* All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
##|+PRIV
##|*IDENT=page-system-usermanager-settings
##|*NAME=System: User Manager: Settings
##|*DESCR=Allow access to the 'System: User Manager: Settings' page.
##|*WARN=standard-warning-root
##|*MATCH=system_usermanager_settings.php*
##|-PRIV
require_once("guiconfig.inc");
require_once("auth.inc");
// Test LDAP settings in response to an AJAX request from this page.
if ($_REQUEST['ajax']) {
if (isset($config['system']['authserver'][0]['host'])) {
$auth_server = $config['system']['authserver'][0]['host'];
$authserver = $_REQUEST['authserver'];
$authcfg = auth_get_authserver($authserver);
}
if (!$authcfg) {
printf(gettext('%1$sError: Could not find settings for %2$s%3$s'), '', htmlspecialchars($authserver), "");
exit;
} else {
print("
");
print('
');
print("" . sprintf(gettext('Attempting connection to %1$s%2$s%3$s'), " | ", htmlspecialchars($auth_server), " | "));
if (ldap_test_connection($authcfg)) {
print("" . gettext("OK") . " |
");
print("" . sprintf(gettext('Attempting bind to %1$s%2$s%3$s'), " | ", htmlspecialchars($auth_server), " | "));
if (ldap_test_bind($authcfg)) {
print('' . gettext("OK") . " |
");
print("" . sprintf(gettext('Attempting to fetch Organizational Units from %1$s%2$s%3$s'), " | ", htmlspecialchars($auth_server), " | "));
$ous = ldap_get_user_ous(true, $authcfg);
if (count($ous)>1) {
print('' . gettext("OK") . " |
");
print('');
if (is_array($ous)) {
print("" . gettext("Organization units found") . "");
print('');
foreach ($ous as $ou) {
print("" . $ou . " | ");
}
print("");
print(" ");
}
} else {
print(" | " . gettext("failed") . " |
");
}
print("
");
} else {
print('' . gettext("failed") . " | ");
print("");
}
} else {
print('' . gettext("failed") . " | ");
print("");
}
print("");
exit;
}
}
$pconfig['session_timeout'] = $config['system']['webgui']['session_timeout'];
if (isset($config['system']['webgui']['authmode'])) {
$pconfig['authmode'] = $config['system']['webgui']['authmode'];
} else {
$pconfig['authmode'] = "Local Database";
}
$pconfig['backend'] = $config['system']['webgui']['backend'];
$pconfig['auth_refresh_time'] = $config['system']['webgui']['auth_refresh_time'];
// Page title for main admin
$pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Settings"));
$pglinks = array("", "system_usermanager.php", "@self");
$save_and_test = false;
if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
if (isset($_POST['session_timeout'])) {
$timeout = intval($_POST['session_timeout']);
if ($timeout != "" && (!is_numeric($timeout) || $timeout <= 0)) {
$input_errors[] = gettext("Session timeout must be an integer value.");
}
}
if (isset($_POST['auth_refresh_time'])) {
$timeout = intval($_POST['auth_refresh_time']);
if (!is_numeric($timeout) || $timeout < 0 || $timeout > 3600 ) {
$input_errors[] = gettext("Authentication refresh time must be an integer between 0 and 3600 (inclusive).");
}
}
if (($_POST['authmode'] == "Local Database") && $_POST['savetest']) {
$savemsg = gettext("Settings have been saved, but the test was not performed because it is not supported for local databases.");
}
if (!$input_errors) {
if ($_POST['authmode'] != "Local Database") {
$authsrv = auth_get_authserver($_POST['authmode']);
if ($_POST['savetest']) {
if ($authsrv['type'] == "ldap") {
$save_and_test = true;
} else {
$savemsg = gettext("Settings have been saved, but the test was not performed because it is supported only for LDAP based backends.");
}
}
}
if (isset($_POST['session_timeout']) && $_POST['session_timeout'] != "") {
$config['system']['webgui']['session_timeout'] = intval($_POST['session_timeout']);
} else {
unset($config['system']['webgui']['session_timeout']);
}
if ($_POST['authmode']) {
$config['system']['webgui']['authmode'] = $_POST['authmode'];
} else {
unset($config['system']['webgui']['authmode']);
}
if (isset($_POST['auth_refresh_time']) && $_POST['auth_refresh_time'] != "") {
$config['system']['webgui']['auth_refresh_time'] = intval($_POST['auth_refresh_time']);
} else {
unset($config['system']['webgui']['auth_refresh_time']);
}
write_config();
}
}
include("head.inc");
if ($input_errors) {
print_input_errors($input_errors);
}
if ($savemsg) {
print_info_box($savemsg, 'success');
}
$tab_array = array();
$tab_array[] = array(gettext("Users"), false, "system_usermanager.php");
$tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php");
$tab_array[] = array(gettext("Settings"), true, "system_usermanager_settings.php");
$tab_array[] = array(gettext("Authentication Servers"), false, "system_authservers.php");
display_top_tabs($tab_array);
/* Default to pfsense backend type if none is defined */
if (!$pconfig['backend']) {
$pconfig['backend'] = "pfsense";
}
$form = new Form;
$section = new Form_Section('Settings');
$section->addInput(new Form_Input(
'session_timeout',
'Session timeout',
'number',
$pconfig['session_timeout'],
['min' => 0]
))->setHelp('Time in minutes to expire idle management sessions. The default is 4 '.
'hours (240 minutes). Enter 0 to never expire sessions. NOTE: This is a security '.
'risk!');
$auth_servers = array();
foreach (auth_get_authserver_list() as $idx_authserver => $auth_server) {
$auth_servers[ $idx_authserver ] = $auth_server['name'];
}
$section->addInput(new Form_Select(
'authmode',
'*Authentication Server',
$pconfig['authmode'],
$auth_servers
));
$section->addInput(new Form_Input(
'auth_refresh_time',
'Auth Refresh Time',
'number',
$pconfig['auth_refresh_time'],
['min' => 0, 'max' => 3600]
))->setHelp('Time in seconds to cache authentication results. The default is 30 seconds, maximum 3600 (one hour). '.
'Shorter times result in more frequent queries to authentication servers.');
$form->addGlobal(new Form_Button(
'savetest',
'Save & Test',
null,
'fa-wrench'
))->addClass('btn-info');
$form->add($section);
$modal = new Modal("LDAP settings", "testresults", true);
$modal->addInput(new Form_StaticText(
'Test results',
'Testing pfSense LDAP settings... One moment please...' . $g['product_name'] . ''
));
$form->add($modal);
print $form;
// If the user clicked "Save & Test" show the modal and populate it with the test results via AJAX
if ($save_and_test) {
?>