/usr/local/www/system_authservers.php - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/usr/local/www/system_authservers.php @ fc82e8b6

1	fbf672cb	Matthew Grooms	<?php
2			/*
3			system_authservers.php
4
5	5b42a459	bcyrill	Copyright (C) 2010 Ermal Luçi
6	fbf672cb	Matthew Grooms	Copyright (C) 2008 Shrew Soft Inc.
7			All rights reserved.
8
9			Redistribution and use in source and binary forms, with or without
10			modification, are permitted provided that the following conditions are met:
11
12			1. Redistributions of source code must retain the above copyright notice,
13			this list of conditions and the following disclaimer.
14
15			2. Redistributions in binary form must reproduce the above copyright
16			notice, this list of conditions and the following disclaimer in the
17			documentation and/or other materials provided with the distribution.
18
19			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
20			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
23			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28			POSSIBILITY OF SUCH DAMAGE.
29			*/
30	1d333258	Scott Ullrich	/*
31			pfSense_MODULE: auth
32			*/
33	fbf672cb	Matthew Grooms
34			##\|+PRIV
35			##\|*IDENT=page-system-authservers
36			##\|*NAME=System: Authentication Servers
37			##\|*DESCR=Allow access to the 'System: Authentication Servers' page.
38			##\|MATCH=system_authservers.php
39			##\|-PRIV
40
41			require("guiconfig.inc");
42	acee624f	Ermal Lu?i	require_once("auth.inc");
43	fbf672cb	Matthew Grooms
44	257705ca	Renato Botelho	$pgtitle = array(gettext("System"), gettext("Authentication Servers"));
45	d71fc5d3	jim-p	$shortcut_section = "authentication";
46	fbf672cb	Matthew Grooms
47	e41ec584	Renato Botelho	if (is_numericint($_GET['id']))
48			$id = $_GET['id'];
49			if (isset($_POST['id']) && is_numericint($_POST['id']))
50	fbf672cb	Matthew Grooms	$id = $_POST['id'];
51
52			if (!is_array($config['system']['authserver']))
53			$config['system']['authserver'] = array();
54
55	6306b5dd	Ermal Lu?i	$a_servers = auth_get_authserver_list();
56			foreach ($a_servers as $servers)
57			$a_server[] = $servers;
58	fbf672cb	Matthew Grooms
59	fe2031ab	Ermal	if (!is_array($config['ca']))
60			$config['ca'] = array();
61			$a_ca =& $config['ca'];
62
63	fbf672cb	Matthew Grooms	$act = $_GET['act'];
64			if ($_POST['act'])
65			$act = $_POST['act'];
66
67			if ($act == "del") {
68
69			if (!$a_server[$_GET['id']]) {
70			pfSenseHeader("system_authservers.php");
71			exit;
72			}
73
74	9db6993f	jim-p	/* Remove server from main list. */
75	fbf672cb	Matthew Grooms	$serverdeleted = $a_server[$_GET['id']]['name'];
76	9db6993f	jim-p	foreach ($config['system']['authserver'] as $k => $as) {
77			if ($config['system']['authserver'][$k]['name'] == $serverdeleted)
78			unset($config['system']['authserver'][$k]);
79			}
80
81			/* Remove server from temp list used later on this page. */
82	fbf672cb	Matthew Grooms	unset($a_server[$_GET['id']]);
83	9db6993f	jim-p
84	fbf672cb	Matthew Grooms	$savemsg = gettext("Authentication Server")." {$serverdeleted} ".
85	8cd558b6	ayvis	gettext("deleted")."<br />";
86	9db6993f	jim-p	write_config($savemsg);
87	fbf672cb	Matthew Grooms	}
88
89			if ($act == "edit") {
90			if (isset($id) && $a_server[$id]) {
91
92			$pconfig['type'] = $a_server[$id]['type'];
93			$pconfig['name'] = $a_server[$id]['name'];
94
95			if ($pconfig['type'] == "ldap") {
96	fe2031ab	Ermal	$pconfig['ldap_caref'] = $a_server[$id]['ldap_caref'];
97	fbf672cb	Matthew Grooms	$pconfig['ldap_host'] = $a_server[$id]['host'];
98			$pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
99			$pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
100			$pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
101			$pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
102			$pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
103	c61e4626	Ermal Lu?i	$pconfig['ldap_authcn'] = $a_server[$id]['ldap_authcn'];
104	c7073ebf	namezero111111	$pconfig['ldap_extended_enabled'] = $a_server[$id]['ldap_extended_enabled'];
105			$pconfig['ldap_extended_query'] = $a_server[$id]['ldap_extended_query'];
106	fbf672cb	Matthew Grooms	$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
107			$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
108			$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
109			$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
110			$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
111	a5cd1c5a	jim-p	$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
112			$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
113	fbf672cb	Matthew Grooms
114			if (!$pconfig['ldap_binddn'] \|\| !$pconfig['ldap_bindpw'])
115			$pconfig['ldap_anon'] = true;
116			}
117
118			if ($pconfig['type'] == "radius") {
119			$pconfig['radius_host'] = $a_server[$id]['host'];
120			$pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
121			$pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
122	e8a58de4	Ermal Lu?i	$pconfig['radius_secret'] = $a_server[$id]['radius_secret'];
123	bddd2be8	jim-p	$pconfig['radius_timeout'] = $a_server[$id]['radius_timeout'];
124	fbf672cb	Matthew Grooms
125			if ($pconfig['radius_auth_port'] &&
126			$pconfig['radius_acct_port'] ) {
127			$pconfig['radius_srvcs'] = "both";
128			}
129
130			if ( $pconfig['radius_auth_port'] &&
131			!$pconfig['radius_acct_port'] ) {
132			$pconfig['radius_srvcs'] = "auth";
133	acee624f	Ermal Lu?i	$pconfig['radius_acct_port'] = 1813;
134	fbf672cb	Matthew Grooms	}
135
136			if (!$pconfig['radius_auth_port'] &&
137			$pconfig['radius_acct_port'] ) {
138			$pconfig['radius_srvcs'] = "acct";
139	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = 1812;
140	fbf672cb	Matthew Grooms	}
141
142			}
143			}
144			}
145
146			if ($act == "new") {
147			$pconfig['ldap_protver'] = 3;
148			$pconfig['ldap_anon'] = true;
149			$pconfig['radius_srvcs'] = "both";
150	acee624f	Ermal Lu?i	$pconfig['radius_auth_port'] = "1812";
151			$pconfig['radius_acct_port'] = "1813";
152	fbf672cb	Matthew Grooms	}
153
154			if ($_POST) {
155			unset($input_errors);
156			$pconfig = $_POST;
157
158			/* input validation */
159
160			if ($pconfig['type'] == "ldap") {
161			$reqdfields = explode(" ", "name type ldap_host ldap_port ".
162	64ce9d72	jim-p	"ldap_urltype ldap_protver ldap_scope ".
163	c61e4626	Ermal Lu?i	"ldap_attr_user ldap_attr_group ldap_attr_member ldapauthcontainers");
164	257705ca	Renato Botelho	$reqdfieldsn = array(
165			gettext("Descriptive name"),
166			gettext("Type"),
167			gettext("Hostname or IP"),
168			gettext("Port value"),
169			gettext("Transport"),
170			gettext("Protocol version"),
171			gettext("Search level"),
172			gettext("User naming Attribute"),
173			gettext("Group naming Attribute"),
174			gettext("Group member attribute"),
175			gettext("Authentication container"));
176	fbf672cb	Matthew Grooms
177			if (!$pconfig['ldap_anon']) {
178			$reqdfields[] = "ldap_binddn";
179			$reqdfields[] = "ldap_bindpw";
180	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Bind user DN");
181			$reqdfieldsn[] = gettext("Bind Password");
182	fbf672cb	Matthew Grooms	}
183			}
184
185			if ($pconfig['type'] == "radius") {
186			$reqdfields = explode(" ", "name type radius_host radius_srvcs");
187	257705ca	Renato Botelho	$reqdfieldsn = array(
188			gettext("Descriptive name"),
189			gettext("Type"),
190			gettext("Hostname or IP"),
191			gettext("Services"));
192	fbf672cb	Matthew Grooms
193			if ($pconfig['radisu_srvcs'] == "both" \|\|
194			$pconfig['radisu_srvcs'] == "auth") {
195			$reqdfields[] = "radius_auth_port";
196	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Authentication port value");
197	fbf672cb	Matthew Grooms	}
198
199			if ($pconfig['radisu_srvcs'] == "both" \|\|
200			$pconfig['radisu_srvcs'] == "acct") {
201			$reqdfields[] = "radius_acct_port";
202	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Accounting port value");
203	fbf672cb	Matthew Grooms	}
204
205			if (!isset($id)) {
206			$reqdfields[] = "radius_secret";
207	257705ca	Renato Botelho	$reqdfieldsn[] = gettext("Shared Secret");
208	fbf672cb	Matthew Grooms	}
209			}
210
211	1e9b4611	Renato Botelho	do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors);
212	fbf672cb	Matthew Grooms
213			if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host']))
214			$input_errors[] = gettext("The host name contains invalid characters.");
215
216	6306b5dd	Ermal Lu?i	if (auth_get_authserver($pconfig['name']) && !isset($id))
217	257705ca	Renato Botelho	$input_errors[] = gettext("An authentication server with the same name already exists.");
218	acee624f	Ermal Lu?i
219	afdf29d3	jim-p	if (($pconfig['type'] == "radius") && isset($_POST['radius_timeout']) && !empty($_POST['radius_timeout']) && (!is_numeric($_POST['radius_timeout']) \|\| (is_numeric($_POST['radius_timeout']) && ($_POST['radius_timeout'] <= 0))))
220	bddd2be8	jim-p	$input_errors[] = gettext("RADIUS Timeout value must be numeric and positive.");
221
222	fbf672cb	Matthew Grooms	/* if this is an AJAX caller then handle via JSON */
223			if (isAjax() && is_array($input_errors)) {
224			input_errors2Ajax($input_errors);
225			exit;
226			}
227
228			if (!$input_errors) {
229			$server = array();
230			$server['refid'] = uniqid();
231			if (isset($id) && $a_server[$id])
232			$server = $a_server[$id];
233
234			$server['type'] = $pconfig['type'];
235			$server['name'] = $pconfig['name'];
236
237			if ($server['type'] == "ldap") {
238
239	fe2031ab	Ermal	if (!empty($pconfig['ldap_caref']))
240			$server['ldap_caref'] = $pconfig['ldap_caref'];
241	fbf672cb	Matthew Grooms	$server['host'] = $pconfig['ldap_host'];
242			$server['ldap_port'] = $pconfig['ldap_port'];
243			$server['ldap_urltype'] = $pconfig['ldap_urltype'];
244			$server['ldap_protver'] = $pconfig['ldap_protver'];
245			$server['ldap_scope'] = $pconfig['ldap_scope'];
246			$server['ldap_basedn'] = $pconfig['ldap_basedn'];
247	c61e4626	Ermal Lu?i	$server['ldap_authcn'] = $pconfig['ldapauthcontainers'];
248	c7073ebf	namezero111111	$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
249			$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
250	fbf672cb	Matthew Grooms	$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
251			$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
252			$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
253	a5cd1c5a	jim-p	if ($pconfig['ldap_utf8'] == "yes")
254			$server['ldap_utf8'] = true;
255			else
256			unset($server['ldap_utf8']);
257			if ($pconfig['ldap_nostrip_at'] == "yes")
258			$server['ldap_nostrip_at'] = true;
259			else
260			unset($server['ldap_nostrip_at']);
261
262	fbf672cb	Matthew Grooms
263			if (!$pconfig['ldap_anon']) {
264			$server['ldap_binddn'] = $pconfig['ldap_binddn'];
265			$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
266			} else {
267			unset($server['ldap_binddn']);
268			unset($server['ldap_bindpw']);
269			}
270			}
271
272			if ($server['type'] == "radius") {
273
274			$server['host'] = $pconfig['radius_host'];
275
276			if ($pconfig['radius_secret'])
277			$server['radius_secret'] = $pconfig['radius_secret'];
278
279	bddd2be8	jim-p	if ($pconfig['radius_timeout'])
280			$server['radius_timeout'] = $pconfig['radius_timeout'];
281	afdf29d3	jim-p	else
282			$server['radius_timeout'] = 5;
283	bddd2be8	jim-p
284	fbf672cb	Matthew Grooms	if ($pconfig['radius_srvcs'] == "both") {
285			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
286			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
287			}
288
289			if ($pconfig['radius_srvcs'] == "auth") {
290			$server['radius_auth_port'] = $pconfig['radius_auth_port'];
291			unset($server['radius_acct_port']);
292			}
293
294			if ($pconfig['radius_srvcs'] == "acct") {
295			$server['radius_acct_port'] = $pconfig['radius_acct_port'];
296			unset($server['radius_auth_port']);
297			}
298			}
299
300	6306b5dd	Ermal Lu?i	if (isset($id) && $config['system']['authserver'][$id])
301			$config['system']['authserver'][$id] = $server;
302	fbf672cb	Matthew Grooms	else
303	6306b5dd	Ermal Lu?i	$config['system']['authserver'][] = $server;
304	fbf672cb	Matthew Grooms
305			write_config();
306
307			pfSenseHeader("system_authservers.php");
308			}
309			}
310
311			include("head.inc");
312			?>
313
314			<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
315			<?php include("fbegin.inc"); ?>
316			<script type="text/javascript">
317	0f3a8925	Colin Fleming	//<![CDATA[
318	fbf672cb	Matthew Grooms
319	6306b5dd	Ermal Lu?i	function server_typechange(typ) {
320	fbf672cb	Matthew Grooms
321	6306b5dd	Ermal Lu?i	var idx = 0;
322			if (!typ) {
323			idx = document.getElementById("type").selectedIndex;
324			typ = document.getElementById("type").options[idx].value;
325	fbf672cb	Matthew Grooms	}
326
327	6306b5dd	Ermal Lu?i	switch (typ) {
328	fbf672cb	Matthew Grooms	case "ldap":
329			document.getElementById("ldap").style.display="";
330			document.getElementById("radius").style.display="none";
331			break;
332			case "radius":
333			document.getElementById("ldap").style.display="none";
334			document.getElementById("radius").style.display="";
335			break;
336			}
337			}
338
339			function ldap_urlchange() {
340	6306b5dd	Ermal Lu?i	switch (document.getElementById("ldap_urltype").selectedIndex) {
341	fbf672cb	Matthew Grooms	<?php
342			$index = 0;
343			foreach ($ldap_urltypes as $urltype => $urlport):
344			?>
345			case <?=$index;?>:
346	6306b5dd	Ermal Lu?i	document.getElementById("ldap_port").value = "<?=$urlport;?>";
347	fbf672cb	Matthew Grooms	break;
348			<?php
349			$index++;
350			endforeach;
351			?>
352			}
353			}
354
355			function ldap_bindchange() {
356
357	6306b5dd	Ermal Lu?i	if (document.getElementById("ldap_anon").checked)
358	fbf672cb	Matthew Grooms	document.getElementById("ldap_bind").style.display="none";
359			else
360			document.getElementById("ldap_bind").style.display="";
361			}
362
363			function ldap_tmplchange(){
364	6306b5dd	Ermal Lu?i	switch (document.getElementById("ldap_tmpltype").selectedIndex) {
365	fbf672cb	Matthew Grooms	<?php
366			$index = 0;
367			foreach ($ldap_templates as $tmpldata):
368			?>
369			case <?=$index;?>:
370	6306b5dd	Ermal Lu?i	document.getElementById("ldap_attr_user").value = "<?=$tmpldata['attr_user'];?>";
371			document.getElementById("ldap_attr_group").value = "<?=$tmpldata['attr_group'];?>";
372			document.getElementById("ldap_attr_member").value = "<?=$tmpldata['attr_member'];?>";
373	fbf672cb	Matthew Grooms	break;
374			<?php
375			$index++;
376			endforeach;
377			?>
378			}
379			}
380
381			function radius_srvcschange(){
382	6306b5dd	Ermal Lu?i	switch (document.getElementById("radius_srvcs").selectedIndex) {
383	fbf672cb	Matthew Grooms	case 0: // both
384			document.getElementById("radius_auth").style.display="";
385			document.getElementById("radius_acct").style.display="";
386			break;
387			case 1: // authentication
388			document.getElementById("radius_auth").style.display="";
389			document.getElementById("radius_acct").style.display="none";
390			break;
391			case 2: // accounting
392			document.getElementById("radius_auth").style.display="none";
393			document.getElementById("radius_acct").style.display="";
394			break;
395			}
396			}
397
398	6306b5dd	Ermal Lu?i	function select_clicked() {
399	7a938f1b	Ermal	if (document.getElementById("ldap_port").value == '' \|\|
400			document.getElementById("ldap_host").value == '' \|\|
401			document.getElementById("ldap_scope").value == '' \|\|
402			document.getElementById("ldap_basedn").value == '' \|\|
403			document.getElementById("ldapauthcontainers").value == '') {
404	257705ca	Renato Botelho	alert("<?=gettext("Please fill the required values.");?>");
405	7a938f1b	Ermal	return;
406			}
407			if (!document.getElementById("ldap_anon").checked) {
408			if (document.getElementById("ldap_binddn").value == '' \|\|
409			document.getElementById("ldap_bindpw").value == '') {
410	257705ca	Renato Botelho	alert("<?=gettext("Please fill the bind username/password.");?>");
411	7a938f1b	Ermal	return;
412			}
413			}
414	6306b5dd	Ermal Lu?i	var url = 'system_usermanager_settings_ldapacpicker.php?';
415			url += 'port=' + document.getElementById("ldap_port").value;
416			url += '&host=' + document.getElementById("ldap_host").value;
417			url += '&scope=' + document.getElementById("ldap_scope").value;
418			url += '&basedn=' + document.getElementById("ldap_basedn").value;
419			url += '&binddn=' + document.getElementById("ldap_binddn").value;
420			url += '&bindpw=' + document.getElementById("ldap_bindpw").value;
421			url += '&urltype=' + document.getElementById("ldap_urltype").value;
422			url += '&proto=' + document.getElementById("ldap_protver").value;
423			url += '&authcn=' + document.getElementById("ldapauthcontainers").value;
424	0aee7a76	Ermal	<?php if (count($a_ca) > 0): ?>
425			url += '&cert=' + document.getElementById("ldap_caref").value;
426			<?php else: ?>
427			url += '&cert=';
428			<?php endif; ?>
429	6306b5dd	Ermal Lu?i
430			var oWin = window.open(url,"pfSensePop","width=620,height=400,top=150,left=150");
431			if (oWin==null \|\| typeof(oWin)=="undefined")
432	257705ca	Renato Botelho	alert("<?=gettext('Popup blocker detected. Action aborted.');?>");
433	6306b5dd	Ermal Lu?i	}
434	0f3a8925	Colin Fleming	//]]>
435	fbf672cb	Matthew Grooms	</script>
436			<?php
437			if ($input_errors)
438			print_input_errors($input_errors);
439			if ($savemsg)
440			print_info_box($savemsg);
441			?>
442	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="auth servers">
443	fbf672cb	Matthew Grooms	<tr>
444	e30001cf	Matthew Grooms	<td>
445	fbf672cb	Matthew Grooms	<?php
446			$tab_array = array();
447			$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
448			$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
449			$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
450	d799787e	Matthew Grooms	$tab_array[] = array(gettext("Servers"), true, "system_authservers.php");
451	fbf672cb	Matthew Grooms	display_top_tabs($tab_array);
452			?>
453			</td>
454			</tr>
455			<tr>
456	e30001cf	Matthew Grooms	<td id="mainarea">
457			<div class="tabcont">
458
459			<?php if ($act == "new" \|\| $act == "edit" \|\| $input_errors): ?>
460
461			<form action="system_authservers.php" method="post" name="iform" id="iform">
462	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
463	e30001cf	Matthew Grooms	<tr>
464			<td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
465			<td width="78%" class="vtable">
466	3de94477	Ermal Lu?i	<?php if (!isset($id)): ?>
467	e30001cf	Matthew Grooms	<input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"/>
468	3de94477	Ermal Lu?i	<?php else: ?>
469	dd5bf424	Scott Ullrich	<strong><?=htmlspecialchars($pconfig['name']);?></strong>
470	3de94477	Ermal Lu?i	<input name='name' type='hidden' id='name' value="<?=htmlspecialchars($pconfig['name']);?>"/>
471			<?php endif; ?>
472	e30001cf	Matthew Grooms	</td>
473			</tr>
474			<tr>
475			<td width="22%" valign="top" class="vncellreq"><?=gettext("Type");?></td>
476			<td width="78%" class="vtable">
477			<?php if (!isset($id)): ?>
478			<select name='type' id='type' class="formselect" onchange='server_typechange()'>
479			<?php
480			foreach ($auth_server_types as $typename => $typedesc ):
481			$selected = "";
482			if ($pconfig['type'] == $typename)
483	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
484	e30001cf	Matthew Grooms	?>
485			<option value="<?=$typename;?>" <?=$selected;?>><?=$typedesc;?></option>
486			<?php endforeach; ?>
487			</select>
488			<?php else: ?>
489			<strong><?=$auth_server_types[$pconfig['type']];?></strong>
490			<input name='type' type='hidden' id='type' value="<?=htmlspecialchars($pconfig['type']);?>"/>
491			<?php endif; ?>
492			</td>
493			</tr>
494			</table>
495
496	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="ldap" style="display:none" summary="">
497	e30001cf	Matthew Grooms	<tr>
498			<td colspan="2" class="list" height="12"></td>
499			</tr>
500			<tr>
501	257705ca	Renato Botelho	<td colspan="2" valign="top" class="listtopic"><?=gettext("LDAP Server Settings");?></td>
502	e30001cf	Matthew Grooms	</tr>
503			<tr>
504			<td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP address");?></td>
505			<td width="78%" class="vtable">
506			<input name="ldap_host" type="text" class="formfld unknown" id="ldap_host" size="20" value="<?=htmlspecialchars($pconfig['ldap_host']);?>"/>
507	9d793187	jim-p	<br /><?= gettext("NOTE: When using SSL, this hostname MUST match the Common Name (CN) of the LDAP server's SSL Certificate."); ?>
508	e30001cf	Matthew Grooms	</td>
509			</tr>
510			<tr>
511			<td width="22%" valign="top" class="vncellreq"><?=gettext("Port value");?></td>
512			<td width="78%" class="vtable">
513			<input name="ldap_port" type="text" class="formfld unknown" id="ldap_port" size="5" value="<?=htmlspecialchars($pconfig['ldap_port']);?>"/>
514			</td>
515			</tr>
516			<tr>
517			<td width="22%" valign="top" class="vncellreq"><?=gettext("Transport");?></td>
518			<td width="78%" class="vtable">
519			<select name='ldap_urltype' id='ldap_urltype' class="formselect" onchange='ldap_urlchange()'>
520			<?php
521			foreach ($ldap_urltypes as $urltype => $urlport):
522			$selected = "";
523			if ($pconfig['ldap_urltype'] == $urltype)
524	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
525	e30001cf	Matthew Grooms	?>
526			<option value="<?=$urltype;?>" <?=$selected;?>><?=$urltype;?></option>
527			<?php endforeach; ?>
528			</select>
529			</td>
530			</tr>
531	fe2031ab	Ermal	<tr id="tls_ca">
532			<td width="22%" valign="top" class="vncell"><?=gettext("Peer Certificate Authority"); ?></td>
533			<td width="78%" class="vtable">
534			<?php if (count($a_ca)): ?>
535	a8db7391	Ermal	<select id='ldap_caref' name='ldap_caref' class="formselect">
536	fe2031ab	Ermal	<?php
537			foreach ($a_ca as $ca):
538			$selected = "";
539			if ($pconfig['ldap_caref'] == $ca['refid'])
540	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
541	fe2031ab	Ermal	?>
542			<option value="<?=$ca['refid'];?>" <?=$selected;?>><?=$ca['descr'];?></option>
543			<?php endforeach; ?>
544			</select>
545	8cd558b6	ayvis	<br /><span><?=gettext("This option is used if 'SSL Encrypted' option is choosen.");?> <br />
546	fe2031ab	Ermal	<?=gettext("It must match with the CA in the AD otherwise problems will arise.");?></span>
547			<?php else: ?>
548	8cd558b6	ayvis	<b>No Certificate Authorities defined.</b> <br />Create one under <a href="system_camanager.php">System > Cert Manager</a>.
549	fe2031ab	Ermal	<?php endif; ?>
550			</td>
551			</tr>
552	e30001cf	Matthew Grooms	<tr>
553			<td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol version");?></td>
554			<td width="78%" class="vtable">
555			<select name='ldap_protver' id='ldap_protver' class="formselect">
556			<?php
557			foreach ($ldap_protvers as $version):
558			$selected = "";
559			if ($pconfig['ldap_protver'] == $version)
560	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
561	e30001cf	Matthew Grooms	?>
562			<option value="<?=$version;?>" <?=$selected;?>><?=$version;?></option>
563			<?php endforeach; ?>
564			</select>
565			</td>
566			</tr>
567			<tr>
568	64ce9d72	jim-p	<td width="22%" valign="top" class="vncell"><?=gettext("Search scope");?></td>
569	e30001cf	Matthew Grooms	<td width="78%" class="vtable">
570	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="search scope">
571	e30001cf	Matthew Grooms	<tr>
572	ea53e38f	Renato Botelho	<td><?=gettext("Level:");?>  </td>
573	e30001cf	Matthew Grooms	<td>
574			<select name='ldap_scope' id='ldap_scope' class="formselect">
575			<?php
576			foreach ($ldap_scopes as $scopename => $scopedesc):
577			$selected = "";
578			if ($pconfig['ldap_scope'] == $scopename)
579	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
580	e30001cf	Matthew Grooms	?>
581			<option value="<?=$scopename;?>" <?=$selected;?>><?=$scopedesc;?></option>
582			<?php endforeach; ?>
583			</select>
584			</td>
585			</tr>
586			<tr>
587	ea53e38f	Renato Botelho	<td><?=gettext("Base DN:");?>  </td>
588	e30001cf	Matthew Grooms	<td>
589			<input name="ldap_basedn" type="text" class="formfld unknown" id="ldap_basedn" size="40" value="<?=htmlspecialchars($pconfig['ldap_basedn']);?>"/>
590			</td>
591			</tr>
592			</table>
593
594			</td>
595			</tr>
596	c61e4626	Ermal Lu?i	<tr>
597	6d78607d	Renato Botelho	<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication containers");?></td>
598			<td width="78%" class="vtable">
599	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="auth containers">
600	6d78607d	Renato Botelho	<tr>
601	ea53e38f	Renato Botelho	<td><?=gettext("Containers:");?>  </td>
602	6d78607d	Renato Botelho	<td>
603	0f3a8925	Colin Fleming	<input name="ldapauthcontainers" type="text" class="formfld unknown" id="ldapauthcontainers" size="40" value="<?=htmlspecialchars($pconfig['ldap_authcn']);?>"/>
604			<input type="button" onclick="select_clicked();" value="<?=gettext("Select");?>" />
605	04cdae54	Malte S. Stretz	<br /><?=gettext("Note: Semi-Colon separated. This will be prepended to the search base dn above or you can specify full container path containing a dc= component.");?>
606	d345f596	Malte S. Stretz	<br /><?=gettext("Example:");?> CN=Users;DC=example,DC=com
607			<br /><?=gettext("Example:");?> OU=Staff;OU=Freelancers
608	6d78607d	Renato Botelho	</td>
609			</tr>
610			</table>
611			</td>
612			</tr>
613	c7073ebf	namezero111111	<tr>
614			<td width="22%" valign="top" class="vncell"><?=gettext("Extended Query");?></td>
615			<td width="78%" class="vtable">
616	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="query">
617	c7073ebf	namezero111111	<tr>
618			<td>
619	0f3a8925	Colin Fleming	<input name="ldap_extended_enabled" type="checkbox" id="ldap_extended_enabled" value="no" <?php if ($pconfig['ldap_extended_enabled']) echo "checked=\"checked\""; ?> />
620	c7073ebf	namezero111111	</td>
621			<td>
622
623			<input name="ldap_extended_query" type="text" class="formfld unknown" id="ldap_extended_query" size="40" value="<?=htmlspecialchars($pconfig['ldap_extended_query']);?>"/>
624	d345f596	Malte S. Stretz	<br /><?=gettext("Example:");?> &(objectClass=inetOrgPerson)(mail=*@example.com)
625	c7073ebf	namezero111111	</td>
626			</tr>
627			</table>
628			</td>
629			</tr>
630	e30001cf	Matthew Grooms	<tr>
631			<td width="22%" valign="top" class="vncell"><?=gettext("Bind credentials");?></td>
632			<td width="78%" class="vtable">
633	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" summary="bind credentials">
634	e30001cf	Matthew Grooms	<tr>
635			<td>
636	0f3a8925	Colin Fleming	<input name="ldap_anon" type="checkbox" id="ldap_anon" value="yes" <?php if ($pconfig['ldap_anon']) echo "checked=\"checked\""; ?> onclick="ldap_bindchange()" />
637	e30001cf	Matthew Grooms	</td>
638			<td>
639	257705ca	Renato Botelho	<?=gettext("Use anonymous binds to resolve distinguished names");?>
640	e30001cf	Matthew Grooms	</td>
641			</tr>
642			</table>
643	0f3a8925	Colin Fleming	<table border="0" cellspacing="0" cellpadding="2" id="ldap_bind" summary="bind">
644	e30001cf	Matthew Grooms	<tr>
645			<td colspan="2"></td>
646			</tr>
647			<tr>
648	ea53e38f	Renato Botelho	<td><?=gettext("User DN:");?>  </td>
649	e30001cf	Matthew Grooms	<td>
650	8cd558b6	ayvis	<input name="ldap_binddn" type="text" class="formfld unknown" id="ldap_binddn" size="40" value="<?=htmlspecialchars($pconfig['ldap_binddn']);?>"/><br />
651	e30001cf	Matthew Grooms	</td>
652			</tr>
653			<tr>
654	ea53e38f	Renato Botelho	<td><?=gettext("Password:");?>  </td>
655	e30001cf	Matthew Grooms	<td>
656	8cd558b6	ayvis	<input name="ldap_bindpw" type="password" class="formfld pwd" id="ldap_bindpw" size="20" value="<?=htmlspecialchars($pconfig['ldap_bindpw']);?>"/><br />
657	e30001cf	Matthew Grooms	</td>
658			</tr>
659			</table>
660			</td>
661			</tr>
662			<?php if (!isset($id)): ?>
663			<tr>
664			<td width="22%" valign="top" class="vncell"><?=gettext("Initial Template");?></td>
665			<td width="78%" class="vtable">
666			<select name='ldap_tmpltype' id='ldap_tmpltype' class="formselect" onchange='ldap_tmplchange()'>
667			<?php
668			foreach ($ldap_templates as $tmplname => $tmpldata):
669			$selected = "";
670			if ($pconfig['ldap_template'] == $tmplname)
671	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
672	e30001cf	Matthew Grooms	?>
673			<option value="<?=$tmplname;?>" <?=$selected;?>><?=$tmpldata['desc'];?></option>
674			<?php endforeach; ?>
675			</select>
676			</td>
677			</tr>
678			<?php endif; ?>
679			<tr>
680			<td width="22%" valign="top" class="vncell"><?=gettext("User naming attribute");?></td>
681			<td width="78%" class="vtable">
682			<input name="ldap_attr_user" type="text" class="formfld unknown" id="ldap_attr_user" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_user']);?>"/>
683			</td>
684			</tr>
685			<tr>
686			<td width="22%" valign="top" class="vncell"><?=gettext("Group naming attribute");?></td>
687			<td width="78%" class="vtable">
688			<input name="ldap_attr_group" type="text" class="formfld unknown" id="ldap_attr_group" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_group']);?>"/>
689			</td>
690			</tr>
691			<tr>
692			<td width="22%" valign="top" class="vncell"><?=gettext("Group member attribute");?></td>
693			<td width="78%" class="vtable">
694			<input name="ldap_attr_member" type="text" class="formfld unknown" id="ldap_attr_member" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_member']);?>"/>
695			</td>
696			</tr>
697	a5cd1c5a	jim-p	<tr>
698			<td width="22%" valign="top" class="vncell"><?=gettext("UTF8 Encode");?></td>
699			<td width="78%" class="vtable">
700			<table border="0" cellspacing="0" cellpadding="2" summary="utf8 encoding">
701			<tr>
702			<td>
703			<input name="ldap_utf8" type="checkbox" id="ldap_utf8" value="yes" <?php if ($pconfig['ldap_utf8']) echo "checked=\"checked\""; ?> />
704			</td>
705			<td>
706			<?=gettext("UTF8 encode LDAP parameters before sending them to the server. Required to support international characters, but may not be supported by every LDAP server.");?>
707			</td>
708			</tr>
709			</table>
710			</td>
711			</tr>
712			<tr>
713			<td width="22%" valign="top" class="vncell"><?=gettext("Username Alterations");?></td>
714			<td width="78%" class="vtable">
715			<table border="0" cellspacing="0" cellpadding="2" summary="username alterations">
716			<tr>
717			<td>
718			<input name="ldap_nostrip_at" type="checkbox" id="ldap_nostrip_at" value="yes" <?php if ($pconfig['ldap_nostrip_at']) echo "checked=\"checked\""; ?> />
719			</td>
720			<td>
721			<?=gettext("Do not strip away parts of the username after the @ symbol, e.g. user@host becomes user when unchecked.");?>
722			</td>
723			</tr>
724			</table>
725			</td>
726			</tr>
727	e30001cf	Matthew Grooms	</table>
728
729	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" id="radius" style="display:none" summary="">
730	e30001cf	Matthew Grooms	<tr>
731			<td colspan="2" class="list" height="12"></td>
732			</tr>
733			<tr>
734	257705ca	Renato Botelho	<td colspan="2" valign="top" class="listtopic"><?=gettext("Radius Server Settings");?></td>
735	e30001cf	Matthew Grooms	</tr>
736			<tr>
737			<td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP address");?></td>
738			<td width="78%" class="vtable">
739			<input name="radius_host" type="text" class="formfld unknown" id="radius_host" size="20" value="<?=htmlspecialchars($pconfig['radius_host']);?>"/>
740			</td>
741			</tr>
742			<tr>
743			<td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Secret");?></td>
744			<td width="78%" class="vtable">
745			<input name="radius_secret" type="password" class="formfld pwd" id="radius_secret" size="20" value="<?=htmlspecialchars($pconfig['radius_secret']);?>"/>
746			</td>
747			</tr>
748			<tr>
749			<td width="22%" valign="top" class="vncellreq"><?=gettext("Services offered");?></td>
750			<td width="78%" class="vtable">
751			<select name='radius_srvcs' id='radius_srvcs' class="formselect" onchange='radius_srvcschange()'>
752			<?php
753			foreach ($radius_srvcs as $srvcname => $srvcdesc):
754			$selected = "";
755			if ($pconfig['radius_srvcs'] == $srvcname)
756	0f3a8925	Colin Fleming	$selected = "selected=\"selected\"";
757	e30001cf	Matthew Grooms	?>
758			<option value="<?=$srvcname;?>" <?=$selected;?>><?=$srvcdesc;?></option>
759			<?php endforeach; ?>
760			</select>
761			</td>
762			</tr>
763			<tr id="radius_auth">
764			<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication port value");?></td>
765			<td width="78%" class="vtable">
766			<input name="radius_auth_port" type="text" class="formfld unknown" id="radius_auth_port" size="5" value="<?=htmlspecialchars($pconfig['radius_auth_port']);?>"/>
767			</td>
768			</tr>
769			<tr id="radius_acct">
770			<td width="22%" valign="top" class="vncellreq"><?=gettext("Accounting port value");?></td>
771			<td width="78%" class="vtable">
772			<input name="radius_acct_port" type="text" class="formfld unknown" id="radius_acct_port" size="5" value="<?=htmlspecialchars($pconfig['radius_acct_port']);?>"/>
773			</td>
774			</tr>
775	bddd2be8	jim-p	<tr>
776			<td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication Timeout");?></td>
777			<td width="78%" class="vtable">
778			<input name="radius_timeout" type="text" class="formfld unknown" id="radius_timeout" size="20" value="<?=htmlspecialchars($pconfig['radius_timeout']);?>"/>
779			<br /><?= gettext("This value controls how long, in seconds, that the RADIUS server may take to respond to an authentication request.") ?>
780			<br /><?= gettext("If left blank, the default value is 5 seconds.") ?>
781			<br /><br /><?= gettext("NOTE: If you are using an interactive two-factor authentication system, increase this timeout to account for how long it will take the user to receive and enter a token.") ?>
782			</td>
783			</tr>
784	e30001cf	Matthew Grooms	</table>
785
786	0f3a8925	Colin Fleming	<table width="100%" border="0" cellpadding="6" cellspacing="0" summary="">
787	e30001cf	Matthew Grooms	<tr>
788			<td width="22%" valign="top"> </td>
789			<td width="78%">
790	257705ca	Renato Botelho	<input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" />
791	e30001cf	Matthew Grooms	<?php if (isset($id) && $a_server[$id]): ?>
792	e41ec584	Renato Botelho	<input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" />
793	e30001cf	Matthew Grooms	<?php endif;?>
794			</td>
795			</tr>
796			</table>
797			</form>
798
799			<?php else: ?>
800
801	0f3a8925	Colin Fleming	<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="">
802	5b42a459	bcyrill	<thead>
803			<tr>
804			<th width="25%" class="listhdrr"><?=gettext("Server Name");?></th>
805			<th width="25%" class="listhdrr"><?=gettext("Type");?></th>
806			<th width="35%" class="listhdrr"><?=gettext("Host Name");?></th>
807			<th width="10%" class="list"></th>
808			</tr>
809			</thead>
810	0f3a8925	Colin Fleming	<tfoot>
811			<tr>
812			<td class="list" colspan="3"></td>
813			<td class="list">
814			<a href="system_authservers.php?act=new">
815			<img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("add server");?>" alt="<?=gettext("add server");?>" width="17" height="17" border="0" />
816			</a>
817			</td>
818			</tr>
819			<tr>
820			<td colspan="3">
821			<p>
822			<?=gettext("Additional authentication servers can be added here.");?>
823			</p>
824			</td>
825			</tr>
826			</tfoot>
827	5b42a459	bcyrill	<tbody>
828			<?php
829			$i = 0;
830			foreach($a_server as $server):
831			$name = htmlspecialchars($server['name']);
832			$type = htmlspecialchars($auth_server_types[$server['type']]);
833			$host = htmlspecialchars($server['host']);
834			?>
835	0f3a8925	Colin Fleming	<tr <?php if ($i < (count($a_server) - 1)): ?> ondblclick="document.location='system_authservers.php?act=edit&id=<?=$i;?>'" <?php endif; ?>>
836	5b42a459	bcyrill	<td class="listlr"><?=$name?> </td>
837			<td class="listr"><?=$type;?> </td>
838			<td class="listr"><?=$host;?> </td>
839	0f3a8925	Colin Fleming	<td valign="middle" class="list nowrap">
840	5b42a459	bcyrill	<?php if ($i < (count($a_server) - 1)): ?>
841	0f3a8925	Colin Fleming	<a href="system_authservers.php?act=edit&id=<?=$i;?>">
842	5b42a459	bcyrill	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit server");?>" alt="<?=gettext("edit server");?>" width="17" height="17" border="0" />
843			</a>
844
845	0f3a8925	Colin Fleming	<a href="system_authservers.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Server?");?>')">
846	5b42a459	bcyrill	<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete server");?>" alt="<?=gettext("delete server");?>" width="17" height="17" border="0" />
847			</a>
848			<?php endif; ?>
849			</td>
850			</tr>
851			<?php
852			$i++; endforeach;
853			?>
854			</tbody>
855	fbf672cb	Matthew Grooms	</table>
856
857	e30001cf	Matthew Grooms	<?php endif; ?>
858	fbf672cb	Matthew Grooms
859	e30001cf	Matthew Grooms	</div>
860	fbf672cb	Matthew Grooms	</td>
861			</tr>
862			</table>
863	be934aad	Ermal Lu?i	<?php include("fend.inc"); ?>
864	fbf672cb	Matthew Grooms	<script type="text/javascript">
865	0f3a8925	Colin Fleming	//<![CDATA[
866	dd5bf424	Scott Ullrich	server_typechange('<?=htmlspecialchars($pconfig['type']);?>');
867	fbf672cb	Matthew Grooms	<?php if (!isset($id) \|\| $pconfig['type'] == "ldap"): ?>
868			ldap_bindchange();
869	8f096822	jim-p	if (document.getElementById("ldap_port").value == "")
870			ldap_urlchange();
871	6306b5dd	Ermal Lu?i	<?php if (!isset($id)): ?>
872	fbf672cb	Matthew Grooms	ldap_tmplchange();
873	ee9933b6	Renato Botelho	<?php endif; ?>
874			<?php endif; ?>
875	fbf672cb	Matthew Grooms	<?php if (!isset($id) \|\| $pconfig['type'] == "radius"): ?>
876			radius_srvcschange();
877	ee9933b6	Renato Botelho	<?php endif; ?>
878	0f3a8925	Colin Fleming	//]]>
879	fbf672cb	Matthew Grooms	</script>
880			</body>
881	0f3a8925	Colin Fleming	</html>

Project

General

Profile

pfSense