diff options
| author | Matthew Grooms <mgrooms@pfsense.org> | 2008-08-01 06:30:34 +0000 |
|---|---|---|
| committer | Matthew Grooms <mgrooms@pfsense.org> | 2008-08-01 06:30:34 +0000 |
| commit | 6b07c15ad870f24e783a23c4a64fbb73958543ad (patch) | |
| tree | 4fdff8bc51d8a4bb299a487d41c6e5c4b2f3e0fd /usr/local/www/system_groupmanager.php | |
| parent | c9030aec2206b2612f32eaa79ddbedcb282b639a (diff) | |
| download | pfsense-6b07c15ad870f24e783a23c4a64fbb73958543ad.zip pfsense-6b07c15ad870f24e783a23c4a64fbb73958543ad.tar.gz | |
Rewrite the pfsense privilege system with the following goals in mind ...
1) Redefine page privileges to not use static urls
2) Accurate generation of privilege definitions from source
3) Merging the user and group privileges into a single set
4) Allow any privilege to be added to users or groups w/ inheritance
5) Cleaning up the related WebUI pages
Diffstat (limited to 'usr/local/www/system_groupmanager.php')
| -rw-r--r-- | usr/local/www/system_groupmanager.php | 472 |
1 files changed, 236 insertions, 236 deletions
diff --git a/usr/local/www/system_groupmanager.php b/usr/local/www/system_groupmanager.php index 48f3a7b..e79a77f 100644 --- a/usr/local/www/system_groupmanager.php +++ b/usr/local/www/system_groupmanager.php @@ -3,6 +3,9 @@ $Id: system_groupmanager.php part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2008 Shrew Soft Inc. + All rights reserved. + Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>. All rights reserved. @@ -31,202 +34,76 @@ POSSIBILITY OF SUCH DAMAGE. */ -require("guiconfig.inc"); +##|+PRIV +##|*IDENT=page-system-groupmanager +##|*NAME=System: Group manager page +##|*DESCR=Allow access to the 'System: Group manager' page. +##|*MATCH=system_groupmanager.php* +##|-PRIV -$pgtitle = array("System", "Group manager"); -// Returns an array of pages with their descriptions -function getAdminPageList() { - global $g; - global $config; - - $tmp = Array(); - - if ($dir = opendir($g['www_path'])) { - while($file = readdir($dir)) { - // Make sure the file exists - if($file != "." && $file != ".." && $file[0] != '.') { - // Is this a .php file? - if (fnmatch('*.php',$file)) { - // Read the description out of the file - $contents = file_get_contents($file); - // Looking for a line like: - // $pgtitle = array("System", "Group manager"); - $offset = strpos($contents,'$pgtitle'); - $titlepos = strpos($contents,'(',$offset); - $titleendpos = strpos($contents,')',$titlepos); - if (($offset > 0) && ($titlepos > 0) && ($titleendpos > 0)) { - // Title found, extract it - $title = str_replace(',',': ',str_replace(array('"'),'',substr($contents,++$titlepos,($titleendpos - $titlepos)))); - $tmp[$file] = trim($title); - } - else { - $tmp[$file] = ''; - } - - } - } - } +require("guiconfig.inc"); - closedir($dir); - - // Sets Interfaces:Optional page that didn't read in properly with the above method, - // and pages that don't have descriptions. - $tmp['interfaces_opt.php'] = "Interfaces: Optional"; - $tmp['graph.php'] = "Diagnostics: Interface Traffic"; - $tmp['graph_cpu.php'] = "Diagnostics: CPU Utilization"; - $tmp['exec.php'] = "Command"; - $tmp['exec_raw.php'] = "Hidden: Exec Raw"; - $tmp['status.php'] = "Hidden: Detailed Status"; - $tmp['uploadconfig.php'] = "Hidden: Upload Configuration"; - $tmp['index.php'] = "*After Login/Dashboard"; - $tmp['system_usermanager.php'] = "*User Password change portal"; - $tmp['diag_logs_settings.php'] = "Diagnostics: Logs: Settings"; - $tmp['diag_logs_vpn.php'] = "Diagnostics: Logs: PPTP VPN"; - $tmp['diag_logs_filter.php'] = "Diagnostics: Logs: Firewall"; - $tmp['diag_logs_portal.php'] = "Diagnostics: Logs: Captive Portal"; - $tmp['diag_logs_dhcp.php'] = "Diagnostics: Logs: DHCP"; - $tmp['diag_logs.php'] = "Diagnostics: Logs: System"; - - $tmp['cg2.php'] = "CoreGUI GUI Manager"; - - unset($tmp['system_groupmanager_edit.php']); - unset($tmp['firewall_rules_schedule_logic.php']); - unset($tmp['status_rrd_graph_img.php']); - unset($tmp['diag_new_states.php']); - unset($tmp['system_usermanager_edit.php']); - - $tmp['pkg.php'] = "{$g['product_name']} Package manager"; - $tmp['pkg_edit.php'] = "{$g['product_name']} Package manager edit"; - $tmp['wizard.php'] = "{$g['product_name']} wizard subsystem"; - $tmp['graphs.php'] = "Graphing subsystem"; - $tmp['headjs.php'] = "*Required for javascript"; - - $tmp['ifstats.php'] = ("*Hidden: XMLRPC Interface Stats"); - $tmp['license.php'] = ("*System: License"); - $tmp['progress.php'] = ("*Hidden: No longer included"); - $tmp['diag_logs_filter_dynamic.php'] = ("*Hidden: No longer included"); - $tmp['preload.php'] = ("*Hidden: XMLRPC Preloader"); - $tmp['xmlrpc.php'] = ("*Hidden: XMLRPC Library"); - - $tmp['functions.inc.php'] = ("Hidden: Ajax Helper 1"); - $tmp['javascript.inc.php'] = ("Hidden: Ajax Helper 2 "); - $tmp['sajax.class.php'] = ("Hidden: Ajax Helper 3"); - - /* custom pkg.php items */ - $tmp['pkg.php?xml=openvpn.xml'] = ("VPN: OpenVPN"); - $tmp['pkg_edit.php?xml=carp_settings.xml&id=0'] = ("Services: CARP Settings: Edit"); - $tmp['pkg_edit.php?xml=olsrd.xml&id=0'] = ("Services: OLSR"); - $tmp['pkg_edit.php?xml=openntpd.xml&id=0'] = ("Services: NTP Server"); - - $tmp['system_usermanager_settings_test.php'] = ("System: User Manager: Settings: Test LDAP"); - - /* unset older openvpn scripts, we have a custom version - * included in CoreGUI */ - unset($tmp['vpn_openvpn.php']); - unset($tmp['vpn_openvpn_crl.php']); - unset($tmp['vpn_openvpn_ccd.php']); - unset($tmp['vpn_openvpn_srv.php']); - unset($tmp['vpn_openvpn_cli.php']); - unset($tmp['vpn_openvpn_ccd_edit.php']); - unset($tmp['phpconfig.php']); - unset($tmp['system_usermanager_settings_ldapacpicker.php']); - - unset($tmp['progress.php']); - unset($tmp['stats.php']); - unset($tmp['phpinfo.php']); - unset($tmp['preload.php']); - - // Add appropriate descriptions for extensions, if they exist - if(file_exists("extensions.inc")){ - include("extensions.inc"); - } - - /* firewall rule view and edit entries for lan, wan, optX */ - $iflist = get_configured_interface_list(false, true); - - // Firewall Rules - foreach ($iflist as $ifent => $ifname) { - $entryname = "firewall_rules.php?if={$ifname}"; - $tmp[$entryname] = ("Firewall: Rules: " . strtoupper($ifname)); - $entryname = "firewall_rules_edit.php?if={$ifname}"; - $tmp[$entryname] = ("Firewall: Rules: Edit: " . strtoupper($ifname)); - } +$pgtitle = array("System", "Group manager"); - /* additional firewal rules tab entries */ - $entryname = "firewall_rules_edit.php?if=enc0"; - $tmp[$entryname] = "Firewall: Rules: Edit: IPsec"; +if (!is_array($config['system']['group'])) + $config['system']['group'] = array(); - $entryname = "firewall_rules_edit.php?if=pptp"; - $tmp[$entryname] = "Firewall: Rules: Edit: PPTP"; +admin_groups_sort(); +$a_group = &$config['system']['group']; - $entryname = "firewall_rules_edit.php?if=pppoe"; - $tmp[$entryname] = "Firewall: Rules: Edit: PPPoE"; +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; - // User manager - $entryname = "system_usermanager.php"; - $tmp[$entryname] = "System: Change Password"; +if ($_GET['act'] == "delgroup") { - // User manager - $entryname = "system_usermanager"; - $tmp[$entryname] = "System: User Manager"; + if (!$a_group[$_GET['id']]) { + pfSenseHeader("system_groupmanager.php"); + exit; + } - // NAT Items - foreach ($iflist as $ifent => $ifname) { - $entryname = "firewall_nat.php?if={$ifname}"; - $tmp[$entryname] = ("Firewall: NAT: Port Forward " . strtoupper($ifname)); - $entryname = "firewall_nat_edit.php?if={$ifname}"; - $tmp[$entryname] = ("Firewall: NAT: Port Forward: Edit: " . strtoupper($ifname)); - } - /* additional nat tab entries */ - $entryname = "firewall_nat_edit.php?if=enc0"; - $tmp[$entryname] = "Firewall: NAT: Port Forward: Edit: IPsec"; - - $entryname = "firewall_nat_edit.php?if=pptp"; - $tmp[$entryname] = "Firewall: NAT: Port Forward: Edit: PPTP"; - - $entryname = "firewall_nat_edit.php?if=pppoe"; - $tmp[$entryname] = "Firewall: NAT: Port Forward: Edit: PPPoE"; - - asort($tmp); - return $tmp; - } + del_local_group($a_group[$_GET['id']]); + $groupdeleted = $a_group[$_GET['id']]['name']; + unset($a_group[$_GET['id']]); + write_config(); + $savemsg = gettext("Group")." {$groupdeleted} ". + gettext("successfully deleted")."<br/>"; } -// Get a list of all admin pages & Descriptions -$pages = getAdminPageList(); +if ($_GET['act'] == "delpriv") { -if (!is_array($config['system']['group'])) { - $config['system']['group'] = array(); -} -admin_groups_sort(); -$a_group = &$config['system']['group']; + if (!$a_group[$_GET['id']]) { + pfSenseHeader("system_groupmanager.php"); + exit; + } -$id = $_GET['id']; -if (isset($_POST['id'])) - $id = $_POST['id']; - -if ($_GET['act'] == "del") { - if ($a_group[$_GET['id']]) { - del_local_group($a_group[$_GET['id']]); - unset($a_group[$_GET['id']]); - write_config(); - header("Location: system_groupmanager.php"); - exit; + $privdeleted = $priv_list[$a_group[$id]['priv'][$_GET['privid']]]['name']; + unset($a_group[$id]['priv'][$_GET['privid']]); + + foreach ($a_group[$id]['member'] as $uid) { + $user = getUserEntryByUID($uid); + if ($user) + set_local_user($user); } -} + + write_config(); + $_GET['act'] = "edit"; + $savemsg = gettext("Privilege")." {$privdeleted} ". + gettext("successfully deleted")."<br/>"; +} if($_GET['act']=="edit"){ if (isset($id) && $a_group[$id]) { $pconfig['name'] = $a_group[$id]['name']; + $pconfig['gid'] = $a_group[$id]['gid']; + $pconfig['gtype'] = $a_group[$id]['scope']; $pconfig['description'] = $a_group[$id]['description']; - if (is_array($a_group[$id]['pages'])) - $pconfig['pages'] = $a_group[$id]['pages']; - else - $pconfig['pages'] = array(); + $pconfig['members'] = $a_group[$id]['member']; + $pconfig['priv'] = $a_group[$id]['priv']; } } - + if ($_POST) { unset($input_errors); @@ -259,14 +136,8 @@ if ($_POST) { $group['name'] = $_POST['groupname']; $group['description'] = $_POST['description']; - unset($group['pages']); - foreach ($pages as $fname => $title) { - $identifier = str_replace('.php','XXXUMXXX',$fname); - $identifier = str_replace('.','XXXDOTXXX',$identifier); - if ($_POST[$identifier] == 'yes') { - $group['pages'][] = $fname; - } - } + if ($group['gid'] != 1998) // all group + $group['member'] = $_POST['members']; if (isset($id) && $a_group[$id]) $a_group[$id] = $group; @@ -288,8 +159,59 @@ include("head.inc"); ?> <body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> +<?php include("fbegin.inc"); ?> +<script language="JavaScript"> +<!-- + +function setall_selected(id) { + selbox = document.getElementById(id); + count = selbox.options.length; + for (index = 0; index<count; index++) + selbox.options[index].selected = true; +} + +function clear_selected(id) { + selbox = document.getElementById(id); + count = selbox.options.length; + for (index = 0; index<count; index++) + selbox.options[index].selected = false; +} + +function remove_selected(id) { + selbox = document.getElementById(id); + index = selbox.options.length - 1; + for (; index >= 0; index--) + if (selbox.options[index].selected) + selbox.remove(index); +} + +function copy_selected(srcid, dstid) { + src_selbox = document.getElementById(srcid); + dst_selbox = document.getElementById(dstid); + count = src_selbox.options.length; + for (index = 0; index < count; index++) { + if (src_selbox.options[index].selected) { + option = document.createElement('option'); + option.text = src_selbox.options[index].text; + option.value = src_selbox.options[index].value; + dst_selbox.add(option, null); + } + } +} + +function move_selected(srcid, dstid) { + copy_selected(srcid, dstid); + remove_selected(srcid); +} + +function presubmit() { + clear_selected('notmembers'); + setall_selected('members'); +} + +//--> +</script> <?php - include("fbegin.inc"); if ($input_errors) print_input_errors($input_errors); if ($savemsg) @@ -302,7 +224,7 @@ include("head.inc"); <?php $tab_array = array(); $tab_array[] = array(gettext("Users"), false, "system_usermanager.php"); - $tab_array[] = array(gettext("Group"), true, "system_groupmanager.php"); + $tab_array[] = array(gettext("Groups"), true, "system_groupmanager.php"); $tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php"); display_top_tabs($tab_array); ?> @@ -327,70 +249,134 @@ include("head.inc"); el.elements[i].checked = false; } </script> - <form action="system_groupmanager.php" method="post" name="iform" id="iform"> + <form action="system_groupmanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()"> <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <?php + $ro = ""; + if ($pconfig['gtype'] == "system") + $ro = "readonly = \"readonly\""; + ?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Defined by");?></td> + <td width="78%" class="vtable"> + <strong><?=strtoupper($pconfig['gtype']);?></strong> + <input name="gtype" type="hidden" value="<?=$pconfig['gtype']?>"/> + </td> + </tr> <tr> <td width="22%" valign="top" class="vncellreq">Group name</td> <td width="78%" class="vtable"> - <input name="groupname" type="text" class="formfld" id="groupname" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"> + <input name="groupname" type="text" class="formfld group" id="groupname" size="20" value="<?=htmlspecialchars($pconfig['name']);?>" <?=$ro;?>> </td> </tr> <tr> <td width="22%" valign="top" class="vncell">Description</td> <td width="78%" class="vtable"> - <input name="description" type="text" class="formfld" id="description" size="20" value="<?=htmlspecialchars($pconfig['description']);?>"> + <input name="description" type="text" class="formfld unknown" id="description" size="20" value="<?=htmlspecialchars($pconfig['description']);?>"> <br> Group description, for your own information only </td> </tr> + + <?php if ($pconfig['gid'] != 1998): // all users group ?> + <tr> - <td colspan="4"> - <br> - Select that pages that this group may access. - Members of this group will be able to perform - all actions that are possible from each - individual web page. Ensure you set access - levels appropriately.<br> - <br> - <span class="vexpl"> - <span class="red"> - <strong> Note:</strong> - </span> - Pages marked with an * are strongly recommended - for every group. - </span> - </td> - </tr> - <tr> - <td colspan="4"> - <input type="button" name="types[]" value="Check All" onClick="checkall(); return false;"> - <input type="button" name="types[]" value="Check None" onClick="checknone(); return false;"> + <td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td> + <td width="78%" class="vtable" align="center"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td align="center" width="50%"> + <strong>Not Members</strong><br/> + <br/> + <select size="10" style="width: 75%" name="notmembers[]" class="formselect" id="notmembers" onChange="clear_selected('members')" multiple> + <?php + foreach ($config['system']['user'] as $user): + if (in_array($user['uid'],$pconfig['members'])) + continue; + ?> + <option value="<?=$user['uid'];?>" <?=$selected;?>> + <?=htmlspecialchars($user['name']);?> + </option> + <?php endforeach; ?> + </select> + <br/> + </td> + <td> + <br/> + <a href="javascript:move_selected('notmembers','members')"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="Add Members" alt="Add Members" width="17" height="17" border="0" /> + </a> + <br/><br/> + <a href="javascript:move_selected('members','notmembers')"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="Remove Members" alt="Remove Members" width="17" height="17" border="0" /> + </a> + </td> + <td align="center" width="50%"> + <strong>Members</strong><br/> + <br/> + <select size="10" style="width: 75%" name="members[]" class="formselect" id="members" onChange="clear_selected('notmembers')" multiple> + <?php + foreach ($config['system']['user'] as $user): + if (!in_array($user['uid'],$pconfig['members'])) + continue; + ?> + <option value="<?=$user['uid'];?>"> + <?=htmlspecialchars($user['name']);?> + </option> + <?php endforeach; ?> + </select> + <br/> + </td> + </tr> + </table> + <?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?> </td> </tr> + + <?php endif; ?> + <tr> - <td colspan="2"> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <td width="22%" valign="top" class="vncell"><?=gettext("Effective Privileges");?></td> + <td width="78%" class="vtable"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> - <td class="listhdrr"> </td> - <td class="listhdrr">Page Description</td> - <td class="listhdr">Filename</td> + <td width="40%" class="listhdrr"><?=gettext("Name");?></td> + <td width="60%" class="listhdrr"><?=gettext("Description");?></td> + <td class="list"></td> + </tr> + <?php + if(is_array($pconfig['priv'])): + $i = 0; + foreach ($pconfig['priv'] as $priv): + ?> + <tr> + <td class="listr"> + <?=htmlspecialchars($priv_list[$priv]['name']);?> + </td> + <td class="listbg"> + <font color="#FFFFFF"> + <?=htmlspecialchars($priv_list[$priv]['descr']);?> + </font> + </td> + <td valign="middle" nowrap class="list"> + <a href="system_groupmanager.php?act=delpriv&id=<?=$id?>&privid=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this privilege?");?>')"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" /> + </a> + </td> </tr> - <?php - foreach ($pages as $fname => $title): - $identifier = str_replace('.php','XXXUMXXX',$fname); - $identifier = str_replace('.','XXXDOTXXX',$identifier); - $checked = ""; - if (in_array($fname,$pconfig['pages'])) - $checked = "checked"; + <?php + $i++; + endforeach; + endif; ?> <tr> - <td class="listlr"> - <input class="check" name="<?=$identifier?>" type="checkbox" id="<?=$identifier?>" value="yes" <?=$checked;?>> + <td class="list" colspan="2"></td> + <td class="list"> + <a href="system_groupmanager_addprivs.php?groupid=<?=$id?>"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" /> + </a> </td> - <td class="listr"><?=$title?></td> - <td class="listr"><?=$fname?></td> </tr> - <?php endforeach; ?> </table> </td> </tr> @@ -400,7 +386,8 @@ include("head.inc"); <input name="save" type="submit" class="formbtn" value="Save"> <?php if (isset($id) && $a_group[$id]): ?> <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> + <input name="gid" type="hidden" value="<?=$pconfig['gid'];?>"> + <?php endif; ?> </td> </tr> </table> @@ -412,27 +399,38 @@ include("head.inc"); <tr> <td width="25%" class="listhdrr">Group name</td> <td width="25%" class="listhdrr">Description</td> - <td width="15%" class="listhdrr">Member Count</td> - <td width="15%" class="listhdrr">Pages Accessible</td> + <td width="30%" class="listhdrr">Member Count</td> <td width="10%" class="list"></td> </tr> <?php $i = 0; foreach($a_group as $group): + + if($group['scope'] == "system") + $grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group-grey.png"; + else + $grpimg = "/themes/{$g['theme']}/images/icons/icon_system-group.png"; ?> <tr> <td class="listlr"> - <?=htmlspecialchars($group['name']); ?> + <table border="0" cellpadding="0" cellspacing="0"> + <tr> + <td align="left" valign="center"> + <img src="<?=$grpimg;?>" alt="User" title="User" border="0" height="16" width="16" /> + </td> + </td> + <td align="left" valign="middle"> + <?=htmlspecialchars($group['name']); ?> + </td> + </tr> + </table> </td> <td class="listr"> <?=htmlspecialchars($group['description']);?> </td> - <td class="listr"> - <?=count($group['member'])?> - </td> <td class="listbg"> <font color="white"> - <?=count($group['pages']);?> + <?=count($group['member'])?> </font> </td> <td valign="middle" nowrap class="list"> @@ -440,9 +438,11 @@ include("head.inc"); <img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="edit group" width="17" height="17" border="0"> </a> - <a href="system_groupmanager.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this group?')"> + <?php if($group['scope'] != "system"): ?> + <a href="system_groupmanager.php?act=delgroup&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this group?')"> <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="delete group" width="17" height="17" border="0"> </a> + <?php endif; ?> </td> </tr> <?php @@ -450,7 +450,7 @@ include("head.inc"); endforeach; ?> <tr> - <td class="list" colspan="4"></td> + <td class="list" colspan="3"></td> <td class="list"> <a href="system_groupmanager.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="add group" width="17" height="17" border="0"> </a> |
