/usr/local/www/system_authservers.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_authservers.php @ e7da8698

1	fbf672cb	Matthew Grooms	<?php
2			/*
3			system_authservers.php
4
5	5b42a459	bcyrill	Copyright (C) 2010 Ermal Luçi
6	fbf672cb	Matthew Grooms	Copyright (C) 2008 Shrew Soft Inc.
7			All rights reserved.
8
9			Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11
12			1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14
15			2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18
19			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29			*/
30	1d333258	Scott Ullrich	/*
31			pfSense_MODULE: auth
32			*/
33	fbf672cb	Matthew Grooms
34			##\|+PRIV
35			##\|*IDENT=page-system-authservers
36			##\|*NAME=System: Authentication Servers
37			##\|*DESCR=Allow access to the 'System: Authentication Servers' page.
38			##\|MATCH=system_authservers.php
39			##\|-PRIV
40
41			require("guiconfig.inc");
42	acee624f	Ermal Lu?i	require_once("auth.inc");
43	fbf672cb	Matthew Grooms
44	257705ca	Renato Botelho	$pgtitle = array(gettext("System"), gettext("Authentication Servers"));
45	d71fc5d3	jim-p	$shortcut_section = "authentication";
46	fbf672cb	Matthew Grooms
47			$id = $_GET['id'];
48			if (isset($_POST['id']))
49			$id = $_POST['id'];
50
51			if (!is_array($config['system']['authserver']))
52			$config['system']['authserver'] = array();
53
54	6306b5dd	Ermal Lu?i	$a_servers = auth_get_authserver_list();
55			foreach ($a_servers as $servers)
56			$a_server[] = $servers;
57	fbf672cb	Matthew Grooms
58	fe2031ab	Ermal	if (!is_array($config['ca']))
59			$config['ca'] = array();
60			$a_ca =& $config['ca'];
61
62	fbf672cb	Matthew Grooms	$act = $_GET['act'];
63			if ($_POST['act'])
64			$act = $_POST['act'];
65
66			if ($act == "del") {
67
68			if (!$a_server[$_GET['id']]) {
69			pfSenseHeader("system_authservers.php");
70			exit;
71			}
72
73	9db6993f	jim-p	/* Remove server from main list. */
74	fbf672cb	Matthew Grooms	$serverdeleted = $a_server[$_GET['id']]['name'];
75	9db6993f	jim-p	foreach ($config['system']['authserver'] as $k => $as) {
76			if ($config['system']['authserver'][$k]['name'] == $serverdeleted)
77			unset($config['system']['authserver'][$k]);
78			}
79
80			/* Remove server from temp list used later on this page. */
81	fbf672cb	Matthew Grooms	unset($a_server[$_GET['id']]);
82	9db6993f	jim-p
83	fbf672cb	Matthew Grooms	$savemsg = gettext("Authentication Server")." {$serverdeleted} ".
84	9db6993f	jim-p	gettext("deleted")."<br/>";
85			write_config($savemsg);
86	fbf672cb	Matthew Grooms	}
87
88			if ($act == "edit") {
89			if (isset($id) && $a_server[$id]) {
90
91			$pconfig['type'] = $a_server[$id]['type'];
92			$pconfig['name'] = $a_server[$id]['name'];
93
94			if ($pconfig['type'] == "ldap") {
95	fe2031ab	Ermal	$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
96	fbf672cb	Matthew Grooms	$pconfig['ldap_host'] = $a_server[$id]['host'];
97			$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
98			$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
99			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
100			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
101			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
102	c61e4626	Ermal Lu?i	$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
103	c7073ebf	namezero111111	$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
104			$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
105	fbf672cb	Matthew Grooms	$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
106			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
107			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
108			$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
109			$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
110
111			if (!$pconfig['ldap_binddn'] \|\| !$pconfig['ldap_bindpw'])
112			$pconfig['ldap_anon'] = true;
113			}
114
115			if ($pconfig['type'] == "radius") {
116			$pconfig['radius_host'] = $a_server[$id]['host'];
117			$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
118			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
119	e8a58de4	Ermal Lu?i	$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
120	bddd2be8	jim-p	$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
121	fbf672cb	Matthew Grooms
122			if ($pconfig['radius_auth_port'] &&
123			$pconfig['radius_acct_port'] ) {
124			$pconfig['radius_srvcs'] = "both";
125			}
126
127			if ( $pconfig['radius_auth_port'] &&
128			!$pconfig['radius_acct_port'] ) {
129			$pconfig['radius_srvcs'] = "auth";
130	acee624f	Ermal Lu?i	$pconfig['radius_acct_port'] = 1813;
131	fbf672cb	Matthew Grooms	}
132
133			if (!$pconfig['radius_auth_port'] &&
134			$pconfig['radius_acct_port'] ) {
135			$pconfig['radius_srvcs'] = "acct";
136	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = 1812;
137	fbf672cb	Matthew Grooms	}
138
139			}
140			}
141			}
142
143			if ($act == "new") {
144			$pconfig['ldap_protver'] = 3;
145			$pconfig['ldap_anon'] = true;
146			$pconfig['radius_srvcs'] = "both";
147	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = "1812";
148			$pconfig['radius_acct_port'] = "1813";
149	fbf672cb	Matthew Grooms	}
150
151			if ($_POST) {
152			unset($input_errors);
153			$pconfig = $_POST;
154
155			/* input validation */
156
157			if ($pconfig['type'] == "ldap") {
158			$reqdfields = explode(" ", "name type ldap_host ldap_port ".
159	64ce9d72	jim-p	"ldap_urltype ldap_protver ldap_scope ".
160	c61e4626	Ermal Lu?i	"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
161	257705ca	Renato Botelho	$reqdfieldsn = array(
162			gettext("Descriptive name"),
163			gettext("Type"),
164			gettext("Hostname or IP"),
165			gettext("Port value"),
166			gettext("Transport"),
167			gettext("Protocol version"),
168			gettext("Search level"),
169			gettext("User naming Attribute"),
170			gettext("Group naming Attribute"),
171			gettext("Group member attribute"),
172			gettext("Authentication container"));
173	fbf672cb	Matthew Grooms
174			if (!$pconfig['ldap_anon']) {
175			$reqdfields[] = "ldap_binddn";
176			$reqdfields[] = "ldap_bindpw";
177	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Bind user DN");
178			$reqdfieldsn[] = gettext("Bind Password");
179	fbf672cb	Matthew Grooms	}
180			}
181
182			if ($pconfig['type'] == "radius") {
183			$reqdfields = explode(" ", "name type radius_host radius_srvcs");
184	257705ca	Renato Botelho	$reqdfieldsn = array(
185			gettext("Descriptive name"),
186			gettext("Type"),
187			gettext("Hostname or IP"),
188			gettext("Services"));
189	fbf672cb	Matthew Grooms
190			if ($pconfig['radisu_srvcs'] == "both" \|\|
191			$pconfig['radisu_srvcs'] == "auth") {
192			$reqdfields[] = "radius_auth_port";
193	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Authentication port value");
194	fbf672cb	Matthew Grooms	}
195
196			if ($pconfig['radisu_srvcs'] == "both" \|\|
197			$pconfig['radisu_srvcs'] == "acct") {
198			$reqdfields[] = "radius_acct_port";
199	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Accounting port value");
200	fbf672cb	Matthew Grooms	}
201
202			if (!isset($id)) {
203			$reqdfields[] = "radius_secret";
204	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Shared Secret");
205	fbf672cb	Matthew Grooms	}
206			}
207
208			do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
209
210			if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host']))
211			$input_errors[] = gettext("The host name contains invalid characters.");
212
213	6306b5dd	Ermal Lu?i	if (auth_get_authserver($pconfig['name']) && !isset($id))
214	257705ca	Renato Botelho	$input_errors[] = gettext("An authentication server with the same name already exists.");
215	acee624f	Ermal Lu?i
216	eed8df6f	jim-p	if (($pconfig['type'] == "radius") && isset($_POST['radius_timeout']) && (!is_numeric($_POST['radius_timeout']) \|\| (is_numeric($_POST['radius_timeout']) && ($_POST['radius_timeout'] <= 0))))
217	bddd2be8	jim-p	$input_errors[] = gettext("RADIUS Timeout value must be numeric and positive.");
218
219	fbf672cb	Matthew Grooms	/* if this is an AJAX caller then handle via JSON */
220			if (isAjax() && is_array($input_errors)) {
221			input_errors2Ajax($input_errors);
222			exit;
223			}
224
225			if (!$input_errors) {
226			$server = array();
227			$server['refid'] = uniqid();
228			if (isset($id) && $a_server[$id])
229			$server = $a_server[$id];
230
231			$server['type'] = $pconfig['type'];
232			$server['name'] = $pconfig['name'];
233
234			if ($server['type'] == "ldap") {
235
236	fe2031ab	Ermal	if (!empty($pconfig['ldap_caref']))
237			$server['ldap_caref'] = $pconfig['ldap_caref'];
238	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['ldap_host'];
239			$server['ldap_port'] = $pconfig['ldap_port'];
240			$server['ldap_urltype'] = $pconfig['ldap_urltype'];
241			$server['ldap_protver'] = $pconfig['ldap_protver'];
242			$server['ldap_scope'] = $pconfig['ldap_scope'];
243			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
244	c61e4626	Ermal Lu?i	$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
245	c7073ebf	namezero111111	$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
246			$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
247	fbf672cb	Matthew Grooms	$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
248			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
249			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
250
251			if (!$pconfig['ldap_anon']) {
252			$server['ldap_binddn'] = $pconfig['ldap_binddn'];
253			$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
254			} else {
255			unset($server['ldap_binddn']);
256			unset($server['ldap_bindpw']);
257			}
258			}
259
260			if ($server['type'] == "radius") {
261
262			$server['host'] = $pconfig['radius_host'];
263
264			if ($pconfig['radius_secret'])
265			$server['radius_secret'] = $pconfig['radius_secret'];
266
267	bddd2be8	jim-p	if ($pconfig['radius_timeout'])
268			$server['radius_timeout'] = $pconfig['radius_timeout'];
269
270	fbf672cb	Matthew Grooms	if ($pconfig['radius_srvcs'] == "both") {
271			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
272			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
273			}
274
275			if ($pconfig['radius_srvcs'] == "auth") {
276			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
277			unset($server['radius_acct_port']);
278			}
279
280			if ($pconfig['radius_srvcs'] == "acct") {
281			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
282			unset($server['radius_auth_port']);
283			}
284			}
285
286	6306b5dd	Ermal Lu?i	if (isset($id) && $config['system']['authserver'][$id])
287			$config['system']['authserver'][$id] = $server;
288	fbf672cb	Matthew Grooms	else
289	6306b5dd	Ermal Lu?i	$config['system']['authserver'][] = $server;
290	fbf672cb	Matthew Grooms
291			write_config();
292
293			pfSenseHeader("system_authservers.php");
294			}
295			}
296
297			include("head.inc");
298			?>
299
300			<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
301			<?php include("fbegin.inc"); ?>
302			<script type="text/javascript">
303	0f3a8925	Colin Fleming	//<![CDATA[
304	fbf672cb	Matthew Grooms
305	6306b5dd	Ermal Lu?i	function server_typechange(typ) {
306	fbf672cb	Matthew Grooms
307	6306b5dd	Ermal Lu?i	var idx = 0;
308			if (!typ) {
309			idx = document.getElementById("type").selectedIndex;
310			typ = document.getElementById("type").options[idx].value;
311	fbf672cb	Matthew Grooms	}
312
313	6306b5dd	Ermal Lu?i	switch (typ) {
314	fbf672cb	Matthew Grooms	case "ldap":
315			document.getElementById("ldap").style.display="";
316			document.getElementById("radius").style.display="none";
317			break;
318			case "radius":
319			document.getElementById("ldap").style.display="none";
320			document.getElementById("radius").style.display="";
321			break;
322			}
323			}
324
325			function ldap_urlchange() {
326	6306b5dd	Ermal Lu?i	switch (document.getElementById("ldap_urltype").selectedIndex) {
327	fbf672cb	Matthew Grooms	<?php
328			$index = 0;
329			foreach ($ldap_urltypes as $urltype => $urlport):
330			?>
331			case <?=$index;?>:
332	6306b5dd	Ermal Lu?i	document.getElementById("ldap_port").value = "<?=$urlport;?>";
333	fbf672cb	Matthew Grooms	break;
334			<?php
335			$index++;
336			endforeach;
337			?>
338			}
339			}
340
341			function ldap_bindchange() {
342
343	6306b5dd	Ermal Lu?i	if (document.getElementById("ldap_anon").checked)
344	fbf672cb	Matthew Grooms	document.getElementById("ldap_bind").style.display="none";
345			else
346			document.getElementById("ldap_bind").style.display="";
347			}
348
349			function ldap_tmplchange(){
350	6306b5dd	Ermal Lu?i	switch (document.getElementById("ldap_tmpltype").selectedIndex) {
351	fbf672cb	Matthew Grooms	<?php
352			$index = 0;
353			foreach ($ldap_templates as $tmpldata):
354			?>
355			case <?=$index;?>:
356	6306b5dd	Ermal Lu?i	document.getElementById("ldap_attr_user").value = "<?=$tmpldata['attr_user'];?>";
357			document.getElementById("ldap_attr_group").value = "<?=$tmpldata['attr_group'];?>";
358			document.getElementById("ldap_attr_member").value = "<?=$tmpldata['attr_member'];?>";
359	fbf672cb	Matthew Grooms	break;
360			<?php
361			$index++;
362			endforeach;
363			?>
364			}
365			}
366
367			function radius_srvcschange(){
368	6306b5dd	Ermal Lu?i	switch (document.getElementById("radius_srvcs").selectedIndex) {
369	fbf672cb	Matthew Grooms	case 0: // both
370			document.getElementById("radius_auth").style.display="";
371			document.getElementById("radius_acct").style.display="";
372			break;
373			case 1: // authentication
374			document.getElementById("radius_auth").style.display="";
375			document.getElementById("radius_acct").style.display="none";
376			break;
377			case 2: // accounting
378			document.getElementById("radius_auth").style.display="none";
379			document.getElementById("radius_acct").style.display="";
380			break;
381			}
382			}
383
384	6306b5dd	Ermal Lu?i	function select_clicked() {
385	7a938f1b	Ermal	if (document.getElementById("ldap_port").value == '' \|\|
386			document.getElementById("ldap_host").value == '' \|\|
387			document.getElementById("ldap_scope").value == '' \|\|
388			document.getElementById("ldap_basedn").value == '' \|\|
389			document.getElementById("ldapauthcontainers").value == '') {
390	257705ca	Renato Botelho	alert("<?=gettext("Please fill the required values.");?>");
391	7a938f1b	Ermal	return;
392			}
393			if (!document.getElementById("ldap_anon").checked) {
394			if (document.getElementById("ldap_binddn").value == '' \|\|
395			document.getElementById("ldap_bindpw").value == '') {
396	257705ca	Renato Botelho	alert("<?=gettext("Please fill the bind username/password.");?>");
397	7a938f1b	Ermal	return;
398			}
399			}
400	6306b5dd	Ermal Lu?i	var url = 'system_usermanager_settings_ldapacpicker.php?';
401			url += 'port=' + document.getElementById("ldap_port").value;
402			url += '&host=' + document.getElementById("ldap_host").value;
403			url += '&scope=' + document.getElementById("ldap_scope").value;
404			url += '&basedn=' + document.getElementById("ldap_basedn").value;
405			url += '&binddn=' + document.getElementById("ldap_binddn").value;
406			url += '&bindpw=' + document.getElementById("ldap_bindpw").value;
407			url += '&urltype=' + document.getElementById("ldap_urltype").value;
408			url += '&proto=' + document.getElementById("ldap_protver").value;
409			url += '&authcn=' + document.getElementById("ldapauthcontainers").value;
410	0aee7a76	Ermal	<?php if (count($a_ca) > 0): ?>
411			url += '&cert=' + document.getElementById("ldap_caref").value;
412			<?php else: ?>
413			url += '&cert=';
414			<?php endif; ?>
415	6306b5dd	Ermal Lu?i
416			var oWin = window.open(url,"pfSensePop","width=620,height=400,top=150,left=150");
417			if (oWin==null \|\| typeof(oWin)=="undefined")
418	257705ca	Renato Botelho	alert("<?=gettext('Popup blocker detected. Action aborted.');?>");
419	6306b5dd	Ermal Lu?i	}
420	0f3a8925	Colin Fleming	//]]>
421	fbf672cb	Matthew Grooms	</script>
422			<?php
423			if ($input_errors)
424			print_input_errors($input_errors);
425			if ($savemsg)
426			print_info_box($savemsg);
427			?>
428	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="auth servers">
429	fbf672cb	Matthew Grooms	<tr>
430	e30001cf	Matthew Grooms	<td>
431	fbf672cb	Matthew Grooms	<?php
432			$tab_array = array();
433			$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
434			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
435			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
436	d799787e	Matthew Grooms	$tab_array[] = array(gettext("Servers"), true, "system_authservers.php");
437	fbf672cb	Matthew Grooms	display_top_tabs($tab_array);
438			?>
439			</td>
440			</tr>
441			<tr>
442	e30001cf	Matthew Grooms	<td id="mainarea">
443			<div class="tabcont">
444
445			<?php if ($act == "new" \|\| $act == "edit" \|\| $input_errors): ?>
446
447			<form action="system_authservers.php" method="post" name="iform" id="iform">
448	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
449	e30001cf	Matthew Grooms	<tr>
450			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
451			<td width="78%" class="vtable">
452	3de94477	Ermal Lu?i	<?php if (!isset($id)): ?>
453	e30001cf	Matthew Grooms	<input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"/>
454	3de94477	Ermal Lu?i	<?php else: ?>
455	dd5bf424	Scott Ullrich	<strong><?=htmlspecialchars($pconfig['name']);?></strong>
456	3de94477	Ermal Lu?i	<input name='name' type='hidden' id='name' value="<?=htmlspecialchars($pconfig['name']);?>"/>
457			<?php endif; ?>
458	e30001cf	Matthew Grooms	</td>
459			</tr>
460			<tr>
461			<td width="22%" valign="top" class="vncellreq"><?=gettext("Type");?></td>
462			<td width="78%" class="vtable">
463			<?php if (!isset($id)): ?>
464			<select name='type' id='type' class="formselect" onchange='server_typechange()'>
465			<?php
466			foreach ($auth_server_types as $typename => $typedesc ):
467			$selected = "";
468			if ($pconfig['type'] == $typename)
469	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
470	e30001cf	Matthew Grooms	?>
471			<option value="<?=$typename;?>" <?=$selected;?>><?=$typedesc;?></option>
472			<?php endforeach; ?>
473			</select>
474			<?php else: ?>
475			<strong><?=$auth_server_types[$pconfig['type']];?></strong>
476			<input name='type' type='hidden' id='type' value="<?=htmlspecialchars($pconfig['type']);?>"/>
477			<?php endif; ?>
478			</td>
479			</tr>
480			</table>
481
482	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="ldap" style="display:none" summary="">
483	e30001cf	Matthew Grooms	<tr>
484			<td colspan="2" class="list" height="12"></td>
485			</tr>
486			<tr>
487	257705ca	Renato Botelho	<td colspan="2" valign="top" class="listtopic"><?=gettext("LDAP Server Settings");?></td>
488	e30001cf	Matthew Grooms	</tr>
489			<tr>
490			<td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP address");?></td>
491			<td width="78%" class="vtable">
492			<input name="ldap_host" type="text" class="formfld unknown" id="ldap_host" size="20" value="<?=htmlspecialchars($pconfig['ldap_host']);?>"/>
493	1525fe1f	jim-p	<br /><?= gettext("NOTE: When using SSL, this hostname MUST match the Common Name (CN) of the LDAP server's SSL Certificate."); ?>
494	e30001cf	Matthew Grooms	</td>
495			</tr>
496			<tr>
497			<td width="22%" valign="top" class="vncellreq"><?=gettext("Port value");?></td>
498			<td width="78%" class="vtable">
499			<input name="ldap_port" type="text" class="formfld unknown" id="ldap_port" size="5" value="<?=htmlspecialchars($pconfig['ldap_port']);?>"/>
500			</td>
501			</tr>
502			<tr>
503			<td width="22%" valign="top" class="vncellreq"><?=gettext("Transport");?></td>
504			<td width="78%" class="vtable">
505			<select name='ldap_urltype' id='ldap_urltype' class="formselect" onchange='ldap_urlchange()'>
506			<?php
507			foreach ($ldap_urltypes as $urltype => $urlport):
508			$selected = "";
509			if ($pconfig['ldap_urltype'] == $urltype)
510	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
511	e30001cf	Matthew Grooms	?>
512			<option value="<?=$urltype;?>" <?=$selected;?>><?=$urltype;?></option>
513			<?php endforeach; ?>
514			</select>
515			</td>
516			</tr>
517	fe2031ab	Ermal	<tr id="tls_ca">
518			<td width="22%" valign="top" class="vncell"><?=gettext("Peer Certificate Authority"); ?></td>
519			<td width="78%" class="vtable">
520			<?php if (count($a_ca)): ?>
521	a8db7391	Ermal	<select id='ldap_caref' name='ldap_caref' class="formselect">
522	fe2031ab	Ermal	<?php
523			foreach ($a_ca as $ca):
524			$selected = "";
525			if ($pconfig['ldap_caref'] == $ca['refid'])
526	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
527	fe2031ab	Ermal	?>
528			<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
529			<?php endforeach; ?>
530			</select>
531			<br/><span><?=gettext("This option is used if 'SSL Encrypted' option is choosen.");?> <br/>
532			<?=gettext("It must match with the CA in the AD otherwise problems will arise.");?></span>
533			<?php else: ?>
534			<b>No Certificate Authorities defined.</b> <br/>Create one under <a href="system_camanager.php">System > Cert Manager</a>.
535			<?php endif; ?>
536			</td>
537			</tr>
538	e30001cf	Matthew Grooms	<tr>
539			<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol version");?></td>
540			<td width="78%" class="vtable">
541			<select name='ldap_protver' id='ldap_protver' class="formselect">
542			<?php
543			foreach ($ldap_protvers as $version):
544			$selected = "";
545			if ($pconfig['ldap_protver'] == $version)
546	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
547	e30001cf	Matthew Grooms	?>
548			<option value="<?=$version;?>" <?=$selected;?>><?=$version;?></option>
549			<?php endforeach; ?>
550			</select>
551			</td>
552			</tr>
553			<tr>
554	64ce9d72	jim-p	<td width="22%" valign="top" class="vncell"><?=gettext("Search scope");?></td>
555	e30001cf	Matthew Grooms	<td width="78%" class="vtable">
556	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="search scope">
557	e30001cf	Matthew Grooms	<tr>
558	ea53e38f	Renato Botelho	<td><?=gettext("Level:");?>  </td>
559	e30001cf	Matthew Grooms	<td>
560			<select name='ldap_scope' id='ldap_scope' class="formselect">
561			<?php
562			foreach ($ldap_scopes as $scopename => $scopedesc):
563			$selected = "";
564			if ($pconfig['ldap_scope'] == $scopename)
565	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
566	e30001cf	Matthew Grooms	?>
567			<option value="<?=$scopename;?>" <?=$selected;?>><?=$scopedesc;?></option>
568			<?php endforeach; ?>
569			</select>
570			</td>
571			</tr>
572			<tr>
573	ea53e38f	Renato Botelho	<td><?=gettext("Base DN:");?>  </td>
574	e30001cf	Matthew Grooms	<td>
575			<input name="ldap_basedn" type="text" class="formfld unknown" id="ldap_basedn" size="40" value="<?=htmlspecialchars($pconfig['ldap_basedn']);?>"/>
576			</td>
577			</tr>
578			</table>
579
580			</td>
581			</tr>
582	c61e4626	Ermal Lu?i	<tr>
583	6d78607d	Renato Botelho	<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication containers");?></td>
584			<td width="78%" class="vtable">
585	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="auth containers">
586	6d78607d	Renato Botelho	<tr>
587	ea53e38f	Renato Botelho	<td><?=gettext("Containers:");?>  </td>
588	6d78607d	Renato Botelho	<td>
589	0f3a8925	Colin Fleming	<input name="ldapauthcontainers" type="text" class="formfld unknown" id="ldapauthcontainers" size="40" value="<?=htmlspecialchars($pconfig['ldap_authcn']);?>"/>
590			<input type="button" onclick="select_clicked();" value="<?=gettext("Select");?>" />
591	beaab622	Warren Baker	<br /><?=gettext("Note: Semi-Colon separated. This will be prepended to the search base dn above or you can specify full container path.");?>
592			<br /><?=gettext("Example: CN=Users;DC=example");?>
593			<br /><?=gettext("Example: CN=Users,DC=example,DC=com;OU=OtherUsers,DC=example,DC=com ");?>
594	6d78607d	Renato Botelho	</td>
595			</tr>
596			</table>
597			</td>
598			</tr>
599	c7073ebf	namezero111111	<tr>
600			<td width="22%" valign="top" class="vncell"><?=gettext("Extended Query");?></td>
601			<td width="78%" class="vtable">
602	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="query">
603	c7073ebf	namezero111111	<tr>
604			<td>
605	0f3a8925	Colin Fleming	<input name="ldap_extended_enabled" type="checkbox" id="ldap_extended_enabled" value="no" <?php if ($pconfig['ldap_extended_enabled']) echo "checked=\"checked\""; ?> />
606	c7073ebf	namezero111111	</td>
607			<td>
608
609			<input name="ldap_extended_query" type="text" class="formfld unknown" id="ldap_extended_query" size="40" value="<?=htmlspecialchars($pconfig['ldap_extended_query']);?>"/>
610			<br /><?=gettext("Example: CN=Groupname,OU=MyGroups,DC=example,DC=com;OU=OtherUsers,DC=example,DC=com ");?>
611			</td>
612			</tr>
613			</table>
614			</td>
615			</tr>
616	e30001cf	Matthew Grooms	<tr>
617			<td width="22%" valign="top" class="vncell"><?=gettext("Bind credentials");?></td>
618			<td width="78%" class="vtable">
619	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="bind credentials">
620	e30001cf	Matthew Grooms	<tr>
621			<td>
622	0f3a8925	Colin Fleming	<input name="ldap_anon" type="checkbox" id="ldap_anon" value="yes" <?php if ($pconfig['ldap_anon']) echo "checked=\"checked\""; ?> onclick="ldap_bindchange()" />
623	e30001cf	Matthew Grooms	</td>
624			<td>
625	257705ca	Renato Botelho	<?=gettext("Use anonymous binds to resolve distinguished names");?>
626	e30001cf	Matthew Grooms	</td>
627			</tr>
628			</table>
629	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" id="ldap_bind" summary="bind">
630	e30001cf	Matthew Grooms	<tr>
631			<td colspan="2"></td>
632			</tr>
633			<tr>
634	ea53e38f	Renato Botelho	<td><?=gettext("User DN:");?>  </td>
635	e30001cf	Matthew Grooms	<td>
636			<input name="ldap_binddn" type="text" class="formfld unknown" id="ldap_binddn" size="40" value="<?=htmlspecialchars($pconfig['ldap_binddn']);?>"/><br/>
637			</td>
638			</tr>
639			<tr>
640	ea53e38f	Renato Botelho	<td><?=gettext("Password:");?>  </td>
641	e30001cf	Matthew Grooms	<td>
642			<input name="ldap_bindpw" type="password" class="formfld pwd" id="ldap_bindpw" size="20" value="<?=htmlspecialchars($pconfig['ldap_bindpw']);?>"/><br/>
643			</td>
644			</tr>
645			</table>
646			</td>
647			</tr>
648			<?php if (!isset($id)): ?>
649			<tr>
650			<td width="22%" valign="top" class="vncell"><?=gettext("Initial Template");?></td>
651			<td width="78%" class="vtable">
652			<select name='ldap_tmpltype' id='ldap_tmpltype' class="formselect" onchange='ldap_tmplchange()'>
653			<?php
654			foreach ($ldap_templates as $tmplname => $tmpldata):
655			$selected = "";
656			if ($pconfig['ldap_template'] == $tmplname)
657	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
658	e30001cf	Matthew Grooms	?>
659			<option value="<?=$tmplname;?>" <?=$selected;?>><?=$tmpldata['desc'];?></option>
660			<?php endforeach; ?>
661			</select>
662			</td>
663			</tr>
664			<?php endif; ?>
665			<tr>
666			<td width="22%" valign="top" class="vncell"><?=gettext("User naming attribute");?></td>
667			<td width="78%" class="vtable">
668			<input name="ldap_attr_user" type="text" class="formfld unknown" id="ldap_attr_user" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_user']);?>"/>
669			</td>
670			</tr>
671			<tr>
672			<td width="22%" valign="top" class="vncell"><?=gettext("Group naming attribute");?></td>
673			<td width="78%" class="vtable">
674			<input name="ldap_attr_group" type="text" class="formfld unknown" id="ldap_attr_group" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_group']);?>"/>
675			</td>
676			</tr>
677			<tr>
678			<td width="22%" valign="top" class="vncell"><?=gettext("Group member attribute");?></td>
679			<td width="78%" class="vtable">
680			<input name="ldap_attr_member" type="text" class="formfld unknown" id="ldap_attr_member" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_member']);?>"/>
681			</td>
682			</tr>
683			</table>
684
685	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="radius" style="display:none" summary="">
686	e30001cf	Matthew Grooms	<tr>
687			<td colspan="2" class="list" height="12"></td>
688			</tr>
689			<tr>
690	257705ca	Renato Botelho	<td colspan="2" valign="top" class="listtopic"><?=gettext("Radius Server Settings");?></td>
691	e30001cf	Matthew Grooms	</tr>
692			<tr>
693			<td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP address");?></td>
694			<td width="78%" class="vtable">
695			<input name="radius_host" type="text" class="formfld unknown" id="radius_host" size="20" value="<?=htmlspecialchars($pconfig['radius_host']);?>"/>
696			</td>
697			</tr>
698			<tr>
699			<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Secret");?></td>
700			<td width="78%" class="vtable">
701			<input name="radius_secret" type="password" class="formfld pwd" id="radius_secret" size="20" value="<?=htmlspecialchars($pconfig['radius_secret']);?>"/>
702			</td>
703			</tr>
704			<tr>
705			<td width="22%" valign="top" class="vncellreq"><?=gettext("Services offered");?></td>
706			<td width="78%" class="vtable">
707			<select name='radius_srvcs' id='radius_srvcs' class="formselect" onchange='radius_srvcschange()'>
708			<?php
709			foreach ($radius_srvcs as $srvcname => $srvcdesc):
710			$selected = "";
711			if ($pconfig['radius_srvcs'] == $srvcname)
712	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
713	e30001cf	Matthew Grooms	?>
714			<option value="<?=$srvcname;?>" <?=$selected;?>><?=$srvcdesc;?></option>
715			<?php endforeach; ?>
716			</select>
717			</td>
718			</tr>
719			<tr id="radius_auth">
720			<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication port value");?></td>
721			<td width="78%" class="vtable">
722			<input name="radius_auth_port" type="text" class="formfld unknown" id="radius_auth_port" size="5" value="<?=htmlspecialchars($pconfig['radius_auth_port']);?>"/>
723			</td>
724			</tr>
725			<tr id="radius_acct">
726			<td width="22%" valign="top" class="vncellreq"><?=gettext("Accounting port value");?></td>
727			<td width="78%" class="vtable">
728			<input name="radius_acct_port" type="text" class="formfld unknown" id="radius_acct_port" size="5" value="<?=htmlspecialchars($pconfig['radius_acct_port']);?>"/>
729			</td>
730			</tr>
731	bddd2be8	jim-p	<tr>
732			<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication Timeout");?></td>
733			<td width="78%" class="vtable">
734			<input name="radius_timeout" type="text" class="formfld unknown" id="radius_timeout" size="20" value="<?=htmlspecialchars($pconfig['radius_timeout']);?>"/>
735			<br /><?= gettext("This value controls how long, in seconds, that the RADIUS server may take to respond to an authentication request.") ?>
736			<br /><?= gettext("If left blank, the default value is 5 seconds.") ?>
737			<br /><br /><?= gettext("NOTE: If you are using an interactive two-factor authentication system, increase this timeout to account for how long it will take the user to receive and enter a token.") ?>
738			</td>
739			</tr>
740	e30001cf	Matthew Grooms	</table>
741
742	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="">
743	e30001cf	Matthew Grooms	<tr>
744			<td width="22%" valign="top"> </td>
745			<td width="78%">
746	257705ca	Renato Botelho	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
747	e30001cf	Matthew Grooms	<?php if (isset($id) && $a_server[$id]): ?>
748			<input name="id" type="hidden" value="<?=$id;?>" />
749			<?php endif;?>
750			</td>
751			</tr>
752			</table>
753			</form>
754
755			<?php else: ?>
756
757	0f3a8925	Colin Fleming	<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="">
758	5b42a459	bcyrill	<thead>
759			<tr>
760			<th width="25%" class="listhdrr"><?=gettext("Server Name");?></th>
761			<th width="25%" class="listhdrr"><?=gettext("Type");?></th>
762			<th width="35%" class="listhdrr"><?=gettext("Host Name");?></th>
763			<th width="10%" class="list"></th>
764			</tr>
765			</thead>
766	0f3a8925	Colin Fleming	<tfoot>
767			<tr>
768			<td class="list" colspan="3"></td>
769			<td class="list">
770			<a href="system_authservers.php?act=new">
771			<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add server");?>" alt="<?=gettext("add server");?>" width="17" height="17" border="0" />
772			</a>
773			</td>
774			</tr>
775			<tr>
776			<td colspan="3">
777			<p>
778			<?=gettext("Additional authentication servers can be added here.");?>
779			</p>
780			</td>
781			</tr>
782			</tfoot>
783	5b42a459	bcyrill	<tbody>
784			<?php
785			$i = 0;
786			foreach($a_server as $server):
787			$name = htmlspecialchars($server['name']);
788			$type = htmlspecialchars($auth_server_types[$server['type']]);
789			$host = htmlspecialchars($server['host']);
790			?>
791	0f3a8925	Colin Fleming	<tr <?php if ($i < (count($a_server) - 1)): ?> ondblclick="document.location='system_authservers.php?act=edit&id=<?=$i;?>'" <?php endif; ?>>
792	5b42a459	bcyrill	<td class="listlr"><?=$name?> </td>
793			<td class="listr"><?=$type;?> </td>
794			<td class="listr"><?=$host;?> </td>
795	0f3a8925	Colin Fleming	<td valign="middle" class="list nowrap">
796	5b42a459	bcyrill	<?php if ($i < (count($a_server) - 1)): ?>
797	0f3a8925	Colin Fleming	<a href="system_authservers.php?act=edit&id=<?=$i;?>">
798	5b42a459	bcyrill	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit server");?>" alt="<?=gettext("edit server");?>" width="17" height="17" border="0" />
799			</a>
800
801	0f3a8925	Colin Fleming	<a href="system_authservers.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Server?");?>')">
802	5b42a459	bcyrill	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete server");?>" alt="<?=gettext("delete server");?>" width="17" height="17" border="0" />
803			</a>
804			<?php endif; ?>
805			</td>
806			</tr>
807			<?php
808			$i++; endforeach;
809			?>
810			</tbody>
811	fbf672cb	Matthew Grooms	</table>
812
813	e30001cf	Matthew Grooms	<?php endif; ?>
814	fbf672cb	Matthew Grooms
815	e30001cf	Matthew Grooms	</div>
816	fbf672cb	Matthew Grooms	</td>
817			</tr>
818			</table>
819	be934aad	Ermal Lu?i	<?php include("fend.inc"); ?>
820	fbf672cb	Matthew Grooms	<script type="text/javascript">
821	0f3a8925	Colin Fleming	//<![CDATA[
822	dd5bf424	Scott Ullrich	server_typechange('<?=htmlspecialchars($pconfig['type']);?>');
823	fbf672cb	Matthew Grooms	<?php if (!isset($id) \|\| $pconfig['type'] == "ldap"): ?>
824			ldap_bindchange();
825	8f096822	jim-p	if (document.getElementById("ldap_port").value == "")
826			ldap_urlchange();
827	6306b5dd	Ermal Lu?i	<?php if (!isset($id)): ?>
828	fbf672cb	Matthew Grooms	ldap_tmplchange();
829	ee9933b6	Renato Botelho	<?php endif; ?>
830			<?php endif; ?>
831	fbf672cb	Matthew Grooms	<?php if (!isset($id) \|\| $pconfig['type'] == "radius"): ?>
832			radius_srvcschange();
833	ee9933b6	Renato Botelho	<?php endif; ?>
834	0f3a8925	Colin Fleming	//]]>
835	fbf672cb	Matthew Grooms	</script>
836			</body>
837	0f3a8925	Colin Fleming	</html>

Project

General

Profile

pfSense