diff options
-rw-r--r-- | etc/inc/auth.inc | 212 | ||||
-rw-r--r-- | etc/inc/authgui.inc | 31 | ||||
-rw-r--r-- | etc/inc/priv.inc | 32 | ||||
-rw-r--r-- | usr/local/www/system_authservers.php | 78 | ||||
-rwxr-xr-x | usr/local/www/system_usermanager_settings.php | 283 | ||||
-rw-r--r-- | usr/local/www/system_usermanager_settings_ldapacpicker.php | 63 | ||||
-rwxr-xr-x | usr/local/www/system_usermanager_settings_test.php | 80 | ||||
-rw-r--r-- | usr/local/www/vpn_openvpn_server.php | 8 |
8 files changed, 278 insertions, 509 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 49c889b..f033738 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -151,7 +151,7 @@ function local_backed($username, $passwd) { if (!$user) return false; - if (is_account_disabled($username)) + if (is_account_disabled($username) || is_account_expired($username)) return false; if ($user['password']) @@ -464,7 +464,7 @@ function local_group_del($group) { } -function ldap_test_connection($authcfg = NULL) { +function ldap_test_connection($authcfg) { global $debug, $config, $g; if ($authcfg) { @@ -477,11 +477,8 @@ function ldap_test_connection($authcfg = NULL) { $ldapbasedn = $authcfg['ldap_basedn']; $ldapbindun = $authcfg['ldap_binddn']; $ldapbindpw = $authcfg['ldap_bindpw']; - } else { - $ldapserver = $config['system']['webgui']['ldapserver']; - $ldapbindun = $config['system']['webgui']['ldapbindun']; - $ldapbindpw = $config['system']['webgui']['ldapbindpw']; - } + } else + return false; /* first check if there is even an LDAP server populated */ if(!$ldapserver) @@ -504,7 +501,7 @@ function ldap_test_connection($authcfg = NULL) { return true; } -function ldap_test_bind($authcfg = NULL) { +function ldap_test_bind($authcfg) { global $debug, $config, $g; if ($authcfg) { @@ -522,13 +519,8 @@ function ldap_test_bind($authcfg = NULL) { $ldapanon = true; else $ldapanon = false; - } else { - $ldapserver = $config['system']['webgui']['ldapserver']; - $ldapbindun = $config['system']['webgui']['ldapbindun']; - $ldapbindpw = $config['system']['webgui']['ldapbindpw']; - $ldapver = 3; - $ldapanon = false; - } + } else + return false; /* first check if there is even an LDAP server populated */ if(!$ldapserver) @@ -552,17 +544,21 @@ function ldap_test_bind($authcfg = NULL) { ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver); if ($ldapanon == true) { - if (!($res = @ldap_bind($ldap))) + if (!($res = @ldap_bind($ldap))) { + @ldap_close($ldap); return false; - } else if (!($res = @ldap_bind($ldap, $ldapbindun, $ldapbindpw))) + } + } else if (!($res = @ldap_bind($ldap, $ldapbindun, $ldapbindpw))) { + @ldap_close($ldap); return false; + } - $ldap_unbind($ldap); + @ldap_unbind($ldap); return true; } -function ldap_get_user_ous($show_complete_ou=true, $authcfg = NULL) { +function ldap_get_user_ous($show_complete_ou=true, $authcfg) { global $debug, $config, $g; if(!function_exists("ldap_connect")) @@ -586,18 +582,8 @@ function ldap_get_user_ous($show_complete_ou=true, $authcfg = NULL) { $ldapname = $authcfg['name']; $ldapfallback = false; $ldapscope = $authcfg['ldap_scope']; - } else { - $ldapserver = $config['system']['webgui']['ldapserver']; - $ldapport = ""; - $ldapbasedn = $config['system']['webgui']['ldapsearchbase']; - $ldapbindun = $config['system']['webgui']['ldapbindun']; - $ldapbindpw = $config['system']['webgui']['ldapbindpw']; - $ldapver = 3; - $ldapanon = false; - $ldapname = "system-settings"; - $ldapfallback = true; - $ldapscope = "all"; - } + } else + return false; $ous = array(); @@ -628,11 +614,13 @@ function ldap_get_user_ous($show_complete_ou=true, $authcfg = NULL) { if ($ldapanon == true) { if (!($res = @ldap_bind($ldap))) { - log_error("ERROR! ldap_get_user_ous() could not bind to server {$ldapname}."); + log_error("ERROR! ldap_get_user_ous() could not bind anonymously to server {$ldapname}."); + @ldap_close($ldap); return $ous; } } else if (!($res = @ldap_bind($ldap, $ldapbindun, $ldapbindpw))) { log_error("ERROR! ldap_get_user_ous() could not bind to server {$ldapname}."); + @ldap_close($ldap); return $ous; } @@ -659,10 +647,12 @@ function ldap_get_user_ous($show_complete_ou=true, $authcfg = NULL) { } } + @ldap_unbind($ldap); + return $ous; } -function ldap_get_groups($username, $authcfg = NULL) { +function ldap_get_groups($username, $authcfg) { global $debug, $config; if(!function_exists("ldap_connect")) @@ -705,21 +695,8 @@ function ldap_get_groups($username, $authcfg = NULL) { $ldapname = $authcfg['name']; $ldapfallback = false; $ldapscope = $authcfg['ldap_scope']; - } else { - $ldapserver = $config['system']['webgui']['ldapserver']; - $ldapport = ""; - $ldapbasedn = $config['system']['webgui']['ldapsearchbase']; - $ldapbindun = $config['system']['webgui']['ldapbindun']; - $ldapbindpw = $config['system']['webgui']['ldapbindpw']; - $ldapfilter = $config['system']['webgui']['ldapfilter']; - $ldapfilter = str_replace("_username_", $username, $ldapfilter); - $ldapgroupattribute = $config['system']['webgui']['ldapgroupattribute']; - $ldapver = 3; - $ldapanon = false; - $ldapname = "system-settings"; - $ldapfallback = true; - $ldapscope = "all"; - } + } else + return false; $ldapdn = $_SESSION['ldapdn']; @@ -746,10 +723,14 @@ function ldap_get_groups($username, $authcfg = NULL) { /* bind as user that has rights to read group attributes */ if ($ldapanon == true) { - if (!($res = @ldap_bind($ldap))) + if (!($res = @ldap_bind($ldap))) { + log_error("ERROR! ldap_get_groups() could not bind anonymously to server {$ldapname}."); + @ldap_close($ldap); return false; + } } else if (!($res = @ldap_bind($ldap, $ldapbindun, $ldapbindpw))) { log_error("ERROR! ldap_get_groups() could not bind to server {$ldapname}."); + @ldap_close($ldap); return memberof; } @@ -778,7 +759,7 @@ function ldap_get_groups($username, $authcfg = NULL) { } /* Time to close LDAP connection */ - ldap_unbind($ldap); + @ldap_unbind($ldap); $groups = print_r($memberof,true); @@ -787,7 +768,7 @@ function ldap_get_groups($username, $authcfg = NULL) { return $memberof; } -function ldap_backed($username, $passwd, $authcfg = NULL) { +function ldap_backed($username, $passwd, $authcfg) { global $debug, $config; if(!$username) @@ -825,26 +806,9 @@ function ldap_backed($username, $passwd, $authcfg = NULL) { $ldaptype = ""; $ldapver = $authcfg['ldap_protver']; $ldapname = $authcfg['name']; - $ldapfallback = false; $ldapscope = $authcfg['ldap_scope']; - } else { - $ldapserver = $config['system']['webgui']['ldapserver']; - $ldapport = ""; - $ldapbasedn = $config['system']['webgui']['ldapsearchbase']; - $ldapbindun = $config['system']['webgui']['ldapbindun']; - $ldapbindpw = $config['system']['webgui']['ldapbindpw']; - $ldapauthcont = $config['system']['webgui']['ldapauthcontainers']; - $ldapnameattribute = $config['system']['webgui']['ldapnameattribute']; - $ldapfilter = $config['system']['webgui']['ldapfilter']; - $ldaptype = $config['system']['webgui']['backend']; - $ldapver = 3; - $ldapfilter = str_replace("_username_", $username, $ldapfilter); - $ldapanon = false; - $ldapname = "system-settings"; - $ldapfallback = true; - $ldapscope = "all"; - } - + } else + return false; /* first check if there is even an LDAP server populated */ if(!$ldapserver) { @@ -870,12 +834,7 @@ function ldap_backed($username, $passwd, $authcfg = NULL) { $error = true; if ($error == true) { - if ($ldapfallback) { - log_error("ERROR! Could not connect to server {$ldapname}. Defaulting to built-in local user database. Visit System -> User Manager for correcting it."); - return local_backed($username, $passwd); - } else - log_error("ERROR! Could not connect to server {$ldapname}."); - + log_error("ERROR! Could not connect to server {$ldapname}."); return false; } @@ -888,13 +847,8 @@ function ldap_backed($username, $passwd, $authcfg = NULL) { $error = true; if ($error == true) { - ldap_close($ldap); - if ($ldapfallback) { - log_error("ERROR! ldap_backed() could not bind to {$ldapserver} - {$ldapfilter}. Defaulting to built-in local_backed()"); - return local_backed($username, $passwd); - } else - log_error("ERROR! Could not bind to server {$ldapname}."); - + @ldap_close($ldap); + log_error("ERROR! Could not bind to server {$ldapname}."); return false; } @@ -941,39 +895,27 @@ function ldap_backed($username, $passwd, $authcfg = NULL) { } if ($usercount != 1){ - ldap_unbind($ldap); - if ($ldapfallback) { - log_error("ERROR! Either LDAP search failed, or multiple users were found. Falling back to local user database."); - $status = local_backed($username, $passwd); - $_SESSION['ldapon'] = "false"; - return $status; - } else - log_error("ERROR! Either LDAP search failed, or multiple users were found."); + @ldap_unbind($ldap); + log_error("ERROR! Either LDAP search failed, or multiple users were found."); return false; } /* Now lets bind as the user we found */ if (!($res = @ldap_bind($ldap, $userdn, $passwd))) { - if ($ldapfallback) { - log_error("ERROR! Could not login to server {$ldapname} as user {$username}. Defaulting to local user database. Visit System -> User Manager."); - $status = local_backed($username, $passwd); - $_SESSION['ldapon'] = "false"; - return $status; - } else - log_error("ERROR! Could not login to server {$ldapname} as user {$username}."); - + log_error("ERROR! Could not login to server {$ldapname} as user {$username}."); + @ldap_unbind($ldap); return false; } log_error("Logged in succesfully as {$username} via LDAP server {$ldapname} with DN = {$userdn}."); /* At this point we are bound to LDAP so the user was auth'd okay. Close connection. */ - ldap_unbind($ldap); + @ldap_unbind($ldap); return true; } -function radius_backed($username, $passwd, $authcfg = NULL){ +function radius_backed($username, $passwd, $authcfg){ global $debug, $config; $ret = false; @@ -984,7 +926,7 @@ function radius_backed($username, $passwd, $authcfg = NULL){ $radiusservers[0]['port'] = $authcfg['radius_auth_port']; $radiusservers[0]['sharedsecret'] = $authcfg['radius_secret']; } else - $radiusservers = $config['system']['radius']['servers']; + return false; /* Add a new servers to our instance */ foreach ($radiusservers as $radsrv) @@ -1056,6 +998,24 @@ function auth_get_authserver($name) { return $authcfg; } } + if ($name == "Local Database") + return array("name" => "Local Database", "type" => "Local Auth", "host" => $config['system']['hostname']); +} + +function auth_get_authserver_list() { + global $config; + + $list = array(); + + if (is_array($config['system']['authserver'])) { + foreach ($config['system']['authserver'] as $authcfg) { + /* Add support for disabled entries? */ + $list[$authcfg['name']] = $authcfg; + } + } + + $list["Local Database"] = array( "name" => "Local Database", "type" => "Local Auth", "host" => $config['system']['hostname']); + return $list; } function authenticate_user($username, $password, $authcfg = NULL) { @@ -1084,29 +1044,23 @@ function authenticate_user($username, $password, $authcfg = NULL) { return $authenticated; } -function session_auth($backing) { - global $debug, $HTTP_SERVER_VARS, $config, $_SESSION, $page; +function session_auth() { + global $HTTP_SERVER_VARS, $config, $_SESSION, $page; session_start(); /* Validate incoming login request */ if (isset($_POST['login'])) { - if ($backing($_POST['usernamefld'], $_POST['passwordfld'])) { - if(is_account_disabled($_POST['usernamefld']) || is_account_disabled($_POST['usernamefld'])) { - $_SESSION['Login_Error'] = "Username or Password incorrect"; - log_error("Login attempt with user: '{$_POST['usernamefld']}' from: '{$_SERVER['REMOTE_ADDR']}' failed."); - if(isAjax()) { - echo "showajaxmessage('{$_SESSION['Login_Error']}');"; - return; - } - } else { - $_SESSION['Logged_In'] = "True"; - $_SESSION['Username'] = $_POST['usernamefld']; - $_SESSION['last_access'] = time(); - log_error("Successful login for user '{$_POST['usernamefld']}' from: {$_SERVER['REMOTE_ADDR']}"); - require_once("functions.inc"); - pfSenseHeader("/{$page}"); - } + $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); + /* Should check backend type for fallback. */ + if (authenticate_user($_POST['usernamefld'], $_POST['passwordfld'], $authcfg) || + authenticate_user($_POST['usernamefld'], $_POST['passwordfld'])) { + $_SESSION['Logged_In'] = "True"; + $_SESSION['Username'] = $_POST['usernamefld']; + $_SESSION['last_access'] = time(); + log_error("Successful login for user '{$_POST['usernamefld']}' from: {$_SERVER['REMOTE_ADDR']}"); + require_once("functions.inc"); + pfSenseHeader("/{$page}"); } else { /* give the user an error message */ $_SESSION['Login_Error'] = "Username or Password incorrect"; @@ -1121,23 +1075,22 @@ function session_auth($backing) { /* Show login page if they aren't logged in */ if (empty($_SESSION['Logged_In'])) { /* Don't display login forms to AJAX */ - if (isAjax()) - return false; - require_once("authgui.inc"); - display_login_form(); + //if (isAjax()) + // return false; + //require_once("authgui.inc"); + //display_login_form(); return false; } /* If session timeout isn't set, we don't mark sessions stale */ - if ( $config['system']['webgui']['session_timeout'] == 0 || - $config['system']['webgui']['session_timeout'] == "") { - $_SESSION['last_access'] = time(); - } elseif (!isset($config['system']['webgui']['session_timeout'])) { + if (!isset($config['system']['webgui']['session_timeout'])) { /* Default to 4 hour timeout if one is not set */ if ($_SESSION['last_access'] < (time() - 14400)) { $_GET['logout'] = true; $_SESSION['Logout'] = true; } + } else if (empty($config['system']['webgui']['session_timeout'])) { + $_SESSION['last_access'] = time(); } else { /* Check for stale session */ if ($_SESSION['last_access'] < (time() - ($config['system']['webgui']['session_timeout'] * 60))) { @@ -1150,9 +1103,6 @@ function session_auth($backing) { } } - /* obtain user object */ - $user = getUserEntry($_SESSION['Username']); - /* user hit the logout button */ if (isset($_GET['logout'])) { diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc index 3f7c216..b3cd6a6 100644 --- a/etc/inc/authgui.inc +++ b/etc/inc/authgui.inc @@ -38,38 +38,13 @@ */ include_once("auth.inc"); -include_once("priv.defs.inc"); include_once("priv.inc"); -/* We only support htpasswd backed HTTP Basic auth and session - * based backing methods at the moment. - * session_auth - this will use session based authentication and timeout - * htpasswd_backed - this uses the "standard" .htpasswd file - * passwd_backed - this will use the system passwd file in /etc - * radius_backed - this will allow you to use a radius server - * pam_backed - this uses the system's PAM facility .htpasswd file - */ - -//log_error("debug: FILE_NAME = {$_SERVER['REQUEST_URI']}"); -//log_error("debug: FILE_NAME = {$_SERVER['SCRIPT_FILENAME']}"); -//log_error("debug: SCRIPT_NAME = {$_SERVER['SCRIPT_NAME']}"); - -/* enable correct auth backend, default to htpasswd_backed */ -$ldapcase = $config['system']['webgui']['backend']; -switch($ldapcase) { - case ldap: - $backing_method="ldap_backed"; - break; - case ldapother: - $backing_method="ldap_backed"; - break; - default: - $backing_method="local_backed"; -} - /* Authenticate user - exit if failed */ -if (!session_auth($backing_method)) +if (!session_auth()) { + display_login_form(); exit; +} /* * Once here, the user has authenticated with the web server. diff --git a/etc/inc/priv.inc b/etc/inc/priv.inc index 13913f7..2d03d60 100644 --- a/etc/inc/priv.inc +++ b/etc/inc/priv.inc @@ -44,6 +44,8 @@ pfSense_MODULE: auth */ +require_once("priv.defs.inc"); + /* Load and process custom privs. */ function get_priv_files($directory) { $dir_array = array(); @@ -253,24 +255,18 @@ function getAllowedPages($username) { $allowed_pages = array(); $allowed_groups = array(); - $ldapon = $_SESSION['ldapon']; - - // search for a local user by name - $local_user = getUserEntry($username); - - // obtain local groups if we have a local user - if ($local_user) { - $allowed_groups = local_user_get_groups($local_user); - getPrivPages($local_user, $allowed_pages); - } - + $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); // obtain ldap groups if we are in ldap mode - if ($config['system']['webgui']['backend'] == "ldap" && !$local_user) - $allowed_groups = ldap_get_groups($username); - - // obtain ldapother groups if we are in ldap mode - if ($config['system']['webgui']['backend'] == "ldapother" && !$local_user) - $allowed_groups = ldap_get_groups($username); + if ($authcfg['type'] == "ldap") + $allowed_groups = @ldap_get_groups($username, $authcfg); + else { + // search for a local user by name + $local_user = getUserEntry($username); + + // obtain local groups if we have a local user + if ($local_user) + $allowed_groups = local_user_get_groups($local_user); + } // build a list of allowed pages if (is_array($config['system']['group']) && is_array($allowed_groups)) @@ -288,4 +284,4 @@ function getAllowedPages($username) { return $allowed_pages; } -?>
\ No newline at end of file +?> diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php index 428a442..6dbe2b2 100644 --- a/usr/local/www/system_authservers.php +++ b/usr/local/www/system_authservers.php @@ -50,7 +50,9 @@ if (isset($_POST['id'])) if (!is_array($config['system']['authserver'])) $config['system']['authserver'] = array(); -$a_server =& $config['system']['authserver']; +$a_servers = auth_get_authserver_list(); +foreach ($a_servers as $servers) + $a_server[] = $servers; $act = $_GET['act']; if ($_POST['act']) @@ -181,7 +183,7 @@ if ($_POST) { if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['host'])) $input_errors[] = gettext("The host name contains invalid characters."); - if (auth_get_authserver($pconfig['name'])) + if (auth_get_authserver($pconfig['name']) && !isset($id)) $input_errors[] = "A authentication server with the same name already exists."; /* if this is an AJAX caller then handle via JSON */ @@ -244,10 +246,10 @@ if ($_POST) { } } - if (isset($id) && $a_server[$id]) - $a_server[$id] = $server; + if (isset($id) && $config['system']['authserver'][$id]) + $config['system']['authserver'][$id] = $server; else - $a_server[] = $server; + $config['system']['authserver'][] = $server; write_config(); @@ -263,14 +265,15 @@ include("head.inc"); <script type="text/javascript"> <!-- -function server_typechange(type) { +function server_typechange(typ) { - if (!type) { - index = document.iform.type.selectedIndex; - type = document.iform.type.options[index].value; + var idx = 0; + if (!typ) { + idx = document.getElementById("type").selectedIndex; + typ = document.getElementById("type").options[idx].value; } - switch (type) { + switch (typ) { case "ldap": document.getElementById("ldap").style.display=""; document.getElementById("radius").style.display="none"; @@ -283,13 +286,13 @@ function server_typechange(type) { } function ldap_urlchange() { - switch (document.iform.ldap_urltype.selectedIndex) { + switch (document.getElementById("ldap_urltype").selectedIndex) { <?php $index = 0; foreach ($ldap_urltypes as $urltype => $urlport): ?> case <?=$index;?>: - document.iform.ldap_port.value = "<?=$urlport;?>"; + document.getElementById("ldap_port").value = "<?=$urlport;?>"; break; <?php $index++; @@ -300,22 +303,22 @@ function ldap_urlchange() { function ldap_bindchange() { - if (document.iform.ldap_anon.checked) + if (document.getElementById("ldap_anon").checked) document.getElementById("ldap_bind").style.display="none"; else document.getElementById("ldap_bind").style.display=""; } function ldap_tmplchange(){ - switch (document.iform.ldap_tmpltype.selectedIndex) { + switch (document.getElementById("ldap_tmpltype").selectedIndex) { <?php $index = 0; foreach ($ldap_templates as $tmpldata): ?> case <?=$index;?>: - document.iform.ldap_attr_user.value = "<?=$tmpldata['attr_user'];?>"; - document.iform.ldap_attr_group.value = "<?=$tmpldata['attr_group'];?>"; - document.iform.ldap_attr_member.value = "<?=$tmpldata['attr_member'];?>"; + document.getElementById("ldap_attr_user").value = "<?=$tmpldata['attr_user'];?>"; + document.getElementById("ldap_attr_group").value = "<?=$tmpldata['attr_group'];?>"; + document.getElementById("ldap_attr_member").value = "<?=$tmpldata['attr_member'];?>"; break; <?php $index++; @@ -325,7 +328,7 @@ function ldap_tmplchange(){ } function radius_srvcschange(){ - switch (document.iform.radius_srvcs.selectedIndex) { + switch (document.getElementById("radius_srvcs").selectedIndex) { case 0: // both document.getElementById("radius_auth").style.display=""; document.getElementById("radius_acct").style.display=""; @@ -341,6 +344,22 @@ function radius_srvcschange(){ } } +function select_clicked() { + var url = 'system_usermanager_settings_ldapacpicker.php?'; + url += 'port=' + document.getElementById("ldap_port").value; + url += '&host=' + document.getElementById("ldap_host").value; + url += '&scope=' + document.getElementById("ldap_scope").value; + url += '&basedn=' + document.getElementById("ldap_basedn").value; + url += '&binddn=' + document.getElementById("ldap_binddn").value; + url += '&bindpw=' + document.getElementById("ldap_bindpw").value; + url += '&urltype=' + document.getElementById("ldap_urltype").value; + url += '&proto=' + document.getElementById("ldap_protver").value; + url += '&authcn=' + document.getElementById("ldapauthcontainers").value; + + var oWin = window.open(url,"pfSensePop","width=620,height=400,top=150,left=150"); + if (oWin==null || typeof(oWin)=="undefined") + alert('Popup blocker detected. Action aborted.'); +} //--> </script> <?php @@ -484,7 +503,7 @@ function radius_srvcschange(){ <td>Containers: </td> <td> <input name="ldapauthcontainers" type="text" class="formfld unknown" id="ldapauthcontainers" size="40" value="<?=htmlspecialchars($pconfig['ldap_authcn']);?>"/> - <input type="button" onClick="javascript:if(openwindow('system_usermanager_settings_ldapacpicker.php') == false) alert('Popup blocker detected. Action aborted.');" value="Select"> + <input type="button" onClick="select_clicked();" value="Select"> <br />NOTE: Semi-Colon separated. This will be prepended to the search base dn above or you can specify full container path. <br />EXAMPLE: CN=Users;DC=example <br />EXAMPLE: CN=Users,DC=example,DC=com;OU=OtherUsers,DC=example,DC=com @@ -640,11 +659,12 @@ function radius_srvcschange(){ $type = htmlspecialchars($auth_server_types[$server['type']]); $host = htmlspecialchars($server['host']); ?> - <tr ondblclick="document.location='system_authservers.php?act=edit&id=<?=$i;?>'"> + <tr <?php if ($i < (count($a_server) - 1)): ?> ondblclick="document.location='system_authservers.php?act=edit&id=<?=$i;?>'" <?php endif; ?>> <td class="listlr"><?=$name?> </td> <td class="listr"><?=$type;?> </td> <td class="listr"><?=$host;?> </td> <td valign="middle" nowrap class="list"> + <?php if ($i < (count($a_server) - 1)): ?> <a href="system_authservers.php?act=edit&id=<?=$i;?>"> <img src="/themes/<?= $g['theme'];?>/images/icons/icon_e.gif" title="edit server" alt="edit server" width="17" height="17" border="0" /> </a> @@ -652,11 +672,11 @@ function radius_srvcschange(){ <a href="system_authservers.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Server?");?>')"> <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="delete server" alt="delete server" width="17" height="17" border="0" /> </a> + <?php endif; ?> </td> </tr> <?php - $i++; - endforeach; + $i++; endforeach; ?> <tr> <td class="list" colspan="3"></td> @@ -681,26 +701,22 @@ function radius_srvcschange(){ </td> </tr> </table> -<?php include("fend.inc");?> +<?php include("fend.inc"); +if ($act == "edit"): ?> <script type="text/javascript"> <!-- -function openwindow(url) { - var oWin = window.open(url,"pfSensePop","width=620,height=400,top=150,left=150"); - if (oWin==null || typeof(oWin)=="undefined") - return false; - else - return true; -} server_typechange('<?=$pconfig['type'];?>'); <?php if (!isset($id) || $pconfig['type'] == "ldap"): ?> ldap_bindchange(); ldap_urlchange(); +<?php if (!isset($id)): ?> ldap_tmplchange(); <? endif; ?> +<? endif; ?> <?php if (!isset($id) || $pconfig['type'] == "radius"): ?> radius_srvcschange(); <? endif; ?> //--> </script> - +<?php endif; ?> </body> diff --git a/usr/local/www/system_usermanager_settings.php b/usr/local/www/system_usermanager_settings.php index 4889d73..7b96d4d 100755 --- a/usr/local/www/system_usermanager_settings.php +++ b/usr/local/www/system_usermanager_settings.php @@ -45,29 +45,20 @@ if($_POST['savetest']) $save_and_test = true; require("guiconfig.inc"); +require_once("auth.inc"); require("priv.defs.inc"); require("priv.inc"); $pconfig['session_timeout'] = &$config['system']['webgui']['session_timeout']; -$pconfig['ldapserver'] = &$config['system']['webgui']['ldapserver']; +$pconfig['authmode'] = &$config['system']['webgui']['authmode']; $pconfig['backend'] = &$config['system']['webgui']['backend']; -$pconfig['ldapbindun'] = &$config['system']['webgui']['ldapbindun']; -$pconfig['ldapbindpw'] = &$config['system']['webgui']['ldapbindpw']; -$pconfig['ldapfilter'] = &$config['system']['webgui']['ldapfilter']; -$pconfig['ldapsearchbase'] = &$config['system']['webgui']['ldapsearchbase']; -$pconfig['ldapauthcontainers'] = &$config['system']['webgui']['ldapauthcontainers']; -$pconfig['ldapgroupattribute'] = &$config['system']['webgui']['ldapgroupattribute']; -$pconfig['ldapnameattribute'] = &$config['system']['webgui']['ldapnameattribute']; // Page title for main admin $pgtitle = array("System","User manager settings"); if ($_POST) { unset($input_errors); - - conf_mount_rw(); - - do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); + $pconfig = $_POST; if($_POST['session_timeout']) { $timeout = intval($_POST['session_timeout']); @@ -78,60 +69,23 @@ if ($_POST) { if (!$input_errors) { if($_POST['session_timeout']) - $pconfig['session_timeout'] = intval($_POST['session_timeout']); + $config['system']['webgui']['session_timeout'] = intval($_POST['session_timeout']); else unset($config['system']['webgui']['session_timeout']); - if($_POST['ldapserver']) - $pconfig['ldapserver'] = $_POST['ldapserver']; + if($_POST['authmode']) + $config['system']['webgui']['authmode'] = $_POST['authmode']; else - unset($pconfig['ldapserver']); + unset($config['system']['webgui']['authmode']); if($_POST['backend']) - $pconfig['backend'] = $_POST['backend']; - else - unset($pconfig['backend']); - - if($_POST['ldapbindun']) - $pconfig['ldapbindun'] = $_POST['ldapbindun']; - else - unset($pconfig['ldapbindun']); - - if($_POST['ldapbindpw']) - $pconfig['ldapbindpw'] = $_POST['ldapbindpw']; - else - unset($pconfig['ldapbindpw']); - - if($_POST['ldapfilter']) - $pconfig['ldapfilter'] = $_POST['ldapfilter']; + $config['system']['webgui']['backend'] = $_POST['backend']; else - unset($pconfig['ldapfilter']); - - if($_POST['ldapsearchbase']) - $pconfig['ldapsearchbase'] = $_POST['ldapsearchbase']; - else - unset($pconfig['ldapsearchbase']); - - if($_POST['ldapauthcontainers']) - $pconfig['ldapauthcontainers'] = $_POST['ldapauthcontainers']; - else - unset($pconfig['ldapauthcontainers']); - - if($_POST['ldapgroupattribute']) - $pconfig['ldapgroupattribute'] = $_POST['ldapgroupattribute']; - else - unset($pconfig['ldapgroupattribute']); - if($_POST['ldapnameattribute']) - $pconfig['ldapnameattribute'] = $_POST['ldapnameattribute']; - else - unset($pconfig['ldapgroupattribute']); + unset($config['system']['webgui']['backend']); write_config(); } - - conf_mount_ro(); - } include("head.inc"); @@ -145,77 +99,13 @@ include("head.inc"); <?php if($save_and_test) { echo "<script language='javascript'>\n"; - echo "myRef = window.open('system_usermanager_settings_test.php','mywin', "; + echo "myRef = window.open('system_usermanager_settings_test.php?authserver={$pconfig['authmode']}','mywin', "; echo "'left=20,top=20,width=700,height=550,toolbar=1,resizable=0');\n"; + echo "if (myRef==null || typeof(myRef)=='undefined') aleart('Popup blocker detected. Action aborted.');\n"; echo "</script>\n"; } ?> -<script language="javascript"> - function show_ldapfilter() { - document.getElementById("filteradv").innerHTML=''; - aodiv = document.getElementById('filteradvdiv'); - aodiv.style.display = "block"; - } - function show_ldapnaming(){ - document.getElementById("namingattribute").innerHTML=''; - aodiv = document.getElementById('ldapnamingdiv'); - aodiv.style.display = "block"; - } - function show_groupmembership() { - document.getElementById("groupmembership").innerHTML=''; - aodiv = document.getElementById('groupmembershipdiv'); - aodiv.style.display = "block"; - } - function ldap_typechange() { - switch (document.iform.backend.selectedIndex) { - case 0: - /* pfSense backend, disable all options */ - document.iform.ldapfilter.disabled = 1; - document.iform.ldapnameattribute.disabled = 1; - document.iform.ldapgroupattribute.disabled = 1; - document.iform.ldapsearchbase.disabled = 1; - document.iform.ldapauthcontainers.disabled = 1; - document.iform.ldapserver.disabled = 1; - document.iform.ldapbindun.disabled = 1; - document.iform.ldapbindpw.disabled = 1; - document.iform.ldapfilter.value = ""; - document.iform.ldapnameattribute.value = ""; - document.iform.ldapgroupattribute.value = ""; - document.iform.ldapauthcontainers.value = ""; - break; - case 1: - /* A/D */ - document.iform.ldapfilter.disabled = 0; - document.iform.ldapnameattribute.disabled = 0; - document.iform.ldapgroupattribute.disabled = 0; - document.iform.ldapsearchbase.disabled = 0; - document.iform.ldapauthcontainers.disabled = 0; - document.iform.ldapserver.disabled = 0; - document.iform.ldapbindun.disabled = 0; - document.iform.ldapbindpw.disabled = 0; - document.iform.ldapfilter.value = "(samaccountname=_username_)"; - document.iform.ldapnameattribute.value = "samaccountname"; - document.iform.ldapgroupattribute.value = "memberOf"; - break; - case 2: - /* eDir */ - document.iform.ldapfilter.disabled = 0; - document.iform.ldapnameattribute.disabled = 0; - document.iform.ldapgroupattribute.disabled = 0; - document.iform.ldapsearchbase.disabled = 0; - document.iform.ldapauthcontainers.disabled = 0; - document.iform.ldapserver.disabled = 0; - document.iform.ldapbindun.disabled = 0; - document.iform.ldapbindpw.disabled = 0; - document.iform.ldapfilter.value = "(cn=_username_)"; - document.iform.ldapnameattribute.value = "CN"; - document.iform.ldapgroupattribute.value = "groupMembership"; - break; - } - } -</script> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="tabnavtbl"> @@ -224,7 +114,7 @@ include("head.inc"); $tab_array[] = array(gettext("Users"), false, "system_usermanager.php"); $tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php"); $tab_array[] = array(gettext("Settings"), true, "system_usermanager_settings.php"); - $tab_array[] = array(gettext("Servers"), false, "system_authservers.php"); + $tab_array[] = array(gettext("Servers"), false, "system_authservers.php"); display_top_tabs($tab_array); /* Default to pfsense backend type if none is defined */ @@ -238,110 +128,49 @@ if(!$pconfig['backend']) <div id="mainarea"> <form id="iform" name="iform" action="system_usermanager_settings.php" method="post"> <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> - <tr> + <tr> <td width="22%" valign="top" class="vncell">Session Timeout</td> <td width="78%" class="vtable"> - <input name="session_timeout" id="session_timeout" type="text" size="8" value="<?=htmlspecialchars($pconfig['session_timeout']);?>" /> - <br /> - <?=gettext("Time in minutes to expire idle management sessions. The default is four hours (240 minutes). <br/> Enter 0 to never expire sessions. NOTE: This is a security risk!");?><br /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Authentication primary backend</td> - <td width="78%" class="vtable"> - <select name='backend' id='backend' onchange='ldap_typechange()'> - <option value="pfsense"<?php if ($pconfig['backend'] == "pfsense") echo " SELECTED";?>>Local User Database</option> - <option value="ldap"<?php if ($pconfig['backend'] == "ldap") echo " SELECTED";?>>LDAP (Active Directory)</option> - <option value="ldapother"<?php if ($pconfig['backend'] == "ldapother") echo " SELECTED";?>>LDAP OTHER (eDir, etc)</option> - </select> - <br/>NOTE: login failures or server not available issues will fall back to <?=$g['product_name'];?> internal users/group authentication. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Server:port</td> - <td width="78%" class="vtable"> - <input name="ldapserver" id="ldapserver" size="65" value="<?=htmlspecialchars($pconfig['ldapserver']);?>"> - <br/>Example: ldaps://ldap.example.org:389 or ldap://ldap.example.org:389 - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Binding username</td> + <input name="session_timeout" id="session_timeout" type="text" size="8" value="<?=htmlspecialchars($pconfig['session_timeout']);?>" /> + <br /> + <?=gettext("Time in minutes to expire idle management sessions. The default is four hours (240 minutes). <br/> Enter 0 to never expire sessions. NOTE: This is a security risk!");?><br /> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Authentication Server</td> <td width="78%" class="vtable"> - <input name="ldapbindun" id="ldapbindun" size="65" value="<?=htmlspecialchars($pconfig['ldapbindun']);?>"> - <br/>This account must have read access to the user objects and be able to retrieve groups. - <br/>Example: For Active Directory you would want to use format DOMAIN\username or username@domain. - <br/>Example: eDirectory you would want to use format cn=username,ou=orgunit,o=org. - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Binding password</td> + <select name='authmode' id='authmode' class="formselect" > + <?php + $auth_servers = auth_get_authserver_list(); + foreach ($auth_servers as $auth_server): + if ($auth_server['type'] == 'radius') + continue; + $selected = ""; + if ($auth_server['name'] == $pconfig['authmode']) + $selected = "selected"; + ?> + <option value="<?=$auth_server['name'];?>" <?=$selected;?>><?=$auth_server['name'];?></option> + <?php endforeach; ?> + </select> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell">Authentication fallback backend</td> <td width="78%" class="vtable"> - <input name="ldapbindpw" id="ldapbindpw" type="password" size="65" value="<?=htmlspecialchars($pconfig['ldapbindpw']);?>"> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Filter</td> - <td width="78%" class="vtable"> - <div id="filteradv" name="filteradv"> - <input type="button" onClick="show_ldapfilter();" value="Advanced"> - Show advanced options - </div> - <div id="filteradvdiv" name="filteradvdiv" style="display:none"> - <input name="ldapfilter" id="ldapfilter" size="65" value="<?=htmlspecialchars($pconfig['ldapfilter']);?>"> - <br/>Example: For Active Directory you would want to use (samaccountname=_username_) - <br/>Example: For eDirectory you would want to use (cn=_username_) - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Naming Attribute</td> - <td width="78%" class="vtable"> - <div id="namingattribute" name="namingattribute"> - <input type="button" onClick="show_ldapnaming();" value="Advanced"> - Show advanced options - </div> - <div id="ldapnamingdiv" name="ldapnamingdiv" style="display:none"> - <input name="ldapnameattribute" id="ldapnameattribute" size="65" value="<?=htmlspecialchars($pconfig['ldapnameattribute']);?>"> - <br/>Example: For Active Directory you would want to use samaccountname. - <br/>Example: For eDirectory you would want to use CN. - </div> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">Group Membership Attribute Name</td> - <td width="78%" class="vtable"> - <div id="groupmembership" name="groupmembership"> - <input type="button" onClick="show_groupmembership();" value="Advanced"> - Show advanced options - </div> - <div id="groupmembershipdiv" name="groupmembershipdiv" style="display:none"> - <input name="ldapgroupattribute" id="ldapgroupattribute" size="65" value="<?=htmlspecialchars($pconfig['ldapgroupattribute']);?>"> - <br/>Example: For Active Directory you would want to use memberOf. - <br/>Example: For eDirectory you would want to use groupMembership. - </div> - </td> - </tr> - - <tr> - <td width="22%" valign="top" class="vncell">LDAP Search base</td> - <td width="78%" class="vtable"> - <input name="ldapsearchbase" size="65" value="<?=htmlspecialchars($pconfig['ldapsearchbase']);?>"> - <br/>Example: DC=example,DC=com - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell">LDAP Authentication container</td> - <td width="78%" class="vtable"> - <input name="ldapauthcontainers" id="ldapauthcontainers" size="65" value="<?=htmlspecialchars($pconfig['ldapauthcontainers']);?>"> - <input type="button" onClick="javascript:if(openwindow('system_usermanager_settings_ldapacpicker.php') == false) alert('Popup blocker detected. Action aborted.');" value="Select"> - <br/>NOTE: Semi-Colon separated. - <br/>EXAMPLE: CN=Users,DC=example,DC=com;CN=OtherUsers,DC=example,DC=com - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input id="submit" name="Submit" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - <input id="savetest" name="savetest" type="submit" class="formbtn" value="<?=gettext("Save and Test");?>" /> - </td> - </tr> + <select name='backend' id='backend' onchange='ldap_typechange()'> + <option value="pfsense"<?php if ($pconfig['backend'] == "pfsense") echo " SELECTED";?>>Local User Database</option> + <option value="ldap"<?php if ($pconfig['backend'] == "ldap") echo " SELECTED";?>>LDAP (Directory server)</option> + </select> + <br/>NOTE: login failures or server not available issues will fall back to <?=$g['product_name'];?> this type of authenticator. + </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <input id="save" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> + <input id="savetest" name="savetest" type="submit" class="formbtn" value="<?=gettext("Save and Test");?>" /> + </td> + </tr> </table> </form> </div> @@ -351,13 +180,3 @@ if(!$pconfig['backend']) <?php include("fend.inc");?> </body> </html> -<script language="javascript"> - function openwindow(url) { - var oWin = window.open(url,"pfSensePop","width=620,height=400,top=150,left=150"); - if (oWin==null || typeof(oWin)=="undefined") { - return false; - } else { - return true; - } - } -</script> diff --git a/usr/local/www/system_usermanager_settings_ldapacpicker.php b/usr/local/www/system_usermanager_settings_ldapacpicker.php index 891b146..729dc6c 100644 --- a/usr/local/www/system_usermanager_settings_ldapacpicker.php +++ b/usr/local/www/system_usermanager_settings_ldapacpicker.php @@ -32,30 +32,41 @@ */ require("guiconfig.inc"); +require_once("auth.inc"); require("priv.defs.inc"); require("priv.inc"); +$ous = array(); +if($_GET) { + $authcfg = array(); + $authcfg['ldap_port'] = $_GET['port']; + $authcfg['ldap_basedn'] = $_GET['basedn']; + $authcfg['host'] = $_GET['host']; + $authcfg['ldap_scope'] = $_GET['scope']; + $authcfg['ldap_binddn'] = $_GET['binddn']; + $authcfg['ldap_bindpw'] = $_GET['bindpw']; + $authcfg['ldap_urltype'] = $_GET['urltype']; + $authcfg['ldap_protver'] = $_GET['proto']; + $authcfg['ldap_authcn'] = explode(";", $_GET['authcn']); + $ous = ldap_get_user_ous(true, $authcfg); +} +?> +<script language="JavaScript"> +function post_choices() { -if($_POST) { - $ous = ldap_get_user_ous(true); - $values = ""; - $isfirst = true; - foreach($ous as $ou) { - if(in_array($ou, $_POST['ou'])) { - if($isfirst == false) - $values .= ";"; - $isfirst = false; - $values .= $ou; - } + var ous = <?php echo count($ous); ?>; + var i; + for (i = 0; i < ous; i++) { + if (document.forms[0].ou[i].checked) { + opener.document.forms[0].ldapauthcontainers.value=""; + if (opener.document.forms[0].ldapauthcontainers.value != "") + opener.document.forms[0].ldapauthcontainers.value+=";"; + opener.document.forms[0].ldapauthcontainers.value+=document.forms[0].ou[i].value; + } } - echo "<script language=\"JavaScript\">\n"; - echo "<!--\n"; - echo " opener.document.forms[0].ldapauthcontainers.value='$values'\n"; - echo " this.close();\n"; - echo "-->\n"; - echo "</script>\n"; + //this.close(); +--> } - -?> +</script> <html> <head> @@ -78,7 +89,7 @@ if($_POST) { } </STYLE> </head> - <body link="#000000" vlink="#000000" alink="#000000" onload="<?= $jsevents["body"]["onload"] ?>"> + <body link="#000000" vlink="#000000" alink="#000000" > <form method="post" action="system_usermanager_settings_ldapacpicker.php"> <b>Please select which containers to Authenticate against:</b> <p/> @@ -87,19 +98,17 @@ if($_POST) { <td class="tabnavtbl"> <table width="100%"> <?php - $ous = ldap_get_user_ous(true); - $pconfig['ldapauthcontainers'] = split(";",$config['system']['webgui']['ldapauthcontainers']); if(!is_array($ous)) { echo "Sorry, we could not connect to the LDAP server. Please try later."; - exit; + //exit; } - if(is_array($ous)) { + else if(is_array($ous)) { foreach($ous as $ou) { - if(in_array($ou, $pconfig['ldapauthcontainers'])) + if(in_array($ou, $authcfg['ldap_authcn'])) $CHECKED=" CHECKED"; else $CHECKED=""; - echo " <tr><td><input type='checkbox' value='{$ou}' name='ou[]'{$CHECKED}> {$ou}<br/></td></tr>\n"; + echo " <tr><td><input type='checkbox' value='{$ou}' id='ou' name='ou[]'{$CHECKED}> {$ou}<br/></td></tr>\n"; } } ?> @@ -110,7 +119,7 @@ if($_POST) { <p/> - <input type='submit' value='Save'> + <input type='button' value='Save' onClick="post_choices();"> </body> </html> diff --git a/usr/local/www/system_usermanager_settings_test.php b/usr/local/www/system_usermanager_settings_test.php index 366b16e..6421488 100755 --- a/usr/local/www/system_usermanager_settings_test.php +++ b/usr/local/www/system_usermanager_settings_test.php @@ -39,13 +39,12 @@ ##|-PRIV require("guiconfig.inc"); +require_once("auth.inc"); require("priv.defs.inc"); require("priv.inc"); -$ldapserver = $config['system']['webgui']['ldapserver']; -$ldapbindun = $config['system']['webgui']['ldapbindun']; -$ldapbindpw = $config['system']['webgui']['ldapbindpw']; -$ldapfilter = $config['system']['webgui']['ldapfilter']; +$authserver = $_GET['authserver']; +$authcfg = auth_get_authserver($authserver); ?> @@ -74,44 +73,53 @@ $ldapfilter = $config['system']['webgui']['ldapfilter']; <form method="post" name="iform" id="iform"> <?php -echo "Testing pfSense LDAP settings... One moment please...<p/>"; -echo "<table width='100%'>"; +if (!$authcfg) { + echo "Could not find settings for {$authserver}<p/>"; +} else { + echo "Testing pfSense LDAP settings... One moment please...<p/>"; -echo "<tr><td>Attempting connection to {$ldapserver}</td><td>"; -if(ldap_test_connection()) - echo "<td><font color=green>OK</td></tr>"; -else - echo "<td><font color=red>failed</td></tr>"; - -echo "<tr><td>Attempting bind to {$ldapserver}</td><td>"; -if(ldap_test_bind()) - echo "<td><font color=green>OK</td></tr>"; -else - echo "<td><font color=red>failed</td></tr>"; - -echo "<tr><td>Attempting to fetch Organizational Units from {$ldapserver}</td><td>"; -$ous = ldap_get_user_ous(true); -if(count($ous)>1) - echo "<td><font color=green>OK</td></tr>"; -else - echo "<td><font color=red>failed</td></tr>"; - -echo "</table><p/>"; - -if(is_array($ous)) { - echo "Organization units found:<p/>"; echo "<table width='100%'>"; - foreach($ous as $ou) { - echo "<tr><td>" . $ou . "</td></tr>"; + + echo "<tr><td>Attempting connection to {$ldapserver}</td><td>"; + if(ldap_test_connection($authcfg)) { + echo "<td><font color=green>OK</td></tr>"; + + echo "<tr><td>Attempting bind to {$ldapserver}</td><td>"; + if(ldap_test_bind($authcfg)) { + echo "<td><font color=green>OK</td></tr>"; + + echo "<tr><td>Attempting to fetch Organizational Units from {$ldapserver}</td><td>"; + $ous = ldap_get_user_ous(true, $authcfg); + if(count($ous)>1) { + echo "<td><font color=green>OK</td></tr>"; + echo "</table>"; + if(is_array($ous)) { + echo "Organization units found:<p/>"; + echo "<table width='100%'>"; + foreach($ous as $ou) { + echo "<tr><td>" . $ou . "</td></tr>"; + } + } + } else + echo "<td><font color=red>failed</td></tr>"; + + echo "</table><p/>"; + + } else { + echo "<td><font color=red>failed</td></tr>"; + echo "</table><p/>"; + } + } else { + echo "<td><font color=red>failed</td></tr>"; + echo "</table><p/>"; } - echo "</table>"; } ?> - <p/> - <input type="Button" value="Close" onClick='Javascript:window.close();'> + <p/> + <input type="Button" value="Close" onClick='Javascript:window.close();'> - </form> - </body> + </form> +</body> </html> diff --git a/usr/local/www/vpn_openvpn_server.php b/usr/local/www/vpn_openvpn_server.php index 734c66c..8909194 100644 --- a/usr/local/www/vpn_openvpn_server.php +++ b/usr/local/www/vpn_openvpn_server.php @@ -44,10 +44,6 @@ if (!is_array($config['openvpn']['openvpn-server'])) $a_server = &$config['openvpn']['openvpn-server']; -if (!is_array($config['system']['authserver'])) - $config['system']['authserver'] = array(); -$auth_servers =& $config['system']['authserver']; - $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; @@ -557,10 +553,10 @@ function netbios_change() { <tr id="authmodetr" style="display:none"> <td width="22%" valign="top" class="vncellreq"><?=gettext("Backend for authentication");?></td> <td width="78%" class="vtable"> - <select name='authmode[]' id='authmode' class="formselect" multiple="true" size="<?php echo count($auth_servers) + 1; ?>"> + <select name='authmode[]' id='authmode' class="formselect" multiple="true" size="<?php echo count($auth_servers); ?>"> <?php $authmodes = explode(",", $pconfig['authmode']); ?> - <option value="local" <?php if (in_array("local", $authmodes)) echo "selected";?>>Local authentication database</option> <?php + $auth_servers = auth_get_authserver_list(); foreach ($auth_servers as $auth_server): $selected = ""; if (in_array($auth_server['name'], $authmodes)) |