summaryrefslogtreecommitdiffstats
path: root/usr/local/www
diff options
context:
space:
mode:
authorMatthew Grooms <mgrooms@pfsense.org>2008-08-05 04:16:50 +0000
committerMatthew Grooms <mgrooms@pfsense.org>2008-08-05 04:16:50 +0000
commitfbf672cbe9c241459579a83be00df9f20dd47dc0 (patch)
treeb514601f39bbaabe8f7b98ea843dea1017d76419 /usr/local/www
parent10fe861c87b3b6857ab9d0858a9f292e49ac3c05 (diff)
downloadpfsense-fbf672cbe9c241459579a83be00df9f20dd47dc0.zip
pfsense-fbf672cbe9c241459579a83be00df9f20dd47dc0.tar.gz
Add an interface to manage external authentication servers. The two types
supported currently are LDAP and Radius.
Diffstat (limited to 'usr/local/www')
-rwxr-xr-xusr/local/www/guiconfig.inc44
-rw-r--r--usr/local/www/system_authservers.php667
-rw-r--r--usr/local/www/system_groupmanager.php14
-rw-r--r--usr/local/www/system_usermanager.php9
-rwxr-xr-xusr/local/www/system_usermanager_settings.php1
5 files changed, 724 insertions, 11 deletions
diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc
index bba46ce..50fcd54 100755
--- a/usr/local/www/guiconfig.inc
+++ b/usr/local/www/guiconfig.inc
@@ -100,8 +100,50 @@ if (file_exists($d_firmwarelock_path)) {
}
}
+$auth_server_types = array(
+ 'ldap' => "LDAP",
+ 'radius' => "Radius");
+
+$ldap_urltypes = array(
+ 'TCP - Standard' => 389,
+ 'SSL - Encrypted' => 636);
+
+$ldap_scopes = array(
+ 'one' => "One Level",
+ 'subtree' => "Entire Subtree");
+
+$ldap_protvers = array(
+ 2,
+ 3);
+
+$ldap_templates = array(
+
+ 'open' => array(
+ 'desc' => "OpenLDAP",
+ 'attr_user' => "cn",
+ 'attr_group' => "cn",
+ 'attr_member' => "member"),
+
+ 'msad' => array(
+ 'desc' => "Microsoft AD",
+ 'attr_user' => "samAccountNAme",
+ 'attr_group' => "cn",
+ 'attr_member' => "member"),
+
+ 'edir' => array(
+ 'desc' => "Novell eDirectory",
+ 'attr_user' => "cn",
+ 'attr_group' => "cn",
+ 'attr_member' => "uniqueMember"));
+
+$radius_srvcs = array(
+ 'both' => "Authentication and Accounting",
+ 'auth' => "Authentication",
+ 'acct' => "Accounting");
+
/* some well knows ports */
-$wkports = array(3389 => "MS RDP",
+$wkports = array(
+ 3389 => "MS RDP",
21 => "FTP",
22 => "SSH",
23 => "Telnet",
diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php
new file mode 100644
index 0000000..5a48b21
--- /dev/null
+++ b/usr/local/www/system_authservers.php
@@ -0,0 +1,667 @@
+<?php
+/*
+ system_authservers.php
+
+ Copyright (C) 2008 Shrew Soft Inc.
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+##|+PRIV
+##|*IDENT=page-system-authservers
+##|*NAME=System: Authentication Servers
+##|*DESCR=Allow access to the 'System: Authentication Servers' page.
+##|*MATCH=system_authservers.php*
+##|-PRIV
+
+require("guiconfig.inc");
+
+$pgtitle = array("System", "Authentication Servers");
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+
+if (!is_array($config['system']['authserver']))
+ $config['system']['authserver'] = array();
+
+$a_server =& $config['system']['authserver'];
+
+$act = $_GET['act'];
+if ($_POST['act'])
+ $act = $_POST['act'];
+
+if ($act == "del") {
+
+ if (!$a_server[$_GET['id']]) {
+ pfSenseHeader("system_authservers.php");
+ exit;
+ }
+
+ $serverdeleted = $a_server[$_GET['id']]['name'];
+ unset($a_server[$_GET['id']]);
+ write_config();
+ $savemsg = gettext("Authentication Server")." {$serverdeleted} ".
+ gettext("successfully deleted")."<br/>";
+}
+
+if ($act == "edit") {
+ if (isset($id) && $a_server[$id]) {
+
+ $pconfig['type'] = $a_server[$id]['type'];
+ $pconfig['name'] = $a_server[$id]['name'];
+
+ if ($pconfig['type'] == "ldap") {
+ $pconfig['ldap_host'] = $a_server[$id]['host'];
+ $pconfig['ldap_port'] = $a_server[$id]['ldap_port'];
+ $pconfig['ldap_urltype'] = $a_server[$id]['ldap_urltype'];
+ $pconfig['ldap_protver'] = $a_server[$id]['ldap_protver'];
+ $pconfig['ldap_scope'] = $a_server[$id]['ldap_scope'];
+ $pconfig['ldap_basedn'] = $a_server[$id]['ldap_basedn'];
+ $pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
+ $pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
+ $pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
+ $pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
+ $pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
+
+ if (!$pconfig['ldap_binddn'] || !$pconfig['ldap_bindpw'])
+ $pconfig['ldap_anon'] = true;
+ }
+
+ if ($pconfig['type'] == "radius") {
+ $pconfig['radius_host'] = $a_server[$id]['host'];
+ $pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port'];
+ $pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port'];
+
+ if ($pconfig['radius_auth_port'] &&
+ $pconfig['radius_acct_port'] ) {
+ $pconfig['radius_srvcs'] = "both";
+ }
+
+ if ( $pconfig['radius_auth_port'] &&
+ !$pconfig['radius_acct_port'] ) {
+ $pconfig['radius_srvcs'] = "auth";
+ $pconfig['radius_acct_port'] = 813;
+ }
+
+ if (!$pconfig['radius_auth_port'] &&
+ $pconfig['radius_acct_port'] ) {
+ $pconfig['radius_srvcs'] = "acct";
+ $pconfig['radius_auth_port'] = 812;
+ }
+
+ }
+ }
+}
+
+if ($act == "new") {
+ $pconfig['ldap_protver'] = 3;
+ $pconfig['ldap_anon'] = true;
+ $pconfig['radius_srvcs'] = "both";
+ $pconfig['radius_auth_port'] = "812";
+ $pconfig['radius_acct_port'] = "813";
+}
+
+if ($_POST) {
+ unset($input_errors);
+ $pconfig = $_POST;
+
+ /* input validation */
+
+ if ($pconfig['type'] == "ldap") {
+ $reqdfields = explode(" ", "name type ldap_host ldap_port ".
+ "ldap_urltype ldap_protver ldap_scope ldap_basedn ".
+ "ldap_attr_user ldap_attr_group ldap_attr_member");
+ $reqdfieldsn = explode(",", "Descriptive name,Type,Hostname or IP,".
+ "Port value,Transport,Protocol version,Search level,".
+ "Search Base DN,User naming Attribute,".
+ "Group naming Attribute,Group member attribute");
+
+ if (!$pconfig['ldap_anon']) {
+ $reqdfields[] = "ldap_binddn";
+ $reqdfields[] = "ldap_bindpw";
+ $reqdfieldsn[] = "Bind user DN";
+ $reqdfieldsn[] = "Bind Password";
+ }
+ }
+
+ if ($pconfig['type'] == "radius") {
+ $reqdfields = explode(" ", "name type radius_host radius_srvcs");
+ $reqdfieldsn = explode(",", "Descriptive name,Type,Hostname or IP,".
+ "Services");
+
+ if ($pconfig['radisu_srvcs'] == "both" ||
+ $pconfig['radisu_srvcs'] == "auth") {
+ $reqdfields[] = "radius_auth_port";
+ $reqdfieldsn[] = "Authentication port value";
+ }
+
+ if ($pconfig['radisu_srvcs'] == "both" ||
+ $pconfig['radisu_srvcs'] == "acct") {
+ $reqdfields[] = "radius_acct_port";
+ $reqdfieldsn[] = "Accounting port value";
+ }
+
+ if (!isset($id)) {
+ $reqdfields[] = "radius_secret";
+ $reqdfieldsn[] = "Shared Secret";
+ }
+ }
+
+ do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
+
+ if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host']))
+ $input_errors[] = gettext("The host name contains invalid characters.");
+
+ /* if this is an AJAX caller then handle via JSON */
+ if (isAjax() && is_array($input_errors)) {
+ input_errors2Ajax($input_errors);
+ exit;
+ }
+
+ if (!$input_errors) {
+ $server = array();
+ $server['refid'] = uniqid();
+ if (isset($id) && $a_server[$id])
+ $server = $a_server[$id];
+
+ $server['type'] = $pconfig['type'];
+ $server['name'] = $pconfig['name'];
+
+ if ($server['type'] == "ldap") {
+
+ $server['host'] = $pconfig['ldap_host'];
+ $server['ldap_port'] = $pconfig['ldap_port'];
+ $server['ldap_urltype'] = $pconfig['ldap_urltype'];
+ $server['ldap_protver'] = $pconfig['ldap_protver'];
+ $server['ldap_scope'] = $pconfig['ldap_scope'];
+ $server['ldap_basedn'] = $pconfig['ldap_basedn'];
+ $server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
+ $server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
+ $server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
+
+ if (!$pconfig['ldap_anon']) {
+ $server['ldap_binddn'] = $pconfig['ldap_binddn'];
+ $server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
+ } else {
+ unset($server['ldap_binddn']);
+ unset($server['ldap_bindpw']);
+ }
+ }
+
+ if ($server['type'] == "radius") {
+
+ $server['host'] = $pconfig['radius_host'];
+
+ if ($pconfig['radius_secret'])
+ $server['radius_secret'] = $pconfig['radius_secret'];
+
+ if ($pconfig['radius_srvcs'] == "both") {
+ $server['radius_auth_port'] = $pconfig['radius_auth_port'];
+ $server['radius_acct_port'] = $pconfig['radius_acct_port'];
+ }
+
+ if ($pconfig['radius_srvcs'] == "auth") {
+ $server['radius_auth_port'] = $pconfig['radius_auth_port'];
+ unset($server['radius_acct_port']);
+ }
+
+ if ($pconfig['radius_srvcs'] == "acct") {
+ $server['radius_acct_port'] = $pconfig['radius_acct_port'];
+ unset($server['radius_auth_port']);
+ }
+ }
+
+ if (isset($id) && $a_server[$id])
+ $a_server[$id] = $server;
+ else
+ $a_server[] = $server;
+
+ write_config();
+
+ pfSenseHeader("system_authservers.php");
+ }
+}
+
+include("head.inc");
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>">
+<?php include("fbegin.inc"); ?>
+<script type="text/javascript">
+<!--
+
+function server_typechange(type) {
+
+ if (!type) {
+ index = document.iform.type.selectedIndex;
+ type = document.iform.type.options[index].value;
+ }
+
+ switch (type) {
+ case "ldap":
+ document.getElementById("ldap").style.display="";
+ document.getElementById("radius").style.display="none";
+ break;
+ case "radius":
+ document.getElementById("ldap").style.display="none";
+ document.getElementById("radius").style.display="";
+ break;
+ }
+}
+
+function ldap_urlchange() {
+ switch (document.iform.ldap_urltype.selectedIndex) {
+<?php
+ $index = 0;
+ foreach ($ldap_urltypes as $urltype => $urlport):
+?>
+ case <?=$index;?>:
+ document.iform.ldap_port.value = "<?=$urlport;?>";
+ break;
+<?php
+ $index++;
+ endforeach;
+?>
+ }
+}
+
+function ldap_bindchange() {
+
+ if (document.iform.ldap_anon.checked)
+ document.getElementById("ldap_bind").style.display="none";
+ else
+ document.getElementById("ldap_bind").style.display="";
+}
+
+function ldap_tmplchange(){
+ switch (document.iform.ldap_tmpltype.selectedIndex) {
+<?php
+ $index = 0;
+ foreach ($ldap_templates as $tmpldata):
+?>
+ case <?=$index;?>:
+ document.iform.ldap_attr_user.value = "<?=$tmpldata['attr_user'];?>";
+ document.iform.ldap_attr_group.value = "<?=$tmpldata['attr_group'];?>";
+ document.iform.ldap_attr_member.value = "<?=$tmpldata['attr_member'];?>";
+ break;
+<?php
+ $index++;
+ endforeach;
+?>
+ }
+}
+
+function radius_srvcschange(){
+ switch (document.iform.radius_srvcs.selectedIndex) {
+ case 0: // both
+ document.getElementById("radius_auth").style.display="";
+ document.getElementById("radius_acct").style.display="";
+ break;
+ case 1: // authentication
+ document.getElementById("radius_auth").style.display="";
+ document.getElementById("radius_acct").style.display="none";
+ break;
+ case 2: // accounting
+ document.getElementById("radius_auth").style.display="none";
+ document.getElementById("radius_acct").style.display="";
+ break;
+ }
+}
+
+//-->
+</script>
+<?php
+ if ($input_errors)
+ print_input_errors($input_errors);
+ if ($savemsg)
+ print_info_box($savemsg);
+?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td class="tabnavtbl">
+ <?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
+ $tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
+ $tab_array[] = array(gettext("Servers"), true, "system_authservers.php");
+ $tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
+ display_top_tabs($tab_array);
+ ?>
+ </td>
+ </tr>
+ <tr>
+ <td class="tabcont">
+
+ <?php if ($act == "new" || $act == "edit" || $input_errors): ?>
+
+ <form action="system_authservers.php" method="post" name="iform" id="iform">
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td>
+ <td width="78%" class="vtable">
+ <input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>"/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Type");?></td>
+ <td width="78%" class="vtable">
+ <?php if (!isset($id)): ?>
+ <select name='type' id='type' class="formselect" onchange='server_typechange()'>
+ <?php
+ foreach ($auth_server_types as $typename => $typedesc ):
+ $selected = "";
+ if ($pconfig['type'] == $typename)
+ $selected = "selected";
+ ?>
+ <option value="<?=$typename;?>" <?=$selected;?>><?=$typedesc;?></option>
+ <?php endforeach; ?>
+ </select>
+ <?php else: ?>
+ <strong><?=$auth_server_types[$pconfig['type']];?></strong>
+ <input name='type' type='hidden' id='type' value="<?=htmlspecialchars($pconfig['type']);?>"/>
+ <?php endif; ?>
+ </td>
+ </tr>
+ </table>
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0" id="ldap">
+ <tr>
+ <td colspan="2" class="list" height="12"></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">LDAP Server Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP address");?></td>
+ <td width="78%" class="vtable">
+ <input name="ldap_host" type="text" class="formfld unknown" id="ldap_host" size="20" value="<?=htmlspecialchars($pconfig['ldap_host']);?>"/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Port value");?></td>
+ <td width="78%" class="vtable">
+ <input name="ldap_port" type="text" class="formfld unknown" id="ldap_port" size="5" value="<?=htmlspecialchars($pconfig['ldap_port']);?>"/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Transport");?></td>
+ <td width="78%" class="vtable">
+ <select name='ldap_urltype' id='ldap_urltype' class="formselect" onchange='ldap_urlchange()'>
+ <?php
+ foreach ($ldap_urltypes as $urltype => $urlport):
+ $selected = "";
+ if ($pconfig['ldap_urltype'] == $urltype)
+ $selected = "selected";
+ ?>
+ <option value="<?=$urltype;?>" <?=$selected;?>><?=$urltype;?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Protocol version");?></td>
+ <td width="78%" class="vtable">
+ <select name='ldap_protver' id='ldap_protver' class="formselect">
+ <?php
+ foreach ($ldap_protvers as $version):
+ $selected = "";
+ if ($pconfig['ldap_protver'] == $version)
+ $selected = "selected";
+ ?>
+ <option value="<?=$version;?>" <?=$selected;?>><?=$version;?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Search scope");?></td>
+ <td width="78%" class="vtable">
+ <table border="0" cellspacing="0" cellpadding="2">
+ <tr>
+ <td>Level: &nbsp;</td>
+ <td>
+ <select name='ldap_scope' id='ldap_scope' class="formselect">
+ <?php
+ foreach ($ldap_scopes as $scopename => $scopedesc):
+ $selected = "";
+ if ($pconfig['ldap_scope'] == $scopename)
+ $selected = "selected";
+ ?>
+ <option value="<?=$scopename;?>" <?=$selected;?>><?=$scopedesc;?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ </tr>
+ <tr>
+ <td>Base DN: &nbsp;</td>
+ <td>
+ <input name="ldap_basedn" type="text" class="formfld unknown" id="ldap_basedn" size="40" value="<?=htmlspecialchars($pconfig['ldap_basedn']);?>"/>
+ </td>
+ </tr>
+ </table>
+
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?=gettext("Bind credentials");?></td>
+ <td width="78%" class="vtable">
+ <table border="0" cellspacing="0" cellpadding="2">
+ <tr>
+ <td>
+ <input name="ldap_anon" type="checkbox" id="ldap_anon" value="yes" <?php if ($pconfig['ldap_anon']) echo "checked"; ?> onClick="ldap_bindchange()">
+ </td>
+ <td>
+ Use anonymous binds to resolve distinguished names
+ </td>
+ </tr>
+ </table>
+ <table border="0" cellspacing="0" cellpadding="2" id="ldap_bind">
+ <tr>
+ <td colspan="2"></td>
+ </tr>
+ <tr>
+ <td>User DN: &nbsp;</td>
+ <td>
+ <input name="ldap_binddn" type="text" class="formfld unknown" id="ldap_binddn" size="40" value="<?=htmlspecialchars($pconfig['ldap_binddn']);?>"/><br/>
+ </td>
+ </tr>
+ <tr>
+ <td>Password: &nbsp;</td>
+ <td>
+ <input name="ldap_bindpw" type="password" class="formfld pwd" id="ldap_bindpw" size="20" value="<?=htmlspecialchars($pconfig['ldap_bindpw']);?>"/><br/>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <?php if (!isset($id)): ?>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?=gettext("Initial Template");?></td>
+ <td width="78%" class="vtable">
+ <select name='ldap_tmpltype' id='ldap_tmpltype' class="formselect" onchange='ldap_tmplchange()'>
+ <?php
+ foreach ($ldap_templates as $tmplname => $tmpldata):
+ $selected = "";
+ if ($pconfig['ldap_template'] == $tmplname)
+ $selected = "selected";
+ ?>
+ <option value="<?=$tmplname;?>" <?=$selected;?>><?=$tmpldata['desc'];?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ </tr>
+ <?php endif; ?>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?=gettext("User naming attribute");?></td>
+ <td width="78%" class="vtable">
+ <input name="ldap_attr_user" type="text" class="formfld unknown" id="ldap_attr_user" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_user']);?>"/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?=gettext("Group naming attribute");?></td>
+ <td width="78%" class="vtable">
+ <input name="ldap_attr_group" type="text" class="formfld unknown" id="ldap_attr_group" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_group']);?>"/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?=gettext("Group member attribute");?></td>
+ <td width="78%" class="vtable">
+ <input name="ldap_attr_member" type="text" class="formfld unknown" id="ldap_attr_member" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_member']);?>"/>
+ </td>
+ </tr>
+ </table>
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0" id="radius">
+ <tr>
+ <td colspan="2" class="list" height="12"></td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic">Radius Server Settings</td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Hostname or IP address");?></td>
+ <td width="78%" class="vtable">
+ <input name="radius_host" type="text" class="formfld unknown" id="radius_host" size="20" value="<?=htmlspecialchars($pconfig['radius_host']);?>"/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Shared Secret");?></td>
+ <td width="78%" class="vtable">
+ <input name="radius_secret" type="password" class="formfld pwd" id="radius_secret" size="20" value="<?=htmlspecialchars($pconfig['radius_secret']);?>"/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Services offered");?></td>
+ <td width="78%" class="vtable">
+ <select name='radius_srvcs' id='radius_srvcs' class="formselect" onchange='radius_srvcschange()'>
+ <?php
+ foreach ($radius_srvcs as $srvcname => $srvcdesc):
+ $selected = "";
+ if ($pconfig['radius_srvcs'] == $srvcname)
+ $selected = "selected";
+ ?>
+ <option value="<?=$srvcname;?>" <?=$selected;?>><?=$srvcdesc;?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ </tr>
+ <tr id="radius_auth">
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication port value");?></td>
+ <td width="78%" class="vtable">
+ <input name="radius_auth_port" type="text" class="formfld unknown" id="radius_auth_port" size="5" value="<?=htmlspecialchars($pconfig['radius_auth_port']);?>"/>
+ </td>
+ </tr>
+ <tr id="radius_acct">
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Accounting port value");?></td>
+ <td width="78%" class="vtable">
+ <input name="radius_acct_port" type="text" class="formfld unknown" id="radius_acct_port" size="5" value="<?=htmlspecialchars($pconfig['radius_acct_port']);?>"/>
+ </td>
+ </tr>
+ </table>
+
+ <table width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input id="submit" name="save" type="submit" class="formbtn" value="Save" />
+ <?php if (isset($id) && $a_server[$id]): ?>
+ <input name="id" type="hidden" value="<?=$id;?>" />
+ <?php endif;?>
+ </td>
+ </tr>
+ </table>
+ </form>
+
+ <?php else: ?>
+
+ <table width="100%" border="0" cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="25%" class="listhdrr">Server Name</td>
+ <td width="25%" class="listhdrr">Type</td>
+ <td width="35%" class="listhdrr">Host Name</td>
+ <td width="10%" class="list"></td>
+ </tr>
+ <?php
+ $i = 0;
+ foreach($a_server as $server):
+ $name = htmlspecialchars($server['name']);
+ $type = htmlspecialchars($auth_server_types[$server['type']]);
+ $host = htmlspecialchars($server['host']);
+ ?>
+ <tr ondblclick="document.location='system_authservers.php?act=edit&id=<?=$i;?>'">
+ <td class="listlr"><?=$name?>&nbsp;</td>
+ <td class="listr"><?=$type;?>&nbsp;</td>
+ <td class="listr"><?=$host;?>&nbsp;</td>
+ <td valign="middle" nowrap class="list">
+ <a href="system_authservers.php?act=edit&id=<?=$i;?>">
+ <img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="edit server" alt="edit server" width="17" height="17" border="0" />
+ </a>
+ &nbsp;
+ <a href="system_authservers.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Server?");?>')">
+ <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="delete server" alt="delete server" width="17" height="17" border="0" />
+ </a>
+ </td>
+ </tr>
+ <?php
+ $i++;
+ endforeach;
+ ?>
+ <tr>
+ <td class="list" colspan="3"></td>
+ <td class="list">
+ <a href="system_authservers.php?act=new">
+ <img src="/themes/<?= $g['theme'];?>/images/icons/icon_plus.gif" title="add server" alt="add server" width="17" height="17" border="0" />
+ </a>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="3">
+ <p>
+ <?=gettext("Additional authentication servers can be added here.");?>
+ </p>
+ </td>
+ </tr>
+ </table>
+
+ <?php endif; ?>
+
+ </td>
+ </tr>
+</table>
+<?php include("fend.inc");?>
+<script type="text/javascript">
+<!--
+server_typechange('<?=$pconfig['type'];?>');
+<?php if (!isset($id) || $pconfig['type'] == "ldap"): ?>
+ldap_bindchange();
+ldap_urlchange();
+ldap_tmplchange();
+<? endif; ?>
+<?php if (!isset($id) || $pconfig['type'] == "radius"): ?>
+radius_srvcschange();
+<? endif; ?>
+//-->
+</script>
+
+</body>
diff --git a/usr/local/www/system_groupmanager.php b/usr/local/www/system_groupmanager.php
index d2ab78e..5e0bd28 100644
--- a/usr/local/www/system_groupmanager.php
+++ b/usr/local/www/system_groupmanager.php
@@ -225,6 +225,7 @@ function presubmit() {
$tab_array = array();
$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
$tab_array[] = array(gettext("Groups"), true, "system_groupmanager.php");
+ $tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
display_top_tabs($tab_array);
?>
@@ -457,12 +458,13 @@ function presubmit() {
</td>
</tr>
<tr>
- <td colspan="4">
- Additional webGui admin groups can be added here.
- Each group can be restricted to specific portions of the webGUI.
- Individually select the desired web pages each group may access.
- For example, a troubleshooting group could be created which has
- access only to selected Status and Diagnostics pages.
+ <td colspan="3">
+ <p>
+ <?=gettext("Additional webConfigurator groups can be added here.");?>
+ <?=gettext("Group permissions can be assinged which will be inherited by users.");?>
+ <?=gettext("An icon that appears grey indicates that it is a system defined object.");?>
+ <?=gettext("Some system object properties can be modified but they cannot be deleted.");?>
+ </p>
</td>
</tr>
</table>
diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php
index 0b8f76e..74d5b2a 100644
--- a/usr/local/www/system_usermanager.php
+++ b/usr/local/www/system_usermanager.php
@@ -262,6 +262,7 @@ function presubmit() {
$tab_array = array();
$tab_array[] = array(gettext("Users"), true, "system_usermanager.php");
$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
+ $tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php");
display_top_tabs($tab_array);
?>
@@ -521,10 +522,10 @@ function presubmit() {
<tr>
<td colspan="3">
<p>
- <?=gettext("Additional webConfigurator users can be added here. User permissions are determined by the admin group they are a member of.");?>
- </p>
- <p>
- <?=gettext("An user icon that appears grey indicates that it is a system user and thus it's only possible to modified a subset of the regular user data. Additionally such an user can't be deleted.");?>
+ <?=gettext("Additional webConfigurator users can be added here.");?>
+ <?=gettext("User permissions can be assinged diretly or inherited from group memberships.");?>
+ <?=gettext("An icon that appears grey indicates that it is a system defined object.");?>
+ <?=gettext("Some system object properties can be modified but they cannot be deleted.");?>
</p>
</td>
</tr>
diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php
index 90e6598..815bf00 100755
--- a/usr/local/www/system_usermanager_settings.php
+++ b/usr/local/www/system_usermanager_settings.php
@@ -220,6 +220,7 @@ include("head.inc");
$tab_array = array();
$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
+ $tab_array[] = array(gettext("Servers"), false, "system_authservers.php");
$tab_array[] = array(gettext("Settings"), true, "system_usermanager_settings.php");
display_top_tabs($tab_array);
OpenPOWER on IntegriCloud