- [DEV-172] added support of Apache authentication (Artem)

git-svn-id: svn://svn.zabbix.com/trunk@5724 97f52cf1-0a1b-0410-bd0e-c28be96e8082
author: artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> 2008-05-23 10:30:10 +0000
committer: artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> 2008-05-23 10:30:10 +0000
commit: 1528814bf6b442cc01211b9f0b3f2adaadf970f4 (patch)
tree: 8fc3c0a9e980925d6d96313f3737cd3576b90c16 /frontends/php
parent: b0a86ef20a92d1243c7e32510a81b70705980fa4 (diff)
download: zabbix-1528814bf6b442cc01211b9f0b3f2adaadf970f4.tar.gz
zabbix-1528814bf6b442cc01211b9f0b3f2adaadf970f4.tar.xz
zabbix-1528814bf6b442cc01211b9f0b3f2adaadf970f4.zip
7 files changed, 114 insertions, 40 deletions
diff --git a/frontends/php/authentication.php b/frontends/php/authentication.php
index a19a39d0..a9d97402 100644
--- a/frontends/php/authentication.php
+++ b/frontends/php/authentication.php
@@ -32,7 +32,7 @@ include_once('include/page_header.php');
 	$fields=array(
 //		VAR			TYPE	OPTIONAL FLAGS	VALIDATION	EXCEPTION
 
-		'config'=>		array(T_ZBX_INT, O_OPT,	NULL,	IN('0'),	NULL),
+		'config'=>		array(T_ZBX_INT, O_OPT,	NULL,	IN('1,2'),	NULL),
 
 // LDAP form
 		'ldap_host'=>			array(T_ZBX_STR, O_OPT,	NULL,	NOT_EMPTY,			'isset({config})&&({config}==0)&&(isset({save})||isset({test}))'),
@@ -45,7 +45,7 @@ include_once('include/page_header.php');
 		
 		'ldap_search_attribute'=>		array(T_ZBX_STR, O_OPT,	NULL,	NOT_EMPTY,			'isset({config})&&({config}==0)&&(isset({save})||isset({test}))'),
 		
-		'authentication_type'=>	array(T_ZBX_INT, O_OPT,	NULL,	IN('0,1'),			NULL),
+		'authentication_type'=>	array(T_ZBX_INT, O_OPT,	NULL,	IN('0,1,2'),			NULL),
 		
 		'user_password'=>		array(T_ZBX_STR, O_OPT,	NULL,	NOT_EMPTY,		'isset({config})&&({config}==0)&&(isset({authentication_type})||isset({test}))'),
 
@@ -60,7 +60,7 @@ include_once('include/page_header.php');
 ?>
 
 <?php
-	$_REQUEST['config'] = get_request('config',get_profile('web.authentication.config',0));
+	$_REQUEST['config'] = get_request('config',get_profile('web.authentication.config',ZBX_AUTH_LDAP));
 	check_fields($fields);
 	
 	update_profile('web.authentication.config',$_REQUEST['config']);
@@ -68,7 +68,7 @@ include_once('include/page_header.php');
 	$_REQUEST['authentication_type'] = get_request('authentication_type',ZBX_AUTH_INTERNAL);
 	
 	$result = 0;
-	if($_REQUEST['config']==0){
+	if($_REQUEST['config']==ZBX_AUTH_LDAP){
 		if(isset($_REQUEST['save'])){
 	
 			$config=select_config();
@@ -117,6 +117,36 @@ include_once('include/page_header.php');
 			show_messages($result, S_LDAP.SPACE.S_LOGIN.SPACE.S_SUCCESSFUL_SMALL, S_LDAP.SPACE.S_LOGIN.SPACE.S_WAS_NOT.SPACE.S_SUCCESSFUL_SMALL);
 		}
 	}
+	if(ZBX_AUTH_HTTP==$_REQUEST['config']){
+		if(isset($_REQUEST['save'])){
+		
+			$config=select_config();
+
+			$cur_auth_type = $config['authentication_type'] ;
+			$config['authentication_type'] = ZBX_AUTH_HTTP;
+			
+			foreach($config as $id => $value){
+				if(isset($_REQUEST[$id])){
+					$config[$id] = $_REQUEST[$id];
+				}
+				else{
+					unset($config[$id]);
+				}
+			}
+
+// If we do save and auth_type changed or is set to LDAP, reset all sessions 
+			if(($cur_auth_type<>$config['authentication_type']) || (ZBX_AUTH_HTTP == $config['authentication_type'])){
+				DBexecute('DELETE FROM sessions WHERE sessionid<>'.zbx_dbstr($USER_DETAILS['sessionid']));
+			}
+			$result=update_config($config);
+	
+			show_messages($result, S_HTTP_AUTH.SPACE.S_UPDATED, S_HTTP_AUTH.SPACE.S_WAS_NOT.SPACE.S_UPDATED);
+	
+			if($result){
+				add_audit(AUDIT_ACTION_UPDATE,AUDIT_RESOURCE_ZABBIX_CONFIG,S_HTTP_AUTH);
+			}
+		}
+	}
 	show_messages();
 ?>
 <?php
@@ -124,7 +154,8 @@ include_once('include/page_header.php');
 	$form = new CForm('authentication.php');
 	$form->SetMethod('get');
 	$cmbConfig = new CCombobox('config',$_REQUEST['config'],'submit()');
-	$cmbConfig->AddItem(0,S_LDAP);
+	$cmbConfig->AddItem(ZBX_AUTH_LDAP,S_LDAP);
+	$cmbConfig->AddItem(ZBX_AUTH_HTTP,S_HTTP);
 
 	$form->AddItem($cmbConfig);
 
@@ -133,7 +164,7 @@ include_once('include/page_header.php');
 ?>
 
 <?php
-	if($_REQUEST['config']==0){
+	if(ZBX_AUTH_LDAP==$_REQUEST['config']){
 		$config=select_config();
 
 		if(isset($_REQUEST['form_refresh'])){
@@ -152,7 +183,7 @@ include_once('include/page_header.php');
 		
 		$frmAuth = new CFormTable(S_LDAP,'authentication.php');
 		$frmAuth->SetHelp('web.authentication.php');
-		$frmAuth->AddVar('config',get_request('config',0));
+		$frmAuth->AddVar('config',get_request('config',ZBX_AUTH_LDAP));
 		$frmAuth->AddVar('form_refresh',$form_refresh);
 
 		$frmAuth->AddRow(S_LDAP.SPACE.S_HOST, new CTextBox('ldap_host',$config['ldap_host'],64));
@@ -177,6 +208,34 @@ include_once('include/page_header.php');
 		$frmAuth->AddItemToBottomRow(new CButton('test',S_TEST));
 		$frmAuth->Show();
 	}
+	else if(ZBX_AUTH_HTTP==$_REQUEST['config']){
+		$config=select_config();
+
+		if(isset($_REQUEST['form_refresh'])){
+			foreach($config as $id => $value){
+				if(isset($_REQUEST[$id])){
+					$config[$id] = $_REQUEST[$id];
+				}
+				else{
+					unset($config[$id]);
+				}
+			}
+		}
+
+		$form_refresh = get_request('form_refresh',0);
+		$form_refresh++;
+		
+		$frmAuth = new CFormTable(S_HTTP_AUTH,'authentication.php');
+		$frmAuth->SetHelp('web.authentication.php');
+		$frmAuth->AddVar('config',get_request('config',ZBX_AUTH_HTTP));
+		$frmAuth->AddVar('form_refresh',$form_refresh);
+
+		$action = "javascript: if(confirm('Switching HTTP authentication will delete all current sessions! Continue?')) return true; else return false;";
+		$frmAuth->AddRow(S_HTTP_AUTH.SPACE.S_ENABLED, new CCheckBox('authentication_type', (ZBX_AUTH_HTTP == $config['authentication_type']), $action, ZBX_AUTH_HTTP));
+
+		$frmAuth->AddItemToBottomRow(new CButton('save',S_SAVE));
+		$frmAuth->Show();
+	}
 
 include_once 'include/page_footer.php';
 ?>
 \ No newline at end of file
diff --git a/frontends/php/chart.php b/frontends/php/chart.php
index 8d4e92bb..7beeb1f1 100644
--- a/frontends/php/chart.php
+++ b/frontends/php/chart.php
@@ -50,9 +50,9 @@ include_once "include/page_header.php";
 //		show_message(S_NO_ITEM_DEFINED);
 	}
 
-	if(! ($db_data = DBfetch(DBselect("select i.itemid from items i ".
-		" where i.hostid in (".get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY).") ".
-		" and i.itemid=".$_REQUEST["itemid"]))))
+	if(! ($db_data = DBfetch(DBselect('SELECT i.itemid from items i '.
+		' WHERE i.hostid IN ('.get_accessible_hosts_by_user($USER_DETAILS,PERM_READ_ONLY).') '.
+			' AND i.itemid='.$_REQUEST['itemid']))))
 	{
 		access_deny();
 	}
diff --git a/frontends/php/include/classes/cldap.inc.php b/frontends/php/include/classes/cldap.inc.php
index f9aa112f..81179a39 100644
--- a/frontends/php/include/classes/cldap.inc.php
+++ b/frontends/php/include/classes/cldap.inc.php
@@ -49,7 +49,7 @@ class CLdap{
 				'referrals'=> 		0,
 				'version'=> 		3,
 				
-				'starttls'=>		false,
+				'starttls'=>		null,
 				'deref'=>			null,
 			);
 
@@ -82,7 +82,7 @@ class CLdap{
 			}
 			else{
 //use TLS (needs version 3)
-				if(!empty($this->cnf['starttls'])){
+				if(isset($this->cnf['starttls'])){
 					if(!ldap_start_tls($this->ds)){
 						error('Starting TLS failed');
 					}
diff --git a/frontends/php/include/defines.inc.php b/frontends/php/include/defines.inc.php
index ef5d33ab..07610a02 100644
--- a/frontends/php/include/defines.inc.php
+++ b/frontends/php/include/defines.inc.php
@@ -23,6 +23,7 @@
 	
 	define('ZBX_AUTH_INTERNAL',	0);
 	define('ZBX_AUTH_LDAP',		1);
+	define('ZBX_AUTH_HTTP',		2);
 	
 	define('PAGE_TYPE_HTML',		0);
 	define('PAGE_TYPE_IMAGE',		1);
diff --git a/frontends/php/include/forms.inc.php b/frontends/php/include/forms.inc.php
index 81afe4a9..600e8fbd 100644
--- a/frontends/php/include/forms.inc.php
+++ b/frontends/php/include/forms.inc.php
@@ -23,17 +23,13 @@
 
 	require_once 	"include/users.inc.php";
 
-	function	insert_slideshow_form()
-	{
-		global $_REQUEST;
-
+	function insert_slideshow_form(){
 		$form = new CFormTable(S_SLIDESHOW, null, 'post');
 		$form->SetHelp('config_advanced.php');
 		
 		$form->AddVar('config', 1);
 			
-		if(isset($_REQUEST['slideshowid']))
-		{
+		if(isset($_REQUEST['slideshowid'])){
 			$form->AddVar('slideshowid', $_REQUEST['slideshowid']);
 		}
 
@@ -43,16 +39,15 @@
 
 		$new_step	= get_request('new_step', null);
 		
-		if((isset($_REQUEST['slideshowid']) && !isset($_REQUEST['form_refresh'])))
-		{
+		if((isset($_REQUEST['slideshowid']) && !isset($_REQUEST['form_refresh']))){
 			$slideshow_data = DBfetch(DBselect('SELECT * FROM slideshows WHERE slideshowid='.$_REQUEST['slideshowid']));
 		
 			$name		= $slideshow_data['name'];
 			$delay		= $slideshow_data['delay'];
 			$steps		= array();
 			$db_steps = DBselect('SELECT * FROM slides WHERE slideshowid='.$_REQUEST['slideshowid'].' order by step');
-			while($step_data = DBfetch($db_steps))
-			{
+			
+			while($step_data = DBfetch($db_steps)){
 				$steps[$step_data['step']] = array(
 						'screenid' => $step_data['screenid'],
 						'delay' => $step_data['delay']
@@ -66,14 +61,13 @@
 		
 		$tblSteps = new CTableInfo(S_NO_SLIDES_DEFINED);
 		$tblSteps->SetHeader(array(S_SCREEN, S_DELAY, SPACE));
-		if(count($steps) > 0)
-		{
+		if(count($steps) > 0){
 			ksort($steps);
 			$first = min(array_keys($steps));
 			$last = max(array_keys($steps));
 		}
-		foreach($steps as $sid => $s)
-		{
+		
+		foreach($steps as $sid => $s){
 			if( !isset($s['screenid']) ) $s['screenid'] = 0;
 
 			if(isset($s['delay']) && $s['delay'] > 0 )
@@ -82,15 +76,13 @@
 				$s['delay'] = $delay;
 			
 			$up = null;
-			if($sid != $first)
-			{
+			if($sid != $first){
 				$up = new CLink(S_UP,'#','action');
 				$up->OnClick("return create_var('".$form->GetName()."','move_up',".$sid.", true);");
 			}
 			
 			$down = null;
-			if($sid != $last)
-			{
+			if($sid != $last){
 				$down = new CLink(S_DOWN,'#','action');
 				$down->OnClick("return create_var('".$form->GetName()."','move_down',".$sid.", true);");
 			}
diff --git a/frontends/php/include/locales/en_gb.inc.php b/frontends/php/include/locales/en_gb.inc.php
index 98cfb807..2e41c62e 100644
--- a/frontends/php/include/locales/en_gb.inc.php
+++ b/frontends/php/include/locales/en_gb.inc.php
@@ -509,6 +509,7 @@
 	'S_WAS_NOT'=>						'was not',
 	'S_SUCCESSFUL_SMALL'=>				'successful',
 	'S_MUST_BE_VALID_SMALL'=>			'must be valid',
+	'S_HTTP_AUTH'=>						'HTTP Authentication',
 	
 
 //	Latest values
diff --git a/frontends/php/index.php b/frontends/php/index.php
index 0a02173c..14de05bc 100644
--- a/frontends/php/index.php
+++ b/frontends/php/index.php
@@ -44,7 +44,7 @@
 	$sessionid = get_cookie('zbx_sessionid', null);
 	
 	if(isset($_REQUEST["reconnect"]) && isset($sessionid)){
-		add_audit(AUDIT_ACTION_LOGOUT,AUDIT_RESOURCE_USER,"Manual Logout");
+		add_audit(AUDIT_ACTION_LOGOUT,AUDIT_RESOURCE_USER,'Manual Logout');
 		
 		zbx_unsetcookie('zbx_sessionid');
 		DBexecute("delete from sessions where sessionid=".zbx_dbstr($sessionid));
@@ -55,10 +55,21 @@
 //		return;
 	}
 
-	if(isset($_REQUEST["enter"])&&($_REQUEST["enter"]=="Enter")){
-	
-		$config = select_config();
+	$config = select_config();
+	if($config['authentication_type'] == ZBX_AUTH_HTTP){
 		
+		if(isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER'])){
+			$_REQUEST['enter'] = 'Enter';
+			$_REQUEST['name'] = $_SERVER["PHP_AUTH_USER"];
+//			$_REQUEST['password'] = $_SERVER["PHP_AUTH_PW"];
+		}
+		else{
+			access_deny();
+		}
+	}
+	
+	if(isset($_REQUEST['enter'])&&($_REQUEST['enter']=='Enter')){
+	
 		$name = get_request('name','');
 		$password = md5(get_request('password',''));
 		
@@ -76,6 +87,9 @@
 				case ZBX_AUTH_LDAP:
 					$login = ldap_authentication($name,get_request('password',''));
 					break;
+				case ZBX_AUTH_HTTP:
+					$login = true;
+					break;
 				case ZBX_AUTH_INTERNAL:
 				default:
 					$alt_auth = ZBX_AUTH_INTERNAL;
@@ -91,11 +105,11 @@
 							' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID)));
 		}
 		
-// update internal pass if it's different
+/* update internal pass if it's different
 		if($login && ($row['passwd']!=$password) && (ZBX_AUTH_INTERNAL!=$config['authentication_type'])){
 			DBexecute('UPDATE users SET passwd='.zbx_dbstr($password).' WHERE userid='.zbx_dbstr($row['userid']));
 		}
-		
+*/		
 		if($login){
 			$login = (check_perm2login($row['userid']) && check_perm2system($row['userid']));
 		}
@@ -138,16 +152,23 @@
 	}
 
 include_once "include/page_header.php";
-	
+
 	if(isset($_REQUEST['message'])) show_error_message($_REQUEST['message']);
 
 	if(!isset($sessionid)){
-		insert_login_form();
+		switch($config['authentication_type']){
+			case ZBX_AUTH_HTTP:
+				break;
+			case ZBX_AUTH_LDAP:
+			case ZBX_AUTH_INTERNAL:
+			default:
+			insert_login_form();
+		}
+
 	}
 	else{
-		$logoff = new CLink('here', '?reconnect=1', 'styled');
 		echo '<div align="center" class="textcolorstyles">Welcome to ZABBIX! You are connected as <b>'.$USER_DETAILS['alias'].'</b>.</div>';
-	}	
+	}
 ?>
 <?php
author	artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082>	2008-05-23 10:30:10 +0000
committer	artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082>	2008-05-23 10:30:10 +0000
commit	1528814bf6b442cc01211b9f0b3f2adaadf970f4 (patch)
tree	8fc3c0a9e980925d6d96313f3737cd3576b90c16 /frontends/php
parent	b0a86ef20a92d1243c7e32510a81b70705980fa4 (diff)
download	zabbix-1528814bf6b442cc01211b9f0b3f2adaadf970f4.tar.gz zabbix-1528814bf6b442cc01211b9f0b3f2adaadf970f4.tar.xz zabbix-1528814bf6b442cc01211b9f0b3f2adaadf970f4.zip