/src/usr/local/www/system_authservers.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/usr/local/www/system_authservers.php @ e8e3fd22

1	fbf672cb	Matthew Grooms	<?php
2			/*
3	c5d81585	Renato Botelho	* system_authservers.php
4	ac9d8bed	Stephen Beaver	*
5	c5d81585	Renato Botelho	* part of pfSense (https://www.pfsense.org)
6	38809d47	Renato Botelho do Couto	* Copyright (c) 2004-2013 BSD Perimeter
7			* Copyright (c) 2013-2016 Electric Sheep Fencing
8	0284d79e	jim-p	* Copyright (c) 2014-2020 Rubicon Communications, LLC (Netgate)
9	c5d81585	Renato Botelho	* Copyright (c) 2008 Shrew Soft Inc
10			* All rights reserved.
11	ac9d8bed	Stephen Beaver	*
12	b12ea3fb	Renato Botelho	* Licensed under the Apache License, Version 2.0 (the "License");
13			* you may not use this file except in compliance with the License.
14			* You may obtain a copy of the License at
15	ac9d8bed	Stephen Beaver	*
16	b12ea3fb	Renato Botelho	* http://www.apache.org/licenses/LICENSE-2.0
17	ac9d8bed	Stephen Beaver	*
18	b12ea3fb	Renato Botelho	* Unless required by applicable law or agreed to in writing, software
19			* distributed under the License is distributed on an "AS IS" BASIS,
20			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21			* See the License for the specific language governing permissions and
22			* limitations under the License.
23	ac9d8bed	Stephen Beaver	*/
24	fbf672cb	Matthew Grooms
25			##\|+PRIV
26			##\|*IDENT=page-system-authservers
27			##\|*NAME=System: Authentication Servers
28			##\|*DESCR=Allow access to the 'System: Authentication Servers' page.
29	57188e47	Phil Davis	##\|*WARN=standard-warning-root
30	fbf672cb	Matthew Grooms	##\|MATCH=system_authservers.php
31			##\|-PRIV
32
33	c81ef6e2	Phil Davis	require_once("guiconfig.inc");
34	acee624f	Ermal Lu?i	require_once("auth.inc");
35	b4097bca	doktornotor	require_once("pfsense-utils.inc");
36	fbf672cb	Matthew Grooms
37	098604d3	Stephen Beaver	// Have we been called to populate the "Select a container" modal?
38			if ($_REQUEST['ajax']) {
39
40			$ous = array();
41			$authcfg = array();
42
43			$authcfg['ldap_port'] = $_REQUEST['port'];
44			$authcfg['ldap_basedn'] = $_REQUEST['basedn'];
45			$authcfg['host'] = $_REQUEST['host'];
46			$authcfg['ldap_scope'] = $_REQUEST['scope'];
47			$authcfg['ldap_binddn'] = $_REQUEST['binddn'];
48			$authcfg['ldap_bindpw'] = $_REQUEST['bindpw'];
49			$authcfg['ldap_urltype'] = $_REQUEST['urltype'];
50			$authcfg['ldap_protver'] = $_REQUEST['proto'];
51			$authcfg['ldap_authcn'] = explode(";", $_REQUEST['authcn']);
52			$authcfg['ldap_caref'] = $_REQUEST['cert'];
53
54			$ous = ldap_get_user_ous(true, $authcfg);
55
56			if (empty($ous)) {
57	89140b63	NOYB	print('<span class="text-danger">Could not connect to the LDAP server. Please check the LDAP configuration.</span>');
58	098604d3	Stephen Beaver	} else {
59	697b1e07	Stephen Beaver	$modal = new Modal("Select LDAP containers for authentication", "containers", true);
60	098604d3	Stephen Beaver	$group = new Form_MultiCheckboxGroup('Containers');
61
62			if (is_array($ous)) {
63			$idx = 0;
64
65			foreach ($ous as $ou) {
66			$group->add(new Form_MultiCheckbox(
67			'ou' . $idx,
68			'',
69			$ou,
70			in_array($ou, $authcfg['ldap_authcn']),
71			$ou
72			));
73
74			$idx++;
75			}
76			}
77
78	697b1e07	Stephen Beaver	$modal->add($group);
79	098604d3	Stephen Beaver
80			// Create a "Save button"
81	697b1e07	Stephen Beaver
82			$btnsv = new Form_Button(
83	098604d3	Stephen Beaver	'svcontbtn',
84			'Save',
85			null,
86			'fa-save'
87			);
88
89	697b1e07	Stephen Beaver	$btnsv->removeClass("btn-default)")->addClass("btn-primary");
90	098604d3	Stephen Beaver
91	697b1e07	Stephen Beaver	$modal->addInput(new Form_StaticText(
92	098604d3	Stephen Beaver	'',
93	697b1e07	Stephen Beaver	$btnsv
94	098604d3	Stephen Beaver	));
95
96	697b1e07	Stephen Beaver	print($modal);
97	098604d3	Stephen Beaver	}
98
99			exit;
100			}
101
102	4611e283	Steve Beaver	$id = $_REQUEST['id'];
103	fbf672cb	Matthew Grooms
104	2ee8dea1	Phil Davis	if (!is_array($config['system']['authserver'])) {
105	fbf672cb	Matthew Grooms	$config['system']['authserver'] = array();
106	2ee8dea1	Phil Davis	}
107	fbf672cb	Matthew Grooms
108	4e4cac0d	jim-p	$a_server = array_values(auth_get_authserver_list());
109	59d06739	Steve Beaver
110	c6c398c6	jim-p	init_config_arr(array('ca'));
111			$a_ca = &$config['ca'];
112	fe2031ab	Ermal
113	4611e283	Steve Beaver	$act = $_REQUEST['act'];
114	fbf672cb	Matthew Grooms
115	4611e283	Steve Beaver	if ($_POST['act'] == "del") {
116	fbf672cb	Matthew Grooms
117	59d06739	Steve Beaver	if (!$a_server[$_POST['id']]) {
118	fbf672cb	Matthew Grooms	pfSenseHeader("system_authservers.php");
119			exit;
120			}
121
122	9db6993f	jim-p	/* Remove server from main list. */
123	59d06739	Steve Beaver	$serverdeleted = $a_server[$_POST['id']]['name'];
124	9db6993f	jim-p	foreach ($config['system']['authserver'] as $k => $as) {
125	2ee8dea1	Phil Davis	if ($config['system']['authserver'][$k]['name'] == $serverdeleted) {
126	9db6993f	jim-p	unset($config['system']['authserver'][$k]);
127	2ee8dea1	Phil Davis	}
128	9db6993f	jim-p	}
129
130			/* Remove server from temp list used later on this page. */
131	59d06739	Steve Beaver	unset($a_server[$_POST['id']]);
132	4e4cac0d	jim-p	$a_server = array_values($a_server);
133	9db6993f	jim-p
134	8545adde	k-paulius	$savemsg = sprintf(gettext("Authentication Server %s deleted."), htmlspecialchars($serverdeleted));
135	9db6993f	jim-p	write_config($savemsg);
136	fbf672cb	Matthew Grooms	}
137
138			if ($act == "edit") {
139			if (isset($id) && $a_server[$id]) {
140
141			$pconfig['type'] = $a_server[$id]['type'];
142			$pconfig['name'] = $a_server[$id]['name'];
143
144			if ($pconfig['type'] == "ldap") {
145	fe2031ab	Ermal	$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
146	fbf672cb	Matthew Grooms	$pconfig['ldap_host'] = $a_server[$id]['host'];
147			$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
148	d6b4dfe3	jim-p	$pconfig['ldap_timeout'] = $a_server[$id]['ldap_timeout'];
149	fbf672cb	Matthew Grooms	$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
150			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
151			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
152			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
153	c61e4626	Ermal Lu?i	$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
154	c7073ebf	namezero111111	$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
155			$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
156	fbf672cb	Matthew Grooms	$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
157			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
158			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
159			$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
160			$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
161	149efbea	jim-p	$pconfig['ldap_attr_groupobj'] = $a_server[$id]['ldap_attr_groupobj'];
162	a5cd1c5a	jim-p	$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
163			$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
164	eeceb2ca	Augustin-FL	$pconfig['ldap_allow_unauthenticated'] = isset($a_server[$id]['ldap_allow_unauthenticated']);
165	149efbea	jim-p	$pconfig['ldap_rfc2307'] = isset($a_server[$id]['ldap_rfc2307']);
166	fbf672cb	Matthew Grooms
167	2ee8dea1	Phil Davis	if (!$pconfig['ldap_binddn'] \|\| !$pconfig['ldap_bindpw']) {
168	fbf672cb	Matthew Grooms	$pconfig['ldap_anon'] = true;
169	2ee8dea1	Phil Davis	}
170	fbf672cb	Matthew Grooms	}
171
172			if ($pconfig['type'] == "radius") {
173	9da4a575	Renato Botelho	$pconfig['radius_protocol'] = $a_server[$id]['radius_protocol'];
174	fbf672cb	Matthew Grooms	$pconfig['radius_host'] = $a_server[$id]['host'];
175	f15fdef3	Augustin FL	$pconfig['radius_nasip_attribute'] = $a_server[$id]['radius_nasip_attribute'];
176	fbf672cb	Matthew Grooms	$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
177			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
178	e8a58de4	Ermal Lu?i	$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
179	bddd2be8	jim-p	$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
180	fbf672cb	Matthew Grooms
181			if ($pconfig['radius_auth_port'] &&
182	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
183	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "both";
184			}
185
186	2ee8dea1	Phil Davis	if ($pconfig['radius_auth_port'] &&
187	ac9d8bed	Stephen Beaver	!$pconfig['radius_acct_port']) {
188	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "auth";
189	acee624f	Ermal Lu?i	$pconfig['radius_acct_port'] = 1813;
190	fbf672cb	Matthew Grooms	}
191
192			if (!$pconfig['radius_auth_port'] &&
193	ac9d8bed	Stephen Beaver	$pconfig['radius_acct_port']) {
194	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "acct";
195	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = 1812;
196	fbf672cb	Matthew Grooms	}
197
198			}
199			}
200			}
201
202			if ($act == "new") {
203			$pconfig['ldap_protver'] = 3;
204			$pconfig['ldap_anon'] = true;
205	9da4a575	Renato Botelho	$pconfig['radius_protocol'] = "MSCHAPv2";
206	fbf672cb	Matthew Grooms	$pconfig['radius_srvcs'] = "both";
207	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = "1812";
208			$pconfig['radius_acct_port'] = "1813";
209	fbf672cb	Matthew Grooms	}
210
211	59d06739	Steve Beaver	if ($_POST['save']) {
212	fbf672cb	Matthew Grooms	unset($input_errors);
213			$pconfig = $_POST;
214
215			/* input validation */
216
217			if ($pconfig['type'] == "ldap") {
218	2ee8dea1	Phil Davis	$reqdfields = explode(" ",
219			"name type ldap_host ldap_port " .
220			"ldap_urltype ldap_protver ldap_scope " .
221			"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
222	7b4b0ad3	Stephen Beaver
223	257705ca	Renato Botelho	$reqdfieldsn = array(
224			gettext("Descriptive name"),
225			gettext("Type"),
226			gettext("Hostname or IP"),
227			gettext("Port value"),
228			gettext("Transport"),
229			gettext("Protocol version"),
230			gettext("Search level"),
231			gettext("User naming Attribute"),
232			gettext("Group naming Attribute"),
233			gettext("Group member attribute"),
234			gettext("Authentication container"));
235	fbf672cb	Matthew Grooms
236			if (!$pconfig['ldap_anon']) {
237			$reqdfields[] = "ldap_binddn";
238			$reqdfields[] = "ldap_bindpw";
239	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Bind user DN");
240			$reqdfieldsn[] = gettext("Bind Password");
241	fbf672cb	Matthew Grooms	}
242			}
243
244			if ($pconfig['type'] == "radius") {
245	9da4a575	Renato Botelho	$reqdfields = explode(" ", "name type radius_protocol radius_host radius_srvcs");
246	257705ca	Renato Botelho	$reqdfieldsn = array(
247			gettext("Descriptive name"),
248			gettext("Type"),
249	9da4a575	Renato Botelho	gettext("Radius Protocol"),
250	257705ca	Renato Botelho	gettext("Hostname or IP"),
251			gettext("Services"));
252	fbf672cb	Matthew Grooms
253	0a6ab475	hamnur	if ($pconfig['radius_srvcs'] == "both" \|\|
254			$pconfig['radius_srvcs'] == "auth") {
255	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_auth_port";
256	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Authentication port");
257	fbf672cb	Matthew Grooms	}
258
259	0a6ab475	hamnur	if ($pconfig['radius_srvcs'] == "both" \|\|
260			$pconfig['radius_srvcs'] == "acct") {
261	fbf672cb	Matthew Grooms	$reqdfields[] = "radius_acct_port";
262	81ec3187	Chris Buechler	$reqdfieldsn[] = gettext("Accounting port");
263	fbf672cb	Matthew Grooms	}
264
265			if (!isset($id)) {
266			$reqdfields[] = "radius_secret";
267	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Shared Secret");
268	fbf672cb	Matthew Grooms	}
269			}
270
271	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
272	fbf672cb	Matthew Grooms
273	2ee8dea1	Phil Davis	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host'])) {
274	fbf672cb	Matthew Grooms	$input_errors[] = gettext("The host name contains invalid characters.");
275	2ee8dea1	Phil Davis	}
276	fbf672cb	Matthew Grooms
277	2ee8dea1	Phil Davis	if (auth_get_authserver($pconfig['name']) && !isset($id)) {
278	257705ca	Renato Botelho	$input_errors[] = gettext("An authentication server with the same name already exists.");
279	2ee8dea1	Phil Davis	}
280	acee624f	Ermal Lu?i
281	24c4275d	jim-p	if (isset($id) && $config['system']['authserver'][$id] &&
282			($config['system']['authserver'][$id]['name'] != $pconfig['name'])) {
283			$input_errors[] = gettext("The name of an authentication server cannot be changed.");
284			}
285
286	d6b4dfe3	jim-p	if (($pconfig['type'] == "ldap") \|\| ($pconfig['type'] == "radius")) {
287			$to_field = "{$pconfig['type']}_timeout";
288			if (isset($_POST[$to_field]) && !empty($_POST[$to_field]) && (!is_numeric($_POST[$to_field]) \|\| (is_numeric($_POST[$to_field]) && ($_POST[$to_field] <= 0)))) {
289			$input_errors[] = sprintf(gettext("%s Timeout value must be numeric and positive."), strtoupper($pconfig['type']));
290			}
291	2ee8dea1	Phil Davis	}
292	bddd2be8	jim-p
293	c4a6015b	doktornotor	// https://redmine.pfsense.org/issues/4154
294	a6b610cb	doktornotor	if ($pconfig['type'] == "radius") {
295	c4a6015b	doktornotor	if (is_ipaddrv6($_POST['radius_host'])) {
296			$input_errors[] = gettext("IPv6 does not work for RADIUS authentication, see Bug #4154.");
297			}
298			}
299
300	fbf672cb	Matthew Grooms	if (!$input_errors) {
301			$server = array();
302			$server['refid'] = uniqid();
303	2ee8dea1	Phil Davis	if (isset($id) && $a_server[$id]) {
304	fbf672cb	Matthew Grooms	$server = $a_server[$id];
305	2ee8dea1	Phil Davis	}
306	fbf672cb	Matthew Grooms
307			$server['type'] = $pconfig['type'];
308			$server['name'] = $pconfig['name'];
309
310			if ($server['type'] == "ldap") {
311
312	2ee8dea1	Phil Davis	if (!empty($pconfig['ldap_caref'])) {
313	fe2031ab	Ermal	$server['ldap_caref'] = $pconfig['ldap_caref'];
314	2ee8dea1	Phil Davis	}
315	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['ldap_host'];
316			$server['ldap_port'] = $pconfig['ldap_port'];
317			$server['ldap_urltype'] = $pconfig['ldap_urltype'];
318			$server['ldap_protver'] = $pconfig['ldap_protver'];
319			$server['ldap_scope'] = $pconfig['ldap_scope'];
320			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
321	c61e4626	Ermal Lu?i	$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
322	c7073ebf	namezero111111	$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
323			$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
324	fbf672cb	Matthew Grooms	$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
325			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
326			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
327	149efbea	jim-p
328			$server['ldap_attr_groupobj'] = empty($pconfig['ldap_attr_groupobj']) ? "posixGroup" : $pconfig['ldap_attr_groupobj'];
329
330	2ee8dea1	Phil Davis	if ($pconfig['ldap_utf8'] == "yes") {
331	a5cd1c5a	jim-p	$server['ldap_utf8'] = true;
332	2ee8dea1	Phil Davis	} else {
333	a5cd1c5a	jim-p	unset($server['ldap_utf8']);
334	2ee8dea1	Phil Davis	}
335			if ($pconfig['ldap_nostrip_at'] == "yes") {
336	a5cd1c5a	jim-p	$server['ldap_nostrip_at'] = true;
337	2ee8dea1	Phil Davis	} else {
338	a5cd1c5a	jim-p	unset($server['ldap_nostrip_at']);
339	2ee8dea1	Phil Davis	}
340	eeceb2ca	Augustin-FL	if ($pconfig['ldap_allow_unauthenticated'] == "yes") {
341			$server['ldap_allow_unauthenticated'] = true;
342			} else {
343			unset($server['ldap_allow_unauthenticated']);
344			}
345	149efbea	jim-p	if ($pconfig['ldap_rfc2307'] == "yes") {
346			$server['ldap_rfc2307'] = true;
347			} else {
348			unset($server['ldap_rfc2307']);
349			}
350	a5cd1c5a	jim-p
351	fbf672cb	Matthew Grooms
352			if (!$pconfig['ldap_anon']) {
353			$server['ldap_binddn'] = $pconfig['ldap_binddn'];
354			$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
355			} else {
356			unset($server['ldap_binddn']);
357			unset($server['ldap_bindpw']);
358			}
359	d6b4dfe3	jim-p
360			if ($pconfig['ldap_timeout']) {
361			$server['ldap_timeout'] = $pconfig['ldap_timeout'];
362			} else {
363			$server['ldap_timeout'] = 25;
364			}
365	fbf672cb	Matthew Grooms	}
366
367			if ($server['type'] == "radius") {
368
369	9da4a575	Renato Botelho	$server['radius_protocol'] = $pconfig['radius_protocol'];
370	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['radius_host'];
371	f15fdef3	Augustin FL	$server['radius_nasip_attribute'] = $pconfig['radius_nasip_attribute'];
372	fbf672cb	Matthew Grooms
373	2ee8dea1	Phil Davis	if ($pconfig['radius_secret']) {
374	fbf672cb	Matthew Grooms	$server['radius_secret'] = $pconfig['radius_secret'];
375	2ee8dea1	Phil Davis	}
376	fbf672cb	Matthew Grooms
377	2ee8dea1	Phil Davis	if ($pconfig['radius_timeout']) {
378	bddd2be8	jim-p	$server['radius_timeout'] = $pconfig['radius_timeout'];
379	2ee8dea1	Phil Davis	} else {
380	afdf29d3	jim-p	$server['radius_timeout'] = 5;
381	2ee8dea1	Phil Davis	}
382	bddd2be8	jim-p
383	fbf672cb	Matthew Grooms	if ($pconfig['radius_srvcs'] == "both") {
384			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
385			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
386			}
387
388			if ($pconfig['radius_srvcs'] == "auth") {
389			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
390			unset($server['radius_acct_port']);
391			}
392
393			if ($pconfig['radius_srvcs'] == "acct") {
394			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
395			unset($server['radius_auth_port']);
396			}
397			}
398
399	2ee8dea1	Phil Davis	if (isset($id) && $config['system']['authserver'][$id]) {
400	6306b5dd	Ermal Lu?i	$config['system']['authserver'][$id] = $server;
401	2ee8dea1	Phil Davis	} else {
402	6306b5dd	Ermal Lu?i	$config['system']['authserver'][] = $server;
403	2ee8dea1	Phil Davis	}
404	fbf672cb	Matthew Grooms
405			write_config();
406
407			pfSenseHeader("system_authservers.php");
408			}
409			}
410
411	f15fdef3	Augustin FL	function build_radiusnas_list() {
412			global $config;
413			$list = array();
414
415			$iflist = get_configured_interface_with_descr();
416			foreach ($iflist as $ifdesc => $ifdescr) {
417			$ipaddr = get_interface_ip($ifdesc);
418			if (is_ipaddr($ipaddr)) {
419			$list[$ifdesc] = $ifdescr . ' - ' . $ipaddr;
420			}
421			}
422
423			if (is_array($config['virtualip']['vip'])) {
424			foreach ($config['virtualip']['vip'] as $sn) {
425			if ($sn['mode'] == "proxyarp" && $sn['type'] == "network") {
426			$start = ip2long32(gen_subnet($sn['subnet'], $sn['subnet_bits']));
427			$end = ip2long32(gen_subnet_max($sn['subnet'], $sn['subnet_bits']));
428			$len = $end - $start;
429
430			for ($i = 0; $i <= $len; $i++) {
431			$snip = long2ip32($start+$i);
432			$list[$snip] = $sn['descr'] . ' - ' . $snip;
433			}
434			} else {
435			$list[$sn['subnet']] = $sn['descr'] . ' - ' . $sn['subnet'];
436			}
437			}
438			}
439
440			return($list);
441			}
442
443	1d3259b5	Stephen Beaver	// On error, restore the form contents so the user doesn't have to re-enter too much
444	9d3e8723	Phil Davis	if ($_POST && $input_errors) {
445	504bd882	Stephen Beaver	$pconfig = $_POST;
446			$pconfig['ldap_authcn'] = $_POST['ldapauthcontainers'];
447	b1f0f7e1	Stephen Beaver	$pconfig['ldap_template'] = $_POST['ldap_tmpltype'];
448	504bd882	Stephen Beaver	}
449
450	8f1ab2a4	k-paulius	$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Authentication Servers"));
451	edcd7535	Phil Davis	$pglinks = array("", "system_usermanager.php", "system_authservers.php");
452	8f1ab2a4	k-paulius
453			if ($act == "new" \|\| $act == "edit" \|\| $input_errors) {
454			$pgtitle[] = gettext('Edit');
455	edcd7535	Phil Davis	$pglinks[] = "@self";
456	8f1ab2a4	k-paulius	}
457			$shortcut_section = "authentication";
458	fbf672cb	Matthew Grooms	include("head.inc");
459
460	762faef5	Phil Davis	if ($input_errors) {
461	a0165602	Sjon Hortensius	print_input_errors($input_errors);
462	762faef5	Phil Davis	}
463	7b4b0ad3	Stephen Beaver
464	762faef5	Phil Davis	if ($savemsg) {
465	ea342b0f	Stephen Beaver	print_info_box($savemsg, 'success');
466	762faef5	Phil Davis	}
467	a0165602	Sjon Hortensius
468			$tab_array = array();
469	451b6419	Augustin-FL	if (!isAllowedPage("system_usermanager.php")) {
470	f94e5cc6	Augustin-FL	$tab_array[] = array(gettext("User Password"), false, "system_usermanager_passwordmg.php");
471			} else {
472			$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
473			}
474	a0165602	Sjon Hortensius	$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
475			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
476	2d1f33d9	k-paulius	$tab_array[] = array(gettext("Authentication Servers"), true, "system_authservers.php");
477	a0165602	Sjon Hortensius	display_top_tabs($tab_array);
478
479	762faef5	Phil Davis	if (!($act == "new" \|\| $act == "edit" \|\| $input_errors)) {
480	060ed238	Stephen Beaver	?>
481			<div class="panel panel-default">
482	70dc5cd6	Phil Davis	<div class="panel-heading"><h2 class="panel-title"><?=gettext('Authentication Servers')?></h2></div>
483	060ed238	Stephen Beaver	<div class="panel-body">
484			<div class="table-responsive">
485	1c10ce97	PiBa-NL	<table class="table table-striped table-hover table-condensed sortable-theme-bootstrap table-rowdblclickedit" data-sortable>
486	060ed238	Stephen Beaver	<thead>
487			<tr>
488			<th><?=gettext("Server Name")?></th>
489			<th><?=gettext("Type")?></th>
490			<th><?=gettext("Host Name")?></th>
491			<th><?=gettext("Actions")?></th>
492			</tr>
493			</thead>
494			<tbody>
495	9d3e8723	Phil Davis	<?php foreach ($a_server as $i => $server): ?>
496	060ed238	Stephen Beaver	<tr>
497			<td><?=htmlspecialchars($server['name'])?></td>
498			<td><?=htmlspecialchars($auth_server_types[$server['type']])?></td>
499			<td><?=htmlspecialchars($server['host'])?></td>
500			<td>
501			<?php if ($i < (count($a_server) - 1)): ?>
502	4611e283	Steve Beaver	<a class="fa fa-pencil" title="<?=gettext("Edit server"); ?>" href="system_authservers.php?act=edit&id=<?=$i?>"></a>
503	59d06739	Steve Beaver	<a class="fa fa-trash" title="<?=gettext("Delete server")?>" href="system_authservers.php?act=del&id=<?=$i?>" usepost></a>
504	060ed238	Stephen Beaver	<?php endif?>
505			</td>
506			</tr>
507			<?php endforeach; ?>
508			</tbody>
509			</table>
510			</div>
511	94404d94	Sander van Leeuwen	</div>
512	060ed238	Stephen Beaver	</div>
513
514			<nav class="action-buttons">
515	4611e283	Steve Beaver	<a href="?act=new" class="btn btn-success btn-sm">
516	060ed238	Stephen Beaver	<i class="fa fa-plus icon-embed-btn"></i>
517			<?=gettext("Add")?>
518			</a>
519			</nav>
520	fbf672cb	Matthew Grooms	<?php
521	a0165602	Sjon Hortensius	include("foot.inc");
522			exit;
523	fbf672cb	Matthew Grooms	}
524
525	a0165602	Sjon Hortensius	$form = new Form;
526			$form->setAction('system_authservers.php?act=edit');
527	ea342b0f	Stephen Beaver
528	a0165602	Sjon Hortensius	$form->addGlobal(new Form_Input(
529			'userid',
530			null,
531			'hidden',
532			$id
533			));
534
535	5f88f964	k-paulius	$section = new Form_Section('Server Settings');
536	a0165602	Sjon Hortensius
537			$section->addInput($input = new Form_Input(
538			'name',
539	153c3aa6	Phil Davis	'*Descriptive name',
540	a0165602	Sjon Hortensius	'text',
541			$pconfig['name']
542			));
543
544			$section->addInput($input = new Form_Select(
545			'type',
546	153c3aa6	Phil Davis	'*Type',
547	a0165602	Sjon Hortensius	$pconfig['type'],
548			$auth_server_types
549	44d906ca	Sjon Hortensius	))->toggles();
550	a0165602	Sjon Hortensius
551			$form->add($section);
552	6157f724	Stephen Beaver
553			// ==== LDAP settings =========================================================
554	a0165602	Sjon Hortensius	$section = new Form_Section('LDAP Server Settings');
555	44d906ca	Sjon Hortensius	$section->addClass('toggle-ldap collapse');
556	a0165602	Sjon Hortensius
557			if (!isset($pconfig['type']) \|\| $pconfig['type'] == 'ldap')
558			$section->addClass('in');
559
560			$section->addInput(new Form_Input(
561			'ldap_host',
562	153c3aa6	Phil Davis	'*Hostname or IP address',
563	a0165602	Sjon Hortensius	'text',
564			$pconfig['ldap_host']
565	f764f63a	jim-p	))->setHelp('NOTE: When using SSL/TLS or STARTTLS, this hostname MUST match a Subject '.
566			'Alternative Name (SAN) or the Common Name (CN) of the LDAP server SSL/TLS Certificate.');
567	a0165602	Sjon Hortensius
568			$section->addInput(new Form_Input(
569			'ldap_port',
570	153c3aa6	Phil Davis	'*Port value',
571	a0165602	Sjon Hortensius	'number',
572			$pconfig['ldap_port']
573			));
574
575			$section->addInput(new Form_Select(
576			'ldap_urltype',
577	153c3aa6	Phil Davis	'*Transport',
578	a0165602	Sjon Hortensius	$pconfig['ldap_urltype'],
579			array_combine(array_keys($ldap_urltypes), array_keys($ldap_urltypes))
580			));
581
582			if (empty($a_ca))
583			{
584			$section->addInput(new Form_StaticText(
585			'Peer Certificate Authority',
586	d4a744b2	k-paulius	'No Certificate Authorities defined.<br/>Create one under <a href="system_camanager.php">System > Cert. Manager</a>.'
587	a0165602	Sjon Hortensius	));
588	fbf672cb	Matthew Grooms	}
589	a0165602	Sjon Hortensius	else
590			{
591	87c67243	jim-p	$ldapCaRef = array( 'global' => 'Global Root CA List' );
592	a0165602	Sjon Hortensius	foreach ($a_ca as $ca)
593			$ldapCaRef[ $ca['refid'] ] = $ca['descr'];
594
595			$section->addInput(new Form_Select(
596			'ldap_caref',
597			'Peer Certificate Authority',
598			$pconfig['ldap_caref'],
599			$ldapCaRef
600	f764f63a	jim-p	))->setHelp('This CA is used to validate the LDAP server certificate when '.
601			'\'SSL/TLS Encrypted\' or \'STARTTLS Encrypted\' Transport is active. '.
602			'This CA must match the CA used by the LDAP server.');
603	fbf672cb	Matthew Grooms	}
604
605	a0165602	Sjon Hortensius	$section->addInput(new Form_Select(
606			'ldap_protver',
607	153c3aa6	Phil Davis	'*Protocol version',
608	a0165602	Sjon Hortensius	$pconfig['ldap_protver'],
609			array_combine($ldap_protvers, $ldap_protvers)
610			));
611
612	d6b4dfe3	jim-p	$section->addInput(new Form_Input(
613			'ldap_timeout',
614			'Server Timeout',
615			'number',
616			$pconfig['ldap_timeout'],
617			['placeholder' => 25]
618			))->setHelp('Timeout for LDAP operations (seconds)');
619
620	905f6119	Stephen Beaver	$group = new Form_Group('Search scope');
621
622	c84db5bb	Stephen Beaver	$SSF = new Form_Select(
623	a0165602	Sjon Hortensius	'ldap_scope',
624	153c3aa6	Phil Davis	'*Level',
625	a0165602	Sjon Hortensius	$pconfig['ldap_scope'],
626			$ldap_scopes
627	c84db5bb	Stephen Beaver	);
628	df8fca9d	Stephen Beaver
629	c84db5bb	Stephen Beaver	$SSB = new Form_Input(
630	a0165602	Sjon Hortensius	'ldap_basedn',
631			'Base DN',
632			'text',
633			$pconfig['ldap_basedn']
634	c84db5bb	Stephen Beaver	);
635	905f6119	Stephen Beaver
636	c84db5bb	Stephen Beaver
637			$section->addInput(new Form_StaticText(
638			'Search scope',
639			'Level ' . $SSF . '<br />' . 'Base DN' . $SSB
640			));
641	a0165602	Sjon Hortensius
642	5520839e	Phil Davis	$group = new Form_Group('*Authentication containers');
643	a0165602	Sjon Hortensius	$group->add(new Form_Input(
644			'ldapauthcontainers',
645	5520839e	Phil Davis	'Containers',
646	a0165602	Sjon Hortensius	'text',
647			$pconfig['ldap_authcn']
648			))->setHelp('Note: Semi-Colon separated. This will be prepended to the search '.
649	89140b63	NOYB	'base dn above or the full container path can be specified containing a dc= '.
650	781d9ce4	Phil Davis	'component.%1$sExample: CN=Users;DC=example,DC=com or OU=Staff;OU=Freelancers', '<br/>');
651	504bd882	Stephen Beaver
652	a0165602	Sjon Hortensius	$group->add(new Form_Button(
653			'Select',
654	faab522f	Renato Botelho	'Select a container',
655	2e7fa7ca	jim-p	null,
656			'fa-search'
657	347c0214	Phil Davis	))->setAttribute('type','button')->addClass('btn-info');
658	501efbd2	Stephen Beaver
659	a0165602	Sjon Hortensius	$section->add($group);
660
661	2e101d89	Sander van Leeuwen	$section->addInput(new Form_Checkbox(
662	a0165602	Sjon Hortensius	'ldap_extended_enabled',
663	2e101d89	Sander van Leeuwen	'Extended query',
664			'Enable extended query',
665	a0165602	Sjon Hortensius	$pconfig['ldap_extended_enabled']
666	e39a41e9	Stephen Beaver	));
667	a0165602	Sjon Hortensius
668	2e101d89	Sander van Leeuwen	$group = new Form_Group('Query');
669	e39a41e9	Stephen Beaver	$group->addClass('extended');
670
671	a0165602	Sjon Hortensius	$group->add(new Form_Input(
672			'ldap_extended_query',
673	2e101d89	Sander van Leeuwen	'Query',
674	a0165602	Sjon Hortensius	'text',
675			$pconfig['ldap_extended_query']
676	0a9163aa	Steve Powers	))->setHelp('Example (MSAD): memberOf=CN=Groupname,OU=MyGroups,DC=example,DC=com<br>Example (2307): \|(&(objectClass=posixGroup)(cn=Groupname)(memberUid=))(&(objectClass=posixGroup)(cn=anotherGroup)(memberUid=))');
677	2e101d89	Sander van Leeuwen
678	a0165602	Sjon Hortensius	$section->add($group);
679
680			$section->addInput(new Form_Checkbox(
681			'ldap_anon',
682			'Bind anonymous',
683			'Use anonymous binds to resolve distinguished names',
684			$pconfig['ldap_anon']
685	b0909f2e	Stephen Beaver	));
686	a0165602	Sjon Hortensius
687	153c3aa6	Phil Davis	$group = new Form_Group('*Bind credentials');
688	b0909f2e	Stephen Beaver	$group->addClass('ldapanon');
689
690	a0165602	Sjon Hortensius	$group->add(new Form_Input(
691			'ldap_binddn',
692			'User DN:',
693			'text',
694			$pconfig['ldap_binddn']
695			));
696	b0909f2e	Stephen Beaver
697	a0165602	Sjon Hortensius	$group->add(new Form_Input(
698			'ldap_bindpw',
699			'Password',
700	1c1f08f9	Stephen Beaver	'password',
701	a0165602	Sjon Hortensius	$pconfig['ldap_bindpw']
702			));
703			$section->add($group);
704
705	ac9d8bed	Stephen Beaver	if (!isset($id)) {
706			$template_list = array();
707
708	9d3e8723	Phil Davis	foreach ($ldap_templates as $option => $template) {
709	ac9d8bed	Stephen Beaver	$template_list[$option] = $template['desc'];
710			}
711	a0165602	Sjon Hortensius
712			$section->addInput(new Form_Select(
713			'ldap_tmpltype',
714			'Initial Template',
715			$pconfig['ldap_template'],
716	ac9d8bed	Stephen Beaver	$template_list
717	a0165602	Sjon Hortensius	));
718	fbf672cb	Matthew Grooms	}
719
720	a0165602	Sjon Hortensius	$section->addInput(new Form_Input(
721			'ldap_attr_user',
722	153c3aa6	Phil Davis	'*User naming attribute',
723	a0165602	Sjon Hortensius	'text',
724			$pconfig['ldap_attr_user']
725			));
726
727			$section->addInput(new Form_Input(
728			'ldap_attr_group',
729	153c3aa6	Phil Davis	'*Group naming attribute',
730	a0165602	Sjon Hortensius	'text',
731			$pconfig['ldap_attr_group']
732			));
733
734			$section->addInput(new Form_Input(
735			'ldap_attr_member',
736	153c3aa6	Phil Davis	'*Group member attribute',
737	a0165602	Sjon Hortensius	'text',
738			$pconfig['ldap_attr_member']
739			));
740
741	149efbea	jim-p	$section->addInput(new Form_Checkbox(
742			'ldap_rfc2307',
743			'RFC 2307 Groups',
744			'LDAP Server uses RFC 2307 style group membership',
745			$pconfig['ldap_rfc2307']
746			))->setHelp('RFC 2307 style group membership has members listed on the group '.
747			'object rather than using groups listed on user object. Leave unchecked '.
748			'for Active Directory style group membership (RFC 2307bis).');
749
750			$section->addInput(new Form_Input(
751			'ldap_attr_groupobj',
752			'Group Object Class',
753			'text',
754			$pconfig['ldap_attr_groupobj'],
755			['placeholder' => 'posixGroup']
756			))->setHelp('Object class used for groups in RFC2307 mode. '.
757			'Typically "posixGroup" or "group".');
758
759	a0165602	Sjon Hortensius	$section->addInput(new Form_Checkbox(
760			'ldap_utf8',
761			'UTF8 Encode',
762			'UTF8 encode LDAP parameters before sending them to the server.',
763			$pconfig['ldap_utf8']
764			))->setHelp('Required to support international characters, but may not be '.
765			'supported by every LDAP server.');
766
767			$section->addInput(new Form_Checkbox(
768			'ldap_nostrip_at',
769			'Username Alterations',
770			'Do not strip away parts of the username after the @ symbol',
771			$pconfig['ldap_nostrip_at']
772			))->setHelp('e.g. user@host becomes user when unchecked.');
773
774	eeceb2ca	Augustin-FL	$section->addInput(new Form_Checkbox(
775			'ldap_allow_unauthenticated',
776			'Allow unauthenticated bind',
777			'Allow unauthenticated bind',
778	322f9f6c	jim-p	$pconfig['ldap_allow_unauthenticated']
779	eeceb2ca	Augustin-FL	))->setHelp('Unauthenticated binds are bind with an existing login but with an empty password. '.
780			'Some LDAP servers (Microsoft AD) allow this type of bind without any possiblity to disable it.');
781
782	a0165602	Sjon Hortensius	$form->add($section);
783	6157f724	Stephen Beaver
784			// ==== RADIUS section ========================================================
785	7aaf60a8	k-paulius	$section = new Form_Section('RADIUS Server Settings');
786	44d906ca	Sjon Hortensius	$section->addClass('toggle-radius collapse');
787	a0165602	Sjon Hortensius
788	9da4a575	Renato Botelho	$section->addInput(new Form_Select(
789			'radius_protocol',
790	153c3aa6	Phil Davis	'*Protocol',
791	9da4a575	Renato Botelho	$pconfig['radius_protocol'],
792			$radius_protocol
793			));
794
795	a0165602	Sjon Hortensius	$section->addInput(new Form_Input(
796			'radius_host',
797	153c3aa6	Phil Davis	'*Hostname or IP address',
798	a0165602	Sjon Hortensius	'text',
799			$pconfig['radius_host']
800			));
801
802			$section->addInput(new Form_Input(
803			'radius_secret',
804	153c3aa6	Phil Davis	'*Shared Secret',
805	406a904b	jim-p	'password',
806	a0165602	Sjon Hortensius	$pconfig['radius_secret']
807			));
808
809			$section->addInput(new Form_Select(
810			'radius_srvcs',
811	153c3aa6	Phil Davis	'*Services offered',
812	a0165602	Sjon Hortensius	$pconfig['radius_srvcs'],
813			$radius_srvcs
814			));
815
816			$section->addInput(new Form_Input(
817			'radius_auth_port',
818	81ec3187	Chris Buechler	'Authentication port',
819	a0165602	Sjon Hortensius	'number',
820	df5d8616	Stephen Beaver	$pconfig['radius_auth_port']
821	a0165602	Sjon Hortensius	));
822
823			$section->addInput(new Form_Input(
824			'radius_acct_port',
825	df5d8616	Stephen Beaver	'Accounting port',
826	a0165602	Sjon Hortensius	'number',
827			$pconfig['radius_acct_port']
828			));
829
830			$section->addInput(new Form_Input(
831			'radius_timeout',
832			'Authentication Timeout',
833			'number',
834			$pconfig['radius_timeout']
835			))->setHelp('This value controls how long, in seconds, that the RADIUS '.
836			'server may take to respond to an authentication request. If left blank, the '.
837	89140b63	NOYB	'default value is 5 seconds. NOTE: If using an interactive two-factor '.
838	a0165602	Sjon Hortensius	'authentication system, increase this timeout to account for how long it will '.
839			'take the user to receive and enter a token.');
840
841	f15fdef3	Augustin FL	$section->addInput(new Form_Select(
842			'radius_nasip_attribute',
843			'RADIUS NAS IP Attribute',
844			$pconfig['radius_nasip_attribute'],
845			build_radiusnas_list()
846			))->setHelp('Enter the IP to use for the "NAS-IP-Address" attribute during RADIUS Acccess-Requests.<br />'.
847			'Please note that this choice won\'t change the interface used for contacting the RADIUS server.');
848
849	a0165602	Sjon Hortensius	if (isset($id) && $a_server[$id])
850			{
851	ee12dd78	Peter Feichtinger	$form->addGlobal(new Form_Input(
852	a0165602	Sjon Hortensius	'id',
853			null,
854			'hidden',
855			$id
856			));
857	6306b5dd	Ermal Lu?i	}
858	a0165602	Sjon Hortensius
859			$form->add($section);
860	098604d3	Stephen Beaver
861			// Create a largely empty modal to show the available containers. We will populate it via AJAX later
862			$modal = new Modal("LDAP containers", "containers", true);
863
864			$form->add($modal);
865
866	a0165602	Sjon Hortensius	print $form;
867	ac9d8bed	Stephen Beaver	?>
868	8fd9052f	Colin Fleming	<script type="text/javascript">
869	ac9d8bed	Stephen Beaver	//<![CDATA[
870	098604d3	Stephen Beaver	events.push(function() {
871
872			// Create an AJAX request (to this page) to get the container list and controls
873	501efbd2	Stephen Beaver	function select_clicked() {
874			if (document.getElementById("ldap_port").value == '' \|\|
875	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_host").value == '' \|\|
876			document.getElementById("ldap_scope").value == '' \|\|
877			document.getElementById("ldap_basedn").value == '' \|\|
878			document.getElementById("ldapauthcontainers").value == '') {
879	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the required values.");?>");
880			return;
881			}
882	7b4b0ad3	Stephen Beaver
883	501efbd2	Stephen Beaver	if (!document.getElementById("ldap_anon").checked) {
884			if (document.getElementById("ldap_binddn").value == '' \|\|
885	7b4b0ad3	Stephen Beaver	document.getElementById("ldap_bindpw").value == '') {
886	501efbd2	Stephen Beaver	alert("<?=gettext("Please fill the bind username/password.");?>");
887			return;
888			}
889			}
890	098604d3	Stephen Beaver
891			var ajaxRequest;
892			var authserver = $('#authmode').val();
893			var cert;
894
895			<?php if (count($a_ca) > 0): ?>
896			cert = $('#ldap_caref').val();
897			<?php else: ?>
898			cert = '';
899			<?php endif; ?>
900	697b1e07	Stephen Beaver	/*
901	098604d3	Stephen Beaver	$('#containers').modal('show');
902	79df3d68	Stephen Beaver	$('#serverlist').parent('div').prev('label').remove();
903			$('#serverlist').parent('div').removeClass("col-sm-10");
904			$('#serverlist').parent('div').addClass("col-sm-12");
905	697b1e07	Stephen Beaver	*/
906	098604d3	Stephen Beaver	ajaxRequest = $.ajax(
907			{
908			url: "/system_authservers.php",
909			type: "post",
910			data: {
911			ajax: "ajax",
912			port: $('#ldap_port').val(),
913			host: $('#ldap_host').val(),
914			scope: $('#ldap_scope').val(),
915			basedn: $('#ldap_basedn').val(),
916			binddn: $('#ldap_binddn').val(),
917			bindpw: $('#ldap_bindpw').val(),
918			urltype:$('#ldap_urltype').val(),
919			proto: $('#ldap_protver').val(),
920			authcn: $('#ldapauthcontainers').val(),
921			cert: cert
922			}
923			}
924			);
925
926			// Deal with the results of the above ajax call
927			ajaxRequest.done(function (response, textStatus, jqXHR) {
928	697b1e07	Stephen Beaver	$('#containers').replaceWith(response);
929
930			$('#containers').modal('show');
931	098604d3	Stephen Beaver
932			// The button handler needs to be here because until the modal has been populated
933			// the controls we need to attach handlers to do not exist
934			$('#svcontbtn').prop("type", "button");
935			$('#svcontbtn').removeAttr("href");
936
937			$('#svcontbtn').click(function () {
938			var ous = $('[id^=ou]').length;
939			var i;
940
941			$('#ldapauthcontainers').val("");
942
943			for (i = 0; i < ous; i++) {
944			if ($('#ou' + i).prop("checked")) {
945			if ($('#ldapauthcontainers').val() != "") {
946			$('#ldapauthcontainers').val($('#ldapauthcontainers').val() +";");
947			}
948
949			$('#ldapauthcontainers').val($('#ldapauthcontainers').val() + $('#ou' + i).val());
950			}
951			}
952
953			$('#containers').modal('hide');
954			});
955			});
956
957	501efbd2	Stephen Beaver	}
958	7b4b0ad3	Stephen Beaver
959	f3a43095	Stephen Beaver	function set_ldap_port() {
960	d672403c	derelict-pf	if ($('#ldap_urltype').find(":selected").index() == 2)
961	7b4b0ad3	Stephen Beaver	$('#ldap_port').val('636');
962	d672403c	derelict-pf	else
963			$('#ldap_port').val('389');
964	7b4b0ad3	Stephen Beaver	}
965
966	153c3aa6	Phil Davis	function set_required_port_fields() {
967			if (document.getElementById("radius_srvcs").value == 'auth') {
968			setRequired('radius_auth_port', true);
969			setRequired('radius_acct_port', false);
970			} else if (document.getElementById("radius_srvcs").value == 'acct') {
971			setRequired('radius_auth_port', false);
972			setRequired('radius_acct_port', true);
973			} else { // both
974			setRequired('radius_auth_port', true);
975			setRequired('radius_acct_port', true);
976			}
977			}
978
979	7b4b0ad3	Stephen Beaver	// Hides all elements of the specified class. This will usually be a section
980			function hideClass(s_class, hide) {
981	9d3e8723	Phil Davis	if (hide)
982	7b4b0ad3	Stephen Beaver	$('.' + s_class).hide();
983			else
984			$('.' + s_class).show();
985	f3a43095	Stephen Beaver	}
986	7b4b0ad3	Stephen Beaver
987	ac9d8bed	Stephen Beaver	function ldap_tmplchange() {
988			switch ($('#ldap_tmpltype').find(":selected").index()) {
989			<?php
990			$index = 0;
991			foreach ($ldap_templates as $tmpldata):
992			?>
993			case <?=$index;?>:
994			$('#ldap_attr_user').val("<?=$tmpldata['attr_user'];?>");
995			$('#ldap_attr_group').val("<?=$tmpldata['attr_group'];?>");
996			$('#ldap_attr_member').val("<?=$tmpldata['attr_member'];?>");
997	eeceb2ca	Augustin-FL	$("#ldap_allow_unauthenticated").attr("checked", <?=$tmpldata['allow_unauthenticated'];?>);
998	ac9d8bed	Stephen Beaver	break;
999			<?php
1000			$index++;
1001			endforeach;
1002			?>
1003			}
1004			}
1005	a0165602	Sjon Hortensius
1006	eef93144	Jared Dillard	// ---------- On initial page load ------------------------------------------------------------
1007	782922c2	Stephen Beaver
1008	c4302457	Stephen Beaver	<?php if ($act != 'edit') : ?>
1009	ac9d8bed	Stephen Beaver	ldap_tmplchange();
1010	c4302457	Stephen Beaver	<?php endif; ?>
1011
1012	b0909f2e	Stephen Beaver	hideClass('ldapanon', $('#ldap_anon').prop('checked'));
1013	e39a41e9	Stephen Beaver	hideClass('extended', !$('#ldap_extended_enabled').prop('checked'));
1014	153c3aa6	Phil Davis	set_required_port_fields();
1015	7b4b0ad3	Stephen Beaver
1016	9d3e8723	Phil Davis	if ($('#ldap_port').val() == "")
1017	f3a43095	Stephen Beaver	set_ldap_port();
1018	ac9d8bed	Stephen Beaver
1019	ea342b0f	Stephen Beaver	<?php
1020	9d3e8723	Phil Davis	if ($act == 'edit') {
1021	ea342b0f	Stephen Beaver	?>
1022	6157f724	Stephen Beaver	$('#type option:not(:selected)').each(function(){
1023	7b4b0ad3	Stephen Beaver	$(this).attr('disabled', 'disabled');
1024	6157f724	Stephen Beaver	});
1025	7b4b0ad3	Stephen Beaver
1026	2138c41b	Stephen Beaver	<?php
1027	9d3e8723	Phil Davis	if (!$input_errors) {
1028	7b4b0ad3	Stephen Beaver	?>
1029	6157f724	Stephen Beaver	$('#name').prop("readonly", true);
1030	ea342b0f	Stephen Beaver	<?php
1031	2138c41b	Stephen Beaver	}
1032	ea342b0f	Stephen Beaver	}
1033			?>
1034	eef93144	Jared Dillard	// ---------- Click checkbox handlers ---------------------------------------------------------
1035	782922c2	Stephen Beaver
1036	ac9d8bed	Stephen Beaver	$('#ldap_tmpltype').on('change', function() {
1037			ldap_tmplchange();
1038			});
1039	b0909f2e	Stephen Beaver
1040	7b4b0ad3	Stephen Beaver	$('#ldap_anon').click(function () {
1041			hideClass('ldapanon', this.checked);
1042			});
1043
1044	f3a43095	Stephen Beaver	$('#ldap_urltype').on('change', function() {
1045			set_ldap_port();
1046	7b4b0ad3	Stephen Beaver	});
1047
1048			$('#Select').click(function () {
1049			select_clicked();
1050			});
1051	504bd882	Stephen Beaver
1052	e39a41e9	Stephen Beaver	$('#ldap_extended_enabled').click(function () {
1053			hideClass('extended', !this.checked);
1054			});
1055	504bd882	Stephen Beaver
1056	153c3aa6	Phil Davis	$('#radius_srvcs').on('change', function() {
1057			set_required_port_fields();
1058			});
1059
1060	ac9d8bed	Stephen Beaver	});
1061			//]]>
1062			</script>
1063			<?php
1064	81ec3187	Chris Buechler	include("foot.inc");

Project

General

Profile

pfSense