diff options
| author | Ermal Luçi <eri@pfsense.org> | 2010-03-03 16:16:39 +0000 |
|---|---|---|
| committer | Ermal Luçi <eri@pfsense.org> | 2010-03-03 16:17:35 +0000 |
| commit | 6306b5ddc70ce5bbcf9c9c9769755340e0117de4 (patch) | |
| tree | ef8ac81995fa89cde3362ccbc02540a4e468b783 /usr/local | |
| parent | f700f8da9deedb1f866353911a5eaf939016124a (diff) | |
| download | pfsense-6306b5ddc70ce5bbcf9c9c9769755340e0117de4.zip pfsense-6306b5ddc70ce5bbcf9c9c9769755340e0117de4.tar.gz | |
Overhaul the user login system to use the Servers tab as its base.
Fix quite a few problems down the way.
Diffstat (limited to 'usr/local')
| -rw-r--r-- | usr/local/www/system_authservers.php | 78 | ||||
| -rwxr-xr-x | usr/local/www/system_usermanager_settings.php | 283 | ||||
| -rw-r--r-- | usr/local/www/system_usermanager_settings_ldapacpicker.php | 63 | ||||
| -rwxr-xr-x | usr/local/www/system_usermanager_settings_test.php | 80 | ||||
| -rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 8 |
5 files changed, 180 insertions, 332 deletions
diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php index 428a442..6dbe2b2 100644 --- a/usr/local/www/system_authservers.php +++ b/usr/local/www/system_authservers.php @@ -50,7 +50,9 @@ if (isset($_POST['id'])) if (!is_array($config['system']['authserver'])) $config['system']['authserver'] = array(); -$a_server =& $config['system']['authserver']; +$a_servers = auth_get_authserver_list(); +foreach ($a_servers as $servers) + $a_server[] = $servers; $act = $_GET['act']; if ($_POST['act']) @@ -181,7 +183,7 @@ if ($_POST) { if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host'])) $input_errors[] = gettext("The host name contains invalid characters."); - if (auth_get_authserver($pconfig['name'])) + if (auth_get_authserver($pconfig['name']) && !isset($id)) $input_errors[] = "A authentication server with the same name already exists."; /* if this is an AJAX caller then handle via JSON */ @@ -244,10 +246,10 @@ if ($_POST) { } } - if (isset($id) && $a_server[$id]) - $a_server[$id] = $server; + if (isset($id) && $config['system']['authserver'][$id]) + $config['system']['authserver'][$id] = $server; else - $a_server[] = $server; + $config['system']['authserver'][] = $server; write_config(); @@ -263,14 +265,15 @@ include("head.inc"); <script type="text/javascript"> <!-- -function server_typechange(type) { +function server_typechange(typ) { - if (!type) { - index = document.iform.type.selectedIndex; - type = document.iform.type.options[index].value; + var idx = 0; + if (!typ) { + idx = document.getElementById("type").selectedIndex; + typ = document.getElementById("type").options[idx].value; } - switch (type) { + switch (typ) { case "ldap": document.getElementById("ldap").style.display=""; document.getElementById("radius").style.display="none"; @@ -283,13 +286,13 @@ function server_typechange(type) { } function ldap_urlchange() { - switch (document.iform.ldap_urltype.selectedIndex) { + switch (document.getElementById("ldap_urltype").selectedIndex) { <?php $index = 0; foreach ($ldap_urltypes as $urltype => $urlport): ?> case <?=$index;?>: - document.iform.ldap_port.value = "<?=$urlport;?>"; + document.getElementById("ldap_port").value = "<?=$urlport;?>"; break; <?php $index++; @@ -300,22 +303,22 @@ function ldap_urlchange() { function ldap_bindchange() { - if (document.iform.ldap_anon.checked) + if (document.getElementById("ldap_anon").checked) document.getElementById("ldap_bind").style.display="none"; else document.getElementById("ldap_bind").style.display=""; } function ldap_tmplchange(){ - switch (document.iform.ldap_tmpltype.selectedIndex) { + switch (document.getElementById("ldap_tmpltype").selectedIndex) { <?php $index = 0; foreach ($ldap_templates as $tmpldata): ?> case <?=$index;?>: - document.iform.ldap_attr_user.value = "<?=$tmpldata['attr_user'];?>"; - document.iform.ldap_attr_group.value = "<?=$tmpldata['attr_group'];?>"; - document.iform.ldap_attr_member.value = "<?=$tmpldata['attr_member'];?>"; + document.getElementById("ldap_attr_user").value = "<?=$tmpldata['attr_user'];?>"; + document.getElementById("ldap_attr_group").value = "<?=$tmpldata['attr_group'];?>"; + document.getElementById("ldap_attr_member").value = "<?=$tmpldata['attr_member'];?>"; break; <?php $index++; @@ -325,7 +328,7 @@ function ldap_tmplchange(){ } function radius_srvcschange(){ - switch (document.iform.radius_srvcs.selectedIndex) { + switch (document.getElementById("radius_srvcs").selectedIndex) { case 0: // both document.getElementById("radius_auth").style.display=""; document.getElementById("radius_acct").style.display=""; @@ -341,6 +344,22 @@ function radius_srvcschange(){ } } +function select_clicked() { + var url = 'system_usermanager_settings_ldapacpicker.php?'; + url += 'port=' + document.getElementById("ldap_port").value; + url += '&host=' + document.getElementById("ldap_host").value; + url += '&scope=' + document.getElementById("ldap_scope").value; + url += '&basedn=' + document.getElementById("ldap_basedn").value; + url += '&binddn=' + document.getElementById("ldap_binddn").value; + url += '&bindpw=' + document.getElementById("ldap_bindpw").value; + url += '&urltype=' + document.getElementById("ldap_urltype").value; + url += '&proto=' + document.getElementById("ldap_protver").value; + url += '&authcn=' + document.getElementById("ldapauthcontainers").value; + + var oWin = window.open(url,"pfSensePop","width=620,height=400,top=150,left=150"); + if (oWin==null || typeof(oWin)=="undefined") + alert('Popup blocker detected. Action aborted.'); +} //--> </script> <?php @@ -484,7 +503,7 @@ function radius_srvcschange(){ <td>Containers: </td> <td> <input name="ldapauthcontainers" type="text" class="formfld unknown" id="ldapauthcontainers" size="40" value="<?=htmlspecialchars($pconfig['ldap_authcn']);?>"/> - <input type="button" onClick="javascript:if(openwindow('system_usermanager_settings_ldapacpicker.php') == false) alert('Popup blocker detected. Action aborted.');" value="Select"> + <input type="button" onClick="select_clicked();" value="Select"> <br />NOTE: Semi-Colon separated. This will be prepended to the search base dn above or you can specify full container path. <br />EXAMPLE: CN=Users;DC=example <br />EXAMPLE: CN=Users,DC=example,DC=com;OU=OtherUsers,DC=example,DC=com @@ -640,11 +659,12 @@ function radius_srvcschange(){ $type = htmlspecialchars($auth_server_types[$server['type']]); $host = htmlspecialchars($server['host']); ?> - <tr ondblclick="document.location='system_authservers.php?act=edit&id=<?=$i;?>'"> + <tr <?php if ($i < (count($a_server) - 1)): ?> ondblclick="document.location='system_authservers.php?act=edit&id=<?=$i;?>'" <?php endif; ?>> <td class="listlr"><?=$name?> </td> <td class="listr"><?=$type;?> </td> <td class="listr"><?=$host;?> </td> <td valign="middle" nowrap class="list"> + <?php if ($i < (count($a_server) - 1)): ?> <a href="system_authservers.php?act=edit&id=<?=$i;?>"> <img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="edit server" alt="edit server" width="17" height="17" border="0" /> </a> @@ -652,11 +672,11 @@ function radius_srvcschange(){ <a href="system_authservers.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Server?");?>')"> <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="delete server" alt="delete server" width="17" height="17" border="0" /> </a> + <?php endif; ?> </td> </tr> <?php - $i++; - endforeach; + $i++; endforeach; ?> <tr> <td class="list" colspan="3"></td> @@ -681,26 +701,22 @@ function radius_srvcschange(){ </td> </tr> </table> -<?php include("fend.inc");?> +<?php include("fend.inc"); +if ($act == "edit"): ?> <script type="text/javascript"> <!-- -function openwindow(url) { - var oWin = window.open(url,"pfSensePop","width=620,height=400,top=150,left=150"); - if (oWin==null || typeof(oWin)=="undefined") - return false; - else - return true; -} server_typechange('<?=$pconfig['type'];?>'); <?php if (!isset($id) || $pconfig['type'] == "ldap"): ?> ldap_bindchange(); ldap_urlchange(); +<?php if (!isset($id)): ?> ldap_tmplchange(); <? endif; ?> +<? endif; ?> <?php if (!isset($id) || $pconfig['type'] == "radius"): ?> radius_srvcschange(); <? endif; ?> //--> </script> - +<?php endif; ?> </body> diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index 4889d73..7b96d4d 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -45,29 +45,20 @@ if($_POST['savetest']) $save_and_test = true; require("guiconfig.inc"); +require_once("auth.inc"); require("priv.defs.inc"); require("priv.inc"); $pconfig['session_timeout'] = &$config['system']['webgui']['session_timeout']; -$pconfig['ldapserver'] = &$config['system']['webgui']['ldapserver']; +$pconfig['authmode'] = &$config['system']['webgui']['authmode']; $pconfig['backend'] = &$config['system']['webgui']['backend']; -$pconfig['ldapbindun'] = &$config['system']['webgui']['ldapbindun']; -$pconfig['ldapbindpw'] = &$config['system']['webgui']['ldapbindpw']; -$pconfig['ldapfilter'] = &$config['system']['webgui']['ldapfilter']; -$pconfig['ldapsearchbase'] = &$config['system']['webgui']['ldapsearchbase']; -$pconfig['ldapauthcontainers'] = &$config['system']['webgui']['ldapauthcontainers']; -$pconfig['ldapgroupattribute'] = &$config['system']['webgui']['ldapgroupattribute']; -$pconfig['ldapnameattribute'] = &$config['system']['webgui']['ldapnameattribute']; // Page title for main admin $pgtitle = array("System","User manager settings"); if ($_POST) { unset($input_errors); - - conf_mount_rw(); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pconfig = $_POST; if($_POST['session_timeout']) { $timeout = intval($_POST['session_timeout']); @@ -78,60 +69,23 @@ if ($_POST) { if (!$input_errors) { if($_POST['session_timeout']) - $pconfig['session_timeout'] = intval($_POST['session_timeout']); + $config['system']['webgui']['session_timeout'] = intval($_POST['session_timeout']); else unset($config['system']['webgui']['session_timeout']); - if($_POST['ldapserver']) - $pconfig['ldapserver'] = $_POST['ldapserver']; + if($_POST['authmode']) + $config['system']['webgui']['authmode'] = $_POST['authmode']; else - unset($pconfig['ldapserver']); + unset($config['system']['webgui']['authmode']); if($_POST['backend']) - $pconfig['backend'] = $_POST['backend']; - else - unset($pconfig['backend']); - - if($_POST['ldapbindun']) - $pconfig['ldapbindun'] = $_POST['ldapbindun']; - else - unset($pconfig['ldapbindun']); - - if($_POST['ldapbindpw']) - $pconfig['ldapbindpw'] = $_POST['ldapbindpw']; - else - unset($pconfig['ldapbindpw']); - - if($_POST['ldapfilter']) - $pconfig['ldapfilter'] = $_POST['ldapfilter']; + $config['system']['webgui']['backend'] = $_POST['backend']; else - unset($pconfig['ldapfilter']); - - if($_POST['ldapsearchbase']) - $pconfig['ldapsearchbase'] = $_POST['ldapsearchbase']; - else - unset($pconfig['ldapsearchbase']); - - if($_POST['ldapauthcontainers']) - $pconfig['ldapauthcontainers'] = $_POST['ldapauthcontainers']; - else - unset($pconfig['ldapauthcontainers']); - - if($_POST['ldapgroupattribute']) - $pconfig['ldapgroupattribute'] = $_POST['ldapgroupattribute']; - else - unset($pconfig['ldapgroupattribute']); - if($_POST['ldapnameattribute']) - $pconfig['ldapnameattribute'] = $_POST['ldapnameattribute']; - else - unset($pconfig['ldapgroupattribute']); + unset($config['system']['webgui']['backend']); write_config(); } - - conf_mount_ro(); - } include("head.inc"); @@ -145,77 +99,13 @@ include("head.inc"); <?php if($save_and_test) { echo "<script language='javascript'>\n"; - echo "myRef = window.open('system_usermanager_settings_test.php','mywin', "; + echo "myRef = window.open('system_usermanager_settings_test.php?authserver={$pconfig['authmode']}','mywin', "; echo "'left=20,top=20,width=700,height=550,toolbar=1,resizable=0');\n"; + echo "if (myRef==null || typeof(myRef)=='undefined') aleart('Popup blocker detected. Action aborted.');\n"; echo "</script>\n"; } ?> -<script language="javascript"> - function show_ldapfilter() { - document.getElementById("filteradv").innerHTML=''; - aodiv = document.getElementById('filteradvdiv'); - aodiv.style.display = "block"; - } - function show_ldapnaming(){ - document.getElementById("namingattribute").innerHTML=''; - aodiv = document.getElementById('ldapnamingdiv'); - aodiv.style.display = "block"; - } - function show_groupmembership() { - document.getElementById("groupmembership").innerHTML=''; - aodiv = document.getElementById('groupmembershipdiv'); - aodiv.style.display = "block"; - } - function ldap_typechange() { - switch (document.iform.backend.selectedIndex) { - case 0: - /* pfSense backend, disable all options */ - document.iform.ldapfilter.disabled = 1; - document.iform.ldapnameattribute.disabled = 1; - document.iform.ldapgroupattribute.disabled = 1; - document.iform.ldapsearchbase.disabled = 1; - document.iform.ldapauthcontainers.disabled = 1; - document.iform.ldapserver.disabled = 1; - document.iform.ldapbindun.disabled = 1; - document.iform.ldapbindpw.disabled = 1; - document.iform.ldapfilter.value = ""; - document.iform.ldapnameattribute.value = ""; - document.iform.ldapgroupattribute.value = ""; - document.iform.ldapauthcontainers.value = ""; - break; - case 1: - /* A/D */ - document.iform.ldapfilter.disabled = 0; - document.iform.ldapnameattribute.disabled = 0; - document.iform.ldapgroupattribute.disabled = 0; - document.iform.ldapsearchbase.disabled = 0; - document.iform.ldapauthcontainers.disabled = 0; - document.iform.ldapserver.disabled = 0; - document.iform.ldapbindun.disabled = 0; - document.iform.ldapbindpw.disabled = 0; - document.iform.ldapfilter.value = "(samaccountname=_username_)"; - document.iform.ldapnameattribute.value = "samaccountname"; - document.iform.ldapgroupattribute.value = "memberOf"; - break; - case 2: - /* eDir */ - document.iform.ldapfilter.disabled = 0; - document.iform.ldapnameattribute.disabled = 0; - document.iform.ldapgroupattribute.disabled = 0; - document.iform.ldapsearchbase.disabled = 0; - document.iform.ldapauthcontainers.disabled = 0; - document.iform.ldapserver.disabled = 0; - document.iform.ldapbindun.disabled = 0; - document.iform.ldapbindpw.disabled = 0; - document.iform.ldapfilter.value = "(cn=_username_)"; - document.iform.ldapnameattribute.value = "CN"; - document.iform.ldapgroupattribute.value = "groupMembership"; - break; - } - } -</script> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="tabnavtbl"> @@ -224,7 +114,7 @@ include("head.inc"); $tab_array[] = array(gettext("Users"), false, "system_usermanager.php"); $tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php"); $tab_array[] = array(gettext("Settings"), true, "system_usermanager_settings.php"); - $tab_array[] = array(gettext("Servers"), false, "system_authservers.php"); + $tab_array[] = array(gettext("Servers"), false, "system_authservers.php"); display_top_tabs($tab_array); /* Default to pfsense backend type if none is defined */ @@ -238,110 +128,49 @@ if(!$pconfig['backend']) <div id="mainarea"> <form id="iform" name="iform" action="system_usermanager_settings.php" method="post"> <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> - <tr> + <tr> <td width="22%" valign="top" class="vncell">Session Timeout</td> <td width="78%" class="vtable"> - <input name="session_timeout" id="session_timeout" type="text" size="8" value="<?=htmlspecialchars($pconfig['session_timeout']);?>" /> - <br /> - <?=gettext("Time in minutes to expire idle management sessions. The default is four hours (240 minutes). <br/> Enter 0 to never expire sessions. NOTE: This is a security risk!");?><br /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Authentication primary backend</td> - <td width="78%" class="vtable"> - <select name='backend' id='backend' onchange='ldap_typechange()'> - <option value="pfsense"<?php if ($pconfig['backend'] == "pfsense") echo " SELECTED";?>>Local User Database</option> - <option value="ldap"<?php if ($pconfig['backend'] == "ldap") echo " SELECTED";?>>LDAP (Active Directory)</option> - <option value="ldapother"<?php if ($pconfig['backend'] == "ldapother") echo " SELECTED";?>>LDAP OTHER (eDir, etc)</option> - </select> - <br/>NOTE: login failures or server not available issues will fall back to <?=$g['product_name'];?> internal users/group authentication. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Server:port</td> - <td width="78%" class="vtable"> - <input name="ldapserver" id="ldapserver" size="65" value="<?=htmlspecialchars($pconfig['ldapserver']);?>"> - <br/>Example: ldaps://ldap.example.org:389 or ldap://ldap.example.org:389 - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Binding username</td> + <input name="session_timeout" id="session_timeout" type="text" size="8" value="<?=htmlspecialchars($pconfig['session_timeout']);?>" /> + <br /> + <?=gettext("Time in minutes to expire idle management sessions. The default is four hours (240 minutes). <br/> Enter 0 to never expire sessions. NOTE: This is a security risk!");?><br /> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Authentication Server</td> <td width="78%" class="vtable"> - <input name="ldapbindun" id="ldapbindun" size="65" value="<?=htmlspecialchars($pconfig['ldapbindun']);?>"> - <br/>This account must have read access to the user objects and be able to retrieve groups. - <br/>Example: For Active Directory you would want to use format DOMAIN\username or username@domain. - <br/>Example: eDirectory you would want to use format cn=username,ou=orgunit,o=org. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Binding password</td> + <select name='authmode' id='authmode' class="formselect" > + <?php + $auth_servers = auth_get_authserver_list(); + foreach ($auth_servers as $auth_server): + if ($auth_server['type'] == 'radius') + continue; + $selected = ""; + if ($auth_server['name'] == $pconfig['authmode']) + $selected = "selected"; + ?> + <option value="<?=$auth_server['name'];?>" <?=$selected;?>><?=$auth_server['name'];?></option> + <?php endforeach; ?> + </select> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Authentication fallback backend</td> <td width="78%" class="vtable"> - <input name="ldapbindpw" id="ldapbindpw" type="password" size="65" value="<?=htmlspecialchars($pconfig['ldapbindpw']);?>"> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Filter</td> - <td width="78%" class="vtable"> - <div id="filteradv" name="filteradv"> - <input type="button" onClick="show_ldapfilter();" value="Advanced"> - Show advanced options - </div> - <div id="filteradvdiv" name="filteradvdiv" style="display:none"> - <input name="ldapfilter" id="ldapfilter" size="65" value="<?=htmlspecialchars($pconfig['ldapfilter']);?>"> - <br/>Example: For Active Directory you would want to use (samaccountname=_username_) - <br/>Example: For eDirectory you would want to use (cn=_username_) - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Naming Attribute</td> - <td width="78%" class="vtable"> - <div id="namingattribute" name="namingattribute"> - <input type="button" onClick="show_ldapnaming();" value="Advanced"> - Show advanced options - </div> - <div id="ldapnamingdiv" name="ldapnamingdiv" style="display:none"> - <input name="ldapnameattribute" id="ldapnameattribute" size="65" value="<?=htmlspecialchars($pconfig['ldapnameattribute']);?>"> - <br/>Example: For Active Directory you would want to use samaccountname. - <br/>Example: For eDirectory you would want to use CN. - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Group Membership Attribute Name</td> - <td width="78%" class="vtable"> - <div id="groupmembership" name="groupmembership"> - <input type="button" onClick="show_groupmembership();" value="Advanced"> - Show advanced options - </div> - <div id="groupmembershipdiv" name="groupmembershipdiv" style="display:none"> - <input name="ldapgroupattribute" id="ldapgroupattribute" size="65" value="<?=htmlspecialchars($pconfig['ldapgroupattribute']);?>"> - <br/>Example: For Active Directory you would want to use memberOf. - <br/>Example: For eDirectory you would want to use groupMembership. - </div> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">LDAP Search base</td> - <td width="78%" class="vtable"> - <input name="ldapsearchbase" size="65" value="<?=htmlspecialchars($pconfig['ldapsearchbase']);?>"> - <br/>Example: DC=example,DC=com - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Authentication container</td> - <td width="78%" class="vtable"> - <input name="ldapauthcontainers" id="ldapauthcontainers" size="65" value="<?=htmlspecialchars($pconfig['ldapauthcontainers']);?>"> - <input type="button" onClick="javascript:if(openwindow('system_usermanager_settings_ldapacpicker.php') == false) alert('Popup blocker detected. Action aborted.');" value="Select"> - <br/>NOTE: Semi-Colon separated. - <br/>EXAMPLE: CN=Users,DC=example,DC=com;CN=OtherUsers,DC=example,DC=com - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input id="submit" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - <input id="savetest" name="savetest" type="submit" class="formbtn" value="<?=gettext("Save and Test");?>" /> - </td> - </tr> + <select name='backend' id='backend' onchange='ldap_typechange()'> + <option value="pfsense"<?php if ($pconfig['backend'] == "pfsense") echo " SELECTED";?>>Local User Database</option> + <option value="ldap"<?php if ($pconfig['backend'] == "ldap") echo " SELECTED";?>>LDAP (Directory server)</option> + </select> + <br/>NOTE: login failures or server not available issues will fall back to <?=$g['product_name'];?> this type of authenticator. + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input id="save" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> + <input id="savetest" name="savetest" type="submit" class="formbtn" value="<?=gettext("Save and Test");?>" /> + </td> + </tr> </table> </form> </div> @@ -351,13 +180,3 @@ if(!$pconfig['backend']) <?php include("fend.inc");?> </body> </html> -<script language="javascript"> - function openwindow(url) { - var oWin = window.open(url,"pfSensePop","width=620,height=400,top=150,left=150"); - if (oWin==null || typeof(oWin)=="undefined") { - return false; - } else { - return true; - } - } -</script> diff --git a/usr/local/www/system_usermanager_settings_ldapacpicker.php b/usr/local/www/system_usermanager_settings_ldapacpicker.php index 891b146..729dc6c 100644 --- a/usr/local/www/system_usermanager_settings_ldapacpicker.php +++ b/usr/local/www/system_usermanager_settings_ldapacpicker.php @@ -32,30 +32,41 @@ */ require("guiconfig.inc"); +require_once("auth.inc"); require("priv.defs.inc"); require("priv.inc"); +$ous = array(); +if($_GET) { + $authcfg = array(); + $authcfg['ldap_port'] = $_GET['port']; + $authcfg['ldap_basedn'] = $_GET['basedn']; + $authcfg['host'] = $_GET['host']; + $authcfg['ldap_scope'] = $_GET['scope']; + $authcfg['ldap_binddn'] = $_GET['binddn']; + $authcfg['ldap_bindpw'] = $_GET['bindpw']; + $authcfg['ldap_urltype'] = $_GET['urltype']; + $authcfg['ldap_protver'] = $_GET['proto']; + $authcfg['ldap_authcn'] = explode(";", $_GET['authcn']); + $ous = ldap_get_user_ous(true, $authcfg); +} +?> +<script language="JavaScript"> +function post_choices() { -if($_POST) { - $ous = ldap_get_user_ous(true); - $values = ""; - $isfirst = true; - foreach($ous as $ou) { - if(in_array($ou, $_POST['ou'])) { - if($isfirst == false) - $values .= ";"; - $isfirst = false; - $values .= $ou; - } + var ous = <?php echo count($ous); ?>; + var i; + for (i = 0; i < ous; i++) { + if (document.forms[0].ou[i].checked) { + opener.document.forms[0].ldapauthcontainers.value=""; + if (opener.document.forms[0].ldapauthcontainers.value != "") + opener.document.forms[0].ldapauthcontainers.value+=";"; + opener.document.forms[0].ldapauthcontainers.value+=document.forms[0].ou[i].value; + } } - echo "<script language=\"JavaScript\">\n"; - echo "<!--\n"; - echo " opener.document.forms[0].ldapauthcontainers.value='$values'\n"; - echo " this.close();\n"; - echo "-->\n"; - echo "</script>\n"; + //this.close(); +--> } - -?> +</script> <html> <head> @@ -78,7 +89,7 @@ if($_POST) { } </STYLE> </head> - <body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> + <body link="#000000" vlink="#000000" alink="#000000" > <form method="post" action="system_usermanager_settings_ldapacpicker.php"> <b>Please select which containers to Authenticate against:</b> <p/> @@ -87,19 +98,17 @@ if($_POST) { <td class="tabnavtbl"> <table width="100%"> <?php - $ous = ldap_get_user_ous(true); - $pconfig['ldapauthcontainers'] = split(";",$config['system']['webgui']['ldapauthcontainers']); if(!is_array($ous)) { echo "Sorry, we could not connect to the LDAP server. Please try later."; - exit; + //exit; } - if(is_array($ous)) { + else if(is_array($ous)) { foreach($ous as $ou) { - if(in_array($ou, $pconfig['ldapauthcontainers'])) + if(in_array($ou, $authcfg['ldap_authcn'])) $CHECKED=" CHECKED"; else $CHECKED=""; - echo " <tr><td><input type='checkbox' value='{$ou}' name='ou[]'{$CHECKED}> {$ou}<br/></td></tr>\n"; + echo " <tr><td><input type='checkbox' value='{$ou}' id='ou' name='ou[]'{$CHECKED}> {$ou}<br/></td></tr>\n"; } } ?> @@ -110,7 +119,7 @@ if($_POST) { <p/> - <input type='submit' value='Save'> + <input type='button' value='Save' onClick="post_choices();"> </body> </html> diff --git a/usr/local/www/system_usermanager_settings_test.php b/usr/local/www/system_usermanager_settings_test.php index 366b16e..6421488 100755 --- a/usr/local/www/system_usermanager_settings_test.php +++ b/usr/local/www/system_usermanager_settings_test.php @@ -39,13 +39,12 @@ ##|-PRIV require("guiconfig.inc"); +require_once("auth.inc"); require("priv.defs.inc"); require("priv.inc"); -$ldapserver = $config['system']['webgui']['ldapserver']; -$ldapbindun = $config['system']['webgui']['ldapbindun']; -$ldapbindpw = $config['system']['webgui']['ldapbindpw']; -$ldapfilter = $config['system']['webgui']['ldapfilter']; +$authserver = $_GET['authserver']; +$authcfg = auth_get_authserver($authserver); ?> @@ -74,44 +73,53 @@ $ldapfilter = $config['system']['webgui']['ldapfilter']; <form method="post" name="iform" id="iform"> <?php -echo "Testing pfSense LDAP settings... One moment please...<p/>"; -echo "<table width='100%'>"; +if (!$authcfg) { + echo "Could not find settings for {$authserver}<p/>"; +} else { + echo "Testing pfSense LDAP settings... One moment please...<p/>"; -echo "<tr><td>Attempting connection to {$ldapserver}</td><td>"; -if(ldap_test_connection()) - echo "<td><font color=green>OK</td></tr>"; -else - echo "<td><font color=red>failed</td></tr>"; - -echo "<tr><td>Attempting bind to {$ldapserver}</td><td>"; -if(ldap_test_bind()) - echo "<td><font color=green>OK</td></tr>"; -else - echo "<td><font color=red>failed</td></tr>"; - -echo "<tr><td>Attempting to fetch Organizational Units from {$ldapserver}</td><td>"; -$ous = ldap_get_user_ous(true); -if(count($ous)>1) - echo "<td><font color=green>OK</td></tr>"; -else - echo "<td><font color=red>failed</td></tr>"; - -echo "</table><p/>"; - -if(is_array($ous)) { - echo "Organization units found:<p/>"; echo "<table width='100%'>"; - foreach($ous as $ou) { - echo "<tr><td>" . $ou . "</td></tr>"; + + echo "<tr><td>Attempting connection to {$ldapserver}</td><td>"; + if(ldap_test_connection($authcfg)) { + echo "<td><font color=green>OK</td></tr>"; + + echo "<tr><td>Attempting bind to {$ldapserver}</td><td>"; + if(ldap_test_bind($authcfg)) { + echo "<td><font color=green>OK</td></tr>"; + + echo "<tr><td>Attempting to fetch Organizational Units from {$ldapserver}</td><td>"; + $ous = ldap_get_user_ous(true, $authcfg); + if(count($ous)>1) { + echo "<td><font color=green>OK</td></tr>"; + echo "</table>"; + if(is_array($ous)) { + echo "Organization units found:<p/>"; + echo "<table width='100%'>"; + foreach($ous as $ou) { + echo "<tr><td>" . $ou . "</td></tr>"; + } + } + } else + echo "<td><font color=red>failed</td></tr>"; + + echo "</table><p/>"; + + } else { + echo "<td><font color=red>failed</td></tr>"; + echo "</table><p/>"; + } + } else { + echo "<td><font color=red>failed</td></tr>"; + echo "</table><p/>"; } - echo "</table>"; } ?> - <p/> - <input type="Button" value="Close" onClick='Javascript:window.close();'> + <p/> + <input type="Button" value="Close" onClick='Javascript:window.close();'> - </form> - </body> + </form> +</body> </html> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 734c66c..8909194 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -44,10 +44,6 @@ if (!is_array($config['openvpn']['openvpn-server'])) $a_server = &$config['openvpn']['openvpn-server']; -if (!is_array($config['system']['authserver'])) - $config['system']['authserver'] = array(); -$auth_servers =& $config['system']['authserver']; - $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; @@ -557,10 +553,10 @@ function netbios_change() { <tr id="authmodetr" style="display:none"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Backend for authentication");?></td> <td width="78%" class="vtable"> - <select name='authmode[]' id='authmode' class="formselect" multiple="true" size="<?php echo count($auth_servers) + 1; ?>"> + <select name='authmode[]' id='authmode' class="formselect" multiple="true" size="<?php echo count($auth_servers); ?>"> <?php $authmodes = explode(",", $pconfig['authmode']); ?> - <option value="local" <?php if (in_array("local", $authmodes)) echo "selected";?>>Local authentication database</option> <?php + $auth_servers = auth_get_authserver_list(); foreach ($auth_servers as $auth_server): $selected = ""; if (in_array($auth_server['name'], $authmodes)) |
