (document.getElementById("ldap_port").value == '' \|\|
756	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_host").value == '' \|\|
757			document.getElementById("ldap_scope").value == '' \|\|
758			document.getElementById("ldap_basedn").value == '' \|\|
759			document.getElementById("ldapauthcontainers").value == '') {
760	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the required values.");?>");
761			return;
762			}
763	7b4b0ad3	Stephen Beaver
764	501efbd2	Stephen Beaver	if (!document.getElementById("ldap_anon").checked) {
765			if (document.getElementById("ldap_binddn").value == '' \|\|
766	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_bindpw").value == '') {
767	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the bind username/password.");?>");
768			return;
769			}
770			}
771			var url = 'system_usermanager_settings_ldapacpicker.php?';
772			url += 'port=' + document.getElementById("ldap_port").value;
773			url += '&host=' + document.getElementById("ldap_host").value;
774			url += '&scope=' + document.getElementById("ldap_scope").value;
775			url += '&basedn=' + document.getElementById("ldap_basedn").value;
776			url += '&binddn=' + document.getElementById("ldap_binddn").value;
777			url += '&bindpw=' + document.getElementById("ldap_bindpw").value;
778			url += '&urltype=' + document.getElementById("ldap_urltype").value;
779			url += '&proto=' + document.getElementById("ldap_protver").value;
780			url += '&authcn=' + document.getElementById("ldapauthcontainers").value;
781			<?php if (count($a_ca) > 0): ?>
782			url += '&cert=' + document.getElementById("ldap_caref").value;
783			<?php else: ?>
784			url += '&cert=';
785			<?php endif; ?>
786	7b4b0ad3	Stephen Beaver
787	501efbd2	Stephen Beaver	var oWin = window.open(url, "pfSensePop", "width=620,height=400,top=150,left=150");
788			if (oWin == null \|\| typeof(oWin) == "undefined") {
789	7b4b0ad3	Stephen Beaver	alert("<?=gettext('Popup blocker detected. Action aborted.');?>");
790	501efbd2	Stephen Beaver	}
791			}
792	7b4b0ad3	Stephen Beaver
793	f3a43095	Stephen Beaver	function set_ldap_port() {
794	7b4b0ad3	Stephen Beaver	if($('#ldap_urltype').find(":selected").index() == 0)
795	f3a43095	Stephen Beaver	$('#ldap_port').val('389');
796			else
797	7b4b0ad3	Stephen Beaver	$('#ldap_port').val('636');
798			}
799
800			// Hides all elements of the specified class. This will usually be a section
801			function hideClass(s_class, hide) {
802			if(hide)
803			$('.' + s_class).hide();
804			else
805			$('.' + s_class).show();
806	f3a43095	Stephen Beaver	}
807	7b4b0ad3	Stephen Beaver
808	ac9d8bed	Stephen Beaver	function ldap_tmplchange() {
809			switch ($('#ldap_tmpltype').find(":selected").index()) {
810			<?php
811			$index = 0;
812			foreach ($ldap_templates as $tmpldata):
813			?>
814			case <?=$index;?>:
815			$('#ldap_attr_user').val("<?=$tmpldata['attr_user'];?>");
816			$('#ldap_attr_group').val("<?=$tmpldata['attr_group'];?>");
817			$('#ldap_attr_member').val("<?=$tmpldata['attr_member'];?>");
818			break;
819			<?php
820			$index++;
821			endforeach;
822			?>
823			}
824			}
825	a0165602	Sjon Hortensius
826	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
827	782922c2	Stephen Beaver
828	c4302457	Stephen Beaver	<?php if ($act != 'edit') : ?>
829	ac9d8bed	Stephen Beaver	ldap_tmplchange();
830	c4302457	Stephen Beaver	<?php endif; ?>
831
832	b0909f2e	Stephen Beaver	hideClass('ldapanon', $('#ldap_anon').prop('checked'));
833	501efbd2	Stephen Beaver	$("#Select").prop('type','button');
834	e39a41e9	Stephen Beaver	hideClass('extended', !$('#ldap_extended_enabled').prop('checked'));
835	7b4b0ad3	Stephen Beaver
836	f3a43095	Stephen Beaver	if($('#ldap_port').val() == "")
837			set_ldap_port();
838	ac9d8bed	Stephen Beaver
839	ea342b0f	Stephen Beaver	<?php
840			if($act == 'edit') {
841			?>
842	6157f724	Stephen Beaver	$('#type option:not(:selected)').each(function(){
843	7b4b0ad3	Stephen Beaver	$(this).attr('disabled', 'disabled');
844	6157f724	Stephen Beaver	});
845	7b4b0ad3	Stephen Beaver
846	2138c41b	Stephen Beaver	<?php
847			if(!$input_errors) {
848	7b4b0ad3	Stephen Beaver	?>
849	6157f724	Stephen Beaver	$('#name').prop("readonly", true);
850	ea342b0f	Stephen Beaver	<?php
851	2138c41b	Stephen Beaver	}
852	ea342b0f	Stephen Beaver	}
853			?>
854	eef93144	Jared Dillard	// ---------- Click checkbox handlers ---------------------------------------------------------
855	782922c2	Stephen Beaver
856	ac9d8bed	Stephen Beaver	$('#ldap_tmpltype').on('change', function() {
857			ldap_tmplchange();
858			});
859	b0909f2e	Stephen Beaver
860	7b4b0ad3	Stephen Beaver	$('#ldap_anon').click(function () {
861			hideClass('ldapanon', this.checked);
862			});
863
864	f3a43095	Stephen Beaver	$('#ldap_urltype').on('change', function() {
865			set_ldap_port();
866	7b4b0ad3	Stephen Beaver	});
867
868			$('#Select').click(function () {
869			select_clicked();
870			});
871	504bd882	Stephen Beaver
872	e39a41e9	Stephen Beaver	$('#ldap_extended_enabled').click(function () {
873			hideClass('extended', !this.checked);
874			});
875	504bd882	Stephen Beaver
876	ac9d8bed	Stephen Beaver	});
877			//]]>
878			</script>
879			<?php
880	81ec3187	Chris Buechler	include("foot.inc");

Project

General

Profile

pfSense