diff options
author | Daniel Stefan Haischt <dsh@pfsense.org> | 2007-09-09 21:47:15 +0000 |
---|---|---|
committer | Daniel Stefan Haischt <dsh@pfsense.org> | 2007-09-09 21:47:15 +0000 |
commit | bae8b3e877512740864ffd1e08820b41c71cf72b (patch) | |
tree | 874c8f791c744ccf7bc21efe5eb519b3e738d7a0 /packages/authng/pkg/authng_authgui.inc | |
parent | e6fd119bb3f61cf3cfc59f9c1ae0d1e9a7f28481 (diff) | |
download | pfsense-packages-bae8b3e877512740864ffd1e08820b41c71cf72b.tar.gz pfsense-packages-bae8b3e877512740864ffd1e08820b41c71cf72b.tar.bz2 pfsense-packages-bae8b3e877512740864ffd1e08820b41c71cf72b.zip |
* added initial release of user- and groupmanager stuff (now being called authng)
* this is just a working, unfinished version. It does not work as expected right now.
Diffstat (limited to 'packages/authng/pkg/authng_authgui.inc')
-rw-r--r-- | packages/authng/pkg/authng_authgui.inc | 287 |
1 files changed, 287 insertions, 0 deletions
diff --git a/packages/authng/pkg/authng_authgui.inc b/packages/authng/pkg/authng_authgui.inc new file mode 100644 index 00000000..0556883e --- /dev/null +++ b/packages/authng/pkg/authng_authgui.inc @@ -0,0 +1,287 @@ +<?php +/* $Id$ */ +/* ========================================================================== */ +/* + authng_authmethods.inc + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007 Daniel S. Haischt <me@daniel.stefan.haischt.name> + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + +require_once("authng.inc"); + +/* Authenticate user - exit if failed (we should have a callback for this maybe) */ +if (empty($authMethod)) { print "auth_method missing!\n"; } +if (empty($backend)) { print "backing_method missing!\n"; } +if (!$authMethod->authenticate($backend)) { exit; } + +/* scriptname is set in headjs.php if the user did try to access a page other + * than index.php without beeing logged in. + */ +if (isset($_POST['scriptname']) && isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) { + pfSenseHeader("{$_POST['scriptname']}"); + exit; +} + +$allowed = array(); + +// Once here, the user has authenticated with the web server. +// Now, we give them access only to the appropriate pages for their group. +if (!(isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER']))) { + $allowed[] = ''; + if (isset($config['system']['group'][$groupindex[$config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['groupname']]]['pages'][0]['page'])) { + $useridx = $userindex[$HTTP_SERVER_VARS['AUTH_USER']]; + $grouidx = $groupindex[$config['system']['user'][$useridx]]; + $allowed = &$config['system']['group'][$groupidx]['pages'][0]['page']; + } + + $group = $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['groupname']; + /* get the group homepage, to be able to forward + * the user to this particular PHP page. + */ + getGroupHomePage($group) == "" ? $home = "/index.php" : $home = "/" . getGroupHomePage($group); + + /* okay but if the user realy tries to explicitely access a particular + * page, set $home to that page instead. + */ + if (isset($_POST['scriptname']) && $_POST['scriptname'] <> "/" && $_POST['scriptname'] <> "/index.php") + $home = basename($_POST['scriptname']); + + // If the user is attempting to hit the default page, set it to specifically look for /index.php. + // Without this, any user would have access to the index page. + //if ($_SERVER['SCRIPT_NAME'] == '/') + // $_SERVER['SCRIPT_NAME'] = $home; + + // Strip the leading / from the currently requested PHP page + if (!in_array(basename($_SERVER['SCRIPT_NAME']),$allowed)) { + // The currently logged in user is not allowed to access the page + // they are attempting to go to. Redirect them to an allowed page. + + if(stristr($_SERVER['SCRIPT_NAME'],"sajax")) { + echo "||Access to AJAX has been disallowed for this user."; + exit; + } + + if ($home <> "" && in_array($home, $allowed)) { + pfSenseHeader("{$home}"); + exit; + } else { + header("HTTP/1.0 401 Unauthorized"); + header("Status: 401 Unauthorized"); + + echo display_error_form("401", "401 Unauthorized. Authorization required."); + exit; + } + } + + if (isset($_SESSION['Logged_In'])) { + /* + * only forward if the user has just logged in + * TODO: session auth based - may be an issue. + */ + if ($_SERVER['SCRIPT_NAME'] <> $home && empty($_SESSION['First_Visit'])) { + $_SESSION['First_Visit'] = "False"; + pfSenseHeader("{$home}"); + exit; + } + } +} + +function display_error_form($http_code, $desc) { + global $g; + + $htmlstr = <<<EOD +<html> + <head> + <script type="text/javascript" src="/javascript/scriptaculous/prototype.js"></script> + <script type="text/javascript" src="/javascript/scriptaculous/scriptaculous.js"></script> + <title>An error occurred: {$http_code}</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link rel="shortcut icon" href="/themes/{$g['theme']}/images/icons/favicon.ico" /> + <link rel="stylesheet" type="text/css" href="/themes/{$g['theme']}/all.css" media="all" /> + <style type="text/css"> + #errordesc { + background: #cccccc; + border: 0px solid #666666; + margin: 5em auto; + padding: 0em; + width: 340px; + } + #errordesc h1 { + background: url(/themes/{$g['theme']}/images/misc/logon.png) no-repeat top left; + margin-top: 0; + display: block; + text-indent: -1000px; + height: 50px; + border-bottom: none; + } + + #login p { + font-size: 1em; + font-weight: bold; + padding: 3px; + margin: 0em; + text-indent: 10px; + } + + #login span { + font-size: 1em; + font-weight: bold; + width: 20%; + padding: 3px; + margin: 0em; + text-indent: 10px; + } + + #login p#text { + font-size: 1em; + font-weight: normal; + padding: 3px; + margin: 0em; + text-indent: 10px; + } + </style> + + <script type="text/javascript"> + <!-- + function page_load() { + NiftyCheck(); + Rounded("div#errordesc","bl br","#333","#cccccc","smooth"); + Effect.Pulsate('errortext', { duration: 10 }); + } + <?php + require("headjs.php"); + echo getHeadJS(); + ?> + //--> + </script> + <script type="text/javascript" src="/themes/{$g['theme']}/javascript/niftyjsCode.js"></script> + </head> + <body onload="page_load();"> + <div id="errordesc"> + <h1> </h1> + <p id="errortext" style="vertical-align: middle; text-align: center;"><span style="color: #000000; font-weight: bold;">{$desc}</span></p> + </div> + </body> +</html> + +EOD; + + return $htmlstr; +} + +function display_login_form() { + require_once("globals.inc"); + global $g; + + if(isAjax()) { + if (isset($_POST['login'])) { + if($_SESSION['Logged_In'] <> "True") { + isset($_SESSION['Login_Error']) ? $login_error = $_SESSION['Login_Error'] : $login_error = "unknown reason"; + echo "showajaxmessage('Invalid login ({$login_error}).');"; + } + if (file_exists("{$g['tmp_path']}/webconfigurator.lock")) { + $whom = file_get_contents("{$g['tmp_path']}/webconfigurator.lock"); + echo "showajaxmessage('This device is currently beeing maintained by: {$whom}.');"; + } + } + exit; + } + +?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html> + <head> + <script type="text/javascript" src="/javascript/scriptaculous/prototype.js"></script> + <script type="text/javascript" src="/javascript/scriptaculous/scriptaculous.js"></script> + <title><?=gettext("Login"); ?></title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> + <link rel="shortcut icon" href="/themes/<?= $g['theme'] ?>/images/icons/favicon.ico" /> + <?php if (file_exists("{$g['www_path']}/themes/{$g['theme']}/login.css")): ?> + <link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/login.css" media="all" /> + <?php else: ?> + <link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/all.css" media="all" /> + <?php endif; ?> + <script type="text/javascript"> + <!-- + <?php if (file_exists("{$g['www_path']}/themes/{$g['theme']}/login.css")): ?> + var dontUseCustomBGColor = false; + <?php else: ?> + var dontUseCustomBGColor = true; + <?php endif; ?> + function page_load() { + NiftyCheck(); + Rounded("div#login","bl br","#333","#cccccc","smooth"); + document.login_iform.usernamefld.focus(); + } + function clearError() { + if($('inputerrors')) + $('inputerrors').innerHTML=''; + } + <?php + require("headjs.php"); + echo getHeadJS(); + ?> + //--> + </script> + <script type="text/javascript" src="/themes/<?= $g['theme'] ?>/javascript/niftyjsCode.js"></script> + </head> + <body onload="page_load()"> + <div id="login"> + <h1> </h1> + <form id="iform" name="login_iform" method="post" autocomplete="off" action="<?= $_SERVER['SCRIPT_NAME'] ?>"> + <div id="inputerrors"></div> + <p> + <span style="text-align: left;"> + <?=gettext("Username"); ?>: + </span> + <input onclick="clearError();" onchange="clearError();" id="usernamefld" type="text" name="usernamefld" class="formfld user" tabindex="1" /> + </p> + <p> + <span style="text-align: left;"> + <?=gettext("Password"); ?>: + </span> + <input onclick="clearError();" onchange="clearError();" id="passwordfld" type="password" name="passwordfld" class="formfld pwd" tabindex="2" /> + </p> + <table width="90%" style="margin-right: auto; margin-left: auto;"> + <tr> + <td valign="middle" align="right" style="font-style: italic;"><br /><?=gettext("Enter username and password to login."); ?></td> + <td valign="middle" align="left"><input type="submit" id="submit" name="login" class="formbtn" value="<?=gettext("Login"); ?>" tabindex="3" /></td> + </tr> + </table> + </form> + </div> + </body> +</html> +<?php +} // end function +?>
\ No newline at end of file |