/*
** Zabbix
** Copyright (C) 2001-2018 Zabbix SIA
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
**/
require_once dirname(__FILE__).'/include/config.inc.php';
$page['title'] = _('Configuration of authentication');
$page['file'] = 'authentication.php';
require_once dirname(__FILE__).'/include/page_header.php';
//VARTYPEOPTIONALFLAGSVALIDATIONEXCEPTION
$fields = [
'config' =>[T_ZBX_INT, O_OPT, null, IN(ZBX_AUTH_INTERNAL.','.ZBX_AUTH_LDAP.','.ZBX_AUTH_HTTP), null],
'form_refresh' =>[T_ZBX_INT, O_OPT, null,null, null],
// actions
'update' =>[T_ZBX_STR, O_OPT, P_SYS|P_ACT,null, null],
'test' =>[T_ZBX_STR, O_OPT, P_SYS|P_ACT,null, null],
// LDAP
'ldap_host' =>[T_ZBX_STR, O_OPT, null,NOT_EMPTY,
'isset({config}) && {config} == '.ZBX_AUTH_LDAP.' && (isset({update}) || isset({test}))',_('LDAP host')],
'ldap_port' =>[T_ZBX_INT, O_OPT, null,BETWEEN(0, 65535),
'isset({config}) && {config} == '.ZBX_AUTH_LDAP.' && (isset({update}) || isset({test}))',_('Port')],
'ldap_base_dn' =>[T_ZBX_STR, O_OPT, null,NOT_EMPTY,
'isset({config}) && {config} == '.ZBX_AUTH_LDAP.' && (isset({update}) || isset({test}))',_('Base DN')],
'ldap_bind_dn' =>[T_ZBX_STR, O_OPT, null,null,
'isset({config}) && {config} == '.ZBX_AUTH_LDAP.' && (isset({update}) || isset({test}))'],
'ldap_bind_password' => [T_ZBX_STR, O_OPT, null,null, null,_('Bind password')],
'ldap_search_attribute' => [T_ZBX_STR, O_OPT, null,NOT_EMPTY,
'isset({config}) && {config} == '.ZBX_AUTH_LDAP.' && (isset({update}) || isset({test}))',_('Search attribute')],
'user' =>[T_ZBX_STR, O_OPT, null,NOT_EMPTY,
'isset({config}) && {config} == '.ZBX_AUTH_LDAP.' && (isset({update}) || isset({test}))'],
'user_password' =>[T_ZBX_STR, O_OPT, null,NOT_EMPTY,
'isset({config}) && {config} == '.ZBX_AUTH_LDAP.' && (isset({update}) || isset({test}))',_('User password')],
'change_bind_password' => [T_ZBX_STR, O_OPT, null, null,null]
];
check_fields($fields);
$config = select_config();
if (hasRequest('config')) {
$isAuthenticationTypeChanged = ($config['authentication_type'] != getRequest('config'));
$config['authentication_type'] = getRequest('config');
}
else {
$isAuthenticationTypeChanged = false;
}
$fields = [
'authentication_type' => true,
'ldap_host' => true,
'ldap_port' => true,
'ldap_base_dn' => true,
'ldap_search_attribute' => true,
'ldap_bind_dn' => true,
'ldap_bind_password' => true
];
$ldap_extension_enabled = false;
foreach ($config as $field => $value) {
if (array_key_exists($field, $fields)) {
$config[$field] = getRequest($field, $config[$field]);
}
else {
unset($config[$field]);
}
}
/*
* Actions
*/
if ($config['authentication_type'] == ZBX_AUTH_INTERNAL) {
if (hasRequest('update')) {
$messageSuccess = _('Authentication method changed to Zabbix internal');
$messageFailed = _('Cannot change authentication method to Zabbix internal');
DBstart();
$result = update_config($config);
if ($result) {
// reset all sessions
if ($isAuthenticationTypeChanged) {
$result &= DBexecute(
'UPDATE sessions SET status='.ZBX_SESSION_PASSIVE.
' WHERE sessionid<>'.zbx_dbstr(CWebUser::$data['sessionid'])
);
}
$isAuthenticationTypeChanged = false;
add_audit(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_ZABBIX_CONFIG, $messageSuccess);
}
$result = DBend($result);
show_messages($result, $messageSuccess, $messageFailed);
}
}
elseif ($config['authentication_type'] == ZBX_AUTH_LDAP) {
$ldap_status = (new CFrontendSetup())->checkPhpLdapModule();
$ldap_extension_enabled = ($ldap_status['result'] == CFrontendSetup::CHECK_OK);
$login = false;
if ($ldap_extension_enabled && (hasRequest('update') || hasRequest('test'))) {
$ldap_validator = new CLdapAuthValidator([
'conf' => [
'host' => $config['ldap_host'],
'port' => $config['ldap_port'],
'base_dn' => $config['ldap_base_dn'],
'bind_dn' => $config['ldap_bind_dn'],
'bind_password' => $config['ldap_bind_password'],
'search_attribute' => $config['ldap_search_attribute']
]
]);
$login = $ldap_validator->validate([
'user' => getRequest('user', CWebUser::$data['alias']),
'password' => getRequest('user_password', '')
]);
if (!$login) {
show_error_message(_('Login name or password is incorrect!'));
}
if (hasRequest('update')) {
if (!$login) {
show_error_message(_('Cannot change authentication method to LDAP'));
}
else {
$messageSuccess = $isAuthenticationTypeChanged
? _('Authentication method changed to LDAP')
: _('LDAP authentication changed');
$messageFailed = $isAuthenticationTypeChanged
? _('Cannot change authentication method to LDAP')
: _('Cannot change authentication');
DBstart();
$result = update_config($config);
if ($result) {
unset($_REQUEST['change_bind_password']);
// reset all sessions
if ($isAuthenticationTypeChanged) {
$result &= DBexecute(
'UPDATE sessions SET status='.ZBX_SESSION_PASSIVE.
' WHERE sessionid<>'.zbx_dbstr(CWebUser::$data['sessionid'])
);
}
$isAuthenticationTypeChanged = false;
add_audit(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_ZABBIX_CONFIG, $messageSuccess);
}
$result = DBend($result);
show_messages($result, $messageSuccess, $messageFailed);
}
}
elseif (hasRequest('test')) {
show_messages($login, _('LDAP login successful'), _('LDAP login was not successful'));
}
}
elseif (!$ldap_extension_enabled) {
show_error_message($ldap_status['error']);
}
}
elseif ($config['authentication_type'] == ZBX_AUTH_HTTP) {
if (hasRequest('update')) {
// get groups that use this authentication method
$result = DBfetch(DBselect(
'SELECT COUNT(g.usrgrpid) AS cnt_usrgrp FROM usrgrp g WHERE g.gui_access='.GROUP_GUI_ACCESS_INTERNAL
));
if ($result['cnt_usrgrp'] > 0) {
info(_n(
'There is "%1$d" group with Internal GUI access.',
'There are "%1$d" groups with Internal GUI access.',
$result['cnt_usrgrp']
));
}
$messageSuccess = _('Authentication method changed to HTTP');
$messageFailed = _('Cannot change authentication method to HTTP');
DBstart();
$result = update_config($config);
if ($result) {
// reset all sessions
if ($isAuthenticationTypeChanged) {
$result &= DBexecute(
'UPDATE sessions SET status='.ZBX_SESSION_PASSIVE.
' WHERE sessionid<>'.zbx_dbstr(CWebUser::$data['sessionid'])
);
}
$isAuthenticationTypeChanged = false;
add_audit(AUDIT_ACTION_UPDATE, AUDIT_RESOURCE_ZABBIX_CONFIG, $messageSuccess);
}
$result = DBend($result);
show_messages($result, $messageSuccess, $messageFailed);
}
}
show_messages();
/*
* Display
*/
$data = [
'form_refresh' => getRequest('form_refresh'),
'config' => $config,
'is_authentication_type_changed' => $isAuthenticationTypeChanged,
'user' => getRequest('user', CWebUser::$data['alias']),
'user_password' => getRequest('user_password', ''),
'user_list' => null,
'change_bind_password' => getRequest('change_bind_password'),
'ldap_extension_enabled' => $ldap_extension_enabled
];
// get tab title
$data['title'] = authentication2str($config['authentication_type']);
// get user list
if (getUserGuiAccess(CWebUser::$data['userid']) == GROUP_GUI_ACCESS_INTERNAL) {
$data['user_list'] = DBfetchArray(DBselect(
'SELECT u.alias,u.userid FROM users u ORDER BY u.alias'
));
}
// render view
$view = new CView('administration.authentication.edit', $data);
$view->render();
$view->show();
require_once dirname(__FILE__).'/include/page_footer.php';
一键复制
编辑
Web IDE
原始数据
按行查看
历史