upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-05-28 04:34:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

www/web-proxy-sso: style fixes and copyright headers; closes #344

Browse source 
(cherry picked from commit 0113d06cdd)
This commit is contained in:
Franco Fichtner 2018-01-02 06:51:14 +00:00
parent 90e9d5e5b4
commit 45f2fff060
8 changed files with 214 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
www/web-proxy-sso/src/etc/inc/plugins.inc.d/proxy_sso.inc
View file

@ -9,7 +9,7 @@ function proxy_sso_configure()
function proxy_sso_squid_hook($verbose, $action)
{
if($action == "reconfigure") {
if ($action == "reconfigure") {
configd_run('template reload OPNsense/ProxySSO');
}
}

88
www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/ServiceController.php
View file

@ -1,5 +1,31 @@
<?php
/*
* Copyright (C) 2017 Smart-Soft
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\ProxySSO\Api;
use \OPNsense\Core\Backend;
@ -8,7 +34,6 @@ use \OPNsense\ProxySSO\ProxySSO;
class ServiceController extends \OPNsense\Proxy\Api\ServiceController
{
/**
* show Kerberos keytab for Proxy
* @return array
@ -90,9 +115,9 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController
// LDAP
$methods = explode(',', $cnf->OPNsense->proxy->forward->authentication->method);
foreach($methods as $method) {
foreach ($methods as $method) {
$xpath = $cnf->xpath("//system/authserver[name=\"$method\" and type=\"ldap\"]");
if(count($xpath)) {
if (count($xpath)) {
$ldap_server = $xpath[0];
break;
}
@ -100,11 +125,10 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController
$ldap_ip = null;
$ldap_fqdn = null;
$ldap_server_ping = [ "status" => "failure"];
if(isset($ldap_server) && !empty($ldap_server->host)) {
if(filter_var($ldap_server->host, FILTER_VALIDATE_IP)) {
if (isset($ldap_server) && !empty($ldap_server->host)) {
if (filter_var($ldap_server->host, FILTER_VALIDATE_IP)) {
$ldap_ip = $ldap_server->host;
}
else {
} else {
$ldap_fqdn = $ldap_server->host;
}
@ -120,12 +144,12 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController
$dns_server = array();
$nameservers = preg_grep('/^nameserver/', file('/etc/resolv.conf'));
$dns_servers = array();
foreach($nameservers as $key => $record) {
foreach ($nameservers as $key => $record) {
$parts = explode(' ', $record);
$dns_servers[] = trim($parts[1]);
}
$dns_server = [ "status" => count($dns_servers) ? "ok" : "failure"];
if(!count($dns_servers)) {
if (!count($dns_servers)) {
$dns_server["message"] = gettext("DNS server not found");
}
$output = "# cat /etc/resolv.conf\n";
@ -142,15 +166,14 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController
$resolv_reverse = null;
$dns_hostname_reverse_resolution = array();
$output = array();
if(!empty($resolv_direct) && filter_var($resolv_direct, FILTER_VALIDATE_IP)) {
if (!empty($resolv_direct) && filter_var($resolv_direct, FILTER_VALIDATE_IP)) {
$output[] = "# drill -x {$resolv_direct}";
exec("drill -x {$resolv_direct}", $output);
$resolv_reverse = chop(shell_exec("drill -x {$resolv_direct} | grep -A 1 'ANSWER SECTION' | tail -n 1 | awk '{print \$5}'"));
if(strtolower($resolv_reverse) != strtolower("{$hostname}.")) {
if (strtolower($resolv_reverse) != strtolower("{$hostname}.")) {
$dns_hostname_reverse_resolution["message"] = gettext("Hostname doesn't resolved to host IP.");
}
}
else {
} else {
$dns_hostname_reverse_resolution["message"] = gettext("Hostname doesn't resolved to IP.");
}
$dns_hostname_reverse_resolution["status"] = strtolower($resolv_reverse) == strtolower("{$hostname}.") ? "ok" : "failure";
@ -160,18 +183,16 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController
// DNS: LDAP server
ldap_dns:
$dns_ldap_reverse_resolution = array( "status" => "failure" );
if(empty($ldap_ip)) {
if (empty($ldap_ip)) {
$dns_ldap_reverse_resolution["message"] = gettext("Unknown LDAP server IP.");
}
else {
} else {
$ldap_ip_esc = escapeshellarg($ldap_ip);
$resolv_reverse = chop(shell_exec("drill -x {$ldap_ip_esc} | grep -A 1 'ANSWER SECTION' | tail -n 1 | awk '{print \$5}'"));
if(empty($resolv_reverse)) {
if (empty($resolv_reverse)) {
$dns_ldap_reverse_resolution["message"] = gettext('LDAP server IP reverse lookup error. ');
}elseif (!empty($ldap_fqdn) && $resolv_reverse != "{$ldap_fqdn}.") {
} elseif (!empty($ldap_fqdn) && $resolv_reverse != "{$ldap_fqdn}.") {
$dns_ldap_reverse_resolution["message"] = gettext('LDAP server reverse DNS lookup is not equal to LDAP server FQDN. ');
}
else {
} else {
$dns_ldap_reverse_resolution["status"] = "ok";
$ldap_fqdn = substr($resolv_reverse, 0, strlen($resolv_reverse) - 1);
}
@ -181,21 +202,18 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController
}
$dns_ldap_resolution = array( "status" => "failure" );
if(empty($ldap_fqdn)) {
if (empty($ldap_fqdn)) {
$dns_ldap_resolution["message"] = gettext('Unknown LDAP server FQDN.');
}
else {
} else {
$ldap_fqdn_esc = escapeshellarg($ldap_fqdn);
$resolv = chop(shell_exec("drill {$ldap_fqdn_esc} | grep -A 1 'ANSWER SECTION' | tail -n 1 | awk '{print \$5}'"));
if(empty($resolv)) {
if (empty($resolv)) {
$dns_ldap_resolution["message"] = gettext('LDAP server DNS lookup error. ');
}
elseif (!empty($ldap_ip) && $resolv != $ldap_ip) {
} elseif (!empty($ldap_ip) && $resolv != $ldap_ip) {
$dns_ldap_resolution["message"] = gettext('LDAP server DNS lookup is not equal to LDAP IP. ');
}
else {
} else {
$dns_ldap_resolution["status"] = "ok";
if(empty($ldap_ip)) {
if (empty($ldap_ip)) {
$ldap_ip = $resolv;
goto ldap_dns;
}
@ -210,10 +228,9 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController
$krb5_conf = '/etc/krb5.conf';
$kerberos_config = array();
$kerberos_config["status"] = "failure";
if(!file_exists($krb5_conf)) {
if (!file_exists($krb5_conf)) {
$kerberos_config["message"] = sprintf(gettext('File %s does not exists.'), $krb5_conf);
}
else{
} else {
$domainstr = preg_quote($cnf->system->domain);
$config_valid = preg_grep("/$domainstr/", file($krb5_conf));
$kerberos_config["status"] = file_exists($krb5_conf) && !empty($config_valid) ? "ok" : "failure";
@ -228,18 +245,17 @@ class ServiceController extends \OPNsense\Proxy\Api\ServiceController
$keytab_file = '/usr/local/etc/squid/squid.keytab';
$keytab = array();
$keytab["status"] = file_exists($keytab_file) ? "ok" : "failure";
if(!file_exists($keytab_file)) {
if (!file_exists($keytab_file)) {
$keytab["message"] = sprintf(gettext('File %s does not exists.'), $keytab_file);
}
$keytab["dump"] = $backend->configdRun("proxysso showkeytab");
// and two more DNS check
if(!empty($ldap_ip) && !in_array($ldap_ip, $dns_servers)) {
if (!empty($ldap_ip) && !in_array($ldap_ip, $dns_servers)) {
$dns_server["status"] = "failure";
$dns_server["message"] = gettext("LDAP server is not in DNS servers list.");
}
elseif(in_array("127.0.0.1", $dns_servers) || in_array("::1", $dns_servers)) {
} elseif (in_array("127.0.0.1", $dns_servers) || in_array("::1", $dns_servers)) {
$dns_server["status"] = "failure";
$dns_server["message"] = gettext("Do not set localhost as DNS server.");
}

42
www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/Api/SettingsController.php
View file

@ -1,31 +1,29 @@
<?php
/**
* Copyright (C) 2017 Smart-Soft
/*
* Copyright (C) 2017 Smart-Soft
* All rights reserved.
*
* All rights reserved.
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\ProxySSO\Api;

42
www/web-proxy-sso/src/opnsense/mvc/app/controllers/OPNsense/ProxySSO/IndexController.php
View file

@ -1,15 +1,41 @@
<?php
/*
* Copyright (C) 2017 Smart-Soft
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\ProxySSO;
class IndexController extends \OPNsense\Base\IndexController
{
public function indexAction()
{
$this->view->pick('OPNsense/ProxySSO/index');
$this->view->generalForm = $this->getForm("general");
$this->view->testingCreateForm = $this->getForm("testing_create");
$this->view->testingTestForm = $this->getForm("testing_test");
$this->view->checkListForm = $this->getForm("checklist");
}
public function indexAction()
{
$this->view->pick('OPNsense/ProxySSO/index');
$this->view->generalForm = $this->getForm("general");
$this->view->testingCreateForm = $this->getForm("testing_create");
$this->view->testingTestForm = $this->getForm("testing_test");
$this->view->checkListForm = $this->getForm("checklist");
}
}

40
www/web-proxy-sso/src/opnsense/mvc/app/models/OPNsense/ProxySSO/ProxySSO.php
View file

@ -1,5 +1,31 @@
<?php
/*
* Copyright (C) 2017 Smart-Soft
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\ProxySSO;
use OPNsense\Base\BaseModel;
@ -7,11 +33,11 @@ use OPNsense\Core\Config;
class ProxySSO extends BaseModel
{
protected function init()
{
if($this->KerberosHostName == "") {
$hostname = (string)Config::getInstance()->object()->system->hostname;
$this->KerberosHostName = substr(strtoupper($hostname), 0, 13) . '-K';
}
}
protected function init()
{
if ($this->KerberosHostName == "") {
$hostname = (string)Config::getInstance()->object()->system->hostname;
$this->KerberosHostName = substr(strtoupper($hostname), 0, 13) . '-K';
}
}
}

26
www/web-proxy-sso/src/opnsense/mvc/app/views/OPNsense/ProxySSO/index.volt
View file

@ -1,3 +1,29 @@
{#
# Copyright (C) 2017 Smart-Soft
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#}
<script type="text/javascript">
$( document ).ready(function() {

24
www/web-proxy-sso/src/opnsense/scripts/OPNsense/ProxySSO/kerberos_test.sh
View file

@ -1,5 +1,29 @@
#!/bin/sh
# Copyright (C) 2017 Smart-Soft
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
PASS_TMP=/tmp/__tmp_kerb_pass
while getopts :f:u:p: name

24
www/web-proxy-sso/src/opnsense/scripts/OPNsense/ProxySSO/squid-gen-keytab.sh
View file

@ -1,5 +1,29 @@
#!/bin/sh
# Copyright (C) 2017 Smart-Soft
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
KEYTAB=/usr/local/etc/squid/squid.keytab
PASS_TMP=/tmp/__tmp_kerb_pass