diff options
author | Matthew Grooms <mgrooms@pfsense.org> | 2008-08-03 17:54:35 +0000 |
---|---|---|
committer | Matthew Grooms <mgrooms@pfsense.org> | 2008-08-03 17:54:35 +0000 |
commit | 659fa7f23bb28d316ec6c99a538ee74bc7ffc0a3 (patch) | |
tree | 31ce9604a21b27b3f88c50332251ea570136c817 /usr/local | |
parent | 5064cec7670cffa8efa3d7276ebf13c2c9d5e23c (diff) | |
download | pfsense-659fa7f23bb28d316ec6c99a538ee74bc7ffc0a3.zip pfsense-659fa7f23bb28d316ec6c99a538ee74bc7ffc0a3.tar.gz |
Cleanup authentication code. The basic auth method, the passwd, htpasswd
and pam backing functions have been removed. The basic auth method was
legacy code and the backing functions were redundant with no added value
that I could see. A simplified replacement backing function named
local_backed has been added that authenticates to the local configuration
info which should be identical to system pwdb credentials. Since the
htpassword file is no longer required, sync_webgui_passwords and its
wrapper function system_password_configure have been removed.
The local account management functions were renamed for consistency. A few
minor bugs related to setting local passwords have also been corrected.
Diffstat (limited to 'usr/local')
-rwxr-xr-x | usr/local/www/pkg_mgr_install.php | 3 | ||||
-rwxr-xr-x | usr/local/www/system.php | 10 | ||||
-rw-r--r-- | usr/local/www/system_groupmanager.php | 6 | ||||
-rw-r--r-- | usr/local/www/system_groupmanager_addprivs.php | 2 | ||||
-rw-r--r-- | usr/local/www/system_usermanager.php | 22 | ||||
-rw-r--r-- | usr/local/www/system_usermanager_addprivs.php | 2 | ||||
-rwxr-xr-x | usr/local/www/system_usermanager_settings.php | 4 | ||||
-rw-r--r-- | usr/local/www/wizards/setup_wizard.xml | 10 |
8 files changed, 18 insertions, 41 deletions
diff --git a/usr/local/www/pkg_mgr_install.php b/usr/local/www/pkg_mgr_install.php index 359d575..20d2dde 100755 --- a/usr/local/www/pkg_mgr_install.php +++ b/usr/local/www/pkg_mgr_install.php @@ -119,9 +119,6 @@ ob_flush(); /* mount rw fs */ conf_mount_rw(); -/* resync password database to avoid out of sync issues */ -sync_webgui_passwords(); - switch($_GET['mode']) { case "delete": $id = get_pkg_id($_GET['pkg']); diff --git a/usr/local/www/system.php b/usr/local/www/system.php index b04e9ce..8abaf4d 100755 --- a/usr/local/www/system.php +++ b/usr/local/www/system.php @@ -117,9 +117,6 @@ if ($_POST) { ($_POST['webguiport'] < 1) || ($_POST['webguiport'] > 65535))) { $input_errors[] = "A valid TCP/IP port must be specified for the webConfigurator port."; } - if (($_POST['password']) && ($_POST['password'] != $_POST['password2'])) { - $input_errors[] = "The passwords do not match."; - } $t = (int)$_POST['timeupdateinterval']; if (($t < 0) || (($t > 0) && ($t < 6)) || ($t > 1440)) { @@ -163,12 +160,6 @@ if ($_POST) { unset($config['system']['dnsallowoverride']); $config['system']['dnsallowoverride'] = $_POST['dnsallowoverride'] ? true : false; - if ($_POST['password']) { - $config['system']['password'] = crypt($_POST['password']); - update_changedesc("password changed via webConfigurator"); - sync_webgui_passwords(); - } - /* which interface should the dns servers resolve through? */ if($_POST['dns1gwint']) $config['system']['dns1gwint'] = $pconfig['dns1gwint']; @@ -205,7 +196,6 @@ if ($_POST) { $retval = system_hostname_configure(); $retval |= system_hosts_generate(); $retval |= system_resolvconf_generate(); - $retval |= system_password_configure(); $retval |= services_dnsmasq_configure(); $retval |= system_timezone_configure(); $retval |= system_ntp_configure(); diff --git a/usr/local/www/system_groupmanager.php b/usr/local/www/system_groupmanager.php index e79a77f..d2ab78e 100644 --- a/usr/local/www/system_groupmanager.php +++ b/usr/local/www/system_groupmanager.php @@ -63,7 +63,7 @@ if ($_GET['act'] == "delgroup") { exit; } - del_local_group($a_group[$_GET['id']]); + local_group_del($a_group[$_GET['id']]); $groupdeleted = $a_group[$_GET['id']]['name']; unset($a_group[$_GET['id']]); write_config(); @@ -84,7 +84,7 @@ if ($_GET['act'] == "delpriv") { foreach ($a_group[$id]['member'] as $uid) { $user = getUserEntryByUID($uid); if ($user) - set_local_user($user); + local_user_set($user); } write_config(); @@ -146,7 +146,7 @@ if ($_POST) { $a_group[] = $group; } - set_local_group($group); + local_group_set($group); write_config(); header("Location: system_groupmanager.php"); diff --git a/usr/local/www/system_groupmanager_addprivs.php b/usr/local/www/system_groupmanager_addprivs.php index 6c808be..a449b2d 100644 --- a/usr/local/www/system_groupmanager_addprivs.php +++ b/usr/local/www/system_groupmanager_addprivs.php @@ -85,7 +85,7 @@ if ($_POST) { foreach ($a_group['member'] as $uid) { $user = getUserEntryByUID($uid); if ($user) - set_local_user($user); + local_user_set($user); } $retval = write_config(); diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 791fae6..0b8f76e 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -67,11 +67,10 @@ if (isAllowedPage("system_usermanager")) { exit; } - del_local_user($a_user[$_GET['id']]); + local_user_del($a_user[$_GET['id']]); $userdeleted = $a_user[$_GET['id']]['name']; unset($a_user[$_GET['id']]); write_config(); - $retval = system_password_configure(); $savemsg = gettext("User")." {$userdeleted} ". gettext("successfully deleted")."<br/>"; } @@ -96,7 +95,7 @@ if (isAllowedPage("system_usermanager")) { if (isset($id) && $a_user[$id]) { $pconfig['usernamefld'] = $a_user[$id]['name']; $pconfig['fullname'] = $a_user[$id]['fullname']; - $pconfig['groups'] = get_local_user_groups($a_user[$id]); + $pconfig['groups'] = local_user_get_groups($a_user[$id]); $pconfig['utype'] = $a_user[$id]['scope']; $pconfig['uid'] = $a_user[$id]['uid']; $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']); @@ -163,10 +162,14 @@ if (isAllowedPage("system_usermanager")) { if (isset($id) && $a_user[$id]) $userent = $a_user[$id]; - /* the user did change his username */ + /* the user name was modified */ if ($_POST['usernamefld'] <> $_POST['oldusername']) $_SERVER['REMOTE_USER'] = $_POST['usernamefld']; + /* the user password was mofified */ + if ($_POST['passwordfld1']) + local_user_set_password($userent, $_POST['passwordfld1']); + $userent['name'] = $_POST['usernamefld']; $userent['fullname'] = $_POST['fullname']; @@ -182,10 +185,9 @@ if (isAllowedPage("system_usermanager")) { $a_user[] = $userent; } - set_local_user($userent, $_POST['passwordfld1']); - set_local_user_groups($userent,$_POST['groups']); + local_user_set($userent); + local_user_set_groups($userent,$_POST['groups']); write_config(); - $retval = system_password_configure(); pfSenseHeader("system_usermanager.php"); } @@ -488,7 +490,7 @@ function presubmit() { <td class="listr"><?=htmlspecialchars($userent['fullname']);?> </td> <td class="listbg"> <font color="white"> - <?=implode(",",get_local_user_groups($userent));?> + <?=implode(",",local_user_get_groups($userent));?> </font> </td> @@ -563,10 +565,6 @@ function presubmit() { $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1'])); write_config(); - - sync_webgui_passwords(); - - $retval = system_password_configure(); $savemsg = "Password successfully changed<br />"; } } diff --git a/usr/local/www/system_usermanager_addprivs.php b/usr/local/www/system_usermanager_addprivs.php index 61758b7..0214d63 100644 --- a/usr/local/www/system_usermanager_addprivs.php +++ b/usr/local/www/system_usermanager_addprivs.php @@ -86,7 +86,7 @@ if ($_POST) { else $a_user['priv'] = array_merge($a_user['priv'], $pconfig['sysprivs']); - set_local_user($a_user); + local_user_set($a_user); $retval = write_config(); $savemsg = get_std_save_message($retval); diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index c1d3a71..90e6598 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -126,12 +126,8 @@ if ($_POST) { else
unset($pconfig['ldapgroupattribute']);
-
write_config();
- $retval = system_password_configure();
- sync_webgui_passwords();
-
}
}
diff --git a/usr/local/www/wizards/setup_wizard.xml b/usr/local/www/wizards/setup_wizard.xml index e6b46bc..1cf882c 100644 --- a/usr/local/www/wizards/setup_wizard.xml +++ b/usr/local/www/wizards/setup_wizard.xml @@ -418,14 +418,10 @@ <stepsubmitphpaction> if($_POST['adminpassword'] != "") { if($_POST['adminpassword'] == $_POST['adminpasswordagain']) { - $fd = popen("/usr/sbin/pw usermod -n root -H 0", "w"); - $salt = md5(time()); - $crypted_pw = crypt($_POST['adminpassword'],$salt); - fwrite($fd, $crypted_pw); - pclose($fd); - $config['system']['password'] = crypt($_POST['adminpassword']); + $admin_user =& getUserEntryByUID(0); + local_user_set_password($admin_user, $_POST['adminpassword']); + local_user_set($admin_user); write_config(); - system_password_configure(); } else { print_info_box_np("Passwords do not match! Please press back in your browser window and correct."); die; |