diff options
author | Matthew Grooms <mgrooms@pfsense.org> | 2008-08-05 04:16:50 +0000 |
---|---|---|
committer | Matthew Grooms <mgrooms@pfsense.org> | 2008-08-05 04:16:50 +0000 |
commit | fbf672cbe9c241459579a83be00df9f20dd47dc0 (patch) | |
tree | b514601f39bbaabe8f7b98ea843dea1017d76419 /usr/local/www | |
parent | 10fe861c87b3b6857ab9d0858a9f292e49ac3c05 (diff) | |
download | pfsense-fbf672cbe9c241459579a83be00df9f20dd47dc0.zip pfsense-fbf672cbe9c241459579a83be00df9f20dd47dc0.tar.gz |
Add an interface to manage external authentication servers. The two types
supported currently are LDAP and Radius.
Diffstat (limited to 'usr/local/www')
-rwxr-xr-x | usr/local/www/guiconfig.inc | 44 | ||||
-rw-r--r-- | usr/local/www/system_authservers.php | 667 | ||||
-rw-r--r-- | usr/local/www/system_groupmanager.php | 14 | ||||
-rw-r--r-- | usr/local/www/system_usermanager.php | 9 | ||||
-rwxr-xr-x | usr/local/www/system_usermanager_settings.php | 1 |
5 files changed, 724 insertions, 11 deletions
diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index bba46ce..50fcd54 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -100,8 +100,50 @@ if (file_exists($d_firmwarelock_path)) { } } +$auth_server_types = array( + 'ldap' => "LDAP", + 'radius' => "Radius"); + +$ldap_urltypes = array( + 'TCP - Standard' => 389, + 'SSL - Encrypted' => 636); + +$ldap_scopes = array( + 'one' => "One Level", + 'subtree' => "Entire Subtree"); + +$ldap_protvers = array( + 2, + 3); + +$ldap_templates = array( + + 'open' => array( + 'desc' => "OpenLDAP", + 'attr_user' => "cn", + 'attr_group' => "cn", + 'attr_member' => "member"), + + 'msad' => array( + 'desc' => "Microsoft AD", + 'attr_user' => "samAccountNAme", + 'attr_group' => "cn", + 'attr_member' => "member"), + + 'edir' => array( + 'desc' => "Novell eDirectory", + 'attr_user' => "cn", + 'attr_group' => "cn", + 'attr_member' => "uniqueMember")); + +$radius_srvcs = array( + 'both' => "Authentication and Accounting", + 'auth' => "Authentication", + 'acct' => "Accounting"); + /* some well knows ports */ -$wkports = array(3389 => "MS RDP", +$wkports = array( + 3389 => "MS RDP", 21 => "FTP", 22 => "SSH", 23 => "Telnet", diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php new file mode 100644 index 0000000..5a48b21 --- /dev/null +++ b/usr/local/www/system_authservers.php @@ -0,0 +1,667 @@ +<?php +/* + system_authservers.php + + Copyright (C) 2008 Shrew Soft Inc. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +##|+PRIV +##|*IDENT=page-system-authservers +##|*NAME=System: Authentication Servers +##|*DESCR=Allow access to the 'System: Authentication Servers' page. +##|*MATCH=system_authservers.php* +##|-PRIV + +require("guiconfig.inc"); + +$pgtitle = array("System", "Authentication Servers"); + +$id = $_GET['id']; +if (isset($_POST['id'])) + $id = $_POST['id']; + +if (!is_array($config['system']['authserver'])) + $config['system']['authserver'] = array(); + +$a_server =& $config['system']['authserver']; + +$act = $_GET['act']; +if ($_POST['act']) + $act = $_POST['act']; + +if ($act == "del") { + + if (!$a_server[$_GET['id']]) { + pfSenseHeader("system_authservers.php"); + exit; + } + + $serverdeleted = $a_server[$_GET['id']]['name']; + unset($a_server[$_GET['id']]); + write_config(); + $savemsg = gettext("Authentication Server")." {$serverdeleted} ". + gettext("successfully deleted")."<br/>"; +} + +if ($act == "edit") { + if (isset($id) && $a_server[$id]) { + + $pconfig['type'] = $a_server[$id]['type']; + $pconfig['name'] = $a_server[$id]['name']; + + if ($pconfig['type'] == "ldap") { + $pconfig['ldap_host'] = $a_server[$id]['host']; + $pconfig['ldap_port'] = $a_server[$id]['ldap_port']; + $pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype']; + $pconfig['ldap_protver'] = $a_server[$id]['ldap_protver']; + $pconfig['ldap_scope'] = $a_server[$id]['ldap_scope']; + $pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn']; + $pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn']; + $pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw']; + $pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user']; + $pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group']; + $pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member']; + + if (!$pconfig['ldap_binddn'] || !$pconfig['ldap_bindpw']) + $pconfig['ldap_anon'] = true; + } + + if ($pconfig['type'] == "radius") { + $pconfig['radius_host'] = $a_server[$id]['host']; + $pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port']; + $pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port']; + + if ($pconfig['radius_auth_port'] && + $pconfig['radius_acct_port'] ) { + $pconfig['radius_srvcs'] = "both"; + } + + if ( $pconfig['radius_auth_port'] && + !$pconfig['radius_acct_port'] ) { + $pconfig['radius_srvcs'] = "auth"; + $pconfig['radius_acct_port'] = 813; + } + + if (!$pconfig['radius_auth_port'] && + $pconfig['radius_acct_port'] ) { + $pconfig['radius_srvcs'] = "acct"; + $pconfig['radius_auth_port'] = 812; + } + + } + } +} + +if ($act == "new") { + $pconfig['ldap_protver'] = 3; + $pconfig['ldap_anon'] = true; + $pconfig['radius_srvcs'] = "both"; + $pconfig['radius_auth_port'] = "812"; + $pconfig['radius_acct_port'] = "813"; +} + +if ($_POST) { + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + + if ($pconfig['type'] == "ldap") { + $reqdfields = explode(" ", "name type ldap_host ldap_port ". + "ldap_urltype ldap_protver ldap_scope ldap_basedn ". + "ldap_attr_user ldap_attr_group ldap_attr_member"); + $reqdfieldsn = explode(",", "Descriptive name,Type,Hostname or IP,". + "Port value,Transport,Protocol version,Search level,". + "Search Base DN,User naming Attribute,". + "Group naming Attribute,Group member attribute"); + + if (!$pconfig['ldap_anon']) { + $reqdfields[] = "ldap_binddn"; + $reqdfields[] = "ldap_bindpw"; + $reqdfieldsn[] = "Bind user DN"; + $reqdfieldsn[] = "Bind Password"; + } + } + + if ($pconfig['type'] == "radius") { + $reqdfields = explode(" ", "name type radius_host radius_srvcs"); + $reqdfieldsn = explode(",", "Descriptive name,Type,Hostname or IP,". + "Services"); + + if ($pconfig['radisu_srvcs'] == "both" || + $pconfig['radisu_srvcs'] == "auth") { + $reqdfields[] = "radius_auth_port"; + $reqdfieldsn[] = "Authentication port value"; + } + + if ($pconfig['radisu_srvcs'] == "both" || + $pconfig['radisu_srvcs'] == "acct") { + $reqdfields[] = "radius_acct_port"; + $reqdfieldsn[] = "Accounting port value"; + } + + if (!isset($id)) { + $reqdfields[] = "radius_secret"; + $reqdfieldsn[] = "Shared Secret"; + } + } + + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + + if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host'])) + $input_errors[] = gettext("The host name contains invalid characters."); + + /* if this is an AJAX caller then handle via JSON */ + if (isAjax() && is_array($input_errors)) { + input_errors2Ajax($input_errors); + exit; + } + + if (!$input_errors) { + $server = array(); + $server['refid'] = uniqid(); + if (isset($id) && $a_server[$id]) + $server = $a_server[$id]; + + $server['type'] = $pconfig['type']; + $server['name'] = $pconfig['name']; + + if ($server['type'] == "ldap") { + + $server['host'] = $pconfig['ldap_host']; + $server['ldap_port'] = $pconfig['ldap_port']; + $server['ldap_urltype'] = $pconfig['ldap_urltype']; + $server['ldap_protver'] = $pconfig['ldap_protver']; + $server['ldap_scope'] = $pconfig['ldap_scope']; + $server['ldap_basedn'] = $pconfig['ldap_basedn']; + $server['ldap_attr_user'] = $pconfig['ldap_attr_user']; + $server['ldap_attr_group'] = $pconfig['ldap_attr_group']; + $server['ldap_attr_member'] = $pconfig['ldap_attr_member']; + + if (!$pconfig['ldap_anon']) { + $server['ldap_binddn'] = $pconfig['ldap_binddn']; + $server['ldap_bindpw'] = $pconfig['ldap_bindpw']; + } else { + unset($server['ldap_binddn']); + unset($server['ldap_bindpw']); + } + } + + if ($server['type'] == "radius") { + + $server['host'] = $pconfig['radius_host']; + + if ($pconfig['radius_secret']) + $server['radius_secret'] = $pconfig['radius_secret']; + + if ($pconfig['radius_srvcs'] == "both") { + $server['radius_auth_port'] = $pconfig['radius_auth_port']; + $server['radius_acct_port'] = $pconfig['radius_acct_port']; + } + + if ($pconfig['radius_srvcs'] == "auth") { + $server['radius_auth_port'] = $pconfig['radius_auth_port']; + unset($server['radius_acct_port']); + } + + if ($pconfig['radius_srvcs'] == "acct") { + $server['radius_acct_port'] = $pconfig['radius_acct_port']; + unset($server['radius_auth_port']); + } + } + + if (isset($id) && $a_server[$id]) + $a_server[$id] = $server; + else + $a_server[] = $server; + + write_config(); + + pfSenseHeader("system_authservers.php"); + } +} + +include("head.inc"); +?> + +<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> +<?php include("fbegin.inc"); ?> +<script type="text/javascript"> +<!-- + +function server_typechange(type) { + + if (!type) { + index = document.iform.type.selectedIndex; + type = document.iform.type.options[index].value; + } + + switch (type) { + case "ldap": + document.getElementById("ldap").style.display=""; + document.getElementById("radius").style.display="none"; + break; + case "radius": + document.getElementById("ldap").style.display="none"; + document.getElementById("radius").style.display=""; + break; + } +} + +function ldap_urlchange() { + switch (document.iform.ldap_urltype.selectedIndex) { +<?php + $index = 0; + foreach ($ldap_urltypes as $urltype => $urlport): +?> + case <?=$index;?>: + document.iform.ldap_port.value = "<?=$urlport;?>"; + break; +<?php + $index++; + endforeach; +?> + } +} + +function ldap_bindchange() { + + if (document.iform.ldap_anon.checked) + document.getElementById("ldap_bind").style.display="none"; + else + document.getElementById("ldap_bind").style.display=""; +} + +function ldap_tmplchange(){ + switch (document.iform.ldap_tmpltype.selectedIndex) { +<?php + $index = 0; + foreach ($ldap_templates as $tmpldata): +?> + case <?=$index;?>: + document.iform.ldap_attr_user.value = "<?=$tmpldata['attr_user'];?>"; + document.iform.ldap_attr_group.value = "<?=$tmpldata['attr_group'];?>"; + document.iform.ldap_attr_member.value = "<?=$tmpldata['attr_member'];?>"; + break; +<?php + $index++; + endforeach; +?> + } +} + +function radius_srvcschange(){ + switch (document.iform.radius_srvcs.selectedIndex) { + case 0: // both + document.getElementById("radius_auth").style.display=""; + document.getElementById("radius_acct").style.display=""; + break; + case 1: // authentication + document.getElementById("radius_auth").style.display=""; + document.getElementById("radius_acct").style.display="none"; + break; + case 2: // accounting + document.getElementById("radius_auth").style.display="none"; + document.getElementById("radius_acct").style.display=""; + break; + } +} + +//--> +</script> +<?php + if ($input_errors) + print_input_errors($input_errors); + if ($savemsg) + print_info_box($savemsg); +?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tabnavtbl"> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Users"), false, "system_usermanager.php"); + $tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php"); + $tab_array[] = array(gettext("Servers"), true, "system_authservers.php"); + $tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php"); + display_top_tabs($tab_array); + ?> + </td> + </tr> + <tr> + <td class="tabcont"> + + <?php if ($act == "new" || $act == "edit" || $input_errors): ?> + + <form action="system_authservers.php" method="post" name="iform" id="iform"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td> + <td width="78%" class="vtable"> + <input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Type");?></td> + <td width="78%" class="vtable"> + <?php if (!isset($id)): ?> + <select name='type' id='type' class="formselect" onchange='server_typechange()'> + <?php + foreach ($auth_server_types as $typename => $typedesc ): + $selected = ""; + if ($pconfig['type'] == $typename) + $selected = "selected"; + ?> + <option value="<?=$typename;?>" <?=$selected;?>><?=$typedesc;?></option> + <?php endforeach; ?> + </select> + <?php else: ?> + <strong><?=$auth_server_types[$pconfig['type']];?></strong> + <input name='type' type='hidden' id='type' value="<?=htmlspecialchars($pconfig['type']);?>"/> + <?php endif; ?> + </td> + </tr> + </table> + + <table width="100%" border="0" cellpadding="6" cellspacing="0" id="ldap"> + <tr> + <td colspan="2" class="list" height="12"></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">LDAP Server Settings</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP address");?></td> + <td width="78%" class="vtable"> + <input name="ldap_host" type="text" class="formfld unknown" id="ldap_host" size="20" value="<?=htmlspecialchars($pconfig['ldap_host']);?>"/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Port value");?></td> + <td width="78%" class="vtable"> + <input name="ldap_port" type="text" class="formfld unknown" id="ldap_port" size="5" value="<?=htmlspecialchars($pconfig['ldap_port']);?>"/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Transport");?></td> + <td width="78%" class="vtable"> + <select name='ldap_urltype' id='ldap_urltype' class="formselect" onchange='ldap_urlchange()'> + <?php + foreach ($ldap_urltypes as $urltype => $urlport): + $selected = ""; + if ($pconfig['ldap_urltype'] == $urltype) + $selected = "selected"; + ?> + <option value="<?=$urltype;?>" <?=$selected;?>><?=$urltype;?></option> + <?php endforeach; ?> + </select> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol version");?></td> + <td width="78%" class="vtable"> + <select name='ldap_protver' id='ldap_protver' class="formselect"> + <?php + foreach ($ldap_protvers as $version): + $selected = ""; + if ($pconfig['ldap_protver'] == $version) + $selected = "selected"; + ?> + <option value="<?=$version;?>" <?=$selected;?>><?=$version;?></option> + <?php endforeach; ?> + </select> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Search scope");?></td> + <td width="78%" class="vtable"> + <table border="0" cellspacing="0" cellpadding="2"> + <tr> + <td>Level: </td> + <td> + <select name='ldap_scope' id='ldap_scope' class="formselect"> + <?php + foreach ($ldap_scopes as $scopename => $scopedesc): + $selected = ""; + if ($pconfig['ldap_scope'] == $scopename) + $selected = "selected"; + ?> + <option value="<?=$scopename;?>" <?=$selected;?>><?=$scopedesc;?></option> + <?php endforeach; ?> + </select> + </td> + </tr> + <tr> + <td>Base DN: </td> + <td> + <input name="ldap_basedn" type="text" class="formfld unknown" id="ldap_basedn" size="40" value="<?=htmlspecialchars($pconfig['ldap_basedn']);?>"/> + </td> + </tr> + </table> + + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Bind credentials");?></td> + <td width="78%" class="vtable"> + <table border="0" cellspacing="0" cellpadding="2"> + <tr> + <td> + <input name="ldap_anon" type="checkbox" id="ldap_anon" value="yes" <?php if ($pconfig['ldap_anon']) echo "checked"; ?> onClick="ldap_bindchange()"> + </td> + <td> + Use anonymous binds to resolve distinguished names + </td> + </tr> + </table> + <table border="0" cellspacing="0" cellpadding="2" id="ldap_bind"> + <tr> + <td colspan="2"></td> + </tr> + <tr> + <td>User DN: </td> + <td> + <input name="ldap_binddn" type="text" class="formfld unknown" id="ldap_binddn" size="40" value="<?=htmlspecialchars($pconfig['ldap_binddn']);?>"/><br/> + </td> + </tr> + <tr> + <td>Password: </td> + <td> + <input name="ldap_bindpw" type="password" class="formfld pwd" id="ldap_bindpw" size="20" value="<?=htmlspecialchars($pconfig['ldap_bindpw']);?>"/><br/> + </td> + </tr> + </table> + </td> + </tr> + <?php if (!isset($id)): ?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Initial Template");?></td> + <td width="78%" class="vtable"> + <select name='ldap_tmpltype' id='ldap_tmpltype' class="formselect" onchange='ldap_tmplchange()'> + <?php + foreach ($ldap_templates as $tmplname => $tmpldata): + $selected = ""; + if ($pconfig['ldap_template'] == $tmplname) + $selected = "selected"; + ?> + <option value="<?=$tmplname;?>" <?=$selected;?>><?=$tmpldata['desc'];?></option> + <?php endforeach; ?> + </select> + </td> + </tr> + <?php endif; ?> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("User naming attribute");?></td> + <td width="78%" class="vtable"> + <input name="ldap_attr_user" type="text" class="formfld unknown" id="ldap_attr_user" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_user']);?>"/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Group naming attribute");?></td> + <td width="78%" class="vtable"> + <input name="ldap_attr_group" type="text" class="formfld unknown" id="ldap_attr_group" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_group']);?>"/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Group member attribute");?></td> + <td width="78%" class="vtable"> + <input name="ldap_attr_member" type="text" class="formfld unknown" id="ldap_attr_member" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_member']);?>"/> + </td> + </tr> + </table> + + <table width="100%" border="0" cellpadding="6" cellspacing="0" id="radius"> + <tr> + <td colspan="2" class="list" height="12"></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic">Radius Server Settings</td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP address");?></td> + <td width="78%" class="vtable"> + <input name="radius_host" type="text" class="formfld unknown" id="radius_host" size="20" value="<?=htmlspecialchars($pconfig['radius_host']);?>"/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Secret");?></td> + <td width="78%" class="vtable"> + <input name="radius_secret" type="password" class="formfld pwd" id="radius_secret" size="20" value="<?=htmlspecialchars($pconfig['radius_secret']);?>"/> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Services offered");?></td> + <td width="78%" class="vtable"> + <select name='radius_srvcs' id='radius_srvcs' class="formselect" onchange='radius_srvcschange()'> + <?php + foreach ($radius_srvcs as $srvcname => $srvcdesc): + $selected = ""; + if ($pconfig['radius_srvcs'] == $srvcname) + $selected = "selected"; + ?> + <option value="<?=$srvcname;?>" <?=$selected;?>><?=$srvcdesc;?></option> + <?php endforeach; ?> + </select> + </td> + </tr> + <tr id="radius_auth"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication port value");?></td> + <td width="78%" class="vtable"> + <input name="radius_auth_port" type="text" class="formfld unknown" id="radius_auth_port" size="5" value="<?=htmlspecialchars($pconfig['radius_auth_port']);?>"/> + </td> + </tr> + <tr id="radius_acct"> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Accounting port value");?></td> + <td width="78%" class="vtable"> + <input name="radius_acct_port" type="text" class="formfld unknown" id="radius_acct_port" size="5" value="<?=htmlspecialchars($pconfig['radius_acct_port']);?>"/> + </td> + </tr> + </table> + + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input id="submit" name="save" type="submit" class="formbtn" value="Save" /> + <?php if (isset($id) && $a_server[$id]): ?> + <input name="id" type="hidden" value="<?=$id;?>" /> + <?php endif;?> + </td> + </tr> + </table> + </form> + + <?php else: ?> + + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td width="25%" class="listhdrr">Server Name</td> + <td width="25%" class="listhdrr">Type</td> + <td width="35%" class="listhdrr">Host Name</td> + <td width="10%" class="list"></td> + </tr> + <?php + $i = 0; + foreach($a_server as $server): + $name = htmlspecialchars($server['name']); + $type = htmlspecialchars($auth_server_types[$server['type']]); + $host = htmlspecialchars($server['host']); + ?> + <tr ondblclick="document.location='system_authservers.php?act=edit&id=<?=$i;?>'"> + <td class="listlr"><?=$name?> </td> + <td class="listr"><?=$type;?> </td> + <td class="listr"><?=$host;?> </td> + <td valign="middle" nowrap class="list"> + <a href="system_authservers.php?act=edit&id=<?=$i;?>"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="edit server" alt="edit server" width="17" height="17" border="0" /> + </a> + + <a href="system_authservers.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Server?");?>')"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="delete server" alt="delete server" width="17" height="17" border="0" /> + </a> + </td> + </tr> + <?php + $i++; + endforeach; + ?> + <tr> + <td class="list" colspan="3"></td> + <td class="list"> + <a href="system_authservers.php?act=new"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="add server" alt="add server" width="17" height="17" border="0" /> + </a> + </td> + </tr> + <tr> + <td colspan="3"> + <p> + <?=gettext("Additional authentication servers can be added here.");?> + </p> + </td> + </tr> + </table> + + <?php endif; ?> + + </td> + </tr> +</table> +<?php include("fend.inc");?> +<script type="text/javascript"> +<!-- +server_typechange('<?=$pconfig['type'];?>'); +<?php if (!isset($id) || $pconfig['type'] == "ldap"): ?> +ldap_bindchange(); +ldap_urlchange(); +ldap_tmplchange(); +<? endif; ?> +<?php if (!isset($id) || $pconfig['type'] == "radius"): ?> +radius_srvcschange(); +<? endif; ?> +//--> +</script> + +</body> diff --git a/usr/local/www/system_groupmanager.php b/usr/local/www/system_groupmanager.php index d2ab78e..5e0bd28 100644 --- a/usr/local/www/system_groupmanager.php +++ b/usr/local/www/system_groupmanager.php @@ -225,6 +225,7 @@ function presubmit() { $tab_array = array(); $tab_array[] = array(gettext("Users"), false, "system_usermanager.php"); $tab_array[] = array(gettext("Groups"), true, "system_groupmanager.php"); + $tab_array[] = array(gettext("Servers"), false, "system_authservers.php"); $tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php"); display_top_tabs($tab_array); ?> @@ -457,12 +458,13 @@ function presubmit() { </td> </tr> <tr> - <td colspan="4"> - Additional webGui admin groups can be added here. - Each group can be restricted to specific portions of the webGUI. - Individually select the desired web pages each group may access. - For example, a troubleshooting group could be created which has - access only to selected Status and Diagnostics pages. + <td colspan="3"> + <p> + <?=gettext("Additional webConfigurator groups can be added here.");?> + <?=gettext("Group permissions can be assinged which will be inherited by users.");?> + <?=gettext("An icon that appears grey indicates that it is a system defined object.");?> + <?=gettext("Some system object properties can be modified but they cannot be deleted.");?> + </p> </td> </tr> </table> diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 0b8f76e..74d5b2a 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -262,6 +262,7 @@ function presubmit() { $tab_array = array(); $tab_array[] = array(gettext("Users"), true, "system_usermanager.php"); $tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php"); + $tab_array[] = array(gettext("Servers"), false, "system_authservers.php"); $tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php"); display_top_tabs($tab_array); ?> @@ -521,10 +522,10 @@ function presubmit() { <tr> <td colspan="3"> <p> - <?=gettext("Additional webConfigurator users can be added here. User permissions are determined by the admin group they are a member of.");?> - </p> - <p> - <?=gettext("An user icon that appears grey indicates that it is a system user and thus it's only possible to modified a subset of the regular user data. Additionally such an user can't be deleted.");?> + <?=gettext("Additional webConfigurator users can be added here.");?> + <?=gettext("User permissions can be assinged diretly or inherited from group memberships.");?> + <?=gettext("An icon that appears grey indicates that it is a system defined object.");?> + <?=gettext("Some system object properties can be modified but they cannot be deleted.");?> </p> </td> </tr> diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index 90e6598..815bf00 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -220,6 +220,7 @@ include("head.inc"); $tab_array = array();
$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
+ $tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
$tab_array[] = array(gettext("Settings"), true, "system_usermanager_settings.php");
display_top_tabs($tab_array);
|