aboutsummaryrefslogtreecommitdiffstats
path: root/config/authng/pkg
diff options
context:
space:
mode:
authorErmal <ermal.luci@gmail.com>2014-02-18 21:02:25 +0000
committerErmal <ermal.luci@gmail.com>2014-02-18 21:02:25 +0000
commit74f02a79cc94a22ad12d212c70d0970cf61e50f9 (patch)
tree9657f794398b45f1fd45e86a0ead64f969bfe976 /config/authng/pkg
parentc01ac3965a3adbcb4dbb7859ec0d49aacb4db76d (diff)
downloadpfsense-packages-74f02a79cc94a22ad12d212c70d0970cf61e50f9.tar.gz
pfsense-packages-74f02a79cc94a22ad12d212c70d0970cf61e50f9.tar.bz2
pfsense-packages-74f02a79cc94a22ad12d212c70d0970cf61e50f9.zip
Remove this package from the repo to not confuse new comers
Diffstat (limited to 'config/authng/pkg')
-rw-r--r--config/authng/pkg/authng.inc323
-rw-r--r--config/authng/pkg/authng.xml194
-rw-r--r--config/authng/pkg/authng_authgui.inc287
-rw-r--r--config/authng/pkg/authng_authmethods.inc222
-rw-r--r--config/authng/pkg/authng_backends.inc234
-rw-r--r--config/authng/pkg/authng_classdefs.inc479
-rw-r--r--config/authng/pkg/authng_peers.inc501
-rw-r--r--config/authng/pkg/authng_usermanager.inc247
8 files changed, 0 insertions, 2487 deletions
diff --git a/config/authng/pkg/authng.inc b/config/authng/pkg/authng.inc
deleted file mode 100644
index 06774acd..00000000
--- a/config/authng/pkg/authng.inc
+++ /dev/null
@@ -1,323 +0,0 @@
-<?php
-/* $Id$ */
-/* ========================================================================== */
-/*
- authng.inc
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name>
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
-
-/* PHP classes like factories users, and groups */
-require_once("authng_classdefs.inc");
-/* PHP classes representing specific auth methods */
-require_once("authng_authmethods.inc");
-/* PHP classes representing specific backends */
-require_once("authng_backends.inc");
-/* PHP peer classes that are providing a persistence layer */
-require_once("authng_peers.inc");
-
-// TODO: Define user- and groupindex array
-
-// get principal store type from config.xml
-// TODO: needs to be defined in config.xml
-//$principalStore = $config['system']['webgui']['principal_store'];
-$principalStore = "xml";
-// get PeerFactory instance
-$peerFactory =& PeerFactory::getInstance();
-// get the actual UserPeer that holds the user index
-$userPeer =& $peerFactory->getUserPeerByPrincipalStore($principalStore);
-// get the actual GroupPeer that holds the user index
-$groupPeer =& $peerFactory->getGroupPeerByPrincipalStore($principalStore);
-// get AuthMethodFactory instance
-$authMethodFactory =& AuthMethodFactory::getInstance();
-// get BackendFactory instance
-$backendFactory =& BackendFactory::getInstance();
-// get the actual auth method
-$authMethod =& $authMethodFactory->getAuthMethodByName($config['system']['webgui']['auth_method']);
-// get the actual backend
-$backend =& $backendFactory->getBackendByName($config['system']['webgui']['backing_method']);
-
-function getUsermanagerPagetitle() {
- global $userPeer;
-
- $result = "";
-
- if ($userPeer->isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) {
- // Page title for admins
- $result = array(gettext("System"), gettext("User manager"));
- } else {
- // Page title for non-admins
- $result = array(gettext("System"), gettext("User password"));
- }
-
- return $result;
-}
-
-function processUserManagerPostVars() {
- global $input_errors, $savemsg, $config;
-
- if (isset($_POST['save'])) {
- unset($input_errors);
-
- /* input validation */
- $reqdfields = explode(" ", "passwordfld1");
- $reqdfieldsn = explode(",", "Password");
-
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
- if ($_POST['passwordfld1'] != $_POST['passwordfld2'])
- $input_errors[] = "The passwords do not match.";
-
- if (!$input_errors) {
- // all values are okay --> saving changes
- $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1']));
-
- write_config();
-
- sync_webgui_passwords();
-
- $retval = system_password_configure();
- $savemsg = get_std_save_message($retval);
- $savemsg = "Password successfully changed<br />";
- }
- }
-}
-
-function processUserManagerAdminPostVars() {
- global $config;
-
- $id = $_GET['id'];
- if (isset($_POST['id']))
- $id = $_POST['id'];
-
- if (!is_array($config['system']['user'])) {
- $config['system']['user'] = array();
- }
-
- admin_users_sort();
- $a_user = &$config['system']['user'];
- $t_privs = $a_user[$id]['priv'];
-
- if ($_GET['act'] == "del" && $_GET['what'] == "user") {
- if ($a_user[$_GET['id']]) {
- $userdeleted = $a_user[$_GET['id']]['name'];
- unset($a_user[$_GET['id']]);
- write_config();
- $retval = system_password_configure();
- $savemsg = get_std_save_message($retval);
- $savemsg = gettext("User") . " " . $userdeleted . " " . gettext("successfully deleted") . "<br />";
- }
- } else if ($_GET['act'] == "del" && $_GET['what'] == "priv") {
- if ($t_privs[$_GET['privid']]) {
- $privdeleted = $t_privs[$_GET['privid']]['id'];
- unset($t_privs[$_GET['privid']]);
- write_config();
- $_GET['act'] = "edit";
- $retval = 0;
- $savemsg = get_std_save_message($retval);
- $savemsg = gettext("Privilege") . " " . $privdeleted . " " . gettext("of user") . " " . $a_user[$_GET['id']]['name'] . " " . gettext("successfully deleted") . "<br />";
- }
- }
-
- if ($_POST) {
- unset($input_errors);
- $pconfig = $_POST;
-
- /* input validation */
- if (isset($id) && ($a_user[$id])) {
- $reqdfields = explode(" ", "usernamefld");
- $reqdfieldsn = explode(",", "Username");
- } else {
- $reqdfields = explode(" ", "usernamefld passwordfld1");
- $reqdfieldsn = explode(",", "Username,Password");
- }
-
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
- if (hasShellAccess($_POST['usernamefld'])) {
- if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld']))
- $input_errors[] = gettext("The username contains invalid characters.");
- } else {
- if (preg_match("/[^a-zA-Z0-9\@\.\-_]/", $_POST['usernamefld']))
- $input_errors[] = gettext("The username contains invalid characters.");
- }
-
- if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2']))
- $input_errors[] = gettext("The passwords do not match.");
-
- if (!$input_errors && !(isset($id) && $a_user[$id])) {
- /* make sure there are no dupes */
- foreach ($a_user as $userent) {
- if ($userent['name'] == $_POST['usernamefld']) {
- $input_errors[] = gettext("Another entry with the same username already exists.");
- break;
- }
- }
- }
-
- if ($pconfig['utype'] <> "system" && !isset($groupindex[$_POST['groupname']])) {
- $input_errors[] = gettext("group does not exist, please define the group before assigning users.");
- }
-
- if (isset($config['system']['ssh']['sshdkeyonly']) &&
- empty($_POST['authorizedkeys'])) {
- $input_errors[] = gettext("You must provide an authorized key otherwise you won't be able to login into this system.");
- }
-
- /* if this is an AJAX caller then handle via JSON */
- if (isAjax() && is_array($input_errors)) {
- input_errors2Ajax($input_errors);
- exit;
- }
-
- if (!$input_errors) {
- if (isset($id) && $a_user[$id])
- $userent = $a_user[$id];
-
- /* the user did change his username */
- if ($_POST['usernamefld'] <> $_POST['oldusername']) {
- $_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
- }
-
- $userent['name'] = $_POST['usernamefld'];
- $userent['fullname'] = $_POST['fullname'];
- if ($pconfig['utype'] <> "system") {
- $userent['groupname'] = $_POST['groupname'];
- }
- isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
-
- if ($_POST['passwordfld1'])
- $userent['password'] = crypt($_POST['passwordfld1']);
-
- if(isset($config['system']['ssh']['sshdkeyonly'])) {
- $userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
- }
-
- if (isset($id) && $a_user[$id])
- $a_user[$id] = $userent;
- else
- $a_user[] = $userent;
-
- write_config();
- $retval = system_password_configure();
- sync_webgui_passwords();
-
- pfSenseHeader("system_usermanager.php");
- }
- }
-}
-
-/**
- * getWindowJSScriptRefs()
- *
- * @return
- */
-function getWindowJSScriptRefs(){
- $result = array('<script type="text/javascript" src="/javascript/windows-js/javascript/window.js"></script>',
- '<script type="text/javascript" src="/javascript/windows-js/javascript/window_effects.js"></script>',
- '<script type="text/javascript" src="/javascript/windows-js/javascript/debug.js"></script>');
-
- return $result;
-}
-
-function gotNoUsers() {
- global $config;
- return empty($config['installedpackages']['authng']['config']);
-}
-
-/**
- * openNoUserDefsDialog()
- *
- * @param mixed $effectClass
- * @return
- */
-function openNoUserDefsDialog($effectClass) {
- if (gotNoUsers()) {
- $alertMessage = gettext("No users or groups found. You will be forwarded to the AuthNG wizard to be able to define users and groups.");
- $dialogScript = "
- <script type='text/javascript'>
- var anchor = document.getElementById('popupanchor');
-
- function forwardToWizard() {
- window.location.href = '/wizard.php?xml=authng_wizard.xml';
- }
-
- function openNoUserDefsDialog(html) {
- var effect = new PopupEffect(html, {className: '${effectClass}'});
- Dialog.alert('${alertMessage}',{className:'alphacube', top:150, width:400, height:null, showEffect:effect.show.bind(effect), hideEffect:effect.hide.bind(effect), onOk:forwardToWizard});
- }
-
- openNoUserDefsDialog(anchor);
- </script>
- ";
-
- return $dialogScript;
- }
-}
-
-/**
- * getWindowJSStyleRefs()
- *
- * @return
- */
-function getWindowJSStyleRefs(){
- $result = array('<link href="/javascript/windows-js/themes/default.css" rel="stylesheet" type="text/css" />',
- '<link href="/javascript/windows-js/themes/alert.css" rel="stylesheet" type="text/css" />',
- '<link href="/javascript/windows-js/themes/alphacube.css" rel="stylesheet" type="text/css" />');
-
- return $result;
-}
-
-/**
- * installPackageAuthNG()
- *
- * @return
- */
-function installPackageAuthNG() {
- mwexec("cd / && /usr/bin/patch < /usr/local/pkg/authng-pfSenseHead.diff");
- mwexec("cd / && /usr/bin/patch < /usr/local/pkg/authng-fbegin.inc.diff");
- mwexec("cd / && /usr/bin/patch < /usr/local/pkg/authng-guiconfig.inc.diff");
- mwexec("cd / && /usr/bin/patch < /usr/local/pkg/authng-globals.inc.diff");
-}
-
-/**
- * deinstallPackageAuthNG()
- *
- * @return
- */
-function deinstallPackageAuthNG() {
- mwexec("cd / && /usr/bin/patch -R < /usr/local/pkg/authng-pfSenseHead.diff");
- mwexec("cd / && /usr/bin/patch -R < /usr/local/pkg/authng-fbegin.inc.diff");
- mwexec("cd / && /usr/bin/patch -R < /usr/local/pkg/authng-guiconfig.inc.diff");
- mwexec("cd / && /usr/bin/patch -R < /usr/local/pkg/authng-globals.inc.diff");
-}
-?> \ No newline at end of file
diff --git a/config/authng/pkg/authng.xml b/config/authng/pkg/authng.xml
deleted file mode 100644
index cebcea93..00000000
--- a/config/authng/pkg/authng.xml
+++ /dev/null
@@ -1,194 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<!DOCTYPE packagegui SYSTEM "../../schema/packages.dtd">
-<?xml-stylesheet type="text/xsl" href="../../xsl/package.xsl"?>
-<packagegui>
- <copyright>
- <![CDATA[
-/* $Id$ */
-/* ========================================================================== */
-/*
- authng.xml
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name>
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
- ]]>
- </copyright>
- <description>
- This package provides a user- and groupmanager which
- allows to add arbitrary groups to the system and assign
- them to a particular group.
-
- Permission control is provided on a per group basis.
- </description>
- <requirements>
- This package is supposed to be run on RELENG based pfSense systems.
- </requirements>
- <faq>Currently there are no FAQ items provided.</faq>
- <name>authng</name>
- <version>1.0</version>
- <title>System: User Manager</title>
- <include_file>/usr/local/pkg/authng.inc</include_file>
- <!-- Menu is where this packages menu will appear -->
- <menu>
- <name>Auth Manager</name>
- <section>System</section>
- <url>/system_usermanager.php</url>
- </menu>
- <!--
- <service>
- <name>yourservice</name>
- <rcfile>/usr/local/etc/rc.d/yourservice.sh</rcfile>
- </service>
- -->
- <tabs />
- <!--
- configpath gets expanded out automatically and config items
- will be stored in that location
- -->
- <configpath>['installedpackages']['authng']['config']</configpath>
- <!--
- |
- | PHP files (user management)
- |
- -->
- <additional_files_needed>
- <prefix>/usr/local/www/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/authng/www/php/system_usermanager.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/authng/www/php/system_usermanager_edit.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/authng/www/php/system_usermanager_settings.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/authng/www/php/system_groupmanager.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/authng/www/php/head.inc</item>
- </additional_files_needed>
- <!--
- |
- | Include files (class defs etc.)
- |
- -->
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/authng/pkg/authng_classdefs.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/authng/pkg/authng_peers.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/authng/pkg/authng.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/authng/pkg/authng_backends.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/authng/pkg/authng_authmethods.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/authng/pkg/authng_authgui.inc</item>
- </additional_files_needed>
- <!--
- |
- | Patch files
- |
- -->
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/authng/diff/authng-pfSenseHead.diff</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/authng/diff/authng-fbegin.inc.diff</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/authng/diff/authng-globals.inc.diff</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/authng/diff/authng-guiconfig.inc.diff</item>
- </additional_files_needed>
- <!--
- |
- | Binary files
- |
- -->
- <additional_files_needed>
- <prefix>/usr/bin/</prefix>
- <chmod>0755</chmod>
- <item>http://www.pfsense.com/packages/config/authng/bin/patch</item>
- </additional_files_needed>
- <!--
- fields gets invoked when the user adds or edits a item. The following items
- will be parsed and rendered for the user as a gui with input, and selectboxes.
- -->
- <!--
- Arbitrary PHP Code, that gets executed if a certain event gets triggered.
- -->
- <custom_php_resync_config_command>
- syncPackageAuthNG();
- </custom_php_resync_config_command>
- <custom_php_install_command>
- installPackageAuthNG();
- </custom_php_install_command>
- <custom_php_deinstall_command>
- deinstallPackageAuthNG();
- </custom_php_deinstall_command>
-</packagegui>
diff --git a/config/authng/pkg/authng_authgui.inc b/config/authng/pkg/authng_authgui.inc
deleted file mode 100644
index 944c9b89..00000000
--- a/config/authng/pkg/authng_authgui.inc
+++ /dev/null
@@ -1,287 +0,0 @@
-<?php
-/* $Id$ */
-/* ========================================================================== */
-/*
- authng_authgui.inc
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name>
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
-
-require_once("authng.inc");
-
-/* Authenticate user - exit if failed (we should have a callback for this maybe) */
-if (empty($authMethod)) { print "auth_method missing!\n"; }
-if (empty($backend)) { print "backing_method missing!\n"; }
-if (!$authMethod->authenticate($backend)) { exit; }
-
-/* scriptname is set in headjs.php if the user did try to access a page other
- * than index.php without beeing logged in.
- */
-if (isset($_POST['scriptname']) && $userPeer->isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) {
- pfSenseHeader("{$_POST['scriptname']}");
- exit;
-}
-
-$allowed = array();
-
-// Once here, the user has authenticated with the web server.
-// Now, we give them access only to the appropriate pages for their group.
-if (!($userPeer->isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER']))) {
- $allowed[] = '';
- if (isset($config['system']['group'][$groupindex[$config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['groupname']]]['pages'][0]['page'])) {
- $useridx = $userindex[$HTTP_SERVER_VARS['AUTH_USER']];
- $grouidx = $groupindex[$config['system']['user'][$useridx]];
- $allowed = &$config['system']['group'][$groupidx]['pages'][0]['page'];
- }
-
- $group = $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['groupname'];
- /* get the group homepage, to be able to forward
- * the user to this particular PHP page.
- */
- $groupPeer->getGroupHomePage($group) == "" ? $home = "/index.php" : $home = "/" . $groupPeer->getGroupHomePage($group);
-
- /* okay but if the user realy tries to explicitely access a particular
- * page, set $home to that page instead.
- */
- if (isset($_POST['scriptname']) && $_POST['scriptname'] <> "/" && $_POST['scriptname'] <> "/index.php")
- $home = basename($_POST['scriptname']);
-
- // If the user is attempting to hit the default page, set it to specifically look for /index.php.
- // Without this, any user would have access to the index page.
- //if ($_SERVER['SCRIPT_NAME'] == '/')
- // $_SERVER['SCRIPT_NAME'] = $home;
-
- // Strip the leading / from the currently requested PHP page
- if (!in_array(basename($_SERVER['SCRIPT_NAME']),$allowed)) {
- // The currently logged in user is not allowed to access the page
- // they are attempting to go to. Redirect them to an allowed page.
-
- if(stristr($_SERVER['SCRIPT_NAME'],"sajax")) {
- echo "||Access to AJAX has been disallowed for this user.";
- exit;
- }
-
- if ($home <> "" && in_array($home, $allowed)) {
- pfSenseHeader("{$home}");
- exit;
- } else {
- header("HTTP/1.0 401 Unauthorized");
- header("Status: 401 Unauthorized");
-
- echo display_error_form("401", "401 Unauthorized. Authorization required.");
- exit;
- }
- }
-
- if (isset($_SESSION['Logged_In'])) {
- /*
- * only forward if the user has just logged in
- * TODO: session auth based - may be an issue.
- */
- if ($_SERVER['SCRIPT_NAME'] <> $home && empty($_SESSION['First_Visit'])) {
- $_SESSION['First_Visit'] = "False";
- pfSenseHeader("{$home}");
- exit;
- }
- }
-}
-
-function display_error_form($http_code, $desc) {
- global $g;
-
- $htmlstr = <<<EOD
-<html>
- <head>
- <script type="text/javascript" src="/javascript/scriptaculous/prototype.js"></script>
- <script type="text/javascript" src="/javascript/scriptaculous/scriptaculous.js"></script>
- <title>An error occurred: {$http_code}</title>
- <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
- <link rel="shortcut icon" href="/themes/{$g['theme']}/images/icons/favicon.ico" />
- <link rel="stylesheet" type="text/css" href="/themes/{$g['theme']}/all.css" media="all" />
- <style type="text/css">
- #errordesc {
- background: #cccccc;
- border: 0px solid #666666;
- margin: 5em auto;
- padding: 0em;
- width: 340px;
- }
- #errordesc h1 {
- background: url(/themes/{$g['theme']}/images/misc/logon.png) no-repeat top left;
- margin-top: 0;
- display: block;
- text-indent: -1000px;
- height: 50px;
- border-bottom: none;
- }
-
- #login p {
- font-size: 1em;
- font-weight: bold;
- padding: 3px;
- margin: 0em;
- text-indent: 10px;
- }
-
- #login span {
- font-size: 1em;
- font-weight: bold;
- width: 20%;
- padding: 3px;
- margin: 0em;
- text-indent: 10px;
- }
-
- #login p#text {
- font-size: 1em;
- font-weight: normal;
- padding: 3px;
- margin: 0em;
- text-indent: 10px;
- }
- </style>
-
- <script type="text/javascript">
- <!--
- function page_load() {
- NiftyCheck();
- Rounded("div#errordesc","bl br","#333","#cccccc","smooth");
- Effect.Pulsate('errortext', { duration: 10 });
- }
- <?php
- require("headjs.php");
- echo getHeadJS();
- ?>
- //-->
- </script>
- <script type="text/javascript" src="/themes/{$g['theme']}/javascript/niftyjsCode.js"></script>
- </head>
- <body onload="page_load();">
- <div id="errordesc">
- <h1>&nbsp</h1>
- <p id="errortext" style="vertical-align: middle; text-align: center;"><span style="color: #000000; font-weight: bold;">{$desc}</span></p>
- </div>
- </body>
-</html>
-
-EOD;
-
- return $htmlstr;
-}
-
-function display_login_form() {
- require_once("globals.inc");
- global $g;
-
- if(isAjax()) {
- if (isset($_POST['login'])) {
- if($_SESSION['Logged_In'] <> "True") {
- isset($_SESSION['Login_Error']) ? $login_error = $_SESSION['Login_Error'] : $login_error = "unknown reason";
- echo "showajaxmessage('Invalid login ({$login_error}).');";
- }
- if (file_exists("{$g['tmp_path']}/webconfigurator.lock")) {
- $whom = file_get_contents("{$g['tmp_path']}/webconfigurator.lock");
- echo "showajaxmessage('This device is currently beeing maintained by: {$whom}.');";
- }
- }
- exit;
- }
-
-?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html>
- <head>
- <script type="text/javascript" src="/javascript/scriptaculous/prototype.js"></script>
- <script type="text/javascript" src="/javascript/scriptaculous/scriptaculous.js"></script>
- <title><?=gettext("Login"); ?></title>
- <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
- <link rel="shortcut icon" href="/themes/<?= $g['theme'] ?>/images/icons/favicon.ico" />
- <?php if (file_exists("{$g['www_path']}/themes/{$g['theme']}/login.css")): ?>
- <link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/login.css" media="all" />
- <?php else: ?>
- <link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/all.css" media="all" />
- <?php endif; ?>
- <script type="text/javascript">
- <!--
- <?php if (file_exists("{$g['www_path']}/themes/{$g['theme']}/login.css")): ?>
- var dontUseCustomBGColor = false;
- <?php else: ?>
- var dontUseCustomBGColor = true;
- <?php endif; ?>
- function page_load() {
- NiftyCheck();
- Rounded("div#login","bl br","#333","#cccccc","smooth");
- document.login_iform.usernamefld.focus();
- }
- function clearError() {
- if($('inputerrors'))
- $('inputerrors').innerHTML='';
- }
- <?php
-// require("headjs.php");
-// echo getHeadJS();
- ?>
- //-->
- </script>
- <script type="text/javascript" src="/themes/<?= $g['theme'] ?>/javascript/niftyjsCode.js"></script>
- </head>
- <body onload="page_load()">
- <div id="login">
- <h1>&nbsp;</h1>
- <form id="iform" name="login_iform" method="post" autocomplete="off" action="<?= $_SERVER['SCRIPT_NAME'] ?>">
- <div id="inputerrors"></div>
- <p>
- <span style="text-align: left;">
- <?=gettext("Username"); ?>:&nbsp;&nbsp;
- </span>
- <input onclick="clearError();" onchange="clearError();" id="usernamefld" type="text" name="usernamefld" class="formfld user" tabindex="1" />
- </p>
- <p>
- <span style="text-align: left;">
- <?=gettext("Password"); ?>:&nbsp;&nbsp;
- </span>
- <input onclick="clearError();" onchange="clearError();" id="passwordfld" type="password" name="passwordfld" class="formfld pwd" tabindex="2" />
- </p>
- <table width="90%" style="margin-right: auto; margin-left: auto;">
- <tr>
- <td valign="middle" align="right" style="font-style: italic;"><br /><?=gettext("Enter username and password to login."); ?></td>
- <td valign="middle" align="left"><input type="submit" id="submit" name="login" class="formbtn" value="<?=gettext("Login"); ?>" tabindex="3" /></td>
- </tr>
- </table>
- </form>
- </div>
- </body>
-</html>
-<?php
-} // end function
-?> \ No newline at end of file
diff --git a/config/authng/pkg/authng_authmethods.inc b/config/authng/pkg/authng_authmethods.inc
deleted file mode 100644
index 15e15566..00000000
--- a/config/authng/pkg/authng_authmethods.inc
+++ /dev/null
@@ -1,222 +0,0 @@
-<?php
-/* $Id$ */
-/* ========================================================================== */
-/*
- authng_authmethods.inc
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name>
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
-
-class AbstractAuthMethod {
- function authenticate($backend) {
- trigger_error('AbstractAuthMethod::authenticate() needs to be overridden in a subclass.', E_USER_ERROR);
- }
-}
-
-class BasicAuthMethod extends AbstractAuthMethod {
- function authenticate($backend) {
- global $HTTP_SERVER_VARS;
-
- /* Check for AUTH_USER */
- if ($HTTP_SERVER_VARS['PHP_AUTH_USER'] <> "") {
- $HTTP_SERVER_VARS['AUTH_USER'] = $HTTP_SERVER_VARS['PHP_AUTH_USER'];
- $HTTP_SERVER_VARS['AUTH_PW'] = $HTTP_SERVER_VARS['PHP_AUTH_PW'];
- }
- if (!isset($HTTP_SERVER_VARS['AUTH_USER'])) {
- require_once("authng_authgui.inc");
- header("WWW-Authenticate: Basic realm=\".\"");
- header("HTTP/1.0 401 Unauthorized");
- display_error_form("401", gettext("You must enter valid credentials to access this resource."));
- exit;
- } else {
- return $backend($HTTP_SERVER_VARS['AUTH_USER'],$HTTP_SERVER_VARS['AUTH_PW']);
- }
- }
-}
-
-class SessionAuthMethod extends AbstractAuthMethod {
- function authenticate($backend) {
- global $g, $HTTP_SERVER_VARS, $userindex, $config;
-
- session_start();
-
- /* Validate incoming login request */
- if (isset($_POST['login'])) {
- if ($backend($_POST['usernamefld'], $_POST['passwordfld'])) {
- $_SESSION['Logged_In'] = "True";
- $_SESSION['Username'] = $_POST['usernamefld'];
- $_SESSION['last_access'] = time();
- } else {
- $_SESSION['Login_Error'] = "Username or password incorrect.";
- }
- }
-
- /* Show login page if they aren't logged in */
- if (empty($_SESSION['Logged_In'])) {
-
- /* Don't display login forms to AJAX */
- if (isAjax())
- return false;
-
- require_once("authng_authgui.inc");
- display_login_form();
- return false;
- } else {
- /* If session timeout isn't set, we don't mark sessions stale */
- if (!isset($config['system']['webgui']['session_timeout']) or
- $config['system']['webgui']['session_timeout'] == 0 or
- $config['system']['webgui']['session_timeout'] == "")
- $_SESSION['last_access'] = time();
- else
- /* Check for stale session */
- if ($_SESSION['last_access'] < (time() - ($config['system']['webgui']['session_timeout'] * 60)))
- $_GET['logout'] = true;
- else
- /* only update if it wasn't ajax */
- if (!isAjax())
- $_SESSION['last_access'] = time();
-
- /* user hit the logout button */
- if (isset($_GET['logout'])) {
- if (hasLockAbility($_SESSION['Username'])) {
- unlink_if_exists("{$g['tmp_path']}/webconfigurator.lock");
- }
-
- /* wipe out $_SESSION */
- $_SESSION = array();
-
- if (isset($_COOKIE[session_name()])) {
- setcookie(session_name(), '', time()-42000, '/');
- }
-
- /* and destroy it */
- session_destroy();
-
- $scriptName = split("/", $_SERVER["SCRIPT_FILENAME"]);
- $scriptElms = count($scriptName);
- $scriptName = $scriptName[$scriptElms-1];
-
- if (isAjax())
- return false;
-
- /* redirect to page the user is on, it'll prompt them to login again */
- pfSenseHeader($scriptName);
-
- return false;
-
- /* user wants to explicitely delete the log file.
- * Requires a particular privilege.
- */
- } else if ($_GET['deletelock'] && hasLockAbility($_SESSION['Username'])) {
- unlink_if_exists("{$g['tmp_path']}/webconfigurator.lock");
- $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username'];
- return true;
-
- /* this is for debugging purpose if you do not want to use Ajax
- * to submit a HTML form. It basically disables the observation
- * of the submit event and hence does not trigger Ajax.
- */
- } else if ($_GET['disable_ajax']) {
- $_SESSION['NO_AJAX'] = "True";
- $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username'];
- return true;
-
- /* Same to re-enable Ajax.
- */
- } else if ($_GET['enable_ajax']) {
- unset($_SESSION['NO_AJAX']);
- $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username'];
- return true;
-
- /* user wants to explicitely create a lock.
- * Requires a particular privilege.
- */
- } else if ($_GET['createlock'] && hasLockAbility($_SESSION['Username'])) {
- $fd = fopen("{$g['tmp_path']}/webconfigurator.lock", "w");
- fputs($fd, "{$_SERVER['REMOTE_ADDR']} (" .
- getRealName($_SESSION['Username']) . ")");
- fclose($fd);
- /* if the user did delete the lock manually, do not
- * re-create it while the session is valide.
- */
- $_SESSION['Lock_Created'] = "True";
- $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username'];
- return true;
-
- /* proceed with the login process */
- } else {
- /* if the user is allowed to create a lock,
- * create it once per session.
- */
- if (hasLockAbility($_SESSION['Username']) &&
- ! isset($_SESSION['Lock_Created'])) {
-
- $fd = fopen("{$g['tmp_path']}/webconfigurator.lock", "w");
- fputs($fd, "{$_SERVER['REMOTE_ADDR']} (" .
- getRealName($_SESSION['Username']) . ")");
- fclose($fd);
- /* if the user did delete the lock manually, do not
- * re-create it while the session is valide.
- */
- $_SESSION['Lock_Created'] = "True";
-
- /* give regular users a chance to automatically invalidate
- * a lock if its older than a particular time.
- */
- } else if (! hasLockAbility($_SESSION['Username']) &&
- file_exists("{$g['tmp_path']}/webconfigurator.lock")) {
-
- $offset = 12; //hours
- $mtime = filemtime("{$g['tmp_path']}/webconfigurator.lock");
- $now_minus_offset = mktime(date("H") - $offset, 0, 0, date("m"), date("d"), date("Y"));
-
- if (($mtime - $now_minus_offset) < $mtime) {
- require_once("auth/authgui.inc");
- display_login_form();
- return false;
- } else {
- /* file is older than mtime + offset which may
- * indicate a stale lockfile, hence we are going
- * to remove it.
- */
- unlink_if_exists("{$g['tmp_path']}/webconfigurator.lock");
- }
- }
-
- $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username'];
- return true;
- } // end if
- } // end if
- } // end function
-}
-
-?> \ No newline at end of file
diff --git a/config/authng/pkg/authng_backends.inc b/config/authng/pkg/authng_backends.inc
deleted file mode 100644
index 1b58e6c1..00000000
--- a/config/authng/pkg/authng_backends.inc
+++ /dev/null
@@ -1,234 +0,0 @@
-<?php
-/* $Id$ */
-/* ========================================================================== */
-/*
- authng_backends.inc
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name>
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
-
-class AbstractBackend {
- function authenticate($username, $passwd) {
- trigger_error('AbstractBackend::authenticate() needs to be overridden in a subclass.', E_USER_ERROR);
- }
-}
-
-class HtpasswdBackend extends AbstractBackend {
- function HtpasswdBackend() {
- }
-
- function authenticate($username, $passd) {
- $authfile = file("/var/run/htpasswd");
-
- /* sanity check to ensure that /usr/local/www/.htpasswd doesn't exist */
- unlink_if_exists("/usr/local/www/.htpasswd");
-
- $matches="";
- if(!($line = array_shift(preg_grep("/^$username:.*$/", $authfile))))
- return false;
-
- /* Get crypted password */
- preg_match("/^$username:((\\$1\\$[.\d\w_\/]{8}\\$)[.\d\w_\/]{22})$/", $line, $matches);
- $pass = $matches[1];
- $salt = $matches[2];
-
- /* Encrypt entered password with salt
- * And finally validate password
- */
- if ($pass == crypt($passwd, $salt))
- return true;
- else
- return false;
- }
-}
-
-class PasswdBackend extends AbstractBackend {
- function PasswdBackend() {
- }
-
- function authenticate($username, $passd) {
- $authfile = file("/etc/master.passwd");
-
- $matches="";
-
- /* Check to see if user even exists */
- if(!($line = array_shift(preg_grep("/^$username:.*$/", $authfile))))
- return false;
-
- /* Get crypted password */
- preg_match("/^$username:((\\$1\\$[.\d\w_\/]{8}\\$)[.\d\w_\/]{22})$/", $line, $matches);
- $pass = $matches[1];
- $salt = $matches[2];
-
- /* Encrypt entered password with salt
- * And finally validate password
- */
- if ($pass == crypt($passwd, $salt))
- return true;
- else
- return false;
- }
-}
-
-class PamBackend extends AbstractBackend {
- function PamBackend() {
- }
-
- function authenticate($username, $passd) {
- /* we do not support blank pwds, don't we? */
- if ($username == "" || passwd == "") { return false; }
-
- if(! extension_loaded( 'pam_auth' )) {
- if(! @dl( 'pam_auth.so' )) {
- return false;
- } else {
- /* no php file no auth, sorry */
- if (! file_exists("/etc/pam.d/php")) {
- if (! file_exists("/etc/pam.d")) { mkdir("/etc/pam.d"); }
-
- $pam_php = <<<EOD
-# /etc/pam.d/php
-#
-# note: both an auth and account entry are required
-
-# auth
-auth required pam_nologin.so no_warn
-auth sufficient pam_opie.so no_warn no_fake_prompts
-auth requisite pam_opieaccess.so no_warn allow_local
-auth required pam_unix.so no_warn try_first_pass
-
-# account
-account required pam_unix.so
-
-# session
-session required pam_permit.so
-
-# password
-password required pam_unix.so no_warn try_first_pass
-
-EOD;
-
- file_put_contents("/etc/pam.d/php", $pam_php);
- } // end if
-
- if (pam_auth($username, $passwd, &$error)) {
- return true;
- } else {
- return false;
- }
- } // end if
- } // end if
- } // end function
-}
-
-class RadiusBackend extends AbstractBackend {
- function RadiusBackend() {
- }
-
- function authenticate($username, $passwd) {
- global $config, $debug;
- $ret = false;
- $radiusservers = $config['system']['radius']['servers'];
-
- $rauth = new Auth_RADIUS_PAP($username, $passwd);
- foreach ($radiusservers as $radsrv) {
- // Add a new server to our instance
- $rauth->addServer($radsrv['ipaddr'], $radsrv['port'], $radsrv['sharedsecret']);
- }
-
- if (!$rauth->start()) {
- $retvalue['auth_val'] = 1;
- $retvalue['error'] = $rauth->getError();
- if ($debug)
- printf("Radius start: %s", $retvalue['error']);
- }
-
- // XXX - billm - somewhere in here we need to handle securid challenge/response
-
- // Send request
- $result = $rauth->send();
-
- if (PEAR::isError($result)) {
- $retvalue['auth_val'] = 1;
- $retvalue['error'] = $result->getMessage();
- if ($debug)
- printf("Radius send failed: %s", $retvalue['error']);
- } else if ($result === true) {
- $retvalue['auth_val'] = 2;
- if ($debug)
- printf (gettext("Radius Auth succeeded"));
- $ret = true;
- } else {
- $retvalue['auth_val'] = 3;
- if ($debug)
- printf (gettext("Radius Auth rejected"));
- }
- // close OO RADIUS_AUTHENTICATION
- $rauth->close();
-
- return $ret;
- } // end function
-}
-
-class LdapBackend extends AbstractBackend {
- function LdapBackend() {
- }
-
- function authenticate($username, $passwd) {
- $ldapserver = $config['system']['ldap']['server'];
- $ldapport = isset($config['system']['ldap']['port']) ? $config['system']['ldap']['server'] : 389;
- $retval = false;
-
- $connection = ldap_connect($ldapserver, $ldapport)
- or die("Could not connect to $ldaphost");
-
- if ($connection) {
- $bind = ldap_bind($connection);
-
- if ($bind) {
- $basedn = $config['system']['ldap']['basedn'];
- $result = ldap_search($connection, $basedn, "uid={$username}");
- $info = ldap_get_entries($connection, $result);
- $userPassword = $info[0]['userPassword'];
-
- if ($userPassword == $passwd) {
- $retval = true;
- } else {
- $retval = false;
- }
- } // end if
- } // end if
-
- return $retval;
- }
-}
-?> \ No newline at end of file
diff --git a/config/authng/pkg/authng_classdefs.inc b/config/authng/pkg/authng_classdefs.inc
deleted file mode 100644
index 64f0ff14..00000000
--- a/config/authng/pkg/authng_classdefs.inc
+++ /dev/null
@@ -1,479 +0,0 @@
-<?php
-/* $Id$ */
-/* ========================================================================== */
-/*
- authng_classdefs.inc
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name>
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
-
-class Object {
- function Object() {
- $args = func_get_args();
- if (method_exists($this, '__destruct')) {
- register_shutdown_function(array(&$this, '__destruct'));
- }
- call_user_func_array(array(&$this, '__construct'), $args);
- }
-
- function __construct() {
- }
-}
-
-class SingletonInterface extends Object {
- function __construct() {
- // Perform object initialization here.
- }
-
- function &__getInstanceImp($name) {
- static $instances = array();
- if (!isset($instances[$name])) {
- $instances[$name] = new $name(); // No changes necessary here.
- }
- return $instances[$name];
- }
-
- function &getInstance() {
- trigger_error('SingletonInterface::getInstance() needs to be overridden in a subclass.', E_USER_ERROR);
- }
-}
-
-class BackendFactory extends SingletonInterface {
- function __construct() {
- // Perform object initialization here.
- parent::__construct();
- }
-
- function &getInstance() {
- return parent::__getInstanceImp('BackendFactory');
- }
-
- function &getBackendByName($name) {
- $result = null;
-
- /* Each name links to an entry in config.xml
- * Example: <auth_method>session</auth_method>
- */
- switch ($name) {
- case "htpasswd":
- $result = new HtpasswdBackend();
- break;
- case "pam":
- $result = new PamBackend();
- break;
- case "radius":
- $result = new RadiusBackend();
- break;
- case "passwd":
- $result = new PasswdBackend();
- break;
- case "ldap":
- $result = new LdapBackend();
- break;
- default:
- }
-
- return $result;
- }
-}
-
-class AuthMethodFactory extends SingletonInterface {
- function __construct() {
- // Perform object initialization here.
- parent::__construct();
- }
-
- function &getInstance() {
- return parent::__getInstanceImp('AuthMethodFactory');
- }
-
- function &getAuthMethodByName($name) {
- $result = null;
-
- /* Each name links to an entry in config.xml
- * Example: <backing_method>htpasswd</backing_method>
- */
- switch ($name) {
- case "session":
- $result = new SessionAuthMethod();
- break;
- case "basic":
- $result = new BasicAuthMethod();
- break;
- default:
- }
-
- return $result;
- }
-}
-
-class AuthngAuxiliary {
- /* ========================================================================== */
- /* == Auxiliary Functions == */
- /* ========================================================================== */
- function &getSystemAdminNames() {
- global $config, $g, $userindex;
- $adminUsers = array();
-
- if (is_array($config['system']['user'])) {
- foreach($config['system']['user'] as $user){
- if (isSystemAdmin($user['name'])) {
- $adminUsers[] = $user['name'];
- }
- } // end foreach
- } // end if
-
- return $adminUsers;
- } // end function
-
- function assignUID($username = "") {
- global $userindex, $config, $g;
-
- if ($username == "") { return; }
-
- $nextuid = $config['system']['nextuid'];
- $user =& $config['system']['user'][$userindex[$username]];
-
- if (empty($user['uid'])) {
- $user['uid'] = $nextuid;
- $nextuid++;
- $config['system']['nextuid'] = $nextuid;
-
- write_config();
-
- return $user;
- } // end if
- } // end function
-}
-
-class AuthngPrivilege {
- /* ========================================================================== */
- /* == Class Members == */
- /* ========================================================================== */
-
- var $id;
- var $name;
- var $description;
-
- /* ========================================================================== */
- /* == Constructor == */
- /* ========================================================================== */
-
- function AuthngPrivilege() {
- }
-
- /* ========================================================================== */
- /* == Accessors == */
- /* ========================================================================== */
-
- function getId() {
- return $this->id;
- }
-
- function setId($id) {
- $this->id = $id;
- }
-
- function getName() {
- return $this->name;
- }
-
- function setName($name) {
- $this->name = $name;
- }
-
- function getDescription() {
- return $this->description;
- }
-
- function setDescription($desc) {
- $this->description = $desc;
- }
-}
-
-class SystemPrivileges {
- /* ========================================================================== */
- /* == Class Members == */
- /* ========================================================================== */
-
- var $privileges = array();
-
- /* ========================================================================== */
- /* == Constructor == */
- /* ========================================================================== */
-
- function SystemPrivileges() {
- $newPriv = new Privilege();
- $newPriv->setId("lockwc");
- $newPriv->setName("Lock webConfigurator");
- $newPriv->setDescription("Indicates whether this user will lock access to the webConfigurator for other users.");
-
- $this->privileges[$newPriv->getId()] = $newPriv;
-
- $newPriv = new Privilege();
- $newPriv->setId("lock-ipages");
- $newPriv->setName("Lock individual pages");
- $newPriv->setDescription("Indicates whether this user will lock individual " .
- "HTML pages after having accessed a particular page" .
- "(the lock will be freed if the user leaves or " .
- "saves the page form).");
-
- $this->privileges[$newPriv->getId()] = $newPriv;
-
- $newPriv = new Privilege();
- $newPriv->setId("hasshell");
- $newPriv->setName("Has shell access");
- $newPriv->setDescription("Indicates whether this user is able to login for " .
- "example via SSH.");
-
- $this->privileges[$newPriv->getId()] = $newPriv;
-
- $newPriv = new Privilege();
- $newPriv->setId("copyfiles");
- $newPriv->setName("Is allowed to copy files");
- $newPriv->setDescription("Indicates whether this user is allowed to copy files " .
- "onto the {$g['product_name']} appliance via SCP/SFTP. " .
- "If you are going to use this privilege, you must install " .
- "scponly on the appliance (Hint: pkg_add -r scponly).");
-
- $this->privileges[$newPriv->getId()] = $newPriv;
-
- $newPriv = new Privilege();
- $newPriv->setId("isroot");
- $newPriv->setName("Is root user");
- $newPriv->setDescription("This user is associated with the UNIX root user " .
- "(you should associate this privilege only with one " .
- "single user).");
-
- $this->privileges[$newPriv->getId()] = $newPriv;
- }
-
- /* ========================================================================== */
- /* == Accessors == */
- /* ========================================================================== */
-
- function getPrivileges() {
- return $this->privileges;
- }
-
- function setPrivileges($privs) {
- $this->privileges = $privs;
- }
-
- function getPrivilegeById($id) {
- return $this->privileges[$id];
- }
-
- function setPrivilegeById($privilege, $id) {
- return $this->privileges[$id] = $privilege;
- }
-}
-
-class AuthngUser {
- /* ========================================================================== */
- /* == Class Members == */
- /* ========================================================================== */
-
- var $name;
- var $fullname;
- var $scope;
- var $groupname;
- var $password;
- var $uid;
- var $systemAdmin = false;
- var $unixRoot = false;
- var $privileges = array();
-
- /* ========================================================================== */
- /* == Constructor == */
- /* ========================================================================== */
-
- function AuthngUser() {
- }
-
- /* ========================================================================== */
- /* == Accessors == */
- /* ========================================================================== */
-
- function isSystemAdmin() {
- return $this->systemAdmin;
- }
-
- function setIsSystemAdmin($flag = false) {
- $this->systemAdmin = $flag;
- }
-
- function isUNIXRoot() {
- return $this->unixRoot;
- }
-
- function setIsUNIXRoot($flag = false) {
- $this->unixRoot = $flag;
- }
-
- function getName() {
- return $this->name;
- }
-
- function setName($name) {
- $this->name = $name;
- }
-
- function getFullname() {
- return $this->fullname;
- }
-
- function setFullname($name) {
- $this->fullname = $name;
- }
-
- function getScope() {
- return $this->scope;
- }
-
- function setScope($scope) {
- $this->scope = $scope;
- }
-
- function getGroupname() {
- return $this->groupname;
- }
-
- function setGroupname($name) {
- $this->groupname = $name;
- }
-
- function getPassword() {
- return $this->password;
- }
-
- function setPassword($pwd) {
- $this->password = $pwd;
- }
-
- function getUid() {
- return $this->uid;
- }
-
- function setUid($uid) {
- $this->uid = $uid;
- }
-
- function getPrivileges() {
- return $this->privileges;
- }
-
- function setPrivileges($privs) {
- $this->privileges = $privs;
- }
-
- function addPrivilege($priv) {
- $this->privileges[] = $priv;
- }
-}
-
-class AuthngGroup {
- /* ========================================================================== */
- /* == Class Members == */
- /* ========================================================================== */
-
- var $name;
- var $description;
- var $scope;
- var $pages = array();
- var $home;
- var $gid;
-
- /* ========================================================================== */
- /* == Constructor == */
- /* ========================================================================== */
-
- function AuthngGroup() {
- }
-
- /* ========================================================================== */
- /* == Accessors == */
- /* ========================================================================== */
-
- function getName() {
- return $this->name;
- }
-
- function setName($name) {
- $this->name = $name;
- }
-
- function getDescription() {
- return $this->description;
- }
-
- function setDescription($desc) {
- $this->description = $desc;
- }
-
- function getScope() {
- return $this->scope;
- }
-
- function setScope($scope) {
- $this->scope = $scope;
- }
-
- function getPages() {
- return $this->pages;
- }
-
- function setPages($pages) {
- $this->pages = $pages;
- }
- function getHome() {
- return $this->home;
- }
-
- function setHome($home) {
- $this->home = $home;
- }
-
- function getGid() {
- return $this->gid;
- }
-
- function setGid($gid) {
- $this->gid = $gid;
- }
-
- function addPage($page) {
- $this->pages[] = $page;
- }
-}
-
-?> \ No newline at end of file
diff --git a/config/authng/pkg/authng_peers.inc b/config/authng/pkg/authng_peers.inc
deleted file mode 100644
index bce3c494..00000000
--- a/config/authng/pkg/authng_peers.inc
+++ /dev/null
@@ -1,501 +0,0 @@
-<?php
-/* $Id$ */
-/* ========================================================================== */
-/*
- authng_peers.inc
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name>
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
-
-class PeerFactory extends SingletonInterface {
- function __construct() {
- // Perform object initialization here.
- parent::__construct();
- }
-
- function &getInstance() {
- return parent::__getInstanceImp('PeerFactory');
- }
-
- function &getGroupPeerByPrincipalStore($store) {
- $result = null;
-
- /* Each name links to an entry in config.xml
- * Example: <principal_store>xml</principal_store>
- */
- switch ($store) {
- case "xml":
- $result = new XMLGroupPeer();
- break;
- case "ldap":
- trigger_error('PeerFactory::getGroupPeerByPrincipal() LDAP peer type is not supported.', E_USER_ERROR);
- break;
- case "db":
- trigger_error('PeerFactory::getGroupPeerByPrincipal() DB peer type is not supported.', E_USER_ERROR);
- break;
- default:
- }
-
- return $result;
- }
-
- function &getUserPeerByPrincipalStore($store) {
- $result = null;
-
- /* Each name links to an entry in config.xml
- * Example: <principal_store>xml</principal_store>
- */
- switch ($store) {
- case "xml":
- $result = new XMLUserPeer();
- break;
- case "ldap":
- trigger_error('PeerFactory::getGroupPeerByPrincipal() LDAP peer type is not supported.', E_USER_ERROR);
- break;
- case "db":
- trigger_error('PeerFactory::getGroupPeerByPrincipal() DB peer type is not supported.', E_USER_ERROR);
- break;
- default:
- }
-
- return $result;
- }
-}
-
-/**
- * @author Daniel S. Haischt <me@daniel.stefan.haischt.name>
- * @abstract
- */
-class AbstractPrivilegePeer {
- /* ========================================================================== */
- /* == Class Members == */
- /* ========================================================================== */
-
- var $privilege_index;
- var $privileges;
- var $userPeer;
-
- /* ========================================================================== */
- /* == Constructor == */
- /* ========================================================================== */
-
- function AbstractPrivilegePeer() {
- }
-
- /* ========================================================================== */
- /* == Accessors == */
- /* ========================================================================== */
-
- function setUserPeer($peer) {
- $this->userPeer = $peer;
- }
-
- function getUserPeer() {
- return $this->userPeer;
- }
-
- /**
- * @return mixed int array of priv indexes
- */
- function getPrivilegeIndex() {
- return $this->privilege_index;
- }
-
- /**
- * @param string a priv name
- * @return int the index that corresponds to a username
- */
- function getPrivilegeIndexByID($id) {
- return $this->privilege_index[$id];
- }
-
- /**
- * @param int an index
- * @return mixed an instance of AuthngPrivilege
- */
- function getPrivilegeByIndex($index) {
- return $this->privileges[$index];
- }
-}
-
-/**
- * @author Daniel S. Haischt <me@daniel.stefan.haischt.name>
- * @abstract
- */
-class AbstractUserPeer {
- /* ========================================================================== */
- /* == Class Members == */
- /* ========================================================================== */
-
- var $user_index;
- var $users;
-
- /* ========================================================================== */
- /* == Constructor == */
- /* ========================================================================== */
-
- function AbstractUserPeer() {
- }
-
- /* ========================================================================== */
- /* == Accessors == */
- /* ========================================================================== */
-
- /**
- * @return mixed int array of user indexes
- */
- function getUserIndex() {
- return $this->user_index;
- }
-
- /**
- * @param string a username
- * @return int the index that corresponds to a username
- */
- function getUserIndexByName($username) {
- return $this->user_index[$username];
- }
-
- /**
- * @param int an index
- * @return mixed an instance of AuthngUser
- */
- function getUserByIndex($index) {
- return $this->users[$index];
- }
-
- function getUserByName($username) {
- return $this->users[$username];
- }
-
- function isSystemAdmin($username) {
- $result = false;
- $user = $this->getUserByName($username);
-
- if ($user) {
- $result = $user->isSystemAdmin();
- }
-
- return $result;
- }
-}
-
-/**
- * @author Daniel S. Haischt <me@daniel.stefan.haischt.name>
- * @abstract
- */
-class AbstractGroupPeer {
- /* ========================================================================== */
- /* == Class Members == */
- /* ========================================================================== */
-
- var $group_index;
- var $groups;
-
- /* ========================================================================== */
- /* == Constructor == */
- /* ========================================================================== */
-
- function AbstractGroupPeer() {
- }
-
- /* ========================================================================== */
- /* == Accessors == */
- /* ========================================================================== */
-
- function getGroupIndex() {
- return $this->group_index;
- }
-
- function getGroupIndexByName($groupname) {
- return $this->group_index[$groupname];
- }
-
- function getGroupByIndex($index) {
- return $this->groups[$index];
- }
-
- function getGroupByName($groupname) {
- return $this->groups[$groupname];
- }
-
- function getGroupHomePage($groupname) {
- $result = false;
- $group = $this->getGroupByName($groupname);
-
- if ($group) {
- $result = $group->getHome();
- }
-
- return $result;
- }
-}
-
-/**
- * @author Daniel S. Haischt <me@daniel.stefan.haischt.name>
- */
-class XMLPrivilegePeer extends AbstractPrivilegePeer {
- /* ========================================================================== */
- /* == Class Members == */
- /* ========================================================================== */
-
- /* ========================================================================== */
- /* == Constructor == */
- /* ========================================================================== */
-
- function XMLPrivilegePeer($userPeer) {
- global $g, $config;
-
- parent::AbstractPrivilegePeer();
-
- $this->setUserPeer($peer);
-
- foreach ($peer->users as $userent) {
- foreach ($userent->getPrivileges() as $privent) {
- $this->privileges[$userent->getName()] = $privent;
- }
- }
- }
-
- /* ========================================================================== */
- /* == Accessors == */
- /* ========================================================================== */
-
- /* ========================================================================== */
- /* == Helper Methods == */
- /* ========================================================================== */
-
- function addPrivilegeFromEnt(&$ent) {
- $newPrivilege = new AuthngUser();
- $newPrivilege->setId($ent['id']);
- $newPrivilege->setName($ent['name']);
- $newPrivilege->setDescription($ent['description']);
- $newPrivilege->setPassword($ent['password']);
- $newPrivilege->setUid($ent['uid']);
-
- $this->privileges[] = $newPrivilege;
- }
-
- function setPrivilegeID($id, $name, $username) {
- $userid = getPrivilegeIndexByName($username);
- $user = $config['system']['user'][$userid];
- }
-
- function setFullName($id, $name) {
- $userid = getUserIndexByName($id);
- $config['system']['user'][$userid]['fullname'] = $name;
- }
-
- function setGroupName($id, $name) {
- $userid = getUserIndexByName($id);
- $config['system']['user'][$userid]['groupname'] = $name;
- }
-
- function setPassword($id, $pwd) {
- $userid = getUserIndexByName($id);
- $config['system']['user'][$userid]['password'] = $pwd;
- }
-
- function setUid($id, $uid) {
- $userid = getUserIndexByName($id);
- $config['system']['user'][$userid]['uid'] = $uid;
- }
-}
-
-/**
- * @author Daniel S. Haischt <me@daniel.stefan.haischt.name>
- */
-class XMLUserPeer extends AbstractUserPeer {
- /* ========================================================================== */
- /* == Class Members == */
- /* ========================================================================== */
-
- /* ========================================================================== */
- /* == Constructor == */
- /* ========================================================================== */
-
- function XMLUserPeer() {
- global $g, $config;
-
- parent::AbstractUserPeer();
-
- if (isset($config['system']['user'])) {
- $i = 0;
-
- foreach($config['system']['user'] as $userent) {
- $this->user_index[$userent['name']] = $i;
- $this->addUserFromEnt($userent);
- $i++;
- }
- }
- }
-
- /* ========================================================================== */
- /* == Accessors == */
- /* ========================================================================== */
-
- /* ========================================================================== */
- /* == Helper Methods == */
- /* ========================================================================== */
-
- function addUserFromEnt(&$ent) {
- print "HURTZ";
- $newUser = new AuthngUser();
- $newUser->setName($ent['name']);
- $newUser->setFullname($ent['fullname']);
- $newUser->setGroupname($ent['groupname']);
- $newUser->setPassword($ent['password']);
- $newUser->setUid($ent['uid']);
-
- if ($ent['priv'] && is_array($ent['priv'])) {
- foreach ($ent['priv'] as $privent) {
- $newPrivilege = new Privilege();
- $newPrivilege->setId($privent['id']);
- $newPrivilege->setName($privent['name']);
- $newPrivilege->setDescription($privent['description']);
-
- $newUser->addPrivilege($newPrivilege);
- }
- }
-
- $this->users["${ent['name']}"] = $newUser;
- }
-
- function setUserName($id, $name) {
- $userid = getUserIndexByName($id);
- $config['system']['user'][$userid]['name'] = $name;
- }
-
- function setFullName($id, $name) {
- $userid = getUserIndexByName($id);
- $config['system']['user'][$userid]['fullname'] = $name;
- }
-
- function setGroupName($id, $name) {
- $userid = getUserIndexByName($id);
- $config['system']['user'][$userid]['groupname'] = $name;
- }
-
- function setPassword($id, $pwd) {
- $userid = getUserIndexByName($id);
- $config['system']['user'][$userid]['password'] = $pwd;
- }
-
- function setUid($id, $uid) {
- $userid = getUserIndexByName($id);
- $config['system']['user'][$userid]['uid'] = $uid;
- }
-}
-
-/**
- * @author Daniel S. Haischt <me@daniel.stefan.haischt.name>
- */
-class XMLGroupPeer extends AbstractGroupPeer {
- /* ========================================================================== */
- /* == Class Members == */
- /* ========================================================================== */
-
- /* ========================================================================== */
- /* == Constructor == */
- /* ========================================================================== */
-
- function XMLGroupPeer() {
- global $g, $config;
-
- parent::AbstractGroupPeer();
-
- if (isset($config['system']['group'])) {
- $i = 0;
-
- foreach($config['system']['group'] as $groupent) {
- $this->group_index[$groupent['name']] = $i;
- $i++;
- }
- }
- }
-
- /* ========================================================================== */
- /* == Accessors == */
- /* ========================================================================== */
-
- /* ========================================================================== */
- /* == Helper Methods == */
- /* ========================================================================== */
-
- function addGroupFromEnt(&$ent) {
- $newGoup = new AuthngGroup();
- $newGoup->setName($ent['name']);
- $newGoup->setDescription($ent['description']);
- $newGoup->setScope($ent['scope']);
- $newGoup->setHome($ent['home']);
- $newGoup->setGid($ent['gid']);
-
- if ($ent['pages'] && is_array($ent['gid'])) {
- foreach ($ent['pages'] as $pageent) {
- $newGoup->addPage($pageent);
- }
- }
-
- $this->groups["${ent['name']}"] = $newGoup;
- }
-
- function setGroupName($id, $name) {
- $groupid = getGroupIndexByName($id);
- $config['system']['group'][$groupid]['name'] = $name;
- }
-
- function setGroupDescription($id, $desc) {
- $groupid = getGroupIndexByName($id);
- $config['system']['group'][$groupid]['description'] = $desc;
- }
-
- function setGroupScope($id, $scope) {
- $groupid = getGroupIndexByName($id);
- $config['system']['group'][$groupid]['scope'] = $scope;
- }
-
- function setGroupHome($id, $home) {
- $groupid = getGroupIndexByName($id);
- $config['system']['group'][$groupid]['home'] = $home;
- }
-
- function setGroupGid($id, $gid) {
- $groupid = getGroupIndexByName($id);
- $config['system']['group'][$groupid]['gid'] = $gid;
- }
-
- function addPageToGroup($id, $page) {
- $groupid = getGroupIndexByName($id);
- $config['system']['group'][$groupid]['pages'][] = $page;
- }
-}
-?>
diff --git a/config/authng/pkg/authng_usermanager.inc b/config/authng/pkg/authng_usermanager.inc
deleted file mode 100644
index f96759fb..00000000
--- a/config/authng/pkg/authng_usermanager.inc
+++ /dev/null
@@ -1,247 +0,0 @@
-<?php
-/* $Id$ */
-/* ========================================================================== */
-/*
- authng_usermanager.inc
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name>
- All rights reserved.
-
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
-/* ========================================================================== */
-/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
-
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
-/* ========================================================================== */
-
-function initUserFromGetVars() {
- if ($_GET['act'] == "edit") {
- if (isset($id) && $a_user[$id]) {
- $pconfig['usernamefld'] = $a_user[$id]['name'];
- $pconfig['fullname'] = $a_user[$id]['fullname'];
- $pconfig['groupname'] = $a_user[$id]['groupname'];
- $pconfig['utype'] = $a_user[$id]['scope'];
- $pconfig['authorizedkeys'] = base64_decode($a_user[$id]['authorizedkeys']);
- }
- } else if ($_GET['act'] == "new") {
- /* set this value cause the text field is read only
- * and the user should not be able to mess with this
- * setting.
- */
- $pconfig['utype'] = "user";
- }
-}
-function processUserManagerPostVarsUser() {
- if (isset($_POST['save'])) {
- unset($input_errors);
-
- /* input validation */
- $reqdfields = explode(" ", "passwordfld1");
- $reqdfieldsn = explode(",", "Password");
-
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
- if ($_POST['passwordfld1'] != $_POST['passwordfld2'])
- $input_errors[] = "The passwords do not match.";
-
- if (!$input_errors) {
- // all values are okay --> saving changes
- $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['password'] = crypt(trim($_POST['passwordfld1']));
-
- write_config();
-
- sync_webgui_passwords();
-
- $retval = system_password_configure();
- $savemsg = get_std_save_message($retval);
- $savemsg = "Password successfully changed<br />";
- }
- }
-}
-
-function processUserManagerPostVarsAdmin() {
- $id = $_GET['id'];
- if (isset($_POST['id']))
- $id = $_POST['id'];
-
- if (!is_array($config['system']['user'])) {
- $config['system']['user'] = array();
- }
-
- admin_users_sort();
- $a_user = &$config['system']['user'];
- $t_privs = $a_user[$id]['priv'];
-
- if ($_GET['act'] == "del" && $_GET['what'] == "user") {
- if ($a_user[$_GET['id']]) {
- $userdeleted = $a_user[$_GET['id']]['name'];
- unset($a_user[$_GET['id']]);
- write_config();
- $retval = system_password_configure();
- $savemsg = get_std_save_message($retval);
- $savemsg = gettext("User") . " " . $userdeleted . " " . gettext("successfully deleted") . "<br />";
- }
- } else if ($_GET['act'] == "del" && $_GET['what'] == "priv") {
- if ($t_privs[$_GET['privid']]) {
- $privdeleted = $t_privs[$_GET['privid']]['id'];
- unset($t_privs[$_GET['privid']]);
- write_config();
- $_GET['act'] = "edit";
- $retval = 0;
- $savemsg = get_std_save_message($retval);
- $savemsg = gettext("Privilege") . " " . $privdeleted . " " . gettext("of user") . " " . $a_user[$_GET['id']]['name'] . " " . gettext("successfully deleted") . "<br />";
- }
- }
-
- if ($_POST) {
- unset($input_errors);
- $pconfig = $_POST;
-
- /* input validation */
- if (isset($id) && ($a_user[$id])) {
- $reqdfields = explode(" ", "usernamefld");
- $reqdfieldsn = explode(",", "Username");
- } else {
- $reqdfields = explode(" ", "usernamefld passwordfld1");
- $reqdfieldsn = explode(",", "Username,Password");
- }
-
- do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);
-
- if (hasShellAccess($_POST['usernamefld'])) {
- if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['usernamefld']))
- $input_errors[] = gettext("The username contains invalid characters.");
- } else {
- if (preg_match("/[^a-zA-Z0-9\@\.\-_]/", $_POST['usernamefld']))
- $input_errors[] = gettext("The username contains invalid characters.");
- }
-
- if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2']))
- $input_errors[] = gettext("The passwords do not match.");
-
- if (!$input_errors && !(isset($id) && $a_user[$id])) {
- /* make sure there are no dupes */
- foreach ($a_user as $userent) {
- if ($userent['name'] == $_POST['usernamefld']) {
- $input_errors[] = gettext("Another entry with the same username already exists.");
- break;
- }
- }
- }
-
- if ($pconfig['utype'] <> "system" && !isset($groupindex[$_POST['groupname']])) {
- $input_errors[] = gettext("group does not exist, please define the group before assigning users.");
- }
-
- if (isset($config['system']['ssh']['sshdkeyonly']) &&
- empty($_POST['authorizedkeys'])) {
- $input_errors[] = gettext("You must provide an authorized key otherwise you won't be able to login into this system.");
- }
-
- /* if this is an AJAX caller then handle via JSON */
- if (isAjax() && is_array($input_errors)) {
- input_errors2Ajax($input_errors);
- exit;
- }
-
- if (!$input_errors) {
- if (isset($id) && $a_user[$id])
- $userent = $a_user[$id];
-
- /* the user did change his username */
- if ($_POST['usernamefld'] <> $_POST['oldusername']) {
- $_SERVER['REMOTE_USER'] = $_POST['usernamefld'];
- }
-
- $userent['name'] = $_POST['usernamefld'];
- $userent['fullname'] = $_POST['fullname'];
- if ($pconfig['utype'] <> "system") {
- $userent['groupname'] = $_POST['groupname'];
- }
- isset($_POST['utype']) ? $userent['scope'] = $_POST['utype'] : $userent['scope'] = "system";
-
- if ($_POST['passwordfld1'])
- $userent['password'] = crypt($_POST['passwordfld1']);
-
- if(isset($config['system']['ssh']['sshdkeyonly'])) {
- $userent['authorizedkeys'] = base64_encode($_POST['authorizedkeys']);
- }
-
- if (isset($id) && $a_user[$id])
- $a_user[$id] = $userent;
- else
- $a_user[] = $userent;
-
- write_config();
- $retval = system_password_configure();
- sync_webgui_passwords();
-
- pfSenseHeader("system_usermanager.php");
- }
- }
-}
-
-/**
- * getWindowJSScriptRefs()
- *
- * @return
- */
-function getWindowJSScriptRefs(){
- $result = array('<script type="text/javascript" src="/javascripts/windows-js/javascript/effects.js"></script>',
- '<script type="text/javascript" src="/javascripts/windows-js/javascript/window.js"></script>',
- '<script type="text/javascript" src="/javascripts/windows-js/javascript/window_effects.js"></script>',
- '<script type="text/javascript" src="/javascripts/windows-js/javascript/window_effects.js"></script>',
- '<script type="text/javascript" src="/javascripts/windows-js/javascript/debug.js"></script>');
-
- return $result;
-}
-
-/**
- * openNoUserDefsDialog()
- *
- * @param mixed $effectClass
- * @return
- */
-function openNoUserDefsDialog($effectClass) {
- if (empty($config['installedpackages']['authng']['config'])) {
- $alertMessage = gettext("No users or group found. You will be forwarded to the AuthNG wizard to be able to define users and groups.");
- $dialogScript = "
- <script type='text/javascript'>
- function forwardToWizard() {
- window.location.href = '/wizard.php?xml=authng_wizard.xml';
- }
-
- function openNoUserDefsDialog(html) {
- var effect = new PopupEffect(html, {className: '${effectClass}'});
- Dialog.alert('${alertMessage},{className:'alphacube', width: 400, height:null, showEffect:effect.show.bind(effect), hideEffect:effect.hide.bind(effect), onOk:forwardToWizard});
- }
- </script>
- ";
-
- return $dialogScript;
- }
-}
-
-?> \ No newline at end of file