From 6dc88d5352ea963d85708379405e238e0518e990 Mon Sep 17 00:00:00 2001 From: Ermal Luci Date: Thu, 18 Jun 2009 12:40:11 +0000 Subject: * Move functions that output html to guiconfig.inc * Remove some recursive dependency on some includes * Remove ^M or \r from files * Remove some entries from functions.inc to avoid including them twice * Remove some unneccessary includes from some files NOTE: There is some more work to be done for pkg-utils.inc to be removed from backend as a dependency. --- etc/inc/auth.inc | 37 ++- etc/inc/authgui.inc | 3 +- etc/inc/certs.inc | 450 ++++++++++++++-------------- etc/inc/functions.inc | 3 - etc/inc/pfsense-utils.inc | 340 ---------------------- etc/inc/priv.inc | 531 ++++++++++++++++------------------ etc/inc/rrd.inc | 5 +- etc/inc/util.inc | 13 + usr/local/www/guiconfig.inc | 325 ++++++++++++++++++++- usr/local/www/vpn_l2tp_users_edit.php | 1 - 10 files changed, 832 insertions(+), 876 deletions(-) diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index 09e0273..dd69a28 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -42,7 +42,7 @@ * file courtesy of Michael Retterklieber. */ -require_once("functions.inc"); +require_once("config.inc"); $groupindex = index_groups(); $userindex = index_users(); @@ -107,6 +107,39 @@ function & getGroupEntryByGID($gid) { return false; } +function get_user_privileges(& $user) { + + $privs = $user['priv']; + if (!is_array($privs)) + $privs = array(); + + $names = local_user_get_groups($user, true); + + foreach ($names as $name) { + $group = getGroupEntry($name); + if (is_array($group['priv'])) + $privs = array_merge( $privs, $group['priv']); + } + + return $privs; +} + +function userHasPrivilege($userent, $privid = false) { + + if (!$privid || !is_array($userent)) + return false; + + $privs = get_user_privileges($userent); + + if (!is_array($privs)) + return false; + + if (!in_array($privid, $privs)) + return false; + + return true; +} + function local_backed($username, $passwd) { $user = getUserEntry($username); @@ -872,7 +905,7 @@ function session_auth($backing) { return false; /* redirect to page the user is on, it'll prompt them to login again */ - pfSenseHeader($scriptName); + Header("Location: {$scriptName}"); return false; } diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc index 0acb63b..d9611d2 100644 --- a/etc/inc/authgui.inc +++ b/etc/inc/authgui.inc @@ -35,8 +35,7 @@ POSSIBILITY OF SUCH DAMAGE. */ -include_once("auth.inc"); -require_once("functions.inc"); +include_once("priv.inc"); /* We only support htpasswd backed HTTP Basic auth and session * based backing methods at the moment. diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index b7c0e60..4177545 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -1,226 +1,224 @@ - "sha1", - "private_key_bits" => $keylen, - "private_key_type" => OPENSSL_KEYTYPE_RSA, - "encrypt_key" => false); - - // generate a new key pair - $res_key = openssl_pkey_new(); - - // generate a certificate signing request - $res_csr = openssl_csr_new($dn, $res_key, $args); - - // self sign the certificate - $res_crt = openssl_csr_sign($res_csr, null, $res_key, $lifetime, $args); - - // export our certificate data - openssl_pkey_export($res_key, $str_key); - openssl_x509_export($res_crt, $str_crt); - - // return our ca information - $ca['crt'] = base64_encode($str_crt); - $ca['prv'] = base64_encode($str_key); - $ca['serial'] = 0; - - return true; -} - -function cert_import(& $cert, $crt_str, $key_str) { - - $cert['crt'] = base64_encode($crt_str); - $cert['prv'] = base64_encode($key_str); - - return true; -} - -function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) { - - $ca =& lookup_ca($caref); - if (!$ca) - return false; - - $ca_str_crt = base64_decode($ca['crt']); - $ca_str_key = base64_decode($ca['prv']); - $ca_res_crt = openssl_x509_read($ca_str_crt); - $ca_res_key = openssl_pkey_get_private($ca_str_key); - $ca_serial = $ca['serial']++; - - $args = array( - "digest_alg" => "sha1", - "private_key_bits" => $keylen, - "private_key_type" => OPENSSL_KEYTYPE_RSA, - "encrypt_key" => false); - - // generate a new key pair - $res_key = openssl_pkey_new(); - - // generate a certificate signing request - $res_csr = openssl_csr_new($dn, $res_key, $args); - - // self sign the certificate - $res_crt = openssl_csr_sign($res_csr, $ca_res_crt, $ca_res_key, $lifetime, - $args, $ca_serial); - - // export our certificate data - openssl_pkey_export($res_key, $str_key); - openssl_x509_export($res_crt, $str_crt); - - // return our certificate information - $cert['caref'] = $caref; - $cert['crt'] = base64_encode($str_crt); - $cert['prv'] = base64_encode($str_key); - - return true; -} - -function csr_generate(& $cert, $keylen, $dn) { - - $args = array( - "digest_alg" => "sha1", - "private_key_bits" => $keylen, - "private_key_type" => OPENSSL_KEYTYPE_RSA, - "encrypt_key" => false); - - // generate a new key pair - $res_key = openssl_pkey_new(); - - // generate a certificate signing request - $res_csr = openssl_csr_new($dn, $res_key, $args); - - // export our request data - openssl_pkey_export($res_key, $str_key); - openssl_csr_export($res_csr, $str_csr); - - // return our request information - $cert['csr'] = base64_encode($str_csr); - $cert['prv'] = base64_encode($str_key); - - return true; -} - -function csr_complete(& $cert, $str_crt) { - - // return our request information - $cert['crt'] = base64_encode($str_crt); - unset($cert['csr']); - - return true; -} - -function csr_get_subject($str_crt, $decode = true) { - - if ($decode) - $str_crt = base64_decode($str_crt); - - $components = openssl_csr_get_subject($str_crt); - - if (!is_array($components)) - return "unknown"; - - foreach ($components as $a => $v) { - if (!strlen($subject)) - $subject = "{$a}={$v}"; - else - $subject = "{$a}={$v}, {$subject}"; - } - - return $subject; -} - -function cert_get_subject($str_crt, $decode = true) { - - if ($decode) - $str_crt = base64_decode($str_crt); - - $inf_crt = openssl_x509_parse($str_crt); - $components = $inf_crt['subject']; - - if (!is_array($components)) - return "unknown"; - - foreach ($components as $a => $v) { - if (!strlen($subject)) - $subject = "{$a}={$v}"; - else - $subject = "{$a}={$v}, {$subject}"; - } - - return $subject; -} - -function cert_get_subject_array($crt) { - $str_crt = base64_decode($crt); - $inf_crt = openssl_x509_parse($str_crt); - $components = $inf_crt['subject']; - $subject_array = array(); - - foreach($components as $a => $v) - $subject_array[] = array('a' => $a, 'v' => $v); - - return $subject_array; -} - -?> + "sha1", + "private_key_bits" => $keylen, + "private_key_type" => OPENSSL_KEYTYPE_RSA, + "encrypt_key" => false); + + // generate a new key pair + $res_key = openssl_pkey_new(); + + // generate a certificate signing request + $res_csr = openssl_csr_new($dn, $res_key, $args); + + // self sign the certificate + $res_crt = openssl_csr_sign($res_csr, null, $res_key, $lifetime, $args); + + // export our certificate data + openssl_pkey_export($res_key, $str_key); + openssl_x509_export($res_crt, $str_crt); + + // return our ca information + $ca['crt'] = base64_encode($str_crt); + $ca['prv'] = base64_encode($str_key); + $ca['serial'] = 0; + + return true; +} + +function cert_import(& $cert, $crt_str, $key_str) { + + $cert['crt'] = base64_encode($crt_str); + $cert['prv'] = base64_encode($key_str); + + return true; +} + +function cert_create(& $cert, $caref, $keylen, $lifetime, $dn) { + + $ca =& lookup_ca($caref); + if (!$ca) + return false; + + $ca_str_crt = base64_decode($ca['crt']); + $ca_str_key = base64_decode($ca['prv']); + $ca_res_crt = openssl_x509_read($ca_str_crt); + $ca_res_key = openssl_pkey_get_private($ca_str_key); + $ca_serial = $ca['serial']++; + + $args = array( + "digest_alg" => "sha1", + "private_key_bits" => $keylen, + "private_key_type" => OPENSSL_KEYTYPE_RSA, + "encrypt_key" => false); + + // generate a new key pair + $res_key = openssl_pkey_new(); + + // generate a certificate signing request + $res_csr = openssl_csr_new($dn, $res_key, $args); + + // self sign the certificate + $res_crt = openssl_csr_sign($res_csr, $ca_res_crt, $ca_res_key, $lifetime, + $args, $ca_serial); + + // export our certificate data + openssl_pkey_export($res_key, $str_key); + openssl_x509_export($res_crt, $str_crt); + + // return our certificate information + $cert['caref'] = $caref; + $cert['crt'] = base64_encode($str_crt); + $cert['prv'] = base64_encode($str_key); + + return true; +} + +function csr_generate(& $cert, $keylen, $dn) { + + $args = array( + "digest_alg" => "sha1", + "private_key_bits" => $keylen, + "private_key_type" => OPENSSL_KEYTYPE_RSA, + "encrypt_key" => false); + + // generate a new key pair + $res_key = openssl_pkey_new(); + + // generate a certificate signing request + $res_csr = openssl_csr_new($dn, $res_key, $args); + + // export our request data + openssl_pkey_export($res_key, $str_key); + openssl_csr_export($res_csr, $str_csr); + + // return our request information + $cert['csr'] = base64_encode($str_csr); + $cert['prv'] = base64_encode($str_key); + + return true; +} + +function csr_complete(& $cert, $str_crt) { + + // return our request information + $cert['crt'] = base64_encode($str_crt); + unset($cert['csr']); + + return true; +} + +function csr_get_subject($str_crt, $decode = true) { + + if ($decode) + $str_crt = base64_decode($str_crt); + + $components = openssl_csr_get_subject($str_crt); + + if (!is_array($components)) + return "unknown"; + + foreach ($components as $a => $v) { + if (!strlen($subject)) + $subject = "{$a}={$v}"; + else + $subject = "{$a}={$v}, {$subject}"; + } + + return $subject; +} + +function cert_get_subject($str_crt, $decode = true) { + + if ($decode) + $str_crt = base64_decode($str_crt); + + $inf_crt = openssl_x509_parse($str_crt); + $components = $inf_crt['subject']; + + if (!is_array($components)) + return "unknown"; + + foreach ($components as $a => $v) { + if (!strlen($subject)) + $subject = "{$a}={$v}"; + else + $subject = "{$a}={$v}, {$subject}"; + } + + return $subject; +} + +function cert_get_subject_array($crt) { + $str_crt = base64_decode($crt); + $inf_crt = openssl_x509_parse($str_crt); + $components = $inf_crt['subject']; + $subject_array = array(); + + foreach($components as $a => $v) + $subject_array[] = array('a' => $a, 'v' => $v); + + return $subject_array; +} + +?> diff --git a/etc/inc/functions.inc b/etc/inc/functions.inc index 1365742..0cc5675 100644 --- a/etc/inc/functions.inc +++ b/etc/inc/functions.inc @@ -70,11 +70,9 @@ if(!function_exists("pfSenseHeader")) { /* END compatibility goo with HEAD */ /* include all configuration functions */ -require_once("auth.inc"); require_once("priv.inc"); require_once("certs.inc"); require_once("crypt.inc"); -require_once("util.inc"); require_once("interfaces.inc"); require_once("gwlb.inc"); require_once("services.inc"); @@ -86,7 +84,6 @@ require_once("openvpn.inc"); require_once("ipsec.inc"); require_once("vpn.inc"); require_once("vslb.inc"); -require_once("notices.inc"); require_once("cmd_chain.inc"); require_once("rrd.inc"); diff --git a/etc/inc/pfsense-utils.inc b/etc/inc/pfsense-utils.inc index 401787d..9c62180 100644 --- a/etc/inc/pfsense-utils.inc +++ b/etc/inc/pfsense-utils.inc @@ -705,21 +705,6 @@ function get_filename_from_url($url) { } /* - * update_output_window: update bottom textarea dynamically. - */ -function update_output_window($text) { - global $pkg_interface; - $log = ereg_replace("\n", "\\n", $text); - if($pkg_interface == "console") { - /* too chatty */ - } else { - echo "\n"; - } - /* ensure that contents are written out */ - ob_flush(); -} - -/* * get_dir: return an array of $dir */ function get_dir($dir) { @@ -732,35 +717,6 @@ function get_dir($dir) { return $dir_array; } -/* - * update_output_window: update top textarea dynamically. - */ -function update_status($status) { - global $pkg_interface; - if($pkg_interface == "console") { - echo $status . "\n"; - } else { - echo "\n"; - } - /* ensure that contents are written out */ - ob_flush(); -} - -/* - * update_progress_bar($percent): updates the javascript driven progress bar. - */ -function update_progress_bar($percent) { - global $pkg_interface; - if($percent > 100) $percent = 1; - if($pkg_interface <> "console") { - echo "\n"; - } else { - echo " {$percent}%"; - } -} - /****f* pfsense-utils/WakeOnLan * NAME * WakeOnLan - Wake a machine up using the wake on lan format/protocol @@ -1071,157 +1027,6 @@ function get_disk_info() { // $size, $used, $avail, $cap } -/****f* pfsense-utils/display_top_tabs - * NAME - * display_top_tabs - display tabs with rounded edges - * INPUTS - * $text - array of tabs - * RESULT - * null - ******/ -function display_top_tabs(& $tab_array) { - global $HTTP_SERVER_VARS; - global $config; - global $g; - - /* does the user have access to this tab? - * master user has access to everything. - * if the user does not have access, simply - * unset the tab item. - */ - - $tab_temp = array (); - foreach ($tab_array as $ta) - if(isAllowedPage($ta[2])) - $tab_temp[] = $ta; - /* - // FIXME : if the checks are not good enough - // in isAllowedPage, it needs to be - // fixed instead of kludging here - - // TODO: humm what shall we do with pkg_edit.php and pkg.php? - if ((strpos($link, "pkg.php")) !== false || (strpos($link, "pkg_edit.php")) !== false) { - $pos_equal = strpos($link, "="); - $pos_xmlsuffix = strpos($link, ".xml"); - // do we match an absolute url including ?xml= foo - if(!isAllowedPage($link, $allowed)) - $link = substr($link, $pos_equal +1, ($pos_xmlsuffix - $pos_equal +3)); - } - // next check - what if the basename contains a query string? - if ((strpos($link, "?")) !== false) { - $pos_qmark = strpos($link, "?"); - $link = substr($link, 0, $pos_qmark); - } - $authorized_text = print_r($allowed, true); - if(is_array($authorized)) - if (in_array(basename($link), $authorized)) - */ - - unset ($tab_array); - $tab_array = & $tab_temp; - - $tab_active_bg = "#EEEEEE"; - $tab_inactive_bg = "#777777"; - $nifty_tabs_corners = "#FFF"; - $font_color = "white"; - - /* if tabcontrols.php exist for a theme, allow it to be overriden */ - $themename = $config['theme']; - $filename = "/usr/local/www/themes/{$themename}/tabcontrols.php"; - if(file_exists($filename)) { - $eval_code = file_get_contents($filename); - eval($eval_code); - } - - $tabcharcount = 0; - foreach ($tab_array as $ta) - $tabcharcount = $tabcharcount + strlen($ta[0]); - - // If the character count of the tab names is > 670 - // then show a select item dropdown menubox. - if($tabcharcount > 82) { - echo "Currently viewing: "; - echo "\n

"; - } else { - echo "\n"; - echo " \n"; - $tabscounter = 0; - foreach ($tab_array as $ta) { - if ($ta[1] == true) { - echo " \n"; - } else { - echo " \n"; - } - $tabscounter++; - } - echo "\n\n"; - foreach ($tab_array as $ta) { - if ($ta[1] == true) { - echo " \n"; - } else { - echo " \n"; - } - } - echo "\n\n"; - foreach ($tab_array as $ta) { - if ($ta[1] == true) { - echo " \n"; - } else { - echo " \n"; - } - $tabscounter++; - } - echo " \n"; - echo "
   {$ta[0]}"; - echo "   "; - echo "    "; - echo "{$ta[0]}   "; - echo " 
\n"; - echo ""; - } -} - - -/****f* pfsense-utils/display_topbar - * NAME - * display_topbar - top a table off with rounded edges - * INPUTS - * $text - (optional) Text to include in bar - * RESULT - * null - ******/ -function display_topbar($text = "", $bg_color="#990000", $replace_color="#FFFFFF", $rounding_style="smooth") { - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - if ($text != "") - echo " \n"; - else - echo " \n"; - echo " \n"; - echo "
"; - echo "
{$text}
"; - echo ""; -} - /****f* pfsense-utils/strncpy * NAME * strncpy - copy strings @@ -1579,18 +1384,6 @@ function is_dhcp_server_enabled() return $dhcpdenable; } -/****f* pfsense-utils/isAjax - * NAME - * isAjax - reports if the request is driven from prototype - * INPUTS - * none - * RESULT - * true/false - ******/ -function isAjax() { - return isset ($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'; -} - //returns interface information function get_interface_info($ifdescr) { global $config, $linkinfo, $netstatrninfo; @@ -1889,139 +1682,6 @@ function pfsense_default_state_size() { return $max_states; } -function rule_popup($src,$srcport,$dst,$dstport){ -global $config; -$aliases_array = array(); -if($config['aliases']['alias'] <> "" and is_array($config['aliases']['alias'])) -{ -$span_begin = ""; - $alias_src_span_begin = ""; - $alias_src_span_end = ""; - $alias_src_port_span_begin = ""; - $alias_src_port_span_end = ""; - $alias_dst_span_begin = ""; - $alias_dst_span_end = ""; - $alias_dst_port_span_begin = ""; - $alias_dst_port_span_end = ""; - $alias_content_text = ""; - foreach($config['aliases']['alias'] as $alias_name) - { - $alias_addresses = explode (" ", $alias_name['address']); - $alias_details = explode ("||", $alias_name['detail']); - $alias_objects_with_details = ""; - $counter = 0; - foreach($alias_addresses as $alias_ports_address) - { - $alias_objects_with_details .= $alias_addresses[$counter]; - $alias_detail_default = strpos ($alias_details[$counter],"Entry added"); - if ($alias_details[$counter] != "" && $alias_detail_default === False){ - $alias_objects_with_details .=" - " . $alias_details[$counter]; - } - $alias_objects_with_details .= "
"; - $counter++; - } - //max character length for caption field - $maxlength = 60; - - $alias_descr_substr = $alias_name['descr']; - $alias_content_text = htmlspecialchars($alias_objects_with_details); - $alias_caption = htmlspecialchars($alias_descr_substr . ":"); - $strlength = strlen ($alias_caption); - if ($strlength >= $maxlength) - $alias_caption = substr($alias_caption, 0, $maxlength) . "..."; - - $span_begin = "$alias_caption

$alias_content_text

', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\">"; - - - if ($alias_name['name'] == $src) - { - $alias_src_span_begin = $span_begin; - } - if ($alias_name['name'] == $srcport) - { - $alias_src_port_span_begin = $span_begin; - } - if ($alias_name['name'] == $dst) - { - $alias_dst_span_begin = $span_begin; - } - if ($alias_name['name'] == $dstport) - { - $alias_dst_port_span_begin = $span_begin; - } - - } - $descriptions = array (); - $descriptions['src'] = $alias_src_span_begin; - $descriptions['srcport'] = $alias_src_port_span_begin; - $descriptions['dst'] = $alias_dst_span_begin; - $descriptions['dstport'] = $alias_dst_port_span_begin; - return $descriptions; - } -} -function download_file_with_progress_bar($url_file, $destination_file, $readbody = 'read_body') { - global $ch, $fout, $file_size, $downloaded; - $file_size = 1; - $downloaded = 1; - /* open destination file */ - $fout = fopen($destination_file, "wb"); - - /* - * Originally by Author: Keyvan Minoukadeh - * Modified by Scott Ullrich to return Content-Length size - */ - - $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL, $url_file); - curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header'); - curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody); - curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5'); - curl_setopt($ch, CURLOPT_TIMEOUT, 0); - - curl_exec($ch); - $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); - if($fout) - fclose($fout); - curl_close($ch); - return ($http_code == 200) ? true : $http_code; -} - -function read_header($ch, $string) { - global $file_size, $fout; - $length = strlen($string); - $regs = ""; - ereg("(Content-Length:) (.*)", $string, $regs); - if($regs[2] <> "") { - $file_size = intval($regs[2]); - } - ob_flush(); - return $length; -} - -function read_body($ch, $string) { - global $fout, $file_size, $downloaded, $sendto, $static_status, $static_output, $lastseen; - $length = strlen($string); - $downloaded += intval($length); - $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); - $downloadProgress = 100 - $downloadProgress; - if($lastseen <> $downloadProgress and $downloadProgress < 101) { - if($sendto == "status") { - $tostatus = $static_status . $downloadProgress . "%"; - update_status($tostatus); - } else { - $tooutput = $static_output . $downloadProgress . "%"; - update_output_window($tooutput); - } - update_progress_bar($downloadProgress); - $lastseen = $downloadProgress; - } - if($fout) - fwrite($fout, $string); - ob_flush(); - return $length; -} - /* Compare the current hostname DNS to the DNS cache we made * if it has changed we return the old records * if no change we return true */ diff --git a/etc/inc/priv.inc b/etc/inc/priv.inc index 824ea7b..9b6c97c 100644 --- a/etc/inc/priv.inc +++ b/etc/inc/priv.inc @@ -1,282 +1,249 @@ - - All rights reserved. - - Copyright (C) 2005-2006 Bill Marquette - All rights reserved. - - Copyright (C) 2006 Paul Taylor . - All rights reserved. - - Copyright (C) 2003-2006 Manuel Kasper . - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - DISABLE_PHP_LINT_CHECKING -*/ - -require_once("functions.inc"); -require_once("priv.defs.inc"); - -/* - * USER PRIVILEGE DEFINITIONS - */ - -$priv_list['user-shell-access'] = array(); -$priv_list['user-shell-access']['name'] = "User - Shell account access"; -$priv_list['user-shell-access']['descr'] = "Indicates whether the user is able to login for ". - "example via SSH."; - -$priv_list['user-copy-files'] = array(); -$priv_list['user-copy-files']['name'] = "User - Copy files"; -$priv_list['user-copy-files']['descr'] = "Indicates whether the user is allowed to copy files ". - "onto the {$g['product_name']} appliance via SCP/SFTP. ". - "If you are going to use this privilege, you must install ". - "scponly on the appliance (Hint: pkg_add -r scponly)."; - -sort_privs($priv_list); - -function cmp_privkeys($a, $b) { - /* user privs at the top */ - $auser = strncmp("user-", $a, 5); - $buser = strncmp("user-", $b, 5); - if($auser != $buser) - return $auser - buser; - - /* name compare others */ - return strcasecmp($a, $b); -} - -function sort_privs(& $privs) { - - uksort($privs, "cmp_privkeys"); -} - -function cmp_page_matches($page, & $matches, $fullwc = true) { - -// $dbg_matches = implode(",", $matches); -// log_error("debug: checking page {$page} match with {$dbg_matches}"); - - if (!is_array($matches)) - return false; - - /* skip any leading fwdslash */ - $test = strpos($page, "/"); - if ($test !== false && $test == 0) - $page = substr($page, 1); - - /* look for a match */ - foreach ($matches as $match) { - - /* possibly ignore full wildcard match */ - if (!$fullwc && !strcmp($match ,"*")) - continue; - - /* compare exact or wildcard match */ - $wcpos = strpos($match, "*"); - if ($wcpos === false) - $result = strcmp($page, $match); - else - $result = strncmp($page, $match, $wcpos); - - if (!$result) - return true; - } - - return false; -} - -function map_page_privname($page) { - global $priv_list; - - foreach ($priv_list as $pname => $pdata) { - if (strncmp($pname, "page-", 5)) - continue; - $fullwc = false; - if (!strcasecmp($page,"any")||!strcmp($page,"*")) - $fullwc = true; - if (cmp_page_matches($page, $pdata['match'], $fullwc)) - return $pname; - } - - return false; -} - -function get_user_privileges(& $user) { - - $privs = $user['priv']; - if (!is_array($privs)) - $privs = array(); - - $names = local_user_get_groups($user, true); - - foreach ($names as $name) { - $group = getGroupEntry($name); - if (is_array($group['priv'])) - $privs = array_merge( $privs, $group['priv']); - } - - return $privs; -} - -function get_user_privdesc(& $user) { - global $priv_list; - - $privs = array(); - - $user_privs = $user['priv']; - if (!is_array($user_privs)) - $user_privs = array(); - - $names = local_user_get_groups($user, true); - - foreach ($names as $name) { - $group = getGroupEntry($name); - $group_privs = $group['priv']; - if (!is_array($group_privs)) - continue; - foreach ($group_privs as $pname) { - if (in_array($pname,$user_privs)) - continue; - if (!$priv_list[$pname]) - continue; - $priv = $priv_list[$pname]; - $priv['group'] = $group['name']; - $privs[] = $priv; - } - } - - foreach ($user_privs as $pname) - if($priv_list[$pname]) - $privs[] = $priv_list[$pname]; - - return $privs; -} - -function isAllowedPage($page) { - global $_SESSION; - - $username = $_SESSION['Username']; - if (!isset($username)) - return false; - - /* admin/root access check */ - $user = getUserEntry($username); - if (isset($user)) - if (isset($user['uid'])) - if ($user['uid']==0) - return true; - - /* user privelege access check */ - if (cmp_page_matches($page, $_SESSION['page-match'])) - return true; - - return false; -} - -function getPrivPages(& $entry, & $allowed_pages) { - global $priv_list; - - if (!is_array($entry['priv'])) - return; - - foreach ($entry['priv'] as $pname) { - if (strncmp($pname, "page-", 5)) - continue; - $priv = &$priv_list[$pname]; - if (!is_array($priv)) - continue; - $matches = &$priv['match']; - if (!is_array($matches)) - continue; - foreach ($matches as $match) - $allowed_pages[] = $match; - } -} - -function getAllowedPages($username) { - global $config, $_SESSION; - - if (!function_exists("ldap_connect")) - return; - - $allowed_pages = array(); - $allowed_groups = array(); - - $ldapon = $_SESSION['ldapon']; - - // search for a local user by name - $local_user = getUserEntry($username); - - // obtain local groups if we have a local user - if ($local_user) { - $allowed_groups = local_user_get_groups($local_user); - getPrivPages($local_user, $allowed_pages); - } - - // obtain ldap groups if we are in ldap mode - if ($config['system']['webgui']['backend'] == "ldap" && !$local_user) - $allowed_groups = ldap_get_groups($username); - - // obtain ldapother groups if we are in ldap mode - if ($config['system']['webgui']['backend'] == "ldapother" && !$local_user) - $allowed_groups = ldap_get_groups($username); - - // build a list of allowed pages - if (is_array($config['system']['group']) && is_array($allowed_groups)) - foreach ($config['system']['group'] as $group) - if (in_array($group['name'], $allowed_groups)) - getPrivPages($group, $allowed_pages); - -// $dbg_pages = implode(",", $allowed_pages); -// $dbg_groups = implode(",", $allowed_groups); -// log_error("debug: user {$username} groups = {$dbg_groups}"); -// log_error("debug: user {$username} pages = {$dbg_pages}"); - - $_SESSION['page-match'] = $allowed_pages; - - return $allowed_pages; -} - -function userHasPrivilege($userent, $privid = false) { - - if (!$privid || !is_array($userent)) - return false; - - $privs = get_user_privileges($userent); - - if (!is_array($privs)) - return false; - - if (!in_array($privid, $privs)) - return false; - - return true; -} - -?> + + All rights reserved. + + Copyright (C) 2005-2006 Bill Marquette + All rights reserved. + + Copyright (C) 2006 Paul Taylor . + All rights reserved. + + Copyright (C) 2003-2006 Manuel Kasper . + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + + DISABLE_PHP_LINT_CHECKING +*/ + +require_once("priv.defs.inc"); +require_once("auth.inc"); + +/* + * USER PRIVILEGE DEFINITIONS + */ + +$priv_list['user-shell-access'] = array(); +$priv_list['user-shell-access']['name'] = "User - Shell account access"; +$priv_list['user-shell-access']['descr'] = "Indicates whether the user is able to login for ". + "example via SSH."; + +$priv_list['user-copy-files'] = array(); +$priv_list['user-copy-files']['name'] = "User - Copy files"; +$priv_list['user-copy-files']['descr'] = "Indicates whether the user is allowed to copy files ". + "onto the {$g['product_name']} appliance via SCP/SFTP. ". + "If you are going to use this privilege, you must install ". + "scponly on the appliance (Hint: pkg_add -r scponly)."; + +sort_privs($priv_list); + +function cmp_privkeys($a, $b) { + /* user privs at the top */ + $auser = strncmp("user-", $a, 5); + $buser = strncmp("user-", $b, 5); + if($auser != $buser) + return $auser - buser; + + /* name compare others */ + return strcasecmp($a, $b); +} + +function sort_privs(& $privs) { + + uksort($privs, "cmp_privkeys"); +} + +function cmp_page_matches($page, & $matches, $fullwc = true) { + +// $dbg_matches = implode(",", $matches); +// log_error("debug: checking page {$page} match with {$dbg_matches}"); + + if (!is_array($matches)) + return false; + + /* skip any leading fwdslash */ + $test = strpos($page, "/"); + if ($test !== false && $test == 0) + $page = substr($page, 1); + + /* look for a match */ + foreach ($matches as $match) { + + /* possibly ignore full wildcard match */ + if (!$fullwc && !strcmp($match ,"*")) + continue; + + /* compare exact or wildcard match */ + $wcpos = strpos($match, "*"); + if ($wcpos === false) + $result = strcmp($page, $match); + else + $result = strncmp($page, $match, $wcpos); + + if (!$result) + return true; + } + + return false; +} + +function map_page_privname($page) { + global $priv_list; + + foreach ($priv_list as $pname => $pdata) { + if (strncmp($pname, "page-", 5)) + continue; + $fullwc = false; + if (!strcasecmp($page,"any")||!strcmp($page,"*")) + $fullwc = true; + if (cmp_page_matches($page, $pdata['match'], $fullwc)) + return $pname; + } + + return false; +} + +function get_user_privdesc(& $user) { + global $priv_list; + + $privs = array(); + + $user_privs = $user['priv']; + if (!is_array($user_privs)) + $user_privs = array(); + + $names = local_user_get_groups($user, true); + + foreach ($names as $name) { + $group = getGroupEntry($name); + $group_privs = $group['priv']; + if (!is_array($group_privs)) + continue; + foreach ($group_privs as $pname) { + if (in_array($pname,$user_privs)) + continue; + if (!$priv_list[$pname]) + continue; + $priv = $priv_list[$pname]; + $priv['group'] = $group['name']; + $privs[] = $priv; + } + } + + foreach ($user_privs as $pname) + if($priv_list[$pname]) + $privs[] = $priv_list[$pname]; + + return $privs; +} + +function isAllowedPage($page) { + global $_SESSION; + + $username = $_SESSION['Username']; + if (!isset($username)) + return false; + + /* admin/root access check */ + $user = getUserEntry($username); + if (isset($user)) + if (isset($user['uid'])) + if ($user['uid']==0) + return true; + + /* user privelege access check */ + if (cmp_page_matches($page, $_SESSION['page-match'])) + return true; + + return false; +} + +function getPrivPages(& $entry, & $allowed_pages) { + global $priv_list; + + if (!is_array($entry['priv'])) + return; + + foreach ($entry['priv'] as $pname) { + if (strncmp($pname, "page-", 5)) + continue; + $priv = &$priv_list[$pname]; + if (!is_array($priv)) + continue; + $matches = &$priv['match']; + if (!is_array($matches)) + continue; + foreach ($matches as $match) + $allowed_pages[] = $match; + } +} + +function getAllowedPages($username) { + global $config, $_SESSION; + + if (!function_exists("ldap_connect")) + return; + + $allowed_pages = array(); + $allowed_groups = array(); + + $ldapon = $_SESSION['ldapon']; + + // search for a local user by name + $local_user = getUserEntry($username); + + // obtain local groups if we have a local user + if ($local_user) { + $allowed_groups = local_user_get_groups($local_user); + getPrivPages($local_user, $allowed_pages); + } + + // obtain ldap groups if we are in ldap mode + if ($config['system']['webgui']['backend'] == "ldap" && !$local_user) + $allowed_groups = ldap_get_groups($username); + + // obtain ldapother groups if we are in ldap mode + if ($config['system']['webgui']['backend'] == "ldapother" && !$local_user) + $allowed_groups = ldap_get_groups($username); + + // build a list of allowed pages + if (is_array($config['system']['group']) && is_array($allowed_groups)) + foreach ($config['system']['group'] as $group) + if (in_array($group['name'], $allowed_groups)) + getPrivPages($group, $allowed_pages); + +// $dbg_pages = implode(",", $allowed_pages); +// $dbg_groups = implode(",", $allowed_groups); +// log_error("debug: user {$username} groups = {$dbg_groups}"); +// log_error("debug: user {$username} pages = {$dbg_pages}"); + + $_SESSION['page-match'] = $allowed_pages; + + return $allowed_pages; +} + +?> diff --git a/etc/inc/rrd.inc b/etc/inc/rrd.inc index 1160f40..9feda59 100644 --- a/etc/inc/rrd.inc +++ b/etc/inc/rrd.inc @@ -28,10 +28,7 @@ */ /* include all configuration functions */ -require_once("functions.inc"); -require_once("pkg-utils.inc"); -require_once("notices.inc"); -require_once("globals.inc"); +require_once("config.inc"); function dump_rrd_to_xml($rrddatabase, $xmldumpfile) { $rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool"; diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 8cecbd0..cc785f0 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -975,4 +975,17 @@ function carp_sync_client() { touch($g['tmp_path'] . "/filter_sync"); } +/****f* util/isAjax + * NAME + * isAjax - reports if the request is driven from prototype + * INPUTS + * none + * RESULT + * true/false + ******/ +function isAjax() { + return isset ($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'; +} + + ?> diff --git a/usr/local/www/guiconfig.inc b/usr/local/www/guiconfig.inc index b60614f..f80c375 100755 --- a/usr/local/www/guiconfig.inc +++ b/usr/local/www/guiconfig.inc @@ -1103,25 +1103,318 @@ function echo_array($array,$return_me=false){ } } +/****f* pfsense-utils/display_top_tabs + * NAME + * display_top_tabs - display tabs with rounded edges + * INPUTS + * $text - array of tabs + * RESULT + * null + ******/ +function display_top_tabs(& $tab_array) { + global $HTTP_SERVER_VARS; + global $config; + global $g; + + /* does the user have access to this tab? + * master user has access to everything. + * if the user does not have access, simply + * unset the tab item. + */ + + $tab_temp = array (); + foreach ($tab_array as $ta) + if(isAllowedPage($ta[2])) + $tab_temp[] = $ta; + /* + // FIXME : if the checks are not good enough + // in isAllowedPage, it needs to be + // fixed instead of kludging here + + // TODO: humm what shall we do with pkg_edit.php and pkg.php? + if ((strpos($link, "pkg.php")) !== false || (strpos($link, "pkg_edit.php")) !== false) { + $pos_equal = strpos($link, "="); + $pos_xmlsuffix = strpos($link, ".xml"); + // do we match an absolute url including ?xml= foo + if(!isAllowedPage($link, $allowed)) + $link = substr($link, $pos_equal +1, ($pos_xmlsuffix - $pos_equal +3)); + } + // next check - what if the basename contains a query string? + if ((strpos($link, "?")) !== false) { + $pos_qmark = strpos($link, "?"); + $link = substr($link, 0, $pos_qmark); + } + $authorized_text = print_r($allowed, true); + if(is_array($authorized)) + if (in_array(basename($link), $authorized)) + */ + + unset ($tab_array); + $tab_array = & $tab_temp; + + $tab_active_bg = "#EEEEEE"; + $tab_inactive_bg = "#777777"; + $nifty_tabs_corners = "#FFF"; + $font_color = "white"; + + /* if tabcontrols.php exist for a theme, allow it to be overriden */ + $themename = $config['theme']; + $filename = "/usr/local/www/themes/{$themename}/tabcontrols.php"; + if(file_exists($filename)) { + $eval_code = file_get_contents($filename); + eval($eval_code); + } + + $tabcharcount = 0; + foreach ($tab_array as $ta) + $tabcharcount = $tabcharcount + strlen($ta[0]); + + // If the character count of the tab names is > 670 + // then show a select item dropdown menubox. + if($tabcharcount > 82) { + echo "Currently viewing: "; + echo "\n

"; + } else { + echo "\n"; + echo " \n"; + $tabscounter = 0; + foreach ($tab_array as $ta) { + if ($ta[1] == true) { + echo " \n"; + } else { + echo " \n"; + } + $tabscounter++; + } + echo "\n\n"; + foreach ($tab_array as $ta) { + if ($ta[1] == true) { + echo " \n"; + } else { + echo " \n"; + } + } + echo "\n\n"; + foreach ($tab_array as $ta) { + if ($ta[1] == true) { + echo " \n"; + } else { + echo " \n"; + } + $tabscounter++; + } + echo " \n"; + echo "
   {$ta[0]}"; + echo "   "; + echo "    "; + echo "{$ta[0]}   "; + echo " 
\n"; + echo ""; + } +} + function add_package_tabs($tabgroup, & $tab_array) { - global $config, $g; + global $config, $g; - if(!is_array($config['installedpackages'])) - return; - if(!is_array($config['installedpackages']['tab'])) - return; + if(!is_array($config['installedpackages'])) + return; + if(!is_array($config['installedpackages']['tab'])) + return; - foreach($config['installedpackages']['tab'] as $tab) { - if ($tab['group'] !== $group) - continue; - $tab_entry = array(); - if($tab['name']) { - $tab_entry[] = $tab['name']; - $tab_entry[] = false; - $tab_entry[] = $tab['url']; - $tab_array[] = $tab_entry; - } - } + foreach($config['installedpackages']['tab'] as $tab) { + if ($tab['group'] !== $group) + continue; + $tab_entry = array(); + if($tab['name']) { + $tab_entry[] = $tab['name']; + $tab_entry[] = false; + $tab_entry[] = $tab['url']; + $tab_array[] = $tab_entry; + } + } +} + +/* + * update_output_window: update bottom textarea dynamically. + */ +function update_output_window($text) { + global $pkg_interface; + $log = ereg_replace("\n", "\\n", $text); + if($pkg_interface == "console") { + /* too chatty */ + } else { + echo "\n"; + } + /* ensure that contents are written out */ + ob_flush(); +} + +/* + * update_output_window: update top textarea dynamically. + */ +function update_status($status) { + global $pkg_interface; + if($pkg_interface == "console") { + echo $status . "\n"; + } else { + echo "\n"; + } + /* ensure that contents are written out */ + ob_flush(); +} + +/* + * update_progress_bar($percent): updates the javascript driven progress bar. + */ +function update_progress_bar($percent) { + global $pkg_interface; + if($percent > 100) $percent = 1; + if($pkg_interface <> "console") { + echo "\n"; + } else { + echo " {$percent}%"; + } +} + +function read_header($ch, $string) { + global $file_size, $fout; + $length = strlen($string); + $regs = ""; + ereg("(Content-Length:) (.*)", $string, $regs); + if($regs[2] <> "") { + $file_size = intval($regs[2]); + } + ob_flush(); + return $length; +} + +function read_body($ch, $string) { + global $fout, $file_size, $downloaded, $sendto, $static_status, $static_output, $lastseen; + $length = strlen($string); + $downloaded += intval($length); + $downloadProgress = round(100 * (1 - $downloaded / $file_size), 0); + $downloadProgress = 100 - $downloadProgress; + if($lastseen <> $downloadProgress and $downloadProgress < 101) { + if($sendto == "status") { + $tostatus = $static_status . $downloadProgress . "%"; + update_status($tostatus); + } else { + $tooutput = $static_output . $downloadProgress . "%"; + update_output_window($tooutput); + } + update_progress_bar($downloadProgress); + $lastseen = $downloadProgress; + } + if($fout) + fwrite($fout, $string); + ob_flush(); + return $length; +} + +function rule_popup($src,$srcport,$dst,$dstport){ + global $config; + $aliases_array = array(); + if($config['aliases']['alias'] <> "" and is_array($config['aliases']['alias'])) + { + $span_begin = ""; + $alias_src_span_begin = ""; + $alias_src_span_end = ""; + $alias_src_port_span_begin = ""; + $alias_src_port_span_end = ""; + $alias_dst_span_begin = ""; + $alias_dst_span_end = ""; + $alias_dst_port_span_begin = ""; + $alias_dst_port_span_end = ""; + $alias_content_text = ""; + foreach($config['aliases']['alias'] as $alias_name) + { + $alias_addresses = explode (" ", $alias_name['address']); + $alias_details = explode ("||", $alias_name['detail']); + $alias_objects_with_details = ""; + $counter = 0; + foreach($alias_addresses as $alias_ports_address) + { + $alias_objects_with_details .= $alias_addresses[$counter]; + $alias_detail_default = strpos ($alias_details[$counter],"Entry added"); + if ($alias_details[$counter] != "" && $alias_detail_default === False){ + $alias_objects_with_details .=" - " . $alias_details[$counter]; + } + $alias_objects_with_details .= "
"; + $counter++; + } + //max character length for caption field + $maxlength = 60; + + $alias_descr_substr = $alias_name['descr']; + $alias_content_text = htmlspecialchars($alias_objects_with_details); + $alias_caption = htmlspecialchars($alias_descr_substr . ":"); + $strlength = strlen ($alias_caption); + if ($strlength >= $maxlength) + $alias_caption = substr($alias_caption, 0, $maxlength) . "..."; + + $span_begin = "$alias_caption

$alias_content_text

', 'trail', true, 'delay', 0, 'fade', 'both', 'fadeMax', 93, 'styleClass', 'niceTitle');\" onmouseout=\"this.style.color = ''; domTT_mouseout(this, event);\">"; + + if ($alias_name['name'] == $src) + $alias_src_span_begin = $span_begin; + if ($alias_name['name'] == $srcport) + $alias_src_port_span_begin = $span_begin; + if ($alias_name['name'] == $dst) + $alias_dst_span_begin = $span_begin; + if ($alias_name['name'] == $dstport) + $alias_dst_port_span_begin = $span_begin; + } + $descriptions = array (); + $descriptions['src'] = $alias_src_span_begin; + $descriptions['srcport'] = $alias_src_port_span_begin; + $descriptions['dst'] = $alias_dst_span_begin; + $descriptions['dstport'] = $alias_dst_port_span_begin; + + return $descriptions; + } +} + +function download_file_with_progress_bar($url_file, $destination_file, $readbody = 'read_body') { + global $ch, $fout, $file_size, $downloaded; + $file_size = 1; + $downloaded = 1; + /* open destination file */ + $fout = fopen($destination_file, "wb"); + + /* + * Originally by Author: Keyvan Minoukadeh + * Modified by Scott Ullrich to return Content-Length size + */ + + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, $url_file); + curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'read_header'); + curl_setopt($ch, CURLOPT_WRITEFUNCTION, $readbody); + curl_setopt($ch, CURLOPT_NOPROGRESS, '1'); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, '5'); + curl_setopt($ch, CURLOPT_TIMEOUT, 0); + + curl_exec($ch); + $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); + if($fout) + fclose($fout); + curl_close($ch); + return ($http_code == 200) ? true : $http_code; } ?> diff --git a/usr/local/www/vpn_l2tp_users_edit.php b/usr/local/www/vpn_l2tp_users_edit.php index 98d2dc7..4cf816b 100644 --- a/usr/local/www/vpn_l2tp_users_edit.php +++ b/usr/local/www/vpn_l2tp_users_edit.php @@ -127,7 +127,6 @@ include("head.inc");
-
-- cgit v1.1