diff options
Diffstat (limited to 'src/usr/local/www/system_usermanager.php')
-rw-r--r-- | src/usr/local/www/system_usermanager.php | 1344 |
1 files changed, 615 insertions, 729 deletions
diff --git a/src/usr/local/www/system_usermanager.php b/src/usr/local/www/system_usermanager.php index f08ce7c..ce8a727 100644 --- a/src/usr/local/www/system_usermanager.php +++ b/src/usr/local/www/system_usermanager.php @@ -2,45 +2,64 @@ /* $Id$ */ /* system_usermanager.php - part of m0n0wall (http://m0n0.ch/wall) - - part of pfSense - Copyright (C) 2013-2015 Electric Sheep Fencing, LP - All rights reserved. - - Copyright (C) 2008 Shrew Soft Inc. - All rights reserved. - - Copyright (C) 2005 Paul Taylor <paultaylor@winn-dixie.com>. - All rights reserved. - - Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. */ +/* ==================================================================== + * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. + * Copyright (c) 2004, 2005 Scott Ullrich + * Copyright (c) 2003-2005 Manuel Kasper <mk@neon1.net> + * Copyright (c) 2008 Shrew Soft Inc. + * Copyright (c) 2005 Paul Taylor <paultaylor@winn-dixie.com> + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgment: + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution. (http://www.pfsense.org/). + * + * 4. The names "pfSense" and "pfSense Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * coreteam@pfsense.org. + * + * 5. Products derived from this software may not be called "pfSense" + * nor may "pfSense" appear in their names without prior written + * permission of the Electric Sheep Fencing, LLC. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * + * "This product includes software developed by the pfSense Project + * for use in the pfSense software distribution (http://www.pfsense.org/). + * + * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + * ==================================================================== + * + */ /* pfSense_BUILDER_BINARIES: - pfSense_MODULE: auth + pfSense_MODULE: auth */ ##|+PRIV @@ -60,11 +79,16 @@ if (isset($_POST['userid']) && is_numericint($_POST['userid'])) { $id = $_POST['userid']; } +if (isset($_GET['userid']) && is_numericint($_GET['userid'])) { + $id = $_GET['userid']; +} + if (!isset($config['system']['user']) || !is_array($config['system']['user'])) { $config['system']['user'] = array(); } $a_user = &$config['system']['user']; +$act = $_GET['act']; if (isset($_SERVER['HTTP_REFERER'])) { $referer = $_SERVER['HTTP_REFERER']; @@ -98,70 +122,10 @@ if ($_POST['act'] == "deluser") { $userdeleted = $a_user[$id]['name']; unset($a_user[$id]); write_config(); - $savemsg = gettext("User") . " {$userdeleted} " . gettext("successfully deleted") . "<br />"; -} else if ($_POST['act'] == "delpriv") { - - if (!$a_user[$id]) { - pfSenseHeader("system_usermanager.php"); - exit; - } - - $privdeleted = $priv_list[$a_user[$id]['priv'][$_POST['privid']]]['name']; - unset($a_user[$id]['priv'][$_POST['privid']]); - local_user_set($a_user[$id]); - write_config(); - $_POST['act'] = "edit"; - $savemsg = gettext("Privilege") . " {$privdeleted} " . gettext("successfully deleted"). "<br />"; -} else if ($_POST['act'] == "expcert") { - - if (!$a_user[$id]) { - pfSenseHeader("system_usermanager.php"); - exit; - } - - $cert =& lookup_cert($a_user[$id]['cert'][$_POST['certid']]); - - $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt"); - $exp_data = base64_decode($cert['crt']); - $exp_size = strlen($exp_data); - - header("Content-Type: application/octet-stream"); - header("Content-Disposition: attachment; filename={$exp_name}"); - header("Content-Length: $exp_size"); - echo $exp_data; - exit; -} else if ($_POST['act'] == "expckey") { - - if (!$a_user[$id]) { - pfSenseHeader("system_usermanager.php"); - exit; - } - - $cert =& lookup_cert($a_user[$id]['cert'][$_POST['certid']]); - - $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key"); - $exp_data = base64_decode($cert['prv']); - $exp_size = strlen($exp_data); - - header("Content-Type: application/octet-stream"); - header("Content-Disposition: attachment; filename={$exp_name}"); - header("Content-Length: $exp_size"); - echo $exp_data; - exit; -} else if ($_POST['act'] == "delcert") { - - if (!$a_user[$id]) { - pfSenseHeader("system_usermanager.php"); - exit; - } - - $certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]); - $certdeleted = $certdeleted['descr']; - unset($a_user[$id]['cert'][$_POST['certid']]); - write_config(); - $_POST['act'] = "edit"; - $savemsg = gettext("Certificate") . " {$certdeleted} " . gettext("association removed.") . "<br />"; -} else if ($_POST['act'] == "new") { + $savemsg = gettext("User")." {$userdeleted} ". + gettext("successfully deleted")."<br />"; +} +else if ($act == "new") { /* * set this value cause the text field is read only * and the user should not be able to mess with this @@ -189,6 +153,21 @@ if (isset($_POST['dellall_x'])) { } } +if ($_POST['act'] == "delcert") { + + if (!$a_user[$id]) { + pfSenseHeader("system_usermanager.php"); + exit; + } + + $certdeleted = lookup_cert($a_user[$id]['cert'][$_POST['certid']]); + $certdeleted = $certdeleted['descr']; + unset($a_user[$id]['cert'][$_POST['certid']]); + write_config(); + $_POST['act'] = "edit"; + $savemsg = gettext("Certificate") . " {$certdeleted} " . gettext("association removed.") . "<br />"; +} + if ($_POST['save']) { unset($input_errors); $pconfig = $_POST; @@ -291,6 +270,15 @@ if ($_POST['save']) { } if (!$input_errors) { + // This used to be a separate act=delpriv + if ($a_user[$id] && !empty($_POST['privid'])) { + foreach ($_POST['privid'] as $i) + unset($a_user[$id]['priv'][$i]); + + local_user_set($a_user[$id]); + write_config(); + } + conf_mount_rw(); $userent = array(); if (isset($id) && $a_user[$id]) { @@ -380,661 +368,559 @@ if ($_POST['save']) { } } -$closehead = false; -include("head.inc"); -?> +function build_priv_table() { + global $a_user, $id; + + $privhtml = '<div class="table-responsive">'; + $privhtml .= '<table class="table table-striped table-hover table-condensed">'; + $privhtml .= '<thead>'; + $privhtml .= '<tr>'; + $privhtml .= '<th>' . gettext('Inherited from') . '</th>'; + $privhtml .= '<th>' . gettext('Name') . '</th>'; + $privhtml .= '<th>' . gettext('Description') . '</th>'; + $privhtml .= '</tr>'; + $privhtml .= '</thead>'; + $privhtml .= '<tbody>'; + + foreach (get_user_privdesc($a_user[$id]) as $i => $priv) { + $privhtml .= '<tr>'; + $privhtml .= '<td>' . htmlspecialchars($priv['group']) . '</td>'; + $privhtml .= '<td>' . htmlspecialchars($priv['name']) . '</td>'; + $privhtml .= '<td>' . htmlspecialchars($priv['descr']) . '</td>'; + $privhtml .= '</tr>'; + } -<link rel="stylesheet" type="text/css" href="/javascript/jquery-ui-timepicker-addon/css/jquery-ui-timepicker-addon.css" /> -<link rel="stylesheet" type="text/css" href="/javascript/jquery/jquery-ui-1.11.1.css" /> + $privhtml .= '</tbody>'; + $privhtml .= '</table>'; + $privhtml .= '</div>'; -<script type="text/javascript" src="/javascript/row_toggle.js"></script> -<script type="text/javascript"> -//<![CDATA[ - jQuery(function() { - jQuery( "#expires" ).datepicker( { dateFormat: 'mm/dd/yy', changeYear: true, yearRange: "+0:+100" } ); - }); -//]]> -</script> -</head> + $privhtml .= '<nav class="action-buttons">'; + $privhtml .= '<a href="system_usermanager_addprivs.php?userid=' . $id . '" class="btn btn-success">' . gettext("Add") . '</a>'; + $privhtml .= '</nav>'; -<body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?= $jsevents["body"]["onload"] ?>"> -<?php include("fbegin.inc"); ?> + return($privhtml); +} -<script type="text/javascript"> -//<![CDATA[ +function build_cert_table() { + global $a_user, $id; + + $certhtml = '<div class="table-responsive">'; + $certhtml .= '<table class="table table-striped table-hover table-condensed">'; + $certhtml .= '<thead>'; + $certhtml .= '<tr>'; + $certhtml .= '<th>' . gettext('Name') . '</th>'; + $certhtml .= '<th>' . gettext('CA') . '</th>'; + $certhtml .= '<th></th>'; + $certhtml .= '</tr>'; + $certhtml .= '</thead>'; + $certhtml .= '<tbody>'; + + $a_cert = $a_user[$id]['cert']; + if (is_array($a_cert)) { + $i = 0; + foreach ($a_cert as $certref) { + $cert = lookup_cert($certref); + $ca = lookup_ca($cert['caref']); + $revokedstr = is_cert_revoked($cert) ? '<b> Revoked</b>':''; + + $certhtml .= '<tr>'; + $certhtml .= '<td>' . htmlspecialchars($cert['descr']) . $revokedstr . '</td>'; + $certhtml .= '<td>' . htmlspecialchars($ca['descr']) . '</td>'; + $certhtml .= '<td>'; + $certhtml .= '<a id="delcert' . $i .'" class="btn btn-xs btn-warning" title="'; + $certhtml .= gettext('Remove this certificate association? (Certificate will not be deleted)') . '">Delete</a>'; + $certhtml .= '</td>'; + $certhtml .= '</tr>'; + $i++; + } -function setall_selected(id) { - selbox = document.getElementById(id); - count = selbox.options.length; - for (index = 0; index<count; index++) { - selbox.options[index].selected = true; } + + $certhtml .= '</tbody>'; + $certhtml .= '</table>'; + $certhtml .= '</div>'; + + $certhtml .= '<nav class="action-buttons">'; + $certhtml .= '<a href="system_certmanager.php?act=new&userid=' . $id . '" class="btn btn-success">' . gettext("Add") . '</a>'; + $certhtml .= '</nav>'; + + return($certhtml); } -function delete_empty(id) { - selbox = document.getElementById(id); - count = selbox.options.length; - for (index = 0; index<count; index++) { - if (selbox.options[index].value == '') { - selbox.remove(index); - } - } +$closehead = false; +include("head.inc"); + +if ($input_errors) + print_input_errors($input_errors); + +if ($savemsg) + print_info_box($savemsg, 'success'); + +$tab_array = array(); +$tab_array[] = array(gettext("Users"), true, "system_usermanager.php"); +$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php"); +$tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php"); +$tab_array[] = array(gettext("Servers"), false, "system_authservers.php"); +display_top_tabs($tab_array); + +if (!($act == "new" || $act == "edit" || $input_errors)) { +?> + +<div class="table-responsive"> + <table class="table table-striped table-hover"> + <thead> + <tr> + <th> </th> + <th><?=gettext("Username")?></th> + <th><?=gettext("Full name")?></th> + <th><?=gettext("Disabled")?></th> + <th><?=gettext("Groups")?></th> + </tr> + </thead> + <tbody> + </tbody> + <tbody> +<?php +foreach($a_user as $i => $userent): + ?> + <tr> + <td> + <input type="checkbox" id="frc<?=$i?>" name="delete_check[]" value="<?=$i?>" <?=($userent['scope'] == "system" ? 'disabled="disabled"' : '')?>/> + </td> + <td> +<?php + if($userent['scope'] != "user") + $usrimg = 'eye-open'; + else + $usrimg = 'user'; +?> + <i class="icon icon-<?=$usrimg?>"></i> + <?=htmlspecialchars($userent['name'])?> + </td> + <td><?=htmlspecialchars($userent['descr'])?></td> + <td><?php if(isset($userent['disabled'])) echo "*"?></td> + <td><?=implode(",",local_user_get_groups($userent))?></td> + <td> + <a href="?act=edit&userid=<?=$i?>" class="btn btn-xs btn-primary">edit</a> +<?php if($userent['scope'] != "system"): ?> + <a href="?act=del&userid=<?=$i?>" class="btn btn-xs btn-danger">delete</a> +<?php endif; ?> + </td> + </tr> +<?php endforeach; ?> + </tbody> + </table> +</div> +<nav class="action-buttons"> + <a href="?act=new" class="btn btn-success">add new</a> +</nav> +<p> + <?=gettext("Additional users can be added here. User permissions for accessing " . + "the webConfigurator can be assigned directly or inherited from group memberships. " . + "An icon that appears grey indicates that it is a system defined object. " . + "Some system object properties can be modified but they cannot be deleted.")?> + <br /><br /> + <?=gettext("Accounts created here are also used for other parts of the system " . + "such as OpenVPN, IPsec, and Captive Portal.")?> +</p> +<?php + include("foot.inc"); + exit; } -function clear_selected(id) { - selbox = document.getElementById(id); - count = selbox.options.length; - for (index = 0; index<count; index++) { - selbox.options[index].selected = false; +require_once('classes/Form.class.php'); +$form = new Form; + +if ($act == "new" || $act == "edit" || $input_errors): + + $form->addGlobal(new Form_Input( + 'act', + null, + 'hidden', + '' + )); + + $form->addGlobal(new Form_Input( + 'userid', + null, + 'hidden', + isset($id) ? $id:'' + )); + + $form->addGlobal(new Form_Input( + 'privid', + null, + 'hidden', + '' + )); + + $form->addGlobal(new Form_Input( + 'certid', + null, + 'hidden', + '' + )); + + $ro = ""; + if ($pconfig['utype'] == "system") { + $ro = "readonly=\"readonly\""; } -} -function remove_selected(id) { - selbox = document.getElementById(id); - index = selbox.options.length - 1; - for (; index >= 0; index--) { - if (selbox.options[index].selected) { - selbox.remove(index); + $section = new Form_Section('User Properties'); + + $section->addInput(new Form_StaticText( + 'Defined by', + strtoupper($pconfig['utype']) + )); + + $form->addGlobal(new Form_Input( + 'utype', + null, + 'hidden', + $pconfig['utype'] + )); + + $section->addInput(new Form_Checkbox( + 'disabled', + 'Disabled', + 'This user cannot login', + $pconfig['disabled'] + )); + + $section->addInput($input = new Form_Input( + 'usernamefld', + 'Username', + 'text', + $pconfig['usernamefld'] + )); + + if ($ro) + $input->setDisabled(); + + $form->addGlobal(new Form_Input( + 'oldusername', + null, + 'hidden', + $pconfig['usernamefld'] + )); + + $group = new Form_Group('Password'); + $group->add(new Form_Input( + 'passwordfld1', + 'Password', + 'password' + )); + $group->add(new Form_Input( + 'passwordfld2', + 'Confirm Password', + 'password' + )); + + $section->add($group); + + $section->addInput($input = new Form_Input( + 'descr', + 'Full name', + 'text', + htmlspecialchars($pconfig['descr']) + ))->setHelp('User\'s full name, for your own information only'); + + if ($ro) + $input->setDisabled(); + + $section->addInput(new Form_Input( + 'expires', + 'Expiration date', + 'date', + $pconfig['expires'] + ))->setHelp('Leave blank if the account shouldn\'t expire, otherwise enter '. + 'the expiration date'); + + // ==== Group membership ================================================== + $group = new Form_Group('Group membership'); + + // Make a list of all the groups configured on the system, and a list of + // those which this user is a member of + $systemGroups = array(); + $usersGroups = array(); + + $usergid = [$pconfig['usernamefld']]; + + foreach ($config['system']['group'] as $Ggroup) { + if($Ggroup['name'] != "all") { + if(($act == 'edit') && $Ggroup['member'] && in_array($pconfig['uid'], $Ggroup['member'])) + $usersGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the user's list + else + $systemGroups[ $Ggroup['name'] ] = $Ggroup['name']; // Add it to the 'not a member of' list } } -} -function copy_selected(srcid, dstid) { - src_selbox = document.getElementById(srcid); - dst_selbox = document.getElementById(dstid); - count = dst_selbox.options.length; - for (index = count - 1; index >= 0; index--) { - if (dst_selbox.options[index].value == '') { - dst_selbox.remove(index); - } + $group->add(new Form_Select( + 'sysgroups', + null, + array_combine((array)$pconfig['groups'], (array)$pconfig['groups']), + $systemGroups, + true + ))->setHelp('Not member of'); + + $group->add(new Form_Select( + 'groups', + null, + array_combine((array)$pconfig['groups'], (array)$pconfig['groups']), + $usersGroups, + true + ))->setHelp('Member of'); + + $section->add($group); + + $group = new Form_Group(''); + + $group->add(new Form_Button( + 'movetoenabled', + 'Move to "Member of" list >' + ))->removeClass('btn-primary')->addClass('btn-default btn-sm'); + + $group->add(new Form_Button( + 'movetodisabled', + '< Move to "Not member of" list' + ))->removeClass('btn-primary')->addClass('btn-default btn-sm'); + + $group->setHelp('Hold down CTRL (pc)/COMMAND (mac) key to select multiple items'); + $section->add($group); + + // ==== Button for adding user certificate ================================ + if($act == 'new') { + $section->addInput(new Form_Checkbox( + 'showcert', + 'Certificate', + 'Click to create a user certificate', + false + )); } - count = src_selbox.options.length; - for (index = 0; index < count; index++) { - if (src_selbox.options[index].selected) { - option = document.createElement('option'); - option.text = src_selbox.options[index].text; - option.value = src_selbox.options[index].value; - dst_selbox.add(option, null); - } + + $form->add($section); + + // ==== Effective privileges section ====================================== + if (isset($pconfig['uid'])) { + // We are going to build an HTML table and add it to an Input_StaticText. It may be ugly, but it + // is the best way to make the display we need. + + $section = new Form_Section('Effective Privileges'); + + $section->addInput(new Form_StaticText( + null, + build_priv_table() + )); + + $form->add($section); + + // ==== Certificate table section ===================================== + $section = new Form_Section('User certificates'); + + $section->addInput(new Form_StaticText( + null, + build_cert_table() + )); + + $form->add($section); } -} +else; + $section = new Form_Section('User Certificates'); + + foreach ((array)$a_user[$id]['cert'] as $i => $certref) { + $cert = lookup_cert($certref); + $ca = lookup_ca($cert['caref']); + + // We reverse name and action for readability of longer names + $section->addInput(new Form_Checkbox( + 'certid[]', + 'Delete certificate', + $cert['descr']. (is_cert_revoked($cert) ? ' <b>revoked</b>' : ''), + false, + $i + )); + } -function move_selected(srcid, dstid) { - copy_selected(srcid, dstid); - remove_selected(srcid); -} + #FIXME; old ui supplied direct export links to each certificate -function presubmit() { - delete_empty('groups'); - delete_empty('notgroups'); - clear_selected('notgroups'); - setall_selected('groups'); -} + $section->addInput(new Form_StaticText( + null, + new Form_Button(null, 'add certificate', 'system_certmanager.php?act=new&userid='. $id). + new Form_Button(null, 'export certificates', 'system_certmanager.php') + )); -function usercertClicked(obj) { - if (obj.checked) { - document.getElementById("usercertchck").style.display="none"; - document.getElementById("usercert").style.display=""; - } else { - document.getElementById("usercert").style.display="none"; - document.getElementById("usercertchck").style.display=""; + // ==== Add user certificate for a new user + if (is_array($config['ca']) && count($config['ca']) > 0) { + $section = new Form_Section('Create certificate for user'); + $section->addClass('cert-options'); + + $nonPrvCas = array(); + foreach( $config['ca'] as $ca) { + if (!$ca['prv']) + continue; + + $nonPrvCas[ $ca['refid'] ] = $ca['descr']; + } + + if (!empty($nonPrvCas)) { + $section->addInput(new Form_Input( + 'name', + 'Descriptive name', + 'text', + $pconfig['name'] + )); + + $section->addInput(new Form_Select( + 'caref', + 'Certificate authority', + null, + $nonPrvCas + )); + + $section->addInput(new Form_Select( + 'keylen', + 'Key length', + 2048, + array( + 512 => '512 bits', + 1024 => '1024 bits', + 2048 => '2049 bits', + 4096 => '4096 bits', + ) + )); + + $section->addInput(new Form_Input( + 'lifetime', + 'Lifetime', + 'number', + $pconfig['lifetime'] + )); + } + + $form->add($section); + } + +endif; +// ==== Paste a key for the new user +$section = new Form_Section('Keys'); + +$section->addInput(new Form_Checkbox( + 'showkey', + 'Authorized keys', + 'Click to paste an authorized key', + false +)); + +$section->addInput(new Form_Textarea( + 'authorizedkeys', + 'Authorized SSH Keys', + $pconfig['authorizedkeys'] +))->setHelp('Enter authorized SSH keys for this user'); + +$section->addInput(new Form_Input( + 'ipsecpsk', + 'IPsec Pre-Shared Key', + 'text', + $pconfig['ipsecpsk'] +)); + +$form->add($section); + +print $form; +?> +<script> +//<![CDATA[ +events.push(function(){ + // Hides all elements of the specified class. + function hideClass(s_class, hide) { + if(hide) + $('.' + s_class).hide(); + else + $('.' + s_class).show(); } -} -function sshkeyClicked(obj) { - if (obj.checked) { - document.getElementById("sshkeychck").style.display="none"; - document.getElementById("sshkey").style.display=""; - } else { - document.getElementById("sshkey").style.display="none"; - document.getElementById("sshkeychck").style.display=""; + // Hides the <div> in which the specified input element lives so that the input, its label and help text are hidden + function hideInput(id, hide) { + if(hide) + $('#' + id).parent().parent('div').addClass('hidden'); + else + $('#' + id).parent().parent('div').removeClass('hidden'); } -} -//]]> -</script> -<?php - if ($input_errors) { - print_input_errors($input_errors); + + // Hides the <div> in which the specified checkbox lives so that the checkbox, its label and help text are hidden + function hideCheckbox(id, hide) { + if(hide) + $('#' + id).parent().parent().parent('div').addClass('hidden'); + else + $('#' + id).parent().parent().parent('div').removeClass('hidden'); + } + + // Select every option in the specified multiselect + function AllServers(id, selectAll) { + for (i = 0; i < id.length; i++) { + id.eq(i).prop('selected', selectAll); + } } - if ($savemsg) { - print_info_box($savemsg); + + // Move all selected options from one multiselect to another + function moveOptions(From, To) { + var len = From.length; + var option; + + if(len > 0) { + for(i=0; i<len; i++) { + if(From.eq(i).is(':selected')) { + option = From.eq(i).val(); + To.append(new Option(option, option)); + From.eq(i).remove(); + } + } + } } -?> -<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="user manager"> - <tr> - <td> -<?php - $tab_array = array(); - $tab_array[] = array(gettext("Users"), true, "system_usermanager.php"); - $tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php"); - $tab_array[] = array(gettext("Settings"), false, "system_usermanager_settings.php"); - $tab_array[] = array(gettext("Servers"), false, "system_authservers.php"); - display_top_tabs($tab_array); -?> - </td> - </tr> - <tr> - <td id="mainarea"> - <div class="tabcont"> -<?php - if ($_POST['act'] == "new" || $_POST['act'] == "edit" || $input_errors): -?> - <form action="system_usermanager.php" method="post" name="iform" id="iform" onsubmit="presubmit()"> - <input type="hidden" id="act" name="act" value="" /> - <input type="hidden" id="userid" name="userid" value="<?=(isset($id) ? $id : '');?>" /> - <input type="hidden" id="privid" name="privid" value="" /> - <input type="hidden" id="certid" name="certid" value="" /> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area"> -<?php - $ro = ""; - if ($pconfig['utype'] == "system") { - $ro = "readonly=\"readonly\""; - } -?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Defined by");?></td> - <td width="78%" class="vtable"> - <strong><?=strtoupper(htmlspecialchars($pconfig['utype']));?></strong> - <input name="utype" type="hidden" value="<?=htmlspecialchars($pconfig['utype'])?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Disabled");?></td> - <td width="78%" class="vtable"> - <input name="disabled" type="checkbox" id="disabled" <?php if ($pconfig['disabled']) echo "checked=\"checked\""; ?> /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Username");?></td> - <td width="78%" class="vtable"> - <input name="usernamefld" type="text" class="formfld user" id="usernamefld" size="20" maxlength="16" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" <?=$ro;?> /> - <input name="oldusername" type="hidden" id="oldusername" value="<?=htmlspecialchars($pconfig['usernamefld']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq" rowspan="2"><?=gettext("Password");?></td> - <td width="78%" class="vtable"> - <input name="passwordfld1" type="password" class="formfld pwd" id="passwordfld1" size="20" value="" /> - </td> - </tr> - <tr> - <td width="78%" class="vtable"> - <input name="passwordfld2" type="password" class="formfld pwd" id="passwordfld2" size="20" value="" /> <?= gettext("(confirmation)"); ?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Full name");?></td> - <td width="78%" class="vtable"> - <input name="descr" type="text" class="formfld unknown" id="descr" size="20" value="<?=htmlspecialchars($pconfig['descr']);?>" <?=$ro;?> /> - <br /> - <?=gettext("User's full name, for your own information only");?> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Expiration date"); ?></td> - <td width="78%" class="vtable"> - <input name="expires" type="text" class="formfld unknown" id="expires" size="10" value="<?=htmlspecialchars($pconfig['expires']);?>" /> - <br /> - <span class="vexpl"><?=gettext("Leave blank if the account shouldn't expire, otherwise enter the expiration date in the following format: mm/dd/yyyy"); ?></span> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Group Memberships");?></td> - <td width="78%" class="vtable" align="center"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="group membership"> - <tr> - <td align="center" width="50%"> - <strong><?=gettext("Not Member Of"); ?></strong><br /> - <br /> - <select size="10" style="width: 75%" name="notgroups[]" class="formselect" id="notgroups" onchange="clear_selected('groups')" multiple="multiple"> -<?php - $rowIndex = 0; - foreach ($config['system']['group'] as $group): - if ($group['gid'] == 1998) { /* all users group */ - continue; - } - if (is_array($pconfig['groups']) && in_array($group['name'], $pconfig['groups'])) { - continue; - } - $rowIndex++; -?> - <option value="<?=$group['name'];?>" <?=$selected;?>> - <?=htmlspecialchars($group['name']);?> - </option> -<?php - endforeach; - if ($rowIndex == 0) { - echo "<option></option>"; - } -?> - </select> - <br /> - </td> - <td> - <br /> - <a href="javascript:move_selected('notgroups', 'groups')"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_right.gif" title="<?=gettext("Add Groups"); ?>" alt="<?=gettext("Add Groups"); ?>" width="17" height="17" border="0" /> - </a> - <br /><br /> - <a href="javascript:move_selected('groups', 'notgroups')"> - <img src="/themes/<?= $g['theme'];?>/images/icons/icon_left.gif" title="<?=gettext("Remove Groups"); ?>" alt="<?=gettext("Remove Groups"); ?>" width="17" height="17" border="0" /> - </a> - </td> - <td align="center" width="50%"> - <strong><?=gettext("Member Of"); ?></strong><br /> - <br /> - <select size="10" style="width: 75%" name="groups[]" class="formselect" id="groups" onchange="clear_selected('notgroups')" multiple="multiple"> -<?php - $rowIndex = 0; - if (is_array($pconfig['groups'])): - foreach ($config['system']['group'] as $group): - if ($group['gid'] == 1998) { /* all users group */ - continue; - } - if (!in_array($group['name'], $pconfig['groups'])) { - continue; - } - $rowIndex++; -?> - <option value="<?=$group['name'];?>"> - <?=htmlspecialchars($group['name']);?> - </option> -<?php - endforeach; - endif; - if ($rowIndex == 0) { - echo "<option></option>"; - } -?> - </select> - <br /> - </td> - </tr> - </table> - <?=gettext("Hold down CTRL (pc)/COMMAND (mac) key to select multiple items");?> - </td> - </tr> -<?php - if (isset($pconfig['uid'])): -?> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Effective Privileges");?></td> - <td width="78%" class="vtable"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="privileges"> - <tr> - <td width="20%" class="listhdrr"><?=gettext("Inherited From");?></td> - <td width="30%" class="listhdrr"><?=gettext("Name");?></td> - <td width="40%" class="listhdrr"><?=gettext("Description");?></td> - <td class="list"></td> - </tr> -<?php - $privdesc = get_user_privdesc($a_user[$id]); - if (is_array($privdesc)): - $i = 0; - foreach ($privdesc as $priv): - $group = false; - if ($priv['group']) { - $group = $priv['group']; - } -?> - <tr> - <td class="listlr"><?=$group;?></td> - <td class="listr"> - <?=htmlspecialchars($priv['name']);?> - </td> - <td class="listbg"> - <?=htmlspecialchars($priv['descr']);?> - </td> - <td valign="middle" class="list nowrap"> -<?php - if (!$group): -?> - <input type="image" name="delpriv[]" width="17" height="17" border="0" - src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" - onclick="document.getElementById('privid').value='<?=$i;?>'; - document.getElementById('userid').value='<?=$id;?>'; - document.getElementById('act').value='<?php echo "delpriv";?>'; - return confirm('<?=gettext("Do you really want to delete this privilege?");?>');" - title="<?=gettext("delete privilege");?>" /> -<?php - endif; -?> - </td> - </tr> -<?php - /* can only delete user priv indexes */ - if (!$group) { - $i++; - } - endforeach; - endif; -?> - <tr> - <td class="list" colspan="3"></td> - <td class="list"> - <a href="system_usermanager_addprivs.php?userid=<?=$id?>"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /> - </a> - </td> - </tr> - </table> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("User Certificates");?></td> - <td width="78%" class="vtable"> - <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0" summary="certificates"> - <tr> - <td width="45%" class="listhdrr"><?=gettext("Name");?></td> - <td width="45%" class="listhdrr"><?=gettext("CA");?></td> - <td class="list"></td> - </tr> -<?php - $a_cert = $a_user[$id]['cert']; - if (is_array($a_cert)): - $i = 0; - foreach ($a_cert as $certref): - $cert = lookup_cert($certref); - $ca = lookup_ca($cert['caref']); -?> - <tr> - <td class="listlr"> - <?=htmlspecialchars($cert['descr']);?> -<?php - if (is_cert_revoked($cert)): -?> - (<b>Revoked</b>) -<?php - endif; -?> - </td> - <td class="listr"> - <?=htmlspecialchars($ca['descr']);?> - </td> - <td valign="middle" class="list nowrap"> - <input type="image" name="expckey[]" width="17" height="17" border="0" - src="/themes/<?=$g['theme'];?>/images/icons/icon_down.gif" - onclick="document.getElementById('certid').value='<?=$i;?>'; - document.getElementById('userid').value='<?=$id;?>'; - document.getElementById('act').value='<?php echo "expckey";?>';" - title="<?=gettext("export private key");?>" /> - <input type="image" name="expcert[]" width="17" height="17" border="0" - src="/themes/<?=$g['theme'];?>/images/icons/icon_down.gif" - onclick="document.getElementById('certid').value='<?=$i;?>'; - document.getElementById('userid').value='<?=$id;?>'; - document.getElementById('act').value='<?php echo "expcert";?>';" - title="<?=gettext("export cert");?>" /> - <input type="image" name="delcert[]" width="17" height="17" border="0" - src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" - onclick="document.getElementById('certid').value='<?=$i;?>'; - document.getElementById('userid').value='<?=$id;?>'; - document.getElementById('act').value='<?php echo "delcert";?>'; - return confirm('<?=gettext("Do you really want to remove this certificate association?") .'\n'. gettext("(Certificate will not be deleted)");?>')" - title="<?=gettext("delete cert");?>" /> - </td> - </tr> -<?php - $i++; - endforeach; - endif; -?> - <tr> - <td class="list" colspan="2"></td> - <td class="list"> - <a href="system_certmanager.php?act=new&userid=<?=$id?>"> - <img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0" alt="add" /> - </a> - </td> - </tr> - </table> - </td> - </tr> -<?php - else: - if (is_array($config['ca']) && count($config['ca']) > 0): - $i = 0; - foreach ($config['ca'] as $ca) { - if (!$ca['prv']) { - continue; - } - $i++; - } -?> + // Make buttons plain buttons, not submit + $("#movetodisabled").prop('type','button'); + $("#movetoenabled").prop('type','button'); - <tr id="usercertchck"> - <td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td> - <td width="78%" class="vtable"> - <input type="checkbox" onclick="javascript:usercertClicked(this)" /> <?=gettext("Click to create a user certificate."); ?> - </td> - </tr> + // On click . . + $("#movetodisabled").click(function() { + moveOptions($('[name="groups[]"] option'), $('[name="sysgroups[]"]')); + }); + $("#movetoenabled").click(function() { + moveOptions($('[name="sysgroups[]"] option'), $('[name="groups[]"]')); + }); + + $("#showcert").click(function() { + hideClass('cert-options', !this.checked); + }); + + $("#showkey").click(function() { + hideInput('authorizedkeys', false); + hideCheckbox('showkey', true); + }); + + $('[id^=delcert]').click(function(event) { + if(confirm(event.target.title)) { + $('#certid').val(event.target.id.match(/\d+$/)[0]); + $('#userid').val('<?=$id;?>'); + $('#act').val('delcert'); + $('form').submit(); + } + }); + + // On page load . . + hideClass('cert-options', true); +// hideInput('authorizedkeys', true); + hideCheckbox('showkey', true); + + // On submit mark all the user's groups as "selected" + $('form').submit(function(){ + AllServers($('[name="groups[]"] option'), true); + }); +}); +//]]> +</script> <?php - if ($i > 0): -?> - <tr id="usercert" style="display:none"> - <td width="22%" valign="top" class="vncell"><?=gettext("Certificate");?></td> - <td width="78%" class="vtable"> - <table width="100%" border="0" cellpadding="6" cellspacing="0" summary="certificate"> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Descriptive name");?></td> - <td width="78%" class="vtable"> - <input name="name" type="text" class="formfld unknown" id="name" size="20" value="<?=htmlspecialchars($pconfig['name']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate authority");?></td> - <td width="78%" class="vtable"> - <select name='caref' id='caref' class="formselect" onchange='internalca_change()'> -<?php - $rowIndex = 0; - foreach ($config['ca'] as $ca): - if (!$ca['prv']) { - continue; - } - $rowIndex++; -?> - <option value="<?=$ca['refid'];?>"><?=htmlspecialchars($ca['descr']);?></option> -<?php - endforeach; - if ($rowIndex == 0) { - echo "<option></option>"; - } -?> - </select> - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Key length");?></td> - <td width="78%" class="vtable"> - <select name='keylen' class="formselect"> -<?php - $cert_keylens = array("2048", "512", "1024", "4096"); - foreach ($cert_keylens as $len): -?> - <option value="<?=$len;?>"><?=$len;?></option> -<?php - endforeach; - if (!count($cert_keylens)) { - echo "<option></option>"; - } -?> - </select> - bits - </td> - </tr> - <tr> - <td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td> - <td width="78%" class="vtable"> - <input name="lifetime" type="text" class="formfld unknown" id="lifetime" size="5" value="<?=htmlspecialchars($pconfig['lifetime']);?>" />days - </td> - </tr> - </table> - </td> - </tr> -<?php - endif; - endif; - endif; -?> - <tr id="sshkeychck" <?php if (!empty($pconfig['authorizedkeys'])) echo 'style="display:none"'; ?>> - <td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td> - <td width="78%" class="vtable"> - <input type="checkbox" onclick="javascript:sshkeyClicked(this)" /> <?=gettext("Click to paste an authorized key."); ?> - </td> - </tr> - <tr id="sshkey" <?php if (empty($pconfig['authorizedkeys'])) echo 'style="display:none"'; ?>> - <td width="22%" valign="top" class="vncell"><?=gettext("Authorized keys");?></td> - <td width="78%" class="vtable"> - <script type="text/javascript"> - //<![CDATA[ - window.onload=function() { - document.getElementById("authorizedkeys").wrap='off'; - } - //]]> - </script> - <textarea name="authorizedkeys" cols="65" rows="7" id="authorizedkeys" class="formfld_cert"><?=htmlspecialchars($pconfig['authorizedkeys']);?></textarea> - <br /> - <?=gettext("Paste an authorized keys file here.");?> - </td> - </tr> - <tr id="ipsecpskrow"> - <td width="22%" valign="top" class="vncell"><?=gettext("IPsec Pre-Shared Key");?></td> - <td width="78%" class="vtable"> - <input name="ipsecpsk" type="text" class="formfld unknown" id="ipsecpsk" size="65" value="<?=htmlspecialchars($pconfig['ipsecpsk']);?>" /> - </td> - </tr> - <tr> - <td width="22%" valign="top"> </td> - <td width="78%"> - <input id="submit" name="save" type="submit" class="formbtn" value="<?=gettext("Save");?>" /> - <input type="button" class="formbtn" value="<?=gettext("Cancel");?>" onclick="window.location.href='<?=$referer;?>'" /> - <?php if (isset($id) && $a_user[$id]): ?> - <input name="id" type="hidden" value="<?=htmlspecialchars($id);?>" /> - <?php endif;?> - </td> - </tr> - </table> - </form> -<?php - else: -?> - <form action="system_usermanager.php" method="post" name="iform2" id="iform2"> - <input type="hidden" id="act" name="act" value="" /> - <input type="hidden" id="userid" name="userid" value="<?=(isset($id) ? $id : '');?>" /> - <input type="hidden" id="username" name="username" value="" /> - <input type="hidden" id="privid" name="privid" value="" /> - <input type="hidden" id="certid" name="certid" value="" /> - <table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary=""> - <thead> - <tr> - <th width="5%" class="list"> </th> - <th width="25%" class="listhdrr"><?=gettext("Username"); ?></th> - <th width="25%" class="listhdrr"><?=gettext("Full name"); ?></th> - <th width="5%" class="listhdrr"><?=gettext("Disabled"); ?></th> - <th width="25%" class="listhdrr"><?=gettext("Groups"); ?></th> - <th width="10%" class="list"></th> - </tr> - </thead> - <tfoot> - <tr> - <td class="list" colspan="5"></td> - <td class="list"> - <input type="image" name="addcert" width="17" height="17" border="0" - src="/themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" - onclick="document.getElementById('act').value='<?php echo "new";?>';" - title="<?=gettext("add user");?>" /> - <input type="image" src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" name="dellall" title="<?=gettext('Delete selected users')?>" onClick="return confirm('<?=gettext("Do you really want to delete selected Users?");?>')" /> - </td> - </tr> - <tr> - <td colspan="5"> - <p> - <?=gettext("Additional users can be added here. User permissions for accessing " . - "the webConfigurator can be assigned directly or inherited from group memberships. " . - "An icon that appears grey indicates that it is a system defined object. " . - "Some system object properties can be modified but they cannot be deleted."); ?> - <br /><br /> - <?=gettext("Accounts created here are also used for other parts of the system " . - "such as OpenVPN, IPsec, and Captive Portal.");?> - </p> - </td> - </tr> - </tfoot> - <tbody> -<?php - $i = 0; - foreach ($a_user as $userent): -?> - <tr ondblclick="document.getElementById('act').value='<?php echo "edit";?>'; - document.getElementById('userid').value='<?=$i;?>'; - document.iform2.submit();" id="fr<?=$i?>"> - <td class="list" id="frd<?=$i?>"> - <?php if ($userent['scope'] != "system") : ?> - <input type="checkbox" id="frc<?=$i?>" onclick="fr_bgcolor(<?=$i?>)" name="delete_check[]" value="<?=$i?>" /> - <?php endif; ?> - </td> - <td class="listlr" id="frd<?=$i?>" onclick="fr_toggle('<?=$i;?>')"> - <table border="0" cellpadding="0" cellspacing="0" summary="icons"> - <tr> - <td align="left" valign="middle"> -<?php - if ($userent['scope'] != "user") { - $usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user-grey.png"; - } else { - $usrimg = "/themes/{$g['theme']}/images/icons/icon_system-user.png"; - } -?> - <img src="<?=$usrimg;?>" alt="<?=gettext("User"); ?>" title="<?=gettext("User"); ?>" border="0" height="16" width="16" /> - </td> - <td align="left" valign="middle"> - <?=htmlspecialchars($userent['name']);?> - </td> - </tr> - </table> - </td> - <td class="listr" id="frd<?=$i?>" onclick="fr_toggle('<?=$i;?>')"><?=htmlspecialchars($userent['descr']);?> </td> - <td class="listr" id="frd<?=$i?>" onclick="fr_toggle('<?=$i;?>')"><?php if (isset($userent['disabled'])) echo "*"; ?></td> - <td class="listbg" onclick="fr_toggle('<?=$i;?>')"> - <?=implode(",", local_user_get_groups($userent));?> - - </td> - <td valign="middle" class="list nowrap"> - <input type="image" name="edituser[]" width="17" height="17" border="0" - src="/themes/<?=$g['theme'];?>/images/icons/icon_e.gif" - onclick="document.getElementById('userid').value='<?=$i;?>'; - document.getElementById('act').value='<?php echo "edit";?>';" - title="<?=gettext("edit user");?>" /> -<?php - if ($userent['scope'] != "system"): -?> - - <input type="image" name="deluser[]" width="17" height="17" border="0" - src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" - onclick="document.getElementById('userid').value='<?=$i;?>'; - document.getElementById('username').value='<?=$userent['name'];?>'; - document.getElementById('act').value='<?php echo "deluser";?>'; - return confirm('<?=gettext("Do you really want to delete this user?");?>');" - title="<?=gettext("delete user");?>" /> -<?php - endif; -?> - </td> - </tr> -<?php - $i++; - endforeach; -?> - </tbody> - </table> - </form> -<?php - endif; -?> - </div> - </td> - </tr> -</table> -<?php include("fend.inc");?> -</body> -</html> + +include('foot.inc');
\ No newline at end of file |