Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
2a0b7a7a
Commit
2a0b7a7a
authored
Nov 07, 2016
by
Franco Fichtner
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
mvc: merge pluggable authentication remains et al
parent
c91450bb
Changes
12
Hide whitespace changes
Inline
Side-by-side
Showing
12 changed files
with
526 additions
and
273 deletions
+526
-273
plist
plist
+1
-0
API.php
src/opnsense/mvc/app/library/OPNsense/Auth/API.php
+9
-0
AuthenticationFactory.php
...e/mvc/app/library/OPNsense/Auth/AuthenticationFactory.php
+57
-23
LDAP.php
src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
+18
-0
Local.php
src/opnsense/mvc/app/library/OPNsense/Auth/Local.php
+9
-0
LocalTOTP.php
src/opnsense/mvc/app/library/OPNsense/Auth/LocalTOTP.php
+18
-116
Radius.php
src/opnsense/mvc/app/library/OPNsense/Auth/Radius.php
+18
-0
TOTP.php
src/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php
+232
-0
Voucher.php
src/opnsense/mvc/app/library/OPNsense/Auth/Voucher.php
+60
-0
api.php
src/opnsense/www/api.php
+2
-1
opnsense_ui.js
src/opnsense/www/js/opnsense_ui.js
+0
-11
system_authservers.php
src/www/system_authservers.php
+102
-122
No files found.
plist
View file @
2a0b7a7a
...
...
@@ -371,6 +371,7 @@
/usr/local/opnsense/mvc/app/library/OPNsense/Auth/Local.php
/usr/local/opnsense/mvc/app/library/OPNsense/Auth/LocalTOTP.php
/usr/local/opnsense/mvc/app/library/OPNsense/Auth/Radius.php
/usr/local/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php
/usr/local/opnsense/mvc/app/library/OPNsense/Auth/Voucher.php
/usr/local/opnsense/mvc/app/library/OPNsense/Base/Filters/QueryFilter.php
/usr/local/opnsense/mvc/app/library/OPNsense/Base/UIModelGrid.php
...
...
src/opnsense/mvc/app/library/OPNsense/Auth/API.php
View file @
2a0b7a7a
...
...
@@ -42,6 +42,15 @@ class API implements IAuthConnector
*/
private
$lastAuthProperties
=
array
();
/**
* type name in configuration
* @return string
*/
public
static
function
getType
()
{
return
'api'
;
}
/**
* set connector properties
* @param array $config connection properties
...
...
src/opnsense/mvc/app/library/OPNsense/Auth/AuthenticationFactory.php
View file @
2a0b7a7a
...
...
@@ -57,6 +57,33 @@ class AuthenticationFactory
return
$result
;
}
/**
* list installed auth connectors
* @return array
*/
private
function
listConnectors
()
{
$connectors
=
array
();
foreach
(
glob
(
__DIR__
.
"/*.php"
)
as
$filename
)
{
$pathParts
=
explode
(
'/'
,
$filename
);
$vendor
=
$pathParts
[
count
(
$pathParts
)
-
3
];
$module
=
$pathParts
[
count
(
$pathParts
)
-
2
];
$classname
=
explode
(
'.php'
,
$pathParts
[
count
(
$pathParts
)
-
1
])[
0
];
$reflClass
=
new
\ReflectionClass
(
"
{
$vendor
}
\\
{
$module
}
\\
{
$classname
}
"
);
if
(
$reflClass
->
implementsInterface
(
'OPNsense\\Auth\\IAuthConnector'
))
{
if
(
$reflClass
->
hasMethod
(
'getType'
))
{
$connectorType
=
$reflClass
->
getMethod
(
'getType'
)
->
invoke
(
null
);
$connector
=
array
();
$connector
[
'class'
]
=
"
{
$vendor
}
\\
{
$module
}
\\
{
$classname
}
"
;
$connector
[
'classHandle'
]
=
$reflClass
;
$connector
[
'type'
]
=
$connectorType
;
$connectors
[
$connectorType
]
=
$connector
;
}
}
}
return
$connectors
;
}
/**
* request list of configured servers, the factory needs to be aware of it's options and settings to
* be able to instantiate useful connectors.
...
...
@@ -90,32 +117,16 @@ class AuthenticationFactory
$localUserMap
=
array
();
$servers
=
$this
->
listServers
();
$servers
[
'Local API'
]
=
array
(
"name"
=>
"Local API Database"
,
"type"
=>
"api"
);
// create a new auth connector
if
(
isset
(
$servers
[
$authserver
][
'type'
]))
{
switch
(
$servers
[
$authserver
][
'type'
])
{
case
'local'
:
$authObject
=
new
Local
();
break
;
case
'ldap'
:
$authObject
=
new
LDAP
();
$localUserMap
=
$this
->
fetchUserDNs
();
break
;
case
'radius'
:
$authObject
=
new
Radius
();
break
;
case
'voucher'
:
$authObject
=
new
Voucher
();
break
;
case
'api'
:
$authObject
=
new
API
();
break
;
case
'totp'
:
$authObject
=
new
LocalTOTP
();
break
;
default
:
$authObject
=
null
;
$connectors
=
$this
->
listConnectors
();
if
(
!
empty
(
$connectors
[
$servers
[
$authserver
][
'type'
]]))
{
$authObject
=
$connectors
[
$servers
[
$authserver
][
'type'
]][
'classHandle'
]
->
newInstance
();
}
if
(
$servers
[
$authserver
][
'type'
]
==
'ldap'
)
{
$localUserMap
=
$this
->
fetchUserDNs
();
}
if
(
$authObject
!=
null
)
{
$props
=
$servers
[
$authserver
];
// when a local user exist and has a different (distinguished) name on the authenticator we already
...
...
@@ -128,4 +139,27 @@ class AuthenticationFactory
return
null
;
}
/**
* list configuration options for pluggable auth modules
* @return array
*/
public
function
listConfigOptions
()
{
$result
=
array
();
foreach
(
$this
->
listConnectors
()
as
$connector
)
{
if
(
$connector
[
'classHandle'
]
->
hasMethod
(
'getDescription'
))
{
$obj
=
$connector
[
'classHandle'
]
->
newInstance
();
$authItem
=
$connector
;
$authItem
[
'description'
]
=
$obj
->
getDescription
();
if
(
$connector
[
'classHandle'
]
->
hasMethod
(
'getConfigurationOptions'
))
{
$authItem
[
'additionalFields'
]
=
$obj
->
getConfigurationOptions
();
}
else
{
$authItem
[
'additionalFields'
]
=
array
();
}
$result
[
$obj
->
getType
()]
=
$authItem
;
}
}
return
$result
;
}
}
src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
View file @
2a0b7a7a
...
...
@@ -141,6 +141,24 @@ class LDAP implements IAuthConnector
return
$result
;
}
/**
* type name in configuration
* @return string
*/
public
static
function
getType
()
{
return
'ldap'
;
}
/**
* user friendly description of this authenticator
* @return string
*/
public
function
getDescription
()
{
return
gettext
(
"LDAP"
);
}
/**
* construct a new LDAP connector
* @param null|string $baseSearchDN setup base searchDN or list of DN's separated by ;
...
...
src/opnsense/mvc/app/library/OPNsense/Auth/Local.php
View file @
2a0b7a7a
...
...
@@ -37,6 +37,15 @@ use OPNsense\Core\Config;
*/
class
Local
implements
IAuthConnector
{
/**
* type name in configuration
* @return string
*/
public
static
function
getType
()
{
return
'local'
;
}
/**
* set connector properties
* @param array $config connection properties
...
...
src/opnsense/mvc/app/library/OPNsense/Auth/LocalTOTP.php
View file @
2a0b7a7a
...
...
@@ -30,146 +30,48 @@
namespace
OPNsense\Auth
;
require_once
'base32/Base32.php'
;
/**
* RFC 6238 TOTP: Time-Based One-Time Password Authenticator
* @package OPNsense\Auth
*/
class
LocalTOTP
extends
Local
{
/**
* @var int time window in seconds (google auth uses 30, some hardware tokens use 60)
*/
private
$timeWindow
=
30
;
/**
* @var int key length (6,8)
*/
private
$otpLength
=
6
;
/**
* @var int number of seconds the clocks (local, remote) may differ
*/
private
$graceperiod
=
10
;
/**
* set connector properties
* @param array $config connection properties
*/
public
function
setProperties
(
$config
)
{
parent
::
setProperties
(
$config
);
if
(
!
empty
(
$config
[
'timeWindow'
]))
{
$this
->
timeWindow
=
$config
[
'timeWindow'
];
}
if
(
!
empty
(
$config
[
'otpLength'
]))
{
$this
->
otpLength
=
$config
[
'otpLength'
];
}
if
(
!
empty
(
$config
[
'graceperiod'
]))
{
$this
->
graceperiod
=
$config
[
'graceperiod'
];
}
}
use
TOTP
;
/**
*
use graceperiod and timeWindow to calculate which moments in time we should check
* @return
array timestamps
*
type name in configuration
* @return
string
*/
p
rivate
function
timesToCheck
()
p
ublic
static
function
getType
()
{
$result
=
array
();
if
(
$this
->
graceperiod
>
$this
->
timeWindow
)
{
$step
=
$this
->
timeWindow
;
$start
=
-
1
*
floor
(
$this
->
graceperiod
/
$this
->
timeWindow
)
*
$this
->
timeWindow
;
}
else
{
$step
=
$this
->
graceperiod
;
$start
=
-
1
*
$this
->
graceperiod
;
}
$now
=
time
();
for
(
$count
=
$start
;
$count
<=
$this
->
graceperiod
;
$count
+=
$step
)
{
$result
[]
=
$now
+
$count
;
if
(
$this
->
graceperiod
==
0
)
{
// special case, we expect the clocks to match 100%, so step and target are both 0
break
;
}
}
return
$result
;
return
'totp'
;
}
/**
* @param int $moment timestemp
* @param string $secret secret to use
* @return calculated token code
* user friendly description of this authenticator
* @return string
*/
p
rivate
function
calculateToken
(
$moment
,
$secret
)
p
ublic
function
getDescription
(
)
{
// calculate binary 8 character time for provided window
$binary_time
=
pack
(
"N"
,
(
int
)(
$moment
/
$this
->
timeWindow
));
$binary_time
=
str_pad
(
$binary_time
,
8
,
chr
(
0
),
STR_PAD_LEFT
);
// Generate the hash using the SHA1 algorithm
$hash
=
hash_hmac
(
'sha1'
,
$binary_time
,
$secret
,
true
);
$offset
=
ord
(
$hash
[
19
])
&
0xf
;
$otp
=
(
((
ord
(
$hash
[
$offset
+
0
])
&
0x7f
)
<<
24
)
|
((
ord
(
$hash
[
$offset
+
1
])
&
0xff
)
<<
16
)
|
((
ord
(
$hash
[
$offset
+
2
])
&
0xff
)
<<
8
)
|
(
ord
(
$hash
[
$offset
+
3
])
&
0xff
)
)
%
pow
(
10
,
$this
->
otpLength
);
$otp
=
str_pad
(
$otp
,
$this
->
otpLength
,
"0"
,
STR_PAD_LEFT
);
return
$otp
;
return
gettext
(
"Local + Timebased One Time Password"
);
}
/**
* return current token code
* @param $base32seed secret to use
* @return string token code
*/
public
function
testToken
(
$base32seed
)
{
$otp_seed
=
\Base32\Base32
::
decode
(
$base32seed
);
return
$this
->
calculateToken
(
time
(),
$otp_seed
);
}
/**
* authenticate TOTP RFC 6238
* @param string $secret secret seed to use
* @param string $code provided code
* @return bool is valid
* set connector properties
* @param array $config connection properties
*/
p
rivate
function
authTOTP
(
$secret
,
$code
)
p
ublic
function
setProperties
(
$config
)
{
foreach
(
$this
->
timesToCheck
()
as
$moment
)
{
if
(
$code
==
$this
->
calculateToken
(
$moment
,
$secret
))
{
return
true
;
}
}
return
false
;
parent
::
setProperties
(
$config
);
$this
->
setTOTPProperties
(
$config
);
}
/**
* authenticate user against otp key stored in local database
* @param string $username username to authenticate
* @param string $password user password
* @return bool authentication status
* retrieve configuration options
* @return array
*/
public
function
authenticate
(
$username
,
$password
)
public
function
getConfigurationOptions
(
)
{
$userObject
=
$this
->
getUser
(
$username
);
if
(
$userObject
!=
null
&&
!
empty
(
$userObject
->
otp_seed
))
{
if
(
strlen
(
$password
)
>
$this
->
otpLength
)
{
// split otp token code and userpassword
$code
=
substr
(
$password
,
0
,
$this
->
otpLength
);
$userPassword
=
substr
(
$password
,
$this
->
otpLength
);
$otp_seed
=
\Base32\Base32
::
decode
(
$userObject
->
otp_seed
);
if
(
$this
->
authTOTP
(
$otp_seed
,
$code
))
{
// token valid, do local auth
return
parent
::
authenticate
(
$userObject
,
$userPassword
);
}
}
}
return
false
;
return
$this
->
getTOTPConfigurationOptions
();
}
}
src/opnsense/mvc/app/library/OPNsense/Auth/Radius.php
View file @
2a0b7a7a
...
...
@@ -81,6 +81,24 @@ class Radius implements IAuthConnector
*/
private
$lastAuthProperties
=
array
();
/**
* type name in configuration
* @return string
*/
public
static
function
getType
()
{
return
'radius'
;
}
/**
* user friendly description of this authenticator
* @return string
*/
public
function
getDescription
()
{
return
gettext
(
"Radius"
);
}
/**
* set connector properties
* @param array $config connection properties
...
...
src/opnsense/mvc/app/library/OPNsense/Auth/TOTP.php
0 → 100644
View file @
2a0b7a7a
<?php
/**
* Copyright (C) 2016 Deciso B.V.
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
namespace
OPNsense\Auth
;
require_once
'base32/Base32.php'
;
/**
* RFC 6238 TOTP: Time-Based One-Time Password Authenticator
* @package OPNsense\Auth
*/
trait
TOTP
{
/**
* @var int time window in seconds (google auth uses 30, some hardware tokens use 60)
*/
private
$timeWindow
=
30
;
/**
* @var int key length (6,8)
*/
private
$otpLength
=
6
;
/**
* @var int number of seconds the clocks (local, remote) may differ
*/
private
$graceperiod
=
10
;
/**
* @var string method accepting username and returning a simplexml user object
*/
private
$getUserMethod
=
'getUser'
;
/**
* use graceperiod and timeWindow to calculate which moments in time we should check
* @return array timestamps
*/
private
function
timesToCheck
()
{
$result
=
array
();
if
(
$this
->
graceperiod
>
$this
->
timeWindow
)
{
$step
=
$this
->
timeWindow
;
$start
=
-
1
*
floor
(
$this
->
graceperiod
/
$this
->
timeWindow
)
*
$this
->
timeWindow
;
}
else
{
$step
=
$this
->
graceperiod
;
$start
=
-
1
*
$this
->
graceperiod
;
}
$now
=
time
();
for
(
$count
=
$start
;
$count
<=
$this
->
graceperiod
;
$count
+=
$step
)
{
$result
[]
=
$now
+
$count
;
if
(
$this
->
graceperiod
==
0
)
{
// special case, we expect the clocks to match 100%, so step and target are both 0
break
;
}
}
return
$result
;
}
/**
* @param int $moment timestemp
* @param string $secret secret to use
* @return calculated token code
*/
private
function
calculateToken
(
$moment
,
$secret
)
{
// calculate binary 8 character time for provided window
$binary_time
=
pack
(
"N"
,
(
int
)(
$moment
/
$this
->
timeWindow
));
$binary_time
=
str_pad
(
$binary_time
,
8
,
chr
(
0
),
STR_PAD_LEFT
);
// Generate the hash using the SHA1 algorithm
$hash
=
hash_hmac
(
'sha1'
,
$binary_time
,
$secret
,
true
);
$offset
=
ord
(
$hash
[
19
])
&
0xf
;
$otp
=
(
((
ord
(
$hash
[
$offset
+
0
])
&
0x7f
)
<<
24
)
|
((
ord
(
$hash
[
$offset
+
1
])
&
0xff
)
<<
16
)
|
((
ord
(
$hash
[
$offset
+
2
])
&
0xff
)
<<
8
)
|
(
ord
(
$hash
[
$offset
+
3
])
&
0xff
)
)
%
pow
(
10
,
$this
->
otpLength
);
$otp
=
str_pad
(
$otp
,
$this
->
otpLength
,
"0"
,
STR_PAD_LEFT
);
return
$otp
;
}
/**
* return current token code
* @param $base32seed secret to use
* @return string token code
*/
public
function
testToken
(
$base32seed
)
{
$otp_seed
=
\Base32\Base32
::
decode
(
$base32seed
);
return
$this
->
calculateToken
(
time
(),
$otp_seed
);
}
/**
* authenticate TOTP RFC 6238
* @param string $secret secret seed to use
* @param string $code provided code
* @return bool is valid
*/
private
function
authTOTP
(
$secret
,
$code
)
{
foreach
(
$this
->
timesToCheck
()
as
$moment
)
{
if
(
$code
==
$this
->
calculateToken
(
$moment
,
$secret
))
{
return
true
;
}
}
return
false
;
}
/**
* authenticate user against otp key stored in local database
* @param string $username username to authenticate
* @param string $password user password
* @return bool authentication status
*/
public
function
authenticate
(
$username
,
$password
)
{
$getUserMethod
=
$this
->
getUserMethod
;
$userObject
=
$this
->
$getUserMethod
(
$username
);
if
(
$userObject
!=
null
&&
!
empty
(
$userObject
->
otp_seed
))
{
if
(
strlen
(
$password
)
>
$this
->
otpLength
)
{
// split otp token code and userpassword
$code
=
substr
(
$password
,
0
,
$this
->
otpLength
);
$userPassword
=
substr
(
$password
,
$this
->
otpLength
);
$otp_seed
=
\Base32\Base32
::
decode
(
$userObject
->
otp_seed
);
if
(
$this
->
authTOTP
(
$otp_seed
,
$code
))
{
// token valid, do parents auth
return
parent
::
authenticate
(
$userObject
,
$userPassword
);
}
}
}
return
false
;
}
/**
* set TOTP specific connector properties
* @param array $config connection properties
*/
public
function
setTOTPProperties
(
$config
)
{
if
(
!
empty
(
$config
[
'timeWindow'
]))
{
$this
->
timeWindow
=
$config
[
'timeWindow'
];
}
if
(
!
empty
(
$config
[
'otpLength'
]))
{
$this
->
otpLength
=
$config
[
'otpLength'
];
}
if
(
!
empty
(
$config
[
'graceperiod'
]))
{
$this
->
graceperiod
=
$config
[
'graceperiod'
];
}
}
/**
* retrieve TOTP specific configuration options
* @return array
*/
private
function
getTOTPConfigurationOptions
()
{
$fields
=
array
();
$fields
[
"otpLength"
]
=
array
();
$fields
[
"otpLength"
][
"name"
]
=
gettext
(
"Token length"
);
$fields
[
"otpLength"
][
"type"
]
=
"dropdown"
;
$fields
[
"otpLength"
][
"default"
]
=
6
;
$fields
[
"otpLength"
][
"options"
]
=
array
();
$fields
[
"otpLength"
][
"options"
][
"6"
]
=
"6"
;
$fields
[
"otpLength"
][
"options"
][
"8"
]
=
"8"
;
$fields
[
"otpLength"
][
"help"
]
=
gettext
(
"Token length to use"
);
$fields
[
"otpLength"
][
"validate"
]
=
function
(
$value
)
{
if
(
!
in_array
(
$value
,
array
(
6
,
8
)))
{
return
array
(
gettext
(
"Only token lengths of 6 or 8 characters are supported"
));
}
else
{
return
array
();
}
};
$fields
[
"timeWindow"
]
=
array
();
$fields
[
"timeWindow"
][
"name"
]
=
gettext
(
"Time window"
);
$fields
[
"timeWindow"
][
"type"
]
=
"text"
;
$fields
[
"timeWindow"
][
"default"
]
=
null
;
$fields
[
"timeWindow"
][
"help"
]
=
gettext
(
"The time period in which the token will be valid,"
.
" default is 30 seconds (google authenticator)"
);
$fields
[
"timeWindow"
][
"validate"
]
=
function
(
$value
)
{
if
(
!
empty
(
$value
)
&&
filter_var
(
$value
,
FILTER_SANITIZE_NUMBER_INT
)
!=
$value
)
{
return
array
(
gettext
(
"Please enter a valid time window in seconds"
));
}
else
{
return
array
();
}
};
$fields
[
"graceperiod"
]
=
array
();
$fields
[
"graceperiod"
][
"name"
]
=
gettext
(
"Grace period"
);
$fields
[
"graceperiod"
][
"type"
]
=
"text"
;
$fields
[
"graceperiod"
][
"default"
]
=
null
;
$fields
[
"graceperiod"
][
"help"
]
=
gettext
(
"Time in seconds in which this server and the token may differ,"
.
" default is 10 seconds. Set higher for a less secure easier match."
);
$fields
[
"graceperiod"
][
"validate"
]
=
function
(
$value
)
{
if
(
!
empty
(
$value
)
&&
filter_var
(
$value
,
FILTER_SANITIZE_NUMBER_INT
)
!=
$value
)
{
return
array
(
gettext
(
"Please enter a valid grace period in seconds"
));
}
else
{
return
array
();
}
};
return
$fields
;
}
}
src/opnsense/mvc/app/library/OPNsense/Auth/Voucher.php
View file @
2a0b7a7a
...
...
@@ -68,6 +68,24 @@ class Voucher implements IAuthConnector
*/
private
$lastAuthProperties
=
array
();
/**
* type name in configuration
* @return string
*/
public
static
function
getType
()
{
return
'voucher'
;
}
/**
* user friendly description of this authenticator
* @return string
*/
public
function
getDescription
()
{
return
gettext
(
"Voucher"
);
}
/**
* open database
*/
...
...
@@ -391,4 +409,46 @@ class Voucher implements IAuthConnector
}
return
false
;
}
/**
* retrieve configuration options
* @return array
*/
public
function
getConfigurationOptions
()
{
$fields
=
array
();
$fields
[
"simplePasswords"
]
=
array
();
$fields
[
"simplePasswords"
][
"name"
]
=
gettext
(
"Use simple passwords (less secure)"
);
$fields
[
"simplePasswords"
][
"type"
]
=
"checkbox"
;
$fields
[
"simplePasswords"
][
"help"
]
=
gettext
(
"Use simple (less secure) passwords, which are easier to read"
);
$fields
[
"simplePasswords"
][
"validate"
]
=
function
(
$value
)
{
return
array
();
};
$fields
[
"usernameLength"
]
=
array
();
$fields
[
"usernameLength"
][
"name"
]
=
gettext
(
"Username length"
);
$fields
[
"usernameLength"
][
"type"
]
=
"text"
;
$fields
[
"usernameLength"
][
"default"
]
=
null
;
$fields
[
"usernameLength"
][
"help"
]
=
gettext
(
"Specify alternative username length for generating vouchers"
);
$fields
[
"usernameLength"
][
"validate"
]
=
function
(
$value
)
{
if
(
!
empty
(
$value
)
&&
filter_var
(
$value
,
FILTER_SANITIZE_NUMBER_INT
)
!=
$value
)
{
return
array
(
gettext
(
"Username length must be a number or empty for default."
));
}
else
{
return
array
();
}
};
$fields
[
"passwordLength"
]
=
array
();
$fields
[
"passwordLength"
][
"name"
]
=
gettext
(
"Password length"
);
$fields
[
"passwordLength"
][
"type"
]
=
"text"
;
$fields
[
"passwordLength"
][
"default"
]
=
null
;
$fields
[
"passwordLength"
][
"help"
]
=
gettext
(
"Specify alternative password length for generating vouchers"
);
$fields
[
"passwordLength"
][
"validate"
]
=
function
(
$value
)
{
if
(
!
empty
(
$value
)
&&
filter_var
(
$value
,
FILTER_SANITIZE_NUMBER_INT
)
!=
$value
)
{
return
array
(
gettext
(
"Password length must be a number or empty for default."
));
}
else
{
return
array
();
}
};
return
$fields
;
}
}
src/opnsense/www/api.php
View file @
2a0b7a7a
...
...
@@ -27,7 +27,8 @@ try {
}
catch
(
\Exception
$e
)
{
$response
=
array
();
$response
[
'errorMessage'
]
=
$e
->
getMessage
();
header
(
'HTTP'
,
true
,
500
);
header
(
"Content-Type: application/json;charset=utf-8"
);
echo
htmlspecialchars
(
json_encode
(
$response
),
ENT_NOQUOT
ES
);
echo
json_encode
(
$response
,
JSON_UNESCAPED_SLASH
ES
);
error_log
(
$e
);
}
src/opnsense/www/js/opnsense_ui.js
View file @
2a0b7a7a
...
...
@@ -81,18 +81,7 @@ function saveFormToEndpoint(url,formid,callback_ok, disable_dialog) {
// execute callback function
callback_ok
();
}
}
else
{
// error handling, show internal errors
// Normally the form should only return validation issues, if other things go wrong throw an error.
BootstrapDialog
.
show
({
type
:
BootstrapDialog
.
TYPE_ERROR
,
title
:
'
save
'
,
message
:
'
Unable to save data, an internal error occurred.<br>
'
+
'
Response from server was: <br> <small>
'
+
JSON
.
stringify
(
data
)
+
'
</small>
'
});
}
});
}
...
...
src/www/system_authservers.php
View file @
2a0b7a7a
...
...
@@ -30,14 +30,8 @@
require_once
(
"guiconfig.inc"
);
require_once
(
"auth.inc"
);
$auth_server_types
=
array
(
'ldap'
=>
gettext
(
"LDAP"
),
'radius'
=>
gettext
(
"Radius"
),
'voucher'
=>
gettext
(
"Voucher"
),
'totp'
=>
gettext
(
"Local + Timebased One Time Password"
)
);
$authFactory
=
new
\OPNsense\Auth\AuthenticationFactory
();
$authCNFOptions
=
$authFactory
->
listConfigOptions
();
if
(
!
isset
(
$config
[
'system'
][
'authserver'
]))
{
$config
[
'system'
][
'authserver'
]
=
array
();
...
...
@@ -69,6 +63,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig
[
'radius_auth_port'
]
=
"1812"
;
$pconfig
[
'radius_acct_port'
]
=
"1813"
;
$pconfig
[
'type'
]
=
'ldap'
;
// gather auth plugin defaults
// the hotplug properties should be different per type, if not the default won't function correctly
foreach
(
$authCNFOptions
as
$authType
)
{
foreach
(
$authType
[
'additionalFields'
]
as
$fieldname
=>
$field
)
{
if
(
!
empty
(
$field
[
'default'
])
&&
empty
(
$pconfig
[
$fieldname
]))
{
$pconfig
[
$fieldname
]
=
$field
[
'default'
];
}
}
}
}
elseif
(
$act
==
"edit"
&&
isset
(
$id
))
{
$pconfig
[
'type'
]
=
$a_server
[
$id
][
'type'
];
$pconfig
[
'name'
]
=
$a_server
[
$id
][
'name'
];
...
...
@@ -107,13 +110,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if
(
empty
(
$pconfig
[
'radius_auth_port'
]))
{
$pconfig
[
'radius_auth_port'
]
=
1812
;
}
}
elseif
(
$pconfig
[
'type'
]
==
'voucher'
)
{
$pconfig
[
'simplePasswords'
]
=
$a_server
[
$id
][
'simplePasswords'
];
$pconfig
[
'usernameLength'
]
=
$a_server
[
$id
][
'usernameLength'
];
$pconfig
[
'passwordLength'
]
=
$a_server
[
$id
][
'passwordLength'
];
}
elseif
(
$pconfig
[
'type'
]
==
'totp'
)
{
$pconfig
[
'graceperiod'
]
=
$a_server
[
$id
][
'graceperiod'
];
$pconfig
[
'timeWindow'
]
=
$a_server
[
$id
][
'timeWindow'
];
}
elseif
(
!
empty
(
$authCNFOptions
[
$pconfig
[
'type'
]]))
{
foreach
(
$authCNFOptions
[
$pconfig
[
'type'
]][
'additionalFields'
]
as
$fieldname
=>
$field
)
{
$pconfig
[
$fieldname
]
=
$a_server
[
$id
][
$fieldname
];
}
}
}
}
elseif
(
$_SERVER
[
'REQUEST_METHOD'
]
===
'POST'
)
{
...
...
@@ -166,12 +166,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$reqdfields
[]
=
"radius_secret"
;
$reqdfieldsn
[]
=
gettext
(
"Shared Secret"
);
}
}
elseif
(
$pconfig
[
'type'
]
==
"voucher"
)
{
if
(
!
empty
(
$pconfig
[
'usernameLength'
])
&&
!
is_numeric
(
$pconfig
[
'usernameLength'
]))
{
$input_errors
[]
=
gettext
(
"username length must be a number or empty for default."
);
}
if
(
!
empty
(
$pconfig
[
'passwordLength'
])
&&
!
is_numeric
(
$pconfig
[
'passwordLength'
]))
{
$input_errors
[]
=
gettext
(
"password length must be a number or empty for default."
);
}
elseif
(
!
empty
(
$authCNFOptions
[
$pconfig
[
'type'
]]))
{
foreach
(
$authCNFOptions
[
$pconfig
[
'type'
]][
'additionalFields'
]
as
$fieldname
=>
$field
)
{
if
(
!
empty
(
$field
[
'validate'
]))
{
foreach
(
$field
[
'validate'
](
$pconfig
[
$fieldname
])
as
$input_error
)
{
$input_errors
[]
=
$input_error
;
}
}
}
}
...
...
@@ -251,13 +252,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$server
[
'radius_auth_port'
]
=
$pconfig
[
'radius_auth_port'
];
unset
(
$server
[
'radius_acct_port'
]);
}
}
elseif
(
$server
[
'type'
]
==
"voucher"
)
{
$server
[
'simplePasswords'
]
=
!
empty
(
$pconfig
[
'simplePasswords'
]);
$server
[
'usernameLength'
]
=
$pconfig
[
'usernameLength'
];
$server
[
'passwordLength'
]
=
$pconfig
[
'passwordLength'
];
}
elseif
(
$server
[
'type'
]
==
'totp'
)
{
$server
[
'timeWindow'
]
=
filter_var
(
$pconfig
[
'timeWindow'
],
FILTER_SANITIZE_NUMBER_INT
);
$server
[
'graceperiod'
]
=
filter_var
(
$pconfig
[
'graceperiod'
],
FILTER_SANITIZE_NUMBER_INT
);
}
elseif
(
!
empty
(
$authCNFOptions
[
$server
[
'type'
]]))
{
foreach
(
$authCNFOptions
[
$server
[
'type'
]][
'additionalFields'
]
as
$fieldname
=>
$field
)
{
$server
[
$fieldname
]
=
$pconfig
[
$fieldname
];
}
}
if
(
isset
(
$id
)
&&
isset
(
$config
[
'system'
][
'authserver'
][
$id
]))
{
...
...
@@ -317,19 +315,11 @@ if (!isset($_GET['act']) || $_GET['act'] != 'new')
<script
type=
"text/javascript"
>
$
(
document
).
ready
(
function
()
{
$
(
"
#type
"
).
change
(
function
(){
$
(
"
.auth_radius
"
).
addClass
(
'
hidden
'
);
$
(
"
.auth_ldap
"
).
addClass
(
'
hidden
'
);
$
(
"
.auth_voucher
"
).
addClass
(
'
hidden
'
);
$
(
"
.auth_totp
"
).
addClass
(
'
hidden
'
);
if
(
$
(
"
#type
"
).
val
()
==
'
ldap
'
)
{
$
(
"
.auth_ldap
"
).
removeClass
(
'
hidden
'
);
}
else
if
(
$
(
"
#type
"
).
val
()
==
'
radius
'
)
{
$
(
"
.auth_radius
"
).
removeClass
(
'
hidden
'
);
}
else
if
(
$
(
"
#type
"
).
val
()
==
'
voucher
'
)
{
$
(
"
.auth_voucher
"
).
removeClass
(
'
hidden
'
);
}
else
if
(
$
(
"
#type
"
).
val
()
==
'
totp
'
)
{
$
(
"
.auth_totp
"
).
removeClass
(
'
hidden
'
);
}
$
(
"
.auth_options
"
).
addClass
(
'
hidden
'
);
$
(
"
.auth_options :input
"
).
prop
(
"
disabled
"
,
true
);
$
(
"
.auth_
"
+
$
(
this
).
val
()).
removeClass
(
'
hidden
'
);
$
(
"
.auth_
"
+
$
(
this
).
val
()
+
"
:input
"
).
prop
(
"
disabled
"
,
false
);
$
(
'
.selectpicker
'
).
selectpicker
(
'
refresh
'
);
});
$
(
"
#ldap_urltype
"
).
change
(
function
(){
...
...
@@ -465,10 +455,9 @@ endif; ?>
?>
<select
name=
'type'
id=
'type'
class=
"selectpicker"
data-style=
"btn-default"
>
<?php
foreach
(
$auth_server_types
as
$typename
=>
$typedesc
)
:
?>
foreach
(
$authCNFOptions
as
$typename
=>
$authType
)
:?>
<
option
value
=
"<?=
$typename
;?>"
<?=
$pconfig
[
'type'
]
==
$typename
?
"selected=
\"
selected
\"
"
:
""
;
?>
>
<?=
$
typedesc
;
?>
<?=
$
authType
[
'description'
]
;
?>
</option>
<?php
endforeach
;
?>
...
...
@@ -476,14 +465,14 @@ endif; ?>
<?php
else
:
?>
<strong>
<?=
$auth
_server_types
[
$pconfig
[
'type'
]
];
?>
</strong>
<strong>
<?=
$auth
CNFOptions
[
$pconfig
[
'type'
]][
'description'
];
?>
</strong>
<input
name=
'type'
type=
'hidden'
id=
'type'
value=
"
<?=
$pconfig
[
'type'
];
?>
"
/>
<?php
endif
;
?>
</td>
</tr>
<!-- LDAP -->
<tr
class=
"auth_ldap hidden"
>
<tr
class=
"auth_ldap
auth_options
hidden"
>
<td><a
id=
"help_for_ldap_host"
href=
"#"
class=
"showhelp"
><i
class=
"fa fa-info-circle"
></i></a>
<?=
gettext
(
"Hostname or IP address"
);
?>
</td>
<td>
<input
name=
"ldap_host"
type=
"text"
id=
"ldap_host"
size=
"20"
value=
"
<?=
$pconfig
[
'ldap_host'
];
?>
"
/>
...
...
@@ -492,13 +481,13 @@ endif; ?>
</div>
</td>
</tr>
<tr
class=
"auth_ldap hidden"
>
<tr
class=
"auth_ldap
auth_options
hidden"
>
<td><i
class=
"fa fa-info-circle text-muted"
></i>
<?=
gettext
(
"Port value"
);
?>
</td>
<td>
<input
name=
"ldap_port"
type=
"text"
id=
"ldap_port"
size=
"5"
value=
"
<?=
$pconfig
[
'ldap_port'
];
?>
"
/>
</td>
</tr>
<tr
class=
"auth_ldap hidden"
>
<tr
class=
"auth_ldap
auth_options
hidden"
>
<td><i
class=
"fa fa-info-circle text-muted"
></i>
<?=
gettext
(
"Transport"
);
?>
</td>
<td>
<select
name=
'ldap_urltype'
id=
'ldap_urltype'
class=
"formselect selectpicker"
data-style=
"btn-default"
>
...
...
@@ -511,7 +500,7 @@ endif; ?>
</select>
</td>
</tr>
<tr
class=
"auth_ldap hidden"
>
<tr
class=
"auth_ldap
auth_options
hidden"
>
<td><a
id=
"help_for_ldap_caref"
href=
"#"
class=
"showhelp"
><i
class=
"fa fa-info-circle"
></i></a>
<?=
gettext
(
"Peer Certificate Authority"
);
?>
</td>
<td>
<?php
...
...
@@ -535,7 +524,7 @@ endif; ?>
endif
;
?>
</td>
</tr>
<tr
class=
"auth_ldap hidden"
>
<tr
class=
"auth_ldap
auth_options
hidden"
>
<td><i
class=
"fa fa-info-circle text-muted"
></i>
<?=
gettext
(
"Protocol version"
);
?>
</td>
<td>
<select
name=
'ldap_protver'
id=
'ldap_protver'
class=
"formselect selectpicker"
data-style=
"btn-default"
>
...
...
@@ -544,7 +533,7 @@ endif; ?>
</select>
</td>
</tr>
<tr
class=
"auth_ldap hidden"
>
<tr
class=
"auth_ldap
auth_options
hidden"
>
<td><a
id=
"help_for_ldap_binddn"
href=
"#"
class=
"showhelp"
><i
class=
"fa fa-info-circle"
></i></a>
<?=
gettext
(
"Bind credentials"
);
?>
</td>
<td>
<?=
gettext
(
"User DN:"
);
?>
<br/>
...
...
@@ -556,7 +545,7 @@ endif; ?>
</div>
</td>
</tr>
<tr
class=
"auth_ldap hidden"
>
<tr
class=
"auth_ldap
auth_options
hidden"
>
<td><i
class=
"fa fa-info-circle text-muted"
></i>
<?=
gettext
(
"Search scope"
);
?>
</td>
<td>
<div>
...
...
@@ -576,7 +565,7 @@ endif; ?>
</div>
</td>
</tr>
<tr
class=
"auth_ldap hidden"
>
<tr
class=
"auth_ldap
auth_options
hidden"
>
<td><a
id=
"help_for_ldapauthcontainers"
href=
"#"
class=
"showhelp"
><i
class=
"fa fa-info-circle"
></i></a>
<?=
gettext
(
"Authentication containers"
);
?>
</td>
<td>
<ul
class=
"list-inline"
>
...
...
@@ -591,7 +580,7 @@ endif; ?>
</div>
</td>
</tr>
<tr
class=
"auth_ldap hidden"
>
<tr
class=
"auth_ldap
auth_options
hidden"
>
<td><a
id=
"help_for_ldap_extended_query"
href=
"#"
class=
"showhelp"
><i
class=
"fa fa-info-circle"
></i></a>
<?=
gettext
(
"Extended Query"
);
?>
</td>
<td>
<input
name=
"ldap_extended_query"
type=
"text"
id=
"ldap_extended_query"
size=
"40"
value=
"
<?=
$pconfig
[
'ldap_extended_query'
];
?>
"
/>
...
...
@@ -602,7 +591,7 @@ endif; ?>
</tr>
<?php
if
(
!
isset
(
$id
))
:
?>
<tr
class=
"auth_ldap hidden"
>
<tr
class=
"auth_ldap
auth_options
hidden"
>
<td><i
class=
"fa fa-info-circle text-muted"
></i>
<?=
gettext
(
"Initial Template"
);
?>
</td>
<td>
<select
name=
'ldap_tmpltype'
id=
'ldap_tmpltype'
class=
"formselect selectpicker"
data-style=
"btn-default"
>
...
...
@@ -614,26 +603,26 @@ endif; ?>
</tr>
<?php
endif
;
?>
<tr
class=
"auth_ldap hidden"
>
<tr
class=
"auth_ldap
auth_options
hidden"
>
<td><i
class=
"fa fa-info-circle text-muted"
></i>
<?=
gettext
(
"User naming attribute"
);
?>
</td>
<td>
<input
name=
"ldap_attr_user"
type=
"text"
id=
"ldap_attr_user"
size=
"20"
value=
"
<?=
$pconfig
[
'ldap_attr_user'
];
?>
"
/>
</td>
</tr>
<!-- RADIUS -->
<tr
class=
"auth_radius hidden"
>
<tr
class=
"auth_radius
auth_options
hidden"
>
<td><i
class=
"fa fa-info-circle text-muted"
></i>
<?=
gettext
(
"Hostname or IP address"
);
?>
</td>
<td>
<input
name=
"radius_host"
type=
"text"
id=
"radius_host"
size=
"20"
value=
"
<?=
$pconfig
[
'radius_host'
];
?>
"
/>
</td>
</tr>
<tr
class=
"auth_radius hidden"
>
<tr
class=
"auth_radius
auth_options
hidden"
>
<td><i
class=
"fa fa-info-circle text-muted"
></i>
<?=
gettext
(
"Shared Secret"
);
?>
</td>
<td>
<input
name=
"radius_secret"
type=
"password"
class=
"formfld pwd"
id=
"radius_secret"
size=
"20"
value=
"
<?=
$pconfig
[
'radius_secret'
];
?>
"
/>
</td>
</tr>
<tr
class=
"auth_radius hidden"
>
<tr
class=
"auth_radius
auth_options
hidden"
>
<td><i
class=
"fa fa-info-circle text-muted"
></i>
<?=
gettext
(
"Services offered"
);
?>
</td>
<td>
<select
name=
'radius_srvcs'
id=
'radius_srvcs'
class=
"formselect selectpicker"
data-style=
"btn-default"
>
...
...
@@ -646,19 +635,19 @@ endif; ?>
</select>
</td>
</tr>
<tr
id=
"radius_auth"
class=
"auth_radius hidden"
>
<tr
id=
"radius_auth"
class=
"auth_radius
auth_options
hidden"
>
<td><i
class=
"fa fa-info-circle text-muted"
></i>
<?=
gettext
(
"Authentication port value"
);
?>
</td>
<td>
<input
name=
"radius_auth_port"
type=
"text"
id=
"radius_auth_port"
size=
"5"
value=
"
<?=
$pconfig
[
'radius_auth_port'
];
?>
"
/>
</td>
</tr>
<tr
id=
"radius_acct"
class=
"auth_radius hidden"
>
<tr
id=
"radius_acct"
class=
"auth_radius
auth_options
hidden"
>
<td><i
class=
"fa fa-info-circle text-muted"
></i>
<?=
gettext
(
"Accounting port value"
);
?>
</td>
<td>
<input
name=
"radius_acct_port"
type=
"text"
id=
"radius_acct_port"
size=
"5"
value=
"
<?=
$pconfig
[
'radius_acct_port'
];
?>
"
/>
</td>
</tr>
<tr
class=
"auth_radius hidden"
>
<tr
class=
"auth_radius
auth_options
hidden"
>
<td><a
id=
"help_for_radius_timeout"
href=
"#"
class=
"showhelp"
><i
class=
"fa fa-info-circle"
></i></a>
<?=
gettext
(
"Authentication Timeout"
);
?>
</td>
<td>
<input
name=
"radius_timeout"
type=
"text"
id=
"radius_timeout"
size=
"20"
value=
"
<?=
$pconfig
[
'radius_timeout'
];
?>
"
/>
...
...
@@ -669,65 +658,56 @@ endif; ?>
</div>
</td>
</tr>
<!-- Vouchers -->
<tr
class=
"auth_voucher hidden"
>
<td><a
id=
"help_for_voucher_simplepasswd"
href=
"#"
class=
"showhelp"
><i
class=
"fa fa-info-circle"
></i></a>
<?=
gettext
(
"Use simple passwords (less secure)"
);
?>
</td>
<td>
<input
name=
"simplePasswords"
type=
"checkbox"
value=
"yes"
<?=
!
empty
(
$pconfig
[
'simplePasswords'
])
?
"checked=
\"
checked
\"
"
:
""
;
?>
/>
<div
class=
"hidden"
for=
"help_for_voucher_simplepasswd"
>
<br
/>
<?=
gettext
(
"Use simple (less secure) passwords, which are easier to read"
)
?>
</div>
</td>
</tr>
<tr
class=
"auth_voucher hidden"
>
<td><a
id=
"help_for_voucher_usernameLength"
href=
"#"
class=
"showhelp"
><i
class=
"fa fa-info-circle"
></i></a>
<?=
gettext
(
"Username length"
);
?>
</td>
<td>
<input
name=
"usernameLength"
type=
"text"
value=
"
<?=
$pconfig
[
'usernameLength'
];
?>
"
/>
<div
class=
"hidden"
for=
"help_for_voucher_usernameLength"
>
<?=
gettext
(
"Specify alternative username length for generating vouchers"
)
?>
</div>
</td>
</tr>
<tr
class=
"auth_voucher hidden"
>
<td><a
id=
"help_for_voucher_passwordLength"
href=
"#"
class=
"showhelp"
><i
class=
"fa fa-info-circle"
></i></a>
<?=
gettext
(
"Password length"
);
?>
</td>
<td>
<input
name=
"passwordLength"
type=
"text"
value=
"
<?=
$pconfig
[
'passwordLength'
];
?>
"
/>
<div
class=
"hidden"
for=
"help_for_voucher_passwordLength"
>
<?=
gettext
(
"Specify alternative password length for generating vouchers"
)
?>
</div>
</td>
</tr>
<!-- TOTP -->
<tr
class=
"auth_totp hidden"
>
<td><a
id=
"help_for_totp_otpLength"
href=
"#"
class=
"showhelp"
><i
class=
"fa fa-info-circle"
></i></a>
<?=
gettext
(
"Token length"
);
?>
</td>
<td>
<select
name=
"otpLength"
class=
"selectpicker"
data-style=
"btn-default"
>
<option
value=
"6"
<?=
empty
(
$pconfig
[
'otpLength'
])
||
$pconfig
[
'otpLength'
]
==
"6"
?
"selected=
\"
selected
\"
"
:
""
;
?>
>
6
</option>
<option
value=
"8"
<?=
!
empty
(
$pconfig
[
'otpLength'
])
&&
$pconfig
[
'otpLength'
]
==
"8"
?
"selected=
\"
selected
\"
"
:
""
;
?>
>
8
</option>
</select>
<div
class=
"hidden"
for=
"help_for_totp_otpLength"
>
<?=
gettext
(
"Token length to use"
)
?>
</div>
</td>
</tr>
<tr
class=
"auth_totp hidden"
>
<td><a
id=
"help_for_totp_timeWindow"
href=
"#"
class=
"showhelp"
><i
class=
"fa fa-info-circle"
></i></a>
<?=
gettext
(
"Time window"
);
?>
</td>
<td>
<input
name=
"timeWindow"
type=
"text"
value=
"
<?=
$pconfig
[
'timeWindow'
];
?>
"
/>
<div
class=
"hidden"
for=
"help_for_totp_timeWindow"
>
<?=
gettext
(
"The time period in which the token will be valid, default is 30 seconds (google authenticator)"
)
?>
</div>
</td>
</tr>
<tr
class=
"auth_totp hidden"
>
<td><a
id=
"help_for_totp_graceperiod"
href=
"#"
class=
"showhelp"
><i
class=
"fa fa-info-circle"
></i></a>
<?=
gettext
(
"Grace period"
);
?>
</td>
<td>
<input
name=
"graceperiod"
type=
"text"
value=
"
<?=
$pconfig
[
'graceperiod'
];
?>
"
/>
<div
class=
"hidden"
for=
"help_for_totp_graceperiod"
>
<?=
gettext
(
"Time in seconds in which this server and the token may differ, default is 10 seconds. Set higher for a less secure easier match."
)
?>
</div>
</td>
</tr>
<!-- pluggable options -->
<?php
foreach
(
$authCNFOptions
as
$typename
=>
$authtype
)
:
if
(
!
empty
(
$authtype
[
'additionalFields'
]))
:
foreach
(
$authtype
[
'additionalFields'
]
as
$fieldname
=>
$field
)
:?>
<
tr
class
="
auth_options
auth_
<?=
$typename
;
?>
hidden">
<td>
<?php
if
(
!
empty
(
$field
[
'help'
]))
:?>
<
a
id
=
"help_for_field_<?=
$typename
;?>_<?=
$fieldname
;?>"
href
=
"#"
class
="
showhelp
"><i class="
fa
fa
-
info
-
circle
"></i></a>
<?php
else:?>
<i class="
fa
fa
-
info
-
circle
text
-
muted
"></i>
<?php
endif;?>
<?=
$field['name']
; ?>
</td>
<td>
<?php
if (
$field['type']
== 'text'):?>
<input name="
<?=
$fieldname
;
?>
" type="text" value="
<?=
$pconfig
[
$fieldname
];
?>
"/>
<?php
elseif
(
$field
[
'type'
]
==
'dropdown'
)
:?>
<
select
name
=
"<?=
$fieldname
;?>"
class
="
selectpicker
" data-style="
btn
-
default
">
<?php
foreach (
$field['options']
as
$option
=>
$optiontext
):?>
<option value="
<?=
$option
;
?>
"
<?=
(
empty
(
$pconfig
[
$fieldname
])
&&
$field
[
'default'
]
==
$option
)
||
$pconfig
[
$fieldname
]
==
$option
?
"selected=
\"
selected
\"
"
:
""
;
?>
>
<?=
$optiontext
;
?>
</option>
<?php
endforeach
;
?>
</select>
<?php
elseif
(
$field
[
'type'
]
==
'checkbox'
)
:?>
<
input
name
=
"<?=
$fieldname
;?>"
type
=
"checkbox"
value
=
"1"
<?=!
empty
(
$pconfig
[
$fieldname
])
?
"checked=
\"
checked
\"
"
:
""
;
?>
/>
<?php
endif
;
?>
<div
class=
"hidden"
for=
"help_for_field_
<?=
$typename
;
?>
_
<?=
$fieldname
;
?>
"
>
<?=
$field
[
'help'
];
?>
</div>
</td>
</tr>
<?php
endforeach
;
endif
;
endforeach
;
?>
<!-- /pluggable options -->
<tr>
<td>
</td>
<td>
...
...
@@ -763,7 +743,7 @@ $i = 0;
?>
<tr>
<td>
<?=
$server
[
'name'
]
?>
</td>
<td>
<?=
!
empty
(
$auth
_server_types
[
$server
[
'type'
]])
?
$auth_server_types
[
$server
[
'type'
]
]
:
""
;;
?>
</td>
<td>
<?=
!
empty
(
$auth
CNFOptions
[
$server
[
'type'
]])
?
$authCNFOptions
[
$server
[
'type'
]][
'description'
]
:
""
;;
?>
</td>
<td>
<?=
$server
[
'host'
];
?>
</td>
<td>
<?php
if
(
$i
<
(
count
(
$a_server
)
-
1
))
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment