Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
1f62a90e
Commit
1f62a90e
authored
Jul 13, 2015
by
Ad Schellevis
Committed by
Franco Fichtner
Jul 20, 2015
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
(legacy) cleanups and moves related to priv.inc
parent
a0452653
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
112 additions
and
118 deletions
+112
-118
authgui.inc
src/etc/inc/authgui.inc
+64
-1
priv.inc
src/etc/inc/priv.inc
+2
-117
system_usermanager.php
src/www/system_usermanager.php
+35
-0
system_usermanager_addprivs.php
src/www/system_usermanager_addprivs.php
+11
-0
No files found.
src/etc/inc/authgui.inc
View file @
1f62a90e
...
...
@@ -32,6 +32,69 @@
include_once
(
"auth.inc"
);
include_once
(
"priv.inc"
);
function
getPrivPages
(
&
$entry
,
&
$allowed_pages
)
{
global
$priv_list
;
if
(
!
isset
(
$entry
[
'priv'
])
||
!
is_array
(
$entry
[
'priv'
]))
return
;
foreach
(
$entry
[
'priv'
]
as
$pname
)
{
if
(
strncmp
(
$pname
,
"page-"
,
5
))
continue
;
$priv
=
&
$priv_list
[
$pname
];
if
(
!
is_array
(
$priv
))
continue
;
$matches
=
&
$priv
[
'match'
];
if
(
!
is_array
(
$matches
))
continue
;
foreach
(
$matches
as
$match
)
$allowed_pages
[]
=
$match
;
}
}
function
getAllowedPages
(
$username
)
{
global
$config
,
$_SESSION
;
if
(
!
function_exists
(
"ldap_connect"
))
return
;
$allowed_pages
=
array
();
$allowed_groups
=
array
();
if
(
isset
(
$config
[
'system'
][
'webgui'
][
'authmode'
]))
{
$authcfg
=
auth_get_authserver
(
$config
[
'system'
][
'webgui'
][
'authmode'
]);
}
else
{
$authcfg
[
'type'
]
=
'local'
;
}
// obtain ldap groups if we are in ldap mode
if
(
$authcfg
[
'type'
]
==
"ldap"
)
$allowed_groups
=
@
ldap_get_groups
(
$username
,
$authcfg
);
else
{
// search for a local user by name
$local_user
=
getUserEntry
(
$username
);
getPrivPages
(
$local_user
,
$allowed_pages
);
// obtain local groups if we have a local user
$allowed_groups
=
local_user_get_groups
(
$local_user
);
}
// build a list of allowed pages
if
(
is_array
(
$config
[
'system'
][
'group'
])
&&
is_array
(
$allowed_groups
))
{
foreach
(
$config
[
'system'
][
'group'
]
as
$group
)
{
if
(
in_array
(
$group
[
'name'
],
$allowed_groups
))
{
getPrivPages
(
$group
,
$allowed_pages
);
}
}
}
$_SESSION
[
'page-match'
]
=
$allowed_pages
;
return
$allowed_pages
;
}
function
session_auth
()
{
global
$config
,
$_SESSION
;
...
...
@@ -119,7 +182,7 @@ function session_auth() {
/* user hit the logout button */
if
(
isset
(
$_GET
[
'logout'
]))
{
if
(
$_SESSION
[
'Logout'
]
)
if
(
isset
(
$_SESSION
[
'Logout'
])
)
log_error
(
sprintf
(
gettext
(
"Session timed out for user '%1
\$
s' from: %2
\$
s"
),
$_SESSION
[
'Username'
],
$_SERVER
[
'REMOTE_ADDR'
]));
else
log_error
(
sprintf
(
gettext
(
"User logged out for user '%1
\$
s' from: %2
\$
s"
),
$_SESSION
[
'Username'
],
$_SERVER
[
'REMOTE_ADDR'
]));
...
...
src/etc/inc/priv.inc
View file @
1f62a90e
...
...
@@ -36,10 +36,6 @@ $priv_list = $acl->getLegacyPrivList();
function
cmp_page_matches
(
$page
,
&
$matches
,
$fullwc
=
true
)
{
// $dbg_matches = implode(",", $matches);
// log_error("debug: checking page {$page} match with {$dbg_matches}");
if
(
!
is_array
(
$matches
))
return
false
;
...
...
@@ -67,40 +63,6 @@ function cmp_page_matches($page, & $matches, $fullwc = true) {
}
function
get_user_privdesc
(
&
$user
)
{
global
$priv_list
;
$privs
=
array
();
$user_privs
=
$user
[
'priv'
];
if
(
!
is_array
(
$user_privs
))
$user_privs
=
array
();
$names
=
local_user_get_groups
(
$user
,
true
);
foreach
(
$names
as
$name
)
{
$group
=
getGroupEntry
(
$name
);
$group_privs
=
$group
[
'priv'
];
if
(
!
is_array
(
$group_privs
))
continue
;
foreach
(
$group_privs
as
$pname
)
{
if
(
in_array
(
$pname
,
$user_privs
))
continue
;
if
(
!
$priv_list
[
$pname
])
continue
;
$priv
=
$priv_list
[
$pname
];
$priv
[
'group'
]
=
$group
[
'name'
];
$privs
[]
=
$priv
;
}
}
foreach
(
$user_privs
as
$pname
)
if
(
$priv_list
[
$pname
])
$privs
[]
=
$priv_list
[
$pname
];
return
$privs
;
}
function
isAllowed
(
$username
,
$page
)
{
global
$_SESSION
;
...
...
@@ -129,16 +91,12 @@ function isAllowed($username, $page)
function
isAllowedPage
(
$page
)
{
global
$_SESSION
;
$username
=
$_SESSION
[
'Username'
];
if
(
!
isset
(
$username
))
{
if
(
!
isset
(
$_SESSION
[
'Username'
]))
{
return
false
;
}
/* root access check */
$user
=
getUserEntry
(
$
username
);
$user
=
getUserEntry
(
$
_SESSION
[
'Username'
]
);
if
(
isset
(
$user
))
{
if
(
isset
(
$user
[
'uid'
]))
{
if
(
$user
[
'uid'
]
==
0
)
{
...
...
@@ -151,78 +109,5 @@ function isAllowedPage($page)
return
cmp_page_matches
(
$page
,
$_SESSION
[
'page-match'
]);
}
function
getPrivPages
(
&
$entry
,
&
$allowed_pages
)
{
global
$priv_list
;
if
(
!
isset
(
$entry
[
'priv'
])
||
!
is_array
(
$entry
[
'priv'
]))
return
;
foreach
(
$entry
[
'priv'
]
as
$pname
)
{
if
(
strncmp
(
$pname
,
"page-"
,
5
))
continue
;
$priv
=
&
$priv_list
[
$pname
];
if
(
!
is_array
(
$priv
))
continue
;
$matches
=
&
$priv
[
'match'
];
if
(
!
is_array
(
$matches
))
continue
;
foreach
(
$matches
as
$match
)
$allowed_pages
[]
=
$match
;
}
}
function
getAllowedPages
(
$username
)
{
global
$config
,
$_SESSION
;
if
(
!
function_exists
(
"ldap_connect"
))
return
;
$allowed_pages
=
array
();
$allowed_groups
=
array
();
if
(
isset
(
$config
[
'system'
][
'webgui'
][
'authmode'
]))
{
$authcfg
=
auth_get_authserver
(
$config
[
'system'
][
'webgui'
][
'authmode'
]);
}
else
{
$authcfg
[
'type'
]
=
'local'
;
}
// obtain ldap groups if we are in ldap mode
if
(
$authcfg
[
'type'
]
==
"ldap"
)
$allowed_groups
=
@
ldap_get_groups
(
$username
,
$authcfg
);
else
{
// search for a local user by name
$local_user
=
getUserEntry
(
$username
);
getPrivPages
(
$local_user
,
$allowed_pages
);
// obtain local groups if we have a local user
$allowed_groups
=
local_user_get_groups
(
$local_user
);
}
// build a list of allowed pages
if
(
is_array
(
$config
[
'system'
][
'group'
])
&&
is_array
(
$allowed_groups
))
{
foreach
(
$config
[
'system'
][
'group'
]
as
$group
)
{
if
(
in_array
(
$group
[
'name'
],
$allowed_groups
))
{
getPrivPages
(
$group
,
$allowed_pages
);
}
}
}
// $dbg_pages = implode(",", $allowed_pages);
// $dbg_groups = implode(",", $allowed_groups);
// log_error("debug: user {$username} groups = {$dbg_groups}");
// log_error("debug: user {$username} pages = {$dbg_pages}");
$_SESSION
[
'page-match'
]
=
$allowed_pages
;
return
$allowed_pages
;
}
function
sort_user_privs
(
$privs
)
{
// Privileges to place first, to redirect properly.
$priority_privs
=
array
(
"page-dashboard-all"
,
"page-system-login/logout"
);
$fprivs
=
array_intersect
(
$privs
,
$priority_privs
);
$sprivs
=
array_diff
(
$privs
,
$priority_privs
);
return
array_merge
(
$fprivs
,
$sprivs
);
}
?>
src/www/system_usermanager.php
View file @
1f62a90e
...
...
@@ -32,6 +32,41 @@
require_once
(
"certs.inc"
);
require_once
(
"guiconfig.inc"
);
function
get_user_privdesc
(
&
$user
)
{
global
$priv_list
;
$privs
=
array
();
$user_privs
=
$user
[
'priv'
];
if
(
!
is_array
(
$user_privs
))
$user_privs
=
array
();
$names
=
local_user_get_groups
(
$user
,
true
);
foreach
(
$names
as
$name
)
{
$group
=
getGroupEntry
(
$name
);
$group_privs
=
$group
[
'priv'
];
if
(
!
is_array
(
$group_privs
))
continue
;
foreach
(
$group_privs
as
$pname
)
{
if
(
in_array
(
$pname
,
$user_privs
))
continue
;
if
(
!
$priv_list
[
$pname
])
continue
;
$priv
=
$priv_list
[
$pname
];
$priv
[
'group'
]
=
$group
[
'name'
];
$privs
[]
=
$priv
;
}
}
foreach
(
$user_privs
as
$pname
)
if
(
$priv_list
[
$pname
])
$privs
[]
=
$priv_list
[
$pname
];
return
$privs
;
}
// start admin user code
$pgtitle
=
array
(
gettext
(
"System"
),
gettext
(
"User Manager"
));
...
...
src/www/system_usermanager_addprivs.php
View file @
1f62a90e
...
...
@@ -33,6 +33,17 @@ function admusercmp($a, $b)
require_once
(
"guiconfig.inc"
);
function
sort_user_privs
(
$privs
)
{
// Privileges to place first, to redirect properly.
$priority_privs
=
array
(
"page-dashboard-all"
,
"page-system-login/logout"
);
$fprivs
=
array_intersect
(
$privs
,
$priority_privs
);
$sprivs
=
array_diff
(
$privs
,
$priority_privs
);
return
array_merge
(
$fprivs
,
$sprivs
);
}
$pgtitle
=
array
(
"System"
,
"User manager"
,
"Add privileges"
);
if
(
is_numericint
(
$_GET
[
'userid'
]))
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment