* Move functions that output html to guiconfig.inc

* Remove some recursive dependency on some includes * Remove ^M or \r from files * Remove some entries from functions.inc to avoid including them twice * Remove some unneccessary includes from some files NOTE: There is some more work to be done for pkg-utils.inc to be removed from backend as a dependency.
author: Ermal Luci <eri@pfsense.org> 2009-06-18 12:40:11 +0000
committer: Ermal Luci <eri@pfsense.org> 2009-06-18 12:40:11 +0000
commit: 6dc88d5352ea963d85708379405e238e0518e990 (patch)
tree: e51eb1a505ff148a495c642c9b6ed225476a58ce /etc/inc/priv.inc
parent: 4b9980ecfff36202b6ea8dbf7d41e44f78ba52f3 (diff)
download: pfsense-6dc88d5352ea963d85708379405e238e0518e990.zip
pfsense-6dc88d5352ea963d85708379405e238e0518e990.tar.gz
1 files changed, 249 insertions, 282 deletions
diff --git a/etc/inc/priv.inc b/etc/inc/priv.inc
index 824ea7b..9b6c97c 100644
--- a/etc/inc/priv.inc
+++ b/etc/inc/priv.inc
@@ -1,282 +1,249 @@
-<?php
-/* $Id$ */
-/*
-		Copyright (C) 2008 Shrew Soft Inc
-		All rights reserved.
-
-		Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>
-		All rights reserved.
-
-        Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
-        All rights reserved.
-
-        Copyright (C) 2006 Paul Taylor <paultaylor@winn-dixie.com>.
-        All rights reserved.
-
-        Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
-        All rights reserved.
-
-        Redistribution and use in source and binary forms, with or without
-        modification, are permitted provided that the following conditions are met:
-
-        1. Redistributions of source code must retain the above copyright notice,
-           this list of conditions and the following disclaimer.
-
-        2. Redistributions in binary form must reproduce the above copyright
-           notice, this list of conditions and the following disclaimer in the
-           documentation and/or other materials provided with the distribution.
-
-        THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-        INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-        AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-        AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
-        OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-        SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-        INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-        CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-        ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-        POSSIBILITY OF SUCH DAMAGE.
-
-		DISABLE_PHP_LINT_CHECKING
-*/
-
-require_once("functions.inc");
-require_once("priv.defs.inc");
-
-/*
- * USER PRIVILEGE DEFINITIONS
- */
-
-$priv_list['user-shell-access'] = array();
-$priv_list['user-shell-access']['name']  = "User - Shell account access";
-$priv_list['user-shell-access']['descr'] = "Indicates whether the user is able to login for ".
-										   "example via SSH.";
-
-$priv_list['user-copy-files'] = array();
-$priv_list['user-copy-files']['name']  = "User - Copy files";
-$priv_list['user-copy-files']['descr'] = "Indicates whether the user is allowed to copy files ".
-										 "onto the {$g['product_name']} appliance via SCP/SFTP. ".
-										 "If you are going to use this privilege, you must install ".
-										 "scponly on the appliance (Hint: pkg_add -r scponly).";
-
-sort_privs($priv_list);
-
-function cmp_privkeys($a, $b) {
-	/* user privs at the top */
-	$auser = strncmp("user-", $a, 5);
-	$buser = strncmp("user-", $b, 5);
-	if($auser != $buser)
-		return $auser - buser;
-
-	/* name compare others */
-	return strcasecmp($a, $b);
-}
-
-function sort_privs(& $privs) {
-
-	uksort($privs, "cmp_privkeys");
-}
-
-function cmp_page_matches($page, & $matches, $fullwc = true) {
-
-//	$dbg_matches = implode(",", $matches);
-//	log_error("debug: checking page {$page} match with {$dbg_matches}");
-
-	if (!is_array($matches))
-		return false;
-
-	/* skip any leading fwdslash */
-	$test = strpos($page, "/");
-	if ($test !== false && $test == 0)
-		$page = substr($page, 1);
-
-	/* look for a match */
-	foreach ($matches as $match) {
-
-		/* possibly ignore full wildcard match */
-		if (!$fullwc && !strcmp($match ,"*"))
-			continue;
-
-		/* compare exact or wildcard match */
-		$wcpos = strpos($match, "*");
-		if ($wcpos === false)
-			$result = strcmp($page, $match);
-		else
-			$result = strncmp($page, $match, $wcpos);
-
-		if (!$result)
-			return true;
-	}
-
-	return false;
-}
-
-function map_page_privname($page) {
-	global $priv_list;
-
-	foreach ($priv_list as $pname => $pdata) {
-		if (strncmp($pname, "page-", 5))
-			continue;
-		$fullwc = false;
-		if (!strcasecmp($page,"any")||!strcmp($page,"*"))
-			$fullwc = true;
-		if (cmp_page_matches($page, $pdata['match'], $fullwc))
-			return $pname;
-	}
-
-	return false;
-}
-
-function get_user_privileges(& $user) {
-
-	$privs = $user['priv'];
-	if (!is_array($privs))
-		$privs = array();
-
-	$names = local_user_get_groups($user, true);
-
-	foreach ($names as $name) {
-		$group = getGroupEntry($name);
-		if (is_array($group['priv']))
-			$privs = array_merge( $privs, $group['priv']);
-	}
-
-	return $privs;
-}
-
-function get_user_privdesc(& $user) {
-	global $priv_list;
-
-	$privs = array();
-
-	$user_privs = $user['priv'];
-	if (!is_array($user_privs))
-		$user_privs = array();
-
-	$names = local_user_get_groups($user, true);
-
-	foreach ($names as $name) {
-		$group = getGroupEntry($name);
-		$group_privs = $group['priv'];
-		if (!is_array($group_privs))
-			continue;
-		foreach ($group_privs as $pname) {
-			if (in_array($pname,$user_privs))
-				continue;
-			if (!$priv_list[$pname])
-				continue;
-			$priv = $priv_list[$pname];
-			$priv['group'] = $group['name'];
-			$privs[] = $priv;
-		}
-	}
-
-	foreach ($user_privs as $pname)
-		if($priv_list[$pname])
-			$privs[] = $priv_list[$pname];
-
-	return $privs;
-}
-
-function isAllowedPage($page) {
-	global $_SESSION;
-
-	$username = $_SESSION['Username'];
-	if (!isset($username))
-		return false;
-
-	/* admin/root access check */
-	$user = getUserEntry($username);
-	if (isset($user))
-		if (isset($user['uid']))
-			if ($user['uid']==0)
-				return true;
-
-	/* user privelege access check */
-	if (cmp_page_matches($page, $_SESSION['page-match']))
-		return true;
-
-	return false;
-}
-
-function getPrivPages(& $entry, & $allowed_pages) {
-	global $priv_list;
-
-	if (!is_array($entry['priv']))
-		return;
-
-	foreach ($entry['priv'] as $pname) {
-		if (strncmp($pname, "page-", 5))
-			continue;
-		$priv = &$priv_list[$pname];
-		if (!is_array($priv))
-			continue;
-		$matches = &$priv['match'];
-		if (!is_array($matches))
-			continue;
-		foreach ($matches as $match)
-			$allowed_pages[] = $match;
-	}
-}
-
-function getAllowedPages($username) {
-	global $config, $_SESSION;
-
-	if (!function_exists("ldap_connect"))
-		return;
-	
-	$allowed_pages = array();
-	$allowed_groups = array();
-	
-	$ldapon = $_SESSION['ldapon'];
-
-	// search for a local user by name
-	$local_user = getUserEntry($username);
-
-	// obtain local groups if we have a local user
-	if ($local_user) {
-		$allowed_groups = local_user_get_groups($local_user);
-		getPrivPages($local_user, $allowed_pages);
-	}
-
-	// obtain ldap groups if we are in ldap mode
-	if ($config['system']['webgui']['backend'] == "ldap" && !$local_user)
-		$allowed_groups = ldap_get_groups($username);
-
-	// obtain ldapother groups if we are in ldap mode
-	if ($config['system']['webgui']['backend'] == "ldapother" && !$local_user)
-		$allowed_groups = ldap_get_groups($username);
-
-	// build a list of allowed pages
-	if (is_array($config['system']['group']) && is_array($allowed_groups))
-		foreach ($config['system']['group'] as $group)
-			if (in_array($group['name'], $allowed_groups))
-				getPrivPages($group, $allowed_pages);
-
-//	$dbg_pages = implode(",", $allowed_pages);
-//	$dbg_groups = implode(",", $allowed_groups);
-//	log_error("debug: user {$username} groups = {$dbg_groups}");
-//	log_error("debug: user {$username} pages = {$dbg_pages}");
-
-	$_SESSION['page-match'] = $allowed_pages;
-
-	return $allowed_pages;
-}
-
-function userHasPrivilege($userent, $privid = false) {
-
-	if (!$privid || !is_array($userent))
-		return false;
-
-	$privs = get_user_privileges($userent);
-
-	if (!is_array($privs))
-		return false;
-
-	if (!in_array($privid, $privs))
-		return false;
-
-	return true;
-}
-
-?>
+<?php
+/* $Id$ */
+/*
+		Copyright (C) 2008 Shrew Soft Inc
+		All rights reserved.
+
+		Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>
+		All rights reserved.
+
+        Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
+        All rights reserved.
+
+        Copyright (C) 2006 Paul Taylor <paultaylor@winn-dixie.com>.
+        All rights reserved.
+
+        Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+        All rights reserved.
+
+        Redistribution and use in source and binary forms, with or without
+        modification, are permitted provided that the following conditions are met:
+
+        1. Redistributions of source code must retain the above copyright notice,
+           this list of conditions and the following disclaimer.
+
+        2. Redistributions in binary form must reproduce the above copyright
+           notice, this list of conditions and the following disclaimer in the
+           documentation and/or other materials provided with the distribution.
+
+        THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+        INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+        AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+        AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+        OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+        SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+        INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+        CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+        ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+        POSSIBILITY OF SUCH DAMAGE.
+
+		DISABLE_PHP_LINT_CHECKING
+*/
+
+require_once("priv.defs.inc");
+require_once("auth.inc");
+
+/*
+ * USER PRIVILEGE DEFINITIONS
+ */
+
+$priv_list['user-shell-access'] = array();
+$priv_list['user-shell-access']['name']  = "User - Shell account access";
+$priv_list['user-shell-access']['descr'] = "Indicates whether the user is able to login for ".
+										   "example via SSH.";
+
+$priv_list['user-copy-files'] = array();
+$priv_list['user-copy-files']['name']  = "User - Copy files";
+$priv_list['user-copy-files']['descr'] = "Indicates whether the user is allowed to copy files ".
+										 "onto the {$g['product_name']} appliance via SCP/SFTP. ".
+										 "If you are going to use this privilege, you must install ".
+										 "scponly on the appliance (Hint: pkg_add -r scponly).";
+
+sort_privs($priv_list);
+
+function cmp_privkeys($a, $b) {
+	/* user privs at the top */
+	$auser = strncmp("user-", $a, 5);
+	$buser = strncmp("user-", $b, 5);
+	if($auser != $buser)
+		return $auser - buser;
+
+	/* name compare others */
+	return strcasecmp($a, $b);
+}
+
+function sort_privs(& $privs) {
+
+	uksort($privs, "cmp_privkeys");
+}
+
+function cmp_page_matches($page, & $matches, $fullwc = true) {
+
+//	$dbg_matches = implode(",", $matches);
+//	log_error("debug: checking page {$page} match with {$dbg_matches}");
+
+	if (!is_array($matches))
+		return false;
+
+	/* skip any leading fwdslash */
+	$test = strpos($page, "/");
+	if ($test !== false && $test == 0)
+		$page = substr($page, 1);
+
+	/* look for a match */
+	foreach ($matches as $match) {
+
+		/* possibly ignore full wildcard match */
+		if (!$fullwc && !strcmp($match ,"*"))
+			continue;
+
+		/* compare exact or wildcard match */
+		$wcpos = strpos($match, "*");
+		if ($wcpos === false)
+			$result = strcmp($page, $match);
+		else
+			$result = strncmp($page, $match, $wcpos);
+
+		if (!$result)
+			return true;
+	}
+
+	return false;
+}
+
+function map_page_privname($page) {
+	global $priv_list;
+
+	foreach ($priv_list as $pname => $pdata) {
+		if (strncmp($pname, "page-", 5))
+			continue;
+		$fullwc = false;
+		if (!strcasecmp($page,"any")||!strcmp($page,"*"))
+			$fullwc = true;
+		if (cmp_page_matches($page, $pdata['match'], $fullwc))
+			return $pname;
+	}
+
+	return false;
+}
+
+function get_user_privdesc(& $user) {
+	global $priv_list;
+
+	$privs = array();
+
+	$user_privs = $user['priv'];
+	if (!is_array($user_privs))
+		$user_privs = array();
+
+	$names = local_user_get_groups($user, true);
+
+	foreach ($names as $name) {
+		$group = getGroupEntry($name);
+		$group_privs = $group['priv'];
+		if (!is_array($group_privs))
+			continue;
+		foreach ($group_privs as $pname) {
+			if (in_array($pname,$user_privs))
+				continue;
+			if (!$priv_list[$pname])
+				continue;
+			$priv = $priv_list[$pname];
+			$priv['group'] = $group['name'];
+			$privs[] = $priv;
+		}
+	}
+
+	foreach ($user_privs as $pname)
+		if($priv_list[$pname])
+			$privs[] = $priv_list[$pname];
+
+	return $privs;
+}
+
+function isAllowedPage($page) {
+	global $_SESSION;
+
+	$username = $_SESSION['Username'];
+	if (!isset($username))
+		return false;
+
+	/* admin/root access check */
+	$user = getUserEntry($username);
+	if (isset($user))
+		if (isset($user['uid']))
+			if ($user['uid']==0)
+				return true;
+
+	/* user privelege access check */
+	if (cmp_page_matches($page, $_SESSION['page-match']))
+		return true;
+
+	return false;
+}
+
+function getPrivPages(& $entry, & $allowed_pages) {
+	global $priv_list;
+
+	if (!is_array($entry['priv']))
+		return;
+
+	foreach ($entry['priv'] as $pname) {
+		if (strncmp($pname, "page-", 5))
+			continue;
+		$priv = &$priv_list[$pname];
+		if (!is_array($priv))
+			continue;
+		$matches = &$priv['match'];
+		if (!is_array($matches))
+			continue;
+		foreach ($matches as $match)
+			$allowed_pages[] = $match;
+	}
+}
+
+function getAllowedPages($username) {
+	global $config, $_SESSION;
+
+	if (!function_exists("ldap_connect"))
+		return;
+	
+	$allowed_pages = array();
+	$allowed_groups = array();
+	
+	$ldapon = $_SESSION['ldapon'];
+
+	// search for a local user by name
+	$local_user = getUserEntry($username);
+
+	// obtain local groups if we have a local user
+	if ($local_user) {
+		$allowed_groups = local_user_get_groups($local_user);
+		getPrivPages($local_user, $allowed_pages);
+	}
+
+	// obtain ldap groups if we are in ldap mode
+	if ($config['system']['webgui']['backend'] == "ldap" && !$local_user)
+		$allowed_groups = ldap_get_groups($username);
+
+	// obtain ldapother groups if we are in ldap mode
+	if ($config['system']['webgui']['backend'] == "ldapother" && !$local_user)
+		$allowed_groups = ldap_get_groups($username);
+
+	// build a list of allowed pages
+	if (is_array($config['system']['group']) && is_array($allowed_groups))
+		foreach ($config['system']['group'] as $group)
+			if (in_array($group['name'], $allowed_groups))
+				getPrivPages($group, $allowed_pages);
+
+//	$dbg_pages = implode(",", $allowed_pages);
+//	$dbg_groups = implode(",", $allowed_groups);
+//	log_error("debug: user {$username} groups = {$dbg_groups}");
+//	log_error("debug: user {$username} pages = {$dbg_pages}");
+
+	$_SESSION['page-match'] = $allowed_pages;
+
+	return $allowed_pages;
+}
+
+?>
author	Ermal Luci <eri@pfsense.org>	2009-06-18 12:40:11 +0000
committer	Ermal Luci <eri@pfsense.org>	2009-06-18 12:40:11 +0000
commit	6dc88d5352ea963d85708379405e238e0518e990 (patch)
tree	e51eb1a505ff148a495c642c9b6ed225476a58ce /etc/inc/priv.inc
parent	4b9980ecfff36202b6ea8dbf7d41e44f78ba52f3 (diff)
download	pfsense-6dc88d5352ea963d85708379405e238e0518e990.zip pfsense-6dc88d5352ea963d85708379405e238e0518e990.tar.gz