Cleanup authentication code. The basic auth method, the passwd, htpasswd

and pam backing functions have been removed. The basic auth method was legacy code and the backing functions were redundant with no added value that I could see. A simplified replacement backing function named local_backed has been added that authenticates to the local configuration info which should be identical to system pwdb credentials. Since the htpassword file is no longer required, sync_webgui_passwords and its wrapper function system_password_configure have been removed. The local account management functions were renamed for consistency. A few minor bugs related to setting local passwords have also been corrected.
author: Matthew Grooms <mgrooms@pfsense.org> 2008-08-03 17:54:35 +0000
committer: Matthew Grooms <mgrooms@pfsense.org> 2008-08-03 17:54:35 +0000
commit: 659fa7f23bb28d316ec6c99a538ee74bc7ffc0a3 (patch)
tree: 31ce9604a21b27b3f88c50332251ea570136c817 /usr/local
parent: 5064cec7670cffa8efa3d7276ebf13c2c9d5e23c (diff)
download: pfsense-659fa7f23bb28d316ec6c99a538ee74bc7ffc0a3.zip
pfsense-659fa7f23bb28d316ec6c99a538ee74bc7ffc0a3.tar.gz
8 files changed, 18 insertions, 41 deletions
diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php
index 359d575..20d2dde 100755
--- a/usr/local/www/pkg_mgr_install.php
+++ b/usr/local/www/pkg_mgr_install.php
@@ -119,9 +119,6 @@ ob_flush();
 /* mount rw fs */
 conf_mount_rw();
 
-/* resync password database to avoid out of sync issues */
-sync_webgui_passwords();
-
 switch($_GET['mode']) {
 	case "delete":
             $id = get_pkg_id($_GET['pkg']);
diff --git a/usr/local/www/system.php b/usr/local/www/system.php
index b04e9ce..8abaf4d 100755
--- a/usr/local/www/system.php
+++ b/usr/local/www/system.php
@@ -117,9 +117,6 @@ if ($_POST) {
 			($_POST['webguiport'] < 1) || ($_POST['webguiport'] > 65535))) {
 		$input_errors[] = "A valid TCP/IP port must be specified for the webConfigurator port.";
 	}
-	if (($_POST['password']) && ($_POST['password'] != $_POST['password2'])) {
-		$input_errors[] = "The passwords do not match.";
-	}
 
 	$t = (int)$_POST['timeupdateinterval'];
 	if (($t < 0) || (($t > 0) && ($t < 6)) || ($t > 1440)) {
@@ -163,12 +160,6 @@ if ($_POST) {
 		unset($config['system']['dnsallowoverride']);
 		$config['system']['dnsallowoverride'] = $_POST['dnsallowoverride'] ? true : false;
 
-		if ($_POST['password']) {
-			$config['system']['password'] = crypt($_POST['password']);
-			update_changedesc("password changed via webConfigurator");
-			sync_webgui_passwords();
-		}
-
 		/* which interface should the dns servers resolve through? */
 		if($_POST['dns1gwint']) 
 			$config['system']['dns1gwint'] = $pconfig['dns1gwint'];
@@ -205,7 +196,6 @@ if ($_POST) {
 		$retval = system_hostname_configure();
 		$retval |= system_hosts_generate();
 		$retval |= system_resolvconf_generate();
-		$retval |= system_password_configure();
 		$retval |= services_dnsmasq_configure();
 		$retval |= system_timezone_configure();
 		$retval |= system_ntp_configure();
diff --git a/usr/local/www/system_groupmanager.php b/usr/local/www/system_groupmanager.php
index e79a77f..d2ab78e 100644
--- a/usr/local/www/system_groupmanager.php
+++ b/usr/local/www/system_groupmanager.php
@@ -63,7 +63,7 @@ if ($_GET['act'] == "delgroup") {
 		exit;
 	}
 
-	del_local_group($a_group[$_GET['id']]);
+	local_group_del($a_group[$_GET['id']]);
 	$groupdeleted = $a_group[$_GET['id']]['name'];
 	unset($a_group[$_GET['id']]);
 	write_config();
@@ -84,7 +84,7 @@ if ($_GET['act'] == "delpriv") {
 	foreach ($a_group[$id]['member'] as $uid) {
 		$user = getUserEntryByUID($uid);
 		if ($user)
-			set_local_user($user);
+			local_user_set($user);
 	}
 
 	write_config();
@@ -146,7 +146,7 @@ if ($_POST) {
 			$a_group[] = $group;
 		}
 
-		set_local_group($group);
+		local_group_set($group);
 		write_config();
 		
 		header("Location: system_groupmanager.php");
diff --git a/usr/local/www/system_groupmanager_addprivs.php b/usr/local/www/system_groupmanager_addprivs.php
index 6c808be..a449b2d 100644
--- a/usr/local/www/system_groupmanager_addprivs.php
+++ b/usr/local/www/system_groupmanager_addprivs.php
@@ -85,7 +85,7 @@ if ($_POST) {
 		foreach ($a_group['member'] as $uid) {
 			$user = getUserEntryByUID($uid);
 			if ($user)
-				set_local_user($user);
+				local_user_set($user);
 		}
 
 		$retval = write_config();
diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php
index 791fae6..0b8f76e 100644
--- a/usr/local/www/system_usermanager.php
+++ b/usr/local/www/system_usermanager.php
@@ -67,11 +67,10 @@ if (isAllowedPage("system_usermanager")) {
 			exit;
 		}
 
-		del_local_user($a_user[$_GET['id']]);
+		local_user_del($a_user[$_GET['id']]);
 		$userdeleted = $a_user[$_GET['id']]['name'];
 		unset($a_user[$_GET['id']]);
 		write_config();
-		$retval = system_password_configure();
 		$savemsg = gettext("User")." {$userdeleted} ".
 					gettext("successfully deleted")."<br/>";
 	}
@@ -96,7 +95,7 @@ if (isAllowedPage("system_usermanager")) {
 		if (isset($id) && $a_user[$id]) {
 			$pconfig['usernamefld'] = $a_user[$id]['name'];
 			$pconfig['fullname'] = $a_user[$id]['fullname'];
-			$pconfig['groups'] = get_local_user_groups($a_user[$id]);
+			$pconfig['groups'] = local_user_get_groups($a_user[$id]);
 			$pconfig['utype'] = $a_user[$id]['scope'];
 			$pconfig['uid'] = $a_user[$id]['uid'];
 			$pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
@@ -163,10 +162,14 @@ if (isAllowedPage("system_usermanager")) {
 			if (isset($id) && $a_user[$id])
 				$userent = $a_user[$id];
 
-			/* the user did change his username */
+			/* the user name was modified */
 			if ($_POST['usernamefld'] <> $_POST['oldusername'])
 				$_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
 
+			/* the user password was mofified */
+			if ($_POST['passwordfld1'])
+				local_user_set_password($userent, $_POST['passwordfld1']);
+
 			$userent['name'] = $_POST['usernamefld'];
 			$userent['fullname'] = $_POST['fullname'];
 
@@ -182,10 +185,9 @@ if (isAllowedPage("system_usermanager")) {
 				$a_user[] = $userent;
 			}
 
-			set_local_user($userent, $_POST['passwordfld1']);
-			set_local_user_groups($userent,$_POST['groups']);
+			local_user_set($userent);
+			local_user_set_groups($userent,$_POST['groups']);
 			write_config();
-			$retval = system_password_configure();
 
 			pfSenseHeader("system_usermanager.php");
 		}
@@ -488,7 +490,7 @@ function presubmit() {
 					<td class="listr"><?=htmlspecialchars($userent['fullname']);?>&nbsp;</td>
 					<td class="listbg">
 						<font color="white">
-							<?=implode(",",get_local_user_groups($userent));?>
+							<?=implode(",",local_user_get_groups($userent));?>
 						</font>
 						&nbsp;
 					</td>
@@ -563,10 +565,6 @@ function presubmit() {
 			$config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1']));
 
 			write_config();
-
-			sync_webgui_passwords();
-
-			$retval = system_password_configure();
 			$savemsg = "Password successfully changed<br />";
 		}
 	}
diff --git a/usr/local/www/system_usermanager_addprivs.php b/usr/local/www/system_usermanager_addprivs.php
index 61758b7..0214d63 100644
--- a/usr/local/www/system_usermanager_addprivs.php
+++ b/usr/local/www/system_usermanager_addprivs.php
@@ -86,7 +86,7 @@ if ($_POST) {
 		else
 			$a_user['priv'] = array_merge($a_user['priv'], $pconfig['sysprivs']);
 
-		set_local_user($a_user);
+		local_user_set($a_user);
 		$retval = write_config();
 		$savemsg = get_std_save_message($retval);
 
diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php
index c1d3a71..90e6598 100755
--- a/usr/local/www/system_usermanager_settings.php
+++ b/usr/local/www/system_usermanager_settings.php
@@ -126,12 +126,8 @@ if ($_POST) {
 		else
 			unset($pconfig['ldapgroupattribute']);
 
-
 		write_config();
 
-		$retval = system_password_configure();
-		sync_webgui_passwords();
-
 	}
 }
 
diff --git a/usr/local/www/wizards/setup_wizard.xml b/usr/local/www/wizards/setup_wizard.xml
index e6b46bc..1cf882c 100644
--- a/usr/local/www/wizards/setup_wizard.xml
+++ b/usr/local/www/wizards/setup_wizard.xml
@@ -418,14 +418,10 @@
 	<stepsubmitphpaction>
 	if($_POST['adminpassword'] != "") {
 		if($_POST['adminpassword'] == $_POST['adminpasswordagain']) {
-			$fd = popen("/usr/sbin/pw usermod -n root -H 0", "w");
-			$salt = md5(time());
-			$crypted_pw = crypt($_POST['adminpassword'],$salt);
-			fwrite($fd, $crypted_pw);
-			pclose($fd);
-			$config['system']['password'] = crypt($_POST['adminpassword']);
+			$admin_user =& getUserEntryByUID(0);
+			local_user_set_password($admin_user, $_POST['adminpassword']);
+			local_user_set($admin_user);
 			write_config();
-			system_password_configure();
 		} else {
 			print_info_box_np("Passwords do not match!  Please press back in your browser window and correct.");
 			die;
author	Matthew Grooms <mgrooms@pfsense.org>	2008-08-03 17:54:35 +0000
committer	Matthew Grooms <mgrooms@pfsense.org>	2008-08-03 17:54:35 +0000
commit	659fa7f23bb28d316ec6c99a538ee74bc7ffc0a3 (patch)
tree	31ce9604a21b27b3f88c50332251ea570136c817 /usr/local
parent	5064cec7670cffa8efa3d7276ebf13c2c9d5e23c (diff)
download	pfsense-659fa7f23bb28d316ec6c99a538ee74bc7ffc0a3.zip pfsense-659fa7f23bb28d316ec6c99a538ee74bc7ffc0a3.tar.gz