Commit b07fcd05 authored by Ad Schellevis's avatar Ad Schellevis

(auth) extend system_authservers.php for pluggable auth connectors, remove...

(auth) extend system_authservers.php for pluggable auth connectors, remove totp properties (moved to connector)
parent ca664c09
......@@ -30,14 +30,8 @@
require_once("guiconfig.inc");
require_once("auth.inc");
$auth_server_types = array(
'ldap' => gettext("LDAP"),
'radius' => gettext("Radius"),
'voucher' => gettext("Voucher"),
'totp' => gettext("Local + Timebased One Time Password")
);
$authFactory = new \OPNsense\Auth\AuthenticationFactory();
$authCNFOptions = $authFactory->listConfigOptions();
if (!isset($config['system']['authserver'])) {
$config['system']['authserver'] = array();
......@@ -69,6 +63,15 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['radius_auth_port'] = "1812";
$pconfig['radius_acct_port'] = "1813";
$pconfig['type'] = 'ldap';
// gather auth plugin defaults
// the hotplug properties should be different per type, if not the default won't function correctly
foreach ($authCNFOptions as $authType) {
foreach ($authType['additionalFields'] as $fieldname => $field) {
if (!empty($field['default']) && empty($pconfig[$fieldname])) {
$pconfig[$fieldname] = $field['default'];
}
}
}
} elseif ($act == "edit" && isset($id)) {
$pconfig['type'] = $a_server[$id]['type'];
$pconfig['name'] = $a_server[$id]['name'];
......@@ -111,9 +114,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig['simplePasswords'] = $a_server[$id]['simplePasswords'];
$pconfig['usernameLength'] = $a_server[$id]['usernameLength'];
$pconfig['passwordLength'] = $a_server[$id]['passwordLength'];
} elseif ($pconfig['type'] == 'totp') {
$pconfig['graceperiod'] = $a_server[$id]['graceperiod'];
$pconfig['timeWindow'] = $a_server[$id]['timeWindow'];
} elseif (!empty($authCNFOptions[$pconfig['type']])) {
foreach ($authCNFOptions[$pconfig['type']]['additionalFields'] as $fieldname => $field) {
$pconfig[$fieldname] = $a_server[$id][$fieldname];
}
}
}
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
......@@ -173,6 +177,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
if (!empty($pconfig['passwordLength']) && !is_numeric($pconfig['passwordLength'])) {
$input_errors[] = gettext("password length must be a number or empty for default.");
}
} elseif (!empty($authCNFOptions[$pconfig['type']])) {
foreach ($authCNFOptions[$pconfig['type']]['additionalFields'] as $fieldname => $field) {
if (!empty($field['validate'])) {
foreach ($field['validate']($pconfig[$fieldname]) as $input_error) {
$input_errors[] = $input_error;
}
}
}
}
do_input_validation($pconfig, $reqdfields, $reqdfieldsn, $input_errors);
......@@ -255,9 +267,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$server['simplePasswords'] = !empty($pconfig['simplePasswords']);
$server['usernameLength'] = $pconfig['usernameLength'];
$server['passwordLength'] = $pconfig['passwordLength'];
} elseif ($server['type'] == 'totp') {
$server['timeWindow'] = filter_var($pconfig['timeWindow'], FILTER_SANITIZE_NUMBER_INT);
$server['graceperiod'] = filter_var($pconfig['graceperiod'], FILTER_SANITIZE_NUMBER_INT);
} elseif (!empty($authCNFOptions[$server['type']])) {
foreach ($authCNFOptions[$server['type']]['additionalFields'] as $fieldname => $field) {
$server[$fieldname] = $pconfig[$fieldname];
}
}
if (isset($id) && isset($config['system']['authserver'][$id])) {
......@@ -318,19 +331,11 @@ if (!isset($_GET['act']) || $_GET['act'] != 'new')
<script type="text/javascript">
$( document ).ready(function() {
$("#type").change(function(){
$(".auth_radius").addClass('hidden');
$(".auth_ldap").addClass('hidden');
$(".auth_voucher").addClass('hidden');
$(".auth_totp").addClass('hidden');
if ($("#type").val() == 'ldap') {
$(".auth_ldap").removeClass('hidden');
} else if ($("#type").val() == 'radius') {
$(".auth_radius").removeClass('hidden');
} else if ($("#type").val() == 'voucher') {
$(".auth_voucher").removeClass('hidden');
} else if ($("#type").val() == 'totp') {
$(".auth_totp").removeClass('hidden');
}
$(".auth_options").addClass('hidden');
$(".auth_options :input").prop( "disabled", true );
$(".auth_"+$(this).val()).removeClass('hidden');
$(".auth_"+$(this).val()+" :input").prop( "disabled", false );
$('.selectpicker').selectpicker('refresh');
});
$("#ldap_urltype").change(function(){
......@@ -466,10 +471,9 @@ endif; ?>
?>
<select name='type' id='type' class="selectpicker" data-style="btn-default">
<?php
foreach ($auth_server_types as $typename => $typedesc) :
?>
foreach ($authCNFOptions as $typename => $authType) :?>
<option value="<?=$typename;?>" <?=$pconfig['type'] == $typename ? "selected=\"selected\"" : "";?> >
<?=$typedesc;?>
<?=$authType['description'];?>
</option>
<?php
endforeach; ?>
......@@ -477,14 +481,14 @@ endif; ?>
<?php
else :
?>
<strong><?=$auth_server_types[$pconfig['type']];?></strong>
<strong><?=$authCNFOptions[$pconfig['type']]['description'];?></strong>
<input name='type' type='hidden' id='type' value="<?=$pconfig['type'];?>"/>
<?php
endif; ?>
</td>
</tr>
<!-- LDAP -->
<tr class="auth_ldap hidden">
<tr class="auth_ldap auth_options hidden">
<td><a id="help_for_ldap_host" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Hostname or IP address");?></td>
<td>
<input name="ldap_host" type="text" id="ldap_host" size="20" value="<?=$pconfig['ldap_host'];?>"/>
......@@ -493,13 +497,13 @@ endif; ?>
</div>
</td>
</tr>
<tr class="auth_ldap hidden">
<tr class="auth_ldap auth_options hidden">
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Port value");?></td>
<td>
<input name="ldap_port" type="text" id="ldap_port" size="5" value="<?=$pconfig['ldap_port'];?>"/>
</td>
</tr>
<tr class="auth_ldap hidden">
<tr class="auth_ldap auth_options hidden">
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Transport");?></td>
<td>
<select name='ldap_urltype' id='ldap_urltype' class="formselect selectpicker" data-style="btn-default">
......@@ -512,7 +516,7 @@ endif; ?>
</select>
</td>
</tr>
<tr class="auth_ldap hidden">
<tr class="auth_ldap auth_options hidden">
<td><a id="help_for_ldap_caref" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Peer Certificate Authority"); ?></td>
<td>
<?php
......@@ -536,7 +540,7 @@ endif; ?>
endif; ?>
</td>
</tr>
<tr class="auth_ldap hidden">
<tr class="auth_ldap auth_options hidden">
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Protocol version");?></td>
<td>
<select name='ldap_protver' id='ldap_protver' class="formselect selectpicker" data-style="btn-default">
......@@ -545,7 +549,7 @@ endif; ?>
</select>
</td>
</tr>
<tr class="auth_ldap hidden">
<tr class="auth_ldap auth_options hidden">
<td><a id="help_for_ldap_binddn" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Bind credentials");?></td>
<td>
<?=gettext("User DN:");?><br/>
......@@ -557,7 +561,7 @@ endif; ?>
</div>
</td>
</tr>
<tr class="auth_ldap hidden">
<tr class="auth_ldap auth_options hidden">
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Search scope");?></td>
<td>
<div>
......@@ -577,7 +581,7 @@ endif; ?>
</div>
</td>
</tr>
<tr class="auth_ldap hidden">
<tr class="auth_ldap auth_options hidden">
<td><a id="help_for_ldapauthcontainers" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Authentication containers");?></td>
<td>
<ul class="list-inline">
......@@ -592,7 +596,7 @@ endif; ?>
</div>
</td>
</tr>
<tr class="auth_ldap hidden">
<tr class="auth_ldap auth_options hidden">
<td><a id="help_for_ldap_extended_query" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Extended Query");?></td>
<td>
<input name="ldap_extended_query" type="text" id="ldap_extended_query" size="40" value="<?=$pconfig['ldap_extended_query'];?>"/>
......@@ -603,7 +607,7 @@ endif; ?>
</tr>
<?php if (!isset($id)) :
?>
<tr class="auth_ldap hidden">
<tr class="auth_ldap auth_options hidden">
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Initial Template");?></td>
<td>
<select name='ldap_tmpltype' id='ldap_tmpltype' class="formselect selectpicker" data-style="btn-default">
......@@ -615,26 +619,26 @@ endif; ?>
</tr>
<?php
endif; ?>
<tr class="auth_ldap hidden">
<tr class="auth_ldap auth_options hidden">
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("User naming attribute");?></td>
<td>
<input name="ldap_attr_user" type="text" id="ldap_attr_user" size="20" value="<?=$pconfig['ldap_attr_user'];?>"/>
</td>
</tr>
<!-- RADIUS -->
<tr class="auth_radius hidden">
<tr class="auth_radius auth_options hidden">
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Hostname or IP address");?></td>
<td>
<input name="radius_host" type="text" id="radius_host" size="20" value="<?=$pconfig['radius_host'];?>"/>
</td>
</tr>
<tr class="auth_radius hidden">
<tr class="auth_radius auth_options hidden">
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Shared Secret");?></td>
<td>
<input name="radius_secret" type="password" class="formfld pwd" id="radius_secret" size="20" value="<?=$pconfig['radius_secret'];?>"/>
</td>
</tr>
<tr class="auth_radius hidden">
<tr class="auth_radius auth_options hidden">
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Services offered");?></td>
<td>
<select name='radius_srvcs' id='radius_srvcs' class="formselect selectpicker" data-style="btn-default">
......@@ -647,19 +651,19 @@ endif; ?>
</select>
</td>
</tr>
<tr id="radius_auth" class="auth_radius hidden">
<tr id="radius_auth" class="auth_radius auth_options hidden">
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Authentication port value");?></td>
<td>
<input name="radius_auth_port" type="text" id="radius_auth_port" size="5" value="<?=$pconfig['radius_auth_port'];?>"/>
</td>
</tr>
<tr id="radius_acct" class="auth_radius hidden">
<tr id="radius_acct" class="auth_radius auth_options hidden">
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Accounting port value");?></td>
<td>
<input name="radius_acct_port" type="text" id="radius_acct_port" size="5" value="<?=$pconfig['radius_acct_port'];?>"/>
</td>
</tr>
<tr class="auth_radius hidden">
<tr class="auth_radius auth_options hidden">
<td><a id="help_for_radius_timeout" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Authentication Timeout");?></td>
<td>
<input name="radius_timeout" type="text" id="radius_timeout" size="20" value="<?=$pconfig['radius_timeout'];?>"/>
......@@ -671,7 +675,7 @@ endif; ?>
</td>
</tr>
<!-- Vouchers -->
<tr class="auth_voucher hidden">
<tr class="auth_voucher auth_options hidden">
<td><a id="help_for_voucher_simplepasswd" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Use simple passwords (less secure)");?></td>
<td>
<input name="simplePasswords" type="checkbox" value="yes" <?=!empty($pconfig['simplePasswords']) ? "checked=\"checked\"" : ""; ?>/>
......@@ -680,7 +684,7 @@ endif; ?>
</div>
</td>
</tr>
<tr class="auth_voucher hidden">
<tr class="auth_voucher auth_options hidden">
<td><a id="help_for_voucher_usernameLength" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Username length");?></td>
<td>
<input name="usernameLength" type="text" value="<?=$pconfig['usernameLength'];?>"/>
......@@ -689,7 +693,7 @@ endif; ?>
</div>
</td>
</tr>
<tr class="auth_voucher hidden">
<tr class="auth_voucher auth_options hidden">
<td><a id="help_for_voucher_passwordLength" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Password length");?></td>
<td>
<input name="passwordLength" type="text" value="<?=$pconfig['passwordLength'];?>"/>
......@@ -698,37 +702,53 @@ endif; ?>
</div>
</td>
</tr>
<!-- TOTP -->
<tr class="auth_totp hidden">
<td><a id="help_for_totp_otpLength" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Token length");?></td>
<td>
<select name="otpLength" class="selectpicker" data-style="btn-default">
<option value="6" <?=empty($pconfig['otpLength']) || $pconfig['otpLength'] == "6" ? "selected=\"selected\"" : "";?> >6</option>
<option value="8" <?=!empty($pconfig['otpLength']) && $pconfig['otpLength'] == "8" ? "selected=\"selected\"" : "";?> >8</option>
</select>
<div class="hidden" for="help_for_totp_otpLength">
<?= gettext("Token length to use") ?>
</div>
</td>
</tr>
<tr class="auth_totp hidden">
<td><a id="help_for_totp_timeWindow" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Time window");?></td>
<!-- pluggable options -->
<?php
foreach ($authCNFOptions as $typename => $authtype):
if (!empty($authtype['additionalFields'])):
foreach ($authtype['additionalFields'] as $fieldname => $field):?>
<tr class="auth_options auth_<?=$typename;?> hidden">
<td>
<input name="timeWindow" type="text" value="<?=$pconfig['timeWindow'];?>"/>
<div class="hidden" for="help_for_totp_timeWindow">
<?= gettext("The time period in which the token will be valid, default is 30 seconds (google authenticator)") ?>
</div>
<?php
if (!empty($field['help'])):?>
<a id="help_for_field_<?=$typename;?>_<?=$fieldname;?>" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a>
<?php
else:?>
<i class="fa fa-info-circle text-muted"></i>
<?php
endif;?>
<?=$field['name']; ?>
</td>
</tr>
<tr class="auth_totp hidden">
<td><a id="help_for_totp_graceperiod" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Grace period");?></td>
<td>
<input name="graceperiod" type="text" value="<?=$pconfig['graceperiod'];?>"/>
<div class="hidden" for="help_for_totp_graceperiod">
<?= gettext("Time in seconds in which this server and the token may differ, default is 10 seconds. Set higher for a less secure easier match.") ?>
<?php
if ($field['type'] == 'text'):?>
<input name="<?=$fieldname;?>" type="text" value="<?=$pconfig[$fieldname];?>"/>
<?php
elseif ($field['type'] == 'dropdown'):?>
<select name="<?=$fieldname;?>" class="selectpicker" data-style="btn-default">
<?php
foreach ($field['options'] as $option => $optiontext):?>
<option value="<?=$option;?>" <?=(empty($pconfig[$fieldname]) && $field['default'] == $option) || $pconfig[$fieldname] == $option ? "selected=\"selected\"" : "";?> >
<?=$optiontext;?>
</option>
<?php
endforeach;?>
</select>
<?php
endif;?>
<div class="hidden" for="help_for_field_<?=$typename;?>_<?=$fieldname;?>">
<?=$field['help'];?>
</div>
</td>
</tr>
<?php
endforeach;
endif;
endforeach;?>
<!-- /pluggable options -->
<tr>
<td>&nbsp;</td>
<td>
......@@ -764,7 +784,7 @@ $i = 0;
?>
<tr>
<td><?=$server['name']?></td>
<td><?=!empty($auth_server_types[$server['type']]) ? $auth_server_types[$server['type']] : "";;?></td>
<td><?=!empty($authCNFOptions[$server['type']]) ? $authCNFOptions[$server['type']]['description'] : "";;?></td>
<td><?=$server['host'];?></td>
<td>
<?php if ($i < (count($a_server) - 1)) :
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment