Skip to content

O
OpnSense
Commit 5c8014c1 authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

(legacy/ldap) work in progress system_authservers

parent 780c95a3
Show whitespace changes
Inline Side-by-side
Showing with 68 additions and 143 deletions
src/www/system_authservers.php
View file @ 5c8014c1
......@@ -33,58 +33,57 @@ require_once("auth.inc");
$ldap_urltypes = array(
'TCP - Standard' => 389,
'SSL - Encrypted' => 636);
'SSL - Encrypted' => 636
);
$auth_server_types = array(
'ldap' => "LDAP",
'radius' => "Radius");
'radius' => "Radius"
);
$ldap_scopes = array(
'one' => "One Level",
'subtree' => "Entire Subtree");
'subtree' => "Entire Subtree"
);
$ldap_protvers = array(
2,
3);
$ldap_protvers = array(2, 3);
$ldap_templates = array(
'open' => array(
'desc' => "OpenLDAP",
'attr_user' => "cn",
'attr_group' => "cn",
'attr_member' => "member"),
'attr_user' => "cn"
),
'msad' => array(
'desc' => "Microsoft AD",
'attr_user' => "samAccountName",
'attr_group' => "cn",
'attr_member' => "memberOf"),
'attr_user' => "samAccountName"
),
'edir' => array(
'desc' => "Novell eDirectory",
'attr_user' => "cn",
'attr_group' => "cn",
'attr_member' => "uniqueMember"));
'attr_user' => "cn"
)
);
$radius_srvcs = array(
'both' => "Authentication and Accounting",
'auth' => "Authentication",
'acct' => "Accounting");
'acct' => "Accounting"
);
$pgtitle = array(gettext("System"), gettext("Authentication Servers"));
$shortcut_section = "authentication";
if (is_numericint($_GET['id'])) {
if (isset($_GET['id']) && is_numericint($_GET['id'])) {
$id = $_GET['id'];
}
if (isset($_POST['id']) && is_numericint($_POST['id'])) {
$id = $_POST['id'];
if (isset($_GET['act'])) {
$act = $_GET['act'];
} else {
$act = null;
}
if (!is_array($config['system']['authserver'])) {
if (!isset($config['system']['authserver'])) {
$config['system']['authserver'] = array();
}
......@@ -98,10 +97,7 @@ if (!is_array($config['ca'])) {
}
$a_ca =& $config['ca'];
$act = $_GET['act'];
if ($_POST['act']) {
$act = $_POST['act'];
}
if ($act == "del") {
if (!$a_server[$_GET['id']]) {
......@@ -144,12 +140,7 @@ if ($act == "edit") {
$pconfig['ldap_binddn'] = $a_server[$id]['ldap_binddn'];
$pconfig['ldap_bindpw'] = $a_server[$id]['ldap_bindpw'];
$pconfig['ldap_attr_user'] = $a_server[$id]['ldap_attr_user'];
$pconfig['ldap_attr_group'] = $a_server[$id]['ldap_attr_group'];
$pconfig['ldap_attr_member'] = $a_server[$id]['ldap_attr_member'];
$pconfig['ldap_utf8'] = isset($a_server[$id]['ldap_utf8']);
$pconfig['ldap_nostrip_at'] = isset($a_server[$id]['ldap_nostrip_at']);
if (!$pconfig['ldap_binddn'] || !$pconfig['ldap_bindpw']) {
if (empty($pconfig['ldap_binddn']) || empty($pconfig['ldap_bindpw'])) {
$pconfig['ldap_anon'] = true;
}
}
......@@ -190,9 +181,14 @@ if ($act == "new") {
$pconfig['radius_acct_port'] = "1813";
}
if ($_POST) {
unset($input_errors);
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$input_errors = array();
$pconfig = $_POST;
if (isset($_POST['id']) && is_numericint($_POST['id'])) {
$id = $_POST['id'];
} else {
$id = null;
}
/* input validation */
......@@ -209,8 +205,6 @@ if ($_POST) {
gettext("Protocol version"),
gettext("Search level"),
gettext("User naming Attribute"),
gettext("Group naming Attribute"),
gettext("Group member attribute"),
gettext("Authentication container"));
if (!$pconfig['ldap_anon']) {
......@@ -241,7 +235,7 @@ if ($_POST) {
$reqdfieldsn[] = gettext("Accounting port value");
}
if (!isset($id)) {
if ($id == null) {
$reqdfields[] = "radius_secret";
$reqdfieldsn[] = gettext("Shared Secret");
}
......@@ -253,7 +247,7 @@ if ($_POST) {
$input_errors[] = gettext("The host name contains invalid characters.");
}
if (auth_get_authserver($pconfig['name']) && !isset($id)) {
if (auth_get_authserver($pconfig['name']) && $id == null) {
$input_errors[] = gettext("An authentication server with the same name already exists.");
}
......@@ -261,16 +255,10 @@ if ($_POST) {
$input_errors[] = gettext("RADIUS Timeout value must be numeric and positive.");
}
/* if this is an AJAX caller then handle via JSON */
if (isAjax() && is_array($input_errors)) {
input_errors2Ajax($input_errors);
exit;
}
if (!$input_errors) {
if (count($input_errors) == 0) {
$server = array();
$server['refid'] = uniqid();
if (isset($id) && $a_server[$id]) {
if ($id != null && isset($a_server[$id])) {
$server = $a_server[$id];
}
......@@ -291,20 +279,6 @@ if ($_POST) {
$server['ldap_extended_enabled'] = $pconfig['ldap_extended_enabled'];
$server['ldap_extended_query'] = $pconfig['ldap_extended_query'];
$server['ldap_attr_user'] = $pconfig['ldap_attr_user'];
$server['ldap_attr_group'] = $pconfig['ldap_attr_group'];
$server['ldap_attr_member'] = $pconfig['ldap_attr_member'];
if ($pconfig['ldap_utf8'] == "yes") {
$server['ldap_utf8'] = true;
} else {
unset($server['ldap_utf8']);
}
if ($pconfig['ldap_nostrip_at'] == "yes") {
$server['ldap_nostrip_at'] = true;
} else {
unset($server['ldap_nostrip_at']);
}
if (!$pconfig['ldap_anon']) {
$server['ldap_binddn'] = $pconfig['ldap_binddn'];
$server['ldap_bindpw'] = $pconfig['ldap_bindpw'];
......@@ -312,9 +286,7 @@ if ($_POST) {
unset($server['ldap_binddn']);
unset($server['ldap_bindpw']);
}
}
if ($server['type'] == "radius") {
} elseif ($server['type'] == "radius") {
$server['host'] = $pconfig['radius_host'];
if ($pconfig['radius_secret']) {
......@@ -343,7 +315,7 @@ if ($_POST) {
}
}
if (isset($id) && $config['system']['authserver'][$id]) {
if ($id != null && isset($config['system']['authserver'][$id])) {
$config['system']['authserver'][$id] = $server;
} else {
$config['system']['authserver'][] = $server;
......@@ -352,6 +324,8 @@ if ($_POST) {
write_config();
redirectHeader("system_authservers.php");
} else {
$act = "edit";
}
}
......@@ -519,7 +493,7 @@ endif; ?>
<div class="tab-content content-box col-xs-12 table-responsive">
<?php if ($act == "new" || $act == "edit" || $input_errors) :
<?php if ($act == "new" || $act == "edit") :
?>
<form id="iform" name="iform" action="system_authservers.php" method="post">
<table class="table table-striped table-sort">
......@@ -797,52 +771,6 @@ endif; ?>
<input name="ldap_attr_user" type="text" class="formfld unknown" id="ldap_attr_user" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_user']);?>"/>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Group naming attribute");?></td>
<td width="78%" class="vtable">
<input name="ldap_attr_group" type="text" class="formfld unknown" id="ldap_attr_group" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_group']);?>"/>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Group member attribute");?></td>
<td width="78%" class="vtable">
<input name="ldap_attr_member" type="text" class="formfld unknown" id="ldap_attr_member" size="20" value="<?=htmlspecialchars($pconfig['ldap_attr_member']);?>"/>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("UTF8 Encode");?></td>
<td width="78%" class="vtable">
<table border="0" cellspacing="0" cellpadding="2" summary="utf8 encoding">
<tr>
<td>
<input name="ldap_utf8" type="checkbox" id="ldap_utf8" value="yes" <?php if ($pconfig['ldap_utf8']) {
echo "checked=\"checked\"";
} ?> />
</td>
<td>
<?=gettext("UTF8 encode LDAP parameters before sending them to the server. Required to support international characters, but may not be supported by every LDAP server.");?>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="22%" valign="top" class="vncell"><?=gettext("Username Alterations");?></td>
<td width="78%" class="vtable">
<table border="0" cellspacing="0" cellpadding="2" summary="username alterations">
<tr>
<td>
<input name="ldap_nostrip_at" type="checkbox" id="ldap_nostrip_at" value="yes" <?php if ($pconfig['ldap_nostrip_at']) {
echo "checked=\"checked\"";
} ?> />
</td>
<td>
<?=gettext("Do not strip away parts of the username after the @ symbol, e.g. user@host becomes user when unchecked.");?>
</td>
</tr>
</table>
</td>
</tr>
</table>
<table class="table table-striped table-sort" id="radius" style="display:none" summary="">
......@@ -991,26 +919,23 @@ endif; ?>
</section>
<script type="text/javascript">
//<![CDATA[
server_typechange('<?=htmlspecialchars($pconfig['type']);?>');
<?php if (!isset($id) || $pconfig['type'] == "ldap") :
?>
ldap_bindchange();
if (document.getElementById("ldap_port").value == "")
ldap_urlchange();
<?php if (!isset($id)) :
?>
ldap_tmplchange();
<?php
endif; ?>
<?php
endif; ?>
<?php if (!isset($id) || $pconfig['type'] == "radius") :
?>
radius_srvcschange();
<?php
endif; ?>
//]]>
//<![CDATA[
$( document ).ready(function() {
server_typechange('<?=htmlspecialchars($pconfig['type']);?>');
if (document.getElementById("ldap_port").value == "") ldap_urlchange();
<?php
if ($pconfig['type'] == "ldap") {
echo ' ldap_bindchange();\n';
echo ' if (document.getElementById("ldap_port").value == "") ldap_urlchange();\n';
if (!isset($id)) {
echo ' ldap_tmplchange();\n';
}
} else {
echo ' radius_srvcschange();\n';
}
?>
}
//]]>
</script>
<?php include("foot.inc");
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023