diff options
| -rw-r--r-- | etc/inc/auth.inc | 22 | ||||
| -rw-r--r-- | etc/inc/openvpn.inc | 6 | ||||
| -rwxr-xr-x | usr/local/www/firewall_rules.php | 7 | ||||
| -rwxr-xr-x | usr/local/www/firewall_virtual_ip_edit.php | 2 | ||||
| -rw-r--r-- | usr/local/www/system_authservers.php | 15 | ||||
| -rwxr-xr-x | usr/local/www/system_gateways_edit.php | 4 | ||||
| -rwxr-xr-x | usr/local/www/system_usermanager_settings.php | 6 | ||||
| -rw-r--r-- | usr/local/www/system_usermanager_settings_ldapacpicker.php | 63 |
8 files changed, 71 insertions, 54 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index c1a9ba5..83fd02c 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -564,6 +564,8 @@ function ldap_get_user_ous($show_complete_ou=true, $authcfg) { if(!function_exists("ldap_connect")) return; + $ous = array(); + if ($authcfg) { if (strstr($authcfg['ldap_urltype'], "Standard")) $ldapproto = "ldap"; @@ -585,8 +587,6 @@ function ldap_get_user_ous($show_complete_ou=true, $authcfg) { } else return false; - $ous = array(); - /* first check if there is even an LDAP server populated */ if(!$ldapserver) { log_error("ERROR! ldap_get_user_ous() backed selected with no LDAP authentication server defined."); @@ -629,8 +629,8 @@ function ldap_get_user_ous($show_complete_ou=true, $authcfg) { else $ldapfunc = "ldap_search"; - $search = $ldapfunc($ldap, $ldapbasedn, $ldapfilter); - $info = ldap_get_entries($ldap, $search); + $search = @$ldapfunc($ldap, $ldapbasedn, $ldapfilter); + $info = @ldap_get_entries($ldap, $search); if (is_array($info)) { foreach ($info as $inf) { @@ -743,8 +743,8 @@ function ldap_get_groups($username, $authcfg) { else $ldapfunc = "ldap_search"; - $search = $ldapfunc($ldap, $ldapdn, $ldapfilter, array($ldapgroupattribute)); - $info = ldap_get_entries($ldap, $search); + $search = @$ldapfunc($ldap, $ldapdn, $ldapfilter, array($ldapgroupattribute)); + $info = @ldap_get_entries($ldap, $search); $countem = $info["count"]; @@ -876,9 +876,9 @@ function ldap_backed($username, $passwd, $authcfg) { $ldapfunc = "ldap_search"; /* Support legacy auth container specification. */ if (stristr($ldac_split, "DC=")) - $search = $ldapfunc($ldap,$ldac_split,$ldapfilter); + $search = @$ldapfunc($ldap,$ldac_split,$ldapfilter); else - $search = $ldapfunc($ldap,"{$ldac_split},{$ldapbasedn}",$ldapfilter); + $search = @$ldapfunc($ldap,"{$ldac_split},{$ldapbasedn}",$ldapfilter); if (!$search) { log_error("Search resulted in error: " . ldap_error($ldap)); continue; @@ -1106,13 +1106,17 @@ function session_auth() { return false; /* If session timeout isn't set, we don't mark sessions stale */ - if (empty($config['system']['webgui']['session_timeout'])) { + if (!isset($config['system']['webgui']['session_timeout'])) { /* Default to 4 hour timeout if one is not set */ if ($_SESSION['last_access'] < (time() - 14400)) { $_GET['logout'] = true; $_SESSION['Logout'] = true; } else $_SESSION['last_access'] = time(); + } else if (intval($config['system']['webgui']['session_timeout']) == 0) { + /* only update if it wasn't ajax */ + if (!isAjax()) + $_SESSION['last_access'] = time(); } else { /* Check for stale session */ if ($_SESSION['last_access'] < (time() - ($config['system']['webgui']['session_timeout'] * 60))) { diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index b96afad..5fdcca2 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -266,7 +266,7 @@ function openvpn_reconfigure($mode,& $settings) { if (empty($settings)) return; - if ($settings['disable']) + if (isset($settings['disable'])) return; /* @@ -559,7 +559,7 @@ function openvpn_restart($mode, & $settings) { usleep(250000); } - if ($settings['disable']) + if (isset($settings['disable'])) return; /* start the new process */ @@ -607,7 +607,7 @@ function openvpn_resync_csc(& $settings) { $fpath = $g['varetc_path']."/openvpn-csc/".$settings['common_name']; - if ($settings['disable']) { + if (isset($settings['disable'])) { unlink_if_exists($fpath); return; } diff --git a/usr/local/www/firewall_rules.php b/usr/local/www/firewall_rules.php index 75557bc..0edba70 100755 --- a/usr/local/www/firewall_rules.php +++ b/usr/local/www/firewall_rules.php @@ -557,15 +557,10 @@ echo "<script type=\"text/javascript\" language=\"javascript\" src=\"/javascript else if ($filterent['sched']) { if ($iconfn == "block" || $iconfn == "reject") - { $image = "icon_block_d"; - $alttext = "Traffic matching this rule is currently being allowed"; - } else - { $image = "icon_block"; - $alttext = "Traffic matching this rule is currently being denied"; - } + $alttext = "This rule is not currently active because its period has expired"; $printicon = true; } } diff --git a/usr/local/www/firewall_virtual_ip_edit.php b/usr/local/www/firewall_virtual_ip_edit.php index 80d40d8..415ced4 100755 --- a/usr/local/www/firewall_virtual_ip_edit.php +++ b/usr/local/www/firewall_virtual_ip_edit.php @@ -216,7 +216,7 @@ if ($_POST) { mark_subsystem_dirty('vip'); write_config(); - if (!$id && $id != 0) + if (!isset($id)) $id = count($a_vip) - 1; header("Location: firewall_virtual_ip.php?changes=mods&id={$id}"); exit; diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php index a91e30f..ca47289 100644 --- a/usr/local/www/system_authservers.php +++ b/usr/local/www/system_authservers.php @@ -345,6 +345,21 @@ function radius_srvcschange(){ } function select_clicked() { + if (document.getElementById("ldap_port").value == '' || + document.getElementById("ldap_host").value == '' || + document.getElementById("ldap_scope").value == '' || + document.getElementById("ldap_basedn").value == '' || + document.getElementById("ldapauthcontainers").value == '') { + alert("Please fill the required values."); + return; + } + if (!document.getElementById("ldap_anon").checked) { + if (document.getElementById("ldap_binddn").value == '' || + document.getElementById("ldap_bindpw").value == '') { + alert("Please fill the bind username/password."); + return; + } + } var url = 'system_usermanager_settings_ldapacpicker.php?'; url += 'port=' + document.getElementById("ldap_port").value; url += '&host=' + document.getElementById("ldap_host").value; diff --git a/usr/local/www/system_gateways_edit.php b/usr/local/www/system_gateways_edit.php index fe9c4f9..daa2abf 100755 --- a/usr/local/www/system_gateways_edit.php +++ b/usr/local/www/system_gateways_edit.php @@ -146,11 +146,12 @@ if ($_POST) { } if (!$input_errors) { + $reloadif = false; /* if we are processing a system gateway only save the monitorip */ if(($_POST['attribute'] == "system" && empty($_POST['defaultgw'])) || (empty($_POST['interface']) && empty($_POST['gateway']) && empty($_POST['defaultgw']))) { if (is_ipaddr($_POST['monitor'])) { if (empty($_POST['interface'])) - $interface = $pconfig['interface']; + $interface = $pconfig['friendlyiface']; else $interface = $_POST['interface']; $config['interfaces'][$interface]['monitorip'] = $_POST['monitor']; @@ -164,7 +165,6 @@ if ($_POST) { /* Manual gateways are handled differently */ /* rebuild the array with the manual entries only */ - $reloadif = false; $gateway = array(); $gateway['interface'] = $_POST['interface']; $gateway['name'] = $_POST['name']; diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index b2c8209..8fa652c 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -57,7 +57,7 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - if($_POST['session_timeout']) { + if(isset($_POST['session_timeout'])) { $timeout = intval($_POST['session_timeout']); if ($timeout != "" && (!is_numeric($timeout) || $timeout <= 0)) $input_errors[] = gettext("Session timeout must be an integer value."); @@ -65,7 +65,7 @@ if ($_POST) { if (!$input_errors) { - if($_POST['session_timeout']) + if(isset($_POST['session_timeout'])) $config['system']['webgui']['session_timeout'] = intval($_POST['session_timeout']); else unset($config['system']['webgui']['session_timeout']); @@ -125,7 +125,7 @@ if(!$pconfig['backend']) <td width="78%" class="vtable"> <input name="session_timeout" id="session_timeout" type="text" size="8" value="<?=htmlspecialchars($pconfig['session_timeout']);?>" /> <br /> - <?=gettext("Time in minutes to expire idle management sessions. The default is four hours (240 minutes). <br/> Leave blank to never expire sessions. NOTE: This is a security risk!");?><br /> + <?=gettext("Time in minutes to expire idle management sessions. The default is 4 hours (240 minutes). <br/> 0 means to never expire sessions. NOTE: This is a security risk!");?><br /> </td> </tr> <tr> diff --git a/usr/local/www/system_usermanager_settings_ldapacpicker.php b/usr/local/www/system_usermanager_settings_ldapacpicker.php index 6a3d186..40212b1 100644 --- a/usr/local/www/system_usermanager_settings_ldapacpicker.php +++ b/usr/local/www/system_usermanager_settings_ldapacpicker.php @@ -33,7 +33,9 @@ require("guiconfig.inc"); require_once("auth.inc"); + $ous = array(); + if($_GET) { $authcfg = array(); $authcfg['ldap_port'] = $_GET['port']; @@ -47,7 +49,29 @@ if($_GET) { $authcfg['ldap_authcn'] = explode(";", $_GET['authcn']); $ous = ldap_get_user_ous(true, $authcfg); } + ?> +<html> + <head> + <STYLE type="text/css"> + TABLE { + border-width: 1px 1px 1px 1px; + border-spacing: 0px; + border-style: solid solid solid solid; + border-color: gray gray gray gray; + border-collapse: separate; + background-color: collapse; + } + TD { + border-width: 0px 0px 0px 0px; + border-spacing: 0px; + border-style: solid solid solid solid; + border-color: gray gray gray gray; + border-collapse: collapse; + background-color: white; + } + </STYLE> + </head> <script language="JavaScript"> function post_choices() { @@ -61,34 +85,17 @@ function post_choices() { opener.document.forms[0].ldapauthcontainers.value+=document.forms[0].ou[i].value; } } - //this.close(); + window.close(); --> } </script> -<html> - <head> - <STYLE type="text/css"> - TABLE { - border-width: 1px 1px 1px 1px; - border-spacing: 0px; - border-style: solid solid solid solid; - border-color: gray gray gray gray; - border-collapse: separate; - background-color: collapse; - } - TD { - border-width: 0px 0px 0px 0px; - border-spacing: 0px; - border-style: solid solid solid solid; - border-color: gray gray gray gray; - border-collapse: collapse; - background-color: white; - } - </STYLE> - </head> <body link="#000000" vlink="#000000" alink="#000000" > <form method="post" action="system_usermanager_settings_ldapacpicker.php"> +<?php if (empty($ous)): ?> + <p>Sorry, we could not connect to the LDAP server. Please try later.</p> + <input type='button' value='Close' onClick="window.close();"> +<?php else: ?> <b>Please select which containers to Authenticate against:</b> <p/> <table width="100%" border="0" cellpadding="0" cellspacing="0"> @@ -96,11 +103,7 @@ function post_choices() { <td class="tabnavtbl"> <table width="100%"> <?php - if(!is_array($ous)) { - echo "Sorry, we could not connect to the LDAP server. Please try later."; - //exit; - } - else if(is_array($ous)) { + if(is_array($ous)) { foreach($ous as $ou) { if(in_array($ou, $authcfg['ldap_authcn'])) $CHECKED=" CHECKED"; @@ -109,7 +112,7 @@ function post_choices() { echo " <tr><td><input type='checkbox' value='{$ou}' id='ou' name='ou[]'{$CHECKED}> {$ou}<br/></td></tr>\n"; } } -?> +?> </table> </td> </tr> @@ -118,7 +121,7 @@ function post_choices() { <p/> <input type='button' value='Save' onClick="post_choices();"> - +<?php endif; ?> + </form> </body> </html> - |
