summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErmal Luci <eri@pfsense.org>2009-06-18 12:40:11 +0000
committerErmal Luci <eri@pfsense.org>2009-06-18 12:40:11 +0000
commit6dc88d5352ea963d85708379405e238e0518e990 (patch)
treee51eb1a505ff148a495c642c9b6ed225476a58ce
parent4b9980ecfff36202b6ea8dbf7d41e44f78ba52f3 (diff)
downloadpfsense-6dc88d5352ea963d85708379405e238e0518e990.zip
pfsense-6dc88d5352ea963d85708379405e238e0518e990.tar.gz
* Move functions that output html to guiconfig.inc
* Remove some recursive dependency on some includes * Remove ^M or \r from files * Remove some entries from functions.inc to avoid including them twice * Remove some unneccessary includes from some files NOTE: There is some more work to be done for pkg-utils.inc to be removed from backend as a dependency.
Diffstat
-rw-r--r--etc/inc/auth.inc37
-rw-r--r--etc/inc/authgui.inc3
-rw-r--r--etc/inc/certs.inc450
-rw-r--r--etc/inc/functions.inc3
-rw-r--r--etc/inc/pfsense-utils.inc340
-rw-r--r--etc/inc/priv.inc531
-rw-r--r--etc/inc/rrd.inc5
-rw-r--r--etc/inc/util.inc13
-rwxr-xr-xusr/local/www/guiconfig.inc325
-rw-r--r--usr/local/www/vpn_l2tp_users_edit.php1
10 files changed, 832 insertions, 876 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 09e0273..dd69a28 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -42,7 +42,7 @@
* file courtesy of Michael Retterklieber.
*/
-require_once("functions.inc");
+require_once("config.inc");
$groupindex = index_groups();
$userindex = index_users();
@@ -107,6 +107,39 @@ function & getGroupEntryByGID($gid) {
return false;
}
+function get_user_privileges(& $user) {
+
+ $privs = $user['priv'];
+ if (!is_array($privs))
+ $privs = array();
+
+ $names = local_user_get_groups($user, true);
+
+ foreach ($names as $name) {
+ $group = getGroupEntry($name);
+ if (is_array($group['priv']))
+ $privs = array_merge( $privs, $group['priv']);
+ }
+
+ return $privs;
+}
+
+function userHasPrivilege($userent, $privid = false) {
+
+ if (!$privid || !is_array($userent))
+ return false;
+
+ $privs = get_user_privileges($userent);
+
+ if (!is_array($privs))
+ return false;
+
+ if (!in_array($privid, $privs))
+ return false;
+
+ return true;
+}
+
function local_backed($username, $passwd) {
$user = getUserEntry($username);
@@ -872,7 +905,7 @@ function session_auth($backing) {
return false;
/* redirect to page the user is on, it'll prompt them to login again */
- pfSenseHeader($scriptName);
+ Header("Location: {$scriptName}");
return false;
}
diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc
index 0acb63b..d9611d2 100644
--- a/etc/inc/authgui.inc
+++ b/etc/inc/authgui.inc
@@ -35,8 +35,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
-include_once("auth.inc");
-require_once("functions.inc");
+include_once("priv.inc");
/* We only support htpasswd backed HTTP Basic auth and session
* based backing methods at the moment.
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc
index b7c0e60..4177545 100644
--- a/etc/inc/certs.inc
+++ b/etc/inc/certs.inc
@@ -1,226 +1,224 @@
-<?php
-/* $Id$ */
-/*
- Copyright (C) 2008 Shrew Soft Inc
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-
- DISABLE_PHP_LINT_CHECKING
-*/
-
-require_once("functions.inc");
-
-function & lookup_ca($refid) {
- global $config;
-
- if (is_array($config['system']['ca']))
- foreach ($config['system']['ca'] as & $ca)
- if ($ca['refid'] == $refid)
- return $ca;
-
- return false;
-}
-
-function & lookup_cert($refid) {
- global $config;
-
- if (is_array($config['system']['cert']))
- foreach ($config['system']['cert'] as & $cert)
- if ($cert['refid'] == $refid)
- return $cert;
-
- return false;
-}
-
-function ca_import(& $ca, $str) {
-
- $ca['crt'] = base64_encode($str);
-
- return true;
-}
-
-function ca_create(& $ca, $keylen, $lifetime, $dn) {
-
- $args = array(
- "digest_alg" => "sha1",
- "private_key_bits" => $keylen,
- "private_key_type" => OPENSSL_KEYTYPE_RSA,
- "encrypt_key" => false);
-
- // generate a new key pair
- $res_key = openssl_pkey_new();
-
- // generate a certificate signing request
- $res_csr = openssl_csr_new($dn, $res_key, $args);
-
- // self sign the certificate
- $res_crt = openssl_csr_sign($res_csr, null, $res_key, $lifetime, $args);
-
- // export our certificate data
- openssl_pkey_export($res_key, $str_key);
- openssl_x509_export($res_crt, $str_crt);
-
- // return our ca information
- $ca['crt'] = base64_encode($str_crt);
- $ca['prv'] = base64_encode($str_key);
- $ca['serial'] = 0;
-
- return true;
-}
-
-function cert_import(& $cert, $crt_str, $key_str) {
-
- $cert['crt'] = base64_encode($crt_str);
- $cert['prv'] = base64_encode($key_str);
-
- return true;
-}
-
-function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) {
-
- $ca =& lookup_ca($caref);
- if (!$ca)
- return false;
-
- $ca_str_crt = base64_decode($ca['crt']);
- $ca_str_key = base64_decode($ca['prv']);
- $ca_res_crt = openssl_x509_read($ca_str_crt);
- $ca_res_key = openssl_pkey_get_private($ca_str_key);
- $ca_serial = $ca['serial']++;
-
- $args = array(
- "digest_alg" => "sha1",
- "private_key_bits" => $keylen,
- "private_key_type" => OPENSSL_KEYTYPE_RSA,
- "encrypt_key" => false);
-
- // generate a new key pair
- $res_key = openssl_pkey_new();
-
- // generate a certificate signing request
- $res_csr = openssl_csr_new($dn, $res_key, $args);
-
- // self sign the certificate
- $res_crt = openssl_csr_sign($res_csr, $ca_res_crt, $ca_res_key, $lifetime,
- $args, $ca_serial);
-
- // export our certificate data
- openssl_pkey_export($res_key, $str_key);
- openssl_x509_export($res_crt, $str_crt);
-
- // return our certificate information
- $cert['caref'] = $caref;
- $cert['crt'] = base64_encode($str_crt);
- $cert['prv'] = base64_encode($str_key);
-
- return true;
-}
-
-function csr_generate(& $cert, $keylen, $dn) {
-
- $args = array(
- "digest_alg" => "sha1",
- "private_key_bits" => $keylen,
- "private_key_type" => OPENSSL_KEYTYPE_RSA,
- "encrypt_key" => false);
-
- // generate a new key pair
- $res_key = openssl_pkey_new();
-
- // generate a certificate signing request
- $res_csr = openssl_csr_new($dn, $res_key, $args);
-
- // export our request data
- openssl_pkey_export($res_key, $str_key);
- openssl_csr_export($res_csr, $str_csr);
-
- // return our request information
- $cert['csr'] = base64_encode($str_csr);
- $cert['prv'] = base64_encode($str_key);
-
- return true;
-}
-
-function csr_complete(& $cert, $str_crt) {
-
- // return our request information
- $cert['crt'] = base64_encode($str_crt);
- unset($cert['csr']);
-
- return true;
-}
-
-function csr_get_subject($str_crt, $decode = true) {
-
- if ($decode)
- $str_crt = base64_decode($str_crt);
-
- $components = openssl_csr_get_subject($str_crt);
-
- if (!is_array($components))
- return "unknown";
-
- foreach ($components as $a => $v) {
- if (!strlen($subject))
- $subject = "{$a}={$v}";
- else
- $subject = "{$a}={$v}, {$subject}";
- }
-
- return $subject;
-}
-
-function cert_get_subject($str_crt, $decode = true) {
-
- if ($decode)
- $str_crt = base64_decode($str_crt);
-
- $inf_crt = openssl_x509_parse($str_crt);
- $components = $inf_crt['subject'];
-
- if (!is_array($components))
- return "unknown";
-
- foreach ($components as $a => $v) {
- if (!strlen($subject))
- $subject = "{$a}={$v}";
- else
- $subject = "{$a}={$v}, {$subject}";
- }
-
- return $subject;
-}
-
-function cert_get_subject_array($crt) {
- $str_crt = base64_decode($crt);
- $inf_crt = openssl_x509_parse($str_crt);
- $components = $inf_crt['subject'];
- $subject_array = array();
-
- foreach($components as $a => $v)
- $subject_array[] = array('a' => $a, 'v' => $v);
-
- return $subject_array;
-}
-
-?>
+<?php
+/* $Id$ */
+/*
+ Copyright (C) 2008 Shrew Soft Inc
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+ DISABLE_PHP_LINT_CHECKING
+*/
+
+function & lookup_ca($refid) {
+ global $config;
+
+ if (is_array($config['system']['ca']))
+ foreach ($config['system']['ca'] as & $ca)
+ if ($ca['refid'] == $refid)
+ return $ca;
+
+ return false;
+}
+
+function & lookup_cert($refid) {
+ global $config;
+
+ if (is_array($config['system']['cert']))
+ foreach ($config['system']['cert'] as & $cert)
+ if ($cert['refid'] == $refid)
+ return $cert;
+
+ return false;
+}
+
+function ca_import(& $ca, $str) {
+
+ $ca['crt'] = base64_encode($str);
+
+ return true;
+}
+
+function ca_create(& $ca, $keylen, $lifetime, $dn) {
+
+ $args = array(
+ "digest_alg" => "sha1",
+ "private_key_bits" => $keylen,
+ "private_key_type" => OPENSSL_KEYTYPE_RSA,
+ "encrypt_key" => false);
+
+ // generate a new key pair
+ $res_key = openssl_pkey_new();
+
+ // generate a certificate signing request
+ $res_csr = openssl_csr_new($dn, $res_key, $args);
+
+ // self sign the certificate
+ $res_crt = openssl_csr_sign($res_csr, null, $res_key, $lifetime, $args);
+
+ // export our certificate data
+ openssl_pkey_export($res_key, $str_key);
+ openssl_x509_export($res_crt, $str_crt);
+
+ // return our ca information
+ $ca['crt'] = base64_encode($str_crt);
+ $ca['prv'] = base64_encode($str_key);
+ $ca['serial'] = 0;
+
+ return true;
+}
+
+function cert_import(& $cert, $crt_str, $key_str) {
+
+ $cert['crt'] = base64_encode($crt_str);
+ $cert['prv'] = base64_encode($key_str);
+
+ return true;
+}
+
+function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) {
+
+ $ca =& lookup_ca($caref);
+ if (!$ca)
+ return false;
+
+ $ca_str_crt = base64_decode($ca['crt']);
+ $ca_str_key = base64_decode($ca['prv']);
+ $ca_res_crt = openssl_x509_read($ca_str_crt);
+ $ca_res_key = openssl_pkey_get_private($ca_str_key);
+ $ca_serial = $ca['serial']++;
+
+ $args = array(
+ "digest_alg" => "sha1",
+ "private_key_bits" => $keylen,
+ "private_key_type" => OPENSSL_KEYTYPE_RSA,
+ "encrypt_key" => false);
+
+ // generate a new key pair
+ $res_key = openssl_pkey_new();
+
+ // generate a certificate signing request
+ $res_csr = openssl_csr_new($dn, $res_key, $args);
+
+ // self sign the certificate
+ $res_crt = openssl_csr_sign($res_csr, $ca_res_crt, $ca_res_key, $lifetime,
+ $args, $ca_serial);
+
+ // export our certificate data
+ openssl_pkey_export($res_key, $str_key);
+ openssl_x509_export($res_crt, $str_crt);
+
+ // return our certificate information
+ $cert['caref'] = $caref;
+ $cert['crt'] = base64_encode($str_crt);
+ $cert['prv'] = base64_encode($str_key);
+
+ return true;
+}
+
+function csr_generate(& $cert, $keylen, $dn) {
+
+ $args = array(
+ "digest_alg" => "sha1",
+ "private_key_bits" => $keylen,
+ "private_key_type" => OPENSSL_KEYTYPE_RSA,
+ "encrypt_key" => false);
+
+ // generate a new key pair
+ $res_key = openssl_pkey_new();
+
+ // generate a certificate signing request
+ $res_csr = openssl_csr_new($dn, $res_key, $args);
+
+ // export our request data
+ openssl_pkey_export($res_key, $str_key);
+ openssl_csr_export($res_csr, $str_csr);
+
+ // return our request information
+ $cert['csr'] = base64_encode($str_csr);
+ $cert['prv'] = base64_encode($str_key);
+
+ return true;
+}
+
+function csr_complete(& $cert, $str_crt) {
+
+ // return our request information
+ $cert['crt'] = base64_encode($str_crt);
+ unset($cert['csr']);
+
+ return true;
+}
+
+function csr_get_subject($str_crt, $decode = true) {
+
+ if ($decode)
+ $str_crt = base64_decode($str_crt);
+
+ $components = openssl_csr_get_subject($str_crt);
+
+ if (!is_array($components))
+ return "unknown";
+
+ foreach ($components as $a => $v) {
+ if (!strlen($subject))
+ $subject = "{$a}={$v}";
+ else
+ $subject = "{$a}={$v}, {$subject}";
+ }
+
+ return $subject;
+}
+
+function cert_get_subject($str_crt, $decode = true) {
+
+ if ($decode)
+ $str_crt = base64_decode($str_crt);
+
+ $inf_crt = openssl_x509_parse($str_crt);
+ $components = $inf_crt['subject'];
+
+ if (!is_array($components))
+ return "unknown";
+
+ foreach ($components as $a => $v) {
+ if (!strlen($subject))
+ $subject = "{$a}={$v}";
+ else
+ $subject = "{$a}={$v}, {$subject}";
+ }
+
+ return $subject;
+}
+
+function cert_get_subject_array($crt) {
+ $str_crt = base64_decode($crt);
+ $inf_crt = openssl_x509_parse($str_crt);
+ $components = $inf_crt['subject'];
+ $subject_array = array();
+
+ foreach($components as $a => $v)
+ $subject_array[] = array('a' => $a, 'v' => $v);
+
+ return $subject_array;
+}
+
+?>
diff --git a/etc/inc/functions.inc b/etc/inc/functions.inc
index 1365742..0cc5675 100644
--- a/etc/inc/functions.inc
+++ b/etc/inc/functions.inc
@@ -70,11 +70,9 @@ if(!function_exists("pfSenseHeader")) {
/* END compatibility goo with HEAD */
/* include all configuration functions */
-require_once("auth.inc");
require_once("priv.inc");
require_once("certs.inc");
require_once("crypt.inc");
-require_once("util.inc");
require_once("interfaces.inc");
require_once("gwlb.inc");
require_once("services.inc");
@@ -86,7 +84,6 @@ require_once("openvpn.inc");
require_once("ipsec.inc");
require_once("vpn.inc");
require_once("vslb.inc");
-require_once("notices.inc");
require_once("cmd_chain.inc");
require_once("rrd.inc");
diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc
index 401787d..9c62180 100644
--- a/etc/inc/pfsense-utils.inc
+++ b/etc/inc/pfsense-utils.inc
@@ -705,21 +705,6 @@ function get_filename_from_url($url) {
}
/*
- * update_output_window: update bottom textarea dynamically.
- */
-function update_output_window($text) {
- global $pkg_interface;
- $log = ereg_replace("\n", "\\n", $text);
- if($pkg_interface == "console") {
- /* too chatty */
- } else {
- echo "\n<script language=\"JavaScript\">this.document.forms[0].output.value = \"" . $log . "\";</script>";
- }
- /* ensure that contents are written out */
- ob_flush();
-}
-
-/*
* get_dir: return an array of $dir
*/
function get_dir($dir) {
@@ -732,35 +717,6 @@ function get_dir($dir) {
return $dir_array;
}
-/*
- * update_output_window: update top textarea dynamically.
- */
-function update_status($status) {
- global $pkg_interface;
- if($pkg_interface == "console") {
- echo $status . "\n";
- } else {
- echo "\n<script type=\"text/javascript\">this.document.forms[0].status.value=\"" . $status . "\";</script>";
- }
- /* ensure that contents are written out */
- ob_flush();
-}
-
-/*
- * update_progress_bar($percent): updates the javascript driven progress bar.
- */
-function update_progress_bar($percent) {
- global $pkg_interface;
- if($percent > 100) $percent = 1;
- if($pkg_interface <> "console") {
- echo "\n<script type=\"text/javascript\" language=\"javascript\">";
- echo "\ndocument.progressbar.style.width='" . $percent . "%';";
- echo "\n</script>";
- } else {
- echo " {$percent}%";
- }
-}
-
/****f* pfsense-utils/WakeOnLan
* NAME
* WakeOnLan - Wake a machine up using the wake on lan format/protocol
@@ -1071,157 +1027,6 @@ function get_disk_info() {
// $size, $used, $avail, $cap
}
-/****f* pfsense-utils/display_top_tabs
- * NAME
- * display_top_tabs - display tabs with rounded edges
- * INPUTS
- * $text - array of tabs
- * RESULT
- * null
- ******/
-function display_top_tabs(& $tab_array) {
- global $HTTP_SERVER_VARS;
- global $config;
- global $g;
-
- /* does the user have access to this tab?
- * master user has access to everything.
- * if the user does not have access, simply
- * unset the tab item.
- */
-
- $tab_temp = array ();
- foreach ($tab_array as $ta)
- if(isAllowedPage($ta[2]))
- $tab_temp[] = $ta;
- /*
- // FIXME : if the checks are not good enough
- // in isAllowedPage, it needs to be
- // fixed instead of kludging here
-
- // TODO: humm what shall we do with pkg_edit.php and pkg.php?
- if ((strpos($link, "pkg.php")) !== false || (strpos($link, "pkg_edit.php")) !== false) {
- $pos_equal = strpos($link, "=");
- $pos_xmlsuffix = strpos($link, ".xml");
- // do we match an absolute url including ?xml= foo
- if(!isAllowedPage($link, $allowed))
- $link = substr($link, $pos_equal +1, ($pos_xmlsuffix - $pos_equal +3));
- }
- // next check - what if the basename contains a query string?
- if ((strpos($link, "?")) !== false) {
- $pos_qmark = strpos($link, "?");
- $link = substr($link, 0, $pos_qmark);
- }
- $authorized_text = print_r($allowed, true);
- if(is_array($authorized))
- if (in_array(basename($link), $authorized))
- */
-
- unset ($tab_array);
- $tab_array = & $tab_temp;
-
- $tab_active_bg = "#EEEEEE";
- $tab_inactive_bg = "#777777";
- $nifty_tabs_corners = "#FFF";
- $font_color = "white";
-
- /* if tabcontrols.php exist for a theme, allow it to be overriden */
- $themename = $config['theme'];
- $filename = "/usr/local/www/themes/{$themename}/tabcontrols.php";
- if(file_exists($filename)) {
- $eval_code = file_get_contents($filename);
- eval($eval_code);
- }
-
- $tabcharcount = 0;
- foreach ($tab_array as $ta)
- $tabcharcount = $tabcharcount + strlen($ta[0]);
-
- // If the character count of the tab names is > 670
- // then show a select item dropdown menubox.
- if($tabcharcount > 82) {
- echo "Currently viewing: ";
- echo "<select name='TabSelect'>\n";
- foreach ($tab_array as $ta) {
- if($ta[1]=="true")
- $selected = " SELECTED";
- else
- $selected = "";
- echo "<option onClick=\"document.location='{$ta[2]}';\"{$selected}>{$ta['0']}</option>\n";
- }
- echo "</select>\n<p/>";
- } else {
- echo "<table cellpadding='0' cellspacing='0'>\n";
- echo " <tr>\n";
- $tabscounter = 0;
- foreach ($tab_array as $ta) {
- if ($ta[1] == true) {
- echo " <td bgcolor='{$tab_active_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"><div id='tabactive'></div></td>\n";
- } else {
- echo " <td bgcolor='{$tab_inactive_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"><div id='tabdeactive{$tabscounter}'></div></td>\n";
- }
- $tabscounter++;
- }
- echo "</tr>\n<tr>\n";
- foreach ($tab_array as $ta) {
- if ($ta[1] == true) {
- echo " <td height=\"15\" valign=\"middle\" bgcolor='{$tab_active_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"><B>&nbsp;&nbsp;&nbsp;{$ta[0]}";
- echo "&nbsp;&nbsp;&nbsp;";
- echo "<font size='-12'>&nbsp;</font></B></td>\n";
- } else {
- echo " <td height=\"15\" valign=\"middle\" bgcolor='{$tab_inactive_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"><B>&nbsp;&nbsp;&nbsp;<a href='{$ta[2]}'>";
- echo "<font color='{$font_color}'>{$ta[0]}</font></a>&nbsp;&nbsp;&nbsp;";
- echo "<font size='-12'>&nbsp;</font></B></td>\n";
- }
- }
- echo "</tr>\n<tr>\n";
- foreach ($tab_array as $ta) {
- if ($ta[1] == true) {
- echo " <td bgcolor='{$tab_active_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"></td>\n";
- } else {
- echo " <td bgcolor='{$tab_inactive_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"></td>\n";
- }
- $tabscounter++;
- }
- echo " </tr>\n";
- echo "</table>\n";
- echo "<script type=\"text/javascript\">";
- echo "NiftyCheck();\n";
- echo "Rounded(\"div#tabactive\",\"top\",\"{$nifty_tabs_corners}\",\"{$tab_active_bg}\",\"smooth\");\n";
- for ($x = 0; $x < $tabscounter; $x++)
- echo "Rounded(\"div#tabdeactive{$x}\",\"top\",\"{$nifty_tabs_corners}\",\"{$tab_inactive_bg}\",\"smooth\");\n";
- echo "</script>";
- }
-}
-
-
-/****f* pfsense-utils/display_topbar
- * NAME
- * display_topbar - top a table off with rounded edges
- * INPUTS
- * $text - (optional) Text to include in bar
- * RESULT
- * null
- ******/
-function display_topbar($text = "", $bg_color="#990000", $replace_color="#FFFFFF", $rounding_style="smooth") {
- echo " <table width='100%' cellpadding='0' cellspacing='0'>\n";
- echo " <tr height='1'>\n";
- echo " <td width='100%' valign='top' color='{$bg_color}' bgcolor='{$bg_color}'>";
- echo " <div id='topbar'></div></td>\n";
- echo " </tr>\n";
- echo " <tr height='1'>\n";
- if ($text != "")
- echo " <td height='1' class='listtopic'>{$text}</td>\n";
- else
- echo " <td height='1' class='listtopic'></td>\n";
- echo " </tr>\n";
- echo " </table>";
- echo "<script type=\"text/javascript\">";
- echo "NiftyCheck();\n";
- echo "Rounded(\"div#topbar\",\"top\",\"{$replace_color}\",\"{$bg_color}\",\"{$rounding_style}\");\n";
- echo "</script>";
-}
-
/****f* pfsense-utils/strncpy
* NAME
* strncpy - copy strings
@@ -1579,18 +1384,6 @@ function is_dhcp_server_enabled()
return $dhcpdenable;
}
-/****f* pfsense-utils/isAjax
- * NAME
- * isAjax - reports if the request is driven from prototype
- * INPUTS
- * none
- * RESULT
- * true/false
- ******/
-function isAjax() {
- return isset ($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest';
-}
-
//returns interface information
function get_interface_info($ifdescr) {
global $config, $linkinfo, $netstatrninfo;
@@ -1889,139 +1682,6 @@ function pfsense_default_state_size() {
return $max_states;
}
-function rule_popup($src,$srcport,$dst,$dstport){
-global $config;
-$aliases_array = array();
-if($config['aliases']['alias'] <> "" and is_array($config['aliases']['alias']))
-{
-$span_begin = "";
- $alias_src_span_begin = "";
- $alias_src_span_end = "";
- $alias_src_port_span_begin = "";
- $alias_src_port_span_end = "";
- $alias_dst_span_begin = "";
- $alias_dst_span_end = "";
- $alias_dst_port_span_begin = "";
- $alias_dst_port_span_end = "";
- $alias_content_text = "";
- foreach($config['aliases']['alias'] as $alias_name)
- {
- $alias_addresses = explode (" ", $alias_name['address']);
- $alias_details = explode ("||", $alias_name['detail']);
- $alias_objects_with_details = "";
- $counter = 0;
- foreach($alias_addresses as $alias_ports_address)
- {
- $alias_objects_with_details .= $alias_addresses[$counter];
- $alias_detail_default = strpos ($alias_details[$counter],"Entry added");
- if ($alias_details[$counter] != "" && $alias_detail_default === False){
- $alias_objects_with_details .=" - " . $alias_details[$counter];
- }
- $alias_objects_with_details .= "<br>";
- $counter++;
- }
- //max character length for caption field
- $maxlength = 60;
-
- $alias_descr_substr = $alias_name['descr'];
- $alias_content_text = htmlspecialchars($alias_objects_with_details);
- $alias_caption = htmlspecialchars($alias_descr_substr . ":");
- $strlength = strlen ($alias_caption);
- if ($strlength >= $maxlength)
- $alias_caption = substr($alias_caption, 0, $maxlength) . "...";
-
- $span_begin = "<span style=\"cursor: help;\" onmouseover=\"domTT_activate(this, event, 'content', '<h1>$alias_caption</h1><p>$alias_content_text</p>', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\"><U>";
-
-
- if ($alias_name['name'] == $src)
- {
- $alias_src_span_begin = $span_begin;
- }
- if ($alias_name['name'] == $srcport)
- {
- $alias_src_port_span_begin = $span_begin;
- }
- if ($alias_name['name'] == $dst)
- {
- $alias_dst_span_begin = $span_begin;
- }
- if ($alias_name['name'] == $dstport)
- {
- $alias_dst_port_span_begin = $span_begin;
- }
-
- }
- $descriptions = array ();
- $descriptions['src'] = $alias_src_span_begin;
- $descriptions['srcport'] = $alias_src_port_span_begin;
- $descriptions['dst'] = $alias_dst_span_begin;
- $descriptions['dstport'] = $alias_dst_port_span_begin;
- return $descriptions;
- }
-}
-function download_file_with_progress_bar($url_file, $destination_file, $readbody = 'read_body') {
- global $ch, $fout, $file_size, $downloaded;
- $file_size = 1;
- $downloaded = 1;
- /* open destination file */
- $fout = fopen($destination_file, "wb");
-
- /*
- * Originally by Author: Keyvan Minoukadeh
- * Modified by Scott Ullrich to return Content-Length size
- */
-
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url_file);
- curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');
- curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody);
- curl_setopt($ch, CURLOPT_NOPROGRESS, '1');
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5');
- curl_setopt($ch, CURLOPT_TIMEOUT, 0);
-
- curl_exec($ch);
- $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
- if($fout)
- fclose($fout);
- curl_close($ch);
- return ($http_code == 200) ? true : $http_code;
-}
-
-function read_header($ch, $string) {
- global $file_size, $fout;
- $length = strlen($string);
- $regs = "";
- ereg("(Content-Length:) (.*)", $string, $regs);
- if($regs[2] <> "") {
- $file_size = intval($regs[2]);
- }
- ob_flush();
- return $length;
-}
-
-function read_body($ch, $string) {
- global $fout, $file_size, $downloaded, $sendto, $static_status, $static_output, $lastseen;
- $length = strlen($string);
- $downloaded += intval($length);
- $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0);
- $downloadProgress = 100 - $downloadProgress;
- if($lastseen <> $downloadProgress and $downloadProgress < 101) {
- if($sendto == "status") {
- $tostatus = $static_status . $downloadProgress . "%";
- update_status($tostatus);
- } else {
- $tooutput = $static_output . $downloadProgress . "%";
- update_output_window($tooutput);
- }
- update_progress_bar($downloadProgress);
- $lastseen = $downloadProgress;
- }
- if($fout)
- fwrite($fout, $string);
- ob_flush();
- return $length;
-}
-
/* Compare the current hostname DNS to the DNS cache we made
* if it has changed we return the old records
* if no change we return true */
diff --git a/etc/inc/priv.inc b/etc/inc/priv.inc
index 824ea7b..9b6c97c 100644
--- a/etc/inc/priv.inc
+++ b/etc/inc/priv.inc
@@ -1,282 +1,249 @@
-<?php
-/* $Id$ */
-/*
- Copyright (C) 2008 Shrew Soft Inc
- All rights reserved.
-
- Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>
- All rights reserved.
-
- Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
- All rights reserved.
-
- Copyright (C) 2006 Paul Taylor <paultaylor@winn-dixie.com>.
- All rights reserved.
-
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
-
- DISABLE_PHP_LINT_CHECKING
-*/
-
-require_once("functions.inc");
-require_once("priv.defs.inc");
-
-/*
- * USER PRIVILEGE DEFINITIONS
- */
-
-$priv_list['user-shell-access'] = array();
-$priv_list['user-shell-access']['name'] = "User - Shell account access";
-$priv_list['user-shell-access']['descr'] = "Indicates whether the user is able to login for ".
- "example via SSH.";
-
-$priv_list['user-copy-files'] = array();
-$priv_list['user-copy-files']['name'] = "User - Copy files";
-$priv_list['user-copy-files']['descr'] = "Indicates whether the user is allowed to copy files ".
- "onto the {$g['product_name']} appliance via SCP/SFTP. ".
- "If you are going to use this privilege, you must install ".
- "scponly on the appliance (Hint: pkg_add -r scponly).";
-
-sort_privs($priv_list);
-
-function cmp_privkeys($a, $b) {
- /* user privs at the top */
- $auser = strncmp("user-", $a, 5);
- $buser = strncmp("user-", $b, 5);
- if($auser != $buser)
- return $auser - buser;
-
- /* name compare others */
- return strcasecmp($a, $b);
-}
-
-function sort_privs(& $privs) {
-
- uksort($privs, "cmp_privkeys");
-}
-
-function cmp_page_matches($page, & $matches, $fullwc = true) {
-
-// $dbg_matches = implode(",", $matches);
-// log_error("debug: checking page {$page} match with {$dbg_matches}");
-
- if (!is_array($matches))
- return false;
-
- /* skip any leading fwdslash */
- $test = strpos($page, "/");
- if ($test !== false && $test == 0)
- $page = substr($page, 1);
-
- /* look for a match */
- foreach ($matches as $match) {
-
- /* possibly ignore full wildcard match */
- if (!$fullwc && !strcmp($match ,"*"))
- continue;
-
- /* compare exact or wildcard match */
- $wcpos = strpos($match, "*");
- if ($wcpos === false)
- $result = strcmp($page, $match);
- else
- $result = strncmp($page, $match, $wcpos);
-
- if (!$result)
- return true;
- }
-
- return false;
-}
-
-function map_page_privname($page) {
- global $priv_list;
-
- foreach ($priv_list as $pname => $pdata) {
- if (strncmp($pname, "page-", 5))
- continue;
- $fullwc = false;
- if (!strcasecmp($page,"any")||!strcmp($page,"*"))
- $fullwc = true;
- if (cmp_page_matches($page, $pdata['match'], $fullwc))
- return $pname;
- }
-
- return false;
-}
-
-function get_user_privileges(& $user) {
-
- $privs = $user['priv'];
- if (!is_array($privs))
- $privs = array();
-
- $names = local_user_get_groups($user, true);
-
- foreach ($names as $name) {
- $group = getGroupEntry($name);
- if (is_array($group['priv']))
- $privs = array_merge( $privs, $group['priv']);
- }
-
- return $privs;
-}
-
-function get_user_privdesc(& $user) {
- global $priv_list;
-
- $privs = array();
-
- $user_privs = $user['priv'];
- if (!is_array($user_privs))
- $user_privs = array();
-
- $names = local_user_get_groups($user, true);
-
- foreach ($names as $name) {
- $group = getGroupEntry($name);
- $group_privs = $group['priv'];
- if (!is_array($group_privs))
- continue;
- foreach ($group_privs as $pname) {
- if (in_array($pname,$user_privs))
- continue;
- if (!$priv_list[$pname])
- continue;
- $priv = $priv_list[$pname];
- $priv['group'] = $group['name'];
- $privs[] = $priv;
- }
- }
-
- foreach ($user_privs as $pname)
- if($priv_list[$pname])
- $privs[] = $priv_list[$pname];
-
- return $privs;
-}
-
-function isAllowedPage($page) {
- global $_SESSION;
-
- $username = $_SESSION['Username'];
- if (!isset($username))
- return false;
-
- /* admin/root access check */
- $user = getUserEntry($username);
- if (isset($user))
- if (isset($user['uid']))
- if ($user['uid']==0)
- return true;
-
- /* user privelege access check */
- if (cmp_page_matches($page, $_SESSION['page-match']))
- return true;
-
- return false;
-}
-
-function getPrivPages(& $entry, & $allowed_pages) {
- global $priv_list;
-
- if (!is_array($entry['priv']))
- return;
-
- foreach ($entry['priv'] as $pname) {
- if (strncmp($pname, "page-", 5))
- continue;
- $priv = &$priv_list[$pname];
- if (!is_array($priv))
- continue;
- $matches = &$priv['match'];
- if (!is_array($matches))
- continue;
- foreach ($matches as $match)
- $allowed_pages[] = $match;
- }
-}
-
-function getAllowedPages($username) {
- global $config, $_SESSION;
-
- if (!function_exists("ldap_connect"))
- return;
-
- $allowed_pages = array();
- $allowed_groups = array();
-
- $ldapon = $_SESSION['ldapon'];
-
- // search for a local user by name
- $local_user = getUserEntry($username);
-
- // obtain local groups if we have a local user
- if ($local_user) {
- $allowed_groups = local_user_get_groups($local_user);
- getPrivPages($local_user, $allowed_pages);
- }
-
- // obtain ldap groups if we are in ldap mode
- if ($config['system']['webgui']['backend'] == "ldap" && !$local_user)
- $allowed_groups = ldap_get_groups($username);
-
- // obtain ldapother groups if we are in ldap mode
- if ($config['system']['webgui']['backend'] == "ldapother" && !$local_user)
- $allowed_groups = ldap_get_groups($username);
-
- // build a list of allowed pages
- if (is_array($config['system']['group']) && is_array($allowed_groups))
- foreach ($config['system']['group'] as $group)
- if (in_array($group['name'], $allowed_groups))
- getPrivPages($group, $allowed_pages);
-
-// $dbg_pages = implode(",", $allowed_pages);
-// $dbg_groups = implode(",", $allowed_groups);
-// log_error("debug: user {$username} groups = {$dbg_groups}");
-// log_error("debug: user {$username} pages = {$dbg_pages}");
-
- $_SESSION['page-match'] = $allowed_pages;
-
- return $allowed_pages;
-}
-
-function userHasPrivilege($userent, $privid = false) {
-
- if (!$privid || !is_array($userent))
- return false;
-
- $privs = get_user_privileges($userent);
-
- if (!is_array($privs))
- return false;
-
- if (!in_array($privid, $privs))
- return false;
-
- return true;
-}
-
-?>
+<?php
+/* $Id$ */
+/*
+ Copyright (C) 2008 Shrew Soft Inc
+ All rights reserved.
+
+ Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>
+ All rights reserved.
+
+ Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
+ All rights reserved.
+
+ Copyright (C) 2006 Paul Taylor <paultaylor@winn-dixie.com>.
+ All rights reserved.
+
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+ DISABLE_PHP_LINT_CHECKING
+*/
+
+require_once("priv.defs.inc");
+require_once("auth.inc");
+
+/*
+ * USER PRIVILEGE DEFINITIONS
+ */
+
+$priv_list['user-shell-access'] = array();
+$priv_list['user-shell-access']['name'] = "User - Shell account access";
+$priv_list['user-shell-access']['descr'] = "Indicates whether the user is able to login for ".
+ "example via SSH.";
+
+$priv_list['user-copy-files'] = array();
+$priv_list['user-copy-files']['name'] = "User - Copy files";
+$priv_list['user-copy-files']['descr'] = "Indicates whether the user is allowed to copy files ".
+ "onto the {$g['product_name']} appliance via SCP/SFTP. ".
+ "If you are going to use this privilege, you must install ".
+ "scponly on the appliance (Hint: pkg_add -r scponly).";
+
+sort_privs($priv_list);
+
+function cmp_privkeys($a, $b) {
+ /* user privs at the top */
+ $auser = strncmp("user-", $a, 5);
+ $buser = strncmp("user-", $b, 5);
+ if($auser != $buser)
+ return $auser - buser;
+
+ /* name compare others */
+ return strcasecmp($a, $b);
+}
+
+function sort_privs(& $privs) {
+
+ uksort($privs, "cmp_privkeys");
+}
+
+function cmp_page_matches($page, & $matches, $fullwc = true) {
+
+// $dbg_matches = implode(",", $matches);
+// log_error("debug: checking page {$page} match with {$dbg_matches}");
+
+ if (!is_array($matches))
+ return false;
+
+ /* skip any leading fwdslash */
+ $test = strpos($page, "/");
+ if ($test !== false && $test == 0)
+ $page = substr($page, 1);
+
+ /* look for a match */
+ foreach ($matches as $match) {
+
+ /* possibly ignore full wildcard match */
+ if (!$fullwc && !strcmp($match ,"*"))
+ continue;
+
+ /* compare exact or wildcard match */
+ $wcpos = strpos($match, "*");
+ if ($wcpos === false)
+ $result = strcmp($page, $match);
+ else
+ $result = strncmp($page, $match, $wcpos);
+
+ if (!$result)
+ return true;
+ }
+
+ return false;
+}
+
+function map_page_privname($page) {
+ global $priv_list;
+
+ foreach ($priv_list as $pname => $pdata) {
+ if (strncmp($pname, "page-", 5))
+ continue;
+ $fullwc = false;
+ if (!strcasecmp($page,"any")||!strcmp($page,"*"))
+ $fullwc = true;
+ if (cmp_page_matches($page, $pdata['match'], $fullwc))
+ return $pname;
+ }
+
+ return false;
+}
+
+function get_user_privdesc(& $user) {
+ global $priv_list;
+
+ $privs = array();
+
+ $user_privs = $user['priv'];
+ if (!is_array($user_privs))
+ $user_privs = array();
+
+ $names = local_user_get_groups($user, true);
+
+ foreach ($names as $name) {
+ $group = getGroupEntry($name);
+ $group_privs = $group['priv'];
+ if (!is_array($group_privs))
+ continue;
+ foreach ($group_privs as $pname) {
+ if (in_array($pname,$user_privs))
+ continue;
+ if (!$priv_list[$pname])
+ continue;
+ $priv = $priv_list[$pname];
+ $priv['group'] = $group['name'];
+ $privs[] = $priv;
+ }
+ }
+
+ foreach ($user_privs as $pname)
+ if($priv_list[$pname])
+ $privs[] = $priv_list[$pname];
+
+ return $privs;
+}
+
+function isAllowedPage($page) {
+ global $_SESSION;
+
+ $username = $_SESSION['Username'];
+ if (!isset($username))
+ return false;
+
+ /* admin/root access check */
+ $user = getUserEntry($username);
+ if (isset($user))
+ if (isset($user['uid']))
+ if ($user['uid']==0)
+ return true;
+
+ /* user privelege access check */
+ if (cmp_page_matches($page, $_SESSION['page-match']))
+ return true;
+
+ return false;
+}
+
+function getPrivPages(& $entry, & $allowed_pages) {
+ global $priv_list;
+
+ if (!is_array($entry['priv']))
+ return;
+
+ foreach ($entry['priv'] as $pname) {
+ if (strncmp($pname, "page-", 5))
+ continue;
+ $priv = &$priv_list[$pname];
+ if (!is_array($priv))
+ continue;
+ $matches = &$priv['match'];
+ if (!is_array($matches))
+ continue;
+ foreach ($matches as $match)
+ $allowed_pages[] = $match;
+ }
+}
+
+function getAllowedPages($username) {
+ global $config, $_SESSION;
+
+ if (!function_exists("ldap_connect"))
+ return;
+
+ $allowed_pages = array();
+ $allowed_groups = array();
+
+ $ldapon = $_SESSION['ldapon'];
+
+ // search for a local user by name
+ $local_user = getUserEntry($username);
+
+ // obtain local groups if we have a local user
+ if ($local_user) {
+ $allowed_groups = local_user_get_groups($local_user);
+ getPrivPages($local_user, $allowed_pages);
+ }
+
+ // obtain ldap groups if we are in ldap mode
+ if ($config['system']['webgui']['backend'] == "ldap" && !$local_user)
+ $allowed_groups = ldap_get_groups($username);
+
+ // obtain ldapother groups if we are in ldap mode
+ if ($config['system']['webgui']['backend'] == "ldapother" && !$local_user)
+ $allowed_groups = ldap_get_groups($username);
+
+ // build a list of allowed pages
+ if (is_array($config['system']['group']) && is_array($allowed_groups))
+ foreach ($config['system']['group'] as $group)
+ if (in_array($group['name'], $allowed_groups))
+ getPrivPages($group, $allowed_pages);
+
+// $dbg_pages = implode(",", $allowed_pages);
+// $dbg_groups = implode(",", $allowed_groups);
+// log_error("debug: user {$username} groups = {$dbg_groups}");
+// log_error("debug: user {$username} pages = {$dbg_pages}");
+
+ $_SESSION['page-match'] = $allowed_pages;
+
+ return $allowed_pages;
+}
+
+?>
diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc
index 1160f40..9feda59 100644
--- a/etc/inc/rrd.inc
+++ b/etc/inc/rrd.inc
@@ -28,10 +28,7 @@
*/
/* include all configuration functions */
-require_once("functions.inc");
-require_once("pkg-utils.inc");
-require_once("notices.inc");
-require_once("globals.inc");
+require_once("config.inc");
function dump_rrd_to_xml($rrddatabase, $xmldumpfile) {
$rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool";
diff --git a/etc/inc/util.inc b/etc/inc/util.inc
index 8cecbd0..cc785f0 100644
--- a/etc/inc/util.inc
+++ b/etc/inc/util.inc
@@ -975,4 +975,17 @@ function carp_sync_client() {
touch($g['tmp_path'] . "/filter_sync");
}
+/****f* util/isAjax
+ * NAME
+ * isAjax - reports if the request is driven from prototype
+ * INPUTS
+ * none
+ * RESULT
+ * true/false
+ ******/
+function isAjax() {
+ return isset ($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest';
+}
+
+
?>
diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc
index b60614f..f80c375 100755
--- a/usr/local/www/guiconfig.inc
+++ b/usr/local/www/guiconfig.inc
@@ -1103,25 +1103,318 @@ function echo_array($array,$return_me=false){
}
}
+/****f* pfsense-utils/display_top_tabs
+ * NAME
+ * display_top_tabs - display tabs with rounded edges
+ * INPUTS
+ * $text - array of tabs
+ * RESULT
+ * null
+ ******/
+function display_top_tabs(& $tab_array) {
+ global $HTTP_SERVER_VARS;
+ global $config;
+ global $g;
+
+ /* does the user have access to this tab?
+ * master user has access to everything.
+ * if the user does not have access, simply
+ * unset the tab item.
+ */
+
+ $tab_temp = array ();
+ foreach ($tab_array as $ta)
+ if(isAllowedPage($ta[2]))
+ $tab_temp[] = $ta;
+ /*
+ // FIXME : if the checks are not good enough
+ // in isAllowedPage, it needs to be
+ // fixed instead of kludging here
+
+ // TODO: humm what shall we do with pkg_edit.php and pkg.php?
+ if ((strpos($link, "pkg.php")) !== false || (strpos($link, "pkg_edit.php")) !== false) {
+ $pos_equal = strpos($link, "=");
+ $pos_xmlsuffix = strpos($link, ".xml");
+ // do we match an absolute url including ?xml= foo
+ if(!isAllowedPage($link, $allowed))
+ $link = substr($link, $pos_equal +1, ($pos_xmlsuffix - $pos_equal +3));
+ }
+ // next check - what if the basename contains a query string?
+ if ((strpos($link, "?")) !== false) {
+ $pos_qmark = strpos($link, "?");
+ $link = substr($link, 0, $pos_qmark);
+ }
+ $authorized_text = print_r($allowed, true);
+ if(is_array($authorized))
+ if (in_array(basename($link), $authorized))
+ */
+
+ unset ($tab_array);
+ $tab_array = & $tab_temp;
+
+ $tab_active_bg = "#EEEEEE";
+ $tab_inactive_bg = "#777777";
+ $nifty_tabs_corners = "#FFF";
+ $font_color = "white";
+
+ /* if tabcontrols.php exist for a theme, allow it to be overriden */
+ $themename = $config['theme'];
+ $filename = "/usr/local/www/themes/{$themename}/tabcontrols.php";
+ if(file_exists($filename)) {
+ $eval_code = file_get_contents($filename);
+ eval($eval_code);
+ }
+
+ $tabcharcount = 0;
+ foreach ($tab_array as $ta)
+ $tabcharcount = $tabcharcount + strlen($ta[0]);
+
+ // If the character count of the tab names is > 670
+ // then show a select item dropdown menubox.
+ if($tabcharcount > 82) {
+ echo "Currently viewing: ";
+ echo "<select name='TabSelect'>\n";
+ foreach ($tab_array as $ta) {
+ if($ta[1]=="true")
+ $selected = " SELECTED";
+ else
+ $selected = "";
+ echo "<option onClick=\"document.location='{$ta[2]}';\"{$selected}>{$ta['0']}</option>\n";
+ }
+ echo "</select>\n<p/>";
+ } else {
+ echo "<table cellpadding='0' cellspacing='0'>\n";
+ echo " <tr>\n";
+ $tabscounter = 0;
+ foreach ($tab_array as $ta) {
+ if ($ta[1] == true) {
+ echo " <td bgcolor='{$tab_active_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"><div id='tabactive'></div></td>\n";
+ } else {
+ echo " <td bgcolor='{$tab_inactive_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"><div id='tabdeactive{$tabscounter}'></div></td>\n";
+ }
+ $tabscounter++;
+ }
+ echo "</tr>\n<tr>\n";
+ foreach ($tab_array as $ta) {
+ if ($ta[1] == true) {
+ echo " <td height=\"15\" valign=\"middle\" bgcolor='{$tab_active_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"><B>&nbsp;&nbsp;&nbsp;{$ta[0]}";
+ echo "&nbsp;&nbsp;&nbsp;";
+ echo "<font size='-12'>&nbsp;</font></B></td>\n";
+ } else {
+ echo " <td height=\"15\" valign=\"middle\" bgcolor='{$tab_inactive_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"><B>&nbsp;&nbsp;&nbsp;<a href='{$ta[
+2]}'>";
+ echo "<font color='{$font_color}'>{$ta[0]}</font></a>&nbsp;&nbsp;&nbsp;";
+ echo "<font size='-12'>&nbsp;</font></B></td>\n";
+ }
+ }
+ echo "</tr>\n<tr>\n";
+ foreach ($tab_array as $ta) {
+ if ($ta[1] == true) {
+ echo " <td bgcolor='{$tab_active_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"></td>\n";
+ } else {
+ echo " <td bgcolor='{$tab_inactive_bg}' onClick=\"document.location='{$ta[2]}'\" style=\"cursor: pointer;\"></td>\n";
+ }
+ $tabscounter++;
+ }
+ echo " </tr>\n";
+ echo "</table>\n";
+ echo "<script type=\"text/javascript\">";
+ echo "NiftyCheck();\n";
+ echo "Rounded(\"div#tabactive\",\"top\",\"{$nifty_tabs_corners}\",\"{$tab_active_bg}\",\"smooth\");\n";
+ for ($x = 0; $x < $tabscounter; $x++)
+ echo "Rounded(\"div#tabdeactive{$x}\",\"top\",\"{$nifty_tabs_corners}\",\"{$tab_inactive_bg}\",\"smooth\");\n";
+ echo "</script>";
+ }
+}
+
function add_package_tabs($tabgroup, & $tab_array) {
- global $config, $g;
+ global $config, $g;
- if(!is_array($config['installedpackages']))
- return;
- if(!is_array($config['installedpackages']['tab']))
- return;
+ if(!is_array($config['installedpackages']))
+ return;
+ if(!is_array($config['installedpackages']['tab']))
+ return;
- foreach($config['installedpackages']['tab'] as $tab) {
- if ($tab['group'] !== $group)
- continue;
- $tab_entry = array();
- if($tab['name']) {
- $tab_entry[] = $tab['name'];
- $tab_entry[] = false;
- $tab_entry[] = $tab['url'];
- $tab_array[] = $tab_entry;
- }
- }
+ foreach($config['installedpackages']['tab'] as $tab) {
+ if ($tab['group'] !== $group)
+ continue;
+ $tab_entry = array();
+ if($tab['name']) {
+ $tab_entry[] = $tab['name'];
+ $tab_entry[] = false;
+ $tab_entry[] = $tab['url'];
+ $tab_array[] = $tab_entry;
+ }
+ }
+}
+
+/*
+ * update_output_window: update bottom textarea dynamically.
+ */
+function update_output_window($text) {
+ global $pkg_interface;
+ $log = ereg_replace("\n", "\\n", $text);
+ if($pkg_interface == "console") {
+ /* too chatty */
+ } else {
+ echo "\n<script language=\"JavaScript\">this.document.forms[0].output.value = \"" . $log . "\";</script>";
+ }
+ /* ensure that contents are written out */
+ ob_flush();
+}
+
+/*
+ * update_output_window: update top textarea dynamically.
+ */
+function update_status($status) {
+ global $pkg_interface;
+ if($pkg_interface == "console") {
+ echo $status . "\n";
+ } else {
+ echo "\n<script type=\"text/javascript\">this.document.forms[0].status.value=\"" . $status . "\";</script>";
+ }
+ /* ensure that contents are written out */
+ ob_flush();
+}
+
+/*
+ * update_progress_bar($percent): updates the javascript driven progress bar.
+ */
+function update_progress_bar($percent) {
+ global $pkg_interface;
+ if($percent > 100) $percent = 1;
+ if($pkg_interface <> "console") {
+ echo "\n<script type=\"text/javascript\" language=\"javascript\">";
+ echo "\ndocument.progressbar.style.width='" . $percent . "%';";
+ echo "\n</script>";
+ } else {
+ echo " {$percent}%";
+ }
+}
+
+function read_header($ch, $string) {
+ global $file_size, $fout;
+ $length = strlen($string);
+ $regs = "";
+ ereg("(Content-Length:) (.*)", $string, $regs);
+ if($regs[2] <> "") {
+ $file_size = intval($regs[2]);
+ }
+ ob_flush();
+ return $length;
+}
+
+function read_body($ch, $string) {
+ global $fout, $file_size, $downloaded, $sendto, $static_status, $static_output, $lastseen;
+ $length = strlen($string);
+ $downloaded += intval($length);
+ $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0);
+ $downloadProgress = 100 - $downloadProgress;
+ if($lastseen <> $downloadProgress and $downloadProgress < 101) {
+ if($sendto == "status") {
+ $tostatus = $static_status . $downloadProgress . "%";
+ update_status($tostatus);
+ } else {
+ $tooutput = $static_output . $downloadProgress . "%";
+ update_output_window($tooutput);
+ }
+ update_progress_bar($downloadProgress);
+ $lastseen = $downloadProgress;
+ }
+ if($fout)
+ fwrite($fout, $string);
+ ob_flush();
+ return $length;
+}
+
+function rule_popup($src,$srcport,$dst,$dstport){
+ global $config;
+ $aliases_array = array();
+ if($config['aliases']['alias'] <> "" and is_array($config['aliases']['alias']))
+ {
+ $span_begin = "";
+ $alias_src_span_begin = "";
+ $alias_src_span_end = "";
+ $alias_src_port_span_begin = "";
+ $alias_src_port_span_end = "";
+ $alias_dst_span_begin = "";
+ $alias_dst_span_end = "";
+ $alias_dst_port_span_begin = "";
+ $alias_dst_port_span_end = "";
+ $alias_content_text = "";
+ foreach($config['aliases']['alias'] as $alias_name)
+ {
+ $alias_addresses = explode (" ", $alias_name['address']);
+ $alias_details = explode ("||", $alias_name['detail']);
+ $alias_objects_with_details = "";
+ $counter = 0;
+ foreach($alias_addresses as $alias_ports_address)
+ {
+ $alias_objects_with_details .= $alias_addresses[$counter];
+ $alias_detail_default = strpos ($alias_details[$counter],"Entry added");
+ if ($alias_details[$counter] != "" && $alias_detail_default === False){
+ $alias_objects_with_details .=" - " . $alias_details[$counter];
+ }
+ $alias_objects_with_details .= "<br>";
+ $counter++;
+ }
+ //max character length for caption field
+ $maxlength = 60;
+
+ $alias_descr_substr = $alias_name['descr'];
+ $alias_content_text = htmlspecialchars($alias_objects_with_details);
+ $alias_caption = htmlspecialchars($alias_descr_substr . ":");
+ $strlength = strlen ($alias_caption);
+ if ($strlength >= $maxlength)
+ $alias_caption = substr($alias_caption, 0, $maxlength) . "...";
+
+ $span_begin = "<span style=\"cursor: help;\" onmouseover=\"domTT_activate(this, event, 'content', '<h1>$alias_caption</h1><p>$alias_content_text</p>', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\"><U>";
+
+ if ($alias_name['name'] == $src)
+ $alias_src_span_begin = $span_begin;
+ if ($alias_name['name'] == $srcport)
+ $alias_src_port_span_begin = $span_begin;
+ if ($alias_name['name'] == $dst)
+ $alias_dst_span_begin = $span_begin;
+ if ($alias_name['name'] == $dstport)
+ $alias_dst_port_span_begin = $span_begin;
+ }
+ $descriptions = array ();
+ $descriptions['src'] = $alias_src_span_begin;
+ $descriptions['srcport'] = $alias_src_port_span_begin;
+ $descriptions['dst'] = $alias_dst_span_begin;
+ $descriptions['dstport'] = $alias_dst_port_span_begin;
+
+ return $descriptions;
+ }
+}
+
+function download_file_with_progress_bar($url_file, $destination_file, $readbody = 'read_body') {
+ global $ch, $fout, $file_size, $downloaded;
+ $file_size = 1;
+ $downloaded = 1;
+ /* open destination file */
+ $fout = fopen($destination_file, "wb");
+
+ /*
+ * Originally by Author: Keyvan Minoukadeh
+ * Modified by Scott Ullrich to return Content-Length size
+ */
+
+ $ch = curl_init();
+ curl_setopt($ch, CURLOPT_URL, $url_file);
+ curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header');
+ curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody);
+ curl_setopt($ch, CURLOPT_NOPROGRESS, '1');
+ curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5');
+ curl_setopt($ch, CURLOPT_TIMEOUT, 0);
+
+ curl_exec($ch);
+ $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+ if($fout)
+ fclose($fout);
+ curl_close($ch);
+ return ($http_code == 200) ? true : $http_code;
}
?>
diff --git a/usr/local/www/vpn_l2tp_users_edit.php b/usr/local/www/vpn_l2tp_users_edit.php
index 98d2dc7..4cf816b 100644
--- a/usr/local/www/vpn_l2tp_users_edit.php
+++ b/usr/local/www/vpn_l2tp_users_edit.php
@@ -127,7 +127,6 @@ include("head.inc");
<?php if ($input_errors) print_input_errors($input_errors); ?>
<div id="inputerrors"></div>
<form action="vpn_l2tp_users_edit.php" method="post" name="iform" id="iform">
- <?display_topbar()?>
<div id="mainarea">
<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
<tr>
OpenPOWER on IntegriCloud