diff options
| author | Matthew Grooms <mgrooms@pfsense.org> | 2008-07-25 02:28:31 +0000 |
|---|---|---|
| committer | Matthew Grooms <mgrooms@pfsense.org> | 2008-07-25 02:28:31 +0000 |
| commit | 45ee90edb38f3c52a242d248468a992bf19f1c44 (patch) | |
| tree | 14e5a6b3c6a7ff340858442dddc9241b3e8fc9a0 /usr/local/www | |
| parent | 8057888036bfcacd59c9d0fcf235aba5dc65682b (diff) | |
| download | pfsense-45ee90edb38f3c52a242d248468a992bf19f1c44.zip pfsense-45ee90edb38f3c52a242d248468a992bf19f1c44.tar.gz | |
Rewrite portions of the user manager to ensure data is properly synced to
the system password and group databases. This is to provide better support
for centralized user management when local account administration is
preferred.
I also took this opportunity to do some housekeeping. A lot of funtions
that were only being used in one place or not at all were removed. The
user page privelege checks were also simplified in preperation for future
work in this area.
Diffstat (limited to 'usr/local/www')
| -rwxr-xr-x | usr/local/www/fbegin.inc | 22 | ||||
| -rwxr-xr-x | usr/local/www/firewall_nat_edit.php | 13 | ||||
| -rwxr-xr-x | usr/local/www/firewall_rules.php | 10 | ||||
| -rwxr-xr-x | usr/local/www/firewall_rules_edit.php | 14 | ||||
| -rwxr-xr-x | usr/local/www/head.inc | 5 | ||||
| -rwxr-xr-x | usr/local/www/index.php | 5 | ||||
| -rw-r--r-- | usr/local/www/system_groupmanager.php | 384 | ||||
| -rw-r--r-- | usr/local/www/system_usermanager.php | 918 | ||||
| -rw-r--r-- | usr/local/www/system_usermanager_edit.php | 87 |
9 files changed, 739 insertions, 719 deletions
diff --git a/usr/local/www/fbegin.inc b/usr/local/www/fbegin.inc index 23efdb1..80da3e5 100755 --- a/usr/local/www/fbegin.inc +++ b/usr/local/www/fbegin.inc @@ -293,8 +293,8 @@ if ($_REQUEST['noticeaction'] == 'acknowledge') { <div id="right"> - <?php + /* display a top alert bar if need be */ $need_alert_display = false; $found_notices = are_notices_pending(); @@ -317,25 +317,9 @@ if ($_REQUEST['noticeaction'] == 'acknowledge') { echo "</div>"; } - $auth_user = $HTTP_SERVER_VARS['AUTH_USER']; - - $groupindex = index_groups(); - $userindex = index_users(); - - $allowed = array(); - $allowed[] = ''; - if (!isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) - if (isset($config['system']['group'][$groupindex[$config['system']['user'][$userindex[$auth_user]]['groupname']]]['pages'])) - $allowed = &$config['system']['group'][$groupindex[$config['system']['user'][$userindex[$auth_user]]['groupname']]]['pages']; - function output_menu_item($url, $name) { - global $auth_user, $groupindex, $userindex, $allowed, $HTTP_SERVER_VARS, $allowed; - if(!$allowed) - $allowed = $_SESSION['privs']; - if (!isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) - if (!in_array(basename($url), $allowed)) - return; - echo "<li><a href=\"{$url}\" class=\"navlnk\">{$name}</a></li>\n"; + if (isAllowedPage($url)) + echo "<li><a href=\"{$url}\" class=\"navlnk\">{$name}</a></li>\n"; } ?> diff --git a/usr/local/www/firewall_nat_edit.php b/usr/local/www/firewall_nat_edit.php index 1dfc947..e5be4d9 100755 --- a/usr/local/www/firewall_nat_edit.php +++ b/usr/local/www/firewall_nat_edit.php @@ -61,19 +61,6 @@ if (isset($id) && $a_nat[$id]) { $pconfig['interface'] = "wan"; } -if($id > -1) { - $if = $a_nat[$id]['interface']; - $security_url = "firewall_nat_edit.php?if=". strtolower($if); - if (!isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) { - if(!in_array($security_url, $allowed)) { - // User does not have access - // echo "displaying error {$security_url}"; print_r($allowed); - echo display_error_form("401", "Unauthorized. You do not have access to edit nat rules on the interface {$if}"); - exit; - } - } -} - if (isset($_GET['dup'])) unset($id); diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index a12449a..77b8273 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -77,16 +77,6 @@ if (!$if || !isset($iflist[$if])) { $if = "wan"; } -$security_url = "firewall_rules.php?if=". strtolower($if); -if (!isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) { - if(!in_array($security_url, $allowed)) { - // User does not have access -// echo "displaying error {$security_url}"; print_r($allowed); - echo display_error_form("401", "Unauthorized. You do not have access to the page {$pagereq} for interface {$if}"); - exit; - } -} - if ($_POST) { $pconfig = $_POST; diff --git a/usr/local/www/firewall_rules_edit.php b/usr/local/www/firewall_rules_edit.php index 70d973f..3c2ffb7 100755 --- a/usr/local/www/firewall_rules_edit.php +++ b/usr/local/www/firewall_rules_edit.php @@ -55,20 +55,6 @@ if (isset($_GET['dup'])) { $after = $_GET['dup']; } -if($id > -1) { - $if = $a_filter[$id]['interface']; - $security_url = "firewall_rules_edit.php?if=". strtolower($if); - if (!isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) { - log_error("Checking for {$security_url}"); - if(!in_array($security_url, $allowed)) { - // User does not have access - // echo "displaying error {$security_url}"; print_r($allowed); - echo display_error_form("401", "Unauthorized. You do not have access to edit rules on the interface {$if}"); - exit; - } - } -} - if (isset($id) && $a_filter[$id]) { $pconfig['interface'] = $a_filter[$id]['interface']; diff --git a/usr/local/www/head.inc b/usr/local/www/head.inc index df81b3f..a7a0376 100755 --- a/usr/local/www/head.inc +++ b/usr/local/www/head.inc @@ -7,12 +7,13 @@ if($config['theme'] <> "") $g['theme'] = $config['theme']; else $g['theme'] = "pfsense"; + ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> - <title><?=gentitle($pgtitle);?></title> + <title>gentitle( $pgtitle )</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <?php if (strpos($_SERVER["SCRIPT_FILENAME"], "wizard.php") !== false && file_exists("{$g['www_path']}/themes/{$g['theme']}/wizard.css")): ?> @@ -24,8 +25,8 @@ else <script type="text/javascript">var theme = "<?php echo $g['theme']; ?>"</script> <script type="text/javascript" src="/themes/<?php echo $g['theme']; ?>/loader.js"></script> - <? + /* * Find all javascript files that need to be included * for this page ... from the arrays ... :) diff --git a/usr/local/www/index.php b/usr/local/www/index.php index 3b3f47a..7e33836 100755 --- a/usr/local/www/index.php +++ b/usr/local/www/index.php @@ -128,7 +128,7 @@ } fclose($fd); } - + ##build list of widgets $directory = "/usr/local/www/widgets/widgets/"; $dirhandle = opendir($directory); @@ -411,7 +411,6 @@ $closehead = false; $pgtitle = array("{$g['product_name']} Dashboard"); include("head.inc"); - echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/domLib.js\"></script>"; echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/domTT.js\"></script>"; echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript/domTT/behaviour.js\"></script>"; @@ -720,4 +719,4 @@ echo $jscriptstr; </script> </form> </body> -</html>
\ No newline at end of file +</html> diff --git a/usr/local/www/system_groupmanager.php b/usr/local/www/system_groupmanager.php index 59bc1ec..48f3a7b 100644 --- a/usr/local/www/system_groupmanager.php +++ b/usr/local/www/system_groupmanager.php @@ -208,24 +208,24 @@ if (isset($_POST['id'])) if ($_GET['act'] == "del") { if ($a_group[$_GET['id']]) { - $ok_to_delete = true; - if (isset($config['system']['user'])) { - foreach ($config['system']['user'] as $userent) { - if ($userent['groupname'] == $a_group[$_GET['id']]['name']) { - $ok_to_delete = false; - $input_errors[] = "users still exist who are members of this group!"; - break; - } - } - } - if ($ok_to_delete) { - unset($a_group[$_GET['id']]); - write_config(); - header("Location: system_groupmanager.php"); - exit; - } + del_local_group($a_group[$_GET['id']]); + unset($a_group[$_GET['id']]); + write_config(); + header("Location: system_groupmanager.php"); + exit; } } + +if($_GET['act']=="edit"){ + if (isset($id) && $a_group[$id]) { + $pconfig['name'] = $a_group[$id]['name']; + $pconfig['description'] = $a_group[$id]['description']; + if (is_array($a_group[$id]['pages'])) + $pconfig['pages'] = $a_group[$id]['pages']; + else + $pconfig['pages'] = array(); + } +} if ($_POST) { @@ -252,30 +252,30 @@ if ($_POST) { } if (!$input_errors) { - + $group = array(); if (isset($id) && $a_group[$id]) $group = $a_group[$id]; - if($id) - unset($a_group[$id]); - $group['name'] = $_POST['groupname']; $group['description'] = $_POST['description']; + unset($group['pages']); - foreach ($pages as $fname => $title) { $identifier = str_replace('.php','XXXUMXXX',$fname); $identifier = str_replace('.','XXXDOTXXX',$identifier); if ($_POST[$identifier] == 'yes') { $group['pages'][] = $fname; } - } - + } + if (isset($id) && $a_group[$id]) $a_group[$id] = $group; - else + else { + $group['gid'] = $config['system']['nextgid']++; $a_group[] = $group; - + } + + set_local_group($group); write_config(); header("Location: system_groupmanager.php"); @@ -286,161 +286,191 @@ if ($_POST) { include("head.inc"); ?> -<?php include("fbegin.inc"); ?> -<?php if ($input_errors) print_input_errors($input_errors); ?> -<?php if ($savemsg) print_info_box($savemsg); ?> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> - <ul id="tabnav"> - <?php - $tab_array = array(); - $tab_array[] = array(gettext("Users"), false, "system_usermanager.php"); - $tab_array[] = array(gettext("Group"), true, "system_groupmanager.php"); - $tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php"); - display_top_tabs($tab_array); - ?> - </ul> - </td></tr> -<tr> - <td class="tabcont"> + +<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> <?php -if($_GET['act']=="new" || $_GET['act']=="edit"){ - if($_GET['act']=="edit"){ - if (isset($id) && $a_group[$id]) { - $pconfig['name'] = $a_group[$id]['name']; - $pconfig['description'] = $a_group[$id]['description']; - $pconfig['pages'] = $a_group[$id]['pages']; - } - } + include("fbegin.inc"); + if ($input_errors) + print_input_errors($input_errors); + if ($savemsg) + print_info_box($savemsg); ?> -<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> - -<script type="text/javascript"> - function checkall() { - var el = document.getElementById('iform'); - for (var i = 0; i < el.elements.length; i++) { - el.elements[i].checked = true; - } - } - function checknone() { - var el = document.getElementById('iform'); - for (var i = 0; i < el.elements.length; i++) { - el.elements[i].checked = false; - } - } -</script> -<form action="system_groupmanager.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq">Group name</td> - <td width="78%" class="vtable"> - <?php - $inuse = false; - foreach($config['system']['user'] as $su) { - if($su['groupname'] == $pconfig['name']) - $inuse = true; +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tabnavtbl"> + <ul id="tabnav"> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Users"), false, "system_usermanager.php"); + $tab_array[] = array(gettext("Group"), true, "system_groupmanager.php"); + $tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php"); + display_top_tabs($tab_array); + ?> + </ul> + </td> + </tr> + <tr> + <td class="tabcont"> + + <?php if($_GET['act']=="new" || $_GET['act']=="edit"): ?> + + <script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> + <script type="text/javascript"> + function checkall() { + var el = document.getElementById('iform'); + for (var i = 0; i < el.elements.length; i++) + el.elements[i].checked = true; + } + function checknone() { + var el = document.getElementById('iform'); + for (var i = 0; i < el.elements.length; i++) + el.elements[i].checked = false; } - ?> - <?php if($inuse == false): ?> - <input name="groupname" type="text" class="formfld" id="groupname" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"> - <?php else: ?> - <?php echo $pconfig['name']; ?> - <input name="groupname" type="hidden" class="formfld" id="groupname" value="<?=htmlspecialchars($pconfig['name']);?>"> - <?php endif; ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Description</td> - <td width="78%" class="vtable"> - <input name="description" type="text" class="formfld" id="description" size="20" value="<?=htmlspecialchars($pconfig['description']);?>"> - <br> - Group description, for your own information only</td> - </tr> - <tr> - <td colspan="4"><br> Select that pages that this group may access. Members of this group will be able to perform all actions that<br> are possible from each individual web page. Ensure you set access levels appropriately.<br><br> - <span class="vexpl"><span class="red"><strong> Note: </strong></span>Pages - marked with an * are strongly recommended for every group.</span> - </td> + </script> + <form action="system_groupmanager.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="22%" valign="top" class="vncellreq">Group name</td> + <td width="78%" class="vtable"> + <input name="groupname" type="text" class="formfld" id="groupname" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Description</td> + <td width="78%" class="vtable"> + <input name="description" type="text" class="formfld" id="description" size="20" value="<?=htmlspecialchars($pconfig['description']);?>"> + <br> + Group description, for your own information only + </td> + </tr> + <tr> + <td colspan="4"> + <br> + Select that pages that this group may access. + Members of this group will be able to perform + all actions that are possible from each + individual web page. Ensure you set access + levels appropriately.<br> + <br> + <span class="vexpl"> + <span class="red"> + <strong> Note:</strong> + </span> + Pages marked with an * are strongly recommended + for every group. + </span> + </td> + </tr> + <tr> + <td colspan="4"> + <input type="button" name="types[]" value="Check All" onClick="checkall(); return false;"> + <input type="button" name="types[]" value="Check None" onClick="checknone(); return false;"> + </td> + </tr> + <tr> + <td colspan="2"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="listhdrr"> </td> + <td class="listhdrr">Page Description</td> + <td class="listhdr">Filename</td> + </tr> + <?php + foreach ($pages as $fname => $title): + $identifier = str_replace('.php','XXXUMXXX',$fname); + $identifier = str_replace('.','XXXDOTXXX',$identifier); + $checked = ""; + if (in_array($fname,$pconfig['pages'])) + $checked = "checked"; + ?> + <tr> + <td class="listlr"> + <input class="check" name="<?=$identifier?>" type="checkbox" id="<?=$identifier?>" value="yes" <?=$checked;?>> + </td> + <td class="listr"><?=$title?></td> + <td class="listr"><?=$fname?></td> + </tr> + <?php endforeach; ?> + </table> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="save" type="submit" class="formbtn" value="Save"> + <?php if (isset($id) && $a_group[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>"> + <?php endif; ?> + </td> + </tr> + </table> + </form> + + <?php else: ?> + + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="25%" class="listhdrr">Group name</td> + <td width="25%" class="listhdrr">Description</td> + <td width="15%" class="listhdrr">Member Count</td> + <td width="15%" class="listhdrr">Pages Accessible</td> + <td width="10%" class="list"></td> </tr> - <tr><td colspan="4"> - <input type="button" name="types[]" value="Check All" onClick="checkall(); return false;"> - <input type="button" name="types[]" value="Check None" onClick="checknone(); return false;"> - </td></tr> - <tr> - <td colspan="2"> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="listhdrr"> </td> - <td class="listhdrr">Page Description</td> - <td class="listhdr">Filename</td> - </tr> - <?php - foreach ($pages as $fname => $title) { - $identifier = str_replace('.php','XXXUMXXX',$fname); - $identifier = str_replace('.','XXXDOTXXX',$identifier); - ?> - <tr><td class="listlr"> - <input class="check" name="<?=$identifier?>" type="checkbox" id="<?=$identifier?>" value="yes" <?php if (in_array($fname,$pconfig['pages'])) echo "checked"; ?>></td> - <td class="listr"><?=$title?></td> - <td class="listr"><?=$fname?></td> - </tr> - <? - } ?> - </table> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="save" type="submit" class="formbtn" value="Save"> - <?php if (isset($id) && $a_group[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php endif; ?> - </td> - </tr> - </table> - </form> -<?php -} else { -?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="35%" class="listhdrr">Group name</td> - <td width="20%" class="listhdrr">Description</td> - <td width="20%" class="listhdrr">Pages Accessible</td> - <td width="10%" class="list"></td> - </tr> - <?php $i = 0; foreach($a_group as $group): ?> - <tr> - <td class="listlr"> - <?=htmlspecialchars($group['name']); ?> - </td> - <td class="listr"> - <?=htmlspecialchars($group['description']);?> - </td> - <td class="listbg"> - <font color="white"> - <?=count($group['pages']);?> - </td> - <td valign="middle" nowrap class="list"> <a href="system_groupmanager.php?act=edit&id=<?=$i; ?>"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" title="edit group" width="17" height="17" border="0"></a> - <a href="system_groupmanager.php?act=del&id=<?=$i; ?>" onclick="return confirm('Do you really want to delete this group?')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" title="delete group" width="17" height="17" border="0"></a></td> - </tr> - <?php $i++; endforeach; ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> <a href="system_groupmanager.php?act=new"><img src="./themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" title="add group" width="17" height="17" border="0"></a></td> - </tr> - <tr> - <td colspan="3"> - Additional webGui admin groups can be added here. Each group can be restricted to specific portions of the webGUI. Individually select the desired web pages each group may access. For example, a troubleshooting group could be created which has access only to selected Status and Diagnostics pages. - </td> - </tr> - </table> -<?php } ?> + <?php + $i = 0; + foreach($a_group as $group): + ?> + <tr> + <td class="listlr"> + <?=htmlspecialchars($group['name']); ?> + </td> + <td class="listr"> + <?=htmlspecialchars($group['description']);?> + </td> + <td class="listr"> + <?=count($group['member'])?> + </td> + <td class="listbg"> + <font color="white"> + <?=count($group['pages']);?> + </font> + </td> + <td valign="middle" nowrap class="list"> + <a href="system_groupmanager.php?act=edit&id=<?=$i;?>"> + <img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="edit group" width="17" height="17" border="0"> + </a> + + <a href="system_groupmanager.php?act=del&id=<?=$i;?>" onclick="return confirm('Do you really want to delete this group?')"> + <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="delete group" width="17" height="17" border="0"> + </a> + </td> + </tr> + <?php + $i++; + endforeach; + ?> + <tr> + <td class="list" colspan="4"></td> + <td class="list"> + <a href="system_groupmanager.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="add group" width="17" height="17" border="0"> + </a> + </td> + </tr> + <tr> + <td colspan="4"> + Additional webGui admin groups can be added here. + Each group can be restricted to specific portions of the webGUI. + Individually select the desired web pages each group may access. + For example, a troubleshooting group could be created which has + access only to selected Status and Diagnostics pages. + </td> + </tr> + </table> + + <? endif; ?> - </td> - </tr> - </table> - - + </td> + </tr> +</table> +</body> <?php include("fend.inc"); ?> diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 725511f..0c440b0 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -33,479 +33,539 @@ */ require("guiconfig.inc"); -// The page title for non-admins -$pgtitle = array("System","User Password"); -/* Check for custom priv system_usermanager (no .php ending) */ -$isAdminUser = false; -$allowed = $g['privs']; -if(is_array($allowed)) - if (in_array("system_usermanager", $allowed)) - $isAdminUser = true; +if (isAllowedPage("system_usermanager")) { -if (isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER']) or $isAdminUser == true) { - // Page title for main admin - $pgtitle = array("System","User Manager"); + // start admin user code + $pgtitle = array("System","User Manager"); - $id = $_GET['id']; - if (isset($_POST['id'])) - $id = $_POST['id']; + $id = $_GET['id']; + if (isset($_POST['id'])) + $id = $_POST['id']; if (!is_array($config['system']['user'])) $config['system']['user'] = array(); - admin_users_sort(); - if (is_array($config['system']['user'])) + admin_users_sort(); + if (is_array($config['system']['user'])) $a_user = &$config['system']['user']; - $t_privs = $a_user[$id]['priv']; - - if ($_GET['act'] == "del" && $_GET['what'] == "user") { - if ($a_user[$_GET['id']]) { - $userdeleted = $a_user[$_GET['id']]['name']; - unset($a_user[$_GET['id']]); - write_config(); - $retval = system_password_configure(); - $savemsg = get_std_save_message($retval); - $savemsg = gettext("User") . " " . $userdeleted . " " . gettext("successfully deleted") . "<br />"; - } - } else if ($_GET['act'] == "del" && $_GET['what'] == "priv") { - if ($t_privs[$_GET['privid']]) { - $privdeleted = $t_privs[$_GET['privid']]['id']; - unset($a_user[$id]['priv'][$_GET['privid']]); - write_config(); - unset($t_privs[$_GET['privid']]); - $_GET['act'] = "edit"; - $retval = 0; - $savemsg = get_std_save_message($retval); - $savemsg = gettext("Privilege") . " " . $privdeleted . " " . gettext("of user") . " " . $a_user[$_GET['id']]['name'] . " " . gettext("successfully deleted") . "<br />"; - } - } - - if ($_POST) { - unset($input_errors); - $pconfig = $_POST; - - if(!$_POST['groupname'] and $_POST['usernamefld'] != "admin") - $input_errors[] = "You must specify at least one group!"; - - /* input validation */ - if (isset($id) && ($a_user[$id])) { - $reqdfields = explode(" ", "usernamefld"); - $reqdfieldsn = explode(",", "Username"); - } else { - $reqdfields = explode(" ", "usernamefld passwordfld1"); - $reqdfieldsn = explode(",", "Username,Password"); - } - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - - if (hasShellAccess($_POST['usernamefld'])) { - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) - $input_errors[] = gettext("The username contains invalid characters."); - } else { - if (preg_match("/[^a-zA-Z0-9\@\.\-_]/", $_POST['usernamefld'])) - $input_errors[] = gettext("The username contains invalid characters."); - } - - if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) - $input_errors[] = gettext("The passwords do not match."); - - if (!$input_errors && !(isset($id) && $a_user[$id])) { - /* make sure there are no dupes */ - foreach ($a_user as $userent) { - if ($userent['name'] == $_POST['usernamefld']) { - $input_errors[] = gettext("Another entry with the same username already exists."); - break; - } - } - } - - if(is_array($_POST['groupname'])) { - foreach($_POST['groupname'] as $groupname) { - if ($pconfig['utype'] <> "system" && !isset($groupindex[$groupname])) { - $input_errors[] = gettext("group {$groupname} does not exist, please define the group before assigning users."); - } + $t_privs = $a_user[$id]['priv']; + + if ($_GET['act'] == "del") { + + if (($_GET['what'] == "user") && $a_user[$_GET['id']]) { + del_local_user($a_user[$_GET['id']]); + $userdeleted = $a_user[$_GET['id']]['name']; + unset($a_user[$_GET['id']]); + write_config(); + $retval = system_password_configure(); + $savemsg = gettext("User")." {$userdeleted} ". + gettext("successfully deleted")."<br/>"; + } + + if (($_GET['what'] == "priv") && $t_privs[$_GET['privid']]) { + $privdeleted = $t_privs[$_GET['privid']]['id']; + unset($a_user[$id]['priv'][$_GET['privid']]); + write_config(); + unset($t_privs[$_GET['privid']]); + $_GET['act'] = "edit"; + $savemsg = gettext("Privilege")." {$privdeleted} ". + gettext("of user")." {$a_user[$_GET['id']]['name']} ". + gettext("successfully deleted")."<br/>"; + } + } + + if ($_GET['act'] == "edit") { + if (isset($id) && $a_user[$id]) { + $pconfig['usernamefld'] = $a_user[$id]['name']; + $pconfig['fullname'] = $a_user[$id]['fullname']; + $pconfig['groups'] = get_local_user_groups($a_user[$id]); + $pconfig['utype'] = $a_user[$id]['scope']; + $pconfig['uid'] = $a_user[$id]['uid']; + $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']); + } + } + + if ($_GET['act'] == "new") { + /* + * set this value cause the text field is read only + * and the user should not be able to mess with this + * setting. + */ + $pconfig['utype'] = "user"; + } + + if ($_POST) { + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if (isset($id) && ($a_user[$id])) { + $reqdfields = explode(" ", "usernamefld"); + $reqdfieldsn = explode(",", "Username"); + } else { + $reqdfields = explode(" ", "usernamefld passwordfld1"); + $reqdfieldsn = explode(",", "Username,Password"); + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld'])) + $input_errors[] = gettext("The username contains invalid characters."); + + if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) + $input_errors[] = gettext("The passwords do not match."); + + /* make sure this user name is unique */ + if (!$input_errors && !(isset($id) && $a_user[$id])) { + foreach ($a_user as $userent) { + if ($userent['name'] == $_POST['usernamefld']) { + $input_errors[] = gettext("Another entry with the same username already exists."); + break; + } } } - if (isset($config['system']['ssh']['sshdkeyonly']) && - empty($_POST['authorizedkeys'])) { - $input_errors[] = gettext("You must provide an authorized key otherwise you won't be able to login into this system."); - } + if(is_array($_POST['groups'])) + foreach($_POST['groups'] as $groupname) + if ($pconfig['utype'] <> "system" && !isset($groupindex[$groupname])) + $input_errors[] = gettext("group {$groupname} does not exist, please define the group before assigning users."); - /* if this is an AJAX caller then handle via JSON */ - if (isAjax() && is_array($input_errors)) { - input_errors2Ajax($input_errors); - exit; - } + if (isset($config['system']['ssh']['sshdkeyonly']) && empty($_POST['authorizedkeys'])) + $input_errors[] = gettext("You must provide an authorized key otherwise you won't be able to login into this system."); - if (!$input_errors) { - $userent = ""; - if (isset($id) && $a_user[$id]) - $userent = $a_user[$id]; + /* if this is an AJAX caller then handle via JSON */ + if (isAjax() && is_array($input_errors)) { + input_errors2Ajax($input_errors); + exit; + } - /* the user did change his username */ - if ($_POST['usernamefld'] <> $_POST['oldusername']) { - $_SERVER['REMOTE_USER'] = $_POST['usernamefld']; - } + if (!$input_errors) { + $userent = array(); + if (isset($id) && $a_user[$id]) + $userent = $a_user[$id]; - $userent['name'] = $_POST['usernamefld']; - $userent['fullname'] = $_POST['fullname']; + /* the user did change his username */ + if ($_POST['usernamefld'] <> $_POST['oldusername']) + $_SERVER['REMOTE_USER'] = $_POST['usernamefld']; - if ($pconfig['utype'] <> "system") - $userent['groupname'] = implode(",", $_POST['groupname']); + $userent['name'] = $_POST['usernamefld']; + $userent['fullname'] = $_POST['fullname']; - isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system"; + isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system"; - if ($_POST['passwordfld1']) - $userent['password'] = crypt($_POST['passwordfld1']); + if ($_POST['passwordfld1']) + set_local_user_password($userent, $_POST['passwordfld1']); - if(isset($config['system']['ssh']['sshdkeyonly'])) { - $userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']); - } + if(isset($config['system']['ssh']['sshdkeyonly'])) + $userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']); - if (isset($id) && $a_user[$id]) - $a_user[$id] = $userent; - else - $a_user[] = $userent; + if (isset($id) && $a_user[$id]) + $a_user[$id] = $userent; + else { + $userent['uid'] = $config['system']['nextuid']++; + $a_user[] = $userent; + } - write_config(); - $retval = system_password_configure(); - sync_webgui_passwords(); + set_local_user($userent); + set_local_user_groups($userent,$_POST['groups']); + write_config(); + $retval = system_password_configure(); - pfSenseHeader("system_usermanager.php"); - } - } + pfSenseHeader("system_usermanager.php"); + } + } - include("head.inc"); + include("head.inc"); ?> <body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> -<?php include("fbegin.inc");?> -<?php if ($input_errors) print_input_errors($input_errors);?> -<?php if ($savemsg) print_info_box($savemsg);?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabnavtbl"> -<?php - $tab_array = array(); - $tab_array[] = array(gettext("Users"), true, "system_usermanager.php"); - $tab_array[] = array(gettext("Group"), false, "system_groupmanager.php"); - $tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td class="tabcont"> -<?php - if ($_GET['act'] == "new" || $_GET['act'] == "edit" || $input_errors) { - if ($_GET['act'] == "edit") { - if (isset($id) && $a_user[$id]) { - $pconfig['usernamefld'] = $a_user[$id]['name']; - $pconfig['fullname'] = $a_user[$id]['fullname']; - $pconfig['groupname'] = split(",", $a_user[$id]['groupname']); - $pconfig['utype'] = $a_user[$id]['scope']; - $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']); - } - } else if ($_GET['act'] == "new") { - /* set this value cause the text field is read only - * and the user should not be able to mess with this - * setting. - */ - $pconfig['utype'] = "user"; - } -?> - <form action="system_usermanager.php" method="post" name="iform" id="iform"> - <div id="inputerrors"></div> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td> - <td width="78%" class="vtable"> - <input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?php if ($pconfig['utype'] == "system") { echo "readonly=\"readonly\" "; }?>/> - <input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq" rowspan="2"><?=gettext("Password");?></td> - <td width="78%" class="vtable"> - <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" value="" /> - </td> - </tr> - <tr> - <td width="78%" class="vtable"> - <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" /> <?= gettext("(confirmation)"); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Full name");?></td> - <td width="78%" class="vtable"> - <input name="fullname" type="text" class="formfld unknown" id="fullname" size="20" value="<?=htmlspecialchars($pconfig['fullname']);?>" <?php if ($pconfig['utype'] == "system") { echo "readonly=\"readonly\" "; }?>/> - <br /> - <?=gettext("User's full name, for your own information only");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("User type");?></td> - <td width="78%" class="vtable"> - <input name="utype" type="text" class="formfld unknown" id="utype" size="20" value="<?=htmlspecialchars($pconfig['utype']);?>" readonly="readonly" /> - <br /> - <?=gettext("Indicates whether this is a system (aka non-deletable) user or a user created by a particular user.");?> - </td> - </tr> - <?php if (isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])): ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("User Privileges");?></td> - <td width="78%" class="vtable"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="5%" class="listhdrr"><?=gettext("ID");?></td> - <td width="30%" class="listhdrr"><?=gettext("Name");?></td> - <td width="40%" class="listhdrr"><?=gettext("Description");?></td> - <td width="5%" class="list"></td> - </tr> - - <?php if(is_array($t_privs)): ?> - <?php $i = 0; foreach ($t_privs as $priv): ?> - <?php if($priv['id'] <> ""): ?> - <tr> - <td class="listlr" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit.php?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>> - <?=htmlspecialchars($priv['id']);?> - </td> - <td class="listlr" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit.php?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>> - <?=htmlspecialchars($priv['name']);?> - </td> - <td class="listbg" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>> - <font color="#FFFFFF"><?=htmlspecialchars($priv['descr']);?> </font> - </td> - <td valign="middle" nowrap class="list"> - <?php if($a_user[$id]['scope'] == "user"): ?> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="system_usermanager_edit.php?id=<?=$i;?>&userid=<?= $id ?>&useract=<?= $_GET['act'] ?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="" /></a></td> - <td valign="middle"><a href="system_usermanager.php?act=del&privid=<?=$i;?>&what=priv&id=<?= $id ?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" /></a></td> - </tr> - </table> - <?php endif; ?> - </td> - </tr> - <?php endif; ?> - <?php $i++; endforeach; ?> - <?php endif; ?> - - <?php if($a_user[$id]['scope'] == "user"): ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td valign="middle"><a href="system_usermanager_edit.php?userid=<?= $id ?>&useract=<?= $_GET['act'] ?>"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" /></a></td> - </tr> - </table> - </td> - </tr> - <?php endif; ?> - </table> - </td> - </tr> - <?php endif; ?> - <?php if (isset($config['system']['ssh']['sshdkeyonly'])): ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td> - <td width="78%" class="vtable"> - <textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert" wrap="off"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea> - <br /> - <?=gettext("Paste an authorized keys file here.");?> - </td> - </tr> - <?php endif; ?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Group Name");?></td> - <td width="78%" class="vtable"> - <select size="10" name="groupname[]" class="formselect" id="groupname" <?php if ($pconfig['utype'] == "system") { echo "disabled=\"disabled\" "; } ?> MULTIPLE> - <?php foreach ($config['system']['group'] as $group): ?> - <option value="<?=$group['name'];?>" <?php if (in_array($group['name'],$pconfig['groupname'])) { echo "selected"; } ?>> - <?=htmlspecialchars($group['name']);?> - </option> - <?php endforeach;?> - </select> - <br /> - <?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input id="submit" name="save" type="submit" class="formbtn" value="Save" /> - <?php if (isset($id) && $a_user[$id]): ?> - <input name="id" type="hidden" value="<?=$id;?>" /> - <?php endif;?> - </td> - </tr> - </table> - </form> -<?php - } else { -?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="35%" class="listhdrr">Username</td> - <td width="20%" class="listhdrr">Full name</td> - <td width="20%" class="listhdrr">Group</td> - <td width="10%" class="list"></td> - </tr> -<?php - $i = 0; - foreach($a_user as $userent): -?> - <tr ondblclick="document.location='system_usermanager.php?act=edit&id=<?=$i;?>'"> - <td class="listlr"> - <table border="0" cellpadding="0" cellspacing="0"> - <tr> - <td align="left" valign="middle"> - <?php if($userent['scope'] == "user"): ?> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_system-user.png" alt="User" title="User" border="0" height="20" width="20" /> - <?php else: ?> - <img src="/themes/<?=$g['theme'];?>/images/icons/icon_system-user-grey.png" alt="User" title="User" border="0" height="20" width="20" /> - <?php endif; ?> - - </td> - <td align="left" valign="middle"> - <?=htmlspecialchars($userent['name']);?> - </td> - </tr> - </table> - </td> - <td class="listr"><?=htmlspecialchars($userent['fullname']);?> </td> - <td class="listbg"> - <?php - $groupname = split(",", $userent['groupname']); - ?> - <font color="white"><?=htmlspecialchars(implode(",",$groupname));?></font> - </td> - <td valign="middle" nowrap class="list"> - <a href="system_usermanager.php?act=edit&id=<?=$i;?>"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="edit user" alt="edit user" width="17" height="17" border="0" /> - </a> - <?php if($userent['scope'] == "user"): ?> - - <a href="system_usermanager.php?act=del&what=user&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this User?");?>')"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="delete user" alt="delete user" width="17" height="17" border="0" /> - </a> - <?php endif; ?> - </td> - </tr> <?php - $i++; - endforeach; + include("fbegin.inc"); + if ($input_errors) + print_input_errors($input_errors); + if ($savemsg) + print_info_box($savemsg); ?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <a href="system_usermanager.php?act=new"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="add user" alt="add user" width="17" height="17" border="0" /> - </a> - </td> - </tr> - <tr> - <td colspan="3"> - <p> - <?=gettext("Additional webConfigurator users can be added here. User permissions are determined by the admin group they are a member of.");?> - </p> - <p> - <?=gettext("An user icon that appears grey indicates that it is a system user and thus it's only possible to modified a subset of the regular user data. Additionally such an user can't be deleted.");?> - </p> - </td> - </tr> - </table> -<?php - } -?> - </td> - </tr> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tabnavtbl"> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Users"), true, "system_usermanager.php"); + $tab_array[] = array(gettext("Group"), false, "system_groupmanager.php"); + $tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php"); + display_top_tabs($tab_array); + ?> + </td> + </tr> + <tr> + <td class="tabcont"> + + <?php if ($_GET['act'] == "new" || $_GET['act'] == "edit" || $input_errors): ?> + + <form action="system_usermanager.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <?php + $ro = ""; + if ($pconfig['utype'] == "system") + $ro = "readonly = \"readonly\""; + ?> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td> + <td width="78%" class="vtable"> + <input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?>/> + <input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" /> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq" rowspan="2"><?=gettext("Password");?></td> + <td width="78%" class="vtable"> + <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" value="" /> + </td> + </tr> + <tr> + <td width="78%" class="vtable"> + <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" /> <?= gettext("(confirmation)"); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Full name");?></td> + <td width="78%" class="vtable"> + <input name="fullname" type="text" class="formfld unknown" id="fullname" size="20" value="<?=htmlspecialchars($pconfig['fullname']);?>" <?=$ro;?>/> + <br/> + <?=gettext("User's full name, for your own information only");?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("User type");?></td> + <td width="78%" class="vtable"> + <input name="utype" type="text" class="formfld unknown" id="utype" size="20" value="<?=htmlspecialchars($pconfig['utype']);?>" readonly="readonly" /> + <br/> + <?=gettext("Indicates whether this is a system (aka non-deletable) user or a user created by a particular user.");?> + </td> + </tr> + + <?php if ($pconfig['uid']): ?> + + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("User Privileges");?></td> + <td width="78%" class="vtable"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="5%" class="listhdrr"><?=gettext("ID");?></td> + <td width="30%" class="listhdrr"><?=gettext("Name");?></td> + <td width="40%" class="listhdrr"><?=gettext("Description");?></td> + <td width="5%" class="list"></td> + </tr> + <?php + if(is_array($t_privs)): + $i = 0; + foreach ($t_privs as $priv): + if($priv['id'] <> ""): + ?> + <tr> + <td class="listlr" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit.php?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>> + <?=htmlspecialchars($priv['id']);?> + </td> + <td class="listr" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit.php?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>> + <?=htmlspecialchars($priv['name']);?> + </td> + <td class="listbg" <?php if($a_user[$id]['scope'] == "user") echo "ondblclick=\"document.location='system_usermanager_edit?id={$i}&userid={$id}&useract={$_GET['act']}';\""; ?>> + <font color="#FFFFFF"><?=htmlspecialchars($priv['descr']);?> </font> + </td> + <td valign="middle" nowrap class="list"> + <?php if($a_user[$id]['scope'] == "user"): ?> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"> + <a href="system_usermanager_edit.php?id=<?=$i;?>&userid=<?= $id ?>&useract=<?= $_GET['act'] ?>"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_e.gif" width="17" height="17" border="0" alt="" /> + </a> + </td> + <td valign="middle"> + <a href="system_usermanager.php?act=del&privid=<?=$i;?>&what=priv&id=<?= $id ?>" onclick="return confirm('<?=gettext("Do you really want to delete this mapping?");?>')"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_x.gif" width="17" height="17" border="0" alt="" /> + </a> + </td> + </tr> + </table> + <?php endif; ?> + </td> + </tr> + <?php + endif; + $i++; + endforeach; + endif; + if ($a_user[$id]['scope'] == "user"): + ?> + <tr> + <td class="list" colspan="3"></td> + <td class="list"> + <table border="0" cellspacing="0" cellpadding="1"> + <tr> + <td valign="middle"> + <a href="system_usermanager_edit.php?userid=<?= $id ?>&useract=<?= $_GET['act'] ?>"> + <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="" /> + </a> + </td> + </tr> + </table> + </td> + </tr> + <?php + endif; + ?> + </table> + </td> + </tr> + + <?php endif; ?> + <?php if (isset($config['system']['ssh']['sshdkeyonly'])): ?> + + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td> + <td width="78%" class="vtable"> + <textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert" wrap="off"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea> + <br/> + <?=gettext("Paste an authorized keys file here.");?> + </td> + </tr> + + <?php endif; ?> + + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td> + <td width="78%" class="vtable"> + <select size="10" name="groups[]" class="formselect" id="groups" multiple> + <?php + foreach ($config['system']['group'] as $group): + if ($group['gid'] != 1998): /* all users group */ + $selected = ""; + if (in_array($group['name'],$pconfig['groups'])) + $selected = "selected"; + ?> + <option value="<?=$group['name'];?>" <?=$selected;?>> + <?=htmlspecialchars($group['name']);?> + </option> + <?php + endif; + endforeach; + ?> + </select> + <br/> + <?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input id="submit" name="save" type="submit" class="formbtn" value="Save" /> + <?php if (isset($id) && $a_user[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>" /> + <?php endif;?> + </td> + </tr> + </table> + </form> + + <?php else: ?> + + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="25%" class="listhdrr">Username</td> + <td width="25%" class="listhdrr">Full name</td> + <td width="30%" class="listhdrr">Groups</td> + <td width="10%" class="list"></td> + </tr> + <?php + $i = 0; + foreach($a_user as $userent): + ?> + <tr ondblclick="document.location='system_usermanager.php?act=edit&id=<?=$i;?>'"> + <td class="listlr"> + <table border="0" cellpadding="0" cellspacing="0"> + <tr> + <td align="left" valign="center"> + <?php + if($userent['scope'] == "user") + $usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png"; + else + $usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user-grey.png"; + ?> + <img src="<?=$usrimg;?>" alt="User" title="User" border="0" height="16" width="16" /> + </td> + <td align="left" valign="middle"> + <?=htmlspecialchars($userent['name']);?> + </td> + </tr> + </table> + </td> + <td class="listr"><?=htmlspecialchars($userent['fullname']);?> </td> + <td class="listbg"> + <font color="white"> + <?=implode(",",get_local_user_groups($userent));?> + </font> + + </td> + <td valign="middle" nowrap class="list"> + <a href="system_usermanager.php?act=edit&id=<?=$i;?>"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="edit user" alt="edit user" width="17" height="17" border="0" /> + </a> + <?php if($userent['scope'] == "user"): ?> + + <a href="system_usermanager.php?act=del&what=user&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this User?");?>')"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="delete user" alt="delete user" width="17" height="17" border="0" /> + </a> + <?php endif; ?> + </td> + </tr> + <?php + $i++; + endforeach; + ?> + <tr> + <td class="list" colspan="3"></td> + <td class="list"> + <a href="system_usermanager.php?act=new"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="add user" alt="add user" width="17" height="17" border="0" /> + </a> + </td> + </tr> + <tr> + <td colspan="3"> + <p> + <?=gettext("Additional webConfigurator users can be added here. User permissions are determined by the admin group they are a member of.");?> + </p> + <p> + <?=gettext("An user icon that appears grey indicates that it is a system user and thus it's only possible to modified a subset of the regular user data. Additionally such an user can't be deleted.");?> + </p> + </td> + </tr> + </table> + + <?php endif; ?> + + </td> + </tr> </table> +<?php include("fend.inc");?> +</body> + <?php -} else { // end of admin user code, start of normal user code - if (isset($_POST['save'])) { - unset($input_errors); - /* input validation */ - $reqdfields = explode(" ", "passwordfld1"); - $reqdfieldsn = explode(",", "Password"); + // end admin user code + +} else { + + // start normal user code + $pgtitle = array("System","User Password"); + + if (isset($_POST['save'])) { + unset($input_errors); + + /* input validation */ + $reqdfields = explode(" ", "passwordfld1"); + $reqdfieldsn = explode(",", "Password"); - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - if ($_POST['passwordfld1'] != $_POST['passwordfld2']) - $input_errors[] = "The passwords do not match."; + if ($_POST['passwordfld1'] != $_POST['passwordfld2']) + $input_errors[] = "The passwords do not match."; - if (!$input_errors) { - // all values are okay --> saving changes - $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1'])); + if (!$input_errors) { + // all values are okay --> saving changes + $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1'])); - write_config(); + write_config(); - sync_webgui_passwords(); + sync_webgui_passwords(); - $retval = system_password_configure(); - $savemsg = get_std_save_message($retval); - $savemsg = "Password successfully changed<br />"; - } - } + $retval = system_password_configure(); + $savemsg = "Password successfully changed<br />"; + } + } + + /* deterimine if user is not local to system */ + $islocal = false; + foreach($config['system']['user'] as $user) + if($user['name'] == $_SESSION['Username']) + $islocal = true; ?> +<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> <?php include("head.inc"); + include("fbegin.inc"); + if ($input_errors) + print_input_errors($input_errors); + if ($savemsg) + print_info_box($savemsg); + + if($islocal == false) { + echo "Sorry, you cannot change the password for a LDAP user."; + include("fend.inc"); + exit; + } ?> -<?php include("fbegin.inc");?> -<?php if ($input_errors) print_input_errors($input_errors);?> -<?php if ($savemsg) print_info_box($savemsg);?> -<?php - -/* deterimine if user is not local to system */ -$islocal = false; -foreach($config['system']['user'] as $user) - if($user['name'] == $_SESSION['Username']) - $islocal = true; -if($islocal == false) { - echo "Sorry, you cannot change the password for a LDAP user."; - include("fend.inc"); - exit; -} +<form action="system_usermanager.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=$HTTP_SERVER_VARS['AUTH_USER']?>'s Password</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell" rowspan="2">Password</td> + <td width="78%" class="vtable"> + <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" /> + </td> + </tr> + <tr> + <td width="78%" class="vtable"> + <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" /> + <?=gettext("(confirmation)");?> + <br/> + <span class="vexpl"> + <?=gettext("Select a new password");?> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> + </td> + </tr> + </table> +</form> +<?php include("fend.inc");?> +</body> -?> - <body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> - <form action="system_usermanager.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=$HTTP_SERVER_VARS['AUTH_USER']?>'s Password</td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell" rowspan="2">Password</td> - <td width="78%" class="vtable"> - <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" /> - </td> - </tr> - <tr> - <td width="78%" class="vtable"> - <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" /> - <?=gettext("(confirmation)");?> - <br /> - <span class="vexpl"><?=gettext("Select a new password");?></span> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - </td> - </tr> - </table> - </form> <?php } // end of normal user code -?> -<?php include("fend.inc");?> -</body> -</html> +/* + * NOTE : sections of the code below are based on the BSD + * licensed CHAP.php courtesy of Michael Retterklieber. + */ +function set_password_hashes(& $userent, $password) { + $userent['password'] = crypt($password); + $userent['md5-hash'] = md5($password); +/* + * Waiting for mhash + * + * // Converts ascii to unicode. + * $astr = (string) $password; + * $ustr = ''; + * for ($i = 0; $i < strlen($astr); $i++) { + * $a = ord($astr{$i}) << 8; + * $ustr.= sprintf("%X", $a); + * } + * + * // Generate the NT-HASH from the unicode string + * $userent['nt-hash'] = bin2hex(mhash(MHASH_MD4, $ustr)); + */ +} + +?> diff --git a/usr/local/www/system_usermanager_edit.php b/usr/local/www/system_usermanager_edit.php index 14bf3e5..af4a9b3 100644 --- a/usr/local/www/system_usermanager_edit.php +++ b/usr/local/www/system_usermanager_edit.php @@ -33,19 +33,19 @@ require("guiconfig.inc"); $pgtitle = array("System","User manager","Edit privilege"); /* - The following code presumes, that the following XML structure exists or - if it does not exist, it will be created. - - <priv> - <id>fooid</id> - <name>foo</name> - <descr>foo desc</descr> - </priv> - <priv> - <id>barid</id> - <name>bar</name> - <descr>bar desc</descr> - </priv> + NOTE: The following code presumes, that the following XML structure + exists or if it does not exist, it will be created. + + <priv> + <id>fooid</id> + <name>foo</name> + <descr>foo desc</descr> + </priv> + <priv> + <id>barid</id> + <name>bar</name> + <descr>bar desc</descr> + </priv> */ $useract = $_GET['useract']; @@ -63,24 +63,23 @@ if (isset($_POST['id'])) $id = $_POST['id']; if (empty($config['system']['user'][$userid])) { - pfSenseHeader("system_usermanager.php?id={$userid}&act={$_GET['useract']}"); - exit; + pfSenseHeader("system_usermanager.php?id={$userid}&act={$_GET['useract']}"); + exit; } -if (!is_array($config['system']['user'][$userid]['priv'])) { - $config['system']['user'][$userid]['priv'] = array(); -} +if (!is_array($config['system']['user'][$userid]['priv'])) + $config['system']['user'][$userid]['priv'] = array(); $t_privs = &$config['system']['user'][$userid]['priv']; if (isset($id) && $t_privs[$id]) { - $pconfig['pid'] = $t_privs[$id]['id']; - $pconfig['pname'] = $t_privs[$id]['name']; - $pconfig['descr'] = $t_privs[$id]['descr']; + $pconfig['pid'] = $t_privs[$id]['id']; + $pconfig['pname'] = $t_privs[$id]['name']; + $pconfig['descr'] = $t_privs[$id]['descr']; } else { - $pconfig['pid'] = $_GET['pid']; - $pconfig['pname'] = $_GET['pname']; - $pconfig['descr'] = $_GET['descr']; + $pconfig['pid'] = $_GET['pid']; + $pconfig['pname'] = $_GET['pname']; + $pconfig['descr'] = $_GET['descr']; } if ($_POST) { @@ -96,22 +95,18 @@ if ($_POST) { /* check for overlaps */ foreach ($t_privs as $priv) { - if (isset($id) && ($t_privs[$id]) && ($t_privs[$id] === $priv)) { + if (isset($id) && ($t_privs[$id]) && ($t_privs[$id] === $priv)) continue; - } if ($priv['id'] == $pconfig['pid']) { $input_errors[] = gettext("This privilege ID already exists."); break; } } - if (hasShellAccess($userindex[$userid]['name']) || - isAllowedToCopyFiles($userindex[$userid]['name'])) { - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $userindex[$userid]['name'])) - $input_errors[] = gettext("The username contains invalid characters " . - "((this means this user can't be used to create" . - " a shell account)."); - } + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $userindex[$userid]['name'])) + $input_errors[] = gettext("The username contains invalid characters " . + "((this means this user can't be used to create" . + " a shell account)."); /* if this is an AJAX caller then handle via JSON */ if(isAjax() && is_array($input_errors)) { @@ -130,30 +125,18 @@ if ($_POST) { else $t_privs[] = $priv; - $name = $config['system']['user'][$userid]['name']; - $groupname = $config['system']['user'][$userid]['groupname']; - - if ($priv['id'] == "hasshell") { - log_error("Assigning UID to $name / $groupname"); - assignUID($name); - assignGID($groupname); - } - - write_config(); + set_local_user($config['system']['user'][$userid]); + write_config(); - /* sync usernames and password db */ - $retval = system_password_configure(); - sync_webgui_passwords(); - - $retval = 0; - config_lock(); - config_unlock(); + $retval = 0; + config_lock(); + config_unlock(); - $savemsg = get_std_save_message($retval); + $savemsg = get_std_save_message($retval); pfSenseHeader("system_usermanager.php?id={$userid}&act={$useract}"); exit; - } + } } /* if ajax is calling, give them an update message */ |
