lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-13 08:09:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
core/src/www/system_advanced_admin.php

671 lines
36 KiB
PHP
Raw Blame History

<?php
/*
* Copyright (C) 2017 Franco Fichtner <franco@opnsense.org>
* Copyright (C) 2014-2015 Deciso B.V.
* Copyright (C) 2005-2010 Scott Ullrich <sullrich@gmail.com>
* Copyright (C) 2008 Shrew Soft Inc. <mgrooms@shrew.net>
* Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
require_once("guiconfig.inc");
require_once("filter.inc");
require_once("system.inc");
require_once("services.inc");
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$pconfig = array();
$pconfig['webguiinterfaces'] = !empty($config['system']['webgui']['interfaces']) ? explode(',', $config['system']['webgui']['interfaces']) : array();
$pconfig['webguiproto'] = $config['system']['webgui']['protocol'];
$pconfig['webguiport'] = $config['system']['webgui']['port'];
$pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref'];
$pconfig['compression'] = isset($config['system']['webgui']['compression']) ? $config['system']['webgui']['compression'] : null;
$pconfig['ssl-ciphers'] = !empty($config['system']['webgui']['ssl-ciphers']) ? explode(':', $config['system']['webgui']['ssl-ciphers']) : array();
$pconfig['disablehttpredirect'] = isset($config['system']['webgui']['disablehttpredirect']);
$pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']);
$pconfig['usevirtualterminal'] = isset($config['system']['usevirtualterminal']);
$pconfig['disableintegratedauth'] = !empty($config['system']['disableintegratedauth']);
$pconfig['sudo_allow_wheel'] = $config['system']['sudo_allow_wheel'];
$pconfig['nodnsrebindcheck'] = isset($config['system']['webgui']['nodnsrebindcheck']);
$pconfig['nohttpreferercheck'] = isset($config['system']['webgui']['nohttpreferercheck']);
$pconfig['althostnames'] = $config['system']['webgui']['althostnames'];
$pconfig['serialspeed'] = $config['system']['serialspeed'];
$pconfig['primaryconsole'] = $config['system']['primaryconsole'];
$pconfig['secondaryconsole'] = $config['system']['secondaryconsole'];
$pconfig['enablesshd'] = $config['system']['ssh']['enabled'];
$pconfig['sshport'] = $config['system']['ssh']['port'];
$pconfig['sshinterfaces'] = !empty($config['system']['ssh']['interfaces']) ? explode(',', $config['system']['ssh']['interfaces']) : array();
$pconfig['passwordauth'] = isset($config['system']['ssh']['passwordauth']);
$pconfig['sshdpermitrootlogin'] = isset($config['system']['ssh']['permitrootlogin']);
$pconfig['quietlogin'] = isset($config['system']['webgui']['quietlogin']);
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
$input_errors = array();
$pconfig = $_POST;
/* input validation */
if (!empty($pconfig['webguiport'])) {
if (!is_port($pconfig['webguiport'])) {
$input_errors[] = gettext('You must specify a valid web GUI port number');
}
}
if (!empty($pconfig['althostnames'])) {
$althosts = explode(" ", $pconfig['althostnames']);
foreach ($althosts as $ah) {
if (!is_hostname($ah)) {
$input_errors[] = sprintf(gettext("Alternate hostname %s is not a valid hostname."), htmlspecialchars($ah));
}
}
}
if (!empty($pconfig['sshport'])) {
if (!is_port($pconfig['sshport'])) {
$input_errors[] = gettext("You must specify a valid port number");
}
}
if (count($input_errors) == 0) {
$newinterfaces = !empty($pconfig['webguiinterfaces']) ? implode(',', $pconfig['webguiinterfaces']) : '';
$newciphers = !empty($pconfig['ssl-ciphers']) ? implode(':', $pconfig['ssl-ciphers']) : '';
$restart_webgui = $config['system']['webgui']['protocol'] != $pconfig['webguiproto'] ||
$config['system']['webgui']['port'] != $pconfig['webguiport'] ||
$config['system']['webgui']['ssl-certref'] != $pconfig['ssl-certref'] ||
$config['system']['webgui']['compression'] != $pconfig['compression'] ||
$config['system']['webgui']['ssl-ciphers'] != $newciphers ||
$config['system']['webgui']['interfaces'] != $newinterfaces ||
($pconfig['disablehttpredirect'] == "yes") != !empty($config['system']['webgui']['disablehttpredirect']);
$config['system']['webgui']['protocol'] = $pconfig['webguiproto'];
$config['system']['webgui']['port'] = $pconfig['webguiport'];
$config['system']['webgui']['ssl-certref'] = $pconfig['ssl-certref'];
$config['system']['webgui']['ssl-ciphers'] = $newciphers;
$config['system']['webgui']['interfaces'] = $newinterfaces;
$config['system']['webgui']['compression'] = $pconfig['compression'];
if ($pconfig['disablehttpredirect'] == "yes") {
$config['system']['webgui']['disablehttpredirect'] = true;
} elseif (isset($config['system']['webgui']['disablehttpredirect'])) {
unset($config['system']['webgui']['disablehttpredirect']);
}
if ($pconfig['quietlogin'] == "yes") {
$config['system']['webgui']['quietlogin'] = true;
} elseif (isset($config['system']['webgui']['quietlogin'])) {
unset($config['system']['webgui']['quietlogin']);
}
if ($pconfig['disableconsolemenu'] == "yes") {
$config['system']['disableconsolemenu'] = true;
} elseif (isset($config['system']['disableconsolemenu'])) {
unset($config['system']['disableconsolemenu']);
}
if (!empty($pconfig['usevirtualterminal'])) {
$config['system']['usevirtualterminal'] = true;
} elseif (isset($config['system']['usevirtualterminal'])) {
unset($config['system']['usevirtualterminal']);
}
if (!empty($pconfig['disableintegratedauth'])) {
$config['system']['disableintegratedauth'] = true;
} elseif (isset($config['system']['disableintegratedauth'])) {
unset($config['system']['disableintegratedauth']);
}
if (!empty($pconfig['sudo_allow_wheel'])) {
$config['system']['sudo_allow_wheel'] = $pconfig['sudo_allow_wheel'];
} elseif (isset($config['system']['sudo_allow_wheel'])) {
unset($config['system']['sudo_allow_wheel']);
}
if (is_numeric($pconfig['serialspeed'])) {
$config['system']['serialspeed'] = $pconfig['serialspeed'];
} elseif (isset($config['system']['serialspeed'])) {
unset($config['system']['serialspeed']);
}
if (!empty($pconfig['primaryconsole'])) {
$config['system']['primaryconsole'] = $pconfig['primaryconsole'];
} elseif (isset($config['system']['primaryconsole'])) {
unset($config['system']['primaryconsole']);
}
if (!empty($pconfig['secondaryconsole'])) {
$config['system']['secondaryconsole'] = $pconfig['secondaryconsole'];
} elseif (isset($config['system']['secondaryconsole'])) {
unset($config['system']['secondaryconsole']);
}
if ($pconfig['nodnsrebindcheck'] == "yes") {
$config['system']['webgui']['nodnsrebindcheck'] = true;
} elseif (isset($config['system']['webgui']['nodnsrebindcheck'])) {
unset($config['system']['webgui']['nodnsrebindcheck']);
}
if ($pconfig['nohttpreferercheck'] == "yes") {
$config['system']['webgui']['nohttpreferercheck'] = true;
} elseif (isset($config['system']['webgui']['nohttpreferercheck'])) {
unset($config['system']['webgui']['nohttpreferercheck']);
}
if (!empty($pconfig['althostnames'])) {
$config['system']['webgui']['althostnames'] = $pconfig['althostnames'];
} elseif (isset($config['system']['webgui']['althostnames'])) {
unset($config['system']['webgui']['althostnames']);
}
/* always store setting to prevent installer auto-start */
$config['system']['ssh']['noauto'] = 1;
$config['system']['ssh']['interfaces'] = !empty($pconfig['sshinterfaces']) ? implode(',', $pconfig['sshinterfaces']) : null;
if (!empty($pconfig['enablesshd'])) {
$config['system']['ssh']['enabled'] = 'enabled';
} elseif (isset($config['system']['ssh']['enabled'])) {
unset($config['system']['ssh']['enabled']);
}
if (!empty($pconfig['passwordauth'])) {
$config['system']['ssh']['passwordauth'] = true;
} elseif (isset($config['system']['ssh']['passwordauth'])) {
unset($config['system']['ssh']['passwordauth']);
}
if (!empty($pconfig['sshport'])) {
$config['system']['ssh']['port'] = $_POST['sshport'];
} elseif (isset($config['system']['ssh']['port'])) {
unset($config['system']['ssh']['port']);
}
if (!empty($pconfig['sshdpermitrootlogin'])) {
$config['system']['ssh']['permitrootlogin'] = true;
} elseif (isset($config['system']['ssh']['permitrootlogin'])) {
unset($config['system']['ssh']['permitrootlogin']);
}
if ($restart_webgui) {
$http_host_port = explode("]", $_SERVER['HTTP_HOST']);
/* IPv6 address check */
if (strstr($_SERVER['HTTP_HOST'], "]")) {
if (count($http_host_port) > 1) {
array_pop($http_host_port);
$host = str_replace(array("[", "]"), "", implode(":", $http_host_port));
$host = "[{$host}]";
} else {
$host = str_replace(array("[", "]"), "", implode(":", $http_host_port));
$host = "[{$host}]";
}
} else {
list($host) = explode(":", $_SERVER['HTTP_HOST']);
}
$prot = $config['system']['webgui']['protocol'];
$port = $config['system']['webgui']['port'];
if (!empty($port)) {
$url = "{$prot}://{$host}:{$port}/system_advanced_admin.php";
} else {
$url = "{$prot}://{$host}/system_advanced_admin.php";
}
}
write_config();
$savemsg = get_std_save_message();
filter_configure();
system_login_configure();
system_hosts_generate();
plugins_configure('dns');
services_dhcpd_configure();
configd_run('openssh restart', true);
if ($restart_webgui) {
configd_run('webgui restart 3', true);
}
}
}
$a_cert = isset($config['cert']) ? $config['cert'] : array();
$interfaces = get_configured_interface_with_descr();
$certs_available = false;
if (count($a_cert)) {
$certs_available = true;
}
if (empty($pconfig['webguiproto']) || !$certs_available) {
$pconfig['webguiproto'] = "http";
}
legacy_html_escape_form_data($pconfig);
include("head.inc");
?>
<body>
<?php include("fbegin.inc"); ?>
<script type="text/javascript">
$(document).ready(function() {
$(".proto").change(function(){
if ($("#https_proto").prop('checked')) {
$("#webguiport").attr('placeholder', '443');
$(".ssl_opts").show();
} else {
$("#webguiport").attr('placeholder', '80');
$(".ssl_opts").hide();
}
});
$(".proto").change();
<?php
if (isset($restart_webgui) && $restart_webgui): ?>
BootstrapDialog.show({
type:BootstrapDialog.TYPE_INFO,
title: '<?= html_safe($savemsg) ?>',
closable: false,
onshow:function(dialogRef){
dialogRef.setClosable(false);
dialogRef.getModalBody().html(
'<?= html_safe(gettext('The web GUI is reloading at the moment, please wait...')) ?>' +
' <i class="fa fa-cog fa-spin"></i><br /><br />' +
' <?= html_safe(gettext('You will have 5 minutes to confirm the changes before the GUI ' .
'will revert to its previous configuration as an automatic recovery.')) ?><br /><br />' +
' <?= html_safe(gettext('If the page does not reload go here:')) ?>' +
' <a href="<?= html_safe($url) ?>" target="_blank"><?= html_safe($url) ?></a>'
);
setTimeout(reloadWaitNew, 20000);
},
});
function reloadWaitNew () {
$.ajax({
url: '<?= html_safe($url); ?>',
timeout: 1250
}).fail(function () {
setTimeout(reloadWaitOld, 1250);
}).done(function () {
window.location.assign('<?= html_safe($url); ?>');
});
}
function reloadWaitOld () {
$.ajax({
url: '/system_advanced_admin.php',
timeout: 1250
}).fail(function () {
setTimeout(reloadWaitNew, 1250);
}).done(function () {
window.location.assign('/system_advanced_admin.php');
});
}
<?php
unset($savemsg);
endif;?>
});
</script>
<section class="page-content-main">
<div class="container-fluid">
<div class="row">
<?php
if (isset($input_errors) && count($input_errors) > 0) {
print_input_errors($input_errors);
}
if (isset($savemsg)) {
print_info_box($savemsg);
}
?>
<section class="col-xs-12">
<div class="content-box tab-content table-responsive">
<form method="post" name="iform" id="iform">
<table class="table table-striped opnsense_standard_table_form">
<tr>
<td style="width:22%"><strong><?=gettext('Web GUI');?></strong></td>
<td style="width:78%; text-align:right">
<small><?=gettext("full help"); ?> </small>
<i class="fa fa-toggle-off text-danger" style="cursor: pointer;" id="show_all_help_page"></i>
</td>
</tr>
<tr>
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Protocol"); ?></td>
<td>
<input name="webguiproto" class="proto" id="http_proto" type="radio" value="http" <?= $pconfig['webguiproto'] == "http" ? 'checked="checked"' :'' ?>/>
<?=gettext("HTTP"); ?>
&nbsp;&nbsp;&nbsp;
<input name="webguiproto" class="proto" id="https_proto" type="radio" value="https" <?= $pconfig['webguiproto'] == "https" ? 'checked="checked"' : '' ?> <?=$certs_available ? '' : 'disabled="disabled"' ?>/>
<?=gettext("HTTPS"); ?>
<?php
if (!$certs_available) :?>
<br />
<?= sprintf(gettext("No Certificates have been defined. You must %sCreate or Import%s a Certificate before SSL can be enabled."),'<a href="system_certmanager.php">','</a>') ?>
<?php
endif; ?>
</td>
</tr>
<tr class="ssl_opts">
<td><a id="help_for_sslcertref" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("SSL Certificate"); ?></td>
<td>
<select name="ssl-certref" class="formselect selectpicker" data-style="btn-default">
<?php
foreach ($a_cert as $cert) :?>
<option value="<?=$cert['refid'];?>" <?=$pconfig['ssl-certref'] == $cert['refid'] ? "selected=\"selected\"" : "";?>>
<?=$cert['descr'];?>
</option>
<?php
endforeach;?>
</select>
<output class='hidden' for="help_for_sslcertref">
<?=sprintf(
gettext('The %sSSL certificate manager%s can be used to ' .
'create or import certificates if required.'),
'<a href="/system_certmanager.php">', '</a>'
);?>
</output>
</td>
</tr>
<tr class="ssl_opts">
<td><a id="help_for_sslciphers" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("SSL Ciphers"); ?></td>
<td>
<select name="ssl-ciphers[]" class="selectpicker" multiple="multiple" data-live-search="true" title="<?=gettext("System defaults");?>">
<?php
$ciphers = json_decode(configd_run("system ssl ciphers"), true);
if ($ciphers == null) {
$ciphers = array();
}
ksort($ciphers);
foreach ($ciphers as $cipher => $cipher_data):?>
<option value="<?=$cipher;?>" <?= !empty($pconfig['ssl-ciphers']) && in_array($cipher, $pconfig['ssl-ciphers']) ? 'selected="selected"' : '' ?>>
<?=!empty($cipher_data['description']) ? $cipher_data['description'] : $cipher;?>
</option>
<?php
endforeach;?>
</select>
<output class="hidden" for="help_for_sslciphers">
<?=gettext("Limit SSL cipher selection in case the system defaults are undesired. Note that restrictive use may lead to an inaccessible web GUI.");?>
</output>
</td>
</tr>
<tr>
<td><a id="help_for_webguiport" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("TCP port"); ?></td>
<td>
<input name="webguiport" id="webguiport" type="text" value="<?=$pconfig['webguiport'];?>" placeholder="<?= $pconfig['webguiproto'] == 'https' ? '443' : '80' ?>" />
<output class="hidden" for="help_for_webguiport">
<?=gettext("Enter a custom port number for the web GUI " .
"above if you want to override the default (80 for HTTP, 443 " .
"for HTTPS). Changes will take effect immediately after save."); ?>
</output>
</td>
</tr>
<tr class="ssl_opts">
<td><a id="help_for_disablehttpredirect" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('HTTP Redirect'); ?></td>
<td style="width:78%">
<input name="disablehttpredirect" type="checkbox" value="yes" <?= empty($pconfig['disablehttpredirect']) ? '' : 'checked="checked"';?> />
<strong><?= gettext('Disable web GUI redirect rule') ?></strong>
<output class="hidden" for="help_for_disablehttpredirect">
<?= gettext("When this is unchecked, access to the web GUI " .
"is always permitted even on port 80, regardless of the listening port configured. " .
"Check this box to disable this automatically added redirect rule.");
?>
</output>
</td>
</tr>
<tr>
<td><a id="help_for_quietlogin" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Login Messages") ?></td>
<td>
<input name="quietlogin" type="checkbox" value="yes" <?= empty($pconfig['quietlogin']) ? '' : 'checked="checked"' ?>/>
<strong><?= gettext('Disable logging of web GUI successful logins') ?></strong>
<output class="hidden" for="help_for_quietlogin">
<?=gettext("When this is checked, successful logins to the web GUI will not be logged.");?>
</output>
</td>
</tr>
<tr>
<td><a id="help_for_nodnsrebindcheck" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("DNS Rebind Check"); ?></td>
<td>
<input name="nodnsrebindcheck" type="checkbox" value="yes" <?= empty($pconfig['nodnsrebindcheck']) ? '' : 'checked="checked"';?>/>
<strong><?=gettext("Disable DNS Rebinding Checks"); ?></strong>
<output class="hidden" for="help_for_nodnsrebindcheck">
<?= sprintf(gettext("When this is unchecked, your system is protected against %sDNS Rebinding attacks%s. " .
"This blocks private IP responses from your configured DNS servers. Check this box to disable this protection if it interferes with " .
"web GUI access or name resolution in your environment."),'<a href="http://en.wikipedia.org/wiki/DNS_rebinding">','</a>') ?>
</output>
</td>
</tr>
<tr>
<td><a id="help_for_althostnames" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?= gettext("Alternate Hostnames") ?></td>
<td>
<input name="althostnames" type="text" value="<?= $pconfig['althostnames'] ?>"/>
<strong><?=gettext("Alternate Hostnames for DNS Rebinding and HTTP_REFERER Checks"); ?></strong>
<output class="hidden" for="help_for_althostnames">
<?= gettext("Here you can specify alternate hostnames by which the router may be queried, to " .
"bypass the DNS Rebinding Attack checks. Separate hostnames with spaces.") ?>
</output>
</td>
</tr>
<tr>
<td><a id="help_for_compression" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("HTTP Compression")?></td>
<td style="width:78%">
<select name="compression" class="formselect selectpicker">
<option value="" <?=empty($pconfig['compression'])? 'selected="selected"' : '';?>>
<?=gettext("Off");?>
</option>
<option value="1" <?=$pconfig['compression'] == "1" ? 'selected="selected"' : '';?>>
<?=gettext("Low");?>
</option>
<option value="5" <?=$pconfig['compression'] == "5" ? 'selected="selected"' : '';?>>
<?=gettext("Medium");?>
</option>
<option value="9" <?=$pconfig['compression'] == "9" ? 'selected="selected"' : '';?>>
<?=gettext("High");?>
</option>
</select>
<output class="hidden" for="help_for_compression">
<?=gettext("Enable compression of HTTP pages and dynamic content.");?><br/>
<?=gettext("Transfer less data to the client for an additional cost in processing power.");?>
</output>
</td>
</tr>
<tr>
<td><a id="help_for_webguiinterfaces" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('Listen Interfaces') ?></td>
<td>
<select name="webguiinterfaces[]" multiple="multiple" class="selectpicker" title="<?= html_safe(gettext('All (recommended)')) ?>">
<?php
foreach ($interfaces as $iface => $ifacename): ?>
<option value="<?= html_safe($iface) ?>" <?= !empty($pconfig['webguiinterfaces']) && in_array($iface, $pconfig['webguiinterfaces']) ? 'selected="selected"' : '' ?>><?= html_safe($ifacename) ?></option>
<?php
endforeach;?>
</select>
<output class="hidden" for="help_for_webguiinterfaces">
<?= gettext('Only accept connections from the selected interfaces. Leave empty to listen globally. Use with care.') ?>
</output>
</td>
</tr>
<tr>
<td><a id="help_for_nohttpreferercheck" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("HTTP_REFERER enforcement"); ?></td>
<td>
<input name="nohttpreferercheck" type="checkbox" value="yes" <?= empty($pconfig['nohttpreferercheck']) ? '' : 'checked="checked"' ?> />
<strong><?=gettext("Disable HTTP_REFERER enforcement check"); ?></strong>
<output class="hidden" for="help_for_nohttpreferercheck">
<?=sprintf(gettext("When this is unchecked, access to the web GUI " .
"is protected against HTTP_REFERER redirection attempts. " .
"Check this box to disable this protection if you find that it interferes with " .
"web GUI access in certain corner cases such as using external scripts to interact with this system. More information on HTTP_REFERER is available from %sWikipedia%s."),
'<a target="_blank" href="http://en.wikipedia.org/wiki/HTTP_referrer">','</a>') ?>
</output>
</td>
</tr>
<tr>
<th colspan="2"><?=gettext("Secure Shell"); ?></th>
</tr>
<tr>
<td><i class="fa fa-info-circle text-muted"></i> <?=gettext("Secure Shell Server"); ?></td>
<td>
<input name="enablesshd" type="checkbox" value="yes" <?= empty($pconfig['enablesshd']) ? '' : 'checked="checked"' ?> />
<strong><?=gettext("Enable Secure Shell"); ?></strong>
</td>
</tr>
<tr>
<td><a id="help_for_sshdpermitrootlogin" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?= gettext("Root Login") ?></td>
<td>
<input name="sshdpermitrootlogin" type="checkbox" value="yes" <?= empty($pconfig['sshdpermitrootlogin']) ? '' : 'checked="checked"' ?> />
<strong><?=gettext("Permit root user login"); ?></strong>
<output class="hidden" for="help_for_sshdpermitrootlogin">
<?= gettext(
'Root login is generally discouraged. It is advised ' .
'to log in via another user and switch to root afterwards.'
) ?>
</output>
</td>
</tr>
<tr>
<td><a id="help_for_passwordauth" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?= gettext("Authentication Method") ?></td>
<td>
<input name="passwordauth" type="checkbox" value="yes" <?= empty($pconfig['passwordauth']) ? '' : 'checked="checked"' ?> />
<strong><?=gettext("Permit password login"); ?></strong>
<output class="hidden" for="help_for_passwordauth">
<?=sprintf(gettext("When disabled, authorized keys need to be configured for each %sUser%s that has been granted secure shell access."),
'<a href="system_usermanager.php">', '</a>') ?>
</output>
</td>
</tr>
<tr>
<td><a id="help_for_sshport" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("SSH port"); ?></td>
<td style="width:78%">
<input name="sshport" type="text" value="<?=$pconfig['sshport'];?>" placeholder="22" />
<output class="hidden" for="help_for_sshport">
<?=gettext("Leave this blank for the default of 22."); ?>
</output>
</td>
</tr>
<tr>
<td><a id="help_for_sshinterfaces" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('Listen Interfaces') ?></td>
<td>
<select name="sshinterfaces[]" multiple="multiple" class="selectpicker" title="<?= html_safe(gettext('All (recommended)')) ?>">
<?php
foreach ($interfaces as $iface => $ifacename): ?>
<option value="<?= html_safe($iface) ?>" <?= !empty($pconfig['sshinterfaces']) && in_array($iface, $pconfig['sshinterfaces']) ? 'selected="selected"' : '' ?>><?= html_safe($ifacename) ?></option>
<?php
endforeach;?>
</select>
<output class="hidden" for="help_for_sshinterfaces">
<?= gettext('Only accept connections from the selected interfaces. Leave empty to listen globally. Use with care.') ?>
</output>
</td>
</tr>
<tr>
<th colspan="2"><?=gettext("Console Options"); ?></th>
</tr>
<tr>
<td><i class="fa fa-info-circle text-muted"></i></a> <?= gettext('Console driver') ?></td>
<td style="width:78%">
<input name="usevirtualterminal" type="checkbox" value="yes" <?= empty($pconfig['usevirtualterminal']) ? '' : 'checked="checked"' ?> />
<strong><?= gettext('Use the virtual terminal driver (vt)') ?></strong>
</td>
</tr>
<tr>
<td><a id="help_for_primaryconsole" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Primary Console")?></td>
<td style="width:78%">
<select name="primaryconsole" id="primaryconsole" class="formselect selectpicker">
<?php foreach (system_console_types() as $console_key => $console_type): ?>
<option value="<?= html_safe($console_key) ?>" <?= $pconfig['primaryconsole'] == $console_key ? 'selected="selected"' : '' ?>><?= $console_type['name'] ?></option>
<? endforeach ?>
</select>
<output class="hidden" for="help_for_primaryconsole">
<?=gettext("Select the primary console. This preferred console will show boot script output.") ?>
<?=gettext("All consoles display OS boot messages, console messages, and the console menu."); ?>
</output>
</td>
</tr>
<tr>
<td><a id="help_for_secondaryconsole" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Secondary Console")?></td>
<td style="width:78%">
<select name="secondaryconsole" id="secondaryconsole" class="formselect selectpicker">
<option value="" <?= empty($pconfig['secondaryconsole']) ? 'selected="selected"' : '' ?>><?= gettext('None') ?></option>
<?php foreach (system_console_types() as $console_key => $console_type): ?>
<option value="<?= html_safe($console_key) ?>" <?= $pconfig['secondaryconsole'] == $console_key ? 'selected="selected"' : '' ?>><?= $console_type['name'] ?></option>
<? endforeach ?>
</select>
<output class="hidden" for="help_for_secondaryconsole">
<?=gettext("Select the secondary console if multiple consoles are present."); ?>
<?=gettext("All consoles display OS boot messages, console messages, and the console menu."); ?>
</output>
</td>
</tr>
<tr>
<td><a id="help_for_serialspeed" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext("Serial Speed")?></td>
<td>
<select name="serialspeed" id="serialspeed" class="formselect selectpicker">
<option value="115200" <?=$pconfig['serialspeed'] == "115200" ? 'selected="selected"' : '' ?>>115200</option>
<option value="57600" <?=$pconfig['serialspeed'] == "57600" ? 'selected="selected"' : '' ?>>57600</option>
<option value="38400" <?=$pconfig['serialspeed'] == "38400" ? 'selected="selected"' : '' ?>>38400</option>
<option value="19200" <?=$pconfig['serialspeed'] == "19200" ? 'selected="selected"' : '' ?>>19200</option>
<option value="14400" <?=$pconfig['serialspeed'] == "14400" ? 'selected="selected"' : '' ?>>14400</option>
<option value="9600" <?=$pconfig['serialspeed'] == "9600" ? 'selected="selected"' : '' ?>>9600</option>
</select>
<output class="hidden" for="help_for_serialspeed">
<?=gettext("Allows selection of different speeds for the serial console port."); ?>
</output>
</td>
</tr>
<tr>
<td><i class="fa fa-info-circle text-muted"></i></a> <?= gettext("Console menu") ?></td>
<td style="width:78%">
<input name="disableconsolemenu" type="checkbox" value="yes" <?= empty($pconfig['disableconsolemenu']) ? '' : 'checked="checked"' ?> />
<strong><?=gettext("Password protect the console menu"); ?></strong>
</td>
</tr>
<tr>
<td><a id="help_for_disableintegratedauth" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?= gettext("Integrated authentication") ?></td>
<td style="width:78%">
<input name="disableintegratedauth" type="checkbox" value="yes" <?= empty($pconfig['disableintegratedauth']) ? '' : 'checked="checked"' ?> />
<strong><?=gettext("Disable integrated authentication"); ?></strong>
<output class="hidden" for="help_for_disableintegratedauth">
<?=gettext("Disable OPNsense integrated authentication module for console access, falling back to normal unix authentication.");?>
</output>
</td>
</tr>
<tr>
<td><i class="fa fa-info-circle text-muted"></i> <?= gettext("Sudo usage") ?></td>
<td style="width:78%">
<select name="sudo_allow_wheel" id="sudo_allow_wheel" class="formselect selectpicker">
<option value="" <?= empty($pconfig['sudo_allow_wheel']) ? 'selected="selected"' : '' ?>><?= gettext('Disallow') ?></option>
<option value="1" <?= $pconfig['sudo_allow_wheel'] == 1 ? 'selected="selected"' : '' ?>><?= gettext('Ask password') ?></option>
<option value="2" <?= $pconfig['sudo_allow_wheel'] == 2 ? 'selected="selected"' : '' ?>><?= gettext('No password') ?></option>
</select>
</td>
</tr>
<tr>
<td style="width:22%; vertical-align:top">&nbsp;</td>
<td style="width:78%"><input name="Submit" type="submit" class="btn btn-primary" value="<?= gettext("Save") ?>" /></td>
</tr>
</table>
</form>
</div>
</section>
</div>
</div>
</section>
<?php include("foot.inc"); ?>
Reference in New Issue View Git Blame Copy Permalink