diff options
author | Ermal Luçi <eri@pfsense.org> | 2010-03-03 16:16:39 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2010-03-03 16:17:35 +0000 |
commit | 6306b5ddc70ce5bbcf9c9c9769755340e0117de4 (patch) | |
tree | ef8ac81995fa89cde3362ccbc02540a4e468b783 /usr/local/www/system_usermanager_settings.php | |
parent | f700f8da9deedb1f866353911a5eaf939016124a (diff) | |
download | pfsense-6306b5ddc70ce5bbcf9c9c9769755340e0117de4.zip pfsense-6306b5ddc70ce5bbcf9c9c9769755340e0117de4.tar.gz |
Overhaul the user login system to use the Servers tab as its base.
Fix quite a few problems down the way.
Diffstat (limited to 'usr/local/www/system_usermanager_settings.php')
-rwxr-xr-x | usr/local/www/system_usermanager_settings.php | 283 |
1 files changed, 51 insertions, 232 deletions
diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index 4889d73..7b96d4d 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -45,29 +45,20 @@ if($_POST['savetest']) $save_and_test = true; require("guiconfig.inc"); +require_once("auth.inc"); require("priv.defs.inc"); require("priv.inc"); $pconfig['session_timeout'] = &$config['system']['webgui']['session_timeout']; -$pconfig['ldapserver'] = &$config['system']['webgui']['ldapserver']; +$pconfig['authmode'] = &$config['system']['webgui']['authmode']; $pconfig['backend'] = &$config['system']['webgui']['backend']; -$pconfig['ldapbindun'] = &$config['system']['webgui']['ldapbindun']; -$pconfig['ldapbindpw'] = &$config['system']['webgui']['ldapbindpw']; -$pconfig['ldapfilter'] = &$config['system']['webgui']['ldapfilter']; -$pconfig['ldapsearchbase'] = &$config['system']['webgui']['ldapsearchbase']; -$pconfig['ldapauthcontainers'] = &$config['system']['webgui']['ldapauthcontainers']; -$pconfig['ldapgroupattribute'] = &$config['system']['webgui']['ldapgroupattribute']; -$pconfig['ldapnameattribute'] = &$config['system']['webgui']['ldapnameattribute']; // Page title for main admin $pgtitle = array("System","User manager settings"); if ($_POST) { unset($input_errors); - - conf_mount_rw(); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pconfig = $_POST; if($_POST['session_timeout']) { $timeout = intval($_POST['session_timeout']); @@ -78,60 +69,23 @@ if ($_POST) { if (!$input_errors) { if($_POST['session_timeout']) - $pconfig['session_timeout'] = intval($_POST['session_timeout']); + $config['system']['webgui']['session_timeout'] = intval($_POST['session_timeout']); else unset($config['system']['webgui']['session_timeout']); - if($_POST['ldapserver']) - $pconfig['ldapserver'] = $_POST['ldapserver']; + if($_POST['authmode']) + $config['system']['webgui']['authmode'] = $_POST['authmode']; else - unset($pconfig['ldapserver']); + unset($config['system']['webgui']['authmode']); if($_POST['backend']) - $pconfig['backend'] = $_POST['backend']; - else - unset($pconfig['backend']); - - if($_POST['ldapbindun']) - $pconfig['ldapbindun'] = $_POST['ldapbindun']; - else - unset($pconfig['ldapbindun']); - - if($_POST['ldapbindpw']) - $pconfig['ldapbindpw'] = $_POST['ldapbindpw']; - else - unset($pconfig['ldapbindpw']); - - if($_POST['ldapfilter']) - $pconfig['ldapfilter'] = $_POST['ldapfilter']; + $config['system']['webgui']['backend'] = $_POST['backend']; else - unset($pconfig['ldapfilter']); - - if($_POST['ldapsearchbase']) - $pconfig['ldapsearchbase'] = $_POST['ldapsearchbase']; - else - unset($pconfig['ldapsearchbase']); - - if($_POST['ldapauthcontainers']) - $pconfig['ldapauthcontainers'] = $_POST['ldapauthcontainers']; - else - unset($pconfig['ldapauthcontainers']); - - if($_POST['ldapgroupattribute']) - $pconfig['ldapgroupattribute'] = $_POST['ldapgroupattribute']; - else - unset($pconfig['ldapgroupattribute']); - if($_POST['ldapnameattribute']) - $pconfig['ldapnameattribute'] = $_POST['ldapnameattribute']; - else - unset($pconfig['ldapgroupattribute']); + unset($config['system']['webgui']['backend']); write_config(); } - - conf_mount_ro(); - } include("head.inc"); @@ -145,77 +99,13 @@ include("head.inc"); <?php if($save_and_test) { echo "<script language='javascript'>\n"; - echo "myRef = window.open('system_usermanager_settings_test.php','mywin', "; + echo "myRef = window.open('system_usermanager_settings_test.php?authserver={$pconfig['authmode']}','mywin', "; echo "'left=20,top=20,width=700,height=550,toolbar=1,resizable=0');\n"; + echo "if (myRef==null || typeof(myRef)=='undefined') aleart('Popup blocker detected. Action aborted.');\n"; echo "</script>\n"; } ?> -<script language="javascript"> - function show_ldapfilter() { - document.getElementById("filteradv").innerHTML=''; - aodiv = document.getElementById('filteradvdiv'); - aodiv.style.display = "block"; - } - function show_ldapnaming(){ - document.getElementById("namingattribute").innerHTML=''; - aodiv = document.getElementById('ldapnamingdiv'); - aodiv.style.display = "block"; - } - function show_groupmembership() { - document.getElementById("groupmembership").innerHTML=''; - aodiv = document.getElementById('groupmembershipdiv'); - aodiv.style.display = "block"; - } - function ldap_typechange() { - switch (document.iform.backend.selectedIndex) { - case 0: - /* pfSense backend, disable all options */ - document.iform.ldapfilter.disabled = 1; - document.iform.ldapnameattribute.disabled = 1; - document.iform.ldapgroupattribute.disabled = 1; - document.iform.ldapsearchbase.disabled = 1; - document.iform.ldapauthcontainers.disabled = 1; - document.iform.ldapserver.disabled = 1; - document.iform.ldapbindun.disabled = 1; - document.iform.ldapbindpw.disabled = 1; - document.iform.ldapfilter.value = ""; - document.iform.ldapnameattribute.value = ""; - document.iform.ldapgroupattribute.value = ""; - document.iform.ldapauthcontainers.value = ""; - break; - case 1: - /* A/D */ - document.iform.ldapfilter.disabled = 0; - document.iform.ldapnameattribute.disabled = 0; - document.iform.ldapgroupattribute.disabled = 0; - document.iform.ldapsearchbase.disabled = 0; - document.iform.ldapauthcontainers.disabled = 0; - document.iform.ldapserver.disabled = 0; - document.iform.ldapbindun.disabled = 0; - document.iform.ldapbindpw.disabled = 0; - document.iform.ldapfilter.value = "(samaccountname=_username_)"; - document.iform.ldapnameattribute.value = "samaccountname"; - document.iform.ldapgroupattribute.value = "memberOf"; - break; - case 2: - /* eDir */ - document.iform.ldapfilter.disabled = 0; - document.iform.ldapnameattribute.disabled = 0; - document.iform.ldapgroupattribute.disabled = 0; - document.iform.ldapsearchbase.disabled = 0; - document.iform.ldapauthcontainers.disabled = 0; - document.iform.ldapserver.disabled = 0; - document.iform.ldapbindun.disabled = 0; - document.iform.ldapbindpw.disabled = 0; - document.iform.ldapfilter.value = "(cn=_username_)"; - document.iform.ldapnameattribute.value = "CN"; - document.iform.ldapgroupattribute.value = "groupMembership"; - break; - } - } -</script> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="tabnavtbl"> @@ -224,7 +114,7 @@ include("head.inc"); $tab_array[] = array(gettext("Users"), false, "system_usermanager.php"); $tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php"); $tab_array[] = array(gettext("Settings"), true, "system_usermanager_settings.php"); - $tab_array[] = array(gettext("Servers"), false, "system_authservers.php"); + $tab_array[] = array(gettext("Servers"), false, "system_authservers.php"); display_top_tabs($tab_array); /* Default to pfsense backend type if none is defined */ @@ -238,110 +128,49 @@ if(!$pconfig['backend']) <div id="mainarea"> <form id="iform" name="iform" action="system_usermanager_settings.php" method="post"> <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> - <tr> + <tr> <td width="22%" valign="top" class="vncell">Session Timeout</td> <td width="78%" class="vtable"> - <input name="session_timeout" id="session_timeout" type="text" size="8" value="<?=htmlspecialchars($pconfig['session_timeout']);?>" /> - <br /> - <?=gettext("Time in minutes to expire idle management sessions. The default is four hours (240 minutes). <br/> Enter 0 to never expire sessions. NOTE: This is a security risk!");?><br /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Authentication primary backend</td> - <td width="78%" class="vtable"> - <select name='backend' id='backend' onchange='ldap_typechange()'> - <option value="pfsense"<?php if ($pconfig['backend'] == "pfsense") echo " SELECTED";?>>Local User Database</option> - <option value="ldap"<?php if ($pconfig['backend'] == "ldap") echo " SELECTED";?>>LDAP (Active Directory)</option> - <option value="ldapother"<?php if ($pconfig['backend'] == "ldapother") echo " SELECTED";?>>LDAP OTHER (eDir, etc)</option> - </select> - <br/>NOTE: login failures or server not available issues will fall back to <?=$g['product_name'];?> internal users/group authentication. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Server:port</td> - <td width="78%" class="vtable"> - <input name="ldapserver" id="ldapserver" size="65" value="<?=htmlspecialchars($pconfig['ldapserver']);?>"> - <br/>Example: ldaps://ldap.example.org:389 or ldap://ldap.example.org:389 - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Binding username</td> + <input name="session_timeout" id="session_timeout" type="text" size="8" value="<?=htmlspecialchars($pconfig['session_timeout']);?>" /> + <br /> + <?=gettext("Time in minutes to expire idle management sessions. The default is four hours (240 minutes). <br/> Enter 0 to never expire sessions. NOTE: This is a security risk!");?><br /> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Authentication Server</td> <td width="78%" class="vtable"> - <input name="ldapbindun" id="ldapbindun" size="65" value="<?=htmlspecialchars($pconfig['ldapbindun']);?>"> - <br/>This account must have read access to the user objects and be able to retrieve groups. - <br/>Example: For Active Directory you would want to use format DOMAIN\username or username@domain. - <br/>Example: eDirectory you would want to use format cn=username,ou=orgunit,o=org. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Binding password</td> + <select name='authmode' id='authmode' class="formselect" > + <?php + $auth_servers = auth_get_authserver_list(); + foreach ($auth_servers as $auth_server): + if ($auth_server['type'] == 'radius') + continue; + $selected = ""; + if ($auth_server['name'] == $pconfig['authmode']) + $selected = "selected"; + ?> + <option value="<?=$auth_server['name'];?>" <?=$selected;?>><?=$auth_server['name'];?></option> + <?php endforeach; ?> + </select> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Authentication fallback backend</td> <td width="78%" class="vtable"> - <input name="ldapbindpw" id="ldapbindpw" type="password" size="65" value="<?=htmlspecialchars($pconfig['ldapbindpw']);?>"> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Filter</td> - <td width="78%" class="vtable"> - <div id="filteradv" name="filteradv"> - <input type="button" onClick="show_ldapfilter();" value="Advanced"> - Show advanced options - </div> - <div id="filteradvdiv" name="filteradvdiv" style="display:none"> - <input name="ldapfilter" id="ldapfilter" size="65" value="<?=htmlspecialchars($pconfig['ldapfilter']);?>"> - <br/>Example: For Active Directory you would want to use (samaccountname=_username_) - <br/>Example: For eDirectory you would want to use (cn=_username_) - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Naming Attribute</td> - <td width="78%" class="vtable"> - <div id="namingattribute" name="namingattribute"> - <input type="button" onClick="show_ldapnaming();" value="Advanced"> - Show advanced options - </div> - <div id="ldapnamingdiv" name="ldapnamingdiv" style="display:none"> - <input name="ldapnameattribute" id="ldapnameattribute" size="65" value="<?=htmlspecialchars($pconfig['ldapnameattribute']);?>"> - <br/>Example: For Active Directory you would want to use samaccountname. - <br/>Example: For eDirectory you would want to use CN. - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Group Membership Attribute Name</td> - <td width="78%" class="vtable"> - <div id="groupmembership" name="groupmembership"> - <input type="button" onClick="show_groupmembership();" value="Advanced"> - Show advanced options - </div> - <div id="groupmembershipdiv" name="groupmembershipdiv" style="display:none"> - <input name="ldapgroupattribute" id="ldapgroupattribute" size="65" value="<?=htmlspecialchars($pconfig['ldapgroupattribute']);?>"> - <br/>Example: For Active Directory you would want to use memberOf. - <br/>Example: For eDirectory you would want to use groupMembership. - </div> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">LDAP Search base</td> - <td width="78%" class="vtable"> - <input name="ldapsearchbase" size="65" value="<?=htmlspecialchars($pconfig['ldapsearchbase']);?>"> - <br/>Example: DC=example,DC=com - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Authentication container</td> - <td width="78%" class="vtable"> - <input name="ldapauthcontainers" id="ldapauthcontainers" size="65" value="<?=htmlspecialchars($pconfig['ldapauthcontainers']);?>"> - <input type="button" onClick="javascript:if(openwindow('system_usermanager_settings_ldapacpicker.php') == false) alert('Popup blocker detected. Action aborted.');" value="Select"> - <br/>NOTE: Semi-Colon separated. - <br/>EXAMPLE: CN=Users,DC=example,DC=com;CN=OtherUsers,DC=example,DC=com - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input id="submit" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - <input id="savetest" name="savetest" type="submit" class="formbtn" value="<?=gettext("Save and Test");?>" /> - </td> - </tr> + <select name='backend' id='backend' onchange='ldap_typechange()'> + <option value="pfsense"<?php if ($pconfig['backend'] == "pfsense") echo " SELECTED";?>>Local User Database</option> + <option value="ldap"<?php if ($pconfig['backend'] == "ldap") echo " SELECTED";?>>LDAP (Directory server)</option> + </select> + <br/>NOTE: login failures or server not available issues will fall back to <?=$g['product_name'];?> this type of authenticator. + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input id="save" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> + <input id="savetest" name="savetest" type="submit" class="formbtn" value="<?=gettext("Save and Test");?>" /> + </td> + </tr> </table> </form> </div> @@ -351,13 +180,3 @@ if(!$pconfig['backend']) <?php include("fend.inc");?> </body> </html> -<script language="javascript"> - function openwindow(url) { - var oWin = window.open(url,"pfSensePop","width=620,height=400,top=150,left=150"); - if (oWin==null || typeof(oWin)=="undefined") { - return false; - } else { - return true; - } - } -</script> |